Merge changes from topic "ar/errata_refactor" into integration
* changes:
refactor(cpus): convert Neoverse Poseidon to use CPU helpers
refactor(cpus): convert Neoverse Poseidon to framework
diff --git a/.gitignore b/.gitignore
index ac9a11d..e07d997 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,6 +22,7 @@
tools/renesas/rzg_layout_create/*.elf
tools/fiptool/fiptool
tools/fiptool/fiptool.exe
+tools/memory/memory/__pycache__/
tools/cert_create/src/*.o
tools/cert_create/src/**/*.o
tools/cert_create/cert_create
diff --git a/bl32/sp_min/aarch32/entrypoint.S b/bl32/sp_min/aarch32/entrypoint.S
index f102967..693dd4b 100644
--- a/bl32/sp_min/aarch32/entrypoint.S
+++ b/bl32/sp_min/aarch32/entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -62,11 +62,8 @@
* The Cold boot/Reset entrypoint for SP_MIN
*/
func sp_min_entrypoint
-#if !RESET_TO_SP_MIN
/* ---------------------------------------------------------------
- * Preceding bootloader has populated r0 with a pointer to a
- * 'bl_params_t' structure & r1 with a pointer to platform
- * specific structure
+ * Stash the previous bootloader arguments r0 - r3 for later use.
* ---------------------------------------------------------------
*/
mov r9, r0
@@ -74,6 +71,7 @@
mov r11, r2
mov r12, r3
+#if !RESET_TO_SP_MIN
/* ---------------------------------------------------------------------
* For !RESET_TO_SP_MIN systems, only the primary CPU ever reaches
* sp_min_entrypoint() during the cold boot flow, so the cold/warm boot
@@ -91,11 +89,6 @@
_init_c_runtime=1 \
_exception_vectors=sp_min_vector_table \
_pie_fixup_size=FIXUP_SIZE
-
- /* ---------------------------------------------------------------------
- * Relay the previous bootloader's arguments to the platform layer
- * ---------------------------------------------------------------------
- */
#else
/* ---------------------------------------------------------------------
* For RESET_TO_SP_MIN systems which have a programmable reset address,
@@ -111,24 +104,16 @@
_init_c_runtime=1 \
_exception_vectors=sp_min_vector_table \
_pie_fixup_size=FIXUP_SIZE
-
- /* ---------------------------------------------------------------------
- * For RESET_TO_SP_MIN systems, BL32 (SP_MIN) is the first bootloader
- * to run so there's no argument to relay from a previous bootloader.
- * Zero the arguments passed to the platform layer to reflect that.
- * ---------------------------------------------------------------------
- */
- mov r9, #0
- mov r10, #0
- mov r11, #0
- mov r12, #0
-
#endif /* RESET_TO_SP_MIN */
#if SP_MIN_WITH_SECURE_FIQ
route_fiq_to_sp_min r4
#endif
+ /* ---------------------------------------------------------------------
+ * Relay the previous bootloader's arguments to the platform layer
+ * ---------------------------------------------------------------------
+ */
mov r0, r9
mov r1, r10
mov r2, r11
diff --git a/bl32/sp_min/sp_min.mk b/bl32/sp_min/sp_min.mk
index 0b7bc57..065468c 100644
--- a/bl32/sp_min/sp_min.mk
+++ b/bl32/sp_min/sp_min.mk
@@ -17,6 +17,7 @@
bl32/sp_min/aarch32/entrypoint.S \
common/runtime_svc.c \
plat/common/aarch32/plat_sp_min_common.c\
+ services/arm_arch_svc/arm_arch_svc_setup.c \
services/std_svc/std_svc_setup.c \
${PSCI_LIB_SOURCES}
diff --git a/bl32/sp_min/sp_min_main.c b/bl32/sp_min/sp_min_main.c
index f050160..26cf207 100644
--- a/bl32/sp_min/sp_min_main.c
+++ b/bl32/sp_min/sp_min_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -134,6 +134,7 @@
assert(NON_SECURE == GET_SECURITY_STATE(next_image_info->h.attr));
INFO("SP_MIN: Preparing exit to normal world\n");
+ print_entry_point_info(next_image_info);
psci_prepare_next_non_secure_ctx(next_image_info);
smc_set_next_ctx(NON_SECURE);
diff --git a/docs/getting_started/docs-build.rst b/docs/getting_started/docs-build.rst
index aa8c2bb..50fff57 100644
--- a/docs/getting_started/docs-build.rst
+++ b/docs/getting_started/docs-build.rst
@@ -74,6 +74,26 @@
poetry run make -C docs help
+To build the documentation in PDF format, additionally ensure that the following
+packages are installed:
+
+- FreeSerif font
+- latexmk
+- librsvg2-bin
+- xelatex
+- xindy
+
+Below is an example set of instructions to install the required packages
+(tested on Ubuntu):
+
+.. code:: shell
+
+ sudo apt install fonts-freefont-otf latexmk librsvg2-bin texlive-xetex xindy
+
+Once all the dependencies are installed, run the command ``poetry run make -C
+docs latexpdf`` to build the documentation. Output from the build process
+(``trustedfirmware-a.pdf``) can be found in ``docs/build/latex``.
+
Building rendered documentation from Poetry's virtual environment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/lib/cpus/aarch32/cortex_a12.S b/lib/cpus/aarch32/cortex_a12.S
index 089c089..8eec27c 100644
--- a/lib/cpus/aarch32/cortex_a12.S
+++ b/lib/cpus/aarch32/cortex_a12.S
@@ -64,6 +64,10 @@
bl plat_disable_acp
+ /* Flush L2 caches */
+ mov r0, #DC_OP_CISW
+ bl dcsw_op_level2
+
/* Exit cluster coherency */
pop {r12, lr}
b cortex_a12_disable_smp
diff --git a/lib/cpus/aarch32/cortex_a15.S b/lib/cpus/aarch32/cortex_a15.S
index 01323f5..b41676d 100644
--- a/lib/cpus/aarch32/cortex_a15.S
+++ b/lib/cpus/aarch32/cortex_a15.S
@@ -163,6 +163,10 @@
bl plat_disable_acp
+ /* Flush L2 caches */
+ mov r0, #DC_OP_CISW
+ bl dcsw_op_level2
+
/* Exit cluster coherency */
pop {r12, lr}
b cortex_a15_disable_smp
diff --git a/lib/cpus/aarch32/cortex_a17.S b/lib/cpus/aarch32/cortex_a17.S
index 8d76ab2..1877570 100644
--- a/lib/cpus/aarch32/cortex_a17.S
+++ b/lib/cpus/aarch32/cortex_a17.S
@@ -159,6 +159,10 @@
bl plat_disable_acp
+ /* Flush L2 caches */
+ mov r0, #DC_OP_CISW
+ bl dcsw_op_level2
+
/* Exit cluster coherency */
pop {r12, lr}
b cortex_a17_disable_smp
diff --git a/lib/cpus/aarch32/cortex_a7.S b/lib/cpus/aarch32/cortex_a7.S
index 71542d5..4842ca6 100644
--- a/lib/cpus/aarch32/cortex_a7.S
+++ b/lib/cpus/aarch32/cortex_a7.S
@@ -64,6 +64,10 @@
bl plat_disable_acp
+ /* Flush L2 caches */
+ mov r0, #DC_OP_CISW
+ bl dcsw_op_level2
+
/* Exit cluster coherency */
pop {r12, lr}
b cortex_a7_disable_smp
diff --git a/lib/cpus/aarch64/cpu_helpers.S b/lib/cpus/aarch64/cpu_helpers.S
index a4285ed..1ae3180 100644
--- a/lib/cpus/aarch64/cpu_helpers.S
+++ b/lib/cpus/aarch64/cpu_helpers.S
@@ -33,6 +33,15 @@
/* Get the matching cpu_ops pointer */
bl get_cpu_ops_ptr
+#if ENABLE_ASSERTIONS
+ /*
+ * Assert if invalid cpu_ops obtained. If this is not valid, it may
+ * suggest that the proper CPU file hasn't been included.
+ */
+ cmp x0, #0
+ ASM_ASSERT(ne)
+#endif
+
/* Get the cpu_ops reset handler */
ldr x2, [x0, #CPU_RESET_FUNC]
mov x30, x19
diff --git a/lib/cpus/aarch64/neoverse_v2.S b/lib/cpus/aarch64/neoverse_v2.S
index 6e00e5e..36ae4de 100644
--- a/lib/cpus/aarch64/neoverse_v2.S
+++ b/lib/cpus/aarch64/neoverse_v2.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,6 +22,25 @@
#error "Neoverse V2 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+workaround_runtime_start neoverse_v2, ERRATUM(2801372), ERRATA_V2_2801372
+ /* dsb before isb of power down sequence */
+ dsb sy
+workaround_runtime_end neoverse_v2, ERRATUM(2801372), ERRATA_V2_2801372
+
+check_erratum_ls neoverse_v2, ERRATUM(2801372), CPU_REV(0, 1)
+
+workaround_reset_start neoverse_v2, CVE(2022,23960), WORKAROUND_CVE_2022_23960
+#if IMAGE_BL31
+ /*
+ * The Neoverse-V2 generic vectors are overridden to apply errata
+ * mitigation on exception entry from lower ELs.
+ */
+ override_vector_table wa_cve_vbar_neoverse_v2
+#endif /* IMAGE_BL31 */
+workaround_reset_end neoverse_v2, CVE(2022,23960)
+
+check_erratum_chosen neoverse_v2, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
+
#if WORKAROUND_CVE_2022_23960
wa_cve_2022_23960_bhb_vector_table NEOVERSE_V2_BHB_LOOP_COUNT, neoverse_v2
#endif /* WORKAROUND_CVE_2022_23960 */
@@ -35,90 +54,19 @@
* Enable CPU power down bit in power control register
* ---------------------------------------------------
*/
- mrs x0, NEOVERSE_V2_CPUPWRCTLR_EL1
- orr x0, x0, #NEOVERSE_V2_CPUPWRCTLR_EL1_CORE_PWRDN_BIT
- msr NEOVERSE_V2_CPUPWRCTLR_EL1, x0
-#if ERRATA_V2_2801372
- mov x15, x30
- bl cpu_get_rev_var
- bl errata_neoverse_v2_2801372_wa
- mov x30, x15
-#endif /* ERRATA_V2_2801372 */
+ sysreg_bit_set NEOVERSE_V2_CPUPWRCTLR_EL1, NEOVERSE_V2_CPUPWRCTLR_EL1_CORE_PWRDN_BIT
+ apply_erratum neoverse_v2, ERRATUM(2801372), ERRATA_V2_2801372
+
isb
ret
endfunc neoverse_v2_core_pwr_dwn
-func check_errata_cve_2022_23960
-#if WORKAROUND_CVE_2022_23960
- mov x0, #ERRATA_APPLIES
-#else
- mov x0, #ERRATA_MISSING
-#endif
- ret
-endfunc check_errata_cve_2022_23960
-
- /* ----------------------------------------------------
- * Errata Workaround for Neoverse V2 Errata #2801372
- * This applies to revisions <= r0p1 and is fixed in r0p2.
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * ----------------------------------------------------
- */
-func errata_neoverse_v2_2801372_wa
- mov x17, x30
- bl check_errata_2801372
- cbz x0, 1f
-
- /* dsb before isb of power down sequence */
- dsb sy
-1:
- ret x17
-endfunc errata_neoverse_v2_2801372_wa
-
-func check_errata_2801372
- /* Applies to all revisions <= r0p1 */
- mov x1, #0x01
- b cpu_rev_var_ls
-endfunc check_errata_2801372
-
-func neoverse_v2_reset_func
+cpu_reset_func_start neoverse_v2
/* Disable speculative loads */
msr SSBS, xzr
-
-#if IMAGE_BL31 && WORKAROUND_CVE_2022_23960
- /*
- * The Neoverse V2 vectors are overridden to apply
- * errata mitigation on exception entry from lower ELs.
- */
- adr x0, wa_cve_vbar_neoverse_v2
- msr vbar_el3, x0
-#endif /* IMAGE_BL31 && WORKAROUND_CVE_2022_23960 */
- isb
- ret
-endfunc neoverse_v2_reset_func
-
-#if REPORT_ERRATA
-/*
- * Errata printing function for Neoverse V2. Must follow AAPCS.
- */
-func neoverse_v2_errata_report
- stp x8, x30, [sp, #-16]!
-
- bl cpu_get_rev_var
- mov x8, x0
-
- /*
- * Report all errata. The revision-variant information is passed to
- * checking functions of each errata.
- */
- report_errata WORKAROUND_CVE_2022_23960, neoverse_v2, cve_2022_23960
- report_errata ERRATA_V2_2801372, neoverse_v2, 2801372
-
- ldp x8, x30, [sp], #16
- ret
-endfunc neoverse_v2_errata_report
-#endif
+cpu_reset_func_end neoverse_v2
+errata_report_shim neoverse_v2
/* ---------------------------------------------
* This function provides Neoverse V2-
* specific register information for crash
diff --git a/plat/st/stm32mp1/sp_min/sp_min-stm32mp1.mk b/plat/st/stm32mp1/sp_min/sp_min-stm32mp1.mk
index f5184e7..9695c9b 100644
--- a/plat/st/stm32mp1/sp_min/sp_min-stm32mp1.mk
+++ b/plat/st/stm32mp1/sp_min/sp_min-stm32mp1.mk
@@ -48,6 +48,3 @@
BL32_SOURCES += plat/st/stm32mp1/services/bsec_svc.c \
plat/st/stm32mp1/services/stm32mp1_svc_setup.c \
plat/st/stm32mp1/stm32mp1_scmi.c
-
-# Arm Archtecture services
-BL32_SOURCES += services/arm_arch_svc/arm_arch_svc_setup.c
diff --git a/plat/xilinx/common/include/pm_svc_main.h b/plat/xilinx/common/include/pm_svc_main.h
index 1a27bdf..4cf7727 100644
--- a/plat/xilinx/common/include/pm_svc_main.h
+++ b/plat/xilinx/common/include/pm_svc_main.h
@@ -10,6 +10,26 @@
#include <pm_common.h>
+/******************************************************************************/
+/**
+ * SECURE_REDUNDANT_CALL() - Adds redundancy to the function call. This is to
+ * avoid glitches which can skip a function call
+ * and cause altering of the code flow in security
+ * critical functions.
+ * @status: Variable which holds the return value of function executed
+ * @status_tmp: Variable which holds the return value of redundant function
+ * call executed
+ * @function: Function to be executed
+ *
+ * Return: None
+ *
+ ******************************************************************************/
+#define SECURE_REDUNDANT_CALL(status, status_tmp, function, ...) \
+ { \
+ status = function(__VA_ARGS__); \
+ status_tmp = function(__VA_ARGS__); \
+ }
+
int32_t pm_setup(void);
uint64_t pm_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, uint64_t x3,
uint64_t x4, const void *cookie, void *handle,
diff --git a/plat/xilinx/common/pm_service/pm_svc_main.c b/plat/xilinx/common/pm_service/pm_svc_main.c
index fb32f2a..1e5808c 100644
--- a/plat/xilinx/common/pm_service/pm_svc_main.c
+++ b/plat/xilinx/common/pm_service/pm_svc_main.c
@@ -23,6 +23,7 @@
#include "pm_api_sys.h"
#include "pm_client.h"
#include "pm_ipi.h"
+#include "pm_svc_main.h"
#define MODE 0x80000000U
@@ -399,8 +400,9 @@
{
uintptr_t ret;
uint32_t pm_arg[PAYLOAD_ARG_CNT] = {0};
- uint32_t security_flag = SECURE_FLAG;
+ uint32_t security_flag = NON_SECURE_FLAG;
uint32_t api_id;
+ bool status = false, status_tmp = false;
/* Handle case where PM wasn't initialized properly */
if (pm_up == false) {
@@ -408,11 +410,14 @@
}
/*
- * Mark BIT24 payload (i.e 1st bit of pm_arg[3] ) as non-secure (1)
- * if smc called is non secure
+ * Mark BIT24 payload (i.e 1st bit of pm_arg[3] ) as secure (0)
+ * if smc called is secure
+ *
+ * Add redundant macro call to immune the code from glitches
*/
- if (is_caller_non_secure(flags) != 0) {
- security_flag = NON_SECURE_FLAG;
+ SECURE_REDUNDANT_CALL(status, status_tmp, is_caller_secure, flags);
+ if ((status != false) && (status_tmp != false)) {
+ security_flag = SECURE_FLAG;
}
pm_arg[0] = (uint32_t)x1;
diff --git a/plat/xilinx/versal/versal_ipi.c b/plat/xilinx/versal/versal_ipi.c
index cdee6b5..74b082d 100644
--- a/plat/xilinx/versal/versal_ipi.c
+++ b/plat/xilinx/versal/versal_ipi.c
@@ -20,7 +20,7 @@
[IPI_ID_PMC] = {
.ipi_bit_mask = PMC_IPI_TRIG_BIT,
.ipi_reg_base = PMC_REG_BASE,
- .secure_only = 0U,
+ .secure_only = IPI_SECURE_MASK,
},
/* A72 IPI */
diff --git a/plat/xilinx/versal_net/versal_net_ipi.c b/plat/xilinx/versal_net/versal_net_ipi.c
index 0943c62..e8d8fb7 100644
--- a/plat/xilinx/versal_net/versal_net_ipi.c
+++ b/plat/xilinx/versal_net/versal_net_ipi.c
@@ -26,7 +26,7 @@
[IPI_ID_PMC] = {
.ipi_bit_mask = PMC_IPI_TRIG_BIT,
.ipi_reg_base = IPI0_REG_BASE,
- .secure_only = 0,
+ .secure_only = IPI_SECURE_MASK,
},
/* RPU0 IPI */
diff --git a/services/arm_arch_svc/arm_arch_svc_setup.c b/services/arm_arch_svc/arm_arch_svc_setup.c
index bb042c7..57d211e 100644
--- a/services/arm_arch_svc/arm_arch_svc_setup.c
+++ b/services/arm_arch_svc/arm_arch_svc_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -28,6 +28,8 @@
return SMC_ARCH_CALL_SUCCESS;
case SMCCC_ARCH_SOC_ID:
return plat_is_smccc_feature_available(arg1);
+#ifdef __aarch64__
+ /* Workaround checks are currently only implemented for aarch64 */
#if WORKAROUND_CVE_2017_5715
case SMCCC_ARCH_WORKAROUND_1:
if (check_wa_cve_2017_5715() == ERRATA_NOT_APPLIES)
@@ -88,6 +90,7 @@
}
return 0; /* ERRATA_APPLIES || ERRATA_MISSING */
#endif
+#endif /* __aarch64__ */
/* Fallthrough */
@@ -128,6 +131,7 @@
SMC_RET1(handle, smccc_arch_features(x1));
case SMCCC_ARCH_SOC_ID:
SMC_RET1(handle, smccc_arch_id(x1));
+#ifdef __aarch64__
#if WORKAROUND_CVE_2017_5715
case SMCCC_ARCH_WORKAROUND_1:
/*
@@ -156,6 +160,7 @@
*/
SMC_RET0(handle);
#endif
+#endif /* __aarch64__ */
default:
WARN("Unimplemented Arm Architecture Service Call: 0x%x \n",
smc_fid);