drivers: arm: pl011: Update PL011 driver to support MULTI_CONSOLE_API ...

This patch updates the ARM PL011 console driver to support the new
console API. The driver will continue to support the old API as well by
checking the MULTI_CONSOLE_API compile-time flag.

Change-Id: Ic34e4158addbb0c5fae500c9cff899c05a4f4206
Signed-off-by: Julius Werner <jwerner@chromium.org>

drivers: ti: uart: Update 16550 UART driver to support MULTI_CONSOLE_API ...

This patch updates the TI 16550 console driver to support the new
console API. The driver will continue to support the old API as well by
checking the MULTI_CONSOLE_API compile-time flag.

Change-Id: I60a44b7ba3c35c74561824c04b8dbe3e3039324c
Signed-off-by: Julius Werner <jwerner@chromium.org>

Merge pull request #1200 from robertovargas-arm/bl2-el3 ...

Add BL2_AT_EL3 build option

Workaround for CVE-2017-5715 for Cortex A9, A15 and A17 ...

A per-cpu vbar is installed that implements the workaround by
invalidating the branch target buffer (BTB) directly in the case of A9
and A17 and indirectly by invalidating the icache in the case of A15.

For Cortex A57 and A72 there is currently no workaround implemented
when EL3 is in AArch32 mode so report it as missing.

For other vulnerable CPUs (e.g. Cortex A73 and Cortex A75), there are
no changes since there is currently no upstream AArch32 EL3 support
for these CPUs.

Change-Id: Ib42c6ef0b3c9ff2878a9e53839de497ff736258f
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

sp_min: Implement workaround for CVE-2017-5715 ...

This patch introduces two workarounds for ARMv7 systems.  The
workarounds need to be applied prior to any `branch` instruction in
secure world.  This is achieved using a custom vector table where each
entry is an `add sp, sp, #1` instruction.

On entry to monitor mode, once the sequence of `ADD` instructions is
executed, the branch target buffer (BTB) is invalidated.  The bottom
bits of `SP` are then used to decode the exception entry type.

A side effect of this change is that the exception vectors are
installed before the CPU specific reset function.  This is now
consistent with how it is done on AArch64.

Note, on AArch32 systems, the exception vectors are typically tightly
integrated with the secure payload (e.g. the Trusted OS).  This
workaround will need porting to each secure payload that requires it.

The patch to modify the AArch32 per-cpu vbar to the corresponding
workaround vector table according to the CPU type will be done in a
later patch.

Change-Id: I5786872497d359e496ebe0757e8017fa98f753fa
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Mark functions defined in assembly files ...

This patch change the name of the section containing the functions
defined in assembly files from text.* to text.asm.*. This change
makes possible to select in the linker script the functions
defined in those files.

Change-Id: If35e44ef1b43ffd951dfac5e052db75d7198e2e0
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

bl2-el3: Add BL2 at EL3 support in FVP ...

This patch add supports for the new API added for BL2 at EL3 for
FVP. We don't have a non-TF Boot ROM for FVP, but this option can be
tested setting specific parameters in the model.

The bl2 image is loaded directly in memory instead of being loaded
by a non-TF Boot ROM and the reset address is changed:

	--data cluster0.cpu0=bl2.bin@0x4001000
	-C cluster0.cpu0.RVBAR=0x4001000

These parameters mean that in the cold boot path the processor will
jump to BL2 again. For this reason, BL2 is loaded in dram in this
case, to avoid other images reclaiming BL2 memory.

Change-Id: Ieb2ff8535a9e67ccebcd8c2212cad366e7776422
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

bl2-el3: Add BL2_EL3 image ...

This patch enables BL2 to execute at the highest exception level
without any dependancy on TF BL1. This enables platforms which already
have a non-TF Boot ROM to directly load and execute BL2 and subsequent BL
stages without need for BL1.  This is not currently possible because
BL2 executes at S-EL1 and cannot jump straight to EL3.

Change-Id: Ief1efca4598560b1b8c8e61fbe26d1f44e929d69
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

emmc: add macros CMD21, BUS_WIDTH_DDR_4 and BUS_WIDTH_DDR_8 ...

Add some macros according to JEDEC Standard Embedded Multi-Media
Card (eMMC) Electrical Standard (5.1)": Table 145 - Bus Mode
Selection.

Change-Id: Iaa45e0582653ef4290efd60d039f0bdc420eeb47
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>

utils: rename struct mem_region_t to struct mem_region ...

typedef mem_region_t mem_region_t;

... seems to work because they belong to different name-spaces,
but humans are confused even if compilers are not.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

Merge pull request #1219 from antonio-nino-diaz-arm/an/mm-version ...

SPM: Fix version header definitions

Merge pull request #1215 from vwadekar/tlkd-ns-dram-ranges ...

spd: tlkd: support for "NS memory ranges" function ID

Merge pull request #1197 from dp-arm/dp/amu ...

AMUv1 support

Merge pull request #1214 from dp-arm/dp/cve_2017_5715 ...

Workarounds for CVE-2017-5715 on Cortex A57/A72/A73 and A75

Increase BL31 memory space by 2 pages ...

On some build configurations BL31 is running out of space.  Now that
TSP is moved to secure dram, we have a bit of additional space to use
in BL31.

Change-Id: Ib89fcd8bae99c85c9c5e5d9228bb42fb7048dcb6
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>

Add hooks to save/restore AMU context for Cortex A75 ...

Change-Id: I504d3f65ca5829bc1f4ebadb764931f8379ee81f
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

AMU: Add hooks to save/restore AMU context ...

On some systems, the AMU counters might reset to 0 when a CPU
powerdown happens.  This behaviour conflicts with the intended
use-case of AMU as lower ELs are only expected to see non-decreasing
counter values.

Change-Id: If25519965d4e6e47e09225d0e732947986cbb5ec
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

AMU: Add configuration helpers for aarch64 ...

Add some AMU helper functions to allow configuring, reading and
writing of the Group 0 and Group 1 counters.  Documentation for these
helpers will come in a separate patch.

Change-Id: I656e070d2dae830c22414f694aa655341d4e2c40
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

AMU: Add plat interface to select which group 1 counters to enable ...

A new platform macro `PLAT_AMU_GROUP1_COUNTERS_MASK` controls which
group 1 counters should be enabled. The maximum number of group 1
counters supported by AMUv1 is 16 so the mask can be at most 0xffff.
If the platform does not define this mask, no group 1 counters are
enabled.

A related platform macro `PLAT_AMU_GROUP1_NR_COUNTERS` is used by
generic code to allocate an array to save and restore the counters on
CPU suspend.

Change-Id: I6d135badf4846292de931a43bb563077f42bb47b
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Add PubSub events for CPU powerdown/powerup ...

The suspend hook is published at the start of a CPU powerdown
operation.  The resume hook is published at the end of a CPU powerup
operation.

Change-Id: I50c05e2dde0d33834095ac41b4fcea4c161bb434
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Use PFR0 to identify need for mitigation of CVE-2017-5915 ...

If the CSV2 field reads as 1 then branch targets trained in one
context cannot affect speculative execution in a different context.
In that case skip the workaround on Cortex A75.

Change-Id: I4d5504cba516a67311fb5f0657b08f72909cbd38
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Workaround for CVE-2017-5715 on Cortex A73 and A75 ...

Invalidate the Branch Target Buffer (BTB) on entry to EL3 by
temporarily dropping into AArch32 Secure-EL1 and executing the
`BPIALL` instruction.

This is achieved by using 3 vector tables.  There is the runtime
vector table which is used to handle exceptions and 2 additional
tables which are required to implement this workaround.  The
additional tables are `vbar0` and `vbar1`.

The sequence of events for handling a single exception is
as follows:

1) Install vector table `vbar0` which saves the CPU context on entry
   to EL3 and sets up the Secure-EL1 context to execute in AArch32 mode
   with the MMU disabled and I$ enabled.  This is the default vector table.

2) Before doing an ERET into Secure-EL1, switch vbar to point to
   another vector table `vbar1`.  This is required to restore EL3 state
   when returning from the workaround, before proceeding with normal EL3
   exception handling.

3) While in Secure-EL1, the `BPIALL` instruction is executed and an
   SMC call back to EL3 is performed.

4) On entry to EL3 from Secure-EL1, the saved context from step 1) is
   restored.  The vbar is switched to point to `vbar0` in preparation to
   handle further exceptions.  Finally a branch to the runtime vector
   table entry is taken to complete the handling of the original
   exception.

This workaround is enabled by default on the affected CPUs.

NOTE
====

There are 4 different stubs in Secure-EL1.  Each stub corresponds to
an exception type such as Sync/IRQ/FIQ/SError.  Each stub will move a
different value in `R0` before doing an SMC call back into EL3.
Without this piece of information it would not be possible to know
what the original exception type was as we cannot use `ESR_EL3` to
distinguish between IRQs and FIQs.

Change-Id: I90b32d14a3735290b48685d43c70c99daaa4b434
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Workaround for CVE-2017-5715 on Cortex A57 and A72 ...

Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling
and enabling the MMU.  To achieve this without performing any branch
instruction, a per-cpu vbar is installed which executes the workaround
and then branches off to the corresponding vector entry in the main
vector table.  A side effect of this change is that the main vbar is
configured before any reset handling.  This is to allow the per-cpu
reset function to override the vbar setting.

This workaround is enabled by default on the affected CPUs.

Change-Id: I97788d38463a5840a410e3cea85ed297a1678265
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

SPM: Fix version header definitions ...

Rename SP_VERSION macros to MM_VERSION, which is the name used in the MM
specification [1]. Also, a few more helper macros have been added.

MM-specific definitions have been moved to their own header file.

[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf

Change-Id: Ia10e48c7e81a7a1f5eeca29a5270cae740a4a88a
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

spd: tlkd: support for "NS memory ranges" function ID ...

This patch adds support to receive function ID with NS world's
memory ranges to provide the memory snapshot to TLK.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

Move TSP to TZC secured DRAM ...

To allow BL31 to grow in SRAM, move TSP in TZC secured DRAM
by default.

Increase the BL31 max limit by one page.

Change-Id: Idd3479be02f0f9bafac2f275376d7db0c2015431
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

ARM platforms: Allow platforms to define SDEI events ...

With this patch, ARM platforms are expected to define the macros
PLAT_ARM_SDEI_PRIVATE_EVENTS and PLAT_ARM_SDEI_SHARED_EVENTS as a list
of private and shared events, respectively. This allows for individual
platforms to define their own events.

Change-Id: I66851fdcbff83fd9568c2777ade9eb12df284b49
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

Add new function-pointer-based console API ...

This patch overhauls the console API to allow for multiple console
instances of different drivers that are active at the same time. Instead
of binding to well-known function names (like console_core_init),
consoles now provide a register function (e.g. console_16550_register())
that will hook them into the list of active consoles. All console
operations will be dispatched to all consoles currently in the list.

The new API will be selected by the build-time option MULTI_CONSOLE_API,
which defaults to ${ERROR_DEPRECATED} for now. The old console API code
will be retained to stay backwards-compatible to older platforms, but
should no longer be used for any newly added platforms and can hopefully
be removed at some point in the future.

The new console API is intended to be used for both normal (bootup) and
crash use cases, freeing platforms of the need to set up the crash
console separately. Consoles can be individually configured to be active
active at boot (until first handoff to EL2), at runtime (after first
handoff to EL2), and/or after a crash. Console drivers should set a sane
default upon registration that can be overridden with the
console_set_scope() call. Code to hook up the crash reporting mechanism
to this framework will be added with a later patch.

This patch only affects AArch64, but the new API could easily be ported
to AArch32 as well if desired.

Change-Id: I35c5aa2cb3f719cfddd15565eb13c7cde4162549
Signed-off-by: Julius Werner <jwerner@chromium.org>

utils_def: Add REGSZ and make BIT() assembly-compatible ...

In assembly code it can be useful to have a constant for the width of a
register in the current architecture, so this patch adds one to
<utils_def.h> and replaces the existing custom one in crash_reporting.S
with that. It also fixes up the BIT() macro in the same file so that it
can be safely used in assembly code.

Change-Id: I10513a311f3379e767396e6ddfbae8d2d8201464
Signed-off-by: Julius Werner <jwerner@chromium.org>

Merge pull request #1178 from davidcunado-arm/dc/enable_sve ...

Enable SVE for Non-secure world