Merge pull request #578 from EvanLloyd/ejll/woa_make2 ...

Make improvements for host environment portability

Merge pull request #575 from soby-mathew/sm/new_tzc_driver ...

Refactor the TZC driver and add DMC-500 driver

Merge pull request #572 from jcastillo-arm/jc/tbb_nvcounter ...

TBB NVcounter support

Merge pull request #563 from sbranden/tf_issue_380 ...

Add support for %z in tf_print()

Merge pull request #581 from rockchip-linux/rockchip-atf-20160405 ...

Support for Rockchip's family SoCs

Support for Rockchip's family SoCs ...

This patch adds to support the RK3368 and RK3399 SoCs.

RK3368/RK3399 is one of the Rockchip family SoCs, which is an
multi-cores ARM SoCs.

This patch adds support to boot the Trusted Firmware on RK3368/RK3399
SoCs, and adds support to boot secondary CPUs, enter/exit core
power states for all CPUs in the slow/fast clusters.

This is the initial version for rockchip SoCs.(RK3368/RK3399 and next SoCs)
* Support arm gicv2 & gicv3.
* Boot up multi-cores CPU.
* Add generic CPU helper functions.
* Support suspend/resume.
* Add system_off & system_reset implementation.
* Add delay timer platform implementation.
* Support the new porting interface for the PSCI implementation.

Change-Id: I704bb3532d65e8c70dbd99b512c5e6e440ea6f43
Signed-off-by: Tony Xie <tony.xie@rock-chips.com>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Signed-off-by: Shengfei xu <xsf@rock-chips.com>

Merge pull request #580 from soby-mathew/sm/ret_type_plat_ns_ep ...

Modify return type of plat_get_ns_image_entrypoint()

Modify return type of plat_get_ns_image_entrypoint() ...

This patch modifies the return type of the platform API
`plat_get_ns_image_entrypoint()` from `unsigned long` to
`uintptr_t` in accordance with the coding guidelines.

Change-Id: Icb4510ca98b706aa4d535fe27e203394184fb4ca

Merge pull request #577 from antonio-nino-diaz-arm/an/remove-xlat-helpers ...

Remove xlat_helpers.c

Merge pull request #576 from mtk09422/bl31-security ...

mt8173: Protect BL31 memory from non-secure access

Make:Improve version string generation portability ...

To get round problems encountered when building in a DOS build
environment the generation of the .o file containing build identifier
strings is modified.
The problems encounterred were:
   1. DOS echo doesn't strip ' characters from the output text.
   2. git is not available from CMD.EXE so the BUILD_STRING value needs
      some other origin.

A BUILD_STRING value of "development build" is used for now.

MAKE_BUILD_STRINGS is used to customise build string generation in a DOS
environment. This variable is not defined in the UNIX build environment
make file helper, and so the existing build string generation behaviour
is retained in these build environments.

NOTE: This commit completes a cumulative series aimed at improving
      build portability across development environments.
      This enables the build to run on several new build environments,
      if the relevant tools are available.
      At this point the build is tested on Windows 7 Enterprise SP1,
      using CMD.EXE, Cygwin and Msys (MinGW),as well as a native
      Linux envionment".  The Windows platform builds used
      aarch64-none-elf-gcc.exe 4.9.1.  CMD.EXE and Msys used Gnu
      Make 3.81, cygwin used Gnu Make 4.1.

CAVEAT: The cert_create tool build is not tested on the Windows
        platforms (openssl-for-windows has a GPL license).

Change-Id: Iaa4fc89dbe2a9ebae87e2600c9eef10a6af30251

Make:Improve directory generation portability. ...

Because of command differences in some build environments the "inline"
method of generating the build directory structure is not portable.
(e.g. in DOS environments the mkdir shell command fails if a directory
already exists, whereas in UNIX environments it succeeds.)

To improve portability we generate the directories needed using make,
but use the "order-only prerequisites" feature of make to prevent writes
of files into the directories generating re-builds, as suggested in the
GNU make Manual (Version 4.1 September 2014).

Change-Id: Ic9af475831063c7fe6f8bccffef184d79e799419

Make:Allow for extension in tool names. ...

In some build environments executable programs have a specific file
extension.  The value of BIN_EXT is appended to the relevant tool file
names to allow for this.
The value of BIN_EXT is set, where appropriate, by the build environment
specific make helper (to .exe for Windows build environments).

.gitignore is updated to hide the new (.exe) files.

Change-Id: Icc32f64b750e425265075ad4e0dea18129640b86

Make:Use "simply expanded" make variables. ...

Replace some "recursively expanded" make variables with "simply
expanded" variables (i.e. replace = with :=). This has no functional
impact but is more consistent and theoretically more efficient.

Change-Id: Iaf33d7c8ad48464ae0d39923515d1e7f230c95c1

Build:Replace soft links with file copy. ...

Some build environments do not support symbolic links. This patch
removes the symlinks previously used to build fip_create and instead
copies the relevant header files.
The original motivation for using symlinks was to avoid Trusted Firmware
library headers conflicting with headers in the compiler standard
include path. Copying the header files instead has the same effect.

Like other build artefacts, the copied files are listed in .gitignore.

The distclean targets have also been updated to remove the copies.

Change-Id: Ie8b67bcb133f7f1d660ae93b857950aa15e42b1e

Make:Use environment variables for OS detection. ...

Add make helper files to select the appropriate settings for the build
environment. Selection is made in make_helpers/build_env.mk, which
selects other files to include using generic build environment settings.
The Trusted Firmware Makefile and supporting tool Makefiles are updated
to include build_env.mk instead of unix.mk.

NOTE: This change does not fully enable builds in other build
      environments. It facilitates this without compromising the
      existing build environments.

Change-Id: Ic4064ffe6ce158bbd16d7cc9f27dd4655a3580f6

Make:Diagnostic fail if no eval ...

To help diagnose make problems, we report an error if the make
program used does not provide the $(eval ) make functionality.
This will detect early versions of GNU make and other make programs.

Change-Id: I0ebb0f63694cf0b04eaeb7ea1e9e172fb9770ce0

Make:Make shell commands more portable ...

Macros are inserted to replace direct invocations of commands that are
problematic on some build environments. (e.g. Some environments expect
\ in paths instead of /.)
The changes take into account mismatched command mappings across
environments.
The new helper file unix.mk retains existing makefile behaviour on unix
like build environments by providing the following macro definitions:
  SHELL_COPY        cp -f
  SHELL_COPY_TREE   cp -rf
  SHELL_DELETE      rm -f
  SHELL_DELETE_ALL  rm -rf
  MAKE_PREREQ_DIR   mkdir -p  (As make target)
  SHELL_REMOVE_DIR  rm -rf

Change-Id: I1b5ca5e1208e78230b15284c4af00c1c006cffcb

Make:Add realclean to .PHONY list ...

Update the cert_create Makefile to list realclean as .PHONY
(like clean)

Change-Id: I9dc8a61a11574a044372e0952b5b12b74e133747

Make:Remove calls to shell from makefiles. ...

As an initial stage of making Trusted Firmware build environment more
portable, we remove most uses of the $(shell ) function and replace them
with more portable make function based solutions.

Note that the setting of BUILD_STRING still uses $(shell ) since it's
not possible to reimplement this as a make function. Avoiding invocation
of this on incompatible host platforms will be implemented separately.

Change-Id: I768e2f9a265c78814a4adf2edee4cc46cda0f5b8

mt8173: Protect BL31 memory from non-secure access ...

BL31 usually handles confidential stuff, its memory must not be
read/write accessible from non-secure world. This patch protects
the BL31 memory range from non-secure read/write access.

Change-Id: I442fb92b667bb2f9a62d471a90508b1ba4489911
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>

Add support to program a DMC-500 TZC on ARM platforms ...

This patch adds support to program TrustZone protection on ARM platforms that
implement a DMC-500. arm_dmc_500.c has been added which implements the
arm_dmc_tzc_setup() function. This function relies on constants related to TZC
programming that are exported by each platform to program TrustZone protection
using the DMC-500 TrustZone controller driver. This function should be called
from plat_arm_security_setup() which is implemented by each platform.

Change-Id: I5400bdee9e4b29155fd11296a40693d512312f29

Add ARM CoreLink DMC-500 driver to program TrustZone protection ...

The ARM CoreLink DMC-500 Dynamic Memory Controller provides the
programmable address region control of a TrustZone Address Space
Controller. The access permissions can be defined for eight
separate address regions plus a background or default region.
This patch adds a DMC-500 driver to define address regions and
program their access permissions as per ARM 100131_0000_02_en
(r0p0) document.

Change-Id: I9d33120f9480d742bcf7937e4b876f9d40c727e6

Migrate ARM standard platforms to the refactored TZC driver ...

This patch migrates ARM Standard platforms to the refactored TZC driver.

Change-Id: I2a2f60b645f73e14d8f416740c4551cec87cb1fb

Refactor the ARM CoreLink TZC-400 driver ...

TrustZone protection can be programmed by both memory and TrustZone
address space controllers like DMC-500 and TZC-400. These peripherals
share a similar programmer's view.

Furthermore, it is possible to have multiple instances of each type of
peripheral in a system resulting in multiple programmer's views.
For example, on the TZC-400 each of the 4 filter units can be enabled
or disabled for each region. There is a single set of registers to
program the region attributes. On the DMC-500, each filter unit has its
own programmer's view resulting in multiple sets of registers to program
the region attributes. The layout of the registers is almost the same
across all these variations.

Hence the existing driver in `tzc400\tzc400.c` is refactored into the
new driver in `tzc\tzc400.c`. The previous driver file is still maintained
for compatibility and it is now deprecated.

Change-Id: Ieabd0528e244582875bc7e65029a00517671216d

Remove xlat_helpers.c ...

lib/aarch64/xlat_helpers.c defines helper functions to build
translation descriptors, but no common code or upstream platform
port uses them. As the rest of the xlat_tables code evolves, there
may be conflicts with these helpers, therefore this code should be
removed.

Change-Id: I9f5be99720f929264818af33db8dada785368711

TBB: add non-volatile counter support ...

This patch adds support for non-volatile counter authentication to
the Authentication Module. This method consists of matching the
counter values provided in the certificates with the ones stored
in the platform. If the value from the certificate is lower than
the platform, the boot process is aborted. This mechanism protects
the system against rollback.

The TBBR CoT has been updated to include this method as part of the
authentication process. Two counters are used: one for the trusted
world images and another for the non trusted world images.

** NEW PLATFORM APIs (mandatory when TBB is enabled) **

int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);

    This API returns the non-volatile counter value stored
    in the platform. The cookie in the first argument may be
    used to select the counter in case the platform provides
    more than one (i.e. TBSA compliant platforms must provide
    trusted and non-trusted counters). This cookie is specified
    in the CoT.

int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);

    This API sets a new counter value. The cookie may be
    used to select the counter to be updated.

An implementation of these new APIs for ARM platforms is also
provided. The values are obtained from the Trusted Non-Volatile
Counters peripheral. The cookie is used to pass the extension OID.
This OID may be interpreted by the platform to know which counter
must return. On Juno, The trusted and non-trusted counter values
have been tied to 31 and 223, respectively, and cannot be modified.

** IMPORTANT **

THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
ORDER TO SUCCESSFULLY BUILD TF.

Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a

Merge pull request #570 from davwan01/bl31-in-dram ...

Add support to load BL31 in DRAM

Merge pull request #554 from ljerry/tf_issue_368_ter ...

Enable asynchronous abort exceptions during boot

Add support to load BL31 in DRAM ...

This patch adds an option to the ARM common platforms to load BL31 in the
TZC secured DRAM instead of the default secure SRAM.

To enable this feature, set `ARM_BL31_IN_DRAM` to 1 in build options.
If TSP is present, then setting this option also sets the TSP location
to DRAM and ignores the `ARM_TSP_RAM_LOCATION` build flag.

To use this feature, BL2 platform code must map in the DRAM used by
BL31. The macro ARM_MAP_BL31_SEC_DRAM is provided for this purpose.
Currently, only the FVP BL2 platform code maps in this DRAM.

Change-Id: If5f7cc9deb569cfe68353a174d4caa48acd78d67