Merge "docs: add instructions for PDF generation of docs" into integration
diff --git a/lib/cpus/aarch32/cortex_a12.S b/lib/cpus/aarch32/cortex_a12.S
index 089c089..8eec27c 100644
--- a/lib/cpus/aarch32/cortex_a12.S
+++ b/lib/cpus/aarch32/cortex_a12.S
@@ -64,6 +64,10 @@
bl plat_disable_acp
+ /* Flush L2 caches */
+ mov r0, #DC_OP_CISW
+ bl dcsw_op_level2
+
/* Exit cluster coherency */
pop {r12, lr}
b cortex_a12_disable_smp
diff --git a/lib/cpus/aarch32/cortex_a15.S b/lib/cpus/aarch32/cortex_a15.S
index 01323f5..b41676d 100644
--- a/lib/cpus/aarch32/cortex_a15.S
+++ b/lib/cpus/aarch32/cortex_a15.S
@@ -163,6 +163,10 @@
bl plat_disable_acp
+ /* Flush L2 caches */
+ mov r0, #DC_OP_CISW
+ bl dcsw_op_level2
+
/* Exit cluster coherency */
pop {r12, lr}
b cortex_a15_disable_smp
diff --git a/lib/cpus/aarch32/cortex_a17.S b/lib/cpus/aarch32/cortex_a17.S
index 8d76ab2..1877570 100644
--- a/lib/cpus/aarch32/cortex_a17.S
+++ b/lib/cpus/aarch32/cortex_a17.S
@@ -159,6 +159,10 @@
bl plat_disable_acp
+ /* Flush L2 caches */
+ mov r0, #DC_OP_CISW
+ bl dcsw_op_level2
+
/* Exit cluster coherency */
pop {r12, lr}
b cortex_a17_disable_smp
diff --git a/lib/cpus/aarch32/cortex_a7.S b/lib/cpus/aarch32/cortex_a7.S
index 71542d5..4842ca6 100644
--- a/lib/cpus/aarch32/cortex_a7.S
+++ b/lib/cpus/aarch32/cortex_a7.S
@@ -64,6 +64,10 @@
bl plat_disable_acp
+ /* Flush L2 caches */
+ mov r0, #DC_OP_CISW
+ bl dcsw_op_level2
+
/* Exit cluster coherency */
pop {r12, lr}
b cortex_a7_disable_smp
diff --git a/plat/xilinx/common/include/pm_svc_main.h b/plat/xilinx/common/include/pm_svc_main.h
index 1a27bdf..4cf7727 100644
--- a/plat/xilinx/common/include/pm_svc_main.h
+++ b/plat/xilinx/common/include/pm_svc_main.h
@@ -10,6 +10,26 @@
#include <pm_common.h>
+/******************************************************************************/
+/**
+ * SECURE_REDUNDANT_CALL() - Adds redundancy to the function call. This is to
+ * avoid glitches which can skip a function call
+ * and cause altering of the code flow in security
+ * critical functions.
+ * @status: Variable which holds the return value of function executed
+ * @status_tmp: Variable which holds the return value of redundant function
+ * call executed
+ * @function: Function to be executed
+ *
+ * Return: None
+ *
+ ******************************************************************************/
+#define SECURE_REDUNDANT_CALL(status, status_tmp, function, ...) \
+ { \
+ status = function(__VA_ARGS__); \
+ status_tmp = function(__VA_ARGS__); \
+ }
+
int32_t pm_setup(void);
uint64_t pm_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, uint64_t x3,
uint64_t x4, const void *cookie, void *handle,
diff --git a/plat/xilinx/common/pm_service/pm_svc_main.c b/plat/xilinx/common/pm_service/pm_svc_main.c
index fb32f2a..1e5808c 100644
--- a/plat/xilinx/common/pm_service/pm_svc_main.c
+++ b/plat/xilinx/common/pm_service/pm_svc_main.c
@@ -23,6 +23,7 @@
#include "pm_api_sys.h"
#include "pm_client.h"
#include "pm_ipi.h"
+#include "pm_svc_main.h"
#define MODE 0x80000000U
@@ -399,8 +400,9 @@
{
uintptr_t ret;
uint32_t pm_arg[PAYLOAD_ARG_CNT] = {0};
- uint32_t security_flag = SECURE_FLAG;
+ uint32_t security_flag = NON_SECURE_FLAG;
uint32_t api_id;
+ bool status = false, status_tmp = false;
/* Handle case where PM wasn't initialized properly */
if (pm_up == false) {
@@ -408,11 +410,14 @@
}
/*
- * Mark BIT24 payload (i.e 1st bit of pm_arg[3] ) as non-secure (1)
- * if smc called is non secure
+ * Mark BIT24 payload (i.e 1st bit of pm_arg[3] ) as secure (0)
+ * if smc called is secure
+ *
+ * Add redundant macro call to immune the code from glitches
*/
- if (is_caller_non_secure(flags) != 0) {
- security_flag = NON_SECURE_FLAG;
+ SECURE_REDUNDANT_CALL(status, status_tmp, is_caller_secure, flags);
+ if ((status != false) && (status_tmp != false)) {
+ security_flag = SECURE_FLAG;
}
pm_arg[0] = (uint32_t)x1;
diff --git a/plat/xilinx/versal/versal_ipi.c b/plat/xilinx/versal/versal_ipi.c
index cdee6b5..74b082d 100644
--- a/plat/xilinx/versal/versal_ipi.c
+++ b/plat/xilinx/versal/versal_ipi.c
@@ -20,7 +20,7 @@
[IPI_ID_PMC] = {
.ipi_bit_mask = PMC_IPI_TRIG_BIT,
.ipi_reg_base = PMC_REG_BASE,
- .secure_only = 0U,
+ .secure_only = IPI_SECURE_MASK,
},
/* A72 IPI */
diff --git a/plat/xilinx/versal_net/versal_net_ipi.c b/plat/xilinx/versal_net/versal_net_ipi.c
index 0943c62..e8d8fb7 100644
--- a/plat/xilinx/versal_net/versal_net_ipi.c
+++ b/plat/xilinx/versal_net/versal_net_ipi.c
@@ -26,7 +26,7 @@
[IPI_ID_PMC] = {
.ipi_bit_mask = PMC_IPI_TRIG_BIT,
.ipi_reg_base = IPI0_REG_BASE,
- .secure_only = 0,
+ .secure_only = IPI_SECURE_MASK,
},
/* RPU0 IPI */