Merge "fix(mmc): initialises response buffer with zeros" into integration
diff --git a/Makefile b/Makefile
index 8e2fd81..1cce234 100644
--- a/Makefile
+++ b/Makefile
@@ -151,69 +151,6 @@
DOCS_PATH ?= docs
################################################################################
-# Process BRANCH_PROTECTION value and set
-# Pointer Authentication and Branch Target Identification flags
-################################################################################
-ifeq (${BRANCH_PROTECTION},0)
- # Default value turns off all types of branch protection
- BP_OPTION := none
-else ifneq (${ARCH},aarch64)
- $(error BRANCH_PROTECTION requires AArch64)
-else ifeq (${BRANCH_PROTECTION},1)
- # Enables all types of branch protection features
- BP_OPTION := standard
- ENABLE_BTI := 1
- ENABLE_PAUTH := 1
-else ifeq (${BRANCH_PROTECTION},2)
- # Return address signing to its standard level
- BP_OPTION := pac-ret
- ENABLE_PAUTH := 1
-else ifeq (${BRANCH_PROTECTION},3)
- # Extend the signing to include leaf functions
- BP_OPTION := pac-ret+leaf
- ENABLE_PAUTH := 1
-else ifeq (${BRANCH_PROTECTION},4)
- # Turn on branch target identification mechanism
- BP_OPTION := bti
- ENABLE_BTI := 1
-else
- $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
-endif #(BRANCH_PROTECTION)
-
-################################################################################
-# RME dependent flags configuration
-################################################################################
-# FEAT_RME
-ifeq (${ENABLE_RME},1)
- # RME doesn't support PIE
- ifneq (${ENABLE_PIE},0)
- $(error ENABLE_RME does not support PIE)
- endif
-
- # RME doesn't support BRBE
- ifneq (${ENABLE_BRBE_FOR_NS},0)
- $(error ENABLE_RME does not support BRBE.)
- endif
-
- # RME requires AARCH64
- ifneq (${ARCH},aarch64)
- $(error ENABLE_RME requires AArch64)
- endif
-
- # RME requires el2 context to be saved for now.
- CTX_INCLUDE_EL2_REGS := 1
- CTX_INCLUDE_AARCH32_REGS := 0
- ARM_ARCH_MAJOR := 8
- ARM_ARCH_MINOR := 5
- ENABLE_FEAT_ECV = 1
- ENABLE_FEAT_FGT = 1
- CTX_INCLUDE_PAUTH_REGS := 1
-
- # RME enables CSV2_2 extension by default.
- ENABLE_FEAT_CSV2_2 = 1
-endif #(FEAT_RME)
-
-################################################################################
# Compiler Configuration based on ARCH_MAJOR and ARCH_MINOR flags
################################################################################
ifeq (${ARM_ARCH_MAJOR},7)
@@ -228,39 +165,6 @@
################################################################################
arch-features = ${ARM_ARCH_FEATURE}
-####################################################
-# Enable required options for Memory Stack Tagging.
-####################################################
-
-# Memory tagging is supported in architecture Armv8.5-A AArch64 and onwards
-ifeq ($(ARCH), aarch64)
- # Check if revision is greater than or equal to 8.5
- ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
- mem_tag_arch_support = yes
- endif
-endif #(ARCH=aarch64)
-
-# Currently, these options are enabled only for clang and armclang compiler.
-ifeq (${SUPPORT_STACK_MEMTAG},yes)
- ifdef mem_tag_arch_support
- # Check for armclang and clang compilers
- ifneq ( ,$(filter $(notdir $(CC)),armclang clang))
- # Add "memtag" architecture feature modifier if not specified
- ifeq ( ,$(findstring memtag,$(arch-features)))
- arch-features := $(arch-features)+memtag
- endif # memtag
- ifeq ($(notdir $(CC)),armclang)
- TF_CFLAGS += -mmemtag-stack
- else ifeq ($(notdir $(CC)),clang)
- TF_CFLAGS += -fsanitize=memtag
- endif # armclang
- endif
- else
- $(error "Error: stack memory tagging is not supported for \
- architecture ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a")
- endif #(mem_tag_arch_support)
-endif #(SUPPORT_STACK_MEMTAG)
-
# Set the compiler's architecture feature modifiers
ifneq ($(arch-features), none)
# Strip "none+" from arch-features
@@ -334,10 +238,6 @@
TF_CFLAGS_aarch32 += -mno-unaligned-access
TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align
-ifneq (${BP_OPTION},none)
- TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION}
-endif #(BP_OPTION)
-
ASFLAGS += $(march-directive)
##############################################################################
@@ -501,6 +401,14 @@
-x assembler-with-cpp $(DEFINES)
################################################################################
+# Setup ARCH_MAJOR/MINOR before parsing arch_features.
+################################################################################
+ifeq (${ENABLE_RME},1)
+ ARM_ARCH_MAJOR := 8
+ ARM_ARCH_MINOR := 6
+endif
+
+################################################################################
# Common sources and include directories
################################################################################
include ${MAKE_HELPERS_DIRECTORY}arch_features.mk
@@ -519,13 +427,6 @@
plat/common/${ARCH}/platform_helpers.S \
${COMPILER_RT_SRCS}
-# Pointer Authentication sources
-ifeq (${ENABLE_PAUTH}, 1)
-# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the
-# Pauth support. As it's not secure, it must be reimplemented for real platforms
- BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S
-endif
-
ifeq ($(notdir $(CC)),armclang)
BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S
endif
@@ -544,6 +445,104 @@
include common/backtrace/backtrace.mk
################################################################################
+# Process BRANCH_PROTECTION value and set
+# Pointer Authentication and Branch Target Identification flags
+################################################################################
+ifeq (${BRANCH_PROTECTION},0)
+ # Default value turns off all types of branch protection
+ BP_OPTION := none
+else ifneq (${ARCH},aarch64)
+ $(error BRANCH_PROTECTION requires AArch64)
+else ifeq (${BRANCH_PROTECTION},1)
+ # Enables all types of branch protection features
+ BP_OPTION := standard
+ ENABLE_BTI := 1
+ ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},2)
+ # Return address signing to its standard level
+ BP_OPTION := pac-ret
+ ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},3)
+ # Extend the signing to include leaf functions
+ BP_OPTION := pac-ret+leaf
+ ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},4)
+ # Turn on branch target identification mechanism
+ BP_OPTION := bti
+ ENABLE_BTI := 1
+else
+ $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
+endif #(BRANCH_PROTECTION)
+
+ifeq ($(ENABLE_PAUTH),1)
+ CTX_INCLUDE_PAUTH_REGS := 1
+endif
+ifneq (${BP_OPTION},none)
+ TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION}
+endif #(BP_OPTION)
+
+# Pointer Authentication sources
+ifeq (${ENABLE_PAUTH}, 1)
+# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the
+# Pauth support. As it's not secure, it must be reimplemented for real platforms
+ BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S
+endif
+
+####################################################
+# Enable required options for Memory Stack Tagging.
+####################################################
+
+# Currently, these options are enabled only for clang and armclang compiler.
+ifeq (${SUPPORT_STACK_MEMTAG},yes)
+ ifdef mem_tag_arch_support
+ # Check for armclang and clang compilers
+ ifneq ( ,$(filter $(notdir $(CC)),armclang clang))
+ # Add "memtag" architecture feature modifier if not specified
+ ifeq ( ,$(findstring memtag,$(arch-features)))
+ arch-features := $(arch-features)+memtag
+ endif # memtag
+ ifeq ($(notdir $(CC)),armclang)
+ TF_CFLAGS += -mmemtag-stack
+ else ifeq ($(notdir $(CC)),clang)
+ TF_CFLAGS += -fsanitize=memtag
+ endif # armclang
+ endif
+ else
+ $(error "Error: stack memory tagging is not supported for \
+ architecture ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a")
+ endif #(mem_tag_arch_support)
+endif #(SUPPORT_STACK_MEMTAG)
+
+################################################################################
+# RME dependent flags configuration, Enable optional features for RME.
+################################################################################
+# FEAT_RME
+ifeq (${ENABLE_RME},1)
+ # RME doesn't support PIE
+ ifneq (${ENABLE_PIE},0)
+ $(error ENABLE_RME does not support PIE)
+ endif
+
+ # RME doesn't support BRBE
+ ifneq (${ENABLE_BRBE_FOR_NS},0)
+ $(error ENABLE_RME does not support BRBE.)
+ endif
+
+ # RME requires AARCH64
+ ifneq (${ARCH},aarch64)
+ $(error ENABLE_RME requires AArch64)
+ endif
+
+ # RME requires el2 context to be saved for now.
+ CTX_INCLUDE_EL2_REGS := 1
+ CTX_INCLUDE_AARCH32_REGS := 0
+ CTX_INCLUDE_PAUTH_REGS := 1
+
+ # RME enables CSV2_2 extension by default.
+ ENABLE_FEAT_CSV2_2 = 1
+endif #(FEAT_RME)
+
+################################################################################
# Generic definitions
################################################################################
include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index 447d108..6042053 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -501,8 +501,8 @@
^^^^^^^^^^^^^^^^^^^^^^^^^^^
:|M|: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
:|G|: `abdellatif-elkhlifi`_
-:|M|: Vishnu Banavath <vishnu.banavath@arm.com>
-:|G|: `vishnu-banavath`_
+:|M|: Xueliang Zhong <xueliang.zhong@arm.com>
+:|G|: `xueliang-zhong-arm`_
:|F|: plat/arm/board/corstone700
:|F|: plat/arm/board/a5ds
:|F|: plat/arm/board/corstone1000
@@ -1027,3 +1027,4 @@
.. _hilamirandakuzi1: https://github.com/hilamirandakuzi1
.. _rutigl: https://github.com/rutigl
.. _avifishman: https://github.com/avifishman
+.. _xueliang-zhong-arm: https://github.com/xueliang-zhong-arm
diff --git a/docs/plat/rpi3.rst b/docs/plat/rpi3.rst
index 38c3dfa..5d97a88 100644
--- a/docs/plat/rpi3.rst
+++ b/docs/plat/rpi3.rst
@@ -296,11 +296,6 @@
address by changing the file ``armstub8.bin``, so there's no point in using
TF-A in this case.
-- ``MULTI_CONSOLE_API=0``: The multi console API must be enabled. Note that the
- crash console uses the internal 16550 driver functions directly in order to be
- able to print error messages during early crashes before setting up the
- multi console API.
-
Building the firmware for kernels that don't support PSCI
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst
index 5a017ce..f612e1c 100644
--- a/docs/porting-guide.rst
+++ b/docs/porting-guide.rst
@@ -3463,6 +3463,15 @@
to ``no``. If any of the options ``EL3_PAYLOAD_BASE`` or ``PRELOADED_BL33_BASE``
are used, this flag will be set to ``no`` automatically.
+- **ARM_ARCH_MAJOR and ARM_ARCH_MINOR**
+ By default, ARM_ARCH_MAJOR.ARM_ARCH_MINOR is set to 8.0 in ``defaults.mk``,
+ if the platform makefile/build defines or uses the correct ARM_ARCH_MAJOR and
+ ARM_ARCH_MINOR then mandatory Architectural features available for that Arch
+ version will be enabled by default and any optional Arch feature supported by
+ the Architecture and available in TF-A can be enabled from platform specific
+ makefile. Look up to ``arch_features.mk`` for details pertaining to mandatory
+ and optional Arch specific features.
+
Platform include paths
----------------------
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index 105dc05..14c3172 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -150,8 +150,8 @@
const auth_img_desc_t *img_desc,
void *img, unsigned int img_len)
{
- void *data_ptr, *pk_ptr, *pk_plat_ptr, *sig_ptr, *sig_alg_ptr, *pk_oid;
- unsigned int data_len, pk_len, pk_plat_len, sig_len, sig_alg_len;
+ void *data_ptr, *pk_ptr, *cnv_pk_ptr, *pk_plat_ptr, *sig_ptr, *sig_alg_ptr, *pk_oid;
+ unsigned int data_len, pk_len, cnv_pk_len, pk_plat_len, sig_len, sig_alg_len;
unsigned int flags = 0;
int rc = 0;
@@ -210,14 +210,14 @@
* platform may store the hash of a prefixed,
* suffixed or modified pk
*/
- rc = crypto_mod_convert_pk(pk_ptr, pk_len, &pk_ptr, &pk_len);
+ rc = crypto_mod_convert_pk(pk_ptr, pk_len, &cnv_pk_ptr, &cnv_pk_len);
return_if_error(rc);
/*
* The hash of the certificate's public key must match
* the hash of the ROTPK.
*/
- rc = crypto_mod_verify_hash(pk_ptr, pk_len,
+ rc = crypto_mod_verify_hash(cnv_pk_ptr, cnv_pk_len,
pk_plat_ptr, pk_plat_len);
return_if_error(rc);
} else {
diff --git a/make_helpers/arch_features.mk b/make_helpers/arch_features.mk
index b799697..5cd89f0 100644
--- a/make_helpers/arch_features.mk
+++ b/make_helpers/arch_features.mk
@@ -1,41 +1,324 @@
#
-# Copyright (c) 2022, Arm Limited. All rights reserved.
+# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-# This file lists all the checks related to the Architectural Feature
-# Enablement flags, based on the Architectural version.
+# This file lists all of the architectural features, and initializes
+# and enables them based on the configured architecture version.
+
+# This file follows the following format:
+# - By default disable any mandatory features.
+# - Then Enable mandatory feature if applicable to an Arch Version.
+# - Disable or enable any optional feature this would be enabled/disabled if needed by platform.
+
+#
+################################################################################
+# Set mandatory features by default to zero.
+################################################################################
+#
+
+#----
+# 8.1
+#----
+
+# Flag to enable access to Privileged Access Never bit of PSTATE.
+ENABLE_FEAT_PAN := 0
+
+# Flag to enable Virtualization Host Extensions.
+ENABLE_FEAT_VHE := 0
+
+#----
+# 8.2
+#----
+
+# Enable RAS Support.
+ENABLE_FEAT_RAS := 0
+
+#----
+# 8.3
+#----
+
+# Flag to enable Pointer Authentication. Internal flag not meant for
+# direct setting. Use BRANCH_PROTECTION to enable PAUTH.
+ENABLE_PAUTH := 0
+
+# Include pointer authentication (ARMv8.3-PAuth) registers in cpu context. This
+# must be set to 1 if the platform wants to use this feature in the Secure
+# world. It is not necessary for use in the Non-secure world.
+CTX_INCLUDE_PAUTH_REGS := 0
+
+#----
+# 8.4
+#----
+
+# Flag to enable Secure EL-2 feature.
+ENABLE_FEAT_SEL2 := 0
+
+# Include nested virtualization control (Armv8.4-NV) registers in cpu context.
+# This must be set to 1 if architecture implements Nested Virtualization
+# Extension and platform wants to use this feature in the Secure world.
+CTX_INCLUDE_NEVE_REGS := 0
+
+# By default, disable trace filter control register access to lower non-secure
+# exception levels, i.e. NS-EL2, or NS-EL1 if NS-EL2 is implemented, but
+# trace filter control register access is unused if FEAT_TRF is implemented.
+ENABLE_TRF_FOR_NS := 0
+
+# Flag to enable Data Independent Timing instructions.
+ENABLE_FEAT_DIT := 0
+
+#----
+# 8.5
+#----
+
+# Flag to enable access to the Random Number Generator registers.
+ENABLE_FEAT_RNG := 0
+
+# Flag to enable Speculation Barrier Instruction.
+ENABLE_FEAT_SB := 0
+
+# Flag to enable Branch Target Identification.
+# Internal flag not meant for direct setting.
+# Use BRANCH_PROTECTION to enable BTI.
+ENABLE_BTI := 0
+
+#----
+# 8.6
+#----
+
+# Flag to enable access to the CNTPOFF_EL2 register.
+ENABLE_FEAT_ECV := 0
+
+# Flag to enable access to the HDFGRTR_EL2 register.
+ENABLE_FEAT_FGT := 0
+
+#----
+# 8.7
+#----
+
+# Flag to enable access to the HCRX_EL2 register by setting SCR_EL3.HXEn.
+ENABLE_FEAT_HCX := 0
+
+#----
+# 8.9
+#----
+
+# Flag to enable access to TCR2 (FEAT_TCR2).
+ENABLE_FEAT_TCR2 := 0
+
+#
+################################################################################
+# Enable Mandatory features based on Arch versions.
+################################################################################
+#
# Enable the features which are mandatory from ARCH version 8.1 and upwards.
ifeq "8.1" "$(word 1, $(sort 8.1 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_PAN = 1
-ENABLE_FEAT_VHE = 1
+ENABLE_FEAT_PAN := 1
+ENABLE_FEAT_VHE := 1
endif
# Enable the features which are mandatory from ARCH version 8.2 and upwards.
ifeq "8.2" "$(word 1, $(sort 8.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_RAS = 1
+ENABLE_FEAT_RAS := 1
endif
# Enable the features which are mandatory from ARCH version 8.4 and upwards.
ifeq "8.4" "$(word 1, $(sort 8.4 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_DIT = 1
-ENABLE_FEAT_SEL2 = 1
+ENABLE_FEAT_SEL2 := 1
+CTX_INCLUDE_NEVE_REGS := 1
+ENABLE_TRF_FOR_NS := 1
+ENABLE_FEAT_DIT := 1
endif
# Enable the features which are mandatory from ARCH version 8.5 and upwards.
ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_SB = 1
+ENABLE_FEAT_RNG := 1
+ENABLE_FEAT_SB := 1
+
+# Enable Memory tagging, Branch Target Identification for aarch64 only.
+ifeq ($(ARCH), aarch64)
+ mem_tag_arch_support := yes
+endif #(ARCH=aarch64)
+
endif
# Enable the features which are mandatory from ARCH version 8.6 and upwards.
ifeq "8.6" "$(word 1, $(sort 8.6 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_FGT = 1
-ENABLE_FEAT_ECV = 1
+ENABLE_FEAT_ECV := 1
+ENABLE_FEAT_FGT := 1
endif
# Enable the features which are mandatory from ARCH version 8.7 and upwards.
ifeq "8.7" "$(word 1, $(sort 8.7 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_HCX = 1
+ENABLE_FEAT_HCX := 1
endif
+
+# Enable the features which are mandatory from ARCH version 8.9 and upwards.
+ifeq "8.9" "$(word 1, $(sort 8.9 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+ENABLE_FEAT_TCR2 := 1
+endif
+
+#
+################################################################################
+# Optional Features defaulted to 0 or 2, if they are not enabled from
+# build option. Can also be disabled or enabled by platform if needed.
+################################################################################
+#
+
+#----
+# 8.0
+#----
+
+# Flag to enable CSV2_2 extension.
+ENABLE_FEAT_CSV2_2 ?= 0
+
+# By default, disable access of trace system registers from NS lower
+# ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused if
+# system register trace is implemented. This feature is available if
+# trace unit such as ETMv4.x, This feature is OPTIONAL and is only
+# permitted in Armv8 implementations.
+ENABLE_SYS_REG_TRACE_FOR_NS ?= 0
+
+#----
+# 8.2
+#----
+
+# Build option to enable/disable the Statistical Profiling Extension,
+# keep it enabled by default for AArch64.
+ifeq (${ARCH},aarch64)
+ ENABLE_SPE_FOR_NS ?= 2
+else ifeq (${ARCH},aarch32)
+ ifdef ENABLE_SPE_FOR_NS
+ $(error ENABLE_SPE_FOR_NS is not supported for AArch32)
+ else
+ ENABLE_SPE_FOR_NS := 0
+ endif
+endif
+
+# Enable SVE for non-secure world by default.
+ifeq (${ARCH},aarch64)
+ ENABLE_SVE_FOR_NS ?= 2
+# SVE is only supported on AArch64 so disable it on AArch32.
+else ifeq (${ARCH},aarch32)
+ ifdef ENABLE_SVE_FOR_NS
+ $(error ENABLE_SVE_FOR_NS is not supported for AArch32)
+ else
+ ENABLE_SVE_FOR_NS := 0
+ endif
+endif
+
+#----
+# 8.4
+#----
+
+# Feature flags for supporting Activity monitor extensions.
+ENABLE_FEAT_AMU ?= 0
+ENABLE_AMU_AUXILIARY_COUNTERS ?= 0
+ENABLE_AMU_FCONF ?= 0
+AMU_RESTRICT_COUNTERS ?= 0
+
+# Build option to enable MPAM for lower ELs.
+ENABLE_MPAM_FOR_LOWER_ELS ?= 0
+
+#----
+# 8.5
+#----
+
+# Flag to enable support for EL3 trapping of reads of the RNDR and RNDRRS
+# registers, by setting SCR_EL3.TRNDR.
+ENABLE_FEAT_RNG_TRAP ?= 0
+
+# Include Memory Tagging Extension registers in cpu context. This must be set
+# to 1 if the platform wants to use this feature in the Secure world and MTE is
+# enabled at ELX.
+CTX_INCLUDE_MTE_REGS ?= 0
+
+#----
+# 8.6
+#----
+
+# Flag to enable AMUv1p1 extension.
+ENABLE_FEAT_AMUv1p1 ?= 0
+
+# Flag to enable delayed trapping of WFE instruction (FEAT_TWED).
+ENABLE_FEAT_TWED ?= 0
+
+# In v8.6+ platforms with delayed trapping of WFE being supported
+# via FEAT_TWED, this flag takes the delay value to be set in the
+# SCR_EL3.TWEDEL(4bit) field, when FEAT_TWED is implemented.
+# By default it takes 0, and need to be updated by the platforms.
+TWED_DELAY ?= 0
+
+# Disable MTPMU if FEAT_MTPMU is supported.
+DISABLE_MTPMU ?= 0
+
+#----
+# 8.9
+#----
+
+# Flag to enable NoTagAccess memory region attribute for stage 2 of translation.
+ENABLE_FEAT_MTE_PERM ?= 0
+
+# Flag to enable access to Stage 2 Permission Indirection (FEAT_S2PIE).
+ENABLE_FEAT_S2PIE ?= 0
+
+# Flag to enable access to Stage 1 Permission Indirection (FEAT_S1PIE).
+ENABLE_FEAT_S1PIE ?= 0
+
+# Flag to enable access to Stage 2 Permission Overlay (FEAT_S2POE).
+ENABLE_FEAT_S2POE ?= 0
+
+# Flag to enable access to Stage 1 Permission Overlay (FEAT_S1POE).
+ENABLE_FEAT_S1POE ?= 0
+
+#----
+# 9.0
+#----
+
+# Flag to enable Realm Management Extension (FEAT_RME).
+ENABLE_RME ?= 0
+
+# Scalable Matrix Extension for non-secure world.
+ENABLE_SME_FOR_NS ?= 0
+
+# Scalable Vector Extension for secure world.
+ENABLE_SVE_FOR_SWD ?= 0
+
+# By default, disable access of trace buffer control registers from NS
+# lower ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused
+# if FEAT_TRBE is implemented.
+# Note FEAT_TRBE is only supported on AArch64 - therefore do not enable in
+# AArch32.
+ifeq (${ARCH},aarch64)
+ ENABLE_TRBE_FOR_NS ?= 0
+else ifeq (${ARCH},aarch32)
+ ifdef ENABLE_TRBE_FOR_NS
+ $(error ENABLE_TRBE_FOR_NS is not supported for AArch32)
+ else
+ ENABLE_TRBE_FOR_NS := 0
+ endif
+endif
+
+#----
+# 9.2
+#----
+
+# Scalable Matrix Extension version 2 for non-secure world.
+ENABLE_SME2_FOR_NS ?= 0
+
+# Scalable Matrix Extension for secure world.
+ENABLE_SME_FOR_SWD ?= 0
+
+# By default, disable access to branch record buffer control registers from NS
+# lower ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused
+# if FEAT_BRBE is implemented.
+ENABLE_BRBE_FOR_NS ?= 0
+
+#----
+#9.4
+#----
+
+# Flag to enable access to Guarded Control Stack (FEAT_GCS).
+ENABLE_FEAT_GCS ?= 0
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 964e0f9..aaabb27 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -63,16 +63,6 @@
# Include FP registers in cpu context
CTX_INCLUDE_FPREGS := 0
-# Include pointer authentication (ARMv8.3-PAuth) registers in cpu context. This
-# must be set to 1 if the platform wants to use this feature in the Secure
-# world. It is not needed to use it in the Non-secure world.
-CTX_INCLUDE_PAUTH_REGS := 0
-
-# Include Nested virtualization control (Armv8.4-NV) registers in cpu context.
-# This must be set to 1 if architecture implements Nested Virtualization
-# Extension and platform wants to use this feature in the Secure world
-CTX_INCLUDE_NEVE_REGS := 0
-
# Debug build
DEBUG := 0
@@ -85,17 +75,10 @@
# Disable the generation of the binary image (ELF only).
DISABLE_BIN_GENERATION := 0
-# Disable MTPMU if FEAT_MTPMU is supported. Default is 0 to keep backwards
-# compatibility.
-DISABLE_MTPMU := 0
-
# Enable capability to disable authentication dynamically. Only meant for
# development platforms.
DYN_DISABLE_AUTH := 0
-# Build option to enable MPAM for lower ELs
-ENABLE_MPAM_FOR_LOWER_ELS := 0
-
# Enable the Maximum Power Mitigation Mechanism on supporting cores.
ENABLE_MPMM := 0
@@ -111,9 +94,6 @@
# Flag to enable PSCI STATs functionality
ENABLE_PSCI_STAT := 0
-# Flag to enable Realm Management Extension (FEAT_RME)
-ENABLE_RME := 0
-
# Flag to enable runtime instrumentation using PMF
ENABLE_RUNTIME_INSTRUMENTATION := 0
@@ -123,77 +103,6 @@
# Flag to enable exception handling in EL3
EL3_EXCEPTION_HANDLING := 0
-# Flag to enable Branch Target Identification.
-# Internal flag not meant for direct setting.
-# Use BRANCH_PROTECTION to enable BTI.
-ENABLE_BTI := 0
-
-# Flag to enable Pointer Authentication.
-# Internal flag not meant for direct setting.
-# Use BRANCH_PROTECTION to enable PAUTH.
-ENABLE_PAUTH := 0
-
-# Flag to enable AMUv1p1 extension.
-ENABLE_FEAT_AMUv1p1 := 0
-
-# Flag to enable CSV2_2 extension.
-ENABLE_FEAT_CSV2_2 := 0
-
-# Flag to enable access to the HCRX_EL2 register by setting SCR_EL3.HXEn.
-ENABLE_FEAT_HCX := 0
-
-# Flag to enable access to the HDFGRTR_EL2 register
-ENABLE_FEAT_FGT := 0
-
-# Flag to enable access to the CNTPOFF_EL2 register
-ENABLE_FEAT_ECV := 0
-
-# Flag to enable use of the DIT feature.
-ENABLE_FEAT_DIT := 0
-
-# Flag to enable access to Privileged Access Never bit of PSTATE.
-ENABLE_FEAT_PAN := 0
-
-# Flag to enable access to the Random Number Generator registers
-ENABLE_FEAT_RNG := 0
-
-# Flag to enable support for EL3 trapping of reads of the RNDR and RNDRRS
-# registers, by setting SCR_EL3.TRNDR.
-ENABLE_FEAT_RNG_TRAP := 0
-
-# Flag to enable Speculation Barrier Instruction
-ENABLE_FEAT_SB := 0
-
-# Flag to enable Secure EL-2 feature.
-ENABLE_FEAT_SEL2 := 0
-
-# Flag to enable Virtualization Host Extensions
-ENABLE_FEAT_VHE := 0
-
-# Flag to enable delayed trapping of WFE instruction (FEAT_TWED)
-ENABLE_FEAT_TWED := 0
-
-# Flag to enable access to TCR2 (FEAT_TCR2)
-ENABLE_FEAT_TCR2 := 0
-
-# Flag to enable access to Stage 2 Permission Indirection (FEAT_S2PIE)
-ENABLE_FEAT_S2PIE := 0
-
-# Flag to enable access to Stage 1 Permission Indirection (FEAT_S1PIE)
-ENABLE_FEAT_S1PIE := 0
-
-# Flag to enable access to Stage 2 Permission Overlay (FEAT_S2POE)
-ENABLE_FEAT_S2POE := 0
-
-# Flag to enable access to Stage 1 Permission Overlay (FEAT_S1POE)
-ENABLE_FEAT_S1POE := 0
-
-# Flag to enable access to Guarded Control Stack (FEAT_GCS)
-ENABLE_FEAT_GCS := 0
-
-# Flag to enable NoTagAccess memory region attribute for stage 2 of translation.
-ENABLE_FEAT_MTE_PERM := 0
-
# By default BL31 encryption disabled
ENCRYPT_BL31 := 0
@@ -279,8 +188,7 @@
# Enable PSCI OS-initiated mode support
PSCI_OS_INIT_MODE := 0
-# Enable RAS Support
-ENABLE_FEAT_RAS := 0
+# Enable RAS Firmware First Handling Support
RAS_FFH_SUPPORT := 0
# By default, BL1 acts as the reset handler, not BL31
@@ -379,40 +287,9 @@
# platforms).
WARMBOOT_ENABLE_DCACHE_EARLY := 0
-# Build option to enable/disable the Statistical Profiling Extensions
-ENABLE_SPE_FOR_NS := 2
-
-# SPE is only supported on AArch64 so disable it on AArch32.
-ifeq (${ARCH},aarch32)
- override ENABLE_SPE_FOR_NS := 0
-endif
-
-# Include Memory Tagging Extension registers in cpu context. This must be set
-# to 1 if the platform wants to use this feature in the Secure world and MTE is
-# enabled at ELX.
-CTX_INCLUDE_MTE_REGS := 0
-
-ENABLE_FEAT_AMU := 0
-ENABLE_AMU_AUXILIARY_COUNTERS := 0
-ENABLE_AMU_FCONF := 0
-AMU_RESTRICT_COUNTERS := 0
-
-# Enable SVE for non-secure world by default
-ENABLE_SVE_FOR_NS := 2
-# SVE is only supported on AArch64 so disable it on AArch32.
-ifeq (${ARCH},aarch32)
- override ENABLE_SVE_FOR_NS := 0
-endif
-ENABLE_SVE_FOR_SWD := 0
-
# Default SVE vector length to maximum architected value
SVE_VECTOR_LEN := 2048
-# SME defaults to disabled
-ENABLE_SME_FOR_NS := 0
-ENABLE_SME_FOR_SWD := 0
-ENABLE_SME2_FOR_NS := 0
-
SANITIZE_UB := off
# For ARMv8.1 (AArch64) platforms, enabling this option selects the spinlock
@@ -467,38 +344,6 @@
# Disable Firmware update support by default
PSA_FWU_SUPPORT := 0
-# By default, disable access of trace buffer control registers from NS
-# lower ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused
-# if FEAT_TRBE is implemented.
-# Note FEAT_TRBE is only supported on AArch64 - therefore do not enable in
-# AArch32.
-ifneq (${ARCH},aarch32)
- ENABLE_TRBE_FOR_NS := 0
-else
- override ENABLE_TRBE_FOR_NS := 0
-endif
-
-# By default, disable access to branch record buffer control registers from NS
-# lower ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused
-# if FEAT_BRBE is implemented.
-ENABLE_BRBE_FOR_NS := 0
-
-# By default, disable access of trace system registers from NS lower
-# ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused if
-# system register trace is implemented.
-ENABLE_SYS_REG_TRACE_FOR_NS := 0
-
-# By default, disable trace filter control registers access to NS
-# lower ELs, i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused
-# if FEAT_TRF is implemented.
-ENABLE_TRF_FOR_NS := 0
-
-# In v8.6+ platforms with delayed trapping of WFE being supported
-# via FEAT_TWED, this flag takes the delay value to be set in the
-# SCR_EL3.TWEDEL(4bit) field, when FEAT_TWED is implemented.
-# By default it takes 0, and need to be updated by the platforms.
-TWED_DELAY := 0
-
# By default, disable the mocking of RSS provided services
PLAT_RSS_NOT_SUPPORTED := 0
diff --git a/plat/arm/board/a5ds/platform.mk b/plat/arm/board/a5ds/platform.mk
index 3ed7a63..dd82a10 100644
--- a/plat/arm/board/a5ds/platform.mk
+++ b/plat/arm/board/a5ds/platform.mk
@@ -102,8 +102,6 @@
$(error Variable AARCH32_SP has to be set for AArch32)
endif
-MULTI_CONSOLE_API := 1
-
ARM_DISABLE_TRUSTED_WDOG := 1
PLAT_BL_COMMON_SOURCES += lib/xlat_tables/aarch32/nonlpae_tables.c
diff --git a/plat/imx/imx7/picopi/platform.mk b/plat/imx/imx7/picopi/platform.mk
index 0267a8b..c599675 100644
--- a/plat/imx/imx7/picopi/platform.mk
+++ b/plat/imx/imx7/picopi/platform.mk
@@ -34,7 +34,6 @@
USE_COHERENT_MEM := 1
# Use multi console API
-MULTI_CONSOLE_API := 1
PLAT_PICOPI_UART :=5
$(eval $(call add_define,PLAT_PICOPI_UART))
diff --git a/plat/intel/soc/agilex/platform.mk b/plat/intel/soc/agilex/platform.mk
index e9fa666..5c92f72 100644
--- a/plat/intel/soc/agilex/platform.mk
+++ b/plat/intel/soc/agilex/platform.mk
@@ -79,5 +79,4 @@
PROGRAMMABLE_RESET_ADDRESS := 0
RESET_TO_BL2 := 1
BL2_INV_DCACHE := 0
-MULTI_CONSOLE_API := 1
USE_COHERENT_MEM := 1
diff --git a/plat/intel/soc/agilex5/platform.mk b/plat/intel/soc/agilex5/platform.mk
index 779c629..546bc2e 100644
--- a/plat/intel/soc/agilex5/platform.mk
+++ b/plat/intel/soc/agilex5/platform.mk
@@ -104,4 +104,3 @@
PROGRAMMABLE_RESET_ADDRESS := 0
RESET_TO_BL2 := 1
BL2_INV_DCACHE := 0
-MULTI_CONSOLE_API := 1
diff --git a/plat/intel/soc/n5x/platform.mk b/plat/intel/soc/n5x/platform.mk
index 7afeb74..95f076f 100644
--- a/plat/intel/soc/n5x/platform.mk
+++ b/plat/intel/soc/n5x/platform.mk
@@ -49,5 +49,4 @@
PROGRAMMABLE_RESET_ADDRESS := 0
RESET_TO_BL2 := 1
BL2_INV_DCACHE := 0
-MULTI_CONSOLE_API := 1
USE_COHERENT_MEM := 1
diff --git a/plat/mediatek/common/common_config.mk b/plat/mediatek/common/common_config.mk
index 31a61e0..300242b 100644
--- a/plat/mediatek/common/common_config.mk
+++ b/plat/mediatek/common/common_config.mk
@@ -6,7 +6,6 @@
# indicate the reset vector address can be programmed
PROGRAMMABLE_RESET_ADDRESS := 1
-MULTI_CONSOLE_API := 1
COLD_BOOT_SINGLE_CPU := 1
# Build flag to include AArch32 registers in cpu context save and restore during
# world switch. This flag must be set to 0 for AArch64-only platforms.
diff --git a/plat/mediatek/mt8173/platform.mk b/plat/mediatek/mt8173/platform.mk
index 6bf1aa7..4d5a100 100644
--- a/plat/mediatek/mt8173/platform.mk
+++ b/plat/mediatek/mt8173/platform.mk
@@ -71,5 +71,3 @@
# Do not enable SVE
ENABLE_SVE_FOR_NS := 0
-
-MULTI_CONSOLE_API := 1
diff --git a/plat/mediatek/mt8183/platform.mk b/plat/mediatek/mt8183/platform.mk
index a737d24..55c49ff 100644
--- a/plat/mediatek/mt8183/platform.mk
+++ b/plat/mediatek/mt8183/platform.mk
@@ -81,8 +81,6 @@
COLD_BOOT_SINGLE_CPU := 1
-MULTI_CONSOLE_API := 1
-
MACH_MT8183 := 1
$(eval $(call add_define,MACH_MT8183))
diff --git a/plat/qemu/common/common.mk b/plat/qemu/common/common.mk
index 618e6c9..b23f7fd 100644
--- a/plat/qemu/common/common.mk
+++ b/plat/qemu/common/common.mk
@@ -25,6 +25,7 @@
lib/cpus/aarch64/neoverse_n_common.S \
lib/cpus/aarch64/neoverse_n1.S \
lib/cpus/aarch64/neoverse_v1.S \
+ lib/cpus/aarch64/neoverse_n2.S \
lib/cpus/aarch64/qemu_max.S
PLAT_INCLUDES += -Iinclude/plat/arm/common/${ARCH}
@@ -33,7 +34,7 @@
# v8.0: a53, a57, a72
# v8.2: a76, n1
# v8.4: v1
-# v9.0: a710
+# v9.0: a710, n2
#
# let treat v9.0 as v8.5 as they share cpu features
# https://developer.arm.com/documentation/102378/0201/Armv8-x-and-Armv9-x-extensions-and-features
diff --git a/plat/qemu/qemu_sbsa/include/platform_def.h b/plat/qemu/qemu_sbsa/include/platform_def.h
index deaf16e..14030e3 100644
--- a/plat/qemu/qemu_sbsa/include/platform_def.h
+++ b/plat/qemu/qemu_sbsa/include/platform_def.h
@@ -199,7 +199,7 @@
#define QEMU_FLASH1_BASE 0x10000000
#define QEMU_FLASH1_SIZE 0x10000000
-#define PLAT_QEMU_FIP_BASE 0x00008000
+#define PLAT_QEMU_FIP_BASE BL1_SIZE
#define PLAT_QEMU_FIP_MAX_SIZE 0x00400000
/* This is map from GIC_DIST up to last CPU (255) GIC_REDISTR */
diff --git a/plat/qemu/qemu_sbsa/platform.mk b/plat/qemu/qemu_sbsa/platform.mk
index 4a8df46..1b147ce 100644
--- a/plat/qemu/qemu_sbsa/platform.mk
+++ b/plat/qemu/qemu_sbsa/platform.mk
@@ -7,7 +7,6 @@
PLAT_QEMU_PATH := plat/qemu/qemu_sbsa
PLAT_QEMU_COMMON_PATH := plat/qemu/common
-MULTI_CONSOLE_API := 1
CRASH_REPORTING := 1
# Disable the PSCI platform compatibility layer
diff --git a/plat/qti/sc7180/platform.mk b/plat/qti/sc7180/platform.mk
index 41a08ca..b576649 100644
--- a/plat/qti/sc7180/platform.mk
+++ b/plat/qti/sc7180/platform.mk
@@ -32,8 +32,6 @@
RESET_TO_BL31 := 0
-MULTI_CONSOLE_API := 1
-
QTI_SDI_BUILD := 0
$(eval $(call assert_boolean,QTI_SDI_BUILD))
$(eval $(call add_define,QTI_SDI_BUILD))
diff --git a/plat/qti/sc7280/platform.mk b/plat/qti/sc7280/platform.mk
index 528a1d4..3d7d728 100644
--- a/plat/qti/sc7280/platform.mk
+++ b/plat/qti/sc7280/platform.mk
@@ -35,8 +35,6 @@
RESET_TO_BL31 := 0
-MULTI_CONSOLE_API := 1
-
QTI_SDI_BUILD := 0
$(eval $(call assert_boolean,QTI_SDI_BUILD))
$(eval $(call add_define,QTI_SDI_BUILD))
diff --git a/plat/renesas/common/common.mk b/plat/renesas/common/common.mk
index 25fbb2f..f769be7 100644
--- a/plat/renesas/common/common.mk
+++ b/plat/renesas/common/common.mk
@@ -12,7 +12,6 @@
GENERATE_COT := 1
RESET_TO_BL2 := 1
ENABLE_SVE_FOR_NS := 0
-MULTI_CONSOLE_API := 1
CRASH_REPORTING := 1
HANDLE_EA_EL3_FIRST_NS := 1
diff --git a/plat/rockchip/px30/platform.mk b/plat/rockchip/px30/platform.mk
index d14ffc4..72e12b1 100644
--- a/plat/rockchip/px30/platform.mk
+++ b/plat/rockchip/px30/platform.mk
@@ -64,7 +64,6 @@
endif
ENABLE_PLAT_COMPAT := 0
-MULTI_CONSOLE_API := 1
include lib/libfdt/libfdt.mk
diff --git a/plat/rockchip/rk3288/platform.mk b/plat/rockchip/rk3288/platform.mk
index e6f78cf..fec4ebb 100644
--- a/plat/rockchip/rk3288/platform.mk
+++ b/plat/rockchip/rk3288/platform.mk
@@ -56,8 +56,6 @@
${RK_PLAT_SOC}/drivers/secure/secure.c \
${RK_PLAT_SOC}/drivers/soc/soc.c \
-MULTI_CONSOLE_API := 1
-
include lib/coreboot/coreboot.mk
include lib/libfdt/libfdt.mk