Juno: Change the Firmware update detect mechanism

Previously, Juno used to depend on the SSC_GPRETN register to inform
about the reset syndrome. This method was removed when SCP migrated
to the SDS framework. But even the SDS framework doesn't report the
reset syndrome correctly and hence Juno failed to enter Firmware
update mode if BL2 authentication failed.

In addition to that, the error code populated in V2M_SYS_NVFLAGS register
does not seem to be retained any more on Juno across resets. This could
be down to the motherboard firmware not doing the necessary to preserve
the value.

Hence this patch modifies the Juno platform to use the same mechanism to
trigger firmware update as FVP which is to corrupt the FIP TOC on
authentication failure. The implementation in `fvp_err.c` is made common
for ARM platforms and is moved to the new `arm_err.c` file in
plat/arm/common folder. The BL1 and BL2 mmap table entries for Juno
are modified to allow write to the Flash memory address.

Change-Id: Ica7d49a3e8a46a90efd4cf340f19fda3b549e945
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

plat/arm/board/common/board_css_common.c

@@ -14,7 +14,7 @@
 #ifdef IMAGE_BL1
 const mmap_region_t plat_arm_mmap[] = {
 	ARM_MAP_SHARED_RAM,
-	V2M_MAP_FLASH0_RO,
+	V2M_MAP_FLASH0_RW,
 	V2M_MAP_IOFPGA,
 	CSS_MAP_DEVICE,
 	SOC_CSS_MAP_DEVICE,
@@ -28,7 +28,7 @@ const mmap_region_t plat_arm_mmap[] = {
 #ifdef IMAGE_BL2
 const mmap_region_t plat_arm_mmap[] = {
 	ARM_MAP_SHARED_RAM,
-	V2M_MAP_FLASH0_RO,
+	V2M_MAP_FLASH0_RW,
 #ifdef PLAT_ARM_MEM_PROT_ADDR
 	ARM_V2M_MAP_MEM_PROTECT,
 #endif

plat/arm/board/fvp/fvp_bl1_setup.c

@@ -30,16 +30,3 @@ void bl1_early_platform_setup(void)
 	 */
 	fvp_interconnect_enable();
 }
-
-/*******************************************************************************
- * The following function checks if Firmware update is needed,
- * by checking if TOC in FIP image is valid or not.
- ******************************************************************************/
-unsigned int bl1_plat_get_next_image_id(void)
-{
-	if (!arm_io_is_toc_valid())
-		return NS_BL1U_IMAGE_ID;
-
-	return BL2_IMAGE_ID;
-}
-

plat/arm/board/fvp/platform.mk

@@ -124,7 +124,6 @@ BL1_SOURCES		+=	drivers/io/io_semihosting.c			\
 				lib/semihosting/${ARCH}/semihosting_call.S	\
 				plat/arm/board/fvp/${ARCH}/fvp_helpers.S	\
 				plat/arm/board/fvp/fvp_bl1_setup.c		\
-				plat/arm/board/fvp/fvp_err.c			\
 				plat/arm/board/fvp/fvp_io_storage.c		\
 				plat/arm/board/fvp/fvp_trusted_boot.c		\
 				${FVP_CPU_LIBS}					\
@@ -135,7 +134,6 @@ BL2_SOURCES		+=	drivers/io/io_semihosting.c			\
 				lib/semihosting/semihosting.c			\
 				lib/semihosting/${ARCH}/semihosting_call.S	\
 				plat/arm/board/fvp/fvp_bl2_setup.c		\
-				plat/arm/board/fvp/fvp_err.c			\
 				plat/arm/board/fvp/fvp_io_storage.c		\
 				plat/arm/board/fvp/fvp_trusted_boot.c		\
 				${FVP_SECURITY_SOURCES}

plat/arm/board/juno/juno_bl1_setup.c

@@ -12,31 +12,8 @@
 #include <tbbr_img_def.h>
 #include <v2m_def.h>
 
-#define RESET_REASON_WDOG_RESET		(0x2)
-
 void juno_reset_to_aarch32_state(void);
 
-
-/*******************************************************************************
- * The following function checks if Firmware update is needed,
- * by checking if TOC in FIP image is valid or watchdog reset happened.
- ******************************************************************************/
-unsigned int bl1_plat_get_next_image_id(void)
-{
-	unsigned int *reset_flags_ptr = (unsigned int *)SSC_GPRETN;
-	unsigned int *nv_flags_ptr = (unsigned int *)
-			(V2M_SYSREGS_BASE + V2M_SYS_NVFLAGS);
-	/*
-	 * Check if TOC is invalid or watchdog reset happened.
-	 */
-	if ((arm_io_is_toc_valid() != 1) ||
-		((*reset_flags_ptr & RESET_REASON_WDOG_RESET) &&
-		((*nv_flags_ptr == -EAUTH) || (*nv_flags_ptr == -ENOENT))))
-		return NS_BL1U_IMAGE_ID;
-
-	return BL2_IMAGE_ID;
-}
-
 /*******************************************************************************
  * On JUNO update the arg2 with address of SCP_BL2U image info.
  ******************************************************************************/

plat/arm/board/juno/juno_err.c

@@ -1,27 +0,0 @@
-/*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <arch_helpers.h>
-#include <errno.h>
-#include <platform.h>
-#include <v2m_def.h>
-
-#define V2M_SYS_NVFLAGS_ADDR		(V2M_SYSREGS_BASE + V2M_SYS_NVFLAGS)
-
-/*
- * Juno error handler
- */
-void plat_error_handler(int err)
-{
-	uint32_t *flags_ptr = (uint32_t *)V2M_SYS_NVFLAGS_ADDR;
-
-	/* Propagate the err code in the NV-flags register */
-	*flags_ptr = err;
-
-	/* Loop until the watchdog resets the system */
-	for (;;)
-		wfi();
-}

plat/arm/board/juno/platform.mk

@@ -49,12 +49,10 @@ BL1_SOURCES		+=	lib/cpus/aarch64/cortex_a53.S		\
 				lib/cpus/aarch64/cortex_a57.S		\
 				lib/cpus/aarch64/cortex_a72.S		\
 				plat/arm/board/juno/juno_bl1_setup.c	\
-				plat/arm/board/juno/juno_err.c		\
 				${JUNO_INTERCONNECT_SOURCES}		\
 				${JUNO_SECURITY_SOURCES}
 
-BL2_SOURCES		+=	plat/arm/board/juno/juno_err.c		\
-				plat/arm/board/juno/juno_bl2_setup.c	\
+BL2_SOURCES		+=	plat/arm/board/juno/juno_bl2_setup.c	\
 				${JUNO_SECURITY_SOURCES}
 
 BL2U_SOURCES		+=	${JUNO_SECURITY_SOURCES}

plat/arm/common/arm_bl1_setup.c

@@ -145,3 +145,15 @@ void bl1_plat_prepare_exit(entry_point_info_t *ep_info)
 	sev();
 #endif
 }
+
+/*******************************************************************************
+ * The following function checks if Firmware update is needed,
+ * by checking if TOC in FIP image is valid or not.
+ ******************************************************************************/
+unsigned int bl1_plat_get_next_image_id(void)
+{
+	if (!arm_io_is_toc_valid())
+		return NS_BL1U_IMAGE_ID;
+
+	return BL2_IMAGE_ID;
+}

plat/arm/common/arm_common.mk

@@ -137,6 +137,7 @@ BL1_SOURCES		+=	drivers/arm/sp805/sp805.c			\
 				drivers/io/io_storage.c				\
 				plat/arm/common/arm_bl1_setup.c			\
 				plat/arm/common/arm_dyn_cfg.c			\
+				plat/arm/common/arm_err.c			\
 				plat/arm/common/arm_io_storage.c
 ifdef EL3_PAYLOAD_BASE
 # Need the arm_program_trusted_mailbox() function to release secondary CPUs from
@@ -150,6 +151,7 @@ BL2_SOURCES		+=	drivers/delay_timer/delay_timer.c		\
 				drivers/io/io_memmap.c				\
 				drivers/io/io_storage.c				\
 				plat/arm/common/arm_bl2_setup.c			\
+				plat/arm/common/arm_err.c			\
 				plat/arm/common/arm_io_storage.c
 
 # Add `libfdt` and Arm common helpers required for Dynamic Config

plat/arm/common/arm_err.c

@@ -6,6 +6,7 @@
 
 #include <arch_helpers.h>
 #include <board_arm_def.h>
+#include <console.h>
 #include <debug.h>
 #include <errno.h>
 #include <norflash.h>
@@ -13,7 +14,7 @@
 #include <stdint.h>
 
 /*
- * FVP error handler
+ * ARM common implementation for error handler
  */
 void plat_error_handler(int err)
 {
@@ -26,7 +27,7 @@ void plat_error_handler(int err)
 		INFO("Erasing FIP ToC from flash...\n");
 		nor_unlock(PLAT_ARM_FIP_BASE);
 		ret = nor_word_program(PLAT_ARM_FIP_BASE, 0);
-		if (ret) {
+		if (ret != 0) {
 			ERROR("Cannot erase ToC\n");
 		} else {
 			INFO("Done\n");
@@ -37,6 +38,8 @@ void plat_error_handler(int err)
 		break;
 	}
 
+	(void)console_flush();
+
 	/* Loop until the watchdog resets the system */
 	for (;;)
 		wfi();