Merge "fix(tc): fix the MHUv3 interrupt name in DT" into integration
diff --git a/bl31/bl31_traps.c b/bl31/bl31_traps.c
index 47a555a..984fdaa 100644
--- a/bl31/bl31_traps.c
+++ b/bl31/bl31_traps.c
@@ -96,6 +96,14 @@
*
* NOTE: This piece of code must be reviewed every release to ensure that
* we keep up with new ARCH features which introduces a new SPSR bit.
+ *
+ * TF-A 2.12 release review
+ * The latest version available is 2024-09, which has two extra features which
+ * impacts generation of SPSR, since these features are not implemented in TF-A
+ * at the time of release, just log the feature names here to be taken up when
+ * feature support is introduced.
+ * - FEAT_PAuth_LR (2023 extension)
+ * - FEAT_UINJ (2024 extension)
*/
u_register_t create_spsr(u_register_t old_spsr, unsigned int target_el)
{
diff --git a/docs/components/context-management-library.rst b/docs/components/context-management-library.rst
index 266b82a..6a76ada 100644
--- a/docs/components/context-management-library.rst
+++ b/docs/components/context-management-library.rst
@@ -244,25 +244,22 @@
typedef struct cpu_context {
gp_regs_t gpregs_ctx;
el3_state_t el3state_ctx;
- el1_sysregs_t el1_sysregs_ctx;
- #if CTX_INCLUDE_EL2_REGS
- el2_sysregs_t el2_sysregs_ctx;
- #endif
+ cve_2018_3639_t cve_2018_3639_ctx;
- #if CTX_INCLUDE_FPREGS
- fp_regs_t fpregs_ctx;
+ #if ERRATA_SPECULATIVE_AT
+ errata_speculative_at_t errata_speculative_at_ctx;
#endif
- cve_2018_3639_t cve_2018_3639_ctx;
#if CTX_INCLUDE_PAUTH_REGS
pauth_t pauth_ctx;
#endif
- #if CTX_INCLUDE_MPAM_REGS
- mpam_t mpam_ctx;
+ #if (CTX_INCLUDE_EL2_REGS && IMAGE_BL31)
+ el2_sysregs_t el2_sysregs_ctx;
+ #else
+ el1_sysregs_t el1_sysregs_ctx;
#endif
-
} cpu_context_t;
Context Memory Allocation
@@ -509,6 +506,55 @@
identical values across all cores for the individual Non-secure, Secure, and
Realm worlds.
+Root-Context (EL3-Execution-Context)
+====================================
+
+EL3/Root Context is the execution environment while the CPU is running at EL3.
+
+Previously, while the CPU is in execution at EL3, the system registers persist
+with the values of the incoming world. This implies that if the CPU is entering
+EL3 from NS world, the EL1 and EL2 system registers which might be modified in
+lower exception levels NS(EL2/EL1) will carry forward those values to EL3.
+Further the EL3 registers also hold on to the values configured for Non-secure
+world, written during the previous ERET from EL3 to NS(EL2/EL1).
+Same policy is followed with respect to other worlds (Secure/Realm) depending on
+the system configuration.
+
+The firmware at EL3 has traditionally operated within the context of the incoming
+world (Secure/Non-Secure/Realm). This becomes problematic in scenarios where the
+EL3/Root world must explicitly use architectural features that depend on system
+registers configured for lower exception levels.
+A good example of this is the PAuth regs. The Root world would need to program
+its own PAuth Keys while executing in EL3 and this needs to be restored in entry
+to EL3 from any world.
+Therefore, Root world should maintain its own distinct settings to access
+features for its own execution at EL3.
+
+Register values which are currently known to be of importance during EL3 execution,
+is referred to as the EL3/Root context.
+This includes ( MDCR_EL3.SDD, SCR_EL3.{EA, SIF}, PMCR_EL0.DP, PSTATE.DIT)
+EL3 Context ensures, CPU executes under fixed EL3 system register settings
+which is not affected by settings of other worlds.
+
+Root Context needs to be setup as early as possible before we try and access/modify
+architectural features at EL3. Its a simple restore operation ``setup_el3_execution_context``
+that overwrites the selected bits listed above. EL3 never changes its mind about
+what those values should be, sets it as required for EL3. Henceforth, a Root
+context save operation is not required.
+
+The figure below illustrates the same with NS-world as a reference while entering
+EL3.
+
+|Root Context Sequence|
+
+.. code:: c
+
+ # EL3/Root_Context routine
+ .macro setup_el3_execution_context
+
+EL3 execution context needs to setup at both boot time (cold and warm boot)
+entrypaths and at all the possible exception handlers routing to EL3 at runtime.
+
*Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.*
.. |Context Memory Allocation| image:: ../resources/diagrams/context_memory_allocation.png
@@ -516,6 +562,7 @@
.. |CPU Data Structure| image:: ../resources/diagrams/percpu-data-struct.png
.. |Context Init ColdBoot| image:: ../resources/diagrams/context_init_coldboot.png
.. |Context Init WarmBoot| image:: ../resources/diagrams/context_init_warmboot.png
+.. |Root Context Sequence| image:: ../resources/diagrams/root_context_sequence.png
.. _Trustzone for AArch64: https://developer.arm.com/documentation/102418/0101/TrustZone-in-the-processor/Switching-between-Security-states
.. _Security States with RME: https://developer.arm.com/documentation/den0126/0100/Security-states
.. _lib/el3_runtime/(aarch32/aarch64): https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/lib/el3_runtime
diff --git a/docs/plat/arm/juno/index.rst b/docs/plat/arm/juno/index.rst
index 5320a3b..1e37696 100644
--- a/docs/plat/arm/juno/index.rst
+++ b/docs/plat/arm/juno/index.rst
@@ -56,7 +56,7 @@
#. Obtain SCP binaries (Juno)
- This version of TF-A is tested with SCP version 2.12.0 on Juno. You can
+ This version of TF-A is tested with SCP version 2.15.0 on Juno. You can
download pre-built SCP binaries (``scp_bl1.bin`` and ``scp_bl2.bin``)
from `TF-A downloads page`_. Alternatively, you can `build
the binaries from source`_.
@@ -241,11 +241,11 @@
--------------
-*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2024, Arm Limited. All rights reserved.*
.. _Linaro release software stack: http://releases.linaro.org/members/arm/platforms/
.. _Juno platform software user guide: https://git.linaro.org/landing-teams/working/arm/arm-reference-platforms.git/about/docs/juno/user-guide.rst
-.. _TF-A downloads page: https://downloads.trustedfirmware.org/tf-a/css_scp_2.12.0/juno/
+.. _TF-A downloads page: https://downloads.trustedfirmware.org/tf-a/css_scp_2.15.0/juno/
.. _build the binaries from source: https://github.com/ARM-software/SCP-firmware/blob/master/user_guide.md#scp-firmware-user-guide
.. _Arm Platforms Portal: https://community.arm.com/dev-platforms/
.. _Juno Getting Started Guide: https://developer.arm.com/documentation/den0928/f/?lang=en
diff --git a/docs/resources/diagrams/root_context_sequence.png b/docs/resources/diagrams/root_context_sequence.png
new file mode 100644
index 0000000..67783f1
--- /dev/null
+++ b/docs/resources/diagrams/root_context_sequence.png
Binary files differ
diff --git a/plat/hisilicon/hikey/platform.mk b/plat/hisilicon/hikey/platform.mk
index 63eca37..b67d3ff 100644
--- a/plat/hisilicon/hikey/platform.mk
+++ b/plat/hisilicon/hikey/platform.mk
@@ -152,11 +152,11 @@
$(BUILD_PLAT)/bl2/hikey_rotpk.o: $(ROTPK_HASH)
certificates: $(ROT_KEY)
-$(ROT_KEY): | $(BUILD_PLAT)
+$(ROT_KEY): | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
-$(ROTPK_HASH): $(ROT_KEY)
+$(ROTPK_HASH): $(ROT_KEY) | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
diff --git a/plat/hisilicon/hikey960/platform.mk b/plat/hisilicon/hikey960/platform.mk
index c2c3122..c278d8e 100644
--- a/plat/hisilicon/hikey960/platform.mk
+++ b/plat/hisilicon/hikey960/platform.mk
@@ -145,11 +145,11 @@
$(BUILD_PLAT)/bl2/hikey960_rotpk.o: $(ROTPK_HASH)
certificates: $(ROT_KEY)
-$(ROT_KEY): | $(BUILD_PLAT)
+$(ROT_KEY): | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
-$(ROTPK_HASH): $(ROT_KEY)
+$(ROTPK_HASH): $(ROT_KEY) | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
diff --git a/plat/imx/imx7/common/imx7.mk b/plat/imx/imx7/common/imx7.mk
index 2bda3a5..a7e8fe8 100644
--- a/plat/imx/imx7/common/imx7.mk
+++ b/plat/imx/imx7/common/imx7.mk
@@ -76,13 +76,13 @@
certificates: $(ROT_KEY)
-$(ROT_KEY): | $(BUILD_PLAT)
+$(ROT_KEY): | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)if [ ! -f $(ROT_KEY) ]; then \
${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \
fi
-$(ROTPK_HASH): $(ROT_KEY)
+$(ROTPK_HASH): $(ROT_KEY) | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
diff --git a/plat/imx/imx8m/imx8mm/platform.mk b/plat/imx/imx8m/imx8mm/platform.mk
index d1c1259..e54256c 100644
--- a/plat/imx/imx8m/imx8mm/platform.mk
+++ b/plat/imx/imx8m/imx8mm/platform.mk
@@ -132,13 +132,13 @@
certificates: $(ROT_KEY)
-$(ROT_KEY): | $(BUILD_PLAT)
+$(ROT_KEY): | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)if [ ! -f $(ROT_KEY) ]; then \
${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \
fi
-$(ROTPK_HASH): $(ROT_KEY)
+$(ROTPK_HASH): $(ROT_KEY) | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
diff --git a/plat/imx/imx8m/imx8mp/platform.mk b/plat/imx/imx8m/imx8mp/platform.mk
index 5df598c..98b99d1 100644
--- a/plat/imx/imx8m/imx8mp/platform.mk
+++ b/plat/imx/imx8m/imx8mp/platform.mk
@@ -129,13 +129,13 @@
certificates: $(ROT_KEY)
-$(ROT_KEY): | $(BUILD_PLAT)
+$(ROT_KEY): | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)if [ ! -f $(ROT_KEY) ]; then \
${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \
fi
-$(ROTPK_HASH): $(ROT_KEY)
+$(ROTPK_HASH): $(ROT_KEY) | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
diff --git a/plat/nxp/common/tbbr/tbbr.mk b/plat/nxp/common/tbbr/tbbr.mk
index 000e419..0233398 100644
--- a/plat/nxp/common/tbbr/tbbr.mk
+++ b/plat/nxp/common/tbbr/tbbr.mk
@@ -130,13 +130,13 @@
$(BUILD_PLAT)/bl2/nxp_rotpk.o: $(ROTPK_HASH)
certificates: $(ROT_KEY)
- $(ROT_KEY): | $(BUILD_PLAT)
+ $(ROT_KEY): | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)if [ ! -f $(ROT_KEY) ]; then \
${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \
fi
- $(ROTPK_HASH): $(ROT_KEY)
+ $(ROTPK_HASH): $(ROT_KEY) | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
diff --git a/plat/qemu/qemu/platform.mk b/plat/qemu/qemu/platform.mk
index cf1b3a8..0d4cdb8 100644
--- a/plat/qemu/qemu/platform.mk
+++ b/plat/qemu/qemu/platform.mk
@@ -78,11 +78,11 @@
certificates: $(ROT_KEY)
- $(ROT_KEY): | $(BUILD_PLAT)
+ $(ROT_KEY): | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
- $(ROTPK_HASH): $(ROT_KEY)
+ $(ROTPK_HASH): $(ROT_KEY) | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
diff --git a/plat/rpi/rpi3/platform.mk b/plat/rpi/rpi3/platform.mk
index e139b49..fc51bec 100644
--- a/plat/rpi/rpi3/platform.mk
+++ b/plat/rpi/rpi3/platform.mk
@@ -213,11 +213,11 @@
certificates: $(ROT_KEY)
- $(ROT_KEY): | $(BUILD_PLAT)
+ $(ROT_KEY): | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
- $(ROTPK_HASH): $(ROT_KEY)
+ $(ROTPK_HASH): $(ROT_KEY) | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
diff --git a/plat/socionext/synquacer/platform.mk b/plat/socionext/synquacer/platform.mk
index a5ab4f7..e4ae87b 100644
--- a/plat/socionext/synquacer/platform.mk
+++ b/plat/socionext/synquacer/platform.mk
@@ -71,11 +71,11 @@
$(BUILD_PLAT)/bl2/sq_rotpk.o: $(ROTPK_HASH)
certificates: $(ROT_KEY)
-$(ROT_KEY): | $(BUILD_PLAT)
+$(ROT_KEY): | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
-$(ROTPK_HASH): $(ROT_KEY)
+$(ROTPK_HASH): $(ROT_KEY) | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
diff --git a/plat/socionext/uniphier/platform.mk b/plat/socionext/uniphier/platform.mk
index ebb9b8c..21d95cf 100644
--- a/plat/socionext/uniphier/platform.mk
+++ b/plat/socionext/uniphier/platform.mk
@@ -105,11 +105,11 @@
$(BUILD_PLAT)/bl2/uniphier_rotpk.o: $(ROTPK_HASH)
certificates: $(ROT_KEY)
-$(ROT_KEY): | $(BUILD_PLAT)
+$(ROT_KEY): | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
-$(ROTPK_HASH): $(ROT_KEY)
+$(ROTPK_HASH): $(ROT_KEY) | $$(@D)/
$(s)echo " OPENSSL $@"
$(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
diff --git a/plat/st/stm32mp2/bl31_plat_setup.c b/plat/st/stm32mp2/bl31_plat_setup.c
index 586bfe8..a7a3721 100644
--- a/plat/st/stm32mp2/bl31_plat_setup.c
+++ b/plat/st/stm32mp2/bl31_plat_setup.c
@@ -62,6 +62,8 @@
panic();
}
+ generic_delay_timer_init();
+
(void)stm32mp_uart_console_setup();
/*
@@ -122,8 +124,6 @@
void bl31_plat_arch_setup(void)
{
- generic_delay_timer_init();
-
stm32mp_gic_init();
}
