From 2633dfebdbeb13b802b858a6a4a15c6e16551418 Mon Sep 17 00:00:00 2001
From: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Date: Fri, 24 Nov 2017 16:43:15 +0000
Subject: [PATCH 1/2] SPM: Remove ARM platforms header from SPM common code

Common code mustn't include ARM platforms headers.

Change-Id: Ib6e4f5a77c2d095e6e8c3ad89c89cb1959cd3043
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
---
 plat/arm/board/fvp/include/platform_def.h     | 1 +
 services/std_svc/spm/secure_partition_setup.c | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index 310db7b62b..7080fc302e 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -8,6 +8,7 @@
 #define __PLATFORM_DEF_H__
 
 #include <arm_def.h>
+#include <arm_spm_def.h>
 #include <board_arm_def.h>
 #include <common_def.h>
 #include <tzc400.h>
diff --git a/services/std_svc/spm/secure_partition_setup.c b/services/std_svc/spm/secure_partition_setup.c
index 6f4b057136..30a82e1d8d 100644
--- a/services/std_svc/spm/secure_partition_setup.c
+++ b/services/std_svc/spm/secure_partition_setup.c
@@ -6,7 +6,6 @@
 
 #include <arch.h>
 #include <arch_helpers.h>
-#include <arm_spm_def.h>
 #include <assert.h>
 #include <common_def.h>
 #include <context.h>

From 7d44ac1efff956dc19a074fa02703c30bd8d3ca8 Mon Sep 17 00:00:00 2001
From: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Date: Wed, 22 Nov 2017 12:00:44 +0000
Subject: [PATCH 2/2] fvp: Disable SYSTEM_SUSPEND when ARM_BL31_IN_DRAM

After returning from SYSTEM_SUSPEND state, BL31 reconfigures the
TrustZone Controller during the boot sequence. If BL31 is placed in
TZC-secured DRAM, it will try to change the permissions of the memory it
is being executed from, causing an exception.

The solution is to disable SYSTEM_SUSPEND when the Trusted Firmware has
been compiled with ``ARM_BL31_IN_DRAM=1``.

Change-Id: I96dc50decaacd469327c6b591d07964726e58db4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
---
 plat/arm/board/fvp/fvp_pm.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/plat/arm/board/fvp/fvp_pm.c b/plat/arm/board/fvp/fvp_pm.c
index 13bd8f2377..72845843d8 100644
--- a/plat/arm/board/fvp/fvp_pm.c
+++ b/plat/arm/board/fvp/fvp_pm.c
@@ -402,12 +402,20 @@ plat_psci_ops_t plat_arm_psci_pm_ops = {
 	.validate_ns_entrypoint = arm_validate_psci_entrypoint,
 	.translate_power_state_by_mpidr = fvp_translate_power_state_by_mpidr,
 	.get_node_hw_state = fvp_node_hw_state,
+#if !ARM_BL31_IN_DRAM
+	/*
+	 * The TrustZone Controller is set up during the warmboot sequence after
+	 * resuming the CPU from a SYSTEM_SUSPEND. If BL31 is located in SRAM
+	 * this is  not a problem but, if it is in TZC-secured DRAM, it tries to
+	 * reconfigure the same memory it is running on, causing an exception.
+	 */
 	.get_sys_suspend_power_state = fvp_get_sys_suspend_power_state,
-/*
- * mem_protect is not supported in RESET_TO_BL31 and RESET_TO_SP_MIN,
- * as that would require mapping in all of NS DRAM into BL31 or BL32.
- */
+#endif
 #if !RESET_TO_BL31 && !RESET_TO_SP_MIN
+	/*
+	 * mem_protect is not supported in RESET_TO_BL31 and RESET_TO_SP_MIN,
+	 * as that would require mapping in all of NS DRAM into BL31 or BL32.
+	 */
 	.mem_protect_chk	= arm_psci_mem_protect_chk,
 	.read_mem_protect	= arm_psci_read_mem_protect,
 	.write_mem_protect	= arm_nor_psci_write_mem_protect,