SPM: Allow preemption in non-blocking requests ...

Change-Id: I1fdc2285a3f6517a715ad6159322543fd5a37a37
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Support non-blocking calls ...

Note that the arguments passed during the SMC call don't comply with the
SPCI specifications. This will be fixed in following patches, but it is
needed to implement a few more SPCI SMCs to be able to do it. The
current code allows us to start testing it.

Change-Id: Ic13dcc54c40327df03be1b0f52e8a44f468f06b4
Co-authored-by: Jean-Paul Etienne <jean-paul.etienne@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Implement global response buffer helpers ...

This buffer is where all the responses from Secure Partitions are stored
until they are requested.

Change-Id: Iafeb8f0848c5ff6f3e187060cd3a47702484dc45
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Prevent simultaneous blocking calls ...

Blocking calls can only succeed if the target Secure Partition is idle.

Change-Id: Iabeaa0b8d3e653fd8581fa086758936abfc1c772
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Support blocking calls ...

Note that the arguments passed during the SMC call don't comply with the
SPCI specifications. This will be fixed in following patches, but it is
needed to implement a few more SPCI SMCs to be able to do it. The
current code allows us to start testing it.

Change-Id: Ief0e75d072b311737fcdb0c6a60ba5b7406a9ee5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Introduce SPRT C host library ...

Change-Id: If57ec9cc0791f49d9ade83dff9d24ef9047963a8
Co-authored-by: Jean-Paul Etienne <jean-paul.etienne@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Implement SPCI open/close handle SMCs ...

Introduce SMCs that open and close handles according to the SPCI
specification.

Change-Id: I65f365f15612e01aa445e783e96e48ae275c39fd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Introduce SMC handlers for SPCI and SPRT ...

Change-Id: I2ae9b3bb686c41b2e138132a7bed107925ac861e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Support multiple xlat tables contexts ...

Change-Id: Ib7c2529b85bb5930d44907edfc8ead13d3b1ef4d
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Support multiple partitions ...

Change-Id: I6673a5f8c2f6afa7780483e0ce8d4dad4c8dc8ea
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Remove old SMC interfaces ...

Remove interfaces based on MM_COMMUNICATE.

Change-Id: I628c884b91d9f4758269ea2c4dedc37a66bb93cf
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Map memory regions from RD ...

SPM needs to map a number of regions on behalf of the secure partition.
Previously, it used to get a list of them from platform code using the
plat_get_secure_partition_mmap() API. Now it gets them from the resource
description structure.

The SPM<->SP shared buffer is mapped dynamically at EL3. This buffer is
used to pass information between SPM and SP, so it must be mapped at EL3
as well in order to be used by SPM.

Dynamic translation tables have been enabled when the Trusted Firmware
is compiled with SPM support.

Change-Id: I64ad335e931661812a0a60558e60372e1e5e6b72
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Read entrypoint from resource descriptor ...

Read entrypoint of the Secure Partition from the resource description
struct.

Change-Id: Ie693c7b4d4fecafd85b6934d9d8c4232efb1dc55
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Load image and RD from SP package ...

Load SP and RD from package instead of relying on RD being already
loaded in memory and the SP being loaded as a BL32 image.

Change-Id: I18d4fbf4597656c6a7e878e1d7c01a8a324f3f8a
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Remove SP memory mappings definitions ...

This information is retrieved from the resource description now.

Change-Id: Iaae23945eb2c45305cdc6442853e42f4e04fe094
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Deprecate boot info struct ...

This information is defined by the Secure Partition in the resource
description.

Change-Id: Ia7db90c5de8360a596106880d3f6a632a88d3ea8
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Deprecate the current implementation ...

The current SPM is a prototype that only supports one secure partition
in EL0. The objective of SPM is to have multiple partitions. The current
MM interface isn't adequate for this, so it is needed to modify heavily
the code to add proper support for it.

However, there are platforms which are already using this (like SGI) and
removing the code would break it.  For this reason, the current SPM code
has been duplicated in order to temporarily preserve compatibility. All
new improvements/changes to SPM will be done in the non-deprecated copy,
that may change without notice.

The new build option SPM_DEPRECATED has been introduced to select the SPM
implementation. It defaults to 1, that selects the deprecated SPM.

Change-Id: Ic9f80b53b450e97b4d3f47e4ef4a138ee8d87443
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

AArch64: Use SSBS for CVE_2018_3639 mitigation ...

The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass
Safe) bit to mitigate against Variant 4 vulnerabilities. Although an
Armv8.5 feature, this can be implemented by CPUs implementing earlier
version of the architecture.

With this patch, when both PSTATE.SSBS is implemented and
DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for
SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to
indicate that mitigation on the PE is either permanently enabled or not
required.

When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset
of every BL stage. This means that EL3 always executes with mitigation
applied.

For Cortex A76, if the PE implements SSBS, the existing mitigation (by
using a different vector table, and tweaking CPU ACTLR2) is not used.

Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

SDEI: Unconditionally resume Secure if it was interrupted ...

Secure world execution nearly always expect a controlled exit to
Non-secure world. SDEI interrupts, although targets EL3, occur on behalf
of Non-secure world, and may have higher priority than Secure world
interrupts. Therefore they might preempt Secure execution, and yield
execution to Non-secure SDEI handler. Upon completion of SDEI event
handling (regardless of whether it's COPLETE or COMPLETE_AND_RESUME), we
must resume Secure execution if it was preempted.

Change-Id: I6edd991032588588427ba2fe6c3d7668f7080e3d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

SPM: Raise running priority of the core while in Secure Partition ...

The current secure partition design mandates that a) at a point, only
a single core can be executing in the secure partition, and b) a core
cannot be preempted by an interrupt while executing in secure
partition.

Ensure this by activating the SPM priority prior to entering the
parition. Deactivate the priority on return from the
partition.

Change-Id: Icb3473496d16b733564592eef06304a1028e4f5c
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>

Standardise header guards across codebase ...

All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.

The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.

The exceptions are files that are imported from other projects:

- CryptoCell driver
- dt-bindings folders
- zlib headers

Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

sdei: include "context.h" to fix compilation errors ...

This patch includes context.h from sdei_private.h to fix the
following compilation errors:

<snip>
In file included from services/std_svc/sdei/sdei_event.c:9:0:
services/std_svc/sdei/sdei_private.h: In function 'sdei_client_el':
services/std_svc/sdei/sdei_private.h:164:2: error: unknown type name 'cpu_context_t'
  cpu_context_t *ns_ctx = cm_get_context(NON_SECURE);
  ^
services/std_svc/sdei/sdei_private.h:165:2: error: unknown type name 'el3_state_t'
  el3_state_t *el3_ctx = get_el3state_ctx(ns_ctx);
  ^
services/std_svc/sdei/sdei_private.h:165:2: error: implicit declaration of function 'get_el3state_ctx' [-Werror=implicit-function-declaration]
services/std_svc/sdei/sdei_private.h:165:25: error: initialization makes pointer from integer without a cast [-Werror]
  el3_state_t *el3_ctx = get_el3state_ctx(ns_ctx);
                         ^
services/std_svc/sdei/sdei_private.h:167:2: error: implicit declaration of function 'read_ctx_reg' [-Werror=implicit-function-declaration]
  return ((read_ctx_reg(el3_ctx, CTX_SCR_EL3) & SCR_HCE_BIT) != 0U) ?
  ^
services/std_svc/sdei/sdei_private.h:167:33: error: 'CTX_SCR_EL3' undeclared (first use in this function)
  return ((read_ctx_reg(el3_ctx, CTX_SCR_EL3) & SCR_HCE_BIT) != 0U) ?
                                 ^
services/std_svc/sdei/sdei_private.h:167:33: note: each undeclared identifier is reported only once for each function it appears in
cc1: all warnings being treated as errors
<snip>

Change-Id: Id0cad56accf81b19cb0d301784f3f086dd052722
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

Merge pull request #1584 from danielboulby-arm/db/Switches ...

Ensure the flow through switch statements is clear

Remove all other deprecated interfaces and files ...

Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Ensure the flow through switch statements is clear ...

Ensure case clauses:
*   Terminate with an unconditional break, return or goto statement.
*   Use conditional break, return or goto statements as long as the end
    of the case clause is unreachable; such case clauses must terminate
    with assert(0) /* Unreachable */ or an unconditional  __dead2 function
    call
*   Only fallthough when doing otherwise would result in less
    readable/maintainable code; such case clauses must terminate with a
    /* Fallthrough */ comment to make it clear this is the case and
    indicate that a fallthrough is intended.

This reduces the chance of bugs appearing due to unintended flow through a
switch statement

Change-Id: I70fc2d1f4fd679042397dec12fd1982976646168
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

trusty: Fix return value of trusty_init() ...

The value used to signal failure is 0. It is needed to return a different
value on success.

Change-Id: I2186aa7dfbfc825bfe7b3d5ae3c4de7af10ee44f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SDEI: Mask events after CPU wakeup ...

The specification requires that, after wakeup from a CPU suspend, the
dispatcher must mask all events on the CPU. This patch adds the feature
to the SDEI dispatcher by subscribing to the PSCI suspend to power down
event, and masking all events on the PE.

Change-Id: I9fe1d1bc2a58379ba7bba953a8d8b275fc18902c
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

opteed: pass power level on suspend ...

Some platforms might chose to take different actions depending on this
value; this is precisely the case for rcar-gen3.

Signed-off-by: Jorge Ramirez-Ortiz <jramirez@baylibre.com>

libc: Use printf and snprintf across codebase ...

tf_printf and tf_snprintf are now called printf and snprintf, so the
code needs to be updated.

Change-Id: Iffeee97afcd6328c4c2d30830d4923b964682d71
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

libc: Fix all includes in codebase ...

The codebase was using non-standard headers. It is needed to replace
them by the correct ones so that we can use the new libc headers.

Change-Id: I530f71d9510cb036e69fe79823c8230afe890b9d
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>