Add support for Branch Target Identification ...

This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.

Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

Merge changes from topic "sami/550_fix_n1sdp_issues_v1" into integration ...

* changes:
  N1SDP: Initialise CNTFRQ in Non Secure CNTBaseN
  N1SDP: Fix DRAM2 start address
  Add option for defining platform DRAM2 base
  Disable speculative loads only if SSBS is supported

Add option for defining platform DRAM2 base ...

The default DRAM2 base address for Arm platforms
is 0x880000000. However, on some platforms the
firmware may want to move the start address to
a different value.

To support this introduce PLAT_ARM_DRAM2_BASE that
defaults to 0x880000000; but can be overridden by
a platform (e.g. in platform_def.h).

Change-Id: I0d81195e06070bc98f376444b48ada2db1666e28
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>

SMMUv3: Abort DMA transactions ...

For security DMA should be blocked at the SMMU by default
unless explicitly enabled for a device. SMMU is disabled
after reset with all streams bypassing the SMMU, and
abortion of all incoming transactions implements a default
deny policy on reset.
This patch also moves "bl1_platform_setup()" function from
arm_bl1_setup.c to FVP platforms' fvp_bl1_setup.c and
fvp_ve_bl1_setup.c files.

Change-Id: Ie0ffedc10219b1b884eb8af625bd4b6753749b1a
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

Merge changes from topic "sm/fix_a76_errata" into integration ...

* changes:
  Workaround for cortex-A76 errata 1286807
  Cortex-A76: workarounds for errata 1257314, 1262606, 1262888, 1275112

Workaround for cortex-A76 errata 1286807 ...

The workaround for Cortex-A76 errata #1286807 is implemented
in this patch.

Change-Id: I6c15af962ac99ce223e009f6d299cefb41043bed
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

Cortex-A76: workarounds for errata 1257314, 1262606, 1262888, 1275112 ...

The workarounds for errata 1257314, 1262606, 1262888 and 1275112 are
added to the Cortex-A76 cpu specific file. The workarounds are disabled
by default and have to be explicitly enabled by the platform integrator.

Change-Id: I70474927374cb67725f829d159ddde9ac4edc343
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

SMMUv3: refactor the driver code ...

This patch is a preparation for the subsequent changes in
SMMUv3 driver. It introduces a new "smmuv3_poll" function
and replaces inline functions for accessing SMMU registers
with mmio read/write operations. Also the infinite loop
for the poll has been replaced with a counter based timeout.

Change-Id: I7a0547beb1509601f253e126b1a7a6ab3b0307e7
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

sp_min: make sp_min_warm_entrypoint public ...

Similar to bl31_warm_entrypoint, sp_min-based platforms may need
that for special resume handling.

Therefore move it from the private header to the sp_min platform header.

Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Change-Id: I40d9eb3ff77cff88d47c1ff51d53d9b2512cbd3e

Merge "Neoverse N1: Forces cacheable atomic to near" into integration

Merge changes from topic "aa-sbsa-watchdog" into integration ...

* changes:
  plat/arm: introduce wrapper functions to setup secure watchdog
  drivers/sbsa: add sbsa watchdog driver

Neoverse N1: Forces cacheable atomic to near ...

This patch forces all cacheable atomic instructions to be near, which
improves performance in highly contended parallelized use-cases.

Change-Id: I93fac62847f4af8d5eaaf3b52318c30893e947d3
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

plat/arm: introduce wrapper functions to setup secure watchdog ...

The BL1 stage setup code for ARM platforms sets up the SP805 watchdog
controller as the secure watchdog. But not all ARM platforms use SP805
as the secure watchdog controller.

So introduce two new ARM platform code specific wrapper functions to
start and stop the secure watchdog. These functions then replace the
calls to SP805 driver in common BL1 setup code. All the ARM platforms
implement these wrapper functions by either calling into SP805 driver
or the SBSA watchdog driver.

Change-Id: I1a9a11b124cf3fac2a84f22ca40acd440a441257
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>

drivers/sbsa: add sbsa watchdog driver ...

Add a driver for configuring the SBSA Generic Watchdog which aids in
the detection of errant system behaviour.

Change-Id: I5a1e7149c69fd8b85be7dfbcf511f431339946f4
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>

DSU: Implement workaround for errata 798953 ...

Under certain near idle conditions, DSU may miss response transfers on
the ACE master or Peripheral port, leading to deadlock. This workaround
disables high-level clock gating of the DSU to prevent this.

Change-Id: I820911d61570bacb38dd325b3519bc8d12caa14b
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

DSU: Small fix and reformat on errata framework ...

Change-Id: I50708f6ccc33059fbfe6d36fd66351f0b894311f
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

Cortex-A35: Implement workaround for errata 855472 ...

Under specific conditions, the processor might issue an eviction and an
L2 cache clean operation to the interconnect in the wrong order. Set
the CPUACTLR.ENDCCASCI bit to 1 to avoid this.

Change-Id: Ide7393adeae04581fa70eb9173b742049fc3e050
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

Mbed TLS: Remove weak heap implementation ...

The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.

The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.

Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

Merge "aarch32: Allow compiling with soft-float toolchain" into integration

Merge "cpus: Fix Cortex-A12 MIDR mask" into integration

Merge "Add support for Cortex-A76AE CPU" into integration

Add support for Cortex-A76AE CPU ...

Change-Id: I0a81f4ea94d41245cd5150de341b51fc70babffe
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

cot-desc: optimise memory further ...

This changes the auth_img_desc_t struct to have pointers to struct
arrays instead of struct arrays. This saves memory as many of these
were never used, and can be NULL pointers. Note the memory savings are
only when these arrays are not initialised, as it is assumed these
arrays are fixed length. A possible future optimisation could allow for
variable length.

memory diff:
bl1:        bl2:
    text        text
      -12         -12
    bss         bss
      -1463       0
    data        data
      -56         -48
    rodata      rodata
      -5688       -2592
    total       total
      -7419       -2652

Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>

Reduce memory needed for CoT description ...

When Trusted Board Boot is enabled, we need to specify the Chain of
Trust (CoT) of the BL1 and BL2 images. A CoT consists of an array
of image descriptors. The authentication module assumes that each
image descriptor in this array is indexed by its unique image
identifier. For example, the Trusted Boot Firmware Certificate has to
be at index [TRUSTED_BOOT_FW_CERT_ID].

Unique image identifiers may not necessarily be consecutive. Also,
a given BL image might not use all image descriptors. For example, BL1
does not need any of the descriptors related to BL31. As a result, the
CoT array might contain holes, which unnecessarily takes up space in
the BL binary.

Using pointers to auth_img_desc_t structs (rather than structs
themselves) means these unused elements only use 1 pointer worth of
space, rather than one struct worth of space. This patch also changes
the code which accesses this array to reflect the change to pointers.

Image descriptors not needed in BL1 or BL2 respectively are also
ifdef'd out in this patch. For example, verifying the BL31 image is
the responsibility of BL2 so BL1 does not need any of the data
structures describing BL31.

memory diff:
bl1:        bl2:
    text        text
      -20         -20
    bss         bss
      -1463       0
    data        data
      -256        -48
    rodata      rodata
      -5240       -1952
    total       total
      -6979       -2020

Change-Id: I163668b174dc2b9bbb183acec817f2126864aaad
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>

cpus: Fix Cortex-A12 MIDR mask ...

The Cortex-A12's primary part number is 0xC0D not 0xC0C, so
fix that to make the A12's cpu operations findable.

Change-Id: I4440a039cd57a2fe425fd8a8ec5499ca8e895e31
Signed-off-by: Heiko Stuebner <heiko@sntech.de>

aarch32: Allow compiling with soft-float toolchain ...

ARMv7 and Cortex-A32(ARMv8/aarch32) uses "arm-linux-gnueabi" toolchain which
has both soft-float and hard-float variants and so there could be scenarios
where soft-float toolchain is used.Even though TF-A documentation recommends
to use hard-float toolchain for aarch32 but there are external projects where
we cannot mandate the selection of toolchain and for those projects at least
the build should not fail.

Current TF-A source fails to build with soft-float toolchain because assembler
does not recognizes "vmsr" instruction which is required to enable floating
point unit.

To avoid this piece of code being compiled with soft-float toolchain add
predefined macro guard " __SOFTFP__" exposed by soft-float toolchain.

Change-Id: I76ba40906a8d622dcd476dd36ab4d277a925996c
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>

Remove deprecated interfaces ...

Change-Id: I14fcabbdfd53153d1d5f187f6f8b23a045794408
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

tzc: remove deprecated types ...

Types tzc_action_t and tzc_region_attributes_t are deprecated.

Change-Id: Ieefeb8521a0e1130f39d09b5c0d2728f05084773
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

Console: remove deprecated finish_console_register ...

The old version of the macro is deprecated.

Commit cc5859ca19ff ("Multi-console: Deprecate the
`finish_console_register` macro") provides more details.

Change-Id: I3d1cdf6496db7d8e6cfbb5804f508ff46ae7e67e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

Merge pull request #1916 from antonio-nino-diaz-arm/an/spm-xlat ...

SPM: Some improvements to xlat handling code