Merge changes I0e012f3f,I14ad16e8 into integration
* changes:
fix(rss): fix bound check during protocol selection
fix(mhuv2): provide only the usable size of memory
diff --git a/docs/components/realm-management-extension.rst b/docs/components/realm-management-extension.rst
index f228e6b..39186b4 100644
--- a/docs/components/realm-management-extension.rst
+++ b/docs/components/realm-management-extension.rst
@@ -237,7 +237,7 @@
-C bp.ve_sysregs.exit_on_shutdown=1 \
-C cache_state_modelled=1 \
-C bp.dram_size=4 \
- -C bp.secure_memory=1 \
+ -C bp.secure_memory=0 \
-C pci.pci_smmuv3.mmu.SMMU_ROOT_IDR0=3 \
-C pci.pci_smmuv3.mmu.SMMU_ROOT_IIDR=0x43B \
-C pci.pci_smmuv3.mmu.root_register_page_offset=0x20000 \
diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst
index 281f35f..a5ca377 100644
--- a/docs/design/auth-framework.rst
+++ b/docs/design/auth-framework.rst
@@ -1018,4 +1018,4 @@
*Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.*
-.. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 652c142..abd9f87 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -872,6 +872,10 @@
For Cortex-A715, the following errata build flags are defined :
+- ``ERRATA_A715_2561034``: This applies errata 2561034 workaround to
+ Cortex-A715 CPU. This needs to be enabled only for revision r1p0.
+ It is fixed in r1p1.
+
- ``ERRATA_A715_2701951``: This applies erratum 2701951 workaround to Cortex-A715
CPU and affects system configurations that do not use an ARM interconnect
IP. This needs to be applied to revisions r0p0, r1p0 and r1p1. It is fixed
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index 24efabe..bddff16 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -2866,7 +2866,7 @@
.. _PSCI: https://developer.arm.com/documentation/den0022/latest/
.. _Arm ARM: https://developer.arm.com/docs/ddi0487/latest
.. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
-.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT) Armv8-A (ARM DEN0006D): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT) Armv8-A (ARM DEN0006D): https://developer.arm.com/docs/den0006/latest
.. _Arm Confidential Compute Architecture (Arm CCA): https://www.arm.com/why-arm/architecture/security-features/arm-confidential-compute-architecture
.. _AArch64 exception vector table: https://developer.arm.com/documentation/100933/0100/AArch64-exception-vector-table
diff --git a/docs/design/trusted-board-boot.rst b/docs/design/trusted-board-boot.rst
index fed202a..51326f2 100644
--- a/docs/design/trusted-board-boot.rst
+++ b/docs/design/trusted-board-boot.rst
@@ -261,4 +261,4 @@
*Copyright (c) 2015-2020, Arm Limited and Contributors. All rights reserved.*
.. _X.509 v3: https://tools.ietf.org/rfc/rfc5280.txt
-.. _Trusted Board Boot Requirements (TBBR): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements (TBBR): https://developer.arm.com/docs/den0006/latest
diff --git a/docs/index.rst b/docs/index.rst
index a7a5993..cdb237a 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -91,7 +91,7 @@
.. _Armv7-A and Armv8-A: https://developer.arm.com/products/architecture/a-profile
.. _Secure Monitor: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php
.. _Power State Coordination Interface (PSCI): https://developer.arm.com/documentation/den0022/latest/
-.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest
.. _System Control and Management Interface (SCMI): http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
.. _Software Delegated Exception Interface (SDEI): http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
.. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
diff --git a/include/lib/cpus/aarch64/cortex_a715.h b/include/lib/cpus/aarch64/cortex_a715.h
index 950d02f..366894d 100644
--- a/include/lib/cpus/aarch64/cortex_a715.h
+++ b/include/lib/cpus/aarch64/cortex_a715.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,11 @@
#define CORTEX_A715_BHB_LOOP_COUNT U(38)
/*******************************************************************************
+ * CPU Auxiliary Control register 2 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A715_CPUACTLR2_EL1 S3_0_C15_C1_1
+
+/*******************************************************************************
* CPU Extended Control register specific definitions
******************************************************************************/
#define CORTEX_A715_CPUECTLR_EL1 S3_0_C15_C1_4
diff --git a/include/lib/smccc.h b/include/lib/smccc.h
index 8fd6093..c493105 100644
--- a/include/lib/smccc.h
+++ b/include/lib/smccc.h
@@ -111,6 +111,8 @@
#define SMC_OK ULL(0)
#define SMC_UNK -1
#define SMC_PREEMPTED -2 /* Not defined by the SMCCC */
+#define SMC_DENIED -3 /* Not defined by the SMCCC */
+#define SMC_INVALID_PARAM -4 /* Not defined by the SMCCC */
/* Return codes for Arm Architecture Service SMC calls */
#define SMC_ARCH_CALL_SUCCESS 0
diff --git a/include/plat/arm/common/arm_sip_svc.h b/include/plat/arm/common/arm_sip_svc.h
index 266092e..a6fd42b 100644
--- a/include/plat/arm/common/arm_sip_svc.h
+++ b/include/plat/arm/common/arm_sip_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019,2021-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019,2021-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -42,6 +42,16 @@
#define ARM_SIP_SET_INTERRUPT_PENDING U(0x82000100)
#endif
+/**
+ * Arm SiP Service Call for the SPM to leverage RME to protect a give memory range.
+ * Protected memory range is one whose PAS was made secure.
+ * Unprotect relates to reverting a protect operation.
+ */
+#if SPMD_SPM_AT_SEL2 && ENABLE_RME
+#define PLAT_PROTECT_MEM_SMC64 0xC2000101
+#define PLAT_UNPROTECT_MEM_SMC64 0xC2000102
+#endif
+
/* SiP handler specific to each Arm platform. */
uintptr_t plat_arm_sip_handler(uint32_t smc_fid,
u_register_t x1,
diff --git a/include/services/spmd_svc.h b/include/services/spmd_svc.h
index 29dfdad..95f0707 100644
--- a/include/services/spmd_svc.h
+++ b/include/services/spmd_svc.h
@@ -34,7 +34,8 @@
uint64_t x2,
uint64_t x3,
uint64_t x4,
- void *handle);
+ void *handle,
+ uint64_t flags);
#endif /* __ASSEMBLER__ */
#endif /* SPMD_SVC_H */
diff --git a/lib/cpus/aarch64/cortex_a715.S b/lib/cpus/aarch64/cortex_a715.S
index dd4c307..0faa276 100644
--- a/lib/cpus/aarch64/cortex_a715.S
+++ b/lib/cpus/aarch64/cortex_a715.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -26,6 +26,12 @@
wa_cve_2022_23960_bhb_vector_table CORTEX_A715_BHB_LOOP_COUNT, cortex_a715
#endif /* WORKAROUND_CVE_2022_23960 */
+workaround_runtime_start cortex_a715, ERRATUM(2561034), ERRATA_A715_2561034
+ sysreg_bit_set CORTEX_A715_CPUACTLR2_EL1, BIT(26)
+workaround_runtime_end cortex_a715, ERRATUM(2561034), NO_ISB
+
+check_erratum_range cortex_a715, ERRATUM(2561034), CPU_REV(1, 0), CPU_REV(1, 0)
+
workaround_reset_start cortex_a715, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
/*
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 31430ae..dcbeba1 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -903,6 +903,10 @@
# This erratum applies to revisions r0p0, r0p1. Fixed in r0p2.
CPU_FLAG_LIST += ERRATA_V2_2801372
+# Flag to apply erratum 2561034 workaround during reset. This erratum applies
+# only to revision r1p0. It is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_A715_2561034
+
# Flag to apply erratum 2701951 workaround for non-arm interconnect ip.
# This erratum applies to revisions r0p0, r1p0, and r1p1. Its is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_A715_2701951
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index 3641c2b..7501bc4 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -57,7 +57,6 @@
ENABLE_FEAT_TWED := 2
ENABLE_FEAT_GCS := 2
ifeq (${ARCH}, aarch64)
-ifneq (${SPD}, spmd)
ifeq (${SPM_MM}, 0)
ifeq (${CTX_INCLUDE_FPREGS}, 0)
ENABLE_SME_FOR_NS := 2
@@ -66,7 +65,6 @@
endif
endif
endif
-endif
# enable unconditionally for all builds
ifeq (${ARCH}, aarch64)
diff --git a/plat/arm/common/plat_arm_sip_svc.c b/plat/arm/common/plat_arm_sip_svc.c
index b1dab16..d496d2e 100644
--- a/plat/arm/common/plat_arm_sip_svc.c
+++ b/plat/arm/common/plat_arm_sip_svc.c
@@ -1,10 +1,11 @@
/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stdint.h>
+#include <errno.h>
#include <common/debug.h>
#include <common/runtime_svc.h>
@@ -12,10 +13,73 @@
#include <plat/arm/common/arm_sip_svc.h>
#include <plat/common/platform.h>
+#if ENABLE_RME && SPMD_SPM_AT_SEL2
+#include <lib/gpt_rme/gpt_rme.h>
+#endif
+
#if ENABLE_SPMD_LP
#include <services/el3_spmd_logical_sp.h>
#endif
+#if (ENABLE_RME == 1) && (defined(SPD_spmd) && SPMD_SPM_AT_SEL2 == 1)
+static uint64_t plat_protect_memory(bool protect,
+ bool secure_origin,
+ const uint64_t base,
+ const size_t size,
+ void *handle)
+{
+ uint64_t ret = SMC_INVALID_PARAM;
+ uint64_t last_updated = 0;
+
+ if (!secure_origin) {
+ SMC_RET1(handle, SMC_UNK);
+ /* Shall not be reached. */
+ }
+
+ if ((base % PAGE_SIZE_4KB) != 0U &&
+ (size % PAGE_SIZE_4KB) != 0U) {
+ VERBOSE("Base address must be aligned to 4k.\n");
+ SMC_RET1(handle, SMC_INVALID_PARAM);
+ /* Shall not be reached. */
+ }
+
+ if ((ULONG_MAX - base) < size) {
+ VERBOSE("Base + Size results in overflow.\n");
+ SMC_RET1(handle, SMC_INVALID_PARAM);
+ /* Shall not be reached. */
+ }
+
+ for (uint64_t it = base; it < (base + size); it += PAGE_SIZE_4KB) {
+ /*
+ * If protect is true, add memory to secure PAS.
+ * Else unprotect it, making part of non-secure PAS.
+ */
+ ret = protect
+ ? gpt_delegate_pas(it, PAGE_SIZE_4KB,
+ SMC_FROM_SECURE)
+ : gpt_undelegate_pas(it, PAGE_SIZE_4KB,
+ SMC_FROM_SECURE);
+
+ switch (ret) {
+ case 0:
+ last_updated = it;
+ break;
+ case -EINVAL:
+ SMC_RET2(handle, SMC_INVALID_PARAM, last_updated);
+ break; /* Shall not be reached. */
+ case -EPERM:
+ SMC_RET2(handle, SMC_DENIED, last_updated);
+ break; /* Shall not be reached. */
+ default:
+ ERROR("Unexpected return\n");
+ panic();
+ }
+ }
+
+ SMC_RET1(handle, SMC_OK);
+}
+#endif /* ENABLE_RME && SPMD_SPM_AT_SEL2 */
+
uintptr_t plat_arm_sip_handler(uint32_t smc_fid,
u_register_t x1,
u_register_t x2,
@@ -25,13 +89,14 @@
void *handle,
u_register_t flags)
{
-#if PLAT_TEST_SPM
bool secure_origin;
/* Determine which security state this SMC originated from */
secure_origin = is_caller_secure(flags);
+ (void) secure_origin;
switch (smc_fid) {
+#if PLAT_TEST_SPM
case ARM_SIP_SET_INTERRUPT_PENDING:
if (!secure_origin) {
SMC_RET1(handle, SMC_UNK);
@@ -42,10 +107,19 @@
SMC_RET1(handle, SMC_OK);
break; /* Not reached */
- default:
+#endif
+
+#if (ENABLE_RME == 1) && (defined(SPD_spmd) && SPMD_SPM_AT_SEL2 == 1)
+ case PLAT_PROTECT_MEM_SMC64:
+ INFO("Sip Call - Protect memory\n");
+ return plat_protect_memory(true, secure_origin, x1, x2, handle);
break;
- }
+ case PLAT_UNPROTECT_MEM_SMC64:
+ INFO("Sip Call - Unprotect memory\n");
+ return plat_protect_memory(false, secure_origin, x1, x2, handle);
+ break;
#endif
+ }
#if ENABLE_SPMD_LP
return plat_spmd_logical_sp_smc_handler(smc_fid, x1, x2, x3, x4,
diff --git a/readme.rst b/readme.rst
index 148d477..171b32b 100644
--- a/readme.rst
+++ b/readme.rst
@@ -39,7 +39,7 @@
.. _Secure Monitor: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php
.. _Power State Coordination Interface (PSCI): PSCI_
.. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf
-.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest
.. _SMC Calling Convention: http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf
.. _System Control and Management Interface (SCMI): SCMI_
.. _SCMI: http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
diff --git a/services/std_svc/errata_abi/errata_abi_main.c b/services/std_svc/errata_abi/errata_abi_main.c
index a2669d2..811adcb 100644
--- a/services/std_svc/errata_abi/errata_abi_main.c
+++ b/services/std_svc/errata_abi/errata_abi_main.c
@@ -435,9 +435,10 @@
{
.cpu_partnumber = CORTEX_A715_MIDR,
.cpu_errata_list = {
- [0] = {2701951, 0x00, 0x11, ERRATA_A715_2701951, \
+ [0] = {2561034, 0x10, 0x10, ERRATA_A715_2561034},
+ [1] = {2701951, 0x00, 0x11, ERRATA_A715_2701951, \
ERRATA_NON_ARM_INTERCONNECT},
- [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [2 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A715_H_INC */
diff --git a/services/std_svc/spm/el3_spmc/spmc_main.c b/services/std_svc/spm/el3_spmc/spmc_main.c
index 9cfcd87..247e2c8 100644
--- a/services/std_svc/spm/el3_spmc/spmc_main.c
+++ b/services/std_svc/spm/el3_spmc/spmc_main.c
@@ -234,7 +234,7 @@
/* If we originated in the normal world then switch contexts. */
else if (!secure_origin && ffa_is_secure_world_id(dst_id)) {
return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2,
- x3, x4, handle);
+ x3, x4, handle, flags);
} else {
/* Unknown State. */
panic();
@@ -2490,9 +2490,11 @@
/*
* Forward the interrupt to the S-EL1 SP. The interrupt ID is not
* populated as the SP can determine this by itself.
+ * The flags field is forced to 0 mainly to pass the SVE hint bit
+ * cleared for consumption by the lower EL.
*/
return spmd_smc_switch_state(FFA_INTERRUPT, false,
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
- handle);
+ handle, 0ULL);
}
diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
index 5d19868..7572adf 100644
--- a/services/std_svc/spmd/spmd_main.c
+++ b/services/std_svc/spmd/spmd_main.c
@@ -667,11 +667,22 @@
uint64_t x2,
uint64_t x3,
uint64_t x4,
- void *handle)
+ void *handle,
+ uint64_t flags)
{
unsigned int secure_state_in = (secure_origin) ? SECURE : NON_SECURE;
unsigned int secure_state_out = (!secure_origin) ? SECURE : NON_SECURE;
+#if SPMD_SPM_AT_SEL2
+ if ((secure_state_out == SECURE) && (is_sve_hint_set(flags) == true)) {
+ /*
+ * Set the SVE hint bit in x0 and pass to the lower secure EL,
+ * if it was set by the caller.
+ */
+ smc_fid |= (FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT);
+ }
+#endif
+
/* Save incoming security state */
#if SPMD_SPM_AT_SEL2
if (secure_state_in == NON_SECURE) {
@@ -746,8 +757,9 @@
return spmc_smc_handler(smc_fid, secure_origin, x1, x2, x3, x4,
cookie, handle, flags);
}
+
return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2, x3, x4,
- handle);
+ handle, flags);
}
@@ -844,7 +856,7 @@
unsigned int linear_id = plat_my_core_pos();
spmd_spm_core_context_t *ctx = spmd_get_context();
bool secure_origin;
- int32_t ret;
+ int ret;
uint32_t input_version;
/* Determine which security state this SMC originated from */