Merge "fix(scmi): add parameter for plat_scmi_clock_rates_array" into integration
diff --git a/Makefile b/Makefile
index 0c35120..8e2fd81 100644
--- a/Makefile
+++ b/Makefile
@@ -768,8 +768,8 @@
ifeq (${AARCH32_SP_MAKE},)
$(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located)
endif
- $(info Including ${AARCH32_SP_MAKE})
- include ${AARCH32_SP_MAKE}
+ $(info Including ${AARCH32_SP_MAKE})
+ include ${AARCH32_SP_MAKE}
endif
endif #(ARCH=aarch32)
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index bb12d7d..69d3722 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -117,7 +117,8 @@
- ``ERRATA_A53_836870``: This applies errata 836870 workaround to Cortex-A53
CPU. This needs to be enabled only for revision <= r0p3 of the CPU. From
- r0p4 and onwards, this errata is enabled by default in hardware.
+ r0p4 and onwards, this errata is enabled by default in hardware. Identical to
+ ``A53_DISABLE_NON_TEMPORAL_HINT``.
- ``ERRATA_A53_843419``: This applies erratum 843419 workaround at link time
to Cortex-A53 CPU. This needs to be enabled for some variants of revision
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 71ec9b1..c50ed8e 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -7,10 +7,7 @@
This document provides a generic threat model for TF-A firmware.
-.. note::
-
- This threat model doesn't consider Root and Realm worlds introduced by
- :ref:`Realm Management Extension (RME)`.
+.. _Target of Evaluation:
********************
Target of Evaluation
@@ -36,33 +33,12 @@
- There is no Secure-EL2. We don't consider threats that may come with
Secure-EL2 software.
+- There are no Root and Realm worlds. These are introduced by :ref:`Realm
+ Management Extension (RME)`.
+
- No experimental features are enabled. We do not consider threats that may come
from them.
-.. note::
-
- In the current Measured Boot design, BL1, BL2, and BL31, as well as the
- secure world components, form the |SRTM|. Measurement data is currently
- considered an asset to be protected against attack, and this is achieved
- by storing them in the Secure Memory.
- Beyond the measurements stored inside the TCG-compliant Event Log buffer,
- there are no other assets to protect or threats to defend against that
- could compromise |TF-A| execution environment's security.
-
- There are general security assets and threats associated with remote/delegated
- attestation. However, these are outside the |TF-A| security boundary and
- should be dealt with by the appropriate agent in the platform/system.
- Since current Measured Boot design does not use local attestation, there would
- be no further assets to protect(like unsealed keys).
-
- A limitation of the current Measured Boot design is that it is dependent upon
- Secure Boot as implementation of Measured Boot does not extend measurements
- into a discrete |TPM|, where they would be securely stored and protected
- against tampering. This implies that if Secure-Boot is compromised, Measured
- Boot may also be compromised.
-
- Platforms must carefully evaluate the security of the default implementation
- since the |SRTM| includes all secure world components.
Data Flow Diagram
=================
@@ -286,201 +262,16 @@
Also, some mitigations require enabling specific features, which must be
explicitly turned on via a build flag.
-These are highlighted in the ``Mitigations implemented?`` box.
-
-+------------------------+----------------------------------------------------+
-| ID | 01 |
-+========================+====================================================+
-| Threat | | **An attacker can mangle firmware images to |
-| | execute arbitrary code** |
-| | |
-| | | Some TF-A images are loaded from external |
-| | storage. It is possible for an attacker to access|
-| | the external flash memory and change its contents|
-| | physically, through the Rich OS, or using the |
-| | updating mechanism to modify the non-volatile |
-| | images to execute arbitrary code. |
-+------------------------+----------------------------------------------------+
-| Diagram Elements | DF1, DF4, DF5 |
-+------------------------+----------------------------------------------------+
-| Affected TF-A | BL2, BL31 |
-| Components | |
-+------------------------+----------------------------------------------------+
-| Assets | Code Execution |
-+------------------------+----------------------------------------------------+
-| Threat Agent | PhysicalAccess, NSCode, SecCode |
-+------------------------+----------------------------------------------------+
-| Threat Type | Tampering, Elevation of Privilege |
-+------------------------+------------------+-----------------+---------------+
-| Application | Server | IoT | Mobile |
-+------------------------+------------------+-----------------+---------------+
-| Impact | Critical (5) | Critical (5) | Critical (5) |
-+------------------------+------------------+-----------------+---------------+
-| Likelihood | Critical (5) | Critical (5) | Critical (5) |
-+------------------------+------------------+-----------------+---------------+
-| Total Risk Rating | Critical (25) | Critical (25) | Critical (25) |
-+------------------------+------------------+-----------------+---------------+
-| Mitigations | | 1) Implement the `Trusted Board Boot (TBB)`_ |
-| | feature which prevents malicious firmware from |
-| | running on the platform by authenticating all |
-| | firmware images. |
-| | |
-| | | 2) Perform extra checks on unauthenticated data, |
-| | such as FIP metadata, prior to use. |
-+------------------------+----------------------------------------------------+
-| Mitigations | | 1) Yes, provided that the ``TRUSTED_BOARD_BOOT`` |
-| implemented? | build option is set to 1. |
-| | |
-| | | 2) Yes. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 02 |
-+========================+====================================================+
-| Threat | | **An attacker may attempt to boot outdated, |
-| | potentially vulnerable firmware image** |
-| | |
-| | | When updating firmware, an attacker may attempt |
-| | to rollback to an older version that has unfixed |
-| | vulnerabilities. |
-+------------------------+----------------------------------------------------+
-| Diagram Elements | DF1, DF4, DF5 |
-+------------------------+----------------------------------------------------+
-| Affected TF-A | BL2, BL31 |
-| Components | |
-+------------------------+----------------------------------------------------+
-| Assets | Code Execution |
-+------------------------+----------------------------------------------------+
-| Threat Agent | PhysicalAccess, NSCode, SecCode |
-+------------------------+----------------------------------------------------+
-| Threat Type | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| Application | Server | IoT | Mobile |
-+------------------------+------------------+-----------------+---------------+
-| Impact | Critical (5) | Critical (5) | Critical (5) |
-+------------------------+------------------+-----------------+---------------+
-| Likelihood | Critical (5) | Critical (5) | Critical (5) |
-+------------------------+------------------+-----------------+---------------+
-| Total Risk Rating | Critical (25) | Critical (25) | Critical (25) |
-+------------------------+------------------+-----------------+---------------+
-| Mitigations | Implement anti-rollback protection using |
-| | non-volatile counters (NV counters) as required |
-| | by `TBBR-Client specification`_. |
-+------------------------+----------------------------------------------------+
-| Mitigations | | Yes / Platform specific. |
-| implemented? | |
-| | | After a firmware image is validated, the image |
-| | revision number taken from a certificate |
-| | extension field is compared with the |
-| | corresponding NV counter stored in hardware to |
-| | make sure the new counter value is larger than |
-| | the current counter value. |
-| | |
-| | | **Platforms must implement this protection using |
-| | platform specific hardware NV counters.** |
-+------------------------+----------------------------------------------------+
+When such conditions must be met, these are highlighted in the ``Mitigations
+implemented?`` box.
-+------------------------+-------------------------------------------------------+
-| ID | 03 |
-+========================+=======================================================+
-| Threat | | **An attacker can use Time-of-Check-Time-of-Use |
-| | (TOCTOU) attack to bypass image authentication |
-| | during the boot process** |
-| | |
-| | | Time-of-Check-Time-of-Use (TOCTOU) threats occur |
-| | when the security check is produced before the time |
-| | the resource is accessed. If an attacker is sitting |
-| | in the middle of the off-chip images, they could |
-| | change the binary containing executable code right |
-| | after the integrity and authentication check has |
-| | been performed. |
-+------------------------+-------------------------------------------------------+
-| Diagram Elements | DF1 |
-+------------------------+-------------------------------------------------------+
-| Affected TF-A | BL1, BL2 |
-| Components | |
-+------------------------+-------------------------------------------------------+
-| Assets | Code Execution, Sensitive Data |
-+------------------------+-------------------------------------------------------+
-| Threat Agent | PhysicalAccess |
-+------------------------+-------------------------------------------------------+
-| Threat Type | Elevation of Privilege |
-+------------------------+---------------------+-----------------+---------------+
-| Application | Server | IoT | Mobile |
-+------------------------+---------------------+-----------------+---------------+
-| Impact | N/A | Critical (5) | Critical (5) |
-+------------------------+---------------------+-----------------+---------------+
-| Likelihood | N/A | Medium (3) | Medium (3) |
-+------------------------+---------------------+-----------------+---------------+
-| Total Risk Rating | N/A | High (15) | High (15) |
-+------------------------+---------------------+-----------------+---------------+
-| Mitigations | Copy image to on-chip memory before authenticating |
-| | it. |
-+------------------------+-------------------------------------------------------+
-| Mitigations | | Platform specific. |
-| implemented? | |
-| | | The list of images to load and their location is |
-| | platform specific. Platforms are responsible for |
-| | arranging images to be loaded in on-chip memory. |
-+------------------------+-------------------------------------------------------+
+As our :ref:`Target of Evaluation` is made of several, distinct firmware images,
+some threats are confined in specific images, while others apply to each of
+them. To help developers implement mitigations in the right place, threats below
+are categorized based on the firmware image that should mitigate them.
-+------------------------+-------------------------------------------------------+
-| ID | 04 |
-+========================+=======================================================+
-| Threat | | **An attacker with physical access can execute |
-| | arbitrary image by bypassing the signature |
-| | verification stage using glitching techniques** |
-| | |
-| | | Glitching (Fault injection) attacks attempt to put |
-| | a hardware into a undefined state by manipulating an|
-| | environmental variable such as power supply. |
-| | |
-| | | TF-A relies on a chain of trust that starts with the|
-| | ROTPK, which is the key stored inside the chip and |
-| | the root of all validation processes. If an attacker|
-| | can break this chain of trust, they could execute |
-| | arbitrary code on the device. This could be |
-| | achieved with physical access to the device by |
-| | attacking the normal execution flow of the |
-| | process using glitching techniques that target |
-| | points where the image is validated against the |
-| | signature. |
-+------------------------+-------------------------------------------------------+
-| Diagram Elements | DF1 |
-+------------------------+-------------------------------------------------------+
-| Affected TF-A | BL1, BL2 |
-| Components | |
-+------------------------+-------------------------------------------------------+
-| Assets | Code Execution |
-+------------------------+-------------------------------------------------------+
-| Threat Agent | PhysicalAccess |
-+------------------------+-------------------------------------------------------+
-| Threat Type | Tampering, Elevation of Privilege |
-+------------------------+---------------------+-----------------+---------------+
-| Application | Server | IoT | Mobile |
-+------------------------+---------------------+-----------------+---------------+
-| Impact | N/A | Critical (5) | Critical (5) |
-+------------------------+---------------------+-----------------+---------------+
-| Likelihood | N/A | Medium (3) | Medium (3) |
-+------------------------+---------------------+-----------------+---------------+
-| Total Risk Rating | N/A | High (15) | High (15) |
-+------------------------+---------------------+-----------------+---------------+
-| Mitigations | Mechanisms to detect clock glitch and power |
-| | variations. |
-+------------------------+-------------------------------------------------------+
-| Mitigations | | No. |
-| implemented? | |
-| | | The most effective mitigation is adding glitching |
-| | detection and mitigation circuit at the hardware |
-| | level. |
-| | |
-| | | However, software techniques, such as adding |
-| | redundant checks when performing conditional |
-| | branches that are security sensitive, can be used |
-| | to harden TF-A against such attacks. |
-| | **At the moment TF-A doesn't implement such |
-| | mitigations.** |
-+------------------------+-------------------------------------------------------+
+General Threats for All Firmware Images
+---------------------------------------
+------------------------+---------------------------------------------------+
| ID | 05 |
@@ -598,77 +389,34 @@
+------------------------+----------------------------------------------------+
+------------------------+------------------------------------------------------+
-| ID | 07 |
+| ID | 08 |
+========================+======================================================+
-| Threat | | **An attacker can perform a denial-of-service |
-| | attack by using a broken SMC call that causes the |
-| | system to reboot or enter into unknown state.** |
+| Threat | | **Memory corruption due to memory overflows and |
+| | lack of boundary checking when accessing resources |
+| | could allow an attacker to execute arbitrary code, |
+| | modify some state variable to change the normal |
+| | flow of the program, or leak sensitive |
+| | information** |
| | |
-| | | Secure and non-secure clients access TF-A services |
-| | through SMC calls. Malicious code can attempt to |
-| | place the TF-A runtime into an inconsistent state |
-| | by calling unimplemented SMC call or by passing |
-| | invalid arguments. |
+| | | Like in other software, TF-A has multiple points |
+| | where memory corruption security errors can arise. |
+| | |
+| | | Some of the errors include integer overflow, |
+| | buffer overflow, incorrect array boundary checks, |
+| | and incorrect error management. |
+| | Improper use of asserts instead of proper input |
+| | validations might also result in these kinds of |
+| | errors in release builds. |
+------------------------+------------------------------------------------------+
| Diagram Elements | DF4, DF5 |
+------------------------+------------------------------------------------------+
-| Affected TF-A | BL31 |
+| Affected TF-A | BL1, BL2, BL31 |
| Components | |
+------------------------+------------------------------------------------------+
-| Assets | Availability |
+| Assets | Code Execution, Sensitive Data |
+------------------------+------------------------------------------------------+
| Threat Agent | NSCode, SecCode |
+------------------------+------------------------------------------------------+
-| Threat Type | Denial of Service |
-+------------------------+-------------------+----------------+-----------------+
-| Application | Server | IoT | Mobile |
-+------------------------+-------------------+----------------+-----------------+
-| Impact | Medium (3) | Medium (3) | Medium (3) |
-+------------------------+-------------------+----------------+-----------------+
-| Likelihood | High (4) | High (4) | High (4) |
-+------------------------+-------------------+----------------+-----------------+
-| Total Risk Rating | High (12) | High (12) | High (12) |
-+------------------------+-------------------+----------------+-----------------+
-| Mitigations | Validate SMC function ids and arguments before using |
-| | them. |
-+------------------------+------------------------------------------------------+
-| Mitigations | | Yes / Platform specific. |
-| implemented? | |
-| | | For standard services, all input is validated. |
-| | |
-| | | Platforms that implement SiP services must also |
-| | validate SMC call arguments. |
-+------------------------+------------------------------------------------------+
-
-+------------------------+------------------------------------------------------+
-| ID | 08 |
-+========================+======================================================+
-| Threat | | **Memory corruption due to memory overflows and |
-| | lack of boundary checking when accessing resources |
-| | could allow an attacker to execute arbitrary code, |
-| | modify some state variable to change the normal |
-| | flow of the program, or leak sensitive |
-| | information** |
-| | |
-| | | Like in other software, TF-A has multiple points |
-| | where memory corruption security errors can arise. |
-| | |
-| | | Some of the errors include integer overflow, |
-| | buffer overflow, incorrect array boundary checks, |
-| | and incorrect error management. |
-| | Improper use of asserts instead of proper input |
-| | validations might also result in these kinds of |
-| | errors in release builds. |
-+------------------------+------------------------------------------------------+
-| Diagram Elements | DF4, DF5 |
-+------------------------+------------------------------------------------------+
-| Affected TF-A | BL1, BL2, BL31 |
-| Components | |
-+------------------------+------------------------------------------------------+
-| Assets | Code Execution, Sensitive Data |
-+------------------------+------------------------------------------------------+
-| Threat Agent | NSCode, SecCode |
-+------------------------+------------------------------------------------------+
| Threat Type | Tampering, Information Disclosure, |
| | Elevation of Privilege |
+------------------------+-------------------+-----------------+----------------+
@@ -712,6 +460,380 @@
| | platforms. |
+------------------------+------------------------------------------------------+
+
++------------------------+----------------------------------------------------+
+| ID | 11 |
++========================+====================================================+
+| Threat | | **Misconfiguration of the Memory Management Unit |
+| | (MMU) may allow a normal world software to |
+| | access sensitive data, execute arbitrary |
+| | code or access otherwise restricted HW |
+| | interface** |
+| | |
+| | | A misconfiguration of the MMU could |
+| | lead to an open door for software running in the |
+| | normal world to access sensitive data or even |
+| | execute code if the proper security mechanisms |
+| | are not in place. |
++------------------------+----------------------------------------------------+
+| Diagram Elements | DF5, DF6 |
++------------------------+----------------------------------------------------+
+| Affected TF-A | BL1, BL2, BL31 |
+| Components | |
++------------------------+----------------------------------------------------+
+| Assets | Sensitive Data, Code execution |
++------------------------+----------------------------------------------------+
+| Threat Agent | NSCode |
++------------------------+----------------------------------------------------+
+| Threat Type | Information Disclosure, Elevation of Privilege |
++------------------------+-----------------+-----------------+----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-----------------+-----------------+----------------+
+| Impact | Critical (5) | Critical (5) | Critical (5) |
++------------------------+-----------------+-----------------+----------------+
+| Likelihood | High (4) | High (4) | High (4) |
++------------------------+-----------------+-----------------+----------------+
+| Total Risk Rating | Critical (20) | Critical (20) | Critical (20) |
++------------------------+-----------------+-----------------+----------------+
+| Mitigations | When configuring access permissions, the |
+| | principle of least privilege ought to be |
+| | enforced. This means we should not grant more |
+| | privileges than strictly needed, e.g. code |
+| | should be read-only executable, read-only data |
+| | should be read-only execute-never, and so on. |
++------------------------+----------------------------------------------------+
+| Mitigations | | Platform specific. |
+| implemented? | |
+| | | MMU configuration is platform specific, |
+| | therefore platforms need to make sure that the |
+| | correct attributes are assigned to memory |
+| | regions. |
+| | |
+| | | TF-A provides a library which abstracts the |
+| | low-level details of MMU configuration. It |
+| | provides well-defined and tested APIs. |
+| | Platforms are encouraged to use it to limit the |
+| | risk of misconfiguration. |
++------------------------+----------------------------------------------------+
+
+
++------------------------+-----------------------------------------------------+
+| ID | 13 |
++========================+=====================================================+
+| Threat | | **Leaving sensitive information in the memory, |
+| | can allow an attacker to retrieve them.** |
+| | |
+| | | Accidentally leaving not-needed sensitive data in |
+| | internal buffers can leak them if an attacker |
+| | gains access to memory due to a vulnerability. |
++------------------------+-----------------------------------------------------+
+| Diagram Elements | DF4, DF5 |
++------------------------+-----------------------------------------------------+
+| Affected TF-A | BL1, BL2, BL31 |
+| Components | |
++------------------------+-----------------------------------------------------+
+| Assets | Sensitive Data |
++------------------------+-----------------------------------------------------+
+| Threat Agent | NSCode, SecCode |
++------------------------+-----------------------------------------------------+
+| Threat Type | Information Disclosure |
++------------------------+-------------------+----------------+----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-------------------+----------------+----------------+
+| Impact | Critical (5) | Critical (5) | Critical (5) |
++------------------------+-------------------+----------------+----------------+
+| Likelihood | Medium (3) | Medium (3) | Medium (3) |
++------------------------+-------------------+----------------+----------------+
+| Total Risk Rating | High (15) | High (15) | High (15) |
++------------------------+-------------------+----------------+----------------+
+| Mitigations | Clear the sensitive data from internal buffers as |
+| | soon as they are not needed anymore. |
++------------------------+-----------------------------------------------------+
+| Mitigations | | Yes / Platform specific |
++------------------------+-----------------------------------------------------+
+
+
+Threats to be Mitigated by the Boot Firmware
+--------------------------------------------
+
+The boot firmware here refers to the boot ROM (BL1) and the trusted boot
+firmware (BL2). Typically it does not stay resident in memory and it is
+dismissed once execution has reached the runtime EL3 firmware (BL31). Thus, past
+that point in time, the threats below can no longer be exploited.
+
+Note, however, that this is not necessarily true on all platforms. Platform
+vendors should review these threats to make sure they cannot be exploited
+nonetheless once execution has reached the runtime EL3 firmware.
+
++------------------------+----------------------------------------------------+
+| ID | 01 |
++========================+====================================================+
+| Threat | | **An attacker can mangle firmware images to |
+| | execute arbitrary code** |
+| | |
+| | | Some TF-A images are loaded from external |
+| | storage. It is possible for an attacker to access|
+| | the external flash memory and change its contents|
+| | physically, through the Rich OS, or using the |
+| | updating mechanism to modify the non-volatile |
+| | images to execute arbitrary code. |
++------------------------+----------------------------------------------------+
+| Diagram Elements | DF1, DF4, DF5 |
++------------------------+----------------------------------------------------+
+| Affected TF-A | BL2, BL31 |
+| Components | |
++------------------------+----------------------------------------------------+
+| Assets | Code Execution |
++------------------------+----------------------------------------------------+
+| Threat Agent | PhysicalAccess, NSCode, SecCode |
++------------------------+----------------------------------------------------+
+| Threat Type | Tampering, Elevation of Privilege |
++------------------------+------------------+-----------------+---------------+
+| Application | Server | IoT | Mobile |
++------------------------+------------------+-----------------+---------------+
+| Impact | Critical (5) | Critical (5) | Critical (5) |
++------------------------+------------------+-----------------+---------------+
+| Likelihood | Critical (5) | Critical (5) | Critical (5) |
++------------------------+------------------+-----------------+---------------+
+| Total Risk Rating | Critical (25) | Critical (25) | Critical (25) |
++------------------------+------------------+-----------------+---------------+
+| Mitigations | | 1) Implement the `Trusted Board Boot (TBB)`_ |
+| | feature which prevents malicious firmware from |
+| | running on the platform by authenticating all |
+| | firmware images. |
+| | |
+| | | 2) Perform extra checks on unauthenticated data, |
+| | such as FIP metadata, prior to use. |
++------------------------+----------------------------------------------------+
+| Mitigations | | 1) Yes, provided that the ``TRUSTED_BOARD_BOOT`` |
+| implemented? | build option is set to 1. |
+| | |
+| | | 2) Yes. |
++------------------------+----------------------------------------------------+
+
++------------------------+----------------------------------------------------+
+| ID | 02 |
++========================+====================================================+
+| Threat | | **An attacker may attempt to boot outdated, |
+| | potentially vulnerable firmware image** |
+| | |
+| | | When updating firmware, an attacker may attempt |
+| | to rollback to an older version that has unfixed |
+| | vulnerabilities. |
++------------------------+----------------------------------------------------+
+| Diagram Elements | DF1, DF4, DF5 |
++------------------------+----------------------------------------------------+
+| Affected TF-A | BL2, BL31 |
+| Components | |
++------------------------+----------------------------------------------------+
+| Assets | Code Execution |
++------------------------+----------------------------------------------------+
+| Threat Agent | PhysicalAccess, NSCode, SecCode |
++------------------------+----------------------------------------------------+
+| Threat Type | Tampering |
++------------------------+------------------+-----------------+---------------+
+| Application | Server | IoT | Mobile |
++------------------------+------------------+-----------------+---------------+
+| Impact | Critical (5) | Critical (5) | Critical (5) |
++------------------------+------------------+-----------------+---------------+
+| Likelihood | Critical (5) | Critical (5) | Critical (5) |
++------------------------+------------------+-----------------+---------------+
+| Total Risk Rating | Critical (25) | Critical (25) | Critical (25) |
++------------------------+------------------+-----------------+---------------+
+| Mitigations | Implement anti-rollback protection using |
+| | non-volatile counters (NV counters) as required |
+| | by `TBBR-Client specification`_. |
++------------------------+----------------------------------------------------+
+| Mitigations | | Yes / Platform specific. |
+| implemented? | |
+| | | After a firmware image is validated, the image |
+| | revision number taken from a certificate |
+| | extension field is compared with the |
+| | corresponding NV counter stored in hardware to |
+| | make sure the new counter value is larger than |
+| | the current counter value. |
+| | |
+| | | **Platforms must implement this protection using |
+| | platform specific hardware NV counters.** |
++------------------------+----------------------------------------------------+
+
+
++------------------------+-------------------------------------------------------+
+| ID | 03 |
++========================+=======================================================+
+| Threat | | **An attacker can use Time-of-Check-Time-of-Use |
+| | (TOCTOU) attack to bypass image authentication |
+| | during the boot process** |
+| | |
+| | | Time-of-Check-Time-of-Use (TOCTOU) threats occur |
+| | when the security check is produced before the time |
+| | the resource is accessed. If an attacker is sitting |
+| | in the middle of the off-chip images, they could |
+| | change the binary containing executable code right |
+| | after the integrity and authentication check has |
+| | been performed. |
++------------------------+-------------------------------------------------------+
+| Diagram Elements | DF1 |
++------------------------+-------------------------------------------------------+
+| Affected TF-A | BL1, BL2 |
+| Components | |
++------------------------+-------------------------------------------------------+
+| Assets | Code Execution, Sensitive Data |
++------------------------+-------------------------------------------------------+
+| Threat Agent | PhysicalAccess |
++------------------------+-------------------------------------------------------+
+| Threat Type | Elevation of Privilege |
++------------------------+---------------------+-----------------+---------------+
+| Application | Server | IoT | Mobile |
++------------------------+---------------------+-----------------+---------------+
+| Impact | N/A | Critical (5) | Critical (5) |
++------------------------+---------------------+-----------------+---------------+
+| Likelihood | N/A | Medium (3) | Medium (3) |
++------------------------+---------------------+-----------------+---------------+
+| Total Risk Rating | N/A | High (15) | High (15) |
++------------------------+---------------------+-----------------+---------------+
+| Mitigations | Copy image to on-chip memory before authenticating |
+| | it. |
++------------------------+-------------------------------------------------------+
+| Mitigations | | Platform specific. |
+| implemented? | |
+| | | The list of images to load and their location is |
+| | platform specific. Platforms are responsible for |
+| | arranging images to be loaded in on-chip memory. |
++------------------------+-------------------------------------------------------+
+
+
++------------------------+-------------------------------------------------------+
+| ID | 04 |
++========================+=======================================================+
+| Threat | | **An attacker with physical access can execute |
+| | arbitrary image by bypassing the signature |
+| | verification stage using glitching techniques** |
+| | |
+| | | Glitching (Fault injection) attacks attempt to put |
+| | a hardware into a undefined state by manipulating an|
+| | environmental variable such as power supply. |
+| | |
+| | | TF-A relies on a chain of trust that starts with the|
+| | ROTPK, which is the key stored inside the chip and |
+| | the root of all validation processes. If an attacker|
+| | can break this chain of trust, they could execute |
+| | arbitrary code on the device. This could be |
+| | achieved with physical access to the device by |
+| | attacking the normal execution flow of the |
+| | process using glitching techniques that target |
+| | points where the image is validated against the |
+| | signature. |
++------------------------+-------------------------------------------------------+
+| Diagram Elements | DF1 |
++------------------------+-------------------------------------------------------+
+| Affected TF-A | BL1, BL2 |
+| Components | |
++------------------------+-------------------------------------------------------+
+| Assets | Code Execution |
++------------------------+-------------------------------------------------------+
+| Threat Agent | PhysicalAccess |
++------------------------+-------------------------------------------------------+
+| Threat Type | Tampering, Elevation of Privilege |
++------------------------+---------------------+-----------------+---------------+
+| Application | Server | IoT | Mobile |
++------------------------+---------------------+-----------------+---------------+
+| Impact | N/A | Critical (5) | Critical (5) |
++------------------------+---------------------+-----------------+---------------+
+| Likelihood | N/A | Medium (3) | Medium (3) |
++------------------------+---------------------+-----------------+---------------+
+| Total Risk Rating | N/A | High (15) | High (15) |
++------------------------+---------------------+-----------------+---------------+
+| Mitigations | Mechanisms to detect clock glitch and power |
+| | variations. |
++------------------------+-------------------------------------------------------+
+| Mitigations | | No. |
+| implemented? | |
+| | | The most effective mitigation is adding glitching |
+| | detection and mitigation circuit at the hardware |
+| | level. |
+| | |
+| | | However, software techniques, such as adding |
+| | redundant checks when performing conditional |
+| | branches that are security sensitive, can be used |
+| | to harden TF-A against such attacks. |
+| | **At the moment TF-A doesn't implement such |
+| | mitigations.** |
++------------------------+-------------------------------------------------------+
+
+.. topic:: Measured Boot Threats (or lack of)
+
+ In the current Measured Boot design, BL1, BL2, and BL31, as well as the
+ secure world components, form the |SRTM|. Measurement data is currently
+ considered an asset to be protected against attack, and this is achieved
+ by storing them in the Secure Memory.
+ Beyond the measurements stored inside the TCG-compliant Event Log buffer,
+ there are no other assets to protect or threats to defend against that
+ could compromise |TF-A| execution environment's security.
+
+ There are general security assets and threats associated with remote/delegated
+ attestation. However, these are outside the |TF-A| security boundary and
+ should be dealt with by the appropriate agent in the platform/system.
+ Since current Measured Boot design does not use local attestation, there would
+ be no further assets to protect(like unsealed keys).
+
+ A limitation of the current Measured Boot design is that it is dependent upon
+ Secure Boot as implementation of Measured Boot does not extend measurements
+ into a discrete |TPM|, where they would be securely stored and protected
+ against tampering. This implies that if Secure-Boot is compromised, Measured
+ Boot may also be compromised.
+
+ Platforms must carefully evaluate the security of the default implementation
+ since the |SRTM| includes all secure world components.
+
+
+Threats to be Mitigated by the Runtime EL3 Firmware
+---------------------------------------------------
+
++------------------------+------------------------------------------------------+
+| ID | 07 |
++========================+======================================================+
+| Threat | | **An attacker can perform a denial-of-service |
+| | attack by using a broken SMC call that causes the |
+| | system to reboot or enter into unknown state.** |
+| | |
+| | | Secure and non-secure clients access TF-A services |
+| | through SMC calls. Malicious code can attempt to |
+| | place the TF-A runtime into an inconsistent state |
+| | by calling unimplemented SMC call or by passing |
+| | invalid arguments. |
++------------------------+------------------------------------------------------+
+| Diagram Elements | DF4, DF5 |
++------------------------+------------------------------------------------------+
+| Affected TF-A | BL31 |
+| Components | |
++------------------------+------------------------------------------------------+
+| Assets | Availability |
++------------------------+------------------------------------------------------+
+| Threat Agent | NSCode, SecCode |
++------------------------+------------------------------------------------------+
+| Threat Type | Denial of Service |
++------------------------+-------------------+----------------+-----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-------------------+----------------+-----------------+
+| Impact | Medium (3) | Medium (3) | Medium (3) |
++------------------------+-------------------+----------------+-----------------+
+| Likelihood | High (4) | High (4) | High (4) |
++------------------------+-------------------+----------------+-----------------+
+| Total Risk Rating | High (12) | High (12) | High (12) |
++------------------------+-------------------+----------------+-----------------+
+| Mitigations | Validate SMC function ids and arguments before using |
+| | them. |
++------------------------+------------------------------------------------------+
+| Mitigations | | Yes / Platform specific. |
+| implemented? | |
+| | | For standard services, all input is validated. |
+| | |
+| | | Platforms that implement SiP services must also |
+| | validate SMC call arguments. |
++------------------------+------------------------------------------------------+
+
+
+------------------------+------------------------------------------------------+
| ID | 09 |
+========================+======================================================+
@@ -795,60 +917,6 @@
| | attacks. |
+------------------------+-----------------------------------------------------+
-+------------------------+----------------------------------------------------+
-| ID | 11 |
-+========================+====================================================+
-| Threat | | **Misconfiguration of the Memory Management Unit |
-| | (MMU) may allow a normal world software to |
-| | access sensitive data, execute arbitrary |
-| | code or access otherwise restricted HW |
-| | interface** |
-| | |
-| | | A misconfiguration of the MMU could |
-| | lead to an open door for software running in the |
-| | normal world to access sensitive data or even |
-| | execute code if the proper security mechanisms |
-| | are not in place. |
-+------------------------+----------------------------------------------------+
-| Diagram Elements | DF5, DF6 |
-+------------------------+----------------------------------------------------+
-| Affected TF-A | BL1, BL2, BL31 |
-| Components | |
-+------------------------+----------------------------------------------------+
-| Assets | Sensitive Data, Code execution |
-+------------------------+----------------------------------------------------+
-| Threat Agent | NSCode |
-+------------------------+----------------------------------------------------+
-| Threat Type | Information Disclosure, Elevation of Privilege |
-+------------------------+-----------------+-----------------+----------------+
-| Application | Server | IoT | Mobile |
-+------------------------+-----------------+-----------------+----------------+
-| Impact | Critical (5) | Critical (5) | Critical (5) |
-+------------------------+-----------------+-----------------+----------------+
-| Likelihood | High (4) | High (4) | High (4) |
-+------------------------+-----------------+-----------------+----------------+
-| Total Risk Rating | Critical (20) | Critical (20) | Critical (20) |
-+------------------------+-----------------+-----------------+----------------+
-| Mitigations | When configuring access permissions, the |
-| | principle of least privilege ought to be |
-| | enforced. This means we should not grant more |
-| | privileges than strictly needed, e.g. code |
-| | should be read-only executable, read-only data |
-| | should be read-only execute-never, and so on. |
-+------------------------+----------------------------------------------------+
-| Mitigations | | Platform specific. |
-| implemented? | |
-| | | MMU configuration is platform specific, |
-| | therefore platforms need to make sure that the |
-| | correct attributes are assigned to memory |
-| | regions. |
-| | |
-| | | TF-A provides a library which abstracts the |
-| | low-level details of MMU configuration. It |
-| | provides well-defined and tested APIs. |
-| | Platforms are encouraged to use it to limit the |
-| | risk of misconfiguration. |
-+------------------------+----------------------------------------------------+
+------------------------+-----------------------------------------------------+
| ID | 12 |
@@ -905,40 +973,9 @@
| | mitigated. |
+------------------------+-----------------------------------------------------+
-+------------------------+-----------------------------------------------------+
-| ID | 13 |
-+========================+=====================================================+
-| Threat | | **Leaving sensitive information in the memory, |
-| | can allow an attacker to retrieve them.** |
-| | |
-| | | Accidentally leaving not-needed sensitive data in |
-| | internal buffers can leak them if an attacker |
-| | gains access to memory due to a vulnerability. |
-+------------------------+-----------------------------------------------------+
-| Diagram Elements | DF4, DF5 |
-+------------------------+-----------------------------------------------------+
-| Affected TF-A | BL1, BL2, BL31 |
-| Components | |
-+------------------------+-----------------------------------------------------+
-| Assets | Sensitive Data |
-+------------------------+-----------------------------------------------------+
-| Threat Agent | NSCode, SecCode |
-+------------------------+-----------------------------------------------------+
-| Threat Type | Information Disclosure |
-+------------------------+-------------------+----------------+----------------+
-| Application | Server | IoT | Mobile |
-+------------------------+-------------------+----------------+----------------+
-| Impact | Critical (5) | Critical (5) | Critical (5) |
-+------------------------+-------------------+----------------+----------------+
-| Likelihood | Medium (3) | Medium (3) | Medium (3) |
-+------------------------+-------------------+----------------+----------------+
-| Total Risk Rating | High (15) | High (15) | High (15) |
-+------------------------+-------------------+----------------+----------------+
-| Mitigations | Clear the sensitive data from internal buffers as |
-| | soon as they are not needed anymore. |
-+------------------------+-----------------------------------------------------+
-| Mitigations | | Yes / Platform specific |
-+------------------------+-----------------------------------------------------+
+
+Threats to be Mitigated by an External Agent Outside of TF-A
+------------------------------------------------------------
+------------------------+-----------------------------------------------------+
| ID | 14 |
diff --git a/drivers/ufs/ufs.c b/drivers/ufs/ufs.c
index b8137c2..5ba5eb0 100644
--- a/drivers/ufs/ufs.c
+++ b/drivers/ufs/ufs.c
@@ -540,6 +540,7 @@
query_upiu->trans_type = QUERY_REQUEST_UPIU;
query_upiu->task_tag = utrd->task_tag;
+ query_upiu->data_segment_len = htobe16(length);
query_upiu->ts.desc.opcode = op;
query_upiu->ts.desc.idn = idn;
query_upiu->ts.desc.index = index;
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index bc37c94..c10102a 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -437,6 +437,7 @@
#define ID_AA64PFR1_EL1_SME_SHIFT U(24)
#define ID_AA64PFR1_EL1_SME_MASK ULL(0xf)
+#define ID_AA64PFR1_EL1_SME_WIDTH U(4)
#define ID_AA64PFR1_EL1_SME_NOT_SUPPORTED ULL(0x0)
#define ID_AA64PFR1_EL1_SME_SUPPORTED ULL(0x1)
#define ID_AA64PFR1_EL1_SME2_SUPPORTED ULL(0x2)
@@ -1378,6 +1379,13 @@
#define HCRX_EL2_INIT_VAL ULL(0x0)
/*******************************************************************************
+ * FEAT_FGT - Definitions for Fine-Grained Trap registers
+ ******************************************************************************/
+#define HFGITR_EL2_INIT_VAL ULL(0x180000000000000)
+#define HFGRTR_EL2_INIT_VAL ULL(0xC4000000000000)
+#define HFGWTR_EL2_INIT_VAL ULL(0xC4000000000000)
+
+/*******************************************************************************
* FEAT_TCR2 - Extended Translation Control Register
******************************************************************************/
#define TCR2_EL2 S3_4_C2_C0_3
diff --git a/include/lib/cpus/aarch64/nevis.h b/include/lib/cpus/aarch64/nevis.h
new file mode 100644
index 0000000..7006a29
--- /dev/null
+++ b/include/lib/cpus/aarch64/nevis.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef NEVIS_H
+#define NEVIS_H
+
+#define NEVIS_MIDR U(0x410FD8A0)
+
+/*******************************************************************************
+ * CPU Extended Control register specific definitions
+ ******************************************************************************/
+#define NEVIS_CPUECTLR_EL1 S3_0_C15_C1_4
+
+/*******************************************************************************
+ * CPU Power Control register specific definitions
+ ******************************************************************************/
+#define NEVIS_IMP_CPUPWRCTLR_EL1 S3_0_C15_C2_7
+#define NEVIS_IMP_CPUPWRCTLR_EL1_CORE_PWRDN_EN_BIT U(1)
+
+#endif /* NEVIS_H */
diff --git a/lib/cpus/aarch32/cortex_a57.S b/lib/cpus/aarch32/cortex_a57.S
index 18ee1f9..1e5377b 100644
--- a/lib/cpus/aarch32/cortex_a57.S
+++ b/lib/cpus/aarch32/cortex_a57.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -86,6 +86,8 @@
b cpu_rev_var_ls
endfunc check_errata_806969
+add_erratum_entry cortex_a57, ERRATUM(806969), ERRATA_A57_806969
+
/* ---------------------------------------------------
* Errata Workaround for Cortex A57 Errata #813419.
* This applies only to revision r0p0 of Cortex A57.
@@ -101,6 +103,8 @@
bx lr
endfunc check_errata_813419
+add_erratum_entry cortex_a57, ERRATUM(813419), ERRATA_A57_813419
+
/* ---------------------------------------------------
* Errata Workaround for Cortex A57 Errata #813420.
* This applies only to revision r0p0 of Cortex A57.
@@ -130,6 +134,8 @@
b cpu_rev_var_ls
endfunc check_errata_813420
+add_erratum_entry cortex_a57, ERRATUM(813420), ERRATA_A57_813420
+
/* ---------------------------------------------------
* Errata Workaround for Cortex A57 Errata #814670.
* This applies only to revision r0p0 of Cortex A57.
@@ -159,6 +165,8 @@
b cpu_rev_var_ls
endfunc check_errata_814670
+add_erratum_entry cortex_a57, ERRATUM(814670), ERRATA_A57_814670
+
/* ----------------------------------------------------
* Errata Workaround for Cortex A57 Errata #817169.
* This applies only to revision <= r0p1 of Cortex A57.
@@ -173,6 +181,8 @@
bx lr
endfunc check_errata_817169
+add_erratum_entry cortex_a57, ERRATUM(817169), ERRATA_A57_817169
+
/* --------------------------------------------------------------------
* Disable the over-read from the LDNP instruction.
*
@@ -205,6 +215,8 @@
b cpu_rev_var_ls
endfunc check_errata_disable_ldnp_overread
+add_erratum_entry cortex_a57, ERRATUM(1), A57_DISABLE_NON_TEMPORAL_HINT, disable_ldnp_overread
+
/* ---------------------------------------------------
* Errata Workaround for Cortex A57 Errata #826974.
* This applies only to revision <= r1p1 of Cortex A57.
@@ -234,6 +246,8 @@
b cpu_rev_var_ls
endfunc check_errata_826974
+add_erratum_entry cortex_a57, ERRATUM(826974), ERRATA_A57_826974
+
/* ---------------------------------------------------
* Errata Workaround for Cortex A57 Errata #826977.
* This applies only to revision <= r1p1 of Cortex A57.
@@ -263,6 +277,8 @@
b cpu_rev_var_ls
endfunc check_errata_826977
+add_erratum_entry cortex_a57, ERRATUM(826977), ERRATA_A57_826977
+
/* ---------------------------------------------------
* Errata Workaround for Cortex A57 Errata #828024.
* This applies only to revision <= r1p1 of Cortex A57.
@@ -298,6 +314,8 @@
b cpu_rev_var_ls
endfunc check_errata_828024
+add_erratum_entry cortex_a57, ERRATUM(828024), ERRATA_A57_828024
+
/* ---------------------------------------------------
* Errata Workaround for Cortex A57 Errata #829520.
* This applies only to revision <= r1p2 of Cortex A57.
@@ -327,6 +345,8 @@
b cpu_rev_var_ls
endfunc check_errata_829520
+add_erratum_entry cortex_a57, ERRATUM(829520), ERRATA_A57_829520
+
/* ---------------------------------------------------
* Errata Workaround for Cortex A57 Errata #833471.
* This applies only to revision <= r1p2 of Cortex A57.
@@ -356,6 +376,8 @@
b cpu_rev_var_ls
endfunc check_errata_833471
+add_erratum_entry cortex_a57, ERRATUM(833471), ERRATA_A57_833471
+
/* ---------------------------------------------------
* Errata Workaround for Cortex A57 Errata #859972.
* This applies only to revision <= r1p3 of Cortex A57.
@@ -382,11 +404,15 @@
b cpu_rev_var_ls
endfunc check_errata_859972
+add_erratum_entry cortex_a57, ERRATUM(859972), ERRATA_A57_859972
+
func check_errata_cve_2017_5715
mov r0, #ERRATA_MISSING
bx lr
endfunc check_errata_cve_2017_5715
+add_erratum_entry cortex_a57, CVE(2017, 5715), WORKAROUND_CVE_2017_5715
+
func check_errata_cve_2018_3639
#if WORKAROUND_CVE_2018_3639
mov r0, #ERRATA_APPLIES
@@ -396,11 +422,15 @@
bx lr
endfunc check_errata_cve_2018_3639
+add_erratum_entry cortex_a57, CVE(2018, 3639), WORKAROUND_CVE_2018_3639
+
func check_errata_cve_2022_23960
mov r0, #ERRATA_MISSING
bx lr
endfunc check_errata_cve_2022_23960
+add_erratum_entry cortex_a57, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
+
/* -------------------------------------------------
* The CPU Ops reset function for Cortex-A57.
* Shall clobber: r0-r6
@@ -576,41 +606,7 @@
b cortex_a57_disable_ext_debug
endfunc cortex_a57_cluster_pwr_dwn
-#if REPORT_ERRATA
-/*
- * Errata printing function for Cortex A57. Must follow AAPCS.
- */
-func cortex_a57_errata_report
- push {r12, lr}
-
- bl cpu_get_rev_var
- mov r4, r0
-
- /*
- * Report all errata. The revision-variant information is passed to
- * checking functions of each errata.
- */
- report_errata ERRATA_A57_806969, cortex_a57, 806969
- report_errata ERRATA_A57_813419, cortex_a57, 813419
- report_errata ERRATA_A57_813420, cortex_a57, 813420
- report_errata ERRATA_A57_814670, cortex_a57, 814670
- report_errata ERRATA_A57_817169, cortex_a57, 817169
- report_errata A57_DISABLE_NON_TEMPORAL_HINT, cortex_a57, \
- disable_ldnp_overread
- report_errata ERRATA_A57_826974, cortex_a57, 826974
- report_errata ERRATA_A57_826977, cortex_a57, 826977
- report_errata ERRATA_A57_828024, cortex_a57, 828024
- report_errata ERRATA_A57_829520, cortex_a57, 829520
- report_errata ERRATA_A57_833471, cortex_a57, 833471
- report_errata ERRATA_A57_859972, cortex_a57, 859972
- report_errata WORKAROUND_CVE_2017_5715, cortex_a57, cve_2017_5715
- report_errata WORKAROUND_CVE_2018_3639, cortex_a57, cve_2018_3639
- report_errata WORKAROUND_CVE_2022_23960, cortex_a57, cve_2022_23960
-
- pop {r12, lr}
- bx lr
-endfunc cortex_a57_errata_report
-#endif
+errata_report_shim cortex_a57
declare_cpu_ops cortex_a57, CORTEX_A57_MIDR, \
cortex_a57_reset_func, \
diff --git a/lib/cpus/aarch64/cortex_a53.S b/lib/cpus/aarch64/cortex_a53.S
index ecaf422..e6fb08a 100644
--- a/lib/cpus/aarch64/cortex_a53.S
+++ b/lib/cpus/aarch64/cortex_a53.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,19 +12,12 @@
#include <plat_macros.S>
#include <lib/cpus/errata.h>
-#if A53_DISABLE_NON_TEMPORAL_HINT
-#undef ERRATA_A53_836870
-#define ERRATA_A53_836870 1
-#endif
-
/* ---------------------------------------------
* Disable L1 data cache and unified L2 cache
* ---------------------------------------------
*/
func cortex_a53_disable_dcache
- mrs x1, sctlr_el3
- bic x1, x1, #SCTLR_C_BIT
- msr sctlr_el3, x1
+ sysreg_bit_clear sctlr_el3, SCTLR_C_BIT
isb
ret
endfunc cortex_a53_disable_dcache
@@ -34,169 +27,38 @@
* ---------------------------------------------
*/
func cortex_a53_disable_smp
- mrs x0, CORTEX_A53_ECTLR_EL1
- bic x0, x0, #CORTEX_A53_ECTLR_SMP_BIT
- msr CORTEX_A53_ECTLR_EL1, x0
+ sysreg_bit_clear CORTEX_A53_ECTLR_EL1, CORTEX_A53_ECTLR_SMP_BIT
isb
dsb sy
ret
endfunc cortex_a53_disable_smp
- /* ---------------------------------------------------
- * Errata Workaround for Cortex A53 Errata #819472.
- * This applies only to revision <= r0p1 of Cortex A53.
- * Due to the nature of the errata it is applied unconditionally
- * when built in, report it as applicable in this case
- * ---------------------------------------------------
- */
-func check_errata_819472
-#if ERRATA_A53_819472
- mov x0, #ERRATA_APPLIES
- ret
-#else
- mov x1, #0x01
- b cpu_rev_var_ls
-#endif
-endfunc check_errata_819472
+/* Due to the nature of the errata it is applied unconditionally when chosen */
+check_erratum_ls cortex_a53, ERRATUM(819472), CPU_REV(0, 1)
+/* erratum workaround is interleaved with generic code */
+add_erratum_entry cortex_a53, ERRATUM(819472), ERRATUM_ALWAYS_CHOSEN, NO_APPLY_AT_RESET
- /* ---------------------------------------------------
- * Errata Workaround for Cortex A53 Errata #824069.
- * This applies only to revision <= r0p2 of Cortex A53.
- * Due to the nature of the errata it is applied unconditionally
- * when built in, report it as applicable in this case
- * ---------------------------------------------------
- */
-func check_errata_824069
-#if ERRATA_A53_824069
- mov x0, #ERRATA_APPLIES
- ret
-#else
- mov x1, #0x02
- b cpu_rev_var_ls
-#endif
-endfunc check_errata_824069
+/* Due to the nature of the errata it is applied unconditionally when chosen */
+check_erratum_ls cortex_a53, ERRATUM(824069), CPU_REV(0, 2)
+/* erratum workaround is interleaved with generic code */
+add_erratum_entry cortex_a53, ERRATUM(824069), ERRATUM_ALWAYS_CHOSEN, NO_APPLY_AT_RESET
- /* --------------------------------------------------
- * Errata Workaround for Cortex A53 Errata #826319.
- * This applies only to revision <= r0p2 of Cortex A53.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * --------------------------------------------------
- */
-func errata_a53_826319_wa
- /*
- * Compare x0 against revision r0p2
- */
- mov x17, x30
- bl check_errata_826319
- cbz x0, 1f
+workaround_reset_start cortex_a53, ERRATUM(826319), ERRATA_A53_826319
mrs x1, CORTEX_A53_L2ACTLR_EL1
bic x1, x1, #CORTEX_A53_L2ACTLR_ENABLE_UNIQUECLEAN
orr x1, x1, #CORTEX_A53_L2ACTLR_DISABLE_CLEAN_PUSH
msr CORTEX_A53_L2ACTLR_EL1, x1
-1:
- ret x17
-endfunc errata_a53_826319_wa
-
-func check_errata_826319
- mov x1, #0x02
- b cpu_rev_var_ls
-endfunc check_errata_826319
-
- /* ---------------------------------------------------
- * Errata Workaround for Cortex A53 Errata #827319.
- * This applies only to revision <= r0p2 of Cortex A53.
- * Due to the nature of the errata it is applied unconditionally
- * when built in, report it as applicable in this case
- * ---------------------------------------------------
- */
-func check_errata_827319
-#if ERRATA_A53_827319
- mov x0, #ERRATA_APPLIES
- ret
-#else
- mov x1, #0x02
- b cpu_rev_var_ls
-#endif
-endfunc check_errata_827319
-
- /* ---------------------------------------------------------------------
- * Disable the cache non-temporal hint.
- *
- * This ignores the Transient allocation hint in the MAIR and treats
- * allocations the same as non-transient allocation types. As a result,
- * the LDNP and STNP instructions in AArch64 behave the same as the
- * equivalent LDP and STP instructions.
- *
- * This is relevant only for revisions <= r0p3 of Cortex-A53.
- * From r0p4 and onwards, the bit to disable the hint is enabled by
- * default at reset.
- *
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * ---------------------------------------------------------------------
- */
-func a53_disable_non_temporal_hint
- /*
- * Compare x0 against revision r0p3
- */
- mov x17, x30
- bl check_errata_disable_non_temporal_hint
- cbz x0, 1f
- mrs x1, CORTEX_A53_CPUACTLR_EL1
- orr x1, x1, #CORTEX_A53_CPUACTLR_EL1_DTAH
- msr CORTEX_A53_CPUACTLR_EL1, x1
-1:
- ret x17
-endfunc a53_disable_non_temporal_hint
-
-func check_errata_disable_non_temporal_hint
- mov x1, #0x03
- b cpu_rev_var_ls
-endfunc check_errata_disable_non_temporal_hint
-
- /* --------------------------------------------------
- * Errata Workaround for Cortex A53 Errata #855873.
- *
- * This applies only to revisions >= r0p3 of Cortex A53.
- * Earlier revisions of the core are affected as well, but don't
- * have the chicken bit in the CPUACTLR register. It is expected that
- * the rich OS takes care of that, especially as the workaround is
- * shared with other erratas in those revisions of the CPU.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * --------------------------------------------------
- */
-func errata_a53_855873_wa
- /*
- * Compare x0 against revision r0p3 and higher
- */
- mov x17, x30
- bl check_errata_855873
- cbz x0, 1f
+workaround_reset_end cortex_a53, ERRATUM(826319)
- mrs x1, CORTEX_A53_CPUACTLR_EL1
- orr x1, x1, #CORTEX_A53_CPUACTLR_EL1_ENDCCASCI
- msr CORTEX_A53_CPUACTLR_EL1, x1
-1:
- ret x17
-endfunc errata_a53_855873_wa
+check_erratum_ls cortex_a53, ERRATUM(826319), CPU_REV(0, 2)
-func check_errata_855873
- mov x1, #0x03
- b cpu_rev_var_hs
-endfunc check_errata_855873
+/* Due to the nature of the errata it is applied unconditionally when chosen */
+check_erratum_ls cortex_a53, ERRATUM(827319), CPU_REV(0, 2)
+/* erratum workaround is interleaved with generic code */
+add_erratum_entry cortex_a53, ERRATUM(827319), ERRATUM_ALWAYS_CHOSEN, NO_APPLY_AT_RESET
-/*
- * Errata workaround for Cortex A53 Errata #835769.
- * This applies to revisions <= r0p4 of Cortex A53.
- * This workaround is statically enabled at build time.
- */
-func check_errata_835769
- cmp x0, #0x04
+check_erratum_custom_start cortex_a53, ERRATUM(835769)
+ cmp x0, CPU_REV(0, 4)
b.hi errata_not_applies
/*
* Fix potentially available for revisions r0p2, r0p3 and r0p4.
@@ -213,17 +75,29 @@
mov x0, #ERRATA_NOT_APPLIES
exit_check_errata_835769:
ret
-endfunc check_errata_835769
+check_erratum_custom_end cortex_a53, ERRATUM(835769)
-/*
- * Errata workaround for Cortex A53 Errata #843419.
- * This applies to revisions <= r0p4 of Cortex A53.
- * This workaround is statically enabled at build time.
- */
-func check_errata_843419
+/* workaround at build time */
+add_erratum_entry cortex_a53, ERRATUM(835769), ERRATA_A53_835769, NO_APPLY_AT_RESET
+
+ /*
+ * Disable the cache non-temporal hint.
+ *
+ * This ignores the Transient allocation hint in the MAIR and treats
+ * allocations the same as non-transient allocation types. As a result,
+ * the LDNP and STNP instructions in AArch64 behave the same as the
+ * equivalent LDP and STP instructions.
+ */
+workaround_reset_start cortex_a53, ERRATUM(836870), ERRATA_A53_836870 | A53_DISABLE_NON_TEMPORAL_HINT
+ sysreg_bit_set CORTEX_A53_CPUACTLR_EL1, CORTEX_A53_CPUACTLR_EL1_DTAH
+workaround_reset_end cortex_a53, ERRATUM(836870)
+
+check_erratum_ls cortex_a53, ERRATUM(836870), CPU_REV(0, 3)
+
+check_erratum_custom_start cortex_a53, ERRATUM(843419)
mov x1, #ERRATA_APPLIES
mov x2, #ERRATA_NOT_APPLIES
- cmp x0, #0x04
+ cmp x0, CPU_REV(0, 4)
csel x0, x1, x2, ls
/*
* Fix potentially available for revision r0p4.
@@ -237,58 +111,32 @@
mov x0, x2
exit_check_errata_843419:
ret
-endfunc check_errata_843419
+check_erratum_custom_end cortex_a53, ERRATUM(843419)
- /* --------------------------------------------------
- * Errata workaround for Cortex A53 Errata #1530924.
- * This applies to all revisions of Cortex A53.
- * --------------------------------------------------
- */
-func check_errata_1530924
-#if ERRATA_A53_1530924
- mov x0, #ERRATA_APPLIES
-#else
- mov x0, #ERRATA_MISSING
-#endif
- ret
-endfunc check_errata_1530924
+/* workaround at build time */
+add_erratum_entry cortex_a53, ERRATUM(843419), ERRATA_A53_843419, NO_APPLY_AT_RESET
- /* -------------------------------------------------
- * The CPU Ops reset function for Cortex-A53.
- * Shall clobber: x0-x19
- * -------------------------------------------------
+ /*
+ * Earlier revisions of the core are affected as well, but don't
+ * have the chicken bit in the CPUACTLR register. It is expected that
+ * the rich OS takes care of that, especially as the workaround is
+ * shared with other erratas in those revisions of the CPU.
*/
-func cortex_a53_reset_func
- mov x19, x30
- bl cpu_get_rev_var
- mov x18, x0
+workaround_reset_start cortex_a53, ERRATUM(855873), ERRATA_A53_855873
+ sysreg_bit_set CORTEX_A53_CPUACTLR_EL1, CORTEX_A53_CPUACTLR_EL1_ENDCCASCI
+workaround_reset_end cortex_a53, ERRATUM(855873)
+check_erratum_hs cortex_a53, ERRATUM(855873), CPU_REV(0, 3)
-#if ERRATA_A53_826319
- mov x0, x18
- bl errata_a53_826319_wa
-#endif
+check_erratum_chosen cortex_a53, ERRATUM(1530924), ERRATA_A53_1530924
-#if ERRATA_A53_836870
- mov x0, x18
- bl a53_disable_non_temporal_hint
-#endif
+/* erratum has no workaround in the cpu. Generic code must take care */
+add_erratum_entry cortex_a53, ERRATUM(1530924), ERRATA_A53_1530924, NO_APPLY_AT_RESET
-#if ERRATA_A53_855873
- mov x0, x18
- bl errata_a53_855873_wa
-#endif
-
- /* ---------------------------------------------
- * Enable the SMP bit.
- * ---------------------------------------------
- */
- mrs x0, CORTEX_A53_ECTLR_EL1
- orr x0, x0, #CORTEX_A53_ECTLR_SMP_BIT
- msr CORTEX_A53_ECTLR_EL1, x0
- isb
- ret x19
-endfunc cortex_a53_reset_func
+cpu_reset_func_start cortex_a53
+ /* Enable the SMP bit. */
+ sysreg_bit_set CORTEX_A53_ECTLR_EL1, CORTEX_A53_ECTLR_SMP_BIT
+cpu_reset_func_end cortex_a53
func cortex_a53_core_pwr_dwn
mov x18, x30
@@ -351,34 +199,7 @@
b cortex_a53_disable_smp
endfunc cortex_a53_cluster_pwr_dwn
-#if REPORT_ERRATA
-/*
- * Errata printing function for Cortex A53. Must follow AAPCS.
- */
-func cortex_a53_errata_report
- stp x8, x30, [sp, #-16]!
-
- bl cpu_get_rev_var
- mov x8, x0
-
- /*
- * Report all errata. The revision-variant information is passed to
- * checking functions of each errata.
- */
- report_errata ERRATA_A53_819472, cortex_a53, 819472
- report_errata ERRATA_A53_824069, cortex_a53, 824069
- report_errata ERRATA_A53_826319, cortex_a53, 826319
- report_errata ERRATA_A53_827319, cortex_a53, 827319
- report_errata ERRATA_A53_835769, cortex_a53, 835769
- report_errata ERRATA_A53_836870, cortex_a53, disable_non_temporal_hint
- report_errata ERRATA_A53_843419, cortex_a53, 843419
- report_errata ERRATA_A53_855873, cortex_a53, 855873
- report_errata ERRATA_A53_1530924, cortex_a53, 1530924
-
- ldp x8, x30, [sp], #16
- ret
-endfunc cortex_a53_errata_report
-#endif
+errata_report_shim cortex_a53
/* ---------------------------------------------
* This function provides cortex_a53 specific
diff --git a/lib/cpus/aarch64/cortex_a57.S b/lib/cpus/aarch64/cortex_a57.S
index 3766ec7..8fafaca 100644
--- a/lib/cpus/aarch64/cortex_a57.S
+++ b/lib/cpus/aarch64/cortex_a57.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -18,9 +18,7 @@
* ---------------------------------------------
*/
func cortex_a57_disable_dcache
- mrs x1, sctlr_el3
- bic x1, x1, #SCTLR_C_BIT
- msr sctlr_el3, x1
+ sysreg_bit_clear sctlr_el3, SCTLR_C_BIT
isb
ret
endfunc cortex_a57_disable_dcache
@@ -46,9 +44,7 @@
* ---------------------------------------------
*/
func cortex_a57_disable_smp
- mrs x0, CORTEX_A57_ECTLR_EL1
- bic x0, x0, #CORTEX_A57_ECTLR_SMP_BIT
- msr CORTEX_A57_ECTLR_EL1, x0
+ sysreg_bit_clear CORTEX_A57_ECTLR_EL1, CORTEX_A57_ECTLR_SMP_BIT
ret
endfunc cortex_a57_disable_smp
@@ -60,227 +56,66 @@
mov x0, #1
msr osdlr_el1, x0
isb
-#if ERRATA_A57_817169
- /*
- * Invalidate any TLB address
- */
- mov x0, #0
- tlbi vae3, x0
-#endif
+
+ apply_erratum cortex_a57, ERRATUM(817169), ERRATA_A57_817169
+
dsb sy
ret
endfunc cortex_a57_disable_ext_debug
- /* --------------------------------------------------
- * Errata Workaround for Cortex A57 Errata #806969.
- * This applies only to revision r0p0 of Cortex A57.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * --------------------------------------------------
- */
-func errata_a57_806969_wa
- /*
- * Compare x0 against revision r0p0
- */
- mov x17, x30
- bl check_errata_806969
- cbz x0, 1f
- mrs x1, CORTEX_A57_CPUACTLR_EL1
- orr x1, x1, #CORTEX_A57_CPUACTLR_EL1_NO_ALLOC_WBWA
- msr CORTEX_A57_CPUACTLR_EL1, x1
-1:
- ret x17
-endfunc errata_a57_806969_wa
+/*
+ * Disable the over-read from the LDNP/STNP instruction. The SDEN doesn't
+ * provide and erratum number, so assign it an obvious 1
+ */
+workaround_reset_start cortex_a57, ERRATUM(1), A57_DISABLE_NON_TEMPORAL_HINT
+ sysreg_bit_set CORTEX_A57_CPUACTLR_EL1, CORTEX_A57_CPUACTLR_EL1_DIS_OVERREAD
+workaround_reset_end cortex_a57, ERRATUM(1)
-func check_errata_806969
- mov x1, #0x00
- b cpu_rev_var_ls
-endfunc check_errata_806969
+check_erratum_ls cortex_a57, ERRATUM(1), CPU_REV(1, 2)
- /* ---------------------------------------------------
- * Errata Workaround for Cortex A57 Errata #813419.
- * This applies only to revision r0p0 of Cortex A57.
- * ---------------------------------------------------
- */
-func check_errata_813419
- /*
- * Even though this is only needed for revision r0p0, it
- * is always applied due to limitations of the current
- * errata framework.
- */
- mov x0, #ERRATA_APPLIES
- ret
-endfunc check_errata_813419
+workaround_reset_start cortex_a57, ERRATUM(806969), ERRATA_A57_806969
+ sysreg_bit_set CORTEX_A57_CPUACTLR_EL1, CORTEX_A57_CPUACTLR_EL1_NO_ALLOC_WBWA
+workaround_reset_end cortex_a57, ERRATUM(806969)
- /* ---------------------------------------------------
- * Errata Workaround for Cortex A57 Errata #813420.
- * This applies only to revision r0p0 of Cortex A57.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * ---------------------------------------------------
- */
-func errata_a57_813420_wa
- /*
- * Compare x0 against revision r0p0
- */
- mov x17, x30
- bl check_errata_813420
- cbz x0, 1f
- mrs x1, CORTEX_A57_CPUACTLR_EL1
- orr x1, x1, #CORTEX_A57_CPUACTLR_EL1_DCC_AS_DCCI
- msr CORTEX_A57_CPUACTLR_EL1, x1
-1:
- ret x17
-endfunc errata_a57_813420_wa
+check_erratum_ls cortex_a57, ERRATUM(806969), CPU_REV(0, 0)
-func check_errata_813420
- mov x1, #0x00
- b cpu_rev_var_ls
-endfunc check_errata_813420
+/* erratum always worked around, but report it correctly */
+check_erratum_ls cortex_a57, ERRATUM(813419), CPU_REV(0, 0)
+add_erratum_entry cortex_a57, ERRATUM(813419), ERRATUM_ALWAYS_CHOSEN, NO_APPLY_AT_RESET
- /* ---------------------------------------------------
- * Errata Workaround for Cortex A57 Errata #814670.
- * This applies only to revision r0p0 of Cortex A57.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * ---------------------------------------------------
- */
-func errata_a57_814670_wa
- /*
- * Compare x0 against revision r0p0
- */
- mov x17, x30
- bl check_errata_814670
- cbz x0, 1f
- mrs x1, CORTEX_A57_CPUACTLR_EL1
- orr x1, x1, #CORTEX_A57_CPUACTLR_EL1_DIS_DMB_NULLIFICATION
- msr CORTEX_A57_CPUACTLR_EL1, x1
- isb
-1:
- ret x17
-endfunc errata_a57_814670_wa
+workaround_reset_start cortex_a57, ERRATUM(813420), ERRATA_A57_813420
+ sysreg_bit_set CORTEX_A57_CPUACTLR_EL1, CORTEX_A57_CPUACTLR_EL1_DCC_AS_DCCI
+workaround_reset_end cortex_a57, ERRATUM(813420)
-func check_errata_814670
- mov x1, #0x00
- b cpu_rev_var_ls
-endfunc check_errata_814670
+check_erratum_ls cortex_a57, ERRATUM(813420), CPU_REV(0, 0)
- /* ----------------------------------------------------
- * Errata Workaround for Cortex A57 Errata #817169.
- * This applies only to revision <= r0p1 of Cortex A57.
- * ----------------------------------------------------
- */
-func check_errata_817169
- /*
- * Even though this is only needed for revision <= r0p1, it
- * is always applied because of the low cost of the workaround.
- */
- mov x0, #ERRATA_APPLIES
- ret
-endfunc check_errata_817169
+workaround_reset_start cortex_a57, ERRATUM(814670), ERRATA_A57_814670
+ sysreg_bit_set CORTEX_A57_CPUACTLR_EL1, CORTEX_A57_CPUACTLR_EL1_DIS_DMB_NULLIFICATION
+workaround_reset_end cortex_a57, ERRATUM(814670)
- /* --------------------------------------------------------------------
- * Disable the over-read from the LDNP instruction.
- *
- * This applies to all revisions <= r1p2. The performance degradation
- * observed with LDNP/STNP has been fixed on r1p3 and onwards.
- *
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * ---------------------------------------------------------------------
- */
-func a57_disable_ldnp_overread
- /*
- * Compare x0 against revision r1p2
- */
- mov x17, x30
- bl check_errata_disable_ldnp_overread
- cbz x0, 1f
- mrs x1, CORTEX_A57_CPUACTLR_EL1
- orr x1, x1, #CORTEX_A57_CPUACTLR_EL1_DIS_OVERREAD
- msr CORTEX_A57_CPUACTLR_EL1, x1
-1:
- ret x17
-endfunc a57_disable_ldnp_overread
+check_erratum_ls cortex_a57, ERRATUM(814670), CPU_REV(0, 0)
-func check_errata_disable_ldnp_overread
- mov x1, #0x12
- b cpu_rev_var_ls
-endfunc check_errata_disable_ldnp_overread
+workaround_runtime_start cortex_a57, ERRATUM(817169), ERRATA_A57_817169, CORTEX_A57_MIDR
+ /* Invalidate any TLB address */
+ mov x0, #0
+ tlbi vae3, x0
+workaround_runtime_end cortex_a57, ERRATUM(817169), NO_ISB
- /* ---------------------------------------------------
- * Errata Workaround for Cortex A57 Errata #826974.
- * This applies only to revision <= r1p1 of Cortex A57.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * ---------------------------------------------------
- */
-func errata_a57_826974_wa
- /*
- * Compare x0 against revision r1p1
- */
- mov x17, x30
- bl check_errata_826974
- cbz x0, 1f
- mrs x1, CORTEX_A57_CPUACTLR_EL1
- orr x1, x1, #CORTEX_A57_CPUACTLR_EL1_DIS_LOAD_PASS_DMB
- msr CORTEX_A57_CPUACTLR_EL1, x1
-1:
- ret x17
-endfunc errata_a57_826974_wa
+check_erratum_ls cortex_a57, ERRATUM(817169), CPU_REV(0, 1)
-func check_errata_826974
- mov x1, #0x11
- b cpu_rev_var_ls
-endfunc check_errata_826974
+workaround_reset_start cortex_a57, ERRATUM(826974), ERRATA_A57_826974
+ sysreg_bit_set CORTEX_A57_CPUACTLR_EL1, CORTEX_A57_CPUACTLR_EL1_DIS_LOAD_PASS_DMB
+workaround_reset_end cortex_a57, ERRATUM(826974)
- /* ---------------------------------------------------
- * Errata Workaround for Cortex A57 Errata #826977.
- * This applies only to revision <= r1p1 of Cortex A57.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * ---------------------------------------------------
- */
-func errata_a57_826977_wa
- /*
- * Compare x0 against revision r1p1
- */
- mov x17, x30
- bl check_errata_826977
- cbz x0, 1f
- mrs x1, CORTEX_A57_CPUACTLR_EL1
- orr x1, x1, #CORTEX_A57_CPUACTLR_EL1_GRE_NGRE_AS_NGNRE
- msr CORTEX_A57_CPUACTLR_EL1, x1
-1:
- ret x17
-endfunc errata_a57_826977_wa
+check_erratum_ls cortex_a57, ERRATUM(826974), CPU_REV(1, 1)
-func check_errata_826977
- mov x1, #0x11
- b cpu_rev_var_ls
-endfunc check_errata_826977
+workaround_reset_start cortex_a57, ERRATUM(826977), ERRATA_A57_826977
+ sysreg_bit_set CORTEX_A57_CPUACTLR_EL1, CORTEX_A57_CPUACTLR_EL1_GRE_NGRE_AS_NGNRE
+workaround_reset_end cortex_a57, ERRATUM(826977)
- /* ---------------------------------------------------
- * Errata Workaround for Cortex A57 Errata #828024.
- * This applies only to revision <= r1p1 of Cortex A57.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * ---------------------------------------------------
- */
-func errata_a57_828024_wa
- /*
- * Compare x0 against revision r1p1
- */
- mov x17, x30
- bl check_errata_828024
- cbz x0, 1f
+check_erratum_ls cortex_a57, ERRATUM(826977), CPU_REV(1, 1)
+
+workaround_reset_start cortex_a57, ERRATUM(828024), ERRATA_A57_828024
mrs x1, CORTEX_A57_CPUACTLR_EL1
/*
* Setting the relevant bits in CPUACTLR_EL1 has to be done in 2
@@ -291,234 +126,64 @@
orr x1, x1, #(CORTEX_A57_CPUACTLR_EL1_DIS_L1_STREAMING | \
CORTEX_A57_CPUACTLR_EL1_DIS_STREAMING)
msr CORTEX_A57_CPUACTLR_EL1, x1
-1:
- ret x17
-endfunc errata_a57_828024_wa
-
-func check_errata_828024
- mov x1, #0x11
- b cpu_rev_var_ls
-endfunc check_errata_828024
-
- /* ---------------------------------------------------
- * Errata Workaround for Cortex A57 Errata #829520.
- * This applies only to revision <= r1p2 of Cortex A57.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * ---------------------------------------------------
- */
-func errata_a57_829520_wa
- /*
- * Compare x0 against revision r1p2
- */
- mov x17, x30
- bl check_errata_829520
- cbz x0, 1f
- mrs x1, CORTEX_A57_CPUACTLR_EL1
- orr x1, x1, #CORTEX_A57_CPUACTLR_EL1_DIS_INDIRECT_PREDICTOR
- msr CORTEX_A57_CPUACTLR_EL1, x1
-1:
- ret x17
-endfunc errata_a57_829520_wa
-
-func check_errata_829520
- mov x1, #0x12
- b cpu_rev_var_ls
-endfunc check_errata_829520
-
- /* ---------------------------------------------------
- * Errata Workaround for Cortex A57 Errata #833471.
- * This applies only to revision <= r1p2 of Cortex A57.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * ---------------------------------------------------
- */
-func errata_a57_833471_wa
- /*
- * Compare x0 against revision r1p2
- */
- mov x17, x30
- bl check_errata_833471
- cbz x0, 1f
- mrs x1, CORTEX_A57_CPUACTLR_EL1
- orr x1, x1, #CORTEX_A57_CPUACTLR_EL1_FORCE_FPSCR_FLUSH
- msr CORTEX_A57_CPUACTLR_EL1, x1
-1:
- ret x17
-endfunc errata_a57_833471_wa
-
-func check_errata_833471
- mov x1, #0x12
- b cpu_rev_var_ls
-endfunc check_errata_833471
-
- /* --------------------------------------------------
- * Errata Workaround for Cortex A57 Errata #859972.
- * This applies only to revision <= r1p3 of Cortex A57.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber:
- * --------------------------------------------------
- */
-func errata_a57_859972_wa
- mov x17, x30
- bl check_errata_859972
- cbz x0, 1f
- mrs x1, CORTEX_A57_CPUACTLR_EL1
- orr x1, x1, #CORTEX_A57_CPUACTLR_EL1_DIS_INSTR_PREFETCH
- msr CORTEX_A57_CPUACTLR_EL1, x1
-1:
- ret x17
-endfunc errata_a57_859972_wa
-
-func check_errata_859972
- mov x1, #0x13
- b cpu_rev_var_ls
-endfunc check_errata_859972
-
-func check_errata_cve_2017_5715
-#if WORKAROUND_CVE_2017_5715
- mov x0, #ERRATA_APPLIES
-#else
- mov x0, #ERRATA_MISSING
-#endif
- ret
-endfunc check_errata_cve_2017_5715
+workaround_reset_end cortex_a57, ERRATUM(828024)
-func check_errata_cve_2018_3639
-#if WORKAROUND_CVE_2018_3639
- mov x0, #ERRATA_APPLIES
-#else
- mov x0, #ERRATA_MISSING
-#endif
- ret
-endfunc check_errata_cve_2018_3639
+check_erratum_ls cortex_a57, ERRATUM(828024), CPU_REV(1, 1)
- /* --------------------------------------------------
- * Errata workaround for Cortex A57 Errata #1319537.
- * This applies to all revisions of Cortex A57.
- * --------------------------------------------------
- */
-func check_errata_1319537
-#if ERRATA_A57_1319537
- mov x0, #ERRATA_APPLIES
-#else
- mov x0, #ERRATA_MISSING
-#endif
- ret
-endfunc check_errata_1319537
+workaround_reset_start cortex_a57, ERRATUM(829520), ERRATA_A57_829520
+ sysreg_bit_set CORTEX_A57_CPUACTLR_EL1, CORTEX_A57_CPUACTLR_EL1_DIS_INDIRECT_PREDICTOR
+workaround_reset_end cortex_a57, ERRATUM(829520)
- /* -------------------------------------------------
- * The CPU Ops reset function for Cortex-A57.
- * Shall clobber: x0-x19
- * -------------------------------------------------
- */
-func cortex_a57_reset_func
- mov x19, x30
- bl cpu_get_rev_var
- mov x18, x0
+check_erratum_ls cortex_a57, ERRATUM(829520), CPU_REV(1, 2)
-#if ERRATA_A57_806969
- mov x0, x18
- bl errata_a57_806969_wa
-#endif
+workaround_reset_start cortex_a57, ERRATUM(833471), ERRATA_A57_833471
+ sysreg_bit_set CORTEX_A57_CPUACTLR_EL1, CORTEX_A57_CPUACTLR_EL1_FORCE_FPSCR_FLUSH
+workaround_reset_end cortex_a57, ERRATUM(833471)
-#if ERRATA_A57_813420
- mov x0, x18
- bl errata_a57_813420_wa
-#endif
+check_erratum_ls cortex_a57, ERRATUM(833471), CPU_REV(1, 2)
-#if ERRATA_A57_814670
- mov x0, x18
- bl errata_a57_814670_wa
-#endif
+workaround_reset_start cortex_a57, ERRATUM(859972), ERRATA_A57_859972
+ sysreg_bit_set CORTEX_A57_CPUACTLR_EL1, CORTEX_A57_CPUACTLR_EL1_DIS_INSTR_PREFETCH
+workaround_reset_end cortex_a57, ERRATUM(859972)
-#if A57_DISABLE_NON_TEMPORAL_HINT
- mov x0, x18
- bl a57_disable_ldnp_overread
-#endif
+check_erratum_ls cortex_a57, ERRATUM(859972), CPU_REV(1, 3)
-#if ERRATA_A57_826974
- mov x0, x18
- bl errata_a57_826974_wa
-#endif
+check_erratum_chosen cortex_a57, ERRATUM(1319537), ERRATA_A57_1319537
+/* erratum has no workaround in the cpu. Generic code must take care */
+add_erratum_entry cortex_a57, ERRATUM(1319537), ERRATA_A57_1319537, NO_APPLY_AT_RESET
-#if ERRATA_A57_826977
- mov x0, x18
- bl errata_a57_826977_wa
+workaround_reset_start cortex_a57, CVE(2017, 5715), WORKAROUND_CVE_2017_5715
+#if IMAGE_BL31
+ override_vector_table wa_cve_2017_5715_mmu_vbar
#endif
+workaround_reset_end cortex_a57, CVE(2017, 5715)
-#if ERRATA_A57_828024
- mov x0, x18
- bl errata_a57_828024_wa
-#endif
+check_erratum_chosen cortex_a57, CVE(2017, 5715), WORKAROUND_CVE_2017_5715
-#if ERRATA_A57_829520
- mov x0, x18
- bl errata_a57_829520_wa
-#endif
-
-#if ERRATA_A57_833471
- mov x0, x18
- bl errata_a57_833471_wa
-#endif
-
-#if ERRATA_A57_859972
- mov x0, x18
- bl errata_a57_859972_wa
-#endif
-
-#if IMAGE_BL31 && ( WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960 )
- /* ---------------------------------------------------------------
- * Override vector table & enable existing workaround if either of
- * the build flags are enabled
- * ---------------------------------------------------------------
- */
- adr x0, wa_cve_2017_5715_mmu_vbar
- msr vbar_el3, x0
- /* isb will be performed before returning from this function */
-#endif
-
-#if WORKAROUND_CVE_2018_3639
- mrs x0, CORTEX_A57_CPUACTLR_EL1
- orr x0, x0, #CORTEX_A57_CPUACTLR_EL1_DIS_LOAD_PASS_STORE
- msr CORTEX_A57_CPUACTLR_EL1, x0
+workaround_reset_start cortex_a57, CVE(2018, 3639), WORKAROUND_CVE_2018_3639
+ sysreg_bit_set CORTEX_A57_CPUACTLR_EL1, CORTEX_A57_CPUACTLR_EL1_DIS_LOAD_PASS_STORE
isb
dsb sy
-#endif
+workaround_reset_end cortex_a57, CVE(2018, 3639)
-#if A57_ENABLE_NONCACHEABLE_LOAD_FWD
- /* ---------------------------------------------
- * Enable higher performance non-cacheable load
- * forwarding
- * ---------------------------------------------
- */
- mrs x0, CORTEX_A57_CPUACTLR_EL1
- orr x0, x0, #CORTEX_A57_CPUACTLR_EL1_EN_NC_LOAD_FWD
- msr CORTEX_A57_CPUACTLR_EL1, x0
+check_erratum_chosen cortex_a57, CVE(2018, 3639), WORKAROUND_CVE_2018_3639
+
+workaround_reset_start cortex_a57, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
+#if IMAGE_BL31
+ override_vector_table wa_cve_2017_5715_mmu_vbar
#endif
+workaround_reset_end cortex_a57, CVE(2022, 23960)
- /* ---------------------------------------------
- * Enable the SMP bit.
- * ---------------------------------------------
- */
- mrs x0, CORTEX_A57_ECTLR_EL1
- orr x0, x0, #CORTEX_A57_ECTLR_SMP_BIT
- msr CORTEX_A57_ECTLR_EL1, x0
- isb
- ret x19
-endfunc cortex_a57_reset_func
+check_erratum_chosen cortex_a57, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
-func check_errata_cve_2022_23960
-#if WORKAROUND_CVE_2022_23960
- mov x0, #ERRATA_APPLIES
-#else
- mov x0, #ERRATA_MISSING
+cpu_reset_func_start cortex_a57
+#if A57_ENABLE_NONCACHEABLE_LOAD_FWD
+ /* Enable higher performance non-cacheable load forwarding */
+ sysreg_bit_set CORTEX_A57_CPUACTLR_EL1, CORTEX_A57_CPUACTLR_EL1_EN_NC_LOAD_FWD
#endif
- ret
-endfunc check_errata_cve_2022_23960
+ /* Enable the SMP bit. */
+ sysreg_bit_set CORTEX_A57_ECTLR_EL1, CORTEX_A57_ECTLR_SMP_BIT
+cpu_reset_func_end cortex_a57
func check_smccc_arch_workaround_3
mov x0, #ERRATA_APPLIES
@@ -619,42 +284,7 @@
b cortex_a57_disable_ext_debug
endfunc cortex_a57_cluster_pwr_dwn
-#if REPORT_ERRATA
-/*
- * Errata printing function for Cortex A57. Must follow AAPCS.
- */
-func cortex_a57_errata_report
- stp x8, x30, [sp, #-16]!
-
- bl cpu_get_rev_var
- mov x8, x0
-
- /*
- * Report all errata. The revision-variant information is passed to
- * checking functions of each errata.
- */
- report_errata ERRATA_A57_806969, cortex_a57, 806969
- report_errata ERRATA_A57_813419, cortex_a57, 813419
- report_errata ERRATA_A57_813420, cortex_a57, 813420
- report_errata ERRATA_A57_814670, cortex_a57, 814670
- report_errata ERRATA_A57_817169, cortex_a57, 817169
- report_errata A57_DISABLE_NON_TEMPORAL_HINT, cortex_a57, \
- disable_ldnp_overread
- report_errata ERRATA_A57_826974, cortex_a57, 826974
- report_errata ERRATA_A57_826977, cortex_a57, 826977
- report_errata ERRATA_A57_828024, cortex_a57, 828024
- report_errata ERRATA_A57_829520, cortex_a57, 829520
- report_errata ERRATA_A57_833471, cortex_a57, 833471
- report_errata ERRATA_A57_859972, cortex_a57, 859972
- report_errata ERRATA_A57_1319537, cortex_a57, 1319537
- report_errata WORKAROUND_CVE_2017_5715, cortex_a57, cve_2017_5715
- report_errata WORKAROUND_CVE_2018_3639, cortex_a57, cve_2018_3639
- report_errata WORKAROUND_CVE_2022_23960, cortex_a57, cve_2022_23960
-
- ldp x8, x30, [sp], #16
- ret
-endfunc cortex_a57_errata_report
-#endif
+errata_report_shim cortex_a57
/* ---------------------------------------------
* This function provides cortex_a57 specific
@@ -679,7 +309,7 @@
declare_cpu_ops_wa cortex_a57, CORTEX_A57_MIDR, \
cortex_a57_reset_func, \
- check_errata_cve_2017_5715, \
+ check_erratum_cortex_a57_5715, \
CPU_NO_EXTRA2_FUNC, \
check_smccc_arch_workaround_3, \
cortex_a57_core_pwr_dwn, \
diff --git a/lib/cpus/aarch64/cortex_gelas.S b/lib/cpus/aarch64/cortex_gelas.S
index e0d20a9..dc704f2 100644
--- a/lib/cpus/aarch64/cortex_gelas.S
+++ b/lib/cpus/aarch64/cortex_gelas.S
@@ -34,13 +34,20 @@
* ----------------------------------------------------
*/
func cortex_gelas_core_pwr_dwn
+#if ENABLE_SME_FOR_NS
/* ---------------------------------------------------
- * Disable SME
+ * Disable SME if enabled and supported
* ---------------------------------------------------
*/
+ mrs x0, ID_AA64PFR1_EL1
+ ubfx x0, x0, #ID_AA64PFR1_EL1_SME_SHIFT, \
+ #ID_AA64PFR1_EL1_SME_WIDTH
+ cmp x0, #ID_AA64PFR1_EL1_SME_NOT_SUPPORTED
+ b.eq 1f
msr CORTEX_GELAS_SVCRSM, xzr
msr CORTEX_GELAS_SVCRZA, xzr
-
+1:
+#endif
/* ---------------------------------------------------
* Enable CPU power down bit in power control register
* ---------------------------------------------------
diff --git a/lib/cpus/aarch64/nevis.S b/lib/cpus/aarch64/nevis.S
new file mode 100644
index 0000000..36830a9
--- /dev/null
+++ b/lib/cpus/aarch64/nevis.S
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <arch.h>
+#include <asm_macros.S>
+#include <common/bl_common.h>
+#include <nevis.h>
+#include <cpu_macros.S>
+#include <plat_macros.S>
+
+/* Hardware handled coherency */
+#if HW_ASSISTED_COHERENCY == 0
+#error "Nevis must be compiled with HW_ASSISTED_COHERENCY enabled"
+#endif
+
+/* 64-bit only core */
+#if CTX_INCLUDE_AARCH32_REGS == 1
+#error "Nevis supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
+#endif
+
+cpu_reset_func_start nevis
+ /* ----------------------------------------------------
+ * Disable speculative loads
+ * ----------------------------------------------------
+ */
+ msr SSBS, xzr
+cpu_reset_func_end nevis
+
+func nevis_core_pwr_dwn
+ /* ---------------------------------------------------
+ * Enable CPU power down bit in power control register
+ * ---------------------------------------------------
+ */
+ sysreg_bit_set NEVIS_IMP_CPUPWRCTLR_EL1, \
+ NEVIS_IMP_CPUPWRCTLR_EL1_CORE_PWRDN_EN_BIT
+ isb
+ ret
+endfunc nevis_core_pwr_dwn
+
+errata_report_shim nevis
+
+.section .rodata.nevis_regs, "aS"
+nevis_regs: /* The ASCII list of register names to be reported */
+ .asciz "cpuectlr_el1", ""
+
+func nevis_cpu_reg_dump
+ adr x6, nevis_regs
+ mrs x8, NEVIS_CPUECTLR_EL1
+ ret
+endfunc nevis_cpu_reg_dump
+
+declare_cpu_ops nevis, NEVIS_MIDR, \
+ nevis_reset_func, \
+ nevis_core_pwr_dwn
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 0ac2d6e..b16c113 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -279,6 +279,20 @@
write_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_HCRX_EL2,
HCRX_EL2_INIT_VAL);
}
+
+ if (is_feat_fgt_supported()) {
+ /*
+ * Initialize HFG*_EL2 registers with a default value so legacy
+ * systems unaware of FEAT_FGT do not get trapped due to their lack
+ * of initialization for this feature.
+ */
+ write_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_HFGITR_EL2,
+ HFGITR_EL2_INIT_VAL);
+ write_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_HFGRTR_EL2,
+ HFGRTR_EL2_INIT_VAL);
+ write_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_HFGWTR_EL2,
+ HFGWTR_EL2_INIT_VAL);
+ }
#endif /* CTX_INCLUDE_EL2_REGS */
manage_extensions_nonsecure(ctx);
@@ -829,8 +843,27 @@
if (is_feat_hcx_supported()) {
write_hcrx_el2(HCRX_EL2_INIT_VAL);
}
+
+ /*
+ * Initialize Fine-grained trap registers introduced
+ * by FEAT_FGT so all traps are initially disabled when
+ * switching to EL2 or a lower EL, preventing undesired
+ * behavior.
+ */
+ if (is_feat_fgt_supported()) {
+ /*
+ * Initialize HFG*_EL2 registers with a default
+ * value so legacy systems unaware of FEAT_FGT
+ * do not get trapped due to their lack of
+ * initialization for this feature.
+ */
+ write_hfgitr_el2(HFGITR_EL2_INIT_VAL);
+ write_hfgrtr_el2(HFGRTR_EL2_INIT_VAL);
+ write_hfgwtr_el2(HFGWTR_EL2_INIT_VAL);
+ }
}
+
if ((scr_el3 & SCR_HCE_BIT) != 0U) {
/* Use SCTLR_EL1.EE value to initialise sctlr_el2 */
sctlr_elx = read_ctx_reg(get_el1_sysregs_ctx(ctx),
diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk
index 3bce3a5..a5c93a6 100644
--- a/make_helpers/build_macros.mk
+++ b/make_helpers/build_macros.mk
@@ -334,10 +334,10 @@
$(eval OBJ := $(1)/$(patsubst %.c,%.o,$(notdir $(2))))
$(eval DEP := $(patsubst %.o,%.d,$(OBJ)))
-$(eval BL_DEFINES := $($(call uppercase,$(3))_DEFINES))
-$(eval BL_INCLUDE_DIRS := $($(call uppercase,$(3))_INCLUDE_DIRS))
-$(eval BL_CPPFLAGS := $($(call uppercase,$(3))_CPPFLAGS) -DIMAGE_$(call uppercase,$(3)) $(addprefix -D,$(BL_DEFINES)) $(addprefix -I,$(BL_INCLUDE_DIRS)))
-$(eval BL_CFLAGS := $($(call uppercase,$(3))_CFLAGS))
+$(eval BL_DEFINES := IMAGE_$(call uppercase,$(3)) $($(call uppercase,$(3))_DEFINES) $(PLAT_BL_COMMON_DEFINES))
+$(eval BL_INCLUDE_DIRS := $($(call uppercase,$(3))_INCLUDE_DIRS) $(PLAT_BL_COMMON_INCLUDE_DIRS))
+$(eval BL_CPPFLAGS := $($(call uppercase,$(3))_CPPFLAGS) $(addprefix -D,$(BL_DEFINES)) $(addprefix -I,$(BL_INCLUDE_DIRS)) $(PLAT_BL_COMMON_CPPFLAGS))
+$(eval BL_CFLAGS := $($(call uppercase,$(3))_CFLAGS) $(PLAT_BL_COMMON_CFLAGS))
$(OBJ): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | $(3)_dirs
$$(ECHO) " CC $$<"
@@ -357,10 +357,10 @@
$(eval OBJ := $(1)/$(patsubst %.S,%.o,$(notdir $(2))))
$(eval DEP := $(patsubst %.o,%.d,$(OBJ)))
-$(eval BL_DEFINES := $($(call uppercase,$(3))_DEFINES))
-$(eval BL_INCLUDE_DIRS := $($(call uppercase,$(3))_INCLUDE_DIRS))
-$(eval BL_CPPFLAGS := $($(call uppercase,$(3))_CPPFLAGS) -DIMAGE_$(call uppercase,$(3)) $(addprefix -D,$(BL_DEFINES)) $(addprefix -I,$(BL_INCLUDE_DIRS)))
-$(eval BL_ASFLAGS := $($(call uppercase,$(3))_ASFLAGS))
+$(eval BL_DEFINES := IMAGE_$(call uppercase,$(3)) $($(call uppercase,$(3))_DEFINES) $(PLAT_BL_COMMON_DEFINES))
+$(eval BL_INCLUDE_DIRS := $($(call uppercase,$(3))_INCLUDE_DIRS) $(PLAT_BL_COMMON_INCLUDE_DIRS))
+$(eval BL_CPPFLAGS := $($(call uppercase,$(3))_CPPFLAGS) $(addprefix -D,$(BL_DEFINES)) $(addprefix -I,$(BL_INCLUDE_DIRS)) $(PLAT_BL_COMMON_CPPFLAGS))
+$(eval BL_ASFLAGS := $($(call uppercase,$(3))_ASFLAGS) $(PLAT_BL_COMMON_ASFLAGS))
$(OBJ): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | $(3)_dirs
$$(ECHO) " AS $$<"
@@ -379,9 +379,9 @@
$(eval DEP := $(1).d)
-$(eval BL_DEFINES := $($(call uppercase,$(3))_DEFINES))
-$(eval BL_INCLUDE_DIRS := $($(call uppercase,$(3))_INCLUDE_DIRS))
-$(eval BL_CPPFLAGS := $($(call uppercase,$(3))_CPPFLAGS) -DIMAGE_$(call uppercase,$(3)) $(addprefix -D,$(BL_DEFINES)) $(addprefix -I,$(BL_INCLUDE_DIRS)))
+$(eval BL_DEFINES := IMAGE_$(call uppercase,$(3)) $($(call uppercase,$(3))_DEFINES) $(PLAT_BL_COMMON_DEFINES))
+$(eval BL_INCLUDE_DIRS := $($(call uppercase,$(3))_INCLUDE_DIRS) $(PLAT_BL_COMMON_INCLUDE_DIRS))
+$(eval BL_CPPFLAGS := $($(call uppercase,$(3))_CPPFLAGS) $(addprefix -D,$(BL_DEFINES)) $(addprefix -I,$(BL_INCLUDE_DIRS)) $(PLAT_BL_COMMON_CPPFLAGS))
$(1): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | $(3)_dirs
$$(ECHO) " PP $$<"
@@ -504,7 +504,7 @@
define MAKE_BL
$(eval BUILD_DIR := ${BUILD_PLAT}/$(1))
$(eval BL_SOURCES := $($(call uppercase,$(1))_SOURCES))
- $(eval SOURCES := $(BL_SOURCES) $(BL_COMMON_SOURCES) $(PLAT_BL_COMMON_SOURCES))
+ $(eval SOURCES := $(sort $(BL_SOURCES) $(BL_COMMON_SOURCES) $(PLAT_BL_COMMON_SOURCES)))
$(eval OBJS := $(addprefix $(BUILD_DIR)/,$(call SOURCES_TO_OBJS,$(SOURCES))))
$(eval MAPFILE := $(call IMG_MAPFILE,$(1)))
$(eval ELF := $(call IMG_ELF,$(1)))
diff --git a/plat/arm/board/a5ds/platform.mk b/plat/arm/board/a5ds/platform.mk
index 6fcf080..3ed7a63 100644
--- a/plat/arm/board/a5ds/platform.mk
+++ b/plat/arm/board/a5ds/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+# Copyright (c) 2019-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -98,6 +98,10 @@
NEED_BL32 := yes
+ifeq (${AARCH32_SP},none)
+ $(error Variable AARCH32_SP has to be set for AArch32)
+endif
+
MULTI_CONSOLE_API := 1
ARM_DISABLE_TRUSTED_WDOG := 1
diff --git a/plat/arm/board/arm_fpga/platform.mk b/plat/arm/board/arm_fpga/platform.mk
index c31697e..bd56f30 100644
--- a/plat/arm/board/arm_fpga/platform.mk
+++ b/plat/arm/board/arm_fpga/platform.mk
@@ -33,7 +33,17 @@
FPGA_PRELOADED_CMD_LINE := 0x1000
$(eval $(call add_define,FPGA_PRELOADED_CMD_LINE))
-ENABLE_FEAT_AMU := 2
+ENABLE_BRBE_FOR_NS := 2
+ENABLE_TRBE_FOR_NS := 2
+ENABLE_FEAT_AMU := 2
+ENABLE_FEAT_AMUv1p1 := 2
+ENABLE_FEAT_CSV2_2 := 2
+ENABLE_FEAT_ECV := 2
+ENABLE_FEAT_FGT := 2
+ENABLE_FEAT_HCX := 2
+ENABLE_MPAM_FOR_LOWER_ELS := 2
+ENABLE_SYS_REG_TRACE_FOR_NS := 2
+ENABLE_TRF_FOR_NS := 2
# Treating this as a memory-constrained port for now
USE_COHERENT_MEM := 0
diff --git a/plat/arm/board/corstone700/platform.mk b/plat/arm/board/corstone700/platform.mk
index 75833f6..d6d3bef 100644
--- a/plat/arm/board/corstone700/platform.mk
+++ b/plat/arm/board/corstone700/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2019-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2019-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -25,6 +25,10 @@
NEED_BL32 := yes
+ifeq (${AARCH32_SP},none)
+ $(error Variable AARCH32_SP has to be set for AArch32)
+endif
+
# Include GICv2 driver files
include drivers/arm/gic/v2/gicv2.mk
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index 6ac4e09..4803f35 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -214,7 +214,8 @@
lib/cpus/aarch64/neoverse_v1.S \
lib/cpus/aarch64/neoverse_e1.S \
lib/cpus/aarch64/cortex_x2.S \
- lib/cpus/aarch64/cortex_gelas.S
+ lib/cpus/aarch64/cortex_gelas.S \
+ lib/cpus/aarch64/nevis.S
endif
# AArch64/AArch32 cores
FVP_CPU_LIBS += lib/cpus/aarch64/cortex_a55.S \
@@ -407,10 +408,6 @@
PLAT_BL_COMMON_SOURCES += plat/arm/board/fvp/fvp_stack_protector.c
endif
-ifeq (${ARCH},aarch32)
- NEED_BL32 := yes
-endif
-
# Enable the dynamic translation tables library.
ifeq ($(filter 1,${RESET_TO_BL2} ${ARM_XLAT_TABLES_LIB_V1}),)
ifeq (${ARCH},aarch32)
diff --git a/plat/arm/board/fvp_ve/platform.mk b/plat/arm/board/fvp_ve/platform.mk
index f7eace8..79cf356 100644
--- a/plat/arm/board/fvp_ve/platform.mk
+++ b/plat/arm/board/fvp_ve/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+# Copyright (c) 2019-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -96,6 +96,10 @@
NEED_BL32 := yes
+ifeq (${AARCH32_SP},none)
+ $(error Variable AARCH32_SP has to be set for AArch32)
+endif
+
# Modification of arm_common.mk
# Process ARM_DISABLE_TRUSTED_WDOG flag
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 4914553..41d1b66 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -6,6 +6,12 @@
include common/fdt_wrappers.mk
+ifeq (${ARCH},aarch32)
+ ifeq (${AARCH32_SP},none)
+ $(error Variable AARCH32_SP has to be set for AArch32)
+ endif
+endif
+
ifeq (${ARCH}, aarch64)
# On ARM standard platorms, the TSP can execute from Trusted SRAM, Trusted
# DRAM (if available) or the TZC secured area of DRAM.
diff --git a/plat/aspeed/ast2700/include/platform_def.h b/plat/aspeed/ast2700/include/platform_def.h
index 3f2468f..8be26c3 100644
--- a/plat/aspeed/ast2700/include/platform_def.h
+++ b/plat/aspeed/ast2700/include/platform_def.h
@@ -41,13 +41,13 @@
#define MAX_MMAP_REGIONS U(32)
/* BL31 region */
-#define BL31_BASE ULL(0x400000000)
-#define BL31_SIZE ULL(0x400000)
+#define BL31_BASE ULL(0x430000000)
+#define BL31_SIZE SZ_512K
#define BL31_LIMIT (BL31_BASE + BL31_SIZE)
/* BL32 region */
#define BL32_BASE BL31_LIMIT
-#define BL32_SIZE ULL(0x400000)
+#define BL32_SIZE SZ_16M
#define BL32_LIMIT (BL32_BASE + BL32_SIZE)
/* console */
diff --git a/plat/imx/imx7/common/imx7.mk b/plat/imx/imx7/common/imx7.mk
index f4f5bfc..156c55d 100644
--- a/plat/imx/imx7/common/imx7.mk
+++ b/plat/imx/imx7/common/imx7.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -110,3 +110,7 @@
ifeq (${ARCH},aarch64)
$(error Error: AArch64 not supported on i.mx7)
endif
+
+ifeq (${AARCH32_SP}, none)
+ $(error Variable AARCH32_SP has to be set for AArch32)
+endif
diff --git a/plat/imx/imx8m/ddr/clock.c b/plat/imx/imx8m/ddr/clock.c
index 8b132d2..31f2f56 100644
--- a/plat/imx/imx8m/ddr/clock.c
+++ b/plat/imx/imx8m/ddr/clock.c
@@ -91,6 +91,10 @@
case 4000:
mmio_write_32(DRAM_PLL_CTRL + 0x4, (250 << 12) | (3 << 4) | 1);
break;
+ case 3733:
+ case 3732:
+ mmio_write_32(DRAM_PLL_CTRL + 0x4, (311 << 12) | (4 << 4) | 1);
+ break;
case 3200:
mmio_write_32(DRAM_PLL_CTRL + 0x4, (200 << 12) | (3 << 4) | 1);
break;
diff --git a/plat/imx/imx8m/ddr/dram_retention.c b/plat/imx/imx8m/ddr/dram_retention.c
index 983f6e2..d98a37e 100644
--- a/plat/imx/imx8m/ddr/dram_retention.c
+++ b/plat/imx/imx8m/ddr/dram_retention.c
@@ -8,14 +8,12 @@
#include <lib/mmio.h>
#include <dram.h>
+#include <gpc_reg.h>
#include <platform_def.h>
#define SRC_DDR1_RCR (IMX_SRC_BASE + 0x1000)
#define SRC_DDR2_RCR (IMX_SRC_BASE + 0x1004)
-#define PU_PGC_UP_TRG 0xf8
-#define PU_PGC_DN_TRG 0x104
-#define GPC_PU_PWRHSK (IMX_GPC_BASE + 0x01FC)
#define CCM_SRC_CTRL_OFFSET (IMX_CCM_BASE + 0x800)
#define CCM_CCGR_OFFSET (IMX_CCM_BASE + 0x4000)
#define CCM_TARGET_ROOT_OFFSET (IMX_CCM_BASE + 0x8000)
@@ -102,21 +100,12 @@
}
dwc_ddrphy_apb_wr(0xd0000, 0x1);
-#if defined(PLAT_imx8mq)
- /* pwrdnreqn_async adbm/adbs of ddr */
- mmio_clrbits_32(GPC_PU_PWRHSK, BIT(1));
- while (mmio_read_32(GPC_PU_PWRHSK) & BIT(18)) {
- ;
- }
- mmio_setbits_32(GPC_PU_PWRHSK, BIT(1));
-#else
/* pwrdnreqn_async adbm/adbs of ddr */
- mmio_clrbits_32(GPC_PU_PWRHSK, BIT(2));
- while (mmio_read_32(GPC_PU_PWRHSK) & BIT(20)) {
+ mmio_clrbits_32(IMX_GPC_BASE + GPC_PU_PWRHSK, DDRMIX_ADB400_SYNC);
+ while (mmio_read_32(IMX_GPC_BASE + GPC_PU_PWRHSK) & DDRMIX_ADB400_ACK)
;
- }
- mmio_setbits_32(GPC_PU_PWRHSK, BIT(2));
-#endif
+ mmio_setbits_32(IMX_GPC_BASE + GPC_PU_PWRHSK, DDRMIX_ADB400_SYNC);
+
/* remove PowerOk */
mmio_write_32(SRC_DDR1_RCR, 0x8F000008);
@@ -124,8 +113,8 @@
mmio_write_32(CCM_SRC_CTRL(15), 2);
/* enable the phy iso */
- mmio_setbits_32(IMX_GPC_BASE + 0xd40, 1);
- mmio_setbits_32(IMX_GPC_BASE + PU_PGC_DN_TRG, BIT(5));
+ mmio_setbits_32(IMX_GPC_BASE + DDRMIX_PGC, 1);
+ mmio_setbits_32(IMX_GPC_BASE + PU_PGC_DN_TRG, DDRMIX_PWR_REQ);
VERBOSE("dram enter retention\n");
}
@@ -150,7 +139,7 @@
mmio_write_32(CCM_TARGET_ROOT(65) + 0x4, (0x4 << 24) | (0x3 << 16));
/* disable iso */
- mmio_setbits_32(IMX_GPC_BASE + PU_PGC_UP_TRG, BIT(5));
+ mmio_setbits_32(IMX_GPC_BASE + PU_PGC_UP_TRG, DDRMIX_PWR_REQ);
mmio_write_32(SRC_DDR1_RCR, 0x8F000006);
/* wait dram pll locked */
diff --git a/plat/imx/imx8m/imx8mm/gpc.c b/plat/imx/imx8m/imx8mm/gpc.c
index e0e38a9..f173a16 100644
--- a/plat/imx/imx8m/imx8mm/gpc.c
+++ b/plat/imx/imx8m/imx8mm/gpc.c
@@ -19,46 +19,7 @@
#include <gpc.h>
#include <imx_sip_svc.h>
-#define MIPI_PWR_REQ BIT(0)
-#define PCIE_PWR_REQ BIT(1)
-#define OTG1_PWR_REQ BIT(2)
-#define OTG2_PWR_REQ BIT(3)
-#define HSIOMIX_PWR_REQ BIT(4)
-#define GPU2D_PWR_REQ BIT(6)
-#define GPUMIX_PWR_REQ BIT(7)
-#define VPUMIX_PWR_REQ BIT(8)
-#define GPU3D_PWR_REQ BIT(9)
-#define DISPMIX_PWR_REQ BIT(10)
-#define VPU_G1_PWR_REQ BIT(11)
-#define VPU_G2_PWR_REQ BIT(12)
-#define VPU_H1_PWR_REQ BIT(13)
-
-#define HSIOMIX_ADB400_SYNC (0x3 << 5)
-#define DISPMIX_ADB400_SYNC BIT(7)
-#define VPUMIX_ADB400_SYNC BIT(8)
-#define GPU3D_ADB400_SYNC BIT(9)
-#define GPU2D_ADB400_SYNC BIT(10)
-#define GPUMIX_ADB400_SYNC BIT(11)
-#define HSIOMIX_ADB400_ACK (0x3 << 23)
-#define DISPMIX_ADB400_ACK BIT(25)
-#define VPUMIX_ADB400_ACK BIT(26)
-#define GPU3D_ADB400_ACK BIT(27)
-#define GPU2D_ADB400_ACK BIT(28)
-#define GPUMIX_ADB400_ACK BIT(29)
-
-#define MIPI_PGC 0xc00
-#define PCIE_PGC 0xc40
-#define OTG1_PGC 0xc80
-#define OTG2_PGC 0xcc0
-#define HSIOMIX_PGC 0xd00
-#define GPU2D_PGC 0xd80
-#define GPUMIX_PGC 0xdc0
-#define VPUMIX_PGC 0xe00
-#define GPU3D_PGC 0xe40
-#define DISPMIX_PGC 0xe80
-#define VPU_G1_PGC 0xec0
-#define VPU_G2_PGC 0xf00
-#define VPU_H1_PGC 0xf40
+#define CCGR(x) (0x4000 + (x) * 16)
enum pu_domain_id {
HSIOMIX,
diff --git a/plat/mediatek/drivers/emi_mpu/emi_mpu.h b/plat/mediatek/drivers/emi_mpu/emi_mpu.h
index 9c1ebb5..ef7134c 100644
--- a/plat/mediatek/drivers/emi_mpu/emi_mpu.h
+++ b/plat/mediatek/drivers/emi_mpu/emi_mpu.h
@@ -57,9 +57,18 @@
unsigned int apc[EMI_MPU_DGROUP_NUM];
};
+enum MPU_REQ_ORIGIN_ZONE_ID {
+ MPU_REQ_ORIGIN_TEE_ZONE_SVP = 0,
+ MPU_REQ_ORIGIN_TEE_ZONE_TUI = 1,
+ MPU_REQ_ORIGIN_TEE_ZONE_WFD = 2,
+ MPU_REQ_ORIGIN_TEE_ZONE_MAX = 3,
+ MPU_REQ_ORIGIN_ZONE_INVALID = 0x7FFFFFFF,
+};
+
int emi_mpu_init(void);
+int emi_mpu_optee_handler(uint64_t encoded_addr, uint64_t zone_size,
+ uint64_t zone_info);
int emi_mpu_set_protection(struct emi_region_info_t *region_info);
void set_emi_mpu_regions(void);
int set_apu_emi_mpu_region(void);
-
#endif
diff --git a/plat/mediatek/drivers/emi_mpu/emi_mpu_common.c b/plat/mediatek/drivers/emi_mpu/emi_mpu_common.c
index bf77791..7eeadec 100644
--- a/plat/mediatek/drivers/emi_mpu/emi_mpu_common.c
+++ b/plat/mediatek/drivers/emi_mpu/emi_mpu_common.c
@@ -7,6 +7,8 @@
#include <string.h>
#include <common/debug.h>
#include <lib/mmio.h>
+#include <smccc_helpers.h>
+
#include <emi_mpu.h>
#include <lib/mtk_init/mtk_init.h>
#include <mtk_sip_svc.h>
@@ -116,7 +118,10 @@
u_register_t x3, u_register_t x4,
void *handle, struct smccc_res *smccc_ret)
{
- /* TODO: implement emi mpu handler */
+ int ret;
+
+ ret = emi_mpu_optee_handler(x1, x2, x3);
+ SMC_RET2(handle, ret, 0U);
return 0;
}
diff --git a/plat/mediatek/drivers/emi_mpu/mt8188/emi_mpu.c b/plat/mediatek/drivers/emi_mpu/mt8188/emi_mpu.c
index 59ab315..ae1b7ef 100644
--- a/plat/mediatek/drivers/emi_mpu/mt8188/emi_mpu.c
+++ b/plat/mediatek/drivers/emi_mpu/mt8188/emi_mpu.c
@@ -6,6 +6,9 @@
#include <common/debug.h>
#include <emi_mpu.h>
+#include <mtk_sip_svc.h>
+
+#define MPU_PHYSICAL_ADDR_SHIFT_BITS (16)
void set_emi_mpu_regions(void)
{
@@ -29,3 +32,43 @@
return emi_mpu_set_protection(®ion_info);
}
+
+static inline uint64_t get_decoded_phys_addr(uint64_t addr)
+{
+ return (addr << MPU_PHYSICAL_ADDR_SHIFT_BITS);
+}
+
+static inline uint32_t get_decoded_zone_id(uint32_t info)
+{
+ return ((info & 0xFFFF0000) >> MPU_PHYSICAL_ADDR_SHIFT_BITS);
+}
+
+int emi_mpu_optee_handler(uint64_t encoded_addr, uint64_t zone_size,
+ uint64_t zone_info)
+{
+ uint64_t phys_addr = get_decoded_phys_addr(encoded_addr);
+ struct emi_region_info_t region_info;
+ enum MPU_REQ_ORIGIN_ZONE_ID zone_id = get_decoded_zone_id(zone_info);
+
+ INFO("encoded_addr = 0x%lx, zone_size = 0x%lx, zone_info = 0x%lx\n",
+ encoded_addr, zone_size, zone_info);
+
+ if (zone_id != MPU_REQ_ORIGIN_TEE_ZONE_SVP) {
+ ERROR("Invalid param %s, %d\n", __func__, __LINE__);
+ return MTK_SIP_E_INVALID_PARAM;
+ }
+
+ /* SVP DRAM */
+ region_info.start = phys_addr;
+ region_info.end = phys_addr + zone_size;
+ region_info.region = 4;
+ SET_ACCESS_PERMISSION(region_info.apc, 1,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, FORBIDDEN,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, FORBIDDEN,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, FORBIDDEN,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, SEC_RW);
+
+ emi_mpu_set_protection(®ion_info);
+
+ return 0;
+}
\ No newline at end of file
diff --git a/plat/nuvoton/npcm845x/npcm845x_bl31_setup.c b/plat/nuvoton/npcm845x/npcm845x_bl31_setup.c
index 26ddb4b..08448db 100644
--- a/plat/nuvoton/npcm845x/npcm845x_bl31_setup.c
+++ b/plat/nuvoton/npcm845x/npcm845x_bl31_setup.c
@@ -47,27 +47,12 @@
BL31_END - BL31_START, \
MT_MEMORY | MT_RW | EL3_PAS)
-#if RECLAIM_INIT_CODE
-IMPORT_SYM(unsigned long, __INIT_CODE_START__, BL_INIT_CODE_BASE);
-IMPORT_SYM(unsigned long, __INIT_CODE_END__, BL_CODE_END_UNALIGNED);
-
-#define BL_INIT_CODE_END ((BL_CODE_END_UNALIGNED + PAGE_SIZE - 1) & \
- ~(PAGE_SIZE - 1))
-
-#define MAP_BL_INIT_CODE MAP_REGION_FLAT( \
- BL_INIT_CODE_BASE, \
- BL_INIT_CODE_END - \
- BL_INIT_CODE_BASE, \
- MT_CODE | MT_SECURE)
-#endif /* RECLAIM_INIT_CODE */
-
#if SEPARATE_NOBITS_REGION
#define MAP_BL31_NOBITS MAP_REGION_FLAT( \
BL31_NOBITS_BASE, \
BL31_NOBITS_LIMIT - \
BL31_NOBITS_BASE, \
MT_MEMORY | MT_RW | EL3_PAS)
-
#endif /* SEPARATE_NOBITS_REGION */
/******************************************************************************
@@ -324,9 +309,6 @@
{
const mmap_region_t bl_regions[] = {
MAP_BL31_TOTAL,
-#if RECLAIM_INIT_CODE
- MAP_BL_INIT_CODE,
-#endif /* RECLAIM_INIT_CODE */
#if SEPARATE_NOBITS_REGION
MAP_BL31_NOBITS,
#endif /* SEPARATE_NOBITS_REGION */
diff --git a/plat/nuvoton/npcm845x/platform.mk b/plat/nuvoton/npcm845x/platform.mk
index f38ae29..5120cc6 100644
--- a/plat/nuvoton/npcm845x/platform.mk
+++ b/plat/nuvoton/npcm845x/platform.mk
@@ -9,7 +9,7 @@
# This is a debug flag for bring-up. It allows reducing CPU numbers
# SECONDARY_BRINGUP := 1
RESET_TO_BL31 := 1
-PMD_SPM_AT_SEL2 := 0
+SPMD_SPM_AT_SEL2 := 0
#temporary until the RAM size is reduced
USE_COHERENT_MEM := 1
@@ -21,29 +21,12 @@
# Trusted DRAM (if available) or the TZC secured area of DRAM.
# TZC secured DRAM is the default.
-ARM_TSP_RAM_LOCATION ?= dram
-
-ifeq (${ARM_TSP_RAM_LOCATION}, tsram)
-ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID
-else ifeq (${ARM_TSP_RAM_LOCATION}, tdram)
-ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_DRAM_ID
-else ifeq (${ARM_TSP_RAM_LOCATION}, dram)
-ARM_TSP_RAM_LOCATION_ID = ARM_DRAM_ID
-else
-$(error "Unsupported ARM_TSP_RAM_LOCATION value")
-endif
-
-# Process flags
# Process ARM_BL31_IN_DRAM flag
ARM_BL31_IN_DRAM := 0
$(eval $(call assert_boolean,ARM_BL31_IN_DRAM))
$(eval $(call add_define,ARM_BL31_IN_DRAM))
-else
-ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID
endif
-$(eval $(call add_define,ARM_TSP_RAM_LOCATION_ID))
-
# For the original power-state parameter format, the State-ID can be encoded
# according to the recommended encoding or zero. This flag determines which
# State-ID encoding to be parsed.
@@ -316,8 +299,7 @@
# Pointer Authentication sources
ifeq (${ENABLE_PAUTH}, 1)
-PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c \
- lib/extensions/pauth/pauth_helpers.S
+PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c
endif
ifeq (${SPD},spmd)
@@ -370,12 +352,6 @@
include ${IMG_PARSER_LIB_MK}
endif
-ifeq (${RECLAIM_INIT_CODE}, 1)
-ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1)
-$(error "To reclaim init code xlat tables v2 must be used")
-endif
-endif
-
ifeq (${MEASURED_BOOT},1)
MEASURED_BOOT_MK := drivers/measured_boot/measured_boot.mk
$(info Including ${MEASURED_BOOT_MK})
@@ -392,6 +368,3 @@
DEBUG_CONSOLE ?= 0
$(eval $(call add_define,DEBUG_CONSOLE))
-
-$(eval $(call add_define,ARM_TSP_RAM_LOCATION_ID))
-
diff --git a/plat/qemu/common/common.mk b/plat/qemu/common/common.mk
new file mode 100644
index 0000000..b8b57d2
--- /dev/null
+++ b/plat/qemu/common/common.mk
@@ -0,0 +1,112 @@
+#
+# Copyright (c) 2023, Linaro Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+include lib/libfdt/libfdt.mk
+include common/fdt_wrappers.mk
+
+PLAT_INCLUDES := -Iinclude/plat/arm/common/ \
+ -I${PLAT_QEMU_COMMON_PATH}/include \
+ -I${PLAT_QEMU_PATH}/include \
+ -Iinclude/common/tbbr
+
+ifeq (${ARCH},aarch32)
+QEMU_CPU_LIBS := lib/cpus/${ARCH}/cortex_a15.S
+else
+QEMU_CPU_LIBS := lib/cpus/aarch64/aem_generic.S \
+ lib/cpus/aarch64/cortex_a53.S \
+ lib/cpus/aarch64/cortex_a57.S \
+ lib/cpus/aarch64/cortex_a72.S \
+ lib/cpus/aarch64/cortex_a76.S \
+ lib/cpus/aarch64/neoverse_n_common.S \
+ lib/cpus/aarch64/neoverse_n1.S \
+ lib/cpus/aarch64/neoverse_v1.S \
+ lib/cpus/aarch64/qemu_max.S
+
+PLAT_INCLUDES += -Iinclude/plat/arm/common/${ARCH}
+endif
+
+PLAT_BL_COMMON_SOURCES := ${PLAT_QEMU_COMMON_PATH}/qemu_common.c \
+ ${PLAT_QEMU_COMMON_PATH}/qemu_console.c \
+ drivers/arm/pl011/${ARCH}/pl011_console.S
+
+include lib/xlat_tables_v2/xlat_tables.mk
+PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS}
+
+ifneq ($(ENABLE_STACK_PROTECTOR), 0)
+ PLAT_BL_COMMON_SOURCES += ${PLAT_QEMU_COMMON_PATH}/qemu_stack_protector.c
+endif
+
+BL1_SOURCES += drivers/io/io_semihosting.c \
+ drivers/io/io_storage.c \
+ drivers/io/io_fip.c \
+ drivers/io/io_memmap.c \
+ lib/semihosting/semihosting.c \
+ lib/semihosting/${ARCH}/semihosting_call.S \
+ ${PLAT_QEMU_COMMON_PATH}/qemu_io_storage.c \
+ ${PLAT_QEMU_COMMON_PATH}/${ARCH}/plat_helpers.S \
+ ${PLAT_QEMU_COMMON_PATH}/qemu_bl1_setup.c \
+ ${QEMU_CPU_LIBS}
+
+BL2_SOURCES += drivers/io/io_semihosting.c \
+ drivers/io/io_storage.c \
+ drivers/io/io_fip.c \
+ drivers/io/io_memmap.c \
+ lib/semihosting/semihosting.c \
+ lib/semihosting/${ARCH}/semihosting_call.S \
+ ${PLAT_QEMU_COMMON_PATH}/qemu_io_storage.c \
+ ${PLAT_QEMU_COMMON_PATH}/${ARCH}/plat_helpers.S \
+ ${PLAT_QEMU_COMMON_PATH}/qemu_bl2_setup.c \
+ ${PLAT_QEMU_COMMON_PATH}/qemu_bl2_mem_params_desc.c \
+ ${PLAT_QEMU_COMMON_PATH}/qemu_image_load.c \
+ common/desc_image_load.c \
+ common/fdt_fixup.c
+
+BL31_SOURCES += ${QEMU_CPU_LIBS} \
+ lib/semihosting/semihosting.c \
+ lib/semihosting/${ARCH}/semihosting_call.S \
+ plat/common/plat_psci_common.c \
+ ${PLAT_QEMU_COMMON_PATH}/aarch64/plat_helpers.S \
+ ${PLAT_QEMU_COMMON_PATH}/qemu_bl31_setup.c \
+ common/fdt_fixup.c \
+ ${QEMU_GIC_SOURCES}
+
+# CPU flag enablement
+ifeq (${ARCH},aarch64)
+
+# Later QEMU versions support SME and SVE.
+# SPM_MM is not compatible with ENABLE_SVE_FOR_NS (build breaks)
+ifeq (${SPM_MM},1)
+ ENABLE_SVE_FOR_NS := 0
+ ENABLE_SME_FOR_NS := 0
+else
+ ENABLE_SVE_FOR_NS := 2
+ ENABLE_SME_FOR_NS := 2
+endif
+
+# QEMU will use the RNDR instruction for the stack protector canary.
+ENABLE_FEAT_RNG := 2
+
+# QEMU 7.2+ has support for FGT and Linux needs it enabled to boot on max
+ENABLE_FEAT_FGT := 2
+
+# Treating this as a memory-constrained port for now
+USE_COHERENT_MEM := 0
+
+# This can be overridden depending on CPU(s) used in the QEMU image
+HW_ASSISTED_COHERENCY := 1
+
+CTX_INCLUDE_AARCH32_REGS := 0
+ifeq (${CTX_INCLUDE_AARCH32_REGS}, 1)
+$(error "This is an AArch64-only port; CTX_INCLUDE_AARCH32_REGS must be disabled")
+endif
+
+# Pointer Authentication sources
+ifeq (${ENABLE_PAUTH}, 1)
+PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c
+CTX_INCLUDE_PAUTH_REGS := 1
+endif
+
+endif
diff --git a/plat/qemu/qemu/platform.mk b/plat/qemu/qemu/platform.mk
index a10ab65..16e89c1 100644
--- a/plat/qemu/qemu/platform.mk
+++ b/plat/qemu/qemu/platform.mk
@@ -4,6 +4,14 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+PLAT_QEMU_PATH := plat/qemu/qemu
+PLAT_QEMU_COMMON_PATH := plat/qemu/common
+
+SEPARATE_CODE_AND_RODATA := 1
+ENABLE_STACK_PROTECTOR := 0
+
+include plat/qemu/common/common.mk
+
# Use the GICv2 driver on QEMU by default
QEMU_USE_GIC_DRIVER := QEMU_GICV2
@@ -18,17 +26,6 @@
$(eval $(call add_define,ARMV7_SUPPORTS_VFP))
# Qemu expects a BL32 boot stage.
NEED_BL32 := yes
-else
-CTX_INCLUDE_AARCH32_REGS := 0
-ifeq (${CTX_INCLUDE_AARCH32_REGS}, 1)
-$(error "This is an AArch64-only port; CTX_INCLUDE_AARCH32_REGS must be disabled")
-endif
-
-# Treating this as a memory-constrained port for now
-USE_COHERENT_MEM := 0
-
-# This can be overridden depending on CPU(s) used in the QEMU image
-HW_ASSISTED_COHERENCY := 1
endif # ARMv7
ifeq (${SPD},opteed)
@@ -42,42 +39,10 @@
add-lib-optee := yes
endif
-include lib/libfdt/libfdt.mk
-
ifeq ($(NEED_BL32),yes)
$(eval $(call add_define,QEMU_LOAD_BL32))
endif
-PLAT_QEMU_PATH := plat/qemu/qemu
-PLAT_QEMU_COMMON_PATH := plat/qemu/common
-PLAT_INCLUDES := -Iinclude/plat/arm/common/ \
- -I${PLAT_QEMU_COMMON_PATH}/include \
- -I${PLAT_QEMU_PATH}/include \
- -Iinclude/common/tbbr
-
-ifeq (${ARM_ARCH_MAJOR},8)
-PLAT_INCLUDES += -Iinclude/plat/arm/common/${ARCH}
-
-QEMU_CPU_LIBS := lib/cpus/aarch64/aem_generic.S \
- lib/cpus/aarch64/cortex_a53.S \
- lib/cpus/aarch64/cortex_a57.S \
- lib/cpus/aarch64/cortex_a72.S \
- lib/cpus/aarch64/cortex_a76.S \
- lib/cpus/aarch64/neoverse_n_common.S \
- lib/cpus/aarch64/neoverse_n1.S \
- lib/cpus/aarch64/neoverse_v1.S \
- lib/cpus/aarch64/qemu_max.S
-else
-QEMU_CPU_LIBS := lib/cpus/${ARCH}/cortex_a15.S
-endif
-
-PLAT_BL_COMMON_SOURCES := ${PLAT_QEMU_COMMON_PATH}/qemu_common.c \
- ${PLAT_QEMU_COMMON_PATH}/qemu_console.c \
- drivers/arm/pl011/${ARCH}/pl011_console.S
-
-include lib/xlat_tables_v2/xlat_tables.mk
-PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS}
-
ifneq (${TRUSTED_BOARD_BOOT},0)
AUTH_SOURCES := drivers/auth/auth_mod.c \
@@ -150,42 +115,7 @@
include drivers/auth/mbedtls/mbedtls_crypto.mk
endif
-BL1_SOURCES += drivers/io/io_semihosting.c \
- drivers/io/io_storage.c \
- drivers/io/io_fip.c \
- drivers/io/io_memmap.c \
- lib/semihosting/semihosting.c \
- lib/semihosting/${ARCH}/semihosting_call.S \
- ${PLAT_QEMU_COMMON_PATH}/qemu_io_storage.c \
- ${PLAT_QEMU_COMMON_PATH}/${ARCH}/plat_helpers.S \
- ${PLAT_QEMU_COMMON_PATH}/qemu_bl1_setup.c \
- ${QEMU_CPU_LIBS}
-
-ifeq (${ARM_ARCH_MAJOR},8)
-BL1_SOURCES += lib/cpus/${ARCH}/aem_generic.S \
- lib/cpus/${ARCH}/cortex_a53.S \
- lib/cpus/${ARCH}/cortex_a57.S \
- lib/cpus/${ARCH}/cortex_a72.S \
- lib/cpus/${ARCH}/qemu_max.S \
-
-else
-BL1_SOURCES += lib/cpus/${ARCH}/cortex_a15.S
-endif
-
-BL2_SOURCES += drivers/io/io_semihosting.c \
- drivers/io/io_storage.c \
- drivers/io/io_fip.c \
- drivers/io/io_memmap.c \
- lib/semihosting/semihosting.c \
- lib/semihosting/${ARCH}/semihosting_call.S \
- ${PLAT_QEMU_COMMON_PATH}/qemu_io_storage.c \
- ${PLAT_QEMU_COMMON_PATH}/${ARCH}/plat_helpers.S \
- ${PLAT_QEMU_COMMON_PATH}/qemu_bl2_setup.c \
- ${PLAT_QEMU_COMMON_PATH}/qemu_bl2_mem_params_desc.c \
- ${PLAT_QEMU_COMMON_PATH}/qemu_image_load.c \
- common/fdt_fixup.c \
- common/fdt_wrappers.c \
- common/desc_image_load.c \
+BL2_SOURCES += ${FDT_WRAPPERS_SOURCES} \
common/uuid.c
ifeq ($(add-lib-optee),yes)
@@ -218,29 +148,16 @@
$(error "Incorrect GIC driver chosen for QEMU platform")
endif
-ifeq (${ARM_ARCH_MAJOR},8)
-BL31_SOURCES += ${QEMU_CPU_LIBS} \
- lib/semihosting/semihosting.c \
- lib/semihosting/${ARCH}/semihosting_call.S \
- plat/common/plat_psci_common.c \
- drivers/arm/pl061/pl061_gpio.c \
+ifeq (${ARCH},aarch64)
+BL31_SOURCES += drivers/arm/pl061/pl061_gpio.c \
drivers/gpio/gpio.c \
- ${PLAT_QEMU_COMMON_PATH}/qemu_pm.c \
- ${PLAT_QEMU_COMMON_PATH}/topology.c \
- ${PLAT_QEMU_COMMON_PATH}/aarch64/plat_helpers.S \
- ${PLAT_QEMU_COMMON_PATH}/qemu_bl31_setup.c \
- ${QEMU_GIC_SOURCES}
+ ${PLAT_QEMU_COMMON_PATH}/qemu_pm.c \
+ ${PLAT_QEMU_COMMON_PATH}/topology.c
ifeq (${SDEI_SUPPORT}, 1)
BL31_SOURCES += plat/qemu/common/qemu_sdei.c
endif
-# Pointer Authentication sources
-ifeq (${ENABLE_PAUTH}, 1)
-PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c \
- lib/extensions/pauth/pauth_helpers.S
-endif
-
ifeq (${SPD},spmd)
BL31_SOURCES += plat/common/plat_spmd_manifest.c \
common/uuid.c \
@@ -280,12 +197,6 @@
$(eval $(call TOOL_ADD_PAYLOAD,${QEMU_TOS_FW_CONFIG},--tos-fw-config,${QEMU_TOS_FW_CONFIG}))
endif
-SEPARATE_CODE_AND_RODATA := 1
-ENABLE_STACK_PROTECTOR := 0
-ifneq ($(ENABLE_STACK_PROTECTOR), 0)
- PLAT_BL_COMMON_SOURCES += ${PLAT_QEMU_COMMON_PATH}/qemu_stack_protector.c
-endif
-
BL32_RAM_LOCATION := tdram
ifeq (${BL32_RAM_LOCATION}, tsram)
BL32_RAM_LOCATION_ID = SEC_SRAM_ID
@@ -306,15 +217,6 @@
ARM_PRELOADED_DTB_BASE := PLAT_QEMU_DT_BASE
$(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
-# QEMU will use the RNDR instruction for the stack protector canary.
-ENABLE_FEAT_RNG := 2
-
-# Later QEMU versions support SME and SVE.
-ifneq (${ARCH},aarch32)
- ENABLE_SVE_FOR_NS := 2
- ENABLE_SME_FOR_NS := 2
-endif
-
qemu_fw.bios: bl1 fip
$(ECHO) " DD $@"
$(Q)cp ${BUILD_PLAT}/bl1.bin ${BUILD_PLAT}/$@
diff --git a/plat/qemu/qemu_sbsa/platform.mk b/plat/qemu/qemu_sbsa/platform.mk
index 3dfefd0..4a8df46 100644
--- a/plat/qemu/qemu_sbsa/platform.mk
+++ b/plat/qemu/qemu_sbsa/platform.mk
@@ -4,11 +4,17 @@
# SPDX-License-Identifier: BSD-3-Clause
#
-include common/fdt_wrappers.mk
+PLAT_QEMU_PATH := plat/qemu/qemu_sbsa
+PLAT_QEMU_COMMON_PATH := plat/qemu/common
+
+MULTI_CONSOLE_API := 1
+CRASH_REPORTING := 1
-CRASH_REPORTING := 1
+# Disable the PSCI platform compatibility layer
+ENABLE_PLAT_COMPAT := 0
-include lib/libfdt/libfdt.mk
+SEPARATE_CODE_AND_RODATA := 1
+ENABLE_STACK_PROTECTOR := 0
ifeq (${SPM_MM},1)
NEED_BL32 := yes
@@ -16,75 +22,16 @@
GICV2_G0_FOR_EL3 := 1
endif
+include plat/qemu/common/common.mk
+
# Enable new version of image loading on QEMU platforms
LOAD_IMAGE_V2 := 1
-CTX_INCLUDE_AARCH32_REGS := 0
-ifeq (${CTX_INCLUDE_AARCH32_REGS}, 1)
-$(error "This is an AArch64-only port; CTX_INCLUDE_AARCH32_REGS must be disabled")
-endif
-
ifeq ($(NEED_BL32),yes)
$(eval $(call add_define,QEMU_LOAD_BL32))
endif
-PLAT_QEMU_PATH := plat/qemu/qemu_sbsa
-PLAT_QEMU_COMMON_PATH := plat/qemu/common
-PLAT_INCLUDES := -Iinclude/plat/arm/common/ \
- -I${PLAT_QEMU_COMMON_PATH}/include \
- -I${PLAT_QEMU_PATH}/include \
- -Iinclude/common/tbbr
-
-PLAT_INCLUDES += -Iinclude/plat/arm/common/${ARCH}
-
-PLAT_BL_COMMON_SOURCES := ${PLAT_QEMU_COMMON_PATH}/qemu_common.c \
- ${PLAT_QEMU_COMMON_PATH}/qemu_console.c \
- drivers/arm/pl011/${ARCH}/pl011_console.S
-
-# Treating this as a memory-constrained port for now
-USE_COHERENT_MEM := 0
-
-# This can be overridden depending on CPU(s) used in the QEMU image
-HW_ASSISTED_COHERENCY := 1
-
-QEMU_CPU_LIBS := lib/cpus/aarch64/cortex_a57.S \
- lib/cpus/aarch64/cortex_a72.S \
- lib/cpus/aarch64/neoverse_n_common.S \
- lib/cpus/aarch64/neoverse_n1.S \
- lib/cpus/aarch64/neoverse_v1.S \
- lib/cpus/aarch64/qemu_max.S
-
-include lib/xlat_tables_v2/xlat_tables.mk
-PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS}
-
-BL1_SOURCES += drivers/io/io_semihosting.c \
- drivers/io/io_storage.c \
- drivers/io/io_fip.c \
- drivers/io/io_memmap.c \
- lib/semihosting/semihosting.c \
- lib/semihosting/${ARCH}/semihosting_call.S \
- ${PLAT_QEMU_COMMON_PATH}/qemu_io_storage.c \
- ${PLAT_QEMU_COMMON_PATH}/${ARCH}/plat_helpers.S \
- ${PLAT_QEMU_COMMON_PATH}/qemu_bl1_setup.c
-
-BL1_SOURCES += ${QEMU_CPU_LIBS}
-
-BL2_SOURCES += drivers/io/io_semihosting.c \
- drivers/io/io_storage.c \
- drivers/io/io_fip.c \
- drivers/io/io_memmap.c \
- lib/semihosting/semihosting.c \
- lib/semihosting/${ARCH}/semihosting_call.S \
- ${PLAT_QEMU_COMMON_PATH}/qemu_io_storage.c \
- ${PLAT_QEMU_COMMON_PATH}/${ARCH}/plat_helpers.S \
- ${PLAT_QEMU_COMMON_PATH}/qemu_bl2_setup.c \
- common/fdt_fixup.c \
- $(LIBFDT_SRCS)
-ifeq (${LOAD_IMAGE_V2},1)
-BL2_SOURCES += ${PLAT_QEMU_COMMON_PATH}/qemu_bl2_mem_params_desc.c \
- ${PLAT_QEMU_COMMON_PATH}/qemu_image_load.c \
- common/desc_image_load.c
-endif
+BL2_SOURCES += $(LIBFDT_SRCS)
# Include GICv3 driver files
include drivers/arm/gic/v3/gicv3.mk
@@ -92,18 +39,10 @@
QEMU_GIC_SOURCES := ${GICV3_SOURCES} \
plat/common/plat_gicv3.c
-BL31_SOURCES += ${QEMU_CPU_LIBS} \
- lib/semihosting/semihosting.c \
- lib/semihosting/${ARCH}/semihosting_call.S \
- plat/common/plat_psci_common.c \
- ${PLAT_QEMU_PATH}/sbsa_gic.c \
+BL31_SOURCES += ${PLAT_QEMU_PATH}/sbsa_gic.c \
${PLAT_QEMU_PATH}/sbsa_pm.c \
${PLAT_QEMU_PATH}/sbsa_sip_svc.c \
- ${PLAT_QEMU_PATH}/sbsa_topology.c \
- ${PLAT_QEMU_COMMON_PATH}/aarch64/plat_helpers.S \
- ${PLAT_QEMU_COMMON_PATH}/qemu_bl31_setup.c \
- common/fdt_fixup.c \
- ${QEMU_GIC_SOURCES}
+ ${PLAT_QEMU_PATH}/sbsa_topology.c
BL31_SOURCES += ${FDT_WRAPPERS_SOURCES}
@@ -111,17 +50,6 @@
BL31_SOURCES += ${PLAT_QEMU_COMMON_PATH}/qemu_spm.c
endif
-SEPARATE_CODE_AND_RODATA := 1
-ENABLE_STACK_PROTECTOR := 0
-ifneq ($(ENABLE_STACK_PROTECTOR), 0)
- PLAT_BL_COMMON_SOURCES += ${PLAT_QEMU_COMMON_PATH}/qemu_stack_protector.c
-endif
-
-MULTI_CONSOLE_API := 1
-
-# Disable the PSCI platform compatibility layer
-ENABLE_PLAT_COMPAT := 0
-
# Use known base for UEFI if not given from command line
# By default BL33 is at FLASH1 base
PRELOADED_BL33_BASE ?= 0x10000000
@@ -137,10 +65,3 @@
ARM_PRELOADED_DTB_BASE := PLAT_QEMU_DT_BASE
$(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
-
-# Later QEMU versions support SME and SVE.
-ENABLE_SVE_FOR_NS := 2
-ENABLE_SME_FOR_NS := 2
-
-# QEMU 7.2+ has support for FGT and Linux needs it enabled to boot on max
-ENABLE_FEAT_FGT := 2
diff --git a/plat/qti/msm8916/platform.mk b/plat/qti/msm8916/platform.mk
index 4f4dcb4..c71ad94 100644
--- a/plat/qti/msm8916/platform.mk
+++ b/plat/qti/msm8916/platform.mk
@@ -75,11 +75,14 @@
PRELOADED_BL33_BASE ?= 0x8f600000
ifeq (${ARCH},aarch64)
-BL32_BASE ?= BL31_LIMIT
-$(eval $(call add_define,BL31_BASE))
+ BL32_BASE ?= BL31_LIMIT
+ $(eval $(call add_define,BL31_BASE))
else
-# There is no BL31 on aarch32, so reuse its location for BL32
-BL32_BASE ?= $(BL31_BASE)
+ ifeq (${AARCH32_SP},none)
+ $(error Variable AARCH32_SP has to be set for AArch32)
+ endif
+ # There is no BL31 on aarch32, so reuse its location for BL32
+ BL32_BASE ?= $(BL31_BASE)
endif
$(eval $(call add_define,BL32_BASE))
diff --git a/plat/rockchip/rk3288/platform.mk b/plat/rockchip/rk3288/platform.mk
index b8dd195..e6f78cf 100644
--- a/plat/rockchip/rk3288/platform.mk
+++ b/plat/rockchip/rk3288/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -67,3 +67,7 @@
ENABLE_SVE_FOR_NS := 0
WORKAROUND_CVE_2017_5715 := 0
+
+ifeq (${AARCH32_SP}, none)
+ $(error Variable AARCH32_SP has to be set for AArch32)
+endif
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
index dacef74..495f0c7 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
@@ -413,7 +413,7 @@
struct ti_sci_xfer xfer;
int ret;
- ret = ti_sci_setup_one_xfer(TI_SCI_MSG_GET_DEVICE_STATE, 0,
+ ret = ti_sci_setup_one_xfer(TI_SCI_MSG_SET_DEVICE_STATE, 0,
&req, sizeof(req),
NULL, 0,
&xfer);
@@ -1389,7 +1389,7 @@
struct ti_sci_xfer xfer;
int ret;
- ret = ti_sci_setup_one_xfer(TI_SCI_MSG_GET_DEVICE_STATE, 0,
+ ret = ti_sci_setup_one_xfer(TISCI_MSG_SET_PROC_BOOT_CTRL, 0,
&req, sizeof(req),
NULL, 0,
&xfer);
@@ -1623,7 +1623,7 @@
struct ti_sci_xfer xfer;
int ret;
- ret = ti_sci_setup_one_xfer(TI_SCI_MSG_GET_DEVICE_STATE, 0,
+ ret = ti_sci_setup_one_xfer(TISCI_MSG_WAIT_PROC_BOOT_STATUS, 0,
&req, sizeof(req),
NULL, 0,
&xfer);
@@ -1669,7 +1669,7 @@
struct ti_sci_xfer xfer;
int ret;
- ret = ti_sci_setup_one_xfer(TI_SCI_MSG_GET_DEVICE_STATE, 0,
+ ret = ti_sci_setup_one_xfer(TI_SCI_MSG_ENTER_SLEEP, 0,
&req, sizeof(req),
NULL, 0,
&xfer);
diff --git a/plat/xilinx/common/plat_fdt.c b/plat/xilinx/common/plat_fdt.c
index dc3e893..7f93340 100644
--- a/plat/xilinx/common/plat_fdt.c
+++ b/plat/xilinx/common/plat_fdt.c
@@ -12,11 +12,17 @@
#include <plat_fdt.h>
#include <platform_def.h>
-#if (defined(XILINX_OF_BOARD_DTB_ADDR) && !IS_TFA_IN_OCM(BL31_BASE))
void prepare_dtb(void)
{
- void *dtb = (void *)XILINX_OF_BOARD_DTB_ADDR;
+ void *dtb;
int ret;
+#if !defined(XILINX_OF_BOARD_DTB_ADDR)
+ return;
+#else
+ dtb = (void *)XILINX_OF_BOARD_DTB_ADDR;
+#endif
+ if (IS_TFA_IN_OCM(BL31_BASE))
+ return;
/* Return if no device tree is detected */
if (fdt_check_header(dtb) != 0) {
@@ -45,8 +51,3 @@
clean_dcache_range((uintptr_t)dtb, fdt_blob_size(dtb));
INFO("Changed device tree to advertise PSCI and reserved memories.\n");
}
-#else
-void prepare_dtb(void)
-{
-}
-#endif
diff --git a/plat/xilinx/versal/include/platform_def.h b/plat/xilinx/versal/include/platform_def.h
index 4c0df4f..4c02402 100644
--- a/plat/xilinx/versal/include/platform_def.h
+++ b/plat/xilinx/versal/include/platform_def.h
@@ -79,7 +79,7 @@
#define XILINX_OF_BOARD_DTB_MAX_SIZE U(0x200000)
-#define PLAT_OCM_BSE U(0xFFFE0000)
+#define PLAT_OCM_BASE U(0xFFFE0000)
#define PLAT_OCM_LIMIT U(0xFFFFFFFF)
#define IS_TFA_IN_OCM(x) ((x >= PLAT_OCM_BASE) && (x < PLAT_OCM_LIMIT))
diff --git a/poetry.lock b/poetry.lock
index 07cd572..12d546a 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -68,13 +68,13 @@
[[package]]
name = "certifi"
-version = "2022.12.7"
+version = "2023.7.22"
description = "Python package for providing Mozilla's CA Bundle."
optional = false
python-versions = ">=3.6"
files = [
- {file = "certifi-2022.12.7-py3-none-any.whl", hash = "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"},
- {file = "certifi-2022.12.7.tar.gz", hash = "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3"},
+ {file = "certifi-2023.7.22-py3-none-any.whl", hash = "sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9"},
+ {file = "certifi-2023.7.22.tar.gz", hash = "sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082"},
]
[[package]]