Merge "fix(imx8mp): uncondtionally enable only the USB power domain" into integration
diff --git a/.versionrc.js b/.versionrc.js
index c7ee4a2..ac473b0 100644
--- a/.versionrc.js
+++ b/.versionrc.js
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -84,9 +84,9 @@
"filename": "pyproject.toml",
"updater": {
"readVersion": function (contents) {
- const _ver = contents.match(/version\s=.*"(\d)\.(\d)\.(\d)/);
+ const _ver = contents.match(/version\s=.*"(\d+?)\.(\d+?)\.(\d+?)/);
- return `${_ver[1]}.${_ver[2]}.${_ver[2]}`;
+ return `${_ver[1]}.${_ver[2]}.${_ver[3]}`;
},
"writeVersion": function (contents, version) {
@@ -104,9 +104,9 @@
"filename": "docs/conf.py",
"updater": {
"readVersion": function (contents) {
- const _ver = contents.match(/version\s=.*"(\d)\.(\d)\.(\d)/);
+ const _ver = contents.match(/version\s=.*"(\d+?)\.(\d+?)\.(\d+?)/);
- return `${_ver[1]}.${_ver[2]}.${_ver[2]}`;
+ return `${_ver[1]}.${_ver[2]}.${_ver[3]}`;
},
"writeVersion": function (contents, version) {
diff --git a/Makefile b/Makefile
index f8b230d..f324ebc 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -9,7 +9,8 @@
#
VERSION_MAJOR := 2
VERSION_MINOR := 10
-VERSION_PATCH := 0 # Only used for LTS releases
+# VERSION_PATCH is only used for LTS releases
+VERSION_PATCH := 0
VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}
# Default goal is build all images
@@ -100,14 +101,12 @@
export HOSTCC
CC := ${CROSS_COMPILE}gcc
-CPP := ${CROSS_COMPILE}cpp
+CPP := ${CROSS_COMPILE}gcc -E
AS := ${CROSS_COMPILE}gcc
-AR := ${CROSS_COMPILE}ar
+AR := ${CROSS_COMPILE}gcc-ar
LINKER := ${CROSS_COMPILE}ld
OC := ${CROSS_COMPILE}objcopy
OD := ${CROSS_COMPILE}objdump
-NM := ${CROSS_COMPILE}nm
-PP := ${CROSS_COMPILE}gcc -E
DTC := dtc
# Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH).
@@ -162,15 +161,6 @@
################################################################################
arch-features = ${ARM_ARCH_FEATURE}
-# Set the compiler's architecture feature modifiers
-ifneq ($(arch-features), none)
- # Strip "none+" from arch-features
- arch-features := $(subst none+,,$(arch-features))
- march-directive := $(march-directive)+$(arch-features)
-# Print features
- $(info Arm Architecture Features specified: $(subst +, ,$(arch-features)))
-endif #(arch-features)
-
ifneq ($(findstring clang,$(notdir $(CC))),)
ifneq ($(findstring armclang,$(notdir $(CC))),)
TF_CFLAGS_aarch32 := -target arm-arm-none-eabi
@@ -187,7 +177,6 @@
endif
CPP := $(CC) -E $(TF_CFLAGS_$(ARCH))
- PP := $(CC) -E $(TF_CFLAGS_$(ARCH))
AS := $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH))
else ifneq ($(findstring gcc,$(notdir $(CC))),)
ifeq ($(ENABLE_LTO),1)
@@ -235,8 +224,6 @@
TF_CFLAGS_aarch32 += -mno-unaligned-access
TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align
-ASFLAGS += $(march-directive)
-
##############################################################################
# WARNINGS Configuration
###############################################################################
@@ -356,6 +343,7 @@
# LD = gcc (used when GCC LTO is enabled)
else ifneq ($(findstring gcc,$(notdir $(LD))),)
# Pass ld options with Wl or Xlinker switches
+ TF_LDFLAGS += $(call ld_option,-Xlinker --no-warn-rwx-segments)
TF_LDFLAGS += -Wl,--fatal-warnings -O1
TF_LDFLAGS += -Wl,--gc-sections
@@ -693,6 +681,7 @@
include ${MAKE_HELPERS_DIRECTORY}march.mk
TF_CFLAGS += $(march-directive)
+ASFLAGS += $(march-directive)
# This internal flag is common option which is set to 1 for scenarios
# when the BL2 is running in EL3 level. This occurs in two scenarios -
@@ -935,12 +924,6 @@
endif
endif #(CTX_INCLUDE_PAUTH_REGS)
-ifeq ($(CTX_INCLUDE_MTE_REGS),1)
- ifneq (${ARCH},aarch64)
- $(error CTX_INCLUDE_MTE_REGS requires AArch64)
- endif
-endif #(CTX_INCLUDE_MTE_REGS)
-
ifeq ($(PSA_FWU_SUPPORT),1)
$(info PSA_FWU_SUPPORT is an experimental feature)
endif #(PSA_FWU_SUPPORT)
@@ -1047,12 +1030,6 @@
endif
endif
-# Determine if FEAT_RNG is supported
-ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0)
-
-# Determine if FEAT_SB is supported
-ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0)
-
ifeq ($(PSA_CRYPTO),1)
$(info PSA_CRYPTO is an experimental feature)
endif
@@ -1178,7 +1155,6 @@
ENABLE_AMU_FCONF \
AMU_RESTRICT_COUNTERS \
ENABLE_ASSERTIONS \
- ENABLE_FEAT_SB \
ENABLE_PIE \
ENABLE_PMF \
ENABLE_PSCI_STAT \
@@ -1254,7 +1230,6 @@
ARM_ARCH_MINOR \
BRANCH_PROTECTION \
CTX_INCLUDE_PAUTH_REGS \
- CTX_INCLUDE_MTE_REGS \
CTX_INCLUDE_NEVE_REGS \
CRYPTO_SUPPORT \
DISABLE_MTPMU \
@@ -1265,15 +1240,19 @@
ENABLE_FEAT_AMU \
ENABLE_FEAT_AMUv1p1 \
ENABLE_FEAT_CSV2_2 \
+ ENABLE_FEAT_CSV2_3 \
ENABLE_FEAT_DIT \
ENABLE_FEAT_ECV \
ENABLE_FEAT_FGT \
ENABLE_FEAT_HCX \
+ ENABLE_FEAT_MTE \
+ ENABLE_FEAT_MTE2 \
ENABLE_FEAT_PAN \
ENABLE_FEAT_RNG \
ENABLE_FEAT_RNG_TRAP \
ENABLE_FEAT_SEL2 \
ENABLE_FEAT_TCR2 \
+ ENABLE_FEAT_SB \
ENABLE_FEAT_S2PIE \
ENABLE_FEAT_S1PIE \
ENABLE_FEAT_S2POE \
@@ -1324,7 +1303,6 @@
CTX_INCLUDE_PAUTH_REGS \
CTX_INCLUDE_MPAM_REGS \
EL3_EXCEPTION_HANDLING \
- CTX_INCLUDE_MTE_REGS \
CTX_INCLUDE_EL2_REGS \
CTX_INCLUDE_NEVE_REGS \
DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \
@@ -1420,6 +1398,7 @@
ENABLE_FEAT_SEL2 \
ENABLE_FEAT_VHE \
ENABLE_FEAT_CSV2_2 \
+ ENABLE_FEAT_CSV2_3 \
ENABLE_FEAT_PAN \
ENABLE_FEAT_TCR2 \
ENABLE_FEAT_S2PIE \
@@ -1427,6 +1406,8 @@
ENABLE_FEAT_S2POE \
ENABLE_FEAT_S1POE \
ENABLE_FEAT_GCS \
+ ENABLE_FEAT_MTE \
+ ENABLE_FEAT_MTE2 \
ENABLE_FEAT_MTE_PERM \
FEATURE_DETECTION \
TWED_DELAY \
@@ -1591,8 +1572,8 @@
# Add Secure Partition packages
ifeq (${NEED_SP_PKG},yes)
-$(BUILD_PLAT)/sp_gen.mk : ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT}
- ${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} ${SP_DTS_LIST_FRAGMENT}
+$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT}
+ @${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} ${SP_DTS_LIST_FRAGMENT}
sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS)
@${ECHO_BLANK_LINE}
@echo "Built SP Images successfully"
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 40e3df8..9959a3e 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -161,6 +161,10 @@
${MBEDTLS_SOURCES}
endif
+ifeq ($(CROS_WIDEVINE_SMC),1)
+BL31_SOURCES += services/oem/chromeos/widevine_smc_handlers.c
+endif
+
BL31_DEFAULT_LINKER_SCRIPT_SOURCE := bl31/bl31.ld.S
ifneq ($(findstring gcc,$(notdir $(LD))),)
diff --git a/bl31/ehf.c b/bl31/ehf.c
index 6f3d941..5b78ebb 100644
--- a/bl31/ehf.c
+++ b/bl31/ehf.c
@@ -478,13 +478,10 @@
/* Route EL3 interrupts when in Non-secure. */
set_interrupt_rm_flag(flags, NON_SECURE);
- /*
- * Route EL3 interrupts when in secure, only when SPMC is not present
- * in S-EL2.
- */
-#if !(defined(SPD_spmd) && (SPMD_SPM_AT_SEL2 == 1))
+ /* Route EL3 interrupts only when SPM_MM present in secure. */
+#if SPM_MM
set_interrupt_rm_flag(flags, SECURE);
-#endif /* !(defined(SPD_spmd) && (SPMD_SPM_AT_SEL2 == 1)) */
+#endif
/* Register handler for EL3 interrupts */
ret = register_interrupt_type_handler(INTR_TYPE_EL3,
diff --git a/bl32/tsp/tsp_main.c b/bl32/tsp/tsp_main.c
index 1ab2260..d8031f9 100644
--- a/bl32/tsp/tsp_main.c
+++ b/bl32/tsp/tsp_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -238,13 +238,13 @@
service_arg0 = (uint64_t)service_args;
service_arg1 = (uint64_t)(service_args >> 64U);
-#if CTX_INCLUDE_MTE_REGS
/*
* Write a dummy value to an MTE register, to simulate usage in the
* secure world
*/
- write_gcr_el1(0x99);
-#endif
+ if (is_feat_mte_supported()) {
+ write_gcr_el1(0x99);
+ }
/* Determine the function to perform based on the function ID */
switch (TSP_BARE_FID(func)) {
diff --git a/changelog.yaml b/changelog.yaml
index f67ad29..35ffaa8 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+# Copyright (c) 2021-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -774,6 +774,9 @@
- title: PSCI
scope: psci
+ - title: ROMlib
+ scope: romlib
+
- title: GPT
scope: gpt
diff --git a/common/feat_detect.c b/common/feat_detect.c
index be22c6e..7a2f0d7 100644
--- a/common/feat_detect.c
+++ b/common/feat_detect.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -70,18 +70,6 @@
#endif
}
-/************************************************
- * Feature : FEAT_MTE (Memory Tagging Extension)
- ***********************************************/
-static void read_feat_mte(void)
-{
-#if (CTX_INCLUDE_MTE_REGS == FEAT_STATE_ALWAYS)
- unsigned int mte = get_armv8_5_mte_support();
-
- feat_detect_panic((mte != MTE_UNIMPLEMENTED), "MTE");
-#endif
-}
-
/****************************************************
* Feature : FEAT_BTI (Branch Target Identification)
***************************************************/
@@ -179,7 +167,10 @@
"TRF", 1, 1);
/* v8.5 features */
- read_feat_mte();
+ check_feature(ENABLE_FEAT_MTE, read_feat_mte_id_field(), "MTE",
+ MTE_IMPLEMENTED_EL0, MTE_IMPLEMENTED_ASY);
+ check_feature(ENABLE_FEAT_MTE2, read_feat_mte_id_field(), "MTE2",
+ MTE_IMPLEMENTED_ELX, MTE_IMPLEMENTED_ASY);
check_feature(ENABLE_FEAT_RNG, read_feat_rng_id_field(), "RNG", 1, 1);
read_feat_bti();
read_feat_rng_trap();
@@ -215,6 +206,8 @@
"S1POE", 1, 1);
check_feature(ENABLE_FEAT_MTE_PERM, read_feat_mte_perm_id_field(),
"MTE_PERM", 1, 1);
+ check_feature(ENABLE_FEAT_CSV2_3, read_feat_csv2_id_field(),
+ "CSV2_3", 3, 3);
/* v9.0 features */
check_feature(ENABLE_BRBE_FOR_NS, read_feat_brbe_id_field(),
diff --git a/docs/about/contact.rst b/docs/about/contact.rst
index 4f482bd..bb73dfe 100644
--- a/docs/about/contact.rst
+++ b/docs/about/contact.rst
@@ -36,9 +36,8 @@
Issue Tracker
^^^^^^^^^^^^^
-Bug reports may be filed on the `issue tracker`_ on the TrustedFirmware.org
-website. Using this tracker gives everyone visibility of the known issues in
-TF-A.
+Bug reports may be filed on the `issue tracker`_ on Github. Using this tracker
+gives everyone visibility of the known issues in TF-A.
Arm Licensees
^^^^^^^^^^^^^
@@ -46,7 +45,7 @@
Arm licensees have an additional support conduit - they may contact Arm directly
via their partner managers.
-.. _`issue tracker`: https://developer.trustedfirmware.org
+.. _`issue tracker`: https://github.com/TrustedFirmware-A/trusted-firmware-a/issues
.. _`TF-A development`: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
.. _`TF-A-Tests development`: https://lists.trustedfirmware.org/mailman3/lists/tf-a-tests.lists.trustedfirmware.org/
.. _`summary of all the lists`: https://lists.trustedfirmware.org/mailman3/lists/
diff --git a/docs/components/granule-protection-tables-design.rst b/docs/components/granule-protection-tables-design.rst
index 07637dd..9d85bef 100644
--- a/docs/components/granule-protection-tables-design.rst
+++ b/docs/components/granule-protection-tables-design.rst
@@ -80,8 +80,8 @@
below.
In the reference implementation for FVP models, you can find an example of PAS
-region definitions in the file ``include/plat/arm/common/arm_pas_def.h``. Table
-creation API calls can be found in ``plat/arm/common/arm_bl2_setup.c`` and
+region definitions in the file ``plat/arm/board/fvp/include/fvp_pas_def.h``.
+Table creation API calls can be found in ``plat/arm/common/arm_common.c`` and
runtime initialization API calls can be seen in
``plat/arm/common/arm_bl31_setup.c``.
diff --git a/docs/components/realm-management-extension.rst b/docs/components/realm-management-extension.rst
index f228e6b..39186b4 100644
--- a/docs/components/realm-management-extension.rst
+++ b/docs/components/realm-management-extension.rst
@@ -237,7 +237,7 @@
-C bp.ve_sysregs.exit_on_shutdown=1 \
-C cache_state_modelled=1 \
-C bp.dram_size=4 \
- -C bp.secure_memory=1 \
+ -C bp.secure_memory=0 \
-C pci.pci_smmuv3.mmu.SMMU_ROOT_IDR0=3 \
-C pci.pci_smmuv3.mmu.SMMU_ROOT_IIDR=0x43B \
-C pci.pci_smmuv3.mmu.root_register_page_offset=0x20000 \
diff --git a/docs/components/sdei.rst b/docs/components/sdei.rst
index 60259c8..309375f 100644
--- a/docs/components/sdei.rst
+++ b/docs/components/sdei.rst
@@ -354,7 +354,51 @@
--------------
-*Copyright (c) 2017-2019, Arm Limited and Contributors. All rights reserved.*
+Security Considerations
+-----------------------
+
+SDEI introduces concept of providing software based non-maskable interrupts to
+Hypervisor/OS. In doing so, it modifies the priority scheme defined by Interrupt
+controllers and relies on Non-Secure clients, Hypervisor or OS, to create/manage
+high priority events.
+
+Considering a Non-secure client is involved in SDEI state management, there exists
+some security considerations which needs to be taken care of in both client and EL3
+when using SDEI. Few of them are mentioned below.
+
+Bound events
+~~~~~~~~~~~~
+
+A bound event is an SDEI event that corresponds to a client interrupt.
+The binding of event is done using ``SDEI_INTERRUPT_BIND`` SMC call to associate
+an SDEI event with a client interrupt. There is a possibility that a rogue
+client can request an invalid interrupt to be bound. This may potentially
+cause out-of-bound memory read.
+
+Even though TF-A implementation has checks to ensure that interrupt ID passed
+by client is architecturally valid, Non-secure client should also ensure the
+validity of interrupts.
+
+Recurring events
+~~~~~~~~~~~~~~~~
+
+For a given event source, if the events are generated continuously, then NS client
+may be unusable. To mitigate against this, the Non-secure client must have
+mechanism in place to remove such interrupt source from the system.
+
+One of the examples is a memory region which continuously generates RAS errors.
+This may result in unusable Non-secure client.
+
+Dispatched events
+~~~~~~~~~~~~~~~~~
+
+For a dispatched event, it is the client's responsibility to ensure that the
+handling finishes in finite time and notify the dispatcher through
+``SDEI_EVENT_COMPLETE`` or ``SDEI_EVENT_COMPLETE_AND_RESUME``. If the client
+fails to complete the event handling, it might result in ``UNPREDICTABLE`` behavior
+in the client and potentially end up in unusable PE.
+
+*Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.*
.. rubric:: Footnotes
diff --git a/docs/components/secure-partition-manager.rst b/docs/components/secure-partition-manager.rst
index 5d3adec..4834d3a 100644
--- a/docs/components/secure-partition-manager.rst
+++ b/docs/components/secure-partition-manager.rst
@@ -215,7 +215,7 @@
ARM_ARCH_MINOR=5 \
BRANCH_PROTECTION=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
- CTX_INCLUDE_MTE_REGS=1 \
+ ENABLE_FEAT_MTE=1 \
BL32=<path-to-hafnium-binary> \
BL33=<path-to-bl33-binary> \
SP_LAYOUT_FILE=sp_layout.json \
@@ -233,7 +233,7 @@
ARM_ARCH_MINOR=5 \
BRANCH_PROTECTION=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
- CTX_INCLUDE_MTE_REGS=1 \
+ ENABLE_FEAT_MTE=1 \
BL32=<path-to-hafnium-binary> \
BL33=<path-to-bl33-binary> \
SP_LAYOUT_FILE=sp_layout.json \
@@ -1670,4 +1670,4 @@
--------------
-*Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2020-2024, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst
index 281f35f..6dc2245 100644
--- a/docs/design/auth-framework.rst
+++ b/docs/design/auth-framework.rst
@@ -505,11 +505,12 @@
typedef enum {
AUTH_PARAM_NONE,
- AUTH_PARAM_RAW_DATA, /* Raw image data */
+ AUTH_PARAM_RAW_DATA, /* Raw image data */
AUTH_PARAM_SIG, /* The image signature */
AUTH_PARAM_SIG_ALG, /* The image signature algorithm */
AUTH_PARAM_HASH, /* A hash (including the algorithm) */
AUTH_PARAM_PUB_KEY, /* A public key */
+ AUTH_PARAM_NV_CTR, /* A non-volatile counter */
} auth_param_type_t;
The AM defines the following structure to identify an authentication parameter
@@ -1018,4 +1019,4 @@
*Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.*
-.. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 905b016..abd9f87 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -384,6 +384,10 @@
Cortex-A78C CPU. This needs to be enabled for revisions r0p1 and r0p2. This
erratum is still open.
+- ``ERRATA_A78C_2683027`` : This applies errata 2683027 workaround to
+ Cortex-A78C CPU. This needs to be enabled for revisions r0p1 and r0p2. This
+ erratum is still open.
+
- ``ERRATA_A78C_2712575`` : This applies erratum 2712575 workaround to
Cortex-A78C CPU, this erratum affects system configurations that do not use
an ARM interconnect IP. This needs to be enabled for revisions r0p1 and r0p2
@@ -771,6 +775,14 @@
CPU. This needs to be enabled only for revisions r0p0, r1p0, r1p1 and r1p2 of
the CPU and is still open.
+- ``ERRATA_X3_2266875``: This applies errata 2266875 workaround to the Cortex-X3
+ CPU. This needs to be enabled only for revisions r0p0 and r1p0 of the CPU, it
+ is fixed in r1p1.
+
+- ``ERRATA_X3_2302506``: This applies errata 2302506 workaround to the Cortex-X3
+ CPU. This needs to be enabled only for revisions r0p0, r1p0 and r1p1, it is
+ fixed in r1p2.
+
- ``ERRATA_X3_2313909``: This applies errata 2313909 workaround to
Cortex-X3 CPU. This needs to be enabled only for revisions r0p0 and r1p0
of the CPU, it is fixed in r1p1.
@@ -779,6 +791,10 @@
CPU. This needs to be enabled only for revisions r0p0, r1p0 and r1p1 of the
CPU, it is still open.
+- ``ERRATA_X3_2641945``: This applies errata 2641945 workaround to Cortex-X3
+ CPU. This needs to be enabled only for revisions r0p0 and r1p0 of the CPU.
+ It is fixed in r1p1.
+
- ``ERRATA_X3_2742421``: This applies errata 2742421 workaround to
Cortex-X3 CPU. This needs to be enabled only for revisions r0p0, r1p0 and
r1p1. It is fixed in r1p2.
@@ -856,6 +872,10 @@
For Cortex-A715, the following errata build flags are defined :
+- ``ERRATA_A715_2561034``: This applies errata 2561034 workaround to
+ Cortex-A715 CPU. This needs to be enabled only for revision r1p0.
+ It is fixed in r1p1.
+
- ``ERRATA_A715_2701951``: This applies erratum 2701951 workaround to Cortex-A715
CPU and affects system configurations that do not use an ARM interconnect
IP. This needs to be applied to revisions r0p0, r1p0 and r1p1. It is fixed
@@ -946,7 +966,7 @@
--------------
-*Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.*
.. _CVE-2017-5715: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
.. _CVE-2018-3639: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index 3fce393..ba97264 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -2767,13 +2767,9 @@
- Branch Target Identification feature is selected by ``BRANCH_PROTECTION``
option set to 1. This option defaults to 0.
-- Memory Tagging Extension feature is unconditionally enabled for both worlds
- (at EL0 and S-EL0) if it is only supported at EL0. If instead it is
- implemented at all ELs, it is unconditionally enabled for only the normal
- world. To enable it for the secure world as well, the build option
- ``CTX_INCLUDE_MTE_REGS`` is required. If the hardware does not implement
- MTE support at all, it is always disabled, no matter what build options
- are used.
+- Memory Tagging Extension feature is unconditionally enabled for both worlds.
+ To enable MTE at EL0 use ``ENABLE_FEAT_MTE`` is required and to enable MTE at
+ ELX ``ENABLE_FEAT_MTE2`` is required.
Armv7-A
~~~~~~~
@@ -2860,13 +2856,13 @@
--------------
-*Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.*
.. _SMCCC: https://developer.arm.com/docs/den0028/latest
.. _PSCI: https://developer.arm.com/documentation/den0022/latest/
.. _Arm ARM: https://developer.arm.com/docs/ddi0487/latest
.. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
-.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT) Armv8-A (ARM DEN0006D): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT) Armv8-A (ARM DEN0006D): https://developer.arm.com/docs/den0006/latest
.. _Arm Confidential Compute Architecture (Arm CCA): https://www.arm.com/why-arm/architecture/security-features/arm-confidential-compute-architecture
.. _AArch64 exception vector table: https://developer.arm.com/documentation/100933/0100/AArch64-exception-vector-table
diff --git a/docs/design/trusted-board-boot.rst b/docs/design/trusted-board-boot.rst
index fed202a..10fb7fb 100644
--- a/docs/design/trusted-board-boot.rst
+++ b/docs/design/trusted-board-boot.rst
@@ -1,24 +1,45 @@
Trusted Board Boot
==================
-The Trusted Board Boot (TBB) feature prevents malicious firmware from running on
-the platform by authenticating all firmware images up to and including the
-normal world bootloader. It does this by establishing a Chain of Trust using
+The `Trusted Board Boot` (TBB) feature prevents malicious firmware from running
+on the platform by authenticating all firmware images up to and including the
+normal world bootloader. It does this by establishing a `Chain of Trust` using
Public-Key-Cryptography Standards (PKCS).
This document describes the design of Trusted Firmware-A (TF-A) TBB, which is an
implementation of the `Trusted Board Boot Requirements (TBBR)`_ specification,
-Arm DEN0006D. It should be used in conjunction with the
-:ref:`Firmware Update (FWU)` design document, which implements a specific aspect
-of the TBBR.
+Arm DEN0006D. It should be used in conjunction with the :ref:`Firmware Update
+(FWU)` design document, which implements a specific aspect of the TBBR.
Chain of Trust
--------------
-A Chain of Trust (CoT) starts with a set of implicitly trusted components. On
-the Arm development platforms, these components are:
+A Chain of Trust (CoT) starts with a set of implicitly trusted components, which
+are used to establish trust in the next layer of components, and so on, in a
+`chained` manner.
-- A SHA-256 hash of the Root of Trust Public Key (ROTPK). It is stored in the
+The chain of trust depends on several factors, including:
+
+- The set of firmware images in use on this platform.
+ Typically, most platforms share a common set of firmware images (BL1, BL2,
+ BL31, BL33) but extra platform-specific images might be required.
+
+- The key provisioning scheme: which keys need to programmed into the device
+ and at which stage during the platform's manufacturing lifecycle.
+
+- The key ownership model: who owns which key.
+
+As these vary across platforms, chains of trust also vary across
+platforms. Although each platform is free to define its own CoT based on its
+needs, TF-A provides a set of "default" CoTs fitting some typical trust models,
+which platforms may reuse. The rest of this section presents general concepts
+which apply to all these default CoTs.
+
+The implicitly trusted components forming the trust anchor are:
+
+- A Root of Trust Public Key (ROTPK), or a hash of it.
+
+ On Arm development platforms, a SHA-256 hash of the ROTPK is stored in the
trusted root-key storage registers. Alternatively, a development ROTPK might
be used and its hash embedded into the BL1 and BL2 images (only for
development purposes).
@@ -31,11 +52,11 @@
enables adding custom extensions to the certificates, which are used to store
essential information to establish the CoT.
-In the TBB CoT all certificates are self-signed. There is no need for a
-Certificate Authority (CA) because the CoT is not established by verifying the
-validity of a certificate's issuer but by the content of the certificate
-extensions. To sign the certificates, different signature schemes are available,
-please refer to the :ref:`Build Options` for more details.
+All certificates are self-signed. There is no need for a Certificate Authority
+(CA) because the CoT is not established by verifying the validity of a
+certificate's issuer but by the content of the certificate extensions. To sign
+the certificates, different signature schemes are available, please refer to the
+:ref:`Build Options` for more details.
The certificates are categorised as "Key" and "Content" certificates. Key
certificates are used to verify public keys which have been used to sign content
@@ -43,10 +64,23 @@
image. An image can be authenticated by calculating its hash and matching it
with the hash extracted from the content certificate. Various hash algorithms
are supported to calculate all hashes, please refer to the :ref:`Build Options`
-for more details.. The public keys and hashes are included as non-standard
+for more details. The public keys and hashes are included as non-standard
extension fields in the `X.509 v3`_ certificates.
+The next sections now present specificities of each default CoT provided in
+TF-A.
+
+Default CoT #1: TBBR
+~~~~~~~~~~~~~~~~~~~~
+
+The `TBBR` CoT is named after the specification it follows to the letter.
+
-The keys used to establish the CoT are:
+In the TBBR CoT, all firmware binaries and certificates are (directly or
+indirectly) linked to the Root of Trust Public Key (ROTPK). Typically, the same
+vendor owns the ROTPK, the Trusted key and the Non-Trusted Key. Thus, this vendor
+is involved in signing every BL3x Key Certificate.
+
+The keys used to establish this CoT are:
- **Root of trust key**
@@ -133,6 +167,40 @@
The SCP_BL2 and BL32 certificates are optional, but they must be present if the
corresponding SCP_BL2 or BL32 images are present.
+The following diagram summarizes the part of the TBBR CoT enforced by BL2. Some
+images (SCP, debug certificates, secure partitions, configuration files) are not
+shown here for conciseness:
+
+.. image:: ../resources/diagrams/cot-tbbr.jpg
+
+Default CoT #2: Dualroot
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+The `dualroot` CoT is targeted at systems where the Normal World firmware is
+owned by a different entity than the Secure World Firmware, and those 2 entities
+do not wish to share any keys or have any dependency between each other when it
+comes to signing their respective images. It establishes 2 separate signing
+domains, each with its own Root of Trust key. In that sense, this CoT has 2
+roots of trust, hence the `dualroot` name.
+
+Although the dualroot CoT reuses some of the TBBR CoT components and concepts,
+it differs on the BL33 image's chain of trust, which is rooted into a new key,
+called `Platform ROTPK`, or `PROTPK` for short.
+
+The following diagram summarizes the part of the dualroot CoT enforced by
+BL2. Some images (SCP, debug certificates, secure partitions, configuration
+files) are not shown here for conciseness:
+
+.. image:: ../resources/diagrams/cot-dualroot.jpg
+
+Default CoT #3: CCA
+~~~~~~~~~~~~~~~~~~~
+
+This CoT is targeted at Arm CCA systems. The Arm CCA security model recommends
+making supply chains for the Arm CCA firmware, the secure world firmware and the
+platform owner firmware, independent. Hence, this CoT has 3 roots of trust, one
+for each supply chain.
+
Trusted Board Boot Sequence
---------------------------
@@ -261,4 +329,4 @@
*Copyright (c) 2015-2020, Arm Limited and Contributors. All rights reserved.*
.. _X.509 v3: https://tools.ietf.org/rfc/rfc5280.txt
-.. _Trusted Board Boot Requirements (TBBR): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements (TBBR): https://developer.arm.com/docs/den0006/latest
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 5b03967..16522bd 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -185,21 +185,15 @@
registers to be included when saving and restoring the CPU context.
Default is '0'.
-- ``CTX_INCLUDE_MTE_REGS``: Numeric value to include Memory Tagging Extension
- registers in cpu context. This must be enabled, if the platform wants to use
- this feature in the Secure world and MTE is enabled at ELX. This flag can
- take values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism.
- Default value is 0.
-
- ``CTX_INCLUDE_NEVE_REGS``: Numeric value, when set will cause the Armv8.4-NV
registers to be saved/restored when entering/exiting an EL2 execution
context. This flag can take values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. Default value is 0.
+ ``ENABLE_FEAT`` mechanism. Default value is 0.
- ``CTX_INCLUDE_PAUTH_REGS``: Numeric value to enable the Pointer
Authentication for Secure world. This will cause the ARMv8.3-PAuth registers
to be included when saving and restoring the CPU context as part of world
- switch. This flag can take values 0 to 2, to align with ``FEATURE_DETECTION``
+ switch. This flag can take values 0 to 2, to align with ``ENABLE_FEAT``
mechanism. Default value is 0.
Note that Pointer Authentication is enabled for Non-secure world irrespective
@@ -220,7 +214,7 @@
- ``DISABLE_MTPMU``: Numeric option to disable ``FEAT_MTPMU`` (Multi Threaded
PMU). ``FEAT_MTPMU`` is an optional feature available on Armv8.6 onwards.
- This flag can take values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default is ``0``.
- ``DYN_DISABLE_AUTH``: Provides the capability to dynamically disable Trusted
@@ -267,9 +261,35 @@
builds, but this behaviour can be overridden in each platform's Makefile or
in the build command line.
+- ``ENABLE_FEAT``
+ The Arm architecture defines several architecture extension features,
+ named FEAT_xxx in the architecure manual. Some of those features require
+ setup code in higher exception levels, other features might be used by TF-A
+ code itself.
+ Most of the feature flags defined in the TF-A build system permit to take
+ the values 0, 1 or 2, with the following meaning:
+
+ ::
+
+ ENABLE_FEAT_* = 0: Feature is disabled statically at compile time.
+ ENABLE_FEAT_* = 1: Feature is enabled unconditionally at compile time.
+ ENABLE_FEAT_* = 2: Feature is enabled, but checked at runtime.
+
+ When setting the flag to 0, the feature is disabled during compilation,
+ and the compiler's optimisation stage and the linker will try to remove
+ as much of this code as possible.
+ If it is defined to 1, the code will use the feature unconditionally, so the
+ CPU is expected to support that feature. The FEATURE_DETECTION debug
+ feature, if enabled, will verify this.
+ If the feature flag is set to 2, support for the feature will be compiled
+ in, but its existence will be checked at runtime, so it works on CPUs with
+ or without the feature. This is mostly useful for platforms which either
+ support multiple different CPUs, or where the CPU is configured at runtime,
+ like in emulators.
+
- ``ENABLE_FEAT_AMU``: Numeric value to enable Activity Monitor Unit
extensions. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. This is an optional architectural feature
+ ``ENABLE_FEAT`` mechanism. This is an optional architectural feature
available on v8.4 onwards. Some v8.2 implementations also implement an AMU
and this option can be used to enable this feature on those systems as well.
This flag can take the values 0 to 2, the default is 0.
@@ -277,47 +297,64 @@
- ``ENABLE_FEAT_AMUv1p1``: Numeric value to enable the ``FEAT_AMUv1p1``
extension. ``FEAT_AMUv1p1`` is an optional feature available on Arm v8.6
onwards. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. Default value is ``0``.
+ ``ENABLE_FEAT`` mechanism. Default value is ``0``.
- ``ENABLE_FEAT_CSV2_2``: Numeric value to enable the ``FEAT_CSV2_2``
extension. It allows access to the SCXTNUM_EL2 (Software Context Number)
register during EL2 context save/restore operations. ``FEAT_CSV2_2`` is an
optional feature available on Arm v8.0 onwards. This flag can take values
- 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism.
+ 0 to 2, to align with the ``ENABLE_FEAT`` mechanism.
Default value is ``0``.
+- ``ENABLE_FEAT_CSV2_3``: Numeric value to enable support for ``FEAT_CSV2_3``
+ extension. This feature is supported in AArch64 state only and is an optional
+ feature available in Arm v8.0 implementations.
+ ``FEAT_CSV2_3`` implies the implementation of ``FEAT_CSV2_2``.
+ The flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
+ mechanism. Default value is ``0``.
+
- ``ENABLE_FEAT_DIT``: Numeric value to enable ``FEAT_DIT`` (Data Independent
Timing) extension. It allows setting the ``DIT`` bit of PSTATE in EL3.
``FEAT_DIT`` is a mandatory architectural feature and is enabled from v8.4
and upwards. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. Default value is ``0``.
+ ``ENABLE_FEAT`` mechanism. Default value is ``0``.
- ``ENABLE_FEAT_ECV``: Numeric value to enable support for the Enhanced Counter
Virtualization feature, allowing for access to the CNTPOFF_EL2 (Counter-timer
Physical Offset register) during EL2 to EL3 context save/restore operations.
Its a mandatory architectural feature and is enabled from v8.6 and upwards.
- This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_FGT``: Numeric value to enable support for FGT (Fine Grain Traps)
feature allowing for access to the HDFGRTR_EL2 (Hypervisor Debug Fine-Grained
Read Trap Register) during EL2 to EL3 context save/restore operations.
Its a mandatory architectural feature and is enabled from v8.6 and upwards.
- This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_HCX``: Numeric value to set the bit SCR_EL3.HXEn in EL3 to
allow access to HCRX_EL2 (extended hypervisor control register) from EL2 as
well as adding HCRX_EL2 to the EL2 context save/restore operations. Its a
mandatory architectural feature and is enabled from v8.7 and upwards. This
- flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
+- ``ENABLE_FEAT_MTE``: Numeric value to enable Memory Tagging Extension
+ if the platform wants to use this feature at EL0 ``ENABLE_FEAT_MTE`` is
+ required. This flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
+ feature detection mechanism. Default value is ``0``.
+
+- ``ENABLE_FEAT_MTE2``: Numeric value to enable Memory Tagging Extension2
+ if the platform wants to use this feature and MTE2 is enabled at ELX.
+ This flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
+ mechanism. Default value is ``0``.
+
- ``ENABLE_FEAT_MTE_PERM``: Numeric value to enable support for
``FEAT_MTE_PERM``, which introduces Allocation tag access permission to
memory region attributes. ``FEAT_MTE_PERM`` is a optional architectural
feature available from v8.9 and upwards. This flag can take the values 0 to
- 2, to align with the ``FEATURE_DETECTION`` mechanism. Default value is
+ 2, to align with the ``ENABLE_FEAT`` mechanism. Default value is
``0``.
- ``ENABLE_FEAT_PAN``: Numeric value to enable the ``FEAT_PAN`` (Privileged
@@ -325,17 +362,17 @@
permission fault for any privileged data access from EL1/EL2 to virtual
memory address, accessible at EL0, provided (HCR_EL2.E2H=1). It is a
mandatory architectural feature and is enabled from v8.1 and upwards. This
- flag can take values 0 to 2, to align with the ``FEATURE_DETECTION``
+ flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_RNG``: Numeric value to enable the ``FEAT_RNG`` extension.
``FEAT_RNG`` is an optional feature available on Arm v8.5 onwards. This
- flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_RNG_TRAP``: Numeric value to enable the ``FEAT_RNG_TRAP``
extension. This feature is only supported in AArch64 state. This flag can
- take values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism.
+ take values 0 to 2, to align with the ``ENABLE_FEAT`` mechanism.
Default value is ``0``. ``FEAT_RNG_TRAP`` is an optional feature from
Armv8.5 onwards.
@@ -347,13 +384,13 @@
- ``ENABLE_FEAT_SEL2``: Numeric value to enable the ``FEAT_SEL2`` (Secure EL2)
extension. ``FEAT_SEL2`` is a mandatory feature available on Arm v8.4.
- This flag can take values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default is ``0``.
- ``ENABLE_FEAT_TWED``: Numeric value to enable the ``FEAT_TWED`` (Delayed
trapping of WFE Instruction) extension. ``FEAT_TWED`` is a optional feature
available on Arm v8.6. This flag can take values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. Default is ``0``.
+ ``ENABLE_FEAT`` mechanism. Default is ``0``.
When ``ENABLE_FEAT_TWED`` is set to ``1``, WFE instruction trapping gets
delayed by the amount of value in ``TWED_DELAY``.
@@ -362,40 +399,40 @@
Host Extensions) extension. It allows access to CONTEXTIDR_EL2 register
during EL2 context save/restore operations.``FEAT_VHE`` is a mandatory
architectural feature and is enabled from v8.1 and upwards. It can take
- values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism.
+ values 0 to 2, to align with the ``ENABLE_FEAT`` mechanism.
Default value is ``0``.
- ``ENABLE_FEAT_TCR2``: Numeric value to set the bit SCR_EL3.ENTCR2 in EL3 to
allow access to TCR2_EL2 (extended translation control) from EL2 as
well as adding TCR2_EL2 to the EL2 context save/restore operations. Its a
mandatory architectural feature and is enabled from v8.9 and upwards. This
- flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_S2PIE``: Numeric value to enable support for FEAT_S2PIE
at EL2 and below, and context switch relevant registers. This flag
- can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_S1PIE``: Numeric value to enable support for FEAT_S1PIE
at EL2 and below, and context switch relevant registers. This flag
- can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_S2POE``: Numeric value to enable support for FEAT_S2POE
at EL2 and below, and context switch relevant registers. This flag
- can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_S1POE``: Numeric value to enable support for FEAT_S1POE
at EL2 and below, and context switch relevant registers. This flag
- can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_GCS``: Numeric value to set the bit SCR_EL3.GCSEn in EL3 to
allow use of Guarded Control Stack from EL2 as well as adding the GCS
registers to the EL2 context save/restore operations. This flag can take
- the values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism.
+ the values 0 to 2, to align with the ``ENABLE_FEAT`` mechanism.
Default value is ``0``.
- ``ENABLE_LTO``: Boolean option to enable Link Time Optimization (LTO)
@@ -408,7 +445,7 @@
various ELs can assign themselves to desired partition to control their
performance aspects.
- This flag can take values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. When this option is set to ``1`` or ``2``, EL3 allows lower ELs to
access their own MPAM registers without trapping into EL3. This option
doesn't make use of partitioning in EL3, however. Platform initialisation
@@ -449,7 +486,7 @@
- ``ENABLE_SPE_FOR_NS`` : Numeric value to enable Statistical Profiling
extensions. This is an optional architectural feature for AArch64.
- This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. The default is 2 but is automatically disabled when the target
architecture is AArch32.
@@ -463,7 +500,7 @@
compatible with the ``CTX_INCLUDE_FPREGS`` build option, and will raise an
assert on platforms where SVE is implemented and ``ENABLE_SVE_FOR_NS``
enabled. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. At this time, this build option cannot be
+ ``ENABLE_FEAT`` mechanism. At this time, this build option cannot be
used on systems that have SPM_MM enabled. The default is 1.
- ``ENABLE_SVE_FOR_SWD``: Boolean option to enable SVE for the Secure world.
@@ -1079,26 +1116,26 @@
- ``ENABLE_BRBE_FOR_NS``: Numeric value to enable access to the branch record
buffer registers from NS ELs when FEAT_BRBE is implemented. BRBE is an
optional architectural feature for AArch64. This flag can take the values
- 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism. The default is 0
+ 0 to 2, to align with the ``ENABLE_FEAT`` mechanism. The default is 0
and it is automatically disabled when the target architecture is AArch32.
- ``ENABLE_TRBE_FOR_NS``: Numeric value to enable access of trace buffer
control registers from NS ELs, NS-EL2 or NS-EL1(when NS-EL2 is implemented
but unused) when FEAT_TRBE is implemented. TRBE is an optional architectural
feature for AArch64. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. The default is 0 and it is automatically
+ ``ENABLE_FEAT`` mechanism. The default is 0 and it is automatically
disabled when the target architecture is AArch32.
- ``ENABLE_SYS_REG_TRACE_FOR_NS``: Numeric value to enable trace system
registers access from NS ELs, NS-EL2 or NS-EL1 (when NS-EL2 is implemented
but unused). This feature is available if trace unit such as ETMv4.x, and
ETE(extending ETM feature) is implemented. This flag can take the values
- 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism. The default is 0.
+ 0 to 2, to align with the ``ENABLE_FEAT`` mechanism. The default is 0.
- ``ENABLE_TRF_FOR_NS``: Numeric value to enable trace filter control registers
access from NS ELs, NS-EL2 or NS-EL1 (when NS-EL2 is implemented but unused),
if FEAT_TRF is implemented. This flag can take the values 0 to 2, to align
- with the ``FEATURE_DETECTION`` mechanism. This flag is disabled by default.
+ with the ``ENABLE_FEAT`` mechanism. This flag is disabled by default.
- ``CONDITIONAL_CMO``: Boolean option to enable call to platform-defined routine
``plat_can_cmo`` which will return zero if cache management operations should
@@ -1226,7 +1263,7 @@
- ``ENABLE_RME``: Numeric value to enable support for the ARMv9 Realm
Management Extension. This flag can take the values 0 to 2, to align with
- the ``FEATURE_DETECTION`` mechanism. Default value is 0.
+ the ``ENABLE_FEAT`` mechanism. Default value is 0.
- ``ENABLE_SME_FOR_NS``: Numeric value to enable Scalable Matrix Extension
(SME), SVE, and FPU/SIMD for the non-secure world only. These features share
@@ -1236,7 +1273,7 @@
superset of SVE. SME is an optional architectural feature for AArch64.
At this time, this build option cannot be used on systems that have
SPD=spmd/SPM_MM and atempting to build with this option will fail.
- This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default is 0.
- ``ENABLE_SME2_FOR_NS``: Numeric value to enable Scalable Matrix Extension
@@ -1244,7 +1281,7 @@
architectural feature for AArch64.
This should be set along with ENABLE_SME_FOR_NS=1, if not, the default SME
accesses will still be trapped. This flag can take the values 0 to 2, to
- align with the ``FEATURE_DETECTION`` mechanism. Default is 0.
+ align with the ``ENABLE_FEAT`` mechanism. Default is 0.
- ``ENABLE_SME_FOR_SWD``: Boolean option to enable the Scalable Matrix
Extension for secure world. Used along with SVE and FPU/SIMD.
@@ -1258,41 +1295,16 @@
must not be used if ``SPMC_AT_EL3`` is enabled.
- ``FEATURE_DETECTION``: Boolean option to enable the architectural features
- detection mechanism. It detects whether the Architectural features enabled
- through feature specific build flags are supported by the PE or not by
- validating them either at boot phase or at runtime based on the value
- possessed by the feature flag (0 to 2) and report error messages at an early
- stage. This flag will also enable errata ordering checking for ``DEBUG``
- builds.
-
- This prevents and benefits us from EL3 runtime exceptions during context save
- and restore routines guarded by these build flags. Henceforth validating them
- before their usage provides more control on the actions taken under them.
-
- The mechanism permits the build flags to take values 0, 1 or 2 and
- evaluates them accordingly.
-
- Lets consider ``ENABLE_FEAT_HCX``, build flag for ``FEAT_HCX`` as an example:
-
- ::
-
- ENABLE_FEAT_HCX = 0: Feature disabled statically at compile time.
- ENABLE_FEAT_HCX = 1: Feature Enabled and the flag is validated at boottime.
- ENABLE_FEAT_HCX = 2: Feature Enabled and the flag is validated at runtime.
-
- In the above example, if the feature build flag, ``ENABLE_FEAT_HCX`` set to
- 0, feature is disabled statically during compilation. If it is defined as 1,
- feature is validated, wherein FEAT_HCX is detected at boot time. In case not
- implemented by the PE, a hard panic is generated. Finally, if the flag is set
- to 2, feature is validated at runtime.
-
- Note that the entire implementation is divided into two phases, wherein as
- as part of phase-1 we are supporting the values 0,1. Value 2 is currently not
- supported and is planned to be handled explicilty in phase-2 implementation.
+ verification mechanism. This is a debug feature that compares the
+ architectural features enabled through the feature specific build flags
+ (ENABLE_FEAT_xxx) with the features actually available on the CPU running,
+ and reports any discrepancies.
+ This flag will also enable errata ordering checking for ``DEBUG`` builds.
- ``FEATURE_DETECTION`` macro is disabled by default. Platforms can explicitly
- make use of this by mechanism, by enabling it to validate whether they have
- set their build flags properly at an early phase.
+ It is expected that this feature is only used for flexible platforms like
+ software emulators, or for hardware platforms at bringup time, to verify
+ that the configured feature set matches the CPU.
+ The ``FEATURE_DETECTION`` macro is disabled by default.
- ``PSA_CRYPTO``: Boolean option for enabling MbedTLS PSA crypto APIs support.
The platform will use PSA compliant Crypto APIs during authentication and
@@ -1334,7 +1346,7 @@
--------------
-*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2024, Arm Limited. All rights reserved.*
.. _DEN0115: https://developer.arm.com/docs/den0115/latest
.. _PSA FW update specification: https://developer.arm.com/documentation/den0118/a/
diff --git a/docs/index.rst b/docs/index.rst
index a7a5993..cdb237a 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -91,7 +91,7 @@
.. _Armv7-A and Armv8-A: https://developer.arm.com/products/architecture/a-profile
.. _Secure Monitor: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php
.. _Power State Coordination Interface (PSCI): https://developer.arm.com/documentation/den0022/latest/
-.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest
.. _System Control and Management Interface (SCMI): http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
.. _Software Delegated Exception Interface (SDEI): http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
.. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
diff --git a/docs/plat/arm/fvp/index.rst b/docs/plat/arm/fvp/index.rst
index 700020f..55cefe1 100644
--- a/docs/plat/arm/fvp/index.rst
+++ b/docs/plat/arm/fvp/index.rst
@@ -14,7 +14,6 @@
.. note::
The FVP models used are Version 11.22 Build 14, unless otherwise stated.
-- ``Foundation_Platform``
- ``FVP_Base_AEMv8A-AEMv8A-AEMv8A-AEMv8A-CCN502`` (Version 11.17/21)
- ``FVP_Base_AEMv8A-GIC600AE`` (Version 11.17/21)
- ``FVP_Base_AEMvA``
@@ -52,7 +51,7 @@
- ``FVP_Morello`` (Version 0.11/33)
- ``FVP_RD_V1``
- ``FVP_TC1``
-- ``FVP_TC2`` (Version 11.20/24)
+- ``FVP_TC2`` (Version 11.23/17)
The latest version of the AArch32 build of TF-A has been tested on the
following Arm FVPs without shifted affinities, and that do not support threaded
@@ -630,7 +629,7 @@
--------------
-*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2024, Arm Limited. All rights reserved.*
.. _FW_CONFIG for FVP: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/fdts/fvp_fw_config.dts
.. _Arm's website: `FVP models`_
diff --git a/docs/plat/rockchip.rst b/docs/plat/rockchip.rst
index b7c43fb..01cf176 100644
--- a/docs/plat/rockchip.rst
+++ b/docs/plat/rockchip.rst
@@ -35,7 +35,7 @@
For AARCH64 architectures the build command looks like
- make CROSS_COMPILE=aarch64-linux-gnu- PLAT=rk3399 bl32
+ make CROSS_COMPILE=aarch64-linux-gnu- PLAT=rk3399 bl31
while AARCH32 needs a slightly different command
diff --git a/docs/process/coding-guidelines.rst b/docs/process/coding-guidelines.rst
index 9730390..0f207a6 100644
--- a/docs/process/coding-guidelines.rst
+++ b/docs/process/coding-guidelines.rst
@@ -520,5 +520,3 @@
.. _`Procedure Call Standard for the Arm 64-bit Architecture`: https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst
.. _`EditorConfig`: http://editorconfig.org/
.. _`Why the “volatile” type class should not be used`: https://www.kernel.org/doc/html/latest/process/volatile-considered-harmful.html
-.. _`MISRA C:2012 Guidelines`: https://www.misra.org.uk/Activities/MISRAC/tabid/160/Default.aspx
-.. _`a spreadsheet`: https://developer.trustedfirmware.org/file/download/lamajxif3w7c4mpjeoo5/PHID-FILE-fp7c7acszn6vliqomyhn/MISRA-and-TF-Analysis-v1.3.ods
diff --git a/docs/process/coding-style.rst b/docs/process/coding-style.rst
index 483780b..4f1976f 100644
--- a/docs/process/coding-style.rst
+++ b/docs/process/coding-style.rst
@@ -47,13 +47,13 @@
MISRA Compliance
----------------
-TF-A attempts to comply with the `MISRA C:2012 Guidelines`_. Coverity
-Static Analysis is used to regularly generate a report of current MISRA defects
-and to prevent the addition of new ones.
+TF-A attempts to comply with the `MISRA C:2012 Guidelines`_. `ECLAIR` static
+analysis is used to regularly generate a report of current MISRA defects and to
+prevent the addition of new ones.
-It is not possible for the project to follow all MISRA guidelines. We maintain
-`a spreadsheet`_ that lists all rules and directives and whether we aim to
-comply with them or not. A rationale is given for each deviation.
+It is not possible for the project to follow all MISRA guidelines. Table 1
+below lists all rules and directives and whether we aim to comply with them or
+not. A rationale is given for each deviation.
.. note::
Enforcing a rule does not mean that the codebase is free of defects
@@ -63,6 +63,9 @@
Third-party libraries are not considered in our MISRA analysis and we do not
intend to modify them to make them MISRA compliant.
+.. csv-table:: Table 1: MISRA compliance in TF-A code base
+ :file: misra-compliance.csv
+
Indentation
-----------
@@ -487,5 +490,4 @@
*Copyright (c) 2020-2023, Arm Limited. All rights reserved.*
.. _`Linux kernel coding style`: https://www.kernel.org/doc/html/latest/process/coding-style.html
-.. _`MISRA C:2012 Guidelines`: https://www.misra.org.uk/Activities/MISRAC/tabid/160/Default.aspx
-.. _`a spreadsheet`: https://developer.trustedfirmware.org/file/download/lamajxif3w7c4mpjeoo5/PHID-FILE-fp7c7acszn6vliqomyhn/MISRA-and-TF-Analysis-v1.3.ods
+.. _`MISRA C:2012 Guidelines`: https://en.wikipedia.org/wiki/MISRA_C#MISRA_C:2012
diff --git a/docs/process/commit-style.rst b/docs/process/commit-style.rst
index d7e937b..c287599 100644
--- a/docs/process/commit-style.rst
+++ b/docs/process/commit-style.rst
@@ -149,5 +149,5 @@
.. _Conventional Commits: https://www.conventionalcommits.org/en/v1.0.0
.. _Gerrit Change-Ids documentation: https://review.trustedfirmware.org/Documentation/user-changeid.html
.. _Gerrit Signed-off-by Lines guidelines: https://review.trustedfirmware.org/Documentation/user-signedoffby.html
-.. _issue: https://developer.trustedfirmware.org/project/board/1/
+.. _issue: https://github.com/TrustedFirmware-A/trusted-firmware-a/issues
.. _quick summary: https://www.conventionalcommits.org/en/v1.0.0/#summary
diff --git a/docs/process/contributing.rst b/docs/process/contributing.rst
index ef9ebd3..33b3533 100644
--- a/docs/process/contributing.rst
+++ b/docs/process/contributing.rst
@@ -7,8 +7,12 @@
- Make sure you have a Github account and you are logged on both
`developer.trustedfirmware.org`_ and `review.trustedfirmware.org`_.
+ Also make sure that you have registered your full name and email address in
+ your `review.trustedfirmware.org`_ profile. Otherwise, the Gerrit server
+ might reject patches you attempt to post for review.
+
- If you plan to contribute a major piece of work, it is usually a good idea to
- start a discussion around it on the mailing list. This gives everyone
+ start a discussion around it on the `TF-A mailing list`_. This gives everyone
visibility of what is coming up, you might learn that somebody else is
already working on something similar or the community might be able to
provide some early input to help shaping the design of the feature.
@@ -17,16 +21,16 @@
it explicitly in the email thread and ensure that the changes that include
Third Party IP are made in a separate patch (or patch series).
-- Clone `Trusted Firmware-A`_ on your own machine as described in
+- Clone the Trusted Firmware-A source code on your own machine as described in
:ref:`prerequisites_get_source`.
-- Create a local topic branch based on the `Trusted Firmware-A`_ ``master``
+- Create a local topic branch based on the Trusted Firmware-A ``master``
branch.
Making Changes
==============
-- Ensure commits adhere to the the project's :ref:`Commit Style`.
+- Ensure commits adhere to the project's :ref:`Commit Style`.
- Make commits of logical units. See these general `Git guidelines`_ for
contributing to a project.
@@ -93,13 +97,21 @@
Submitting Changes
==================
+.. note::
+ Please follow the `How to Contribute Code`_ section of the OpenCI
+ documentation for general instructions on setting up Gerrit and posting
+ patches there. The rest of this section provides details about patch
+ submission rules specifically for the TF-A project.
+
-- Submit your changes for review at https://review.trustedfirmware.org
- targeting the ``integration`` branch.
+- Submit your changes for review using the ``git review`` command.
-- Add reviewers for your patch:
+ This will automatically rebase them onto the upstream ``integration`` branch,
+ as required by TF-A's patch submission process.
- - At least one code owner for each module modified by the patch. See the list
- of modules and their :ref:`code owners`.
+- From the Gerrit web UI, add reviewers for your patch:
+
+ - At least one code owner for each module modified by the patch. See the
+ list of modules and their :ref:`code owners`.
- At least one maintainer. See the list of :ref:`maintainers`.
@@ -167,26 +179,54 @@
Add CI Configurations
=====================
-- TF-A uses Jenkins tool for Continuous Integration and testing activities.
- Various CI Jobs are deployed which run tests on every patch before being
- merged. So each of your patches go through a series of checks before they
- get merged on to the master branch. Kindly ensure, that everytime you add
- new files under your platform, they are covered under the following two sections:
+TF-A uses Jenkins for Continuous Integration and testing activities. Various CI
+jobs are deployed to run tests on every patch before being merged. Each of your
+patches go through a series of checks before they get merged on to the master
+branch. Kindly ensure that every time you add new files under your platform,
+they are covered by the following two sections.
Coverity Scan
-------------
+The TF-A project makes use of `Coverity Scan` for static analysis, a service
+offered by Synopsys for open-source projects. This tool is able to find defects
+and vulnerabilities in a code base, such as dereferences of NULL pointers, use
+of uninitialized data, control flow issues and many other things.
+
-- ``Coverity Scan analysis`` is one of the tests we perform on our source code
- at regular intervals. We maintain a build script ``tf-cov-make`` which contains the
- build configurations of various platforms in order to cover the entire source
- code being analysed by Coverity.
+The TF-A source code is submitted daily to this service for analysis. Results of
+the latest and previous scans, as well as the complete list of defects it
+detected, are accessible online from
+https://scan.coverity.com/projects/arm-software-arm-trusted-firmware.
-- When you submit your patches for review containing new source files, please
- ensure to include them for the ``Coverity Scan analysis`` by adding the
- respective build configurations in the ``tf-cov-make`` build script.
+The `tf-a-ci-scripts repository`_ contains scripts to run the Coverity Scan
+tools on the integration branch of the TF-A code base and make them available on
+https://scan.coverity.com. These scripts get executed daily by the
+`tf-a-coverity Jenkins job`_.
-- In this section you find the details on how to append your new build
- configurations for Coverity scan analysis illustrated with examples:
+In order to maintain a high level of coverage, including on newly introduced
+code, it is important to maintain the appropriate TF-A CI scripts. Details of
+when to update these scripts and how to do so follow.
+
+We maintain a build script - ``tf-cov-make`` - which contains the build
+configurations of various platforms in order to cover the entire source code
+being analysed by Coverity.
+
+When you submit your patches for review, and if they contain new source files,
+`TF-A CI static checks job`_ might report that these files are not covered. In
+this case, the job's console output will show the following error message::
+
+ ****** Newly added files detection check for Coverity Scan analysis on patch(es) ******
+
+ Result : FAILURE
+
+ New source files have been identified in your patch..
+ some/dir/file.c
+
+ please ensure to include them for the ``Coverity Scan analysis`` by adding
+ the respective build configurations in the ``tf-cov-make`` build script.
+
+In this section you find the details on how to append your new build
+configurations for Coverity scan analysis illustrated with examples:
#. We maintain a separate repository named `tf-a-ci-scripts repository`_
for placing all the test scripts which will be executed by the CI Jobs.
@@ -194,9 +234,9 @@
#. In this repository, ``tf-cov-make`` script is located at
``tf-a-ci-scripts/script/tf-coverity/tf-cov-make``
-#. Edit `tf-cov-make`_ script by appending all the possible build configurations with
- the specific ``build-flags`` relevant to your platform, so that newly added
- source files get built and analysed by Coverity.
+#. Edit the `tf-cov-make`_ script by appending all the possible build
+ configurations with the specific build flags relevant to your platform, so
+ that newly added source files get built and analysed by Coverity.
#. For better understanding follow the below specified examples listed in the
``tf-cov-make`` script.
@@ -220,45 +260,44 @@
make PLAT=hikey960 $(common_flags) ${TBB_OPTIONS} all
make PLAT=poplar $(common_flags) all
-- In this case for ``Hikey`` boards additional ``build-flags`` has been included
- along with the ``commom_flags`` to cover most of the files relevant to it.
+- In this case for ``Hikey`` boards additional build flags have been included
+ along with the ``common_flags`` to cover most of the files relevant to it.
- Similar to this you can still find many other different build configurations
of various other platforms listed in the ``tf-cov-make`` script. Kindly refer
them and append your build configurations respectively.
-Test Build Configuration (``tf-l1-build-plat``)
------------------------------------------------
+Test Build Configurations
+-------------------------
-- Coverity Scan analysis, runs on a daily basis and will not be triggered for
- every individual trusted-firmware patch.
+We have CI jobs which run a set of test configurations on every TF-A patch
+before they get merged upstream.
-- Considering this, we have other distinguished CI jobs which run a set of test
- configurations on every patch, before they are being passed to ``Coverity scan analysis``.
+At the bare minimum, TF-A code should build without any errors for every
+supported platform - and every feature of this platform. To make sure this is
+the case, we maintain a set of build tests. ``tf-l1-build-plat`` is the test
+group which holds all build tests for all platforms. So be kind enough to
+verify that your newly added files are covered by such a build test.
-- ``tf-l1-build-plat`` is the test group, which holds the test configurations
- to build all the platforms. So be kind enough to verify that your newly added
- files are built as part of one of the existing platform configurations present
- in ``tf-l1-build-plat`` test group.
+If this is not the case, please follow the instructions below to add the
+appropriate files. We will illustrate this with an example for the ``Hikey``
+platform.
-- In this section you find the details on how to add the appropriate files,
- needed to build your newly introduced platform as part of ``tf-l1-build-plat``
- test group, illustrated with an example:
-
-- Lets consider ``Hikey`` platform:
- In the `tf-a-ci-scripts repository`_ we need to add a build configuration file ``hikey-default``
- under tf_config folder, ``tf_config/hikey-default`` listing all the build parameters
- relevant to it.
+- In the `tf-a-ci-scripts repository`_ we need to add a build configuration file
+ ``hikey-default`` under ``tf_config/`` folder. ``tf_config/hikey-default``
+ must list all the build parameters relevant to it.
.. code:: shell
- #Hikey Build Parameters
+ # Hikey Build Parameters
CROSS_COMPILE=aarch64-none-elf-
PLAT=hikey
-- Further a test-configuration file ``hikey-default:nil`` need to be added under the
- test group, ``tf-l1-build-plat`` located at ``tf-a-ci-scripts/group/tf-l1-build-plat``,
- to allow the platform to be built as part of this group.
+- Further another file, ``hikey-default:nil``, needs to be added under
+ ``group/tf-l1-build-plat/`` folder to allow the platform to be built as part
+ of this test group. ``group/tf-l1-build-plat/hikey-default:nil`` file just
+ needs to exist but does not contain anything meaningful, apart from a
+ mandatory copyright notice:
.. code:: shell
@@ -268,7 +307,11 @@
# SPDX-License-Identifier: BSD-3-Clause
#
-- As illustrated above, you need to add the similar files supporting your platform.
+- As illustrated above, you need to add similar files supporting your platform.
+
+For a more elaborate explanation of the TF-A CI scripts internals, including how
+to add more complex tests beyond a simple build test, please refer to the `TF-A
+CI scripts overview`_ section of the OpenCI documentation.
Binary Components
=================
@@ -289,11 +332,10 @@
--------------
-*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.*
.. _developer.trustedfirmware.org: https://developer.trustedfirmware.org
.. _review.trustedfirmware.org: https://review.trustedfirmware.org
-.. _Trusted Firmware-A: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
.. _Git guidelines: http://git-scm.com/book/ch5-2.html
.. _Gerrit Uploading Changes documentation: https://review.trustedfirmware.org/Documentation/user-upload.html
.. _TF-A Tests: https://trustedfirmware-a-tests.readthedocs.io
@@ -302,3 +344,7 @@
.. _TF-A mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
.. _tf-a-ci-scripts repository: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/
.. _tf-cov-make: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/tree/script/tf-coverity/tf-cov-make
+.. _How to Contribute Code: https://tf-ci-users-guide.readthedocs.io/en/latest/#how-to-contribute-code
+.. _TF-A CI scripts overview: https://tf-ci-users-guide.readthedocs.io/en/latest/#tf-a-ci-scripts-overview
+.. _tf-a-coverity Jenkins job: https://ci.trustedfirmware.org/job/tf-a-coverity/
+.. _TF-A CI static checks job: https://ci.trustedfirmware.org/job/tf-a-static-checks/
diff --git a/docs/process/misra-compliance.csv b/docs/process/misra-compliance.csv
new file mode 100644
index 0000000..7b02930
--- /dev/null
+++ b/docs/process/misra-compliance.csv
@@ -0,0 +1,174 @@
+Seq,Dir / Rule,Number,Source,Category,Checker Enabled,Enforced,Comments
+1,D,1.1,MISRA C 2012,Required,N/A,Yes,
+2,D,2.1,MISRA C 2012,Required,N/A,Yes,
+3,D,3.1,MISRA C 2012,Required,N/A,No,It can’t be done retroactively.
+4,D,4.1,MISRA C 2012,Required,N/A,Yes,
+5,D,4.2,MISRA C 2012,Advisory,N/A,Yes,
+6,D,4.3,MISRA C 2012,Required,Yes,Yes,
+7,D,4.4,MISRA C 2012,Advisory,Yes,Yes,
+8,D,4.5,MISRA C 2012,Advisory,Yes,Yes,
+9,D,4.6,MISRA C 2012,Advisory,No,No,We use a mix of both. It would be too disruptive for the project to change.
+10,D,4.7,MISRA C 2012,Required,Yes,Yes,
+11,D,4.8,MISRA C 2012,Advisory,No,No,Fixing all instances would involve invasive changes to the codebase for no good reason.
+12,D,4.9,MISRA C 2012,Advisory,No,No,"We mustn’t introduce new macros unless strictly needed, but this affects assert(), INFO(), etc. It creates too much noise in the report for little gain."
+13,D,4.10,MISRA C 2012,Required,Yes,Yes,
+14,D,4.11,MISRA C 2012,Required,Yes,Yes,
+15,D,4.12,MISRA C 2012,Required,Yes,Yes,
+16,D,4.13,MISRA C 2012,Advisory,Yes,Yes,
+17,D,4.14,MISRA C 2012 AMD-1,Required,Yes,Yes,
+18,R,1.1,MISRA C 2012,Required,Yes,Yes,
+19,R,1.2,MISRA C 2012,Advisory,Yes,Optional,It bans __attribute__(()) and similar helpers.
+20,R,1.3,MISRA C 2012,Required,N/A,Yes,
+21,R,2.1,MISRA C 2012,Required,Yes,Yes,
+22,R,2.2,MISRA C 2012,Required,Yes,Yes,
+23,R,2.3,MISRA C 2012,Advisory,Yes,Optional,It prevents the usage of CASSERT().
+24,R,2.4,MISRA C 2012,Advisory,No,No,Header files may use enumerations instead of defines to group sets of values.
+25,R,2.5,MISRA C 2012,Advisory,No,No,We define many headers with macros that are unused in the project but may be used by non-upstream code or may be desirable for completeness.
+26,R,2.6,MISRA C 2012,Advisory,Yes,Yes,
+27,R,2.7,MISRA C 2012,Advisory,No,No,Doesn't allow for simple implementations of porting functions that don't require all parameters.
+28,R,3.1,MISRA C 2012,Required,Yes,Yes,
+29,R,3.2,MISRA C 2012,Required,Yes,Yes,
+30,R,4.1,MISRA C 2012,Required,Yes,Yes,
+31,R,4.2,MISRA C 2012,Advisory,Yes,Yes,
+32,R,5.1,MISRA C 2012,Required,No,No,We use weak symbols that prevent us from complying with this rule.
+33,R,5.2,MISRA C 2012,Required,Yes,Yes,
+34,R,5.3,MISRA C 2012,Required,Yes,Yes,
+35,R,5.4,MISRA C 2012,Required,Yes,Yes,
+36,R,5.5,MISRA C 2012,Required,Yes,Yes,
+37,R,5.6,MISRA C 2012,Required,Yes,Yes,
+38,R,5.7,MISRA C 2012,Required,Yes,Optional,Fixing all existing defects is problematic because of compatibility issues.
+39,R,5.8,MISRA C 2012,Required,No,No,We use weak symbols that prevent us from complying with this rule.
+40,R,5.9,MISRA C 2012,Advisory,Yes,Yes,
+41,R,6.1,MISRA C 2012,Required,Yes,Yes,
+42,R,6.2,MISRA C 2012,Required,Yes,Yes,
+43,R,7.1,MISRA C 2012,Required,Yes,Yes,
+44,R,7.2,MISRA C 2012,Required,Yes,Yes,
+45,R,7.3,MISRA C 2012,Required,Yes,Yes,
+46,R,7.4,MISRA C 2012,Required,Yes,Yes,
+47,R,8.1,MISRA C 2012,Required,Yes,Yes,
+48,R,8.2,MISRA C 2012,Required,Yes,Yes,
+49,R,8.3,MISRA C 2012,Required,Yes,Yes,
+50,R,8.4,MISRA C 2012,Required,Yes,Yes,
+51,R,8.5,MISRA C 2012,Required,Yes,Yes,
+52,R,8.6,MISRA C 2012,Required,No,No,We use weak symbols that prevent us from complying with this rule.
+53,R,8.7,MISRA C 2012,Advisory,No,No,"Bans pattern of declaring funcs in private header that are used/defined in separate translation units, which seems over the top."
+54,R,8.8,MISRA C 2012,Required,Yes,Yes,
+55,R,8.9,MISRA C 2012,Advisory,Yes,Yes,
+56,R,8.10,MISRA C 2012,Required,Yes,Yes,
+57,R,8.11,MISRA C 2012,Advisory,Yes,Optional,This may not be possible in some interfaces.
+58,R,8.12,MISRA C 2012,Required,Yes,Yes,
+59,R,8.13,MISRA C 2012,Advisory,Yes,Optional,The benefits of fixing existing code aren’t worth the effort.
+60,R,8.14,MISRA C 2012,Required,Yes,Yes,
+61,R,9.1,MISRA C 2012,Mandatory,Yes,Yes,
+62,R,9.2,MISRA C 2012,Required,Yes,Yes,
+63,R,9.3,MISRA C 2012,Required,Yes,Yes,
+64,R,9.4,MISRA C 2012,Required,Yes,Yes,
+65,R,9.5,MISRA C 2012,Required,Yes,Yes,
+66,R,10.1,MISRA C 2012,Required,Yes,Optional,Fixing existing code may be counter-productive and introduce bugs.
+67,R,10.2,MISRA C 2012,Required,Yes,Yes,
+68,R,10.3,MISRA C 2012,Required,Yes,Optional,Fixing existing code may be counter-productive and introduce bugs.
+69,R,10.4,MISRA C 2012,Required,Yes,Optional,Fixing existing code may be counter-productive and introduce bugs.
+70,R,10.5,MISRA C 2012,Advisory,Yes,Yes,
+71,R,10.6,MISRA C 2012,Required,Yes,Yes,
+72,R,10.7,MISRA C 2012,Required,Yes,Yes,
+73,R,10.8,MISRA C 2012,Required,Yes,Yes,
+74,R,11.1,MISRA C 2012,Required,Yes,Yes,
+75,R,11.2,MISRA C 2012,Required,Yes,Yes,
+76,R,11.3,MISRA C 2012,Required,Yes,Yes,
+77,R,11.4,MISRA C 2012,Advisory,No,No,This would be invasive for TF (e.g. in exported linker script macros). Also bans conversion from uintptr_t.
+78,R,11.5,MISRA C 2012,Advisory,No,No,"This seems to preclude the pattern of using void * in interfaces to hide the real object, which we use extensively."
+79,R,11.6,MISRA C 2012,Required,Yes,Optional,This is needed in several cases.
+80,R,11.7,MISRA C 2012,Required,Yes,Yes,
+81,R,11.8,MISRA C 2012,Required,Yes,Yes,
+82,R,11.9,MISRA C 2012,Required,Yes,Yes,
+83,R,12.1,MISRA C 2012,Advisory,Yes,Yes,
+84,R,12.2,MISRA C 2012,Required,Yes,Yes,"This rule is fine, but there are lots of false positives in Coverity."
+85,R,12.3,MISRA C 2012,Advisory,Yes,Yes,
+86,R,12.4,MISRA C 2012,Advisory,Yes,Yes,
+87,R,12.5,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+88,R,13.1,MISRA C 2012,Required,Yes,Yes,
+89,R,13.2,MISRA C 2012,Required,Yes,Yes,
+90,R,13.3,MISRA C 2012,Advisory,Yes,Yes,
+91,R,13.4,MISRA C 2012,Advisory,Yes,Yes,
+92,R,13.5,MISRA C 2012,Required,Yes,Yes,
+93,R,13.6,MISRA C 2012,Mandatory,Yes,Yes,
+94,R,14.1,MISRA C 2012,Required,Yes,Yes,
+95,R,14.2,MISRA C 2012,Required,Yes,Yes,
+96,R,14.3,MISRA C 2012,Required,Yes,Yes,
+97,R,14.4,MISRA C 2012,Required,Yes,Yes,
+98,R,15.1,MISRA C 2012,Advisory,No,No,In some cases goto may be useful for readability.
+99,R,15.2,MISRA C 2012,Required,Yes,Yes,
+100,R,15.3,MISRA C 2012,Required,Yes,Yes,
+101,R,15.4,MISRA C 2012,Advisory,Yes,Yes,
+102,R,15.5,MISRA C 2012,Advisory,No,No,This has no real value. It may make code less understandable than before.
+103,R,15.6,MISRA C 2012,Required,No,No,This directly contradicts the Linux style guidelines and would require many changes. We would have to remove that rule from checkpatch.
+104,R,15.7,MISRA C 2012,Required,Yes,Yes,
+105,R,16.1,MISRA C 2012,Required,No,No,Cannot comply with this unless we comply with 16.3
+106,R,16.2,MISRA C 2012,Required,Yes,Yes,
+107,R,16.3,MISRA C 2012,Required,No,No,Returns within switch statements and fall-throughs can improve readability.
+108,R,16.4,MISRA C 2012,Required,Yes,Yes,
+109,R,16.5,MISRA C 2012,Required,Yes,Yes,
+110,R,16.6,MISRA C 2012,Required,Yes,Yes,
+111,R,16.7,MISRA C 2012,Required,Yes,Yes,
+112,R,17.1,MISRA C 2012,Required,No,No,This is needed for printf.
+113,R,17.2,MISRA C 2012,Required,Yes,Yes,Bans recursion. We consider it acceptable if the max depth is known.
+114,R,17.3,MISRA C 2012,Mandatory,Yes,Yes,
+115,R,17.4,MISRA C 2012,Mandatory,Yes,Yes,
+116,R,17.5,MISRA C 2012,Advisory,Yes,Yes,
+117,R,17.6,MISRA C 2012,Mandatory,Yes,Yes,
+118,R,17.7,MISRA C 2012,Required,Yes,Optional,In some cases it doesn’t add any value to the code (like with memset() or printf()).
+119,R,17.8,MISRA C 2012,Advisory,Yes,Optional,It would make some one-line functions grow in size for no reason.
+120,R,18.1,MISRA C 2012,Required,Yes,Yes,
+121,R,18.2,MISRA C 2012,Required,Yes,Yes,
+122,R,18.3,MISRA C 2012,Required,Yes,Yes,
+123,R,18.4,MISRA C 2012,Advisory,Yes,Yes,
+124,R,18.5,MISRA C 2012,Advisory,Yes,Yes,
+125,R,18.6,MISRA C 2012,Required,Yes,Yes,
+126,R,18.7,MISRA C 2012,Required,Yes,Yes,
+127,R,18.8,MISRA C 2012,Required,Yes,Yes,
+128,R,19.1,MISRA C 2012,Mandatory,Yes,Yes,
+129,R,19.2,MISRA C 2012,Advisory,Yes,Optional,"Unions can be useful. We almost don’t use them, so it’s ok."
+130,R,20.1,MISRA C 2012,Advisory,Yes,Optional,In some files we have assembly-compatible includes followed by assembly-compatible definitions followed by C includes and C declarations. This is done to not have #ifdef in the include list.
+131,R,20.2,MISRA C 2012,Required,Yes,Yes,
+132,R,20.3,MISRA C 2012,Required,Yes,Yes,
+133,R,20.4,MISRA C 2012,Required,Yes,Yes,
+134,R,20.5,MISRA C 2012,Advisory,Yes,Yes,
+135,R,20.6,MISRA C 2012,Required,Yes,Yes,
+136,R,20.7,MISRA C 2012,Required,Yes,Yes,
+137,R,20.8,MISRA C 2012,Required,Yes,Optional,We need a new configuration system to fix all defects.
+138,R,20.9,MISRA C 2012,Required,Yes,Optional,"We use a mix of #if and #ifdef for boolean macros, which may raise some failures here. We should consistently use one or the other"
+139,R,20.10,MISRA C 2012,Advisory,Yes,Optional,"It’s good to avoid them, but they are sometimes needed."
+140,R,20.11,MISRA C 2012,Required,Yes,Yes,
+141,R,20.12,MISRA C 2012,Required,Yes,Yes,
+142,R,20.13,MISRA C 2012,Required,Yes,Yes,
+143,R,20.14,MISRA C 2012,Required,Yes,Yes,
+144,R,21.1,MISRA C 2012,Required,Yes,Yes,
+145,R,21.2,MISRA C 2012,Required,Yes,Yes,
+146,R,21.3,MISRA C 2012,Required,Yes,Yes,
+147,R,21.4,MISRA C 2012,Required,Yes,Yes,
+148,R,21.5,MISRA C 2012,Required,Yes,Yes,
+149,R,21.6,MISRA C 2012,Required,No,No,This bans printf.
+150,R,21.7,MISRA C 2012,Required,Yes,Yes,
+151,R,21.8,MISRA C 2012,Required,Yes,Yes,
+152,R,21.9,MISRA C 2012,Required,Yes,Yes,
+153,R,21.10,MISRA C 2012,Required,Yes,Yes,
+154,R,21.11,MISRA C 2012,Required,Yes,Yes,
+155,R,21.12,MISRA C 2012,Advisory,Yes,Yes,
+156,R,21.13,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+157,R,21.14,MISRA C 2012 AMD-1,Required,Yes,Yes,
+158,R,21.15,MISRA C 2012 AMD-1,Required,Yes,Yes,
+159,R,21.16,MISRA C 2012 AMD-1,Required,Yes,Yes,
+160,R,21.17,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+161,R,21.18,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+162,R,21.19,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+163,R,21.20,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+164,R,22.1,MISRA C 2012,Required,Yes,Yes,
+165,R,22.2,MISRA C 2012,Mandatory,Yes,Yes,
+166,R,22.3,MISRA C 2012,Required,Yes,Yes,
+167,R,22.4,MISRA C 2012,Mandatory,Yes,Yes,
+168,R,22.5,MISRA C 2012,Mandatory,Yes,Yes,
+169,R,22.6,MISRA C 2012,Mandatory,Yes,Yes,
+170,R,22.7,MISRA C 2012 AMD-1,Required,Yes,Yes,
+171,R,22.8,MISRA C 2012 AMD-1,Required,Yes,Yes,
+172,R,22.9,MISRA C 2012 AMD-1,Required,Yes,Yes,
+173,R,22.10,MISRA C 2012 AMD-1,Required,Yes,Yes,
diff --git a/docs/process/security.rst b/docs/process/security.rst
index c49ca6e..1e7ac2e 100644
--- a/docs/process/security.rst
+++ b/docs/process/security.rst
@@ -76,7 +76,7 @@
| |TFV-11| | A Malformed SDEI SMC can cause out of bound memory read |
+-----------+------------------------------------------------------------------+
-.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
+.. _issue tracker: https://github.com/TrustedFirmware-A/trusted-firmware-a/issues
.. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)`
diff --git a/docs/resources/diagrams/cot-dualroot.jpg b/docs/resources/diagrams/cot-dualroot.jpg
new file mode 100644
index 0000000..c56392e
--- /dev/null
+++ b/docs/resources/diagrams/cot-dualroot.jpg
Binary files differ
diff --git a/docs/resources/diagrams/cot-tbbr.jpg b/docs/resources/diagrams/cot-tbbr.jpg
new file mode 100644
index 0000000..7ecd69d
--- /dev/null
+++ b/docs/resources/diagrams/cot-tbbr.jpg
Binary files differ
diff --git a/drivers/arm/css/scmi/scmi_common.c b/drivers/arm/css/scmi/scmi_common.c
index ec749fb..ca855fe 100644
--- a/drivers/arm/css/scmi/scmi_common.c
+++ b/drivers/arm/css/scmi/scmi_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,6 +9,7 @@
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/arm/css/scmi.h>
+#include <drivers/delay_timer.h>
#include "scmi_private.h"
@@ -60,8 +61,10 @@
dmbsy();
/* Wait for channel to be free */
- while (!SCMI_IS_CHANNEL_FREE(mbx_mem->status))
- ;
+ while (!SCMI_IS_CHANNEL_FREE(mbx_mem->status)) {
+ if (ch->info->delay != 0)
+ udelay(ch->info->delay);
+ }
/*
* Ensure that any read to the SCMI payload area is done after reading
diff --git a/drivers/arm/css/scp/css_sds.c b/drivers/arm/css/scp/css_sds.c
index e42ee10..d9965c6 100644
--- a/drivers/arm/css/scp/css_sds.c
+++ b/drivers/arm/css/scp/css_sds.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -20,7 +20,7 @@
int ret;
unsigned int image_offset, image_flags;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SCP SDS initialization failed\n");
panic();
@@ -28,13 +28,15 @@
VERBOSE("Writing SCP image metadata\n");
image_offset = (uintptr_t) image - ARM_TRUSTED_SRAM_BASE;
- ret = sds_struct_write(SDS_SCP_IMG_STRUCT_ID, SDS_SCP_IMG_ADDR_OFFSET,
+ ret = sds_struct_write(SDS_SCP_AP_REGION_ID,
+ SDS_SCP_IMG_STRUCT_ID, SDS_SCP_IMG_ADDR_OFFSET,
&image_offset, SDS_SCP_IMG_ADDR_SIZE,
SDS_ACCESS_MODE_NON_CACHED);
if (ret != SDS_OK)
goto sds_fail;
- ret = sds_struct_write(SDS_SCP_IMG_STRUCT_ID, SDS_SCP_IMG_SIZE_OFFSET,
+ ret = sds_struct_write(SDS_SCP_AP_REGION_ID,
+ SDS_SCP_IMG_STRUCT_ID, SDS_SCP_IMG_SIZE_OFFSET,
&image_size, SDS_SCP_IMG_SIZE_SIZE,
SDS_ACCESS_MODE_NON_CACHED);
if (ret != SDS_OK)
@@ -42,7 +44,8 @@
VERBOSE("Marking SCP image metadata as valid\n");
image_flags = SDS_SCP_IMG_VALID_FLAG_BIT;
- ret = sds_struct_write(SDS_SCP_IMG_STRUCT_ID, SDS_SCP_IMG_FLAG_OFFSET,
+ ret = sds_struct_write(SDS_SCP_AP_REGION_ID,
+ SDS_SCP_IMG_STRUCT_ID, SDS_SCP_IMG_FLAG_OFFSET,
&image_flags, SDS_SCP_IMG_FLAG_SIZE,
SDS_ACCESS_MODE_NON_CACHED);
if (ret != SDS_OK)
@@ -68,7 +71,8 @@
/* Wait for the SCP RAM Firmware to complete its initialization process */
while (retry > 0) {
- ret = sds_struct_read(SDS_FEATURE_AVAIL_STRUCT_ID, 0,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ SDS_FEATURE_AVAIL_STRUCT_ID, 0,
&scp_feature_availability_flags,
SDS_FEATURE_AVAIL_SIZE,
SDS_ACCESS_MODE_NON_CACHED);
diff --git a/drivers/arm/css/sds/sds.c b/drivers/arm/css/sds/sds.c
index 1fb196c..a5e6389 100644
--- a/drivers/arm/css/sds/sds.c
+++ b/drivers/arm/css/sds/sds.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -15,40 +15,39 @@
#include "sds_private.h"
-/*
- * Variables used to track and maintain the state of the memory region reserved
- * for usage by the SDS framework.
- */
+/* Array of SDS memory region descriptions */
+static sds_region_desc_t *sds_regions;
-/* Pointer to the base of the SDS memory region */
-static uintptr_t sds_mem_base;
-
-/* Size of the SDS memory region in bytes */
-static size_t sds_mem_size;
+/* Total count of SDS memory regions */
+static unsigned int sds_region_cnt;
/*
* Perform some non-exhaustive tests to determine whether any of the fields
* within a Structure Header contain obviously invalid data.
* Returns SDS_OK on success, SDS_ERR_FAIL on error.
*/
-static int sds_struct_is_valid(uintptr_t header)
+static int sds_struct_is_valid(unsigned int region_id, uintptr_t header)
{
size_t struct_size = GET_SDS_HEADER_STRUCT_SIZE(header);
/* Zero is not a valid identifier */
- if (GET_SDS_HEADER_ID(header) == 0)
+ if (GET_SDS_HEADER_ID(header) == 0) {
return SDS_ERR_FAIL;
+ }
/* Check SDS Schema version */
- if (GET_SDS_HEADER_VERSION(header) == SDS_REGION_SCH_VERSION)
+ if (GET_SDS_HEADER_VERSION(header) == SDS_REGION_SCH_VERSION) {
return SDS_ERR_FAIL;
+ }
/* The SDS Structure sizes have to be multiple of 8 */
- if ((struct_size == 0) || ((struct_size % 8) != 0))
+ if ((struct_size == 0) || ((struct_size % 8) != 0)) {
return SDS_ERR_FAIL;
+ }
- if (struct_size > sds_mem_size)
+ if (struct_size > sds_regions[region_id].size) {
return SDS_ERR_FAIL;
+ }
return SDS_OK;
}
@@ -57,10 +56,11 @@
* Validate the SDS structure headers.
* Returns SDS_OK on success, SDS_ERR_FAIL on error.
*/
-static int validate_sds_struct_headers(void)
+static int validate_sds_struct_headers(unsigned int region_id)
{
unsigned int i, structure_count;
uintptr_t header;
+ uintptr_t sds_mem_base = sds_regions[region_id].base;
structure_count = GET_SDS_REGION_STRUCTURE_COUNT(sds_mem_base);
@@ -71,7 +71,7 @@
/* Iterate over structure headers and validate each one */
for (i = 0; i < structure_count; i++) {
- if (sds_struct_is_valid(header) != SDS_OK) {
+ if (sds_struct_is_valid(region_id, header) != SDS_OK) {
WARN("SDS: Invalid structure header detected\n");
return SDS_ERR_FAIL;
}
@@ -84,10 +84,12 @@
* Get the structure header pointer corresponding to the structure ID.
* Returns SDS_OK on success, SDS_ERR_STRUCT_NOT_FOUND on error.
*/
-static int get_struct_header(uint32_t structure_id, struct_header_t **header)
+static int get_struct_header(unsigned int region_id, uint32_t structure_id,
+ struct_header_t **header)
{
unsigned int i, structure_count;
uintptr_t current_header;
+ uintptr_t sds_mem_base = sds_regions[region_id].base;
assert(header);
@@ -116,12 +118,14 @@
* Returns SDS_OK if structure header exists else SDS_ERR_STRUCT_NOT_FOUND
* if not found.
*/
-int sds_struct_exists(unsigned int structure_id)
+int sds_struct_exists(unsigned int region_id, unsigned int structure_id)
{
struct_header_t *header = NULL;
int ret;
- ret = get_struct_header(structure_id, &header);
+ assert(region_id < sds_region_cnt);
+
+ ret = get_struct_header(region_id, structure_id, &header);
if (ret == SDS_OK) {
assert(header);
}
@@ -136,18 +140,21 @@
* The `data` is the pointer to store the read data of size specified by `size`.
* Returns SDS_OK on success or corresponding error codes on failure.
*/
-int sds_struct_read(uint32_t structure_id, unsigned int fld_off,
- void *data, size_t size, sds_access_mode_t mode)
+int sds_struct_read(unsigned int region_id, uint32_t structure_id,
+ unsigned int fld_off, void *data, size_t size,
+ sds_access_mode_t mode)
{
int status;
uintptr_t field_base;
struct_header_t *header = NULL;
+ assert(region_id < sds_region_cnt);
+
if (!data)
return SDS_ERR_INVALID_PARAMS;
/* Check if a structure with this ID exists */
- status = get_struct_header(structure_id, &header);
+ status = get_struct_header(region_id, structure_id, &header);
if (status != SDS_OK)
return status;
@@ -182,18 +189,21 @@
* The `data` is the pointer to data of size specified by `size`.
* Returns SDS_OK on success or corresponding error codes on failure.
*/
-int sds_struct_write(uint32_t structure_id, unsigned int fld_off,
- void *data, size_t size, sds_access_mode_t mode)
+int sds_struct_write(unsigned int region_id, uint32_t structure_id,
+ unsigned int fld_off, void *data, size_t size,
+ sds_access_mode_t mode)
{
int status;
uintptr_t field_base;
struct_header_t *header = NULL;
+ assert(region_id < sds_region_cnt);
+
if (!data)
return SDS_ERR_INVALID_PARAMS;
/* Check if a structure with this ID exists */
- status = get_struct_header(structure_id, &header);
+ status = get_struct_header(region_id, structure_id, &header);
if (status != SDS_OK)
return status;
@@ -226,12 +236,18 @@
/*
* Initialize the SDS driver. Also verifies the SDS version and sanity of
- * the SDS structure headers.
+ * the SDS structure headers in the given SDS region.
* Returns SDS_OK on success, SDS_ERR_FAIL on error.
*/
-int sds_init(void)
+int sds_init(unsigned int region_id)
{
- sds_mem_base = (uintptr_t)PLAT_ARM_SDS_MEM_BASE;
+ if (sds_regions == NULL) {
+ sds_regions = plat_sds_get_regions(&sds_region_cnt);
+ }
+
+ assert(region_id < sds_region_cnt);
+
+ uintptr_t sds_mem_base = sds_regions[region_id].base;
if (!IS_SDS_REGION_VALID(sds_mem_base)) {
WARN("SDS: No valid SDS Memory Region found\n");
@@ -244,15 +260,16 @@
return SDS_ERR_FAIL;
}
- sds_mem_size = GET_SDS_REGION_SIZE(sds_mem_base);
- if (sds_mem_size > PLAT_ARM_SDS_MEM_SIZE_MAX) {
+ sds_regions[region_id].size = GET_SDS_REGION_SIZE(sds_mem_base);
+ if (sds_regions[region_id].size > PLAT_ARM_SDS_MEM_SIZE_MAX) {
WARN("SDS: SDS Memory Region exceeds size limit\n");
return SDS_ERR_FAIL;
}
- INFO("SDS: Detected SDS Memory Region (%zu bytes)\n", sds_mem_size);
+ INFO("SDS: Detected SDS Memory Region (%zu bytes)\n",
+ sds_regions[region_id].size);
- if (validate_sds_struct_headers() != SDS_OK)
+ if (validate_sds_struct_headers(region_id) != SDS_OK)
return SDS_ERR_FAIL;
return SDS_OK;
diff --git a/drivers/arm/gic/v3/gicv3_main.c b/drivers/arm/gic/v3/gicv3_main.c
index 3c99517..3190f66 100644
--- a/drivers/arm/gic/v3/gicv3_main.c
+++ b/drivers/arm/gic/v3/gicv3_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2023, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -34,8 +34,8 @@
#pragma weak gicv3_rdistif_off
#pragma weak gicv3_rdistif_on
-/* Check interrupt ID for SGI/(E)PPI and (E)SPIs */
-static bool is_sgi_ppi(unsigned int id);
+/* Check for valid SGI/PPI or SPI interrupt ID */
+static bool is_valid_interrupt(unsigned int id);
/*
* Helper macros to save and restore GICR and GICD registers
@@ -447,8 +447,12 @@
return INTR_GROUP1NS;
}
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
+
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* SGIs: 0-15, PPIs: 16-31, EPPIs: 1056-1119 */
assert(gicv3_driver_data->rdistif_base_addrs != NULL);
gicr_base = gicv3_driver_data->rdistif_base_addrs[proc_num];
@@ -942,8 +946,11 @@
assert(proc_num < gicv3_driver_data->rdistif_num);
assert(gicv3_driver_data->rdistif_base_addrs != NULL);
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
return gicr_get_isactiver(
gicv3_driver_data->rdistif_base_addrs[proc_num], id);
@@ -973,9 +980,11 @@
* interrupt trigger are observed before enabling interrupt.
*/
dsbishst();
-
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_set_isenabler(
gicv3_driver_data->rdistif_base_addrs[proc_num], id);
@@ -1004,9 +1013,11 @@
* Disable interrupt, and ensure that any shared variable updates
* depending on out of band interrupt trigger are observed afterwards.
*/
-
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_set_icenabler(
gicv3_driver_data->rdistif_base_addrs[proc_num], id);
@@ -1041,8 +1052,11 @@
assert(proc_num < gicv3_driver_data->rdistif_num);
assert(gicv3_driver_data->rdistif_base_addrs != NULL);
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_base = gicv3_driver_data->rdistif_base_addrs[proc_num];
gicr_set_ipriorityr(gicr_base, id, priority);
@@ -1088,8 +1102,11 @@
break;
}
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_base = gicv3_driver_data->rdistif_base_addrs[proc_num];
@@ -1228,12 +1245,14 @@
* Clear pending interrupt, and ensure that any shared variable updates
* depending on out of band interrupt trigger are observed afterwards.
*/
-
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_set_icpendr(
- gicv3_driver_data->rdistif_base_addrs[proc_num], id);
+ gicv3_driver_data->rdistif_base_addrs[proc_num], id);
} else {
/* For SPIs: 32-1019 and ESPIs: 4096-5119 */
gicd_base = gicv3_get_multichip_base(id, gicv3_driver_data->gicd_base);
@@ -1263,8 +1282,12 @@
*/
dsbishst();
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
+
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_set_ispendr(
gicv3_driver_data->rdistif_base_addrs[proc_num], id);
@@ -1371,21 +1394,19 @@
}
/******************************************************************************
- * This function checks the interrupt ID and returns true for SGIs and (E)PPIs
- * and false for (E)SPIs IDs.
+ * This function checks the interrupt ID and returns true for SGIs, (E)PPIs
+ * and (E)SPIs IDs. Any interrupt ID outside the range is invalid and returns
+ * false.
*****************************************************************************/
-static bool is_sgi_ppi(unsigned int id)
+static bool is_valid_interrupt(unsigned int id)
{
- /* SGIs: 0-15, PPIs: 16-31, EPPIs: 1056-1119 */
- if (IS_SGI_PPI(id)) {
+ /* Valid interrupts:
+ * SGIs: 0-15, PPIs: 16-31, EPPIs: 1056-1119
+ * SPIs: 32-1019, ESPIs: 4096-5119
+ */
+ if ((IS_SGI_PPI(id)) || (IS_SPI(id))) {
return true;
}
- /* SPIs: 32-1019, ESPIs: 4096-5119 */
- if (IS_SPI(id)) {
- return false;
- }
-
- assert(false);
- panic();
+ return false;
}
diff --git a/drivers/arm/mhu/mhu_wrapper_v2_x.c b/drivers/arm/mhu/mhu_wrapper_v2_x.c
index 60de1d3..54a5881 100644
--- a/drivers/arm/mhu/mhu_wrapper_v2_x.c
+++ b/drivers/arm/mhu/mhu_wrapper_v2_x.c
@@ -308,5 +308,10 @@
assert(num_channels != 0);
- return num_channels * sizeof(uint32_t);
+ /*
+ * Returns only usable size of memory. As one channel is specifically
+ * used to inform about the size of payload, discard it from avialable
+ * memory size.
+ */
+ return (num_channels - 1) * sizeof(uint32_t);
}
diff --git a/drivers/arm/rss/rss_comms.c b/drivers/arm/rss/rss_comms.c
index 4622af9..332105f 100644
--- a/drivers/arm/rss/rss_comms.c
+++ b/drivers/arm/rss/rss_comms.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -59,8 +59,10 @@
* messages due to ATU configuration costs to allow access to the
* pointers.
*/
- if ((comms_embed_msg_min_size + in_size_total > comms_mhu_msg_size - sizeof(uint32_t))
- || (comms_embed_reply_min_size + out_size_total > comms_mhu_msg_size) - sizeof(uint32_t)) {
+ if ((comms_embed_msg_min_size + in_size_total >
+ comms_mhu_msg_size - sizeof(uint32_t)) ||
+ (comms_embed_reply_min_size + out_size_total >
+ comms_mhu_msg_size - sizeof(uint32_t))) {
return RSS_COMMS_PROTOCOL_POINTER_ACCESS;
} else {
return RSS_COMMS_PROTOCOL_EMBED;
@@ -82,8 +84,8 @@
psa_status_t return_val;
size_t idx;
- if (type > INT16_MAX || type < INT16_MIN || in_len > PSA_MAX_IOVEC
- || out_len > PSA_MAX_IOVEC) {
+ if (type > PSA_CALL_TYPE_MAX || type < PSA_CALL_TYPE_MIN ||
+ in_len > PSA_MAX_IOVEC || out_len > PSA_MAX_IOVEC) {
return PSA_ERROR_INVALID_ARGUMENT;
}
diff --git a/drivers/arm/rss/rss_comms_protocol_common.h b/drivers/arm/rss/rss_comms_protocol_common.h
new file mode 100644
index 0000000..177d636
--- /dev/null
+++ b/drivers/arm/rss/rss_comms_protocol_common.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/*
+ * Packing scheme of the control parameter
+ *
+ * 31 30-28 27 26-24 23-20 19 18-16 15-0
+ * +------------+-----+------+-------+-----+-------+-------+------+
+ * | | | | invec | | | outvec| type |
+ * | Res | Res | Res | number| Res | Res | number| |
+ * +------------+-----+------+-------+-----+-------+-------+------+
+ *
+ * Res: Reserved.
+ */
+
+#ifndef RSS_COMMS_PROTOCOL_COMMON
+#define RSS_COMMS_PROTOCOL_COMMON
+
+#define TYPE_OFFSET (0U)
+#define TYPE_MASK (0xFFFFUL << TYPE_OFFSET)
+#define IN_LEN_OFFSET (24U)
+#define IN_LEN_MASK (0x7UL << IN_LEN_OFFSET)
+#define OUT_LEN_OFFSET (16U)
+#define OUT_LEN_MASK (0x7UL << OUT_LEN_OFFSET)
+
+#define PARAM_PACK(type, in_len, out_len) \
+ (((((uint32_t)(type)) << TYPE_OFFSET) & TYPE_MASK) | \
+ ((((uint32_t)(in_len)) << IN_LEN_OFFSET) & IN_LEN_MASK) | \
+ ((((uint32_t)(out_len)) << OUT_LEN_OFFSET) & OUT_LEN_MASK))
+
+#endif /* RSS_COMMS_PROTOCOL_COMMON */
diff --git a/drivers/arm/rss/rss_comms_protocol_embed.c b/drivers/arm/rss/rss_comms_protocol_embed.c
index c453258..05628cc 100644
--- a/drivers/arm/rss/rss_comms_protocol_embed.c
+++ b/drivers/arm/rss/rss_comms_protocol_embed.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -9,20 +9,9 @@
#include <string.h>
#include <common/debug.h>
+#include "rss_comms_protocol_common.h"
#include "rss_comms_protocol_embed.h"
-#define TYPE_OFFSET (16U)
-#define TYPE_MASK (0xFFFFUL << TYPE_OFFSET)
-#define IN_LEN_OFFSET (8U)
-#define IN_LEN_MASK (0xFFUL << IN_LEN_OFFSET)
-#define OUT_LEN_OFFSET (0U)
-#define OUT_LEN_MASK (0xFFUL << OUT_LEN_OFFSET)
-
-#define PARAM_PACK(type, in_len, out_len) \
- (((((uint32_t)type) << TYPE_OFFSET) & TYPE_MASK) | \
- ((((uint32_t)in_len) << IN_LEN_OFFSET) & IN_LEN_MASK) | \
- ((((uint32_t)out_len) << OUT_LEN_OFFSET) & OUT_LEN_MASK))
-
psa_status_t rss_protocol_embed_serialize_msg(psa_handle_t handle,
int16_t type,
const psa_invec *in_vec,
diff --git a/drivers/arm/rss/rss_comms_protocol_pointer_access.c b/drivers/arm/rss/rss_comms_protocol_pointer_access.c
index 5007b9d..3a10a98 100644
--- a/drivers/arm/rss/rss_comms_protocol_pointer_access.c
+++ b/drivers/arm/rss/rss_comms_protocol_pointer_access.c
@@ -1,25 +1,14 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include <assert.h>
+#include "rss_comms_protocol_common.h"
#include "rss_comms_protocol_pointer_access.h"
-#define TYPE_OFFSET (16U)
-#define TYPE_MASK (0xFFFFUL << TYPE_OFFSET)
-#define IN_LEN_OFFSET (8U)
-#define IN_LEN_MASK (0xFFUL << IN_LEN_OFFSET)
-#define OUT_LEN_OFFSET (0U)
-#define OUT_LEN_MASK (0xFFUL << OUT_LEN_OFFSET)
-
-#define PARAM_PACK(type, in_len, out_len) \
- (((((uint32_t)type) << TYPE_OFFSET) & TYPE_MASK) | \
- ((((uint32_t)in_len) << IN_LEN_OFFSET) & IN_LEN_MASK) | \
- ((((uint32_t)out_len) << OUT_LEN_OFFSET) & OUT_LEN_MASK))
-
psa_status_t rss_protocol_pointer_access_serialize_msg(psa_handle_t handle,
int16_t type,
const psa_invec *in_vec,
diff --git a/drivers/st/bsec/bsec3.c b/drivers/st/bsec/bsec3.c
new file mode 100644
index 0000000..a803a3a
--- /dev/null
+++ b/drivers/st/bsec/bsec3.c
@@ -0,0 +1,533 @@
+/*
+ * Copyright (c) 2024, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <limits.h>
+
+#include <arch_helpers.h>
+#include <common/debug.h>
+#include <drivers/st/bsec.h>
+#include <drivers/st/bsec3_reg.h>
+#include <drivers/st/stm32mp_reset.h>
+#include <lib/mmio.h>
+#include <lib/spinlock.h>
+#include <libfdt.h>
+
+#include <platform_def.h>
+
+#define BSEC_IP_VERSION_1_0 U(0x10)
+#define BSEC_IP_ID_3 U(0x100033)
+
+#define MAX_NB_TRIES U(3)
+
+/*
+ * IP configuration
+ */
+#define BSEC_OTP_MASK GENMASK_32(4, 0)
+#define BSEC_OTP_BANK_SHIFT U(5)
+#define BSEC_TIMEOUT_VALUE U(0x800000) /* ~7sec @1.2GHz */
+
+/* Magic use to indicated valid SHADOW = 'B' 'S' 'E' 'C' */
+#define BSEC_MAGIC U(0x42534543)
+
+#define OTP_MAX_SIZE (STM32MP2_OTP_MAX_ID + U(1))
+
+struct bsec_shadow {
+ uint32_t magic;
+ uint32_t state;
+ uint32_t value[OTP_MAX_SIZE];
+ uint32_t status[OTP_MAX_SIZE];
+};
+
+static uint32_t otp_bank(uint32_t otp)
+{
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return (otp & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT;
+}
+
+static uint32_t otp_bit_mask(uint32_t otp)
+{
+ return BIT(otp & BSEC_OTP_MASK);
+}
+
+/*
+ * bsec_get_status: return status register value.
+ */
+static uint32_t bsec_get_status(void)
+{
+ return mmio_read_32(BSEC_BASE + BSEC_OTPSR);
+}
+
+/*
+ * bsec_get_version: return BSEC version.
+ */
+static uint32_t bsec_get_version(void)
+{
+ return mmio_read_32(BSEC_BASE + BSEC_VERR) & BSEC_VERR_MASK;
+}
+
+/*
+ * bsec_get_id: return BSEC ID.
+ */
+static uint32_t bsec_get_id(void)
+{
+ return mmio_read_32(BSEC_BASE + BSEC_IPIDR);
+}
+
+static bool is_fuse_shadowed(uint32_t otp)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+ uint32_t bank_value;
+
+ bank_value = mmio_read_32(BSEC_BASE + BSEC_SFSR(bank));
+
+ if ((bank_value & otp_mask) != 0U) {
+ return true;
+ }
+
+ return false;
+}
+
+static void poll_otp_status_busy(void)
+{
+ uint32_t timeout = BSEC_TIMEOUT_VALUE;
+
+ while (((bsec_get_status() & BSEC_OTPSR_BUSY) != 0U) && (timeout != 0U)) {
+ timeout--;
+ }
+
+ if ((bsec_get_status() & BSEC_OTPSR_BUSY) != 0U) {
+ ERROR("BSEC timeout\n");
+ panic();
+ }
+}
+
+static uint32_t check_read_error(uint32_t otp)
+{
+ uint32_t status = bsec_get_status();
+
+ if ((status & BSEC_OTPSR_SECF) != 0U) {
+ VERBOSE("BSEC read %u single error correction detected\n", otp);
+ }
+
+ if ((status & BSEC_OTPSR_PPLF) != 0U) {
+ VERBOSE("BSEC read %u permanent programming lock detected.\n", otp);
+ }
+
+ if ((status & BSEC_OTPSR_PPLMF) != 0U) {
+ ERROR("BSEC read %u error 0x%x\n", otp, status);
+ return BSEC_ERROR;
+ }
+
+ if ((status & (BSEC_OTPSR_DISTURBF | BSEC_OTPSR_DEDF | BSEC_OTPSR_AMEF)) != 0U) {
+ ERROR("BSEC read %u error 0x%x with invalid FVR\n", otp, status);
+ return BSEC_RETRY;
+ }
+
+ return BSEC_OK;
+}
+
+static uint32_t check_program_error(uint32_t otp)
+{
+ uint32_t status = bsec_get_status();
+
+ if ((status & BSEC_OTPSR_PROGFAIL) != 0U) {
+ ERROR("BSEC program %u error 0x%x\n", otp, status);
+ return BSEC_RETRY;
+ }
+
+ return BSEC_OK;
+}
+
+static void check_reset_error(void)
+{
+ uint32_t status = bsec_get_status();
+
+ /* check initial status reporting */
+ if ((status & BSEC_OTPSR_BUSY) != 0U) {
+ VERBOSE("BSEC reset and busy when OTPSR read\n");
+ }
+ if ((status & BSEC_OTPSR_HIDEUP) != 0U) {
+ VERBOSE("BSEC upper fuse are not accessible (HIDEUP)\n");
+ }
+ if ((status & BSEC_OTPSR_OTPSEC) != 0U) {
+ VERBOSE("BSEC reset single error correction detected\n");
+ }
+ if ((status & BSEC_OTPSR_OTPNVIR) == 0U) {
+ VERBOSE("BSEC reset first fuse word 0 is detected zero\n");
+ }
+ if ((status & BSEC_OTPSR_OTPERR) != 0U) {
+ ERROR("BSEC reset critical error 0x%x\n", status);
+ panic();
+ }
+ if ((status & BSEC_OTPSR_FUSEOK) != BSEC_OTPSR_FUSEOK) {
+ ERROR("BSEC reset critical error 0x%x\n", status);
+ panic();
+ }
+}
+
+static bool is_bsec_write_locked(void)
+{
+ return (mmio_read_32(BSEC_BASE + BSEC_LOCKR) & BSEC_LOCKR_GWLOCK_MASK) != 0U;
+}
+
+/*
+ * bsec_probe: initialize BSEC driver.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_probe(void)
+{
+ uint32_t version = bsec_get_version();
+ uint32_t id = bsec_get_id();
+
+ if ((version != BSEC_IP_VERSION_1_0) || (id != BSEC_IP_ID_3)) {
+ ERROR("%s: version = 0x%x, id = 0x%x\n", __func__, version, id);
+ panic();
+ }
+
+ check_reset_error();
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_shadow_register: copy SAFMEM OTP to BSEC data.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+static uint32_t bsec_shadow_register(uint32_t otp)
+{
+ uint32_t result;
+ uint32_t i;
+ bool value;
+
+ result = bsec_read_sr_lock(otp, &value);
+ if (result != BSEC_OK) {
+ WARN("BSEC: %u Sticky-read bit read Error %u\n", otp, result);
+ } else if (value) {
+ VERBOSE("BSEC: OTP %u is locked and will not be refreshed\n", otp);
+ }
+
+ for (i = 0U; i < MAX_NB_TRIES; i++) {
+ mmio_write_32(BSEC_BASE + BSEC_OTPCR, otp);
+
+ poll_otp_status_busy();
+
+ result = check_read_error(otp);
+ if (result != BSEC_RETRY) {
+ break;
+ }
+ }
+
+ return result;
+}
+
+/*
+ * bsec_write_otp: write a value in shadow OTP.
+ * val: value to program.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_write_otp(uint32_t val, uint32_t otp)
+{
+ bool state;
+ uint32_t result;
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ if (!is_fuse_shadowed(otp)) {
+ return BSEC_ERROR;
+ }
+
+ if (is_bsec_write_locked()) {
+ return BSEC_WRITE_LOCKED;
+ }
+
+ result = bsec_read_sw_lock(otp, &state);
+ if (result != BSEC_OK) {
+ WARN("Shadow register is SW locked\n");
+ return result;
+ }
+
+ mmio_write_32(BSEC_BASE + BSEC_FVR(otp), val);
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_program_otp: program a bit in SAFMEM after the prog.
+ * The OTP data is not refreshed.
+ * val: value to program.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_program_otp(uint32_t val, uint32_t otp)
+{
+ uint32_t result;
+ uint32_t i;
+ bool value;
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ if (is_bsec_write_locked() == true) {
+ return BSEC_WRITE_LOCKED;
+ }
+
+ result = bsec_read_sp_lock(otp, &value);
+ if (result != BSEC_OK) {
+ WARN("BSEC: %u Sticky-prog bit read Error %u\n", otp, result);
+ } else if (value) {
+ WARN("BSEC: OTP locked, prog will be ignored\n");
+ return BSEC_WRITE_LOCKED;
+ }
+
+ mmio_write_32(BSEC_BASE + BSEC_WDR, val);
+
+ for (i = 0U; i < MAX_NB_TRIES; i++) {
+ mmio_write_32(BSEC_BASE + BSEC_OTPCR, otp | BSEC_OTPCR_PROG);
+
+ poll_otp_status_busy();
+
+ result = check_program_error(otp);
+ if (result != BSEC_RETRY) {
+ break;
+ }
+ }
+
+ return result;
+}
+
+/*
+ * bsec_read_debug_conf: read debug configuration.
+ */
+uint32_t bsec_read_debug_conf(void)
+{
+ return mmio_read_32(BSEC_BASE + BSEC_DENR);
+}
+
+static uint32_t bsec_lock_register_set(uint32_t offset, uint32_t mask)
+{
+ uint32_t value = mmio_read_32(BSEC_BASE + offset);
+
+ /* The lock is already set */
+ if ((value & mask) != 0U) {
+ return BSEC_OK;
+ }
+
+ if (is_bsec_write_locked()) {
+ return BSEC_WRITE_LOCKED;
+ }
+
+ value |= mask;
+
+ mmio_write_32(BSEC_BASE + offset, value);
+
+ return BSEC_OK;
+}
+
+static bool bsec_lock_register_get(uint32_t offset, uint32_t mask)
+{
+ uint32_t value = mmio_read_32(BSEC_BASE + offset);
+
+ return (value & mask) != 0U;
+}
+
+/*
+ * bsec_set_sr_lock: set shadow-read lock.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_set_sr_lock(uint32_t otp)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return bsec_lock_register_set(BSEC_SRLOCK(bank), otp_mask);
+}
+
+/*
+ * bsec_read_sr_lock: read shadow-read lock.
+ * otp: OTP number.
+ * value: read value (true or false).
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_read_sr_lock(uint32_t otp, bool *value)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ assert(value != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ *value = bsec_lock_register_get(BSEC_SRLOCK(bank), otp_mask);
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_set_sw_lock: set shadow-write lock.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_set_sw_lock(uint32_t otp)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return bsec_lock_register_set(BSEC_SWLOCK(bank), otp_mask);
+}
+
+/*
+ * bsec_read_sw_lock: read shadow-write lock.
+ * otp: OTP number.
+ * value: read value (true or false).
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_read_sw_lock(uint32_t otp, bool *value)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ assert(value != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ *value = bsec_lock_register_get(BSEC_SWLOCK(bank), otp_mask);
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_set_sp_lock: set shadow-program lock.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_set_sp_lock(uint32_t otp)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return bsec_lock_register_set(BSEC_SPLOCK(bank), otp_mask);
+}
+
+/*
+ * bsec_read_sp_lock: read shadow-program lock.
+ * otp: OTP number.
+ * value: read value (true or false).
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_read_sp_lock(uint32_t otp, bool *value)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ assert(value != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ *value = bsec_lock_register_get(BSEC_SPLOCK(bank), otp_mask);
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_get_secure_state: read state in BSEC status register.
+ * return: secure state
+ */
+uint32_t bsec_get_secure_state(void)
+{
+ uint32_t state = BSEC_STATE_INVALID;
+ uint32_t status = bsec_get_status();
+ uint32_t bsec_sr = mmio_read_32(BSEC_BASE + BSEC_SR);
+
+ if ((status & BSEC_OTPSR_FUSEOK) == BSEC_OTPSR_FUSEOK) {
+ /* NVSTATE is only valid if FUSEOK */
+ uint32_t nvstates = (bsec_sr & BSEC_SR_NVSTATE_MASK) >> BSEC_SR_NVSTATE_SHIFT;
+
+ if (nvstates == BSEC_SR_NVSTATE_OPEN) {
+ state = BSEC_STATE_SEC_OPEN;
+ } else if (nvstates == BSEC_SR_NVSTATE_CLOSED) {
+ state = BSEC_STATE_SEC_CLOSED;
+ } else {
+ VERBOSE("%s nvstates = %u\n", __func__, nvstates);
+ }
+ }
+
+ return state;
+}
+
+/*
+ * bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value
+ * val: read value.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_shadow_read_otp(uint32_t *val, uint32_t otp)
+{
+ assert(val != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ *val = 0U;
+
+ if (is_bsec_write_locked()) {
+ return BSEC_WRITE_LOCKED;
+ }
+
+ if (!is_fuse_shadowed(otp)) {
+ uint32_t result = bsec_shadow_register(otp);
+
+ if (result != BSEC_OK) {
+ ERROR("BSEC: %u Shadowing Error %u\n", otp, result);
+ return result;
+ }
+ }
+
+ *val = mmio_read_32(BSEC_BASE + BSEC_FVR(otp));
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_read_otp: read an OTP data value.
+ * val: read value.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_read_otp(uint32_t *val, uint32_t otp)
+{
+ assert(val != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return bsec_shadow_read_otp(val, otp);
+}
diff --git a/fdts/tc.dts b/fdts/tc.dts
index 4f27589..b7acb8d 100644
--- a/fdts/tc.dts
+++ b/fdts/tc.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,7 +13,7 @@
#size-cells = <2>;
aliases {
- serial0 = &soc_uart0;
+ serial0 = &ap_ns_uart;
};
chosen {
@@ -327,10 +327,10 @@
clock-output-names = "uartclk";
};
- soc_uart0: uart@7ff80000 {
+ ap_ns_uart: uart@2A400000 {
compatible = "arm,pl011", "arm,primecell";
- reg = <0x0 0x7ff80000 0x0 0x1000>;
- interrupts = <0x0 116 0x4>;
+ reg = <0x0 0x2A400000 0x0 0x1000>;
+ interrupts = <0x0 63 0x4>;
clocks = <&soc_uartclk>, <&soc_refclk100mhz>;
clock-names = "uartclk", "apb_pclk";
status = "okay";
diff --git a/include/arch/aarch32/arch_features.h b/include/arch/aarch32/arch_features.h
index f19c4c2..dd9b7ad 100644
--- a/include/arch/aarch32/arch_features.h
+++ b/include/arch/aarch32/arch_features.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -137,6 +137,7 @@
static inline bool is_feat_ecv_supported(void) { return false; }
static inline bool is_feat_ecv_v2_supported(void) { return false; }
static inline bool is_feat_csv2_2_supported(void) { return false; }
+static inline bool is_feat_csv2_3_supported(void) { return false; }
static inline bool is_feat_ras_supported(void) { return false; }
/* The following features are supported in AArch64 only. */
@@ -147,6 +148,8 @@
static inline bool is_feat_spe_supported(void) { return false; }
static inline bool is_feat_rng_supported(void) { return false; }
static inline bool is_feat_gcs_supported(void) { return false; }
+static inline bool is_feat_mte_supported(void) { return false; }
+static inline bool is_feat_mte2_supported(void) { return false; }
static inline bool is_feat_mpam_supported(void) { return false; }
static inline bool is_feat_hcx_supported(void) { return false; }
static inline bool is_feat_sve_supported(void) { return false; }
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index e9d22b6..b88d6c6 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -197,6 +197,7 @@
#define ID_AA64PFR0_CSV2_MASK ULL(0xf)
#define ID_AA64PFR0_CSV2_LENGTH U(4)
#define ID_AA64PFR0_CSV2_2_SUPPORTED ULL(0x2)
+#define ID_AA64PFR0_CSV2_3_SUPPORTED ULL(0x3)
#define ID_AA64PFR0_FEAT_RME_SHIFT U(52)
#define ID_AA64PFR0_FEAT_RME_MASK ULL(0xf)
diff --git a/include/arch/aarch64/arch_features.h b/include/arch/aarch64/arch_features.h
index cf8da5e..60fb522 100644
--- a/include/arch/aarch64/arch_features.h
+++ b/include/arch/aarch64/arch_features.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -89,12 +89,10 @@
ID_AA64PFR1_EL1_BT_MASK) == BTI_IMPLEMENTED;
}
-static inline unsigned int get_armv8_5_mte_support(void)
-{
- return ((read_id_aa64pfr1_el1() >> ID_AA64PFR1_EL1_MTE_SHIFT) &
- ID_AA64PFR1_EL1_MTE_MASK);
-}
-
+CREATE_FEATURE_FUNCS(feat_mte, id_aa64pfr1_el1, ID_AA64PFR1_EL1_MTE_SHIFT,
+ ENABLE_FEAT_MTE)
+CREATE_FEATURE_FUNCS_VER(feat_mte2, read_feat_mte_id_field, MTE_IMPLEMENTED_ELX,
+ ENABLE_FEAT_MTE2)
CREATE_FEATURE_FUNCS(feat_sel2, id_aa64pfr0_el1, ID_AA64PFR0_SEL2_SHIFT,
ENABLE_FEAT_SEL2)
CREATE_FEATURE_FUNCS(feat_twed, id_aa64mmfr1_el1, ID_AA64MMFR1_EL1_TWED_SHIFT,
@@ -191,10 +189,28 @@
return ISOLATE_FIELD(read_id_aa64isar1_el1(), ID_AA64ISAR1_SB_SHIFT);
}
+/*
+ * FEAT_CSV2: Cache Speculation Variant 2. This checks bit fields[56-59]
+ * of id_aa64pfr0_el1 register and can be used to check for below features:
+ * FEAT_CSV2_2: Cache Speculation Variant CSV2_2.
+ * FEAT_CSV2_3: Cache Speculation Variant CSV2_3.
+ * 0b0000 - Feature FEAT_CSV2 is not implemented.
+ * 0b0001 - Feature FEAT_CSV2 is implemented, but FEAT_CSV2_2 and FEAT_CSV2_3
+ * are not implemented.
+ * 0b0010 - Feature FEAT_CSV2_2 is implemented but FEAT_CSV2_3 is not
+ * implemented.
+ * 0b0011 - Feature FEAT_CSV2_3 is implemented.
+ */
+static inline unsigned int read_feat_csv2_id_field(void)
+{
+ return (unsigned int)(read_id_aa64pfr0_el1() >>
+ ID_AA64PFR0_CSV2_SHIFT) & ID_AA64PFR0_CSV2_MASK;
+}
+
-/* FEAT_CSV2_2: Cache Speculation Variant 2 */
-CREATE_FEATURE_FUNCS(feat_csv2, id_aa64pfr0_el1, ID_AA64PFR0_CSV2_SHIFT, 0)
CREATE_FEATURE_FUNCS_VER(feat_csv2_2, read_feat_csv2_id_field,
ID_AA64PFR0_CSV2_2_SUPPORTED, ENABLE_FEAT_CSV2_2)
+CREATE_FEATURE_FUNCS_VER(feat_csv2_3, read_feat_csv2_id_field,
+ ID_AA64PFR0_CSV2_3_SUPPORTED, ENABLE_FEAT_CSV2_3)
/* FEAT_SPE: Statistical Profiling Extension */
CREATE_FEATURE_FUNCS(feat_spe, id_aa64dfr0_el1, ID_AA64DFR0_PMS_SHIFT,
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S
index a78837f..26c7578 100644
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@@ -64,9 +64,21 @@
*
* SCR_EL3.EA: Set to one to route External Aborts and SError Interrupts
* to EL3 when executing at any EL.
+ *
+ * SCR_EL3.EEL2: Set to one if S-EL2 is present and enabled.
+ *
+ * NOTE: Modifying EEL2 bit along with EA bit ensures that we mitigate
+ * against ERRATA_V2_3099206.
* ---------------------------------------------------------------------
*/
mov_imm x0, (SCR_RESET_VAL | SCR_EA_BIT | SCR_SIF_BIT)
+#if IMAGE_BL31 && defined(SPD_spmd) && SPMD_SPM_AT_SEL2
+ mrs x1, id_aa64pfr0_el1
+ and x1, x1, #(ID_AA64PFR0_SEL2_MASK << ID_AA64PFR0_SEL2_SHIFT)
+ cbz x1, 1f
+ orr x0, x0, #SCR_EEL2_BIT
+#endif
+1:
msr scr_el3, x0
/* ---------------------------------------------------------------------
diff --git a/include/bl31/interrupt_mgmt.h b/include/bl31/interrupt_mgmt.h
index 21af112..8b9dfb6 100644
--- a/include/bl31/interrupt_mgmt.h
+++ b/include/bl31/interrupt_mgmt.h
@@ -107,10 +107,10 @@
static inline int32_t validate_el3_interrupt_rm(uint32_t x)
{
-#if EL3_EXCEPTION_HANDLING && !(defined(SPD_spmd) && (SPMD_SPM_AT_SEL2 == 1))
+#if EL3_EXCEPTION_HANDLING && SPM_MM
/*
* With EL3 exception handling, EL3 interrupts are always routed to EL3
- * from both Secure and Non-secure, when the SPMC does not live in S-EL2.
+ * from Non-secure and from secure only if SPM_MM is present.
* Therefore INTR_EL3_VALID_RM1 is the only valid routing model.
*/
if (x == INTR_EL3_VALID_RM1)
diff --git a/include/drivers/arm/css/scmi.h b/include/drivers/arm/css/scmi.h
index 356012b..96e1924 100644
--- a/include/drivers/arm/css/scmi.h
+++ b/include/drivers/arm/css/scmi.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -123,6 +123,8 @@
void (*ring_doorbell)(struct scmi_channel_plat_info *plat_info);
/* cookie is unused now. But added for future enhancements. */
void *cookie;
+ /* Delay in micro-seconds while polling the channel status. */
+ uint32_t delay;
} scmi_channel_plat_info_t;
diff --git a/include/drivers/arm/css/sds.h b/include/drivers/arm/css/sds.h
index db4cbaa..ab95775 100644
--- a/include/drivers/arm/css/sds.h
+++ b/include/drivers/arm/css/sds.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -79,12 +79,33 @@
SDS_ACCESS_MODE_CACHED,
} sds_access_mode_t;
-int sds_init(void);
-int sds_struct_exists(unsigned int structure_id);
-int sds_struct_read(uint32_t structure_id, unsigned int fld_off, void *data,
- size_t size, sds_access_mode_t mode);
-int sds_struct_write(uint32_t structure_id, unsigned int fld_off, void *data,
- size_t size, sds_access_mode_t mode);
+/*
+ * The following structure describes a SDS memory region. Its items are used
+ * to track and maintain the state of the memory region reserved for usage
+ * by the SDS framework.
+ *
+ * The base address of the SDS memory region is platform specific. The
+ * SDS description structure must already contain the address when it is
+ * returned by the plat_sds_get_regions() platform API during SDS region
+ * initialization.
+ * The size of the SDS memory region is dynamically discovered during the
+ * initialization of the region and written into the 'size' item of the
+ * SDS description structure.
+ */
+typedef struct {
+ uintptr_t base; /* Pointer to the base of the SDS memory region */
+ size_t size; /* Size of the SDS memory region in bytes */
+} sds_region_desc_t;
+
+/* API to get the platform specific SDS region description(s) */
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count);
+
+int sds_init(unsigned int region_id);
+int sds_struct_exists(unsigned int region_id, unsigned int structure_id);
+int sds_struct_read(unsigned int region_id, uint32_t structure_id,
+ unsigned int fld_off, void *data, size_t size, sds_access_mode_t mode);
+int sds_struct_write(unsigned int region_id, uint32_t structure_id,
+ unsigned int fld_off, void *data, size_t size, sds_access_mode_t mode);
#endif /*__ASSEMBLER__ */
#endif /* SDS_H */
diff --git a/include/drivers/st/bsec3_reg.h b/include/drivers/st/bsec3_reg.h
new file mode 100644
index 0000000..177e30b
--- /dev/null
+++ b/include/drivers/st/bsec3_reg.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2024, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef BSEC3_REG_H
+#define BSEC3_REG_H
+
+#include <lib/utils_def.h>
+
+/* BSEC REGISTER OFFSET (base relative) */
+#define BSEC_FVR(x) (U(0x000) + 4U * (x))
+#define BSEC_SPLOCK(x) (U(0x800) + 4U * (x))
+#define BSEC_SWLOCK(x) (U(0x840) + 4U * (x))
+#define BSEC_SRLOCK(x) (U(0x880) + 4U * (x))
+#define BSEC_OTPVLDR(x) (U(0x8C0) + 4U * (x))
+#define BSEC_SFSR(x) (U(0x940) + 4U * (x))
+#define BSEC_OTPCR U(0xC04)
+#define BSEC_WDR U(0xC08)
+#define BSEC_SCRATCHR0 U(0xE00)
+#define BSEC_SCRATCHR1 U(0xE04)
+#define BSEC_SCRATCHR2 U(0xE08)
+#define BSEC_SCRATCHR3 U(0xE0C)
+#define BSEC_LOCKR U(0xE10)
+#define BSEC_JTAGINR U(0xE14)
+#define BSEC_JTAGOUTR U(0xE18)
+#define BSEC_DENR U(0xE20)
+#define BSEC_UNMAPR U(0xE24)
+#define BSEC_SR U(0xE40)
+#define BSEC_OTPSR U(0xE44)
+#define BSEC_WRCR U(0xF00)
+#define BSEC_HWCFGR U(0xFF0)
+#define BSEC_VERR U(0xFF4)
+#define BSEC_IPIDR U(0xFF8)
+#define BSEC_SIDR U(0xFFC)
+
+/* BSEC_OTPCR register fields */
+#define BSEC_OTPCR_ADDR_MASK GENMASK_32(8, 0)
+#define BSEC_OTPCR_ADDR_SHIFT U(0)
+#define BSEC_OTPCR_PROG BIT_32(13)
+#define BSEC_OTPCR_PPLOCK BIT_32(14)
+#define BSEC_OTPCR_LASTCID_MASK GENMASK_32(21, 19)
+#define BSEC_OTPCR_LASTCID_SHIFT U(19)
+
+/* BSEC_LOCKR register fields */
+#define BSEC_LOCKR_GWLOCK_MASK BIT_32(0)
+#define BSEC_LOCKR_GWLOCK_SHIFT U(0)
+#define BSEC_LOCKR_DENLOCK_MASK BIT_32(1)
+#define BSEC_LOCKR_DENLOCK_SHIFT U(1)
+#define BSEC_LOCKR_HKLOCK_MASK BIT_32(2)
+#define BSEC_LOCKR_HKLOCK_SHIFT U(2)
+
+/* BSEC_DENR register fields */
+#define BSEC_DENR_LPDBGEN BIT_32(0)
+#define BSEC_DENR_DBGENA BIT_32(1)
+#define BSEC_DENR_NIDENA BIT_32(2)
+#define BSEC_DENR_DEVICEEN BIT_32(3)
+#define BSEC_DENR_HDPEN BIT_32(4)
+#define BSEC_DENR_SPIDENA BIT_32(5)
+#define BSEC_DENR_SPNIDENA BIT_32(6)
+#define BSEC_DENR_DBGSWEN BIT_32(7)
+#define BSEC_DENR_DBGENM BIT_32(8)
+#define BSEC_DENR_NIDENM BIT_32(9)
+#define BSEC_DENR_SPIDENM BIT_32(10)
+#define BSEC_DENR_SPNIDENM BIT_32(11)
+#define BSEC_DENR_CFGSDIS BIT_32(12)
+#define BSEC_DENR_CP15SDIS_MASK GENMASK_32(14, 13)
+#define BSEC_DENR_CP15SDIS_SHIFT U(13)
+#define BSEC_DENR_LPDBGDIS BIT_32(15)
+#define BSEC_DENR_ALL_MSK GENMASK_32(15, 0)
+
+/* BSEC_SR register fields */
+#define BSEC_SR_BUSY BIT_32(0)
+#define BSEC_SR_HVALID BIT_32(1)
+#define BSEC_SR_RNGERR BIT_32(2)
+#define BSEC_SR_HKWW_MASK GENMASK_32(15, 8)
+#define BSEC_SR_HKWW_SHIFT U(8)
+#define BSEC_SR_NVSTATE_MASK GENMASK_32(31, 26)
+#define BSEC_SR_NVSTATE_SHIFT U(26)
+#define BSEC_SR_NVSTATE_OPEN U(0x16)
+#define BSEC_SR_NVSTATE_CLOSED U(0x0D)
+#define BSEC_SR_NVSTATE_OTP_LOCKED U(0x23)
+
+/* BSEC_OTPSR register fields */
+#define BSEC_OTPSR_BUSY BIT_32(0)
+#define BSEC_OTPSR_FUSEOK BIT_32(1)
+#define BSEC_OTPSR_HIDEUP BIT_32(2)
+#define BSEC_OTPSR_OTPNVIR BIT_32(4)
+#define BSEC_OTPSR_OTPERR BIT_32(5)
+#define BSEC_OTPSR_OTPSEC BIT_32(6)
+#define BSEC_OTPSR_PROGFAIL BIT_32(16)
+#define BSEC_OTPSR_DISTURBF BIT_32(17)
+#define BSEC_OTPSR_DEDF BIT_32(18)
+#define BSEC_OTPSR_SECF BIT_32(19)
+#define BSEC_OTPSR_PPLF BIT_32(20)
+#define BSEC_OTPSR_PPLMF BIT_32(21)
+#define BSEC_OTPSR_AMEF BIT_32(22)
+
+/* BSEC_VERR register fields */
+#define BSEC_VERR_MASK GENMASK_32(7, 0)
+
+#endif /* BSEC3_REG_H */
diff --git a/include/drivers/usb_device.h b/include/drivers/usb_device.h
index 8fdb6ae..d4c491c 100644
--- a/include/drivers/usb_device.h
+++ b/include/drivers/usb_device.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2021-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,7 @@
#ifndef USB_DEVICE_H
#define USB_DEVICE_H
+#include <stdbool.h>
#include <stdint.h>
#include <lib/utils_def.h>
diff --git a/include/lib/cpus/aarch64/cortex_a35.h b/include/lib/cpus/aarch64/cortex_a35.h
index cef2960..c82b4eb 100644
--- a/include/lib/cpus/aarch64/cortex_a35.h
+++ b/include/lib/cpus/aarch64/cortex_a35.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,9 @@
/* Cortex-A35 Main ID register for revision 0 */
#define CORTEX_A35_MIDR U(0x410FD040)
+/* L2 Extended Control Register */
+#define CORTEX_A35_L2ECTLR_EL1 S3_1_C11_C0_3
+
/*******************************************************************************
* CPU Extended Control register specific definitions.
* CPUECTLR_EL1 is an implementation-specific register.
diff --git a/include/lib/cpus/aarch64/cortex_a715.h b/include/lib/cpus/aarch64/cortex_a715.h
index 950d02f..366894d 100644
--- a/include/lib/cpus/aarch64/cortex_a715.h
+++ b/include/lib/cpus/aarch64/cortex_a715.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,11 @@
#define CORTEX_A715_BHB_LOOP_COUNT U(38)
/*******************************************************************************
+ * CPU Auxiliary Control register 2 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A715_CPUACTLR2_EL1 S3_0_C15_C1_1
+
+/*******************************************************************************
* CPU Extended Control register specific definitions
******************************************************************************/
#define CORTEX_A715_CPUECTLR_EL1 S3_0_C15_C1_4
diff --git a/include/lib/cpus/aarch64/cortex_x3.h b/include/lib/cpus/aarch64/cortex_x3.h
index 4a3ac77..c5f820c 100644
--- a/include/lib/cpus/aarch64/cortex_x3.h
+++ b/include/lib/cpus/aarch64/cortex_x3.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -26,6 +26,11 @@
#define CORTEX_X3_CPUPWRCTLR_EL1_WFE_RET_CTRL_BITS_SHIFT U(7)
/*******************************************************************************
+ * CPU Auxiliary Control register specific definitions.
+ ******************************************************************************/
+#define CORTEX_X3_CPUACTLR_EL1 S3_0_C15_C1_0
+
+/*******************************************************************************
* CPU Auxiliary Control register 2 specific definitions.
******************************************************************************/
#define CORTEX_X3_CPUACTLR2_EL1 S3_0_C15_C1_1
@@ -39,6 +44,11 @@
#define CORTEX_X3_CPUACTLR5_EL1_BIT_56 (ULL(1) << 56)
/*******************************************************************************
+ * CPU Auxiliary Control register 6 specific definitions.
+ ******************************************************************************/
+#define CORTEX_X3_CPUACTLR6_EL1 S3_0_C15_C8_1
+
+/*******************************************************************************
* CPU Extended Control register 2 specific definitions.
******************************************************************************/
#define CORTEX_X3_CPUECTLR2_EL1 S3_0_C15_C1_5
diff --git a/include/lib/el3_runtime/aarch64/context.h b/include/lib/el3_runtime/aarch64/context.h
index f637619..910026e 100644
--- a/include/lib/el3_runtime/aarch64/context.h
+++ b/include/lib/el3_runtime/aarch64/context.h
@@ -140,7 +140,7 @@
#define CTX_TIMER_SYSREGS_END CTX_AARCH32_END
#endif /* NS_TIMER_SWITCH */
-#if CTX_INCLUDE_MTE_REGS
+#if ENABLE_FEAT_MTE
#define CTX_TFSRE0_EL1 (CTX_TIMER_SYSREGS_END + U(0x0))
#define CTX_TFSR_EL1 (CTX_TIMER_SYSREGS_END + U(0x8))
#define CTX_RGSR_EL1 (CTX_TIMER_SYSREGS_END + U(0x10))
@@ -150,7 +150,7 @@
#define CTX_MTE_REGS_END (CTX_TIMER_SYSREGS_END + U(0x20))
#else
#define CTX_MTE_REGS_END CTX_TIMER_SYSREGS_END
-#endif /* CTX_INCLUDE_MTE_REGS */
+#endif /* ENABLE_FEAT_MTE */
/*
* End of system registers.
diff --git a/include/lib/psa/psa/client.h b/include/lib/psa/psa/client.h
index 56fe028..46fac4a 100644
--- a/include/lib/psa/psa/client.h
+++ b/include/lib/psa/psa/client.h
@@ -1,6 +1,5 @@
-
/*
- * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -17,41 +16,57 @@
#ifndef IOVEC_LEN
#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0])))
#endif
+
/*********************** PSA Client Macros and Types *************************/
+
/**
* The version of the PSA Framework API that is being used to build the calling
* firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1
* is compatible with v1.0.
*/
#define PSA_FRAMEWORK_VERSION (0x0101u)
+
/**
* Return value from psa_version() if the requested RoT Service is not present
* in the system.
*/
#define PSA_VERSION_NONE (0u)
+
/**
* The zero-value null handle can be assigned to variables used in clients and
* RoT Services, indicating that there is no current connection or message.
*/
#define PSA_NULL_HANDLE ((psa_handle_t)0)
+
/**
* Tests whether a handle value returned by psa_connect() is valid.
*/
#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0)
+
/**
* Converts the handle value returned from a failed call psa_connect() into
* an error code.
*/
#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle))
+
/**
* Maximum number of input and output vectors for a request to psa_call().
*/
#define PSA_MAX_IOVEC (4u)
+
+/**
+ * The minimum and maximum value that can be passed
+ * as the type parameter in a call to psa_call().
+ */
+#define PSA_CALL_TYPE_MIN (0)
+#define PSA_CALL_TYPE_MAX (INT16_MAX)
+
/**
* An IPC message type that indicates a generic client request.
*/
#define PSA_IPC_CALL (0)
typedef int32_t psa_handle_t;
+
/**
* A read-only input memory region provided to an RoT Service.
*/
@@ -59,6 +74,7 @@
const void *base; /*!< the start address of the memory buffer */
size_t len; /*!< the size in bytes */
} psa_invec;
+
/**
* A writable output memory region provided to an RoT Service.
*/
diff --git a/include/lib/psa/rss_crypto_defs.h b/include/lib/psa/rss_crypto_defs.h
index b8c7426..40d217a 100644
--- a/include/lib/psa/rss_crypto_defs.h
+++ b/include/lib/psa/rss_crypto_defs.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -38,21 +38,28 @@
};
/*
- * Structure used to pack non-pointer types in a call
+ * Structure used to pack non-pointer types in a call to PSA Crypto APIs
*/
struct rss_crypto_pack_iovec {
- psa_key_id_t key_id; /* Key id */
- psa_algorithm_t alg; /* Algorithm */
- uint32_t op_handle; /* Frontend context handle associated
- to a multipart operation */
- uint32_t capacity; /* Key derivation capacity */
- uint32_t ad_length; /* Additional Data length for multipart AEAD */
- uint32_t plaintext_length; /* Plaintext length for multipart AEAD */
- struct rss_crypto_aead_pack_input aead_in; /* Packs AEAD-related inputs */
- uint16_t function_id; /* Used to identify the function in the API dispatcher
- to the service backend. See rss_crypto_func_sid for
- detail */
- uint16_t step; /* Key derivation step */
+ psa_key_id_t key_id; /*!< Key id */
+ psa_algorithm_t alg; /*!< Algorithm */
+ uint32_t op_handle; /*!< Frontend context handle associated to a
+ * multipart operation
+ */
+ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */
+ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
+
+ struct rss_crypto_aead_pack_input aead_in; /*!< Packs AEAD-related inputs */
+
+ uint16_t function_id; /*!< Used to identify the function in the
+ * API dispatcher to the service backend
+ * See rss_crypto_func_sid for detail
+ */
+ uint16_t step; /*!< Key derivation step */
+ union {
+ size_t capacity; /*!< Key derivation capacity */
+ uint64_t value; /*!< Key derivation integer for update*/
+ };
};
#endif /* RSS_CRYPTO_DEFS_H */
diff --git a/include/lib/psci/psci_lib.h b/include/lib/psci/psci_lib.h
index 4b244ec..c50f8cb 100644
--- a/include/lib/psci/psci_lib.h
+++ b/include/lib/psci/psci_lib.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -94,6 +94,7 @@
bool psci_is_last_on_cpu_safe(void);
bool psci_are_all_cpus_on_safe(void);
void psci_pwrdown_cpu(unsigned int power_level);
+void psci_do_manage_extensions(void);
#endif /* __ASSEMBLER__ */
diff --git a/include/lib/smccc.h b/include/lib/smccc.h
index 8fd6093..c493105 100644
--- a/include/lib/smccc.h
+++ b/include/lib/smccc.h
@@ -111,6 +111,8 @@
#define SMC_OK ULL(0)
#define SMC_UNK -1
#define SMC_PREEMPTED -2 /* Not defined by the SMCCC */
+#define SMC_DENIED -3 /* Not defined by the SMCCC */
+#define SMC_INVALID_PARAM -4 /* Not defined by the SMCCC */
/* Return codes for Arm Architecture Service SMC calls */
#define SMC_ARCH_CALL_SUCCESS 0
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index 54b184d..c3a88e7 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -150,10 +150,10 @@
#endif /* (SPD_tspd || SPD_opteed || SPD_spmd) && MEASURED_BOOT */
#if ENABLE_RME
-#define ARM_L1_GPT_ADDR_BASE (ARM_DRAM1_BASE + \
+#define ARM_L1_GPT_BASE (ARM_DRAM1_BASE + \
ARM_DRAM1_SIZE - \
ARM_L1_GPT_SIZE)
-#define ARM_L1_GPT_END (ARM_L1_GPT_ADDR_BASE + \
+#define ARM_L1_GPT_END (ARM_L1_GPT_BASE + \
ARM_L1_GPT_SIZE - 1U)
#define ARM_REALM_BASE (ARM_EL3_RMM_SHARED_BASE - \
@@ -343,7 +343,7 @@
#define ARM_MAP_GPT_L1_DRAM MAP_REGION_FLAT( \
- ARM_L1_GPT_ADDR_BASE, \
+ ARM_L1_GPT_BASE, \
ARM_L1_GPT_SIZE, \
MT_MEMORY | MT_RW | EL3_PAS)
@@ -422,7 +422,7 @@
* Map L0_GPT with read and write permissions
*/
#if ENABLE_RME
-#define ARM_MAP_L0_GPT_REGION MAP_REGION_FLAT(ARM_L0_GPT_ADDR_BASE, \
+#define ARM_MAP_L0_GPT_REGION MAP_REGION_FLAT(ARM_L0_GPT_BASE, \
ARM_L0_GPT_SIZE, \
MT_MEMORY | MT_RW | MT_ROOT)
#endif
@@ -533,8 +533,8 @@
* configuration memory, 4KB aligned.
*/
#define ARM_L0_GPT_SIZE (PAGE_SIZE)
-#define ARM_L0_GPT_ADDR_BASE (ARM_FW_CONFIGS_LIMIT)
-#define ARM_L0_GPT_LIMIT (ARM_L0_GPT_ADDR_BASE + ARM_L0_GPT_SIZE)
+#define ARM_L0_GPT_BASE (ARM_FW_CONFIGS_LIMIT)
+#define ARM_L0_GPT_LIMIT (ARM_L0_GPT_BASE + ARM_L0_GPT_SIZE)
#else
#define ARM_L0_GPT_SIZE U(0)
#endif
diff --git a/include/plat/arm/common/arm_sip_svc.h b/include/plat/arm/common/arm_sip_svc.h
index 266092e..a6fd42b 100644
--- a/include/plat/arm/common/arm_sip_svc.h
+++ b/include/plat/arm/common/arm_sip_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019,2021-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019,2021-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -42,6 +42,16 @@
#define ARM_SIP_SET_INTERRUPT_PENDING U(0x82000100)
#endif
+/**
+ * Arm SiP Service Call for the SPM to leverage RME to protect a give memory range.
+ * Protected memory range is one whose PAS was made secure.
+ * Unprotect relates to reverting a protect operation.
+ */
+#if SPMD_SPM_AT_SEL2 && ENABLE_RME
+#define PLAT_PROTECT_MEM_SMC64 0xC2000101
+#define PLAT_UNPROTECT_MEM_SMC64 0xC2000102
+#endif
+
/* SiP handler specific to each Arm platform. */
uintptr_t plat_arm_sip_handler(uint32_t smc_fid,
u_register_t x1,
diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h
index 0fb06a6..4c425a7 100644
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,7 @@
#include <lib/bakery_lock.h>
#include <lib/cassert.h>
#include <lib/el3_runtime/cpu_data.h>
+#include <lib/gpt_rme/gpt_rme.h>
#include <lib/spinlock.h>
#include <lib/utils_def.h>
#include <lib/xlat_tables/xlat_tables_compat.h>
@@ -31,6 +32,17 @@
unsigned int nsaid_permissions;
} arm_tzc_regions_info_t;
+typedef struct arm_gpt_info {
+ pas_region_t *pas_region_base;
+ unsigned int pas_region_count;
+ uintptr_t l0_base;
+ uintptr_t l1_base;
+ size_t l0_size;
+ size_t l1_size;
+ gpccr_pps_e pps;
+ gpccr_pgs_e pgs;
+} arm_gpt_info_t;
+
/*******************************************************************************
* Default mapping definition of the TrustZone Controller for ARM standard
* platforms.
@@ -362,6 +374,9 @@
unsigned int plat_arm_calc_core_pos(u_register_t mpidr);
const mmap_region_t *plat_arm_get_mmap(void);
+const arm_gpt_info_t *plat_arm_get_gpt_info(void);
+void arm_gpt_setup(void);
+
/* Allow platform to override psci_pm_ops during runtime */
const plat_psci_ops_t *plat_arm_psci_override_pm_ops(plat_psci_ops_t *ops);
diff --git a/include/plat/arm/css/common/css_def.h b/include/plat/arm/css/common/css_def.h
index f87f857..0aea548 100644
--- a/include/plat/arm/css/common/css_def.h
+++ b/include/plat/arm/css/common/css_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -75,6 +75,7 @@
* The SCMI Channel is placed right after the SDS region
*/
#define CSS_SCMI_PAYLOAD_BASE (PLAT_ARM_SDS_MEM_BASE + PLAT_ARM_SDS_MEM_SIZE_MAX)
+#define CSS_SCMI_PAYLOAD_SIZE_MAX 0x100 /* 2x128 bytes for bidirectional communication */
#define CSS_SCMI_MHU_DB_REG_OFF MHU_CPU_INTR_S_SET_OFFSET
/* Trusted mailbox base address common to all CSS */
diff --git a/include/services/oem/chromeos/widevine_smc_handlers.h b/include/services/oem/chromeos/widevine_smc_handlers.h
new file mode 100644
index 0000000..a5251d7
--- /dev/null
+++ b/include/services/oem/chromeos/widevine_smc_handlers.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2024, The ChromiumOS Authors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CROS_WIDEVINE_SMC_HANDLERS_H
+#define CROS_WIDEVINE_SMC_HANDLERS_H
+
+#include <lib/smccc.h>
+
+/*******************************************************************************
+ * Defines for CrOS OEM Service queries
+ ******************************************************************************/
+
+/* 0xC300C050 - 0xC300C05F are CrOS OEM service calls */
+#define CROS_OEM_SMC_ID 0xC050
+#define CROS_OEM_SMC_CALL_ID(func_num) \
+ ((SMC_TYPE_FAST << FUNCID_TYPE_SHIFT) | \
+ ((SMC_64) << FUNCID_CC_SHIFT) | (OEN_OEM_START << FUNCID_OEN_SHIFT) | \
+ (CROS_OEM_SMC_ID) | ((func_num) & FUNCID_NUM_MASK))
+
+enum cros_drm_set {
+ CROS_DRM_SET_TPM_AUTH_PUB = 0U,
+ CROS_DRM_SET_HARDWARE_UNIQUE_KEY = 1U,
+ CROS_DRM_SET_ROOT_OF_TRUST = 2U,
+};
+
+/*******************************************************************************
+ * Defines for runtime services func ids
+ ******************************************************************************/
+
+/* Sets the TPM auth public key. The maximum size is 128 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_TPM_AUTH_PUB_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_TPM_AUTH_PUB)
+
+/* Sets the hardware unique key. The maximum size is 32 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_HARDWARE_UNIQUE_KEY_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_HARDWARE_UNIQUE_KEY)
+
+/* Sets the widevine root of trust. The maximum size is 32 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_ROOT_OF_TRUST_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_ROOT_OF_TRUST)
+
+#define is_cros_oem_smc(_call_id) (((_call_id) & 0xFFF0U) == CROS_OEM_SMC_ID)
+
+struct cros_oem_data {
+ uint8_t *buffer;
+ const uint32_t max_length;
+ uint32_t length;
+};
+
+extern struct cros_oem_data cros_oem_tpm_auth_pk;
+
+extern struct cros_oem_data cros_oem_huk;
+
+extern struct cros_oem_data cros_oem_rot;
+
+#endif /* CROS_WIDEVINE_SMC_HANDLERS_H */
diff --git a/include/services/spmd_svc.h b/include/services/spmd_svc.h
index 29dfdad..95f0707 100644
--- a/include/services/spmd_svc.h
+++ b/include/services/spmd_svc.h
@@ -34,7 +34,8 @@
uint64_t x2,
uint64_t x3,
uint64_t x4,
- void *handle);
+ void *handle,
+ uint64_t flags);
#endif /* __ASSEMBLER__ */
#endif /* SPMD_SVC_H */
diff --git a/lib/cpus/aarch64/cortex_a715.S b/lib/cpus/aarch64/cortex_a715.S
index dd4c307..0faa276 100644
--- a/lib/cpus/aarch64/cortex_a715.S
+++ b/lib/cpus/aarch64/cortex_a715.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -26,6 +26,12 @@
wa_cve_2022_23960_bhb_vector_table CORTEX_A715_BHB_LOOP_COUNT, cortex_a715
#endif /* WORKAROUND_CVE_2022_23960 */
+workaround_runtime_start cortex_a715, ERRATUM(2561034), ERRATA_A715_2561034
+ sysreg_bit_set CORTEX_A715_CPUACTLR2_EL1, BIT(26)
+workaround_runtime_end cortex_a715, ERRATUM(2561034), NO_ISB
+
+check_erratum_range cortex_a715, ERRATUM(2561034), CPU_REV(1, 0), CPU_REV(1, 0)
+
workaround_reset_start cortex_a715, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
/*
diff --git a/lib/cpus/aarch64/cortex_a78c.S b/lib/cpus/aarch64/cortex_a78c.S
index 2e6e8b6..0dc34f7 100644
--- a/lib/cpus/aarch64/cortex_a78c.S
+++ b/lib/cpus/aarch64/cortex_a78c.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -72,6 +72,19 @@
check_erratum_range cortex_a78c, ERRATUM(2395411), CPU_REV(0, 1), CPU_REV(0, 2)
+workaround_reset_start cortex_a78c, ERRATUM(2683027), ERRATA_A78C_2683027
+ ldr x0, =0x3
+ msr CORTEX_A78C_IMP_CPUPSELR_EL3, x0
+ ldr x0, =0xEE010F10
+ msr CORTEX_A78C_IMP_CPUPOR_EL3, x0
+ ldr x0, =0xFF1F0FFE
+ msr CORTEX_A78C_IMP_CPUPMR_EL3, x0
+ ldr x0, =0x100000004003FF
+ msr CORTEX_A78C_IMP_CPUPCR_EL3, x0
+workaround_reset_end cortex_a78c, ERRATUM(2683027)
+
+check_erratum_range cortex_a78c, ERRATUM(2683027), CPU_REV(0, 1), CPU_REV(0, 2)
+
workaround_reset_start cortex_a78c, ERRATUM(2743232), ERRATA_A78C_2743232
/* Set CPUACTLR5_EL1[56:55] to 2'b01 */
sysreg_bit_set CORTEX_A78C_ACTLR5_EL1, BIT(55)
diff --git a/lib/cpus/aarch64/cortex_x3.S b/lib/cpus/aarch64/cortex_x3.S
index 7e9a7fc..e5a05fc 100644
--- a/lib/cpus/aarch64/cortex_x3.S
+++ b/lib/cpus/aarch64/cortex_x3.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -33,6 +33,18 @@
check_erratum_ls cortex_x3, ERRATUM(2070301), CPU_REV(1, 2)
+workaround_reset_start cortex_x3, ERRATUM(2266875), ERRATA_X3_2266875
+ sysreg_bit_set CORTEX_X3_CPUACTLR_EL1, BIT(22)
+workaround_reset_end cortex_x3, ERRATUM(2266875)
+
+check_erratum_ls cortex_x3, ERRATUM(2266875), CPU_REV(1, 0)
+
+workaround_runtime_start cortex_x3, ERRATUM(2302506), ERRATA_X3_2302506
+ sysreg_bit_set CORTEX_X3_CPUACTLR2_EL1, BIT(0)
+workaround_runtime_end cortex_x3, ERRATUM(2302506), NO_ISB
+
+check_erratum_ls cortex_x3, ERRATUM(2302506), CPU_REV(1, 1)
+
workaround_runtime_start cortex_x3, ERRATUM(2313909), ERRATA_X3_2313909
sysreg_bit_set CORTEX_X3_CPUACTLR2_EL1, CORTEX_X3_CPUACTLR2_EL1_BIT_36
workaround_runtime_end cortex_x3, ERRATUM(2313909), NO_ISB
@@ -49,6 +61,12 @@
check_erratum_ls cortex_x3, ERRATUM(2615812), CPU_REV(1, 1)
+workaround_runtime_start cortex_x3, ERRATUM(2641945), ERRATA_X3_2641945
+ sysreg_bit_set CORTEX_X3_CPUACTLR6_EL1, BIT(41)
+workaround_runtime_end cortex_x3, ERRATUM(2641945), NO_ISB
+
+check_erratum_ls cortex_x3, ERRATUM(2641945), CPU_REV(1, 0)
+
workaround_reset_start cortex_x3, ERRATUM(2742421), ERRATA_X3_2742421
/* Set CPUACTLR5_EL1[56:55] to 2'b01 */
sysreg_bit_set CORTEX_X3_CPUACTLR5_EL1, CORTEX_X3_CPUACTLR5_EL1_BIT_55
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 0ad5e78..dcbeba1 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
# Copyright (c) 2020-2022, NVIDIA Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
@@ -388,6 +388,10 @@
# to revisions r0p1 and r0p2 of the A78C cpu. It is still open.
CPU_FLAG_LIST += ERRATA_A78C_2395411
+# Flag to apply erratum 2683027 workaround during reset. This erratum applies
+# to revisions r0p1 and r0p2 of the A78C cpu. It is still open.
+CPU_FLAG_LIST += ERRATA_A78C_2683027
+
# Flag to apply erratum 2712575 workaround for non-arm interconnect ip. This
# erratum applies to revisions r0p1 and r0p2 of the A78C cpu.
# It is still open.
@@ -774,6 +778,14 @@
# still open.
CPU_FLAG_LIST += ERRATA_X3_2070301
+# Flag to apply erratum 2266875 workaround during reset. This erratum applies
+# to revisions r0p0 and r1p0 of the Cortex-X3 cpu, it is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_X3_2266875
+
+# Flag to apply erratum 2302506 workaround during reset. This erratum applies
+# to revisions r0p0, r1p0 and r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
+CPU_FLAG_LIST += ERRATA_X3_2302506
+
# Flag to apply erratum 2313909 workaround on powerdown. This erratum applies
# to revisions r0p0 and r1p0 of the Cortex-X3 cpu, it is fixed in r1p1.
CPU_FLAG_LIST += ERRATA_X3_2313909
@@ -782,6 +794,10 @@
# to revisions r0p0, r1p0, r1p1 of the Cortex-X3 cpu, it is still open.
CPU_FLAG_LIST += ERRATA_X3_2615812
+# Flag to apply erratum 2641945 workaround on reset. This erratum applies
+# to revisions r0p0 and r1p0 of the Cortex-X3 cpu, it is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_X3_2641945
+
# Flag to apply erratum 2742421 workaround on reset. This erratum applies
# to revisions r0p0, r1p0 and r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_X3_2742421
@@ -887,6 +903,10 @@
# This erratum applies to revisions r0p0, r0p1. Fixed in r0p2.
CPU_FLAG_LIST += ERRATA_V2_2801372
+# Flag to apply erratum 2561034 workaround during reset. This erratum applies
+# only to revision r1p0. It is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_A715_2561034
+
# Flag to apply erratum 2701951 workaround for non-arm interconnect ip.
# This erratum applies to revisions r0p0, r1p0, and r1p1. Its is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_A715_2701951
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index 389c086..176308e 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -107,7 +107,12 @@
#endif /* NS_TIMER_SWITCH */
/* Save MTE system registers if the build has instructed so */
-#if CTX_INCLUDE_MTE_REGS
+#if ENABLE_FEAT_MTE
+#if ENABLE_FEAT_MTE == 2
+ mrs x8, id_aa64pfr1_el1
+ and x8, x8, #(ID_AA64PFR1_EL1_MTE_MASK << ID_AA64PFR1_EL1_MTE_SHIFT)
+ cbz x8, no_mte_save
+#endif
mrs x15, TFSRE0_EL1
mrs x16, TFSR_EL1
stp x15, x16, [x0, #CTX_TFSRE0_EL1]
@@ -115,7 +120,9 @@
mrs x9, RGSR_EL1
mrs x10, GCR_EL1
stp x9, x10, [x0, #CTX_RGSR_EL1]
-#endif /* CTX_INCLUDE_MTE_REGS */
+
+no_mte_save:
+#endif /* ENABLE_FEAT_MTE */
ret
endfunc el1_sysregs_context_save
@@ -206,7 +213,13 @@
#endif /* NS_TIMER_SWITCH */
/* Restore MTE system registers if the build has instructed so */
-#if CTX_INCLUDE_MTE_REGS
+#if ENABLE_FEAT_MTE
+#if ENABLE_FEAT_MTE == 2
+ mrs x8, id_aa64pfr1_el1
+ and x8, x8, #(ID_AA64PFR1_EL1_MTE_MASK << ID_AA64PFR1_EL1_MTE_SHIFT)
+ cbz x8, no_mte_restore
+#endif
+
ldp x11, x12, [x0, #CTX_TFSRE0_EL1]
msr TFSRE0_EL1, x11
msr TFSR_EL1, x12
@@ -214,7 +227,9 @@
ldp x13, x14, [x0, #CTX_RGSR_EL1]
msr RGSR_EL1, x13
msr GCR_EL1, x14
-#endif /* CTX_INCLUDE_MTE_REGS */
+
+no_mte_restore:
+#endif /* ENABLE_FEAT_MTE */
/* No explict ISB required here as ERET covers it */
ret
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 9ba4d09..c3b7e78 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2022, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -123,22 +123,10 @@
scr_el3 |= get_scr_el3_from_routing_model(SECURE);
#endif
-#if !CTX_INCLUDE_MTE_REGS || ENABLE_ASSERTIONS
- /* Get Memory Tagging Extension support level */
- unsigned int mte = get_armv8_5_mte_support();
-#endif
- /*
- * Allow access to Allocation Tags when CTX_INCLUDE_MTE_REGS
- * is set, or when MTE is only implemented at EL0.
- */
-#if CTX_INCLUDE_MTE_REGS
- assert((mte == MTE_IMPLEMENTED_ELX) || (mte == MTE_IMPLEMENTED_ASY));
- scr_el3 |= SCR_ATA_BIT;
-#else
- if (mte == MTE_IMPLEMENTED_EL0) {
+ /* Allow access to Allocation Tags when mte is set*/
+ if (is_feat_mte_supported()) {
scr_el3 |= SCR_ATA_BIT;
}
-#endif /* CTX_INCLUDE_MTE_REGS */
write_ctx_reg(state, CTX_SCR_EL3, scr_el3);
@@ -180,6 +168,7 @@
scr_el3 |= SCR_NS_BIT | SCR_NSE_BIT;
+ /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
/* Enable access to the SCXTNUM_ELx registers. */
scr_el3 |= SCR_EnSCXT_BIT;
@@ -248,6 +237,7 @@
scr_el3 |= SCR_TERR_BIT;
#endif
+ /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
/* Enable access to the SCXTNUM_ELx registers. */
scr_el3 |= SCR_EnSCXT_BIT;
@@ -1267,9 +1257,10 @@
el2_sysregs_ctx = get_el2_sysregs_ctx(ctx);
el2_sysregs_context_save_common(el2_sysregs_ctx);
-#if CTX_INCLUDE_MTE_REGS
- write_ctx_reg(el2_sysregs_ctx, CTX_TFSR_EL2, read_tfsr_el2());
-#endif
+
+ if (is_feat_mte2_supported()) {
+ write_ctx_reg(el2_sysregs_ctx, CTX_TFSR_EL2, read_tfsr_el2());
+ }
#if CTX_INCLUDE_MPAM_REGS
if (is_feat_mpam_supported()) {
@@ -1304,6 +1295,7 @@
write_ctx_reg(el2_sysregs_ctx, CTX_TRFCR_EL2, read_trfcr_el2());
}
+ /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
write_ctx_reg(el2_sysregs_ctx, CTX_SCXTNUM_EL2, read_scxtnum_el2());
}
@@ -1344,9 +1336,10 @@
el2_sysregs_ctx = get_el2_sysregs_ctx(ctx);
el2_sysregs_context_restore_common(el2_sysregs_ctx);
-#if CTX_INCLUDE_MTE_REGS
- write_tfsr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TFSR_EL2));
-#endif
+
+ if (is_feat_mte2_supported()) {
+ write_tfsr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TFSR_EL2));
+ }
#if CTX_INCLUDE_MPAM_REGS
if (is_feat_mpam_supported()) {
@@ -1380,6 +1373,7 @@
write_trfcr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TRFCR_EL2));
}
+ /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
write_scxtnum_el2(read_ctx_reg(el2_sysregs_ctx, CTX_SCXTNUM_EL2));
}
diff --git a/lib/extensions/spe/spe.c b/lib/extensions/spe/spe.c
index 2c25a9d..d1fb182 100644
--- a/lib/extensions/spe/spe.c
+++ b/lib/extensions/spe/spe.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,14 @@
#include <lib/el3_runtime/pubsub.h>
#include <lib/extensions/spe.h>
+#include <plat/common/platform.h>
+
+typedef struct spe_ctx {
+ u_register_t pmblimitr_el1;
+} spe_ctx_t;
+
+static struct spe_ctx spe_ctxs[PLATFORM_CORE_COUNT];
+
static inline void psb_csync(void)
{
/*
@@ -89,4 +97,35 @@
return (void *)0;
}
+static void *spe_context_save(const void *arg)
+{
+ unsigned int core_pos;
+ struct spe_ctx *ctx;
+
+ if (is_feat_spe_supported()) {
+ core_pos = plat_my_core_pos();
+ ctx = &spe_ctxs[core_pos];
+ ctx->pmblimitr_el1 = read_pmblimitr_el1();
+ }
+
+ return NULL;
+}
+
+static void *spe_context_restore(const void *arg)
+{
+ unsigned int core_pos;
+ struct spe_ctx *ctx;
+
+ if (is_feat_spe_supported()) {
+ core_pos = plat_my_core_pos();
+ ctx = &spe_ctxs[core_pos];
+ write_pmblimitr_el1(ctx->pmblimitr_el1);
+ }
+
+ return NULL;
+}
+
SUBSCRIBE_TO_EVENT(cm_entering_secure_world, spe_drain_buffers_hook);
+
+SUBSCRIBE_TO_EVENT(psci_suspend_pwrdown_start, spe_context_save);
+SUBSCRIBE_TO_EVENT(psci_suspend_pwrdown_finish, spe_context_restore);
diff --git a/lib/libc/libc.mk b/lib/libc/libc.mk
index 95da68c..03e1fb3 100644
--- a/lib/libc/libc.mk
+++ b/lib/libc/libc.mk
@@ -1,42 +1,11 @@
#
-# Copyright (c) 2016-2021, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-
-LIBC_SRCS := $(addprefix lib/libc/, \
- abort.c \
- assert.c \
- exit.c \
- memchr.c \
- memcmp.c \
- memcpy.c \
- memcpy_s.c \
- memmove.c \
- memrchr.c \
- memset.c \
- printf.c \
- putchar.c \
- puts.c \
- snprintf.c \
- strchr.c \
- strcmp.c \
- strlcat.c \
- strlcpy.c \
- strlen.c \
- strncmp.c \
- strnlen.c \
- strrchr.c \
- strtok.c \
- strtoul.c \
- strtoll.c \
- strtoull.c \
- strtol.c)
+#
-ifeq (${ARCH},aarch64)
-LIBC_SRCS += $(addprefix lib/libc/aarch64/, \
- setjmp.S)
-endif
+include lib/libc/libc_common.mk
-INCLUDES += -Iinclude/lib/libc \
- -Iinclude/lib/libc/$(ARCH) \
+LIBC_SRCS += $(addprefix lib/libc/, \
+ memset.c)
diff --git a/lib/libc/libc_asm.mk b/lib/libc/libc_asm.mk
index 2f27265..6d9bb9d 100644
--- a/lib/libc/libc_asm.mk
+++ b/lib/libc/libc_asm.mk
@@ -1,44 +1,15 @@
#
-# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-LIBC_SRCS := $(addprefix lib/libc/, \
- abort.c \
- assert.c \
- exit.c \
- memchr.c \
- memcmp.c \
- memcpy.c \
- memmove.c \
- memrchr.c \
- printf.c \
- putchar.c \
- puts.c \
- snprintf.c \
- strchr.c \
- strcmp.c \
- strlcat.c \
- strlcpy.c \
- strlen.c \
- strncmp.c \
- strnlen.c \
- strrchr.c \
- strtok.c \
- strtoul.c \
- strtoll.c \
- strtoull.c \
- strtol.c)
+include lib/libc/libc_common.mk
ifeq (${ARCH},aarch64)
LIBC_SRCS += $(addprefix lib/libc/aarch64/, \
- memset.S \
- setjmp.S)
+ memset.S)
else
LIBC_SRCS += $(addprefix lib/libc/aarch32/, \
memset.S)
endif
-
-INCLUDES += -Iinclude/lib/libc \
- -Iinclude/lib/libc/$(ARCH) \
diff --git a/lib/libc/libc_common.mk b/lib/libc/libc_common.mk
new file mode 100644
index 0000000..4879818
--- /dev/null
+++ b/lib/libc/libc_common.mk
@@ -0,0 +1,42 @@
+#
+# Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+LIBC_SRCS := $(addprefix lib/libc/, \
+ abort.c \
+ assert.c \
+ exit.c \
+ memchr.c \
+ memcmp.c \
+ memcpy.c \
+ memcpy_s.c \
+ memmove.c \
+ memrchr.c \
+ printf.c \
+ putchar.c \
+ puts.c \
+ snprintf.c \
+ strchr.c \
+ strcmp.c \
+ strlcat.c \
+ strlcpy.c \
+ strlen.c \
+ strncmp.c \
+ strnlen.c \
+ strrchr.c \
+ strtok.c \
+ strtoul.c \
+ strtoll.c \
+ strtoull.c \
+ strtol.c)
+
+ifeq (${ARCH},aarch64)
+LIBC_SRCS += $(addprefix lib/libc/aarch64/, \
+ setjmp.S)
+endif
+
+INCLUDES += -Iinclude/lib/libc \
+ -Iinclude/lib/libc/$(ARCH) \
+
diff --git a/lib/psci/psci_common.c b/lib/psci/psci_common.c
index f9de432..41c7919 100644
--- a/lib/psci/psci_common.c
+++ b/lib/psci/psci_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,12 +8,14 @@
#include <string.h>
#include <arch.h>
+#include <arch_features.h>
#include <arch_helpers.h>
#include <common/bl_common.h>
#include <common/debug.h>
#include <context.h>
#include <drivers/delay_timer.h>
#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/extensions/spe.h>
#include <lib/utils.h>
#include <plat/common/platform.h>
@@ -1164,6 +1166,8 @@
******************************************************************************/
void psci_pwrdown_cpu(unsigned int power_level)
{
+ psci_do_manage_extensions();
+
#if HW_ASSISTED_COHERENCY
/*
* With hardware-assisted coherency, the CPU drivers only initiate the
@@ -1283,3 +1287,20 @@
return true;
}
+
+/*******************************************************************************
+ * This function performs architectural feature specific management.
+ * It ensures the architectural features are disabled during cpu
+ * power off/suspend operations.
+ ******************************************************************************/
+void psci_do_manage_extensions(void)
+{
+ /*
+ * On power down we need to disable statistical profiling extensions
+ * before exiting coherency.
+ */
+ if (is_feat_spe_supported()) {
+ spe_disable();
+ }
+
+}
diff --git a/lib/romlib/Makefile b/lib/romlib/Makefile
index c3ddc5a..3b62aaa 100644
--- a/lib/romlib/Makefile
+++ b/lib/romlib/Makefile
@@ -1,14 +1,14 @@
#
-# Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-AS = $(CROSS_COMPILE)as
-AR = $(CROSS_COMPILE)ar
+AS = $(CROSS_COMPILE)gcc
+AR = $(CROSS_COMPILE)gcc-ar
LD = $(CROSS_COMPILE)ld
OC = $(CROSS_COMPILE)objcopy
-CPP = $(CROSS_COMPILE)cpp
+CPP = $(CROSS_COMPILE)gcc -E
ROMLIB_GEN = ./romlib_generator.py
BUILD_DIR = $(BUILD_PLAT)/romlib
LIB_DIR = $(BUILD_PLAT)/lib
@@ -48,11 +48,11 @@
%.o: %.s
@echo " AS $@"
- $(Q)$(AS) $(ASFLAGS) -o $@ $<
+ $(Q)$(AS) -c $(ASFLAGS) -o $@ $<
$(BUILD_DIR)/%.o: %.s
@echo " AS $@"
- $(Q)$(AS) $(ASFLAGS) -o $@ $<
+ $(Q)$(AS) -c $(ASFLAGS) -o $@ $<
$(BUILD_DIR)/romlib.ld: romlib.ld.S
@echo " PP $@"
diff --git a/make_helpers/arch_features.mk b/make_helpers/arch_features.mk
index a337e76..643d550 100644
--- a/make_helpers/arch_features.mk
+++ b/make_helpers/arch_features.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+# Copyright (c) 2022-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -8,65 +8,129 @@
# and enables them based on the configured architecture version.
# This file follows the following format:
-# - Enable mandatory feature if applicable to an Arch Version.
+# - Enable mandatory feature if not updated, as applicable to an Arch Version.
# - By default disable any mandatory features if they have not been defined yet.
# - Disable or enable any optional feature this would be enabled/disabled if needed by platform.
#
################################################################################
-# Enable Mandatory features based on Arch versions.
+# Enable Mandatory features if not updated yet, based on Arch versions.
################################################################################
#
# Enable the features which are mandatory from ARCH version 8.1 and upwards.
ifeq "8.1" "$(word 1, $(sort 8.1 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_PAN := 1
-ENABLE_FEAT_VHE := 1
+armv8-1-a-feats := ENABLE_FEAT_PAN ENABLE_FEAT_VHE
+
+FEAT_LIST := ${armv8-1-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.2 and upwards.
ifeq "8.2" "$(word 1, $(sort 8.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_RAS := 1
+armv8-2-a-feats := ENABLE_FEAT_RAS
+# 8.1 Compliant
+armv8-2-a-feats += ${armv8-1-a-feats}
+
+FEAT_LIST := ${armv8-2-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 8.3 and upwards.
+ifeq "8.3" "$(word 1, $(sort 8.3 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.2 Compliant
+armv8-3-a-feats += ${armv8-2-a-feats}
+
+FEAT_LIST := ${armv8-3-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.4 and upwards.
ifeq "8.4" "$(word 1, $(sort 8.4 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_SEL2 := 1
-ENABLE_TRF_FOR_NS := 1
-ENABLE_FEAT_DIT := 1
+armv8-4-a-feats := ENABLE_FEAT_SEL2 ENABLE_TRF_FOR_NS ENABLE_FEAT_DIT
+# 8.3 Compliant
+armv8-4-a-feats += ${armv8-3-a-feats}
+
+FEAT_LIST := ${armv8-4-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.5 and upwards.
ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_RNG := 1
-ENABLE_FEAT_SB := 1
+armv8-5-a-feats := ENABLE_FEAT_RNG ENABLE_FEAT_SB
+# 8.4 Compliant
+armv8-5-a-feats += ${armv8-4-a-feats}
+FEAT_LIST := ${armv8-5-a-feats}
# Enable Memory tagging, Branch Target Identification for aarch64 only.
ifeq ($(ARCH), aarch64)
- mem_tag_arch_support := yes
+ mem_tag_arch_support ?= yes
endif #(ARCH=aarch64)
endif
# Enable the features which are mandatory from ARCH version 8.6 and upwards.
ifeq "8.6" "$(word 1, $(sort 8.6 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_ECV := 1
-ENABLE_FEAT_FGT := 1
+armv8-6-a-feats := ENABLE_FEAT_ECV ENABLE_FEAT_FGT
+# 8.5 Compliant
+armv8-6-a-feats += ${armv8-5-a-feats}
+FEAT_LIST := ${armv8-6-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.7 and upwards.
ifeq "8.7" "$(word 1, $(sort 8.7 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_HCX := 1
+armv8-7-a-feats := ENABLE_FEAT_HCX
+# 8.6 Compliant
+armv8-7-a-feats += ${armv8-6-a-feats}
+FEAT_LIST := ${armv8-7-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 8.8 and upwards.
+ifeq "8.8" "$(word 1, $(sort 8.8 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.7 Compliant
+armv8-7-a-feats += ${armv8-7-a-feats}
+FEAT_LIST := ${armv8-8-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.9 and upwards.
ifeq "8.9" "$(word 1, $(sort 8.9 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_TCR2 := 1
+armv8-9-a-feats := ENABLE_FEAT_TCR2
+# 8.8 Compliant
+armv8-9-a-feats += ${armv8-8-a-feats}
+FEAT_LIST := ${armv8-9-a-feats}
endif
+# Enable the features which are mandatory from ARCH version 9.0 and upwards.
+ifeq "9.0" "$(word 1, $(sort 9.0 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.5 Compliant
+armv9-0-a-feats += ${armv8-5-a-feats}
+FEAT_LIST := ${armv9-0-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 9.1 and upwards.
+ifeq "9.1" "$(word 1, $(sort 9.1 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.6 and 9.0 Compliant
+armv9-1-a-feats += ${armv8-6-a-feats} ${armv9-0-a-feats}
+FEAT_LIST := ${armv9-1-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 9.2 and upwards.
+ifeq "9.2" "$(word 1, $(sort 9.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.7 and 9.1 Compliant
+armv9-2-a-feats += ${armv8-7-a-feats} ${armv9-1-a-feats}
+FEAT_LIST := ${armv9-2-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 9.3 and upwards.
+ifeq "9.3" "$(word 1, $(sort 9.3 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.8 and 9.2 Compliant
+armv9-3-a-feats += ${armv8-8-a-feats} ${armv9-2-a-feats}
+FEAT_LIST := ${armv9-3-a-feats}
+endif
+
+# Set all FEAT_* in FEAT_LIST to '1' if they are not yet defined or set
+# from build commandline options or platform makefile.
+$(eval $(call default_ones, ${sort ${FEAT_LIST}}))
+
#
################################################################################
-# Set mandatory features by default to zero.
+# Set mandatory features by default to zero, if they are not already updated.
################################################################################
#
@@ -169,6 +233,10 @@
# Flag to enable CSV2_2 extension.
ENABLE_FEAT_CSV2_2 ?= 0
+# Flag to enable CSV2_3 extension. FEAT_CSV2_3 enables access to the
+# SCXTNUM_ELx register.
+ENABLE_FEAT_CSV2_3 ?= 0
+
# By default, disable access of trace system registers from NS lower
# ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused if
# system register trace is implemented. This feature is available if
@@ -239,10 +307,27 @@
# registers, by setting SCR_EL3.TRNDR.
ENABLE_FEAT_RNG_TRAP ?= 0
+# Enable Memory Tagging Extension. This must be set to 1 if the platform wants
+# to use this feature in the Secure world and MTE is enabled at ELX.
+ifeq ($(CTX_INCLUDE_MTE_REGS),1)
+ $(warning CTX_INCLUDE_MTE_REGS option is deprecated use ENABLE_FEAT_MTE, Enabling ENABLE_FEAT_MTE)
+ ENABLE_FEAT_MTE ?= 1
+endif
+ifeq (${ARCH},aarch32)
+ ifneq ($(or $(ENABLE_FEAT_MTE),0),0)
+ $(error ENABLE_FEAT_MTE is not supported for AArch32)
+ endif
+endif
+ENABLE_FEAT_MTE ?= 0
+ENABLE_FEAT_MTE2 ?= 0
+
-# Include Memory Tagging Extension registers in cpu context. This must be set
-# to 1 if the platform wants to use this feature in the Secure world and MTE is
-# enabled at ELX.
-CTX_INCLUDE_MTE_REGS ?= 0
+
+# Add a error message to indicate incorrect MTE2 selection without MTE enabled.
+ifneq ($(ENABLE_FEAT_MTE2),0)
+ ifeq ($(ENABLE_FEAT_MTE),0)
+ $(error ENABLE_FEAT_MTE2 is not supported without enabling ENABLE_FEAT_MTE)
+ endif
+endif
#----
# 8.6
@@ -286,9 +371,6 @@
# 9.0
#----
-# Flag to enable Realm Management Extension (FEAT_RME).
-ENABLE_RME ?= 0
-
# Scalable Matrix Extension for non-secure world.
ENABLE_SME_FOR_NS ?= 0
@@ -314,6 +396,9 @@
# 9.2
#----
+# Flag to enable Realm Management Extension (FEAT_RME).
+ENABLE_RME ?= 0
+
# Scalable Matrix Extension version 2 for non-secure world.
ENABLE_SME2_FOR_NS ?= 0
diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk
index 08a6046..6edc2d6 100644
--- a/make_helpers/build_macros.mk
+++ b/make_helpers/build_macros.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -50,6 +50,18 @@
$(foreach var,$1,$(eval $(call default_zero,$(var))))
endef
+# Convenience function for setting a variable to 1 if not previously set
+# $(eval $(call default_one,FOO))
+define default_one
+ $(eval $(1) ?= 1)
+endef
+
+# Convenience function for setting a list of variables to 1 if not previously set
+# $(eval $(call default_ones,FOO BAR))
+define default_ones
+ $(foreach var,$1,$(eval $(call default_one,$(var))))
+endef
+
# Convenience function for adding build definitions
# $(eval $(call add_define,FOO)) will have:
# -DFOO if $(FOO) is empty; -DFOO=$(FOO) otherwise
@@ -101,9 +113,7 @@
# Convenience function to check for a given linker option. An call to
# $(call ld_option, --no-XYZ) will return --no-XYZ if supported by the linker
-define ld_option
- $(shell if $(LD) $(1) -v >/dev/null 2>&1; then echo $(1); fi )
-endef
+ld_option = $(shell $(LD) $(1) -Wl,--version >/dev/null 2>&1 || $(LD) $(1) -v >/dev/null 2>&1 && echo $(1))
# Convenience function to check for a given compiler option. A call to
# $(call cc_option, --no-XYZ) will return --no-XYZ if supported by the compiler
@@ -658,7 +668,7 @@
$(DOBJ): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | fdt_dirs
$${ECHO} " CPP $$<"
$(eval DTBS := $(addprefix $(1)/,$(call SOURCES_TO_DTBS,$(2))))
- $$(Q)$$(PP) $$(DTC_CPPFLAGS) -MT $(DTBS) -MMD -MF $(DTSDEP) -o $(DPRE) $$<
+ $$(Q)$$(CPP) $$(DTC_CPPFLAGS) -MT $(DTBS) -MMD -MF $(DTSDEP) -o $(DPRE) $$<
$${ECHO} " DTC $$<"
$$(Q)$$(DTC) $$(DTC_FLAGS) -d $(DTBDEP) -o $$@ $(DPRE)
diff --git a/make_helpers/march.mk b/make_helpers/march.mk
index 2417709..1b73969 100644
--- a/make_helpers/march.mk
+++ b/make_helpers/march.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023, Arm Limited. All rights reserved.
+# Copyright (c) 2023-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -82,4 +82,13 @@
march-directive := -march=${provided-march}
+# Set the compiler's architecture feature modifiers
+ifneq ($(arch-features), none)
+ # Strip "none+" from arch-features
+ arch-features := $(subst none+,,$(arch-features))
+ march-directive := $(march-directive)+$(arch-features)
+# Print features
+ $(info Arm Architecture Features specified: $(subst +, ,$(arch-features)))
+endif #(arch-features)
+
endif # MARCH_DIRECTIVE
diff --git a/plat/arm/board/arm_fpga/fpga_def.h b/plat/arm/board/arm_fpga/fpga_def.h
index 2884ea6..5e3a0a9 100644
--- a/plat/arm/board/arm_fpga/fpga_def.h
+++ b/plat/arm/board/arm_fpga/fpga_def.h
@@ -21,7 +21,7 @@
#define FPGA_MAX_CLUSTER_COUNT 4
#define FPGA_MAX_CPUS_PER_CLUSTER 8
-#define FPGA_MAX_PE_PER_CPU 4
+#define FPGA_MAX_PE_PER_CPU 2
#define FPGA_PRIMARY_CPU 0x0
/*******************************************************************************
diff --git a/plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c b/plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c
new file mode 100644
index 0000000..5324fec
--- /dev/null
+++ b/plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <inttypes.h>
+#include <stdint.h>
+
+#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/extensions/ras.h>
+
+#include <plat/common/platform.h>
+#include <services/el3_spmd_logical_sp.h>
+#include <services/ffa_svc.h>
+#include <services/sdei.h>
+
+
+#define CACTUS_SP_RAS_DELEGATE_CMD 0x72617365
+#define EVENT_NOTIFY_OS_RAS_ERROR U(5000)
+
+/*
+ * Note: Typical RAS error handling flow with Firmware First Handling
+ *
+ * Step 1: Exception resulting from a RAS error in the normal world is routed to
+ * EL3.
+ * Step 2: This exception is typically signaled as either a synchronous external
+ * abort or SError or interrupt. TF-A (EL3 firmware) delegates the
+ * control to platform specific handler built on top of the RAS helper
+ * utilities.
+ * Step 3: With the help of a Logical Secure Partition, TF-A sends a direct
+ * message to dedicated S-EL0 (or S-EL1) RAS Partition managed by SPMC.
+ * TF-A also populates a shared buffer with a data structure containing
+ * enough information (such as system registers) to identify and triage
+ * the RAS error.
+ * Step 4: RAS SP generates the Common Platform Error Record (CPER) and shares
+ * it with normal world firmware and/or OS kernel through a reserved
+ * buffer memory.
+ * Step 5: RAS SP responds to the direct message with information necessary for
+ * TF-A to notify the OS kernel.
+ * Step 6: Consequently, TF-A dispatches an SDEI event to notify the OS kernel
+ * about the CPER records for further logging.
+ */
+
+static int injected_fault_handler(const struct err_record_info *info,
+ int probe_data, const struct err_handler_data *const data)
+{
+ /*
+ * At the moment, an FF-A compatible SP that supports RAS firmware is
+ * not available. Hence the sequence below does not exactly follow the
+ * steps outlined above. Therefore, some steps are essentially spoofed.
+ * The handling of RAS error is completely done in EL3 firmware.
+ */
+ uint64_t status, cactus_cmd_ret;
+ int ret, event_num;
+ cpu_context_t *ns_cpu_context;
+
+ /* Get a reference to the non-secure context */
+ ns_cpu_context = cm_get_context(NON_SECURE);
+ assert(ns_cpu_context != NULL);
+
+ /*
+ * The faulting error record is already selected by the SER probe
+ * function.
+ */
+ status = read_erxstatus_el1();
+
+ ERROR("Fault reported by system error record %d on 0x%lx: status=0x%" PRIx64 "\n",
+ probe_data, read_mpidr_el1(), status);
+ ERROR(" exception reason=%u syndrome=0x%" PRIx64 "\n", data->ea_reason,
+ data->flags);
+
+ /* Clear error */
+ write_erxstatus_el1(status);
+
+ /*
+ * Initiate an EL3 direct message from LSP to Cactus RAS Secure
+ * Partition (ID 8001). Currently, the payload is being spoofed.
+ * The direct message response contains the SDEI event ID for the
+ * associated RAS error.
+ */
+ (void)plat_spmd_logical_sp_smc_handler(0, 0, 0, CACTUS_SP_RAS_DELEGATE_CMD,
+ EVENT_NOTIFY_OS_RAS_ERROR,
+ NULL, ns_cpu_context, 0);
+
+ cactus_cmd_ret = read_ctx_reg(get_gpregs_ctx(ns_cpu_context), CTX_GPREG_X3);
+ event_num = (int)read_ctx_reg(get_gpregs_ctx(ns_cpu_context), CTX_GPREG_X4);
+
+ if (cactus_cmd_ret != 0) {
+ ERROR("RAS error could not be handled by SP: %lx\n", cactus_cmd_ret);
+ panic();
+ }
+
+ if (event_num != EVENT_NOTIFY_OS_RAS_ERROR) {
+ ERROR("Unexpected event id sent by RAS SP: %d\n", event_num);
+ panic();
+ }
+
+ /* Dispatch the event to the SDEI client */
+ ret = sdei_dispatch_event(event_num);
+ if (ret < 0) {
+ ERROR("Can't dispatch event to SDEI\n");
+ panic();
+ } else {
+ INFO("SDEI event dispatched\n");
+ }
+
+ return 0;
+}
+
+struct ras_interrupt fvp_ras_interrupts[] = {
+};
+
+struct err_record_info fvp_err_records[] = {
+ /* Record for injected fault */
+ ERR_RECORD_SYSREG_V1(0, 2, ras_err_ser_probe_sysreg,
+ injected_fault_handler, NULL),
+};
+
+REGISTER_ERR_RECORD_INFO(fvp_err_records);
+REGISTER_RAS_INTERRUPTS(fvp_ras_interrupts);
diff --git a/plat/arm/board/fvp/fvp_bl1_measured_boot.c b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
index dc95ba1..477ae27 100644
--- a/plat/arm/board/fvp/fvp_bl1_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
@@ -7,7 +7,6 @@
#include <stdint.h>
#include <drivers/measured_boot/event_log/event_log.h>
-#include <drivers/measured_boot/rss/rss_measured_boot.h>
#include <plat/arm/common/plat_arm.h>
#include <tools_share/zero_oid.h>
@@ -23,42 +22,10 @@
{ EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
-/* FVP table with platform specific image IDs and metadata. Intentionally not a
- * const struct, some members might set by bootloaders during trusted boot.
- */
-struct rss_mboot_metadata fvp_rss_mboot_metadata[] = {
- {
- .id = FW_CONFIG_ID,
- .slot = U(6),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_FW_CONFIG_STRING,
- .pk_oid = ZERO_OID,
- .lock_measurement = true },
- {
- .id = TB_FW_CONFIG_ID,
- .slot = U(7),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_TB_FW_CONFIG_STRING,
- .pk_oid = ZERO_OID,
- .lock_measurement = true },
- {
- .id = BL2_IMAGE_ID,
- .slot = U(8),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_BL2_STRING,
- .pk_oid = ZERO_OID,
- .lock_measurement = true },
-
- {
- .id = RSS_MBOOT_INVALID_ID }
-};
-
void bl1_plat_mboot_init(void)
{
event_log_init(event_log, event_log + sizeof(event_log));
event_log_write_header();
-
- rss_measured_boot_init(fvp_rss_mboot_metadata);
}
void bl1_plat_mboot_finish(void)
diff --git a/plat/arm/board/fvp/fvp_bl2_measured_boot.c b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
index 349e064..369bcb4 100644
--- a/plat/arm/board/fvp/fvp_bl2_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
@@ -8,7 +8,6 @@
#include <common/tbbr/tbbr_img_def.h>
#include <drivers/measured_boot/event_log/event_log.h>
-#include <drivers/measured_boot/rss/rss_measured_boot.h>
#if defined(ARM_COT_cca)
#include <tools_share/cca_oid.h>
#else
@@ -57,44 +56,6 @@
{ EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
-/* FVP table with platform specific image IDs and metadata. Intentionally not a
- * const struct, some members might set by bootloaders during trusted boot.
- */
-struct rss_mboot_metadata fvp_rss_mboot_metadata[] = {
- {
- .id = BL31_IMAGE_ID,
- .slot = U(9),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_BL31_STRING,
- .pk_oid = BL31_IMAGE_KEY_OID,
- .lock_measurement = true },
- {
- .id = HW_CONFIG_ID,
- .slot = U(10),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_HW_CONFIG_STRING,
- .pk_oid = HW_CONFIG_KEY_OID,
- .lock_measurement = true },
- {
- .id = SOC_FW_CONFIG_ID,
- .slot = U(11),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_SOC_FW_CONFIG_STRING,
- .pk_oid = SOC_FW_CONFIG_KEY_OID,
- .lock_measurement = true },
-#if ENABLE_RME
- {
- .id = RMM_IMAGE_ID,
- .slot = U(12),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_RMM_STRING,
- .pk_oid = RMM_IMAGE_KEY_OID,
- .lock_measurement = true },
-#endif /* ENABLE_RME */
- {
- .id = RSS_MBOOT_INVALID_ID }
-};
-
void bl2_plat_mboot_init(void)
{
uint8_t *event_log_start;
@@ -126,8 +87,6 @@
event_log_max_size);
event_log_init((uint8_t *)event_log_start, event_log_finish);
-
- rss_measured_boot_init(fvp_rss_mboot_metadata);
}
int plat_mboot_measure_critical_data(unsigned int critical_data_id,
diff --git a/plat/arm/board/fvp/fvp_bl2_setup.c b/plat/arm/board/fvp/fvp_bl2_setup.c
index ebd5266..97d000e 100644
--- a/plat/arm/board/fvp/fvp_bl2_setup.c
+++ b/plat/arm/board/fvp/fvp_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,6 +9,7 @@
#include <common/debug.h>
#include <common/desc_image_load.h>
#include <drivers/arm/sp804_delay_timer.h>
+#include <fvp_pas_def.h>
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
#include <lib/transfer_list.h>
@@ -21,6 +22,32 @@
static struct transfer_list_header *ns_tl __unused;
+#if ENABLE_RME
+/*
+ * The GPT library might modify the gpt regions structure to optimize
+ * the layout, so the array cannot be constant.
+ */
+static pas_region_t pas_regions[] = {
+ ARM_PAS_KERNEL,
+ ARM_PAS_SECURE,
+ ARM_PAS_REALM,
+ ARM_PAS_EL3_DRAM,
+ ARM_PAS_GPTS,
+ ARM_PAS_KERNEL_1
+};
+
+static const arm_gpt_info_t arm_gpt_info = {
+ .pas_region_base = pas_regions,
+ .pas_region_count = (unsigned int)ARRAY_SIZE(pas_regions),
+ .l0_base = (uintptr_t)ARM_L0_GPT_BASE,
+ .l1_base = (uintptr_t)ARM_L1_GPT_BASE,
+ .l0_size = (size_t)ARM_L0_GPT_SIZE,
+ .l1_size = (size_t)ARM_L1_GPT_SIZE,
+ .pps = GPCCR_PPS_64GB,
+ .pgs = GPCCR_PGS_4K
+};
+#endif
+
void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3)
{
arm_bl2_early_platform_setup((uintptr_t)arg0, (meminfo_t *)arg1);
@@ -41,6 +68,13 @@
fvp_timer_init();
}
+#if ENABLE_RME
+const arm_gpt_info_t *plat_arm_get_gpt_info(void)
+{
+ return &arm_gpt_info;
+}
+#endif /* ENABLE_RME */
+
/*******************************************************************************
* This function returns the list of executable images
******************************************************************************/
diff --git a/plat/arm/board/fvp/fvp_common.c b/plat/arm/board/fvp/fvp_common.c
index c40a3ce..beae242 100644
--- a/plat/arm/board/fvp/fvp_common.c
+++ b/plat/arm/board/fvp/fvp_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -24,7 +24,6 @@
#endif
#include <plat/arm/common/arm_config.h>
-#include <plat/arm/common/arm_pas_def.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
diff --git a/plat/arm/board/fvp/fvp_pm.c b/plat/arm/board/fvp/fvp_pm.c
index 51dda9e..b3d503e 100644
--- a/plat/arm/board/fvp/fvp_pm.c
+++ b/plat/arm/board/fvp/fvp_pm.c
@@ -1,17 +1,15 @@
/*
- * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
-#include <arch_features.h>
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/arm/gicv3.h>
#include <drivers/arm/fvp/fvp_pwrc.h>
-#include <lib/extensions/spe.h>
#include <lib/mmio.h>
#include <lib/psci/psci.h>
#include <plat/arm/common/arm_config.h>
@@ -54,14 +52,6 @@
{
uint64_t mpidr = read_mpidr_el1();
- /*
- * On power down we need to disable statistical profiling extensions
- * before exiting coherency.
- */
- if (is_feat_spe_supported()) {
- spe_disable();
- }
-
/* Disable coherency if this cluster is to be turned off */
fvp_interconnect_disable();
diff --git a/include/plat/arm/common/arm_pas_def.h b/plat/arm/board/fvp/include/fvp_pas_def.h
similarity index 94%
rename from include/plat/arm/common/arm_pas_def.h
rename to plat/arm/board/fvp/include/fvp_pas_def.h
index fba8d2c..4684387 100644
--- a/include/plat/arm/common/arm_pas_def.h
+++ b/plat/arm/board/fvp/include/fvp_pas_def.h
@@ -1,13 +1,13 @@
/*
- * Copyright (c) 2021-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
-#ifndef ARM_PAS_DEF_H
-#define ARM_PAS_DEF_H
+#ifndef FVP_PAS_DEF_H
+#define FVP_PAS_DEF_H
#include <lib/gpt_rme/gpt_rme.h>
-#include <plat/arm/common/arm_def.h>
+#include <platform_def.h>
/*****************************************************************************
* PAS regions used to initialize the Granule Protection Table (GPT)
@@ -107,11 +107,11 @@
ARM_EL3_TZC_DRAM1_SIZE, \
GPT_GPI_ROOT)
-#define ARM_PAS_GPTS GPT_MAP_REGION_GRANULE(ARM_L1_GPT_ADDR_BASE, \
+#define ARM_PAS_GPTS GPT_MAP_REGION_GRANULE(ARM_L1_GPT_BASE, \
ARM_L1_GPT_SIZE, \
GPT_GPI_ROOT)
/* GPT Configuration options */
#define PLATFORM_L0GPTSZ GPCCR_L0GPTSZ_30BITS
-#endif /* ARM_PAS_DEF_H */
+#endif /* FVP_PAS_DEF_H */
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index aad0417..4b69d66 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -234,7 +234,13 @@
/* When ARM_BL31_IN_DRAM is set, BL2 can use almost all of Trusted SRAM. */
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1F000) - FVP_BL2_ROMLIB_OPTIMIZATION)
#else
-# define PLAT_ARM_MAX_BL2_SIZE (UL(0x13000) - FVP_BL2_ROMLIB_OPTIMIZATION)
+/**
+ * Default to just under half of SRAM to ensure there's enough room for really
+ * large BL31 build configurations when using the default SRAM size (256 Kb).
+ */
+#define PLAT_ARM_MAX_BL2_SIZE \
+ (((PLAT_ARM_TRUSTED_SRAM_SIZE / 3) & ~PAGE_SIZE_MASK) - PAGE_SIZE - \
+ FVP_BL2_ROMLIB_OPTIMIZATION)
#endif
#if RESET_TO_BL31
@@ -416,7 +422,7 @@
#define PLAT_SDEI_DP_EVENT_MAX_CNT ARM_SDEI_DP_EVENT_MAX_CNT
#define PLAT_SDEI_DS_EVENT_MAX_CNT ARM_SDEI_DS_EVENT_MAX_CNT
#else
- #if PLATFORM_TEST_RAS_FFH
+ #if PLATFORM_TEST_RAS_FFH || PLATFORM_TEST_FFH_LSP_RAS_SP
#define PLAT_ARM_PRIVATE_SDEI_EVENTS \
ARM_SDEI_PRIVATE_EVENTS, \
SDEI_EXPLICIT_EVENT(5000, SDEI_MAPF_NORMAL), \
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index df26dd7..35086e4 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -57,7 +57,6 @@
ENABLE_FEAT_TWED := 2
ENABLE_FEAT_GCS := 2
ifeq (${ARCH}, aarch64)
-ifneq (${SPD}, spmd)
ifeq (${SPM_MM}, 0)
ifeq (${CTX_INCLUDE_FPREGS}, 0)
ENABLE_SME_FOR_NS := 2
@@ -66,7 +65,6 @@
endif
endif
endif
-endif
# enable unconditionally for all builds
ifeq (${ARCH}, aarch64)
@@ -75,6 +73,7 @@
endif
ENABLE_SYS_REG_TRACE_FOR_NS := 2
ENABLE_FEAT_CSV2_2 := 2
+ENABLE_FEAT_CSV2_3 := 2
ENABLE_FEAT_DIT := 2
ENABLE_FEAT_PAN := 2
ENABLE_FEAT_MTE_PERM := 2
@@ -398,11 +397,15 @@
endif
ifeq (${HANDLE_EA_EL3_FIRST_NS},1)
-ifeq (${ENABLE_FEAT_RAS},1)
-BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ras.c
-else
-BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ea.c
-endif
+ ifeq (${ENABLE_FEAT_RAS},1)
+ ifeq (${PLATFORM_TEST_FFH_LSP_RAS_SP},1)
+ BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c
+ else
+ BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ras.c
+ endif
+ else
+ BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ea.c
+ endif
endif
ifneq (${ENABLE_STACK_PROTECTOR},0)
@@ -440,22 +443,6 @@
override BL1_SOURCES =
endif
-# Include Measured Boot makefile before any Crypto library makefile.
-# Crypto library makefile may need default definitions of Measured Boot build
-# flags present in Measured Boot makefile.
-ifeq (${MEASURED_BOOT},1)
- RSS_MEASURED_BOOT_MK := drivers/measured_boot/rss/rss_measured_boot.mk
- $(info Including ${RSS_MEASURED_BOOT_MK})
- include ${RSS_MEASURED_BOOT_MK}
-
- ifneq (${MBOOT_RSS_HASH_ALG}, sha256)
- $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
- endif
-
- BL1_SOURCES += ${MEASURED_BOOT_SOURCES}
- BL2_SOURCES += ${MEASURED_BOOT_SOURCES}
-endif
-
include plat/arm/board/common/board_common.mk
include plat/arm/common/arm_common.mk
@@ -517,6 +504,22 @@
endif
endif
+$(eval $(call add_define,PLATFORM_TEST_FFH_LSP_RAS_SP))
+ifeq (${PLATFORM_TEST_FFH_LSP_RAS_SP}, 1)
+ ifeq (${PLATFORM_TEST_RAS_FFH}, 1)
+ $(error "PLATFORM_TEST_RAS_FFH is incompatible with PLATFORM_TEST_FFH_LSP_RAS_SP")
+ endif
+ ifeq (${ENABLE_SPMD_LP}, 0)
+ $(error "PLATFORM_TEST_FFH_LSP_RAS_SP expects ENABLE_SPMD_LP to be 1")
+ endif
+ ifeq (${ENABLE_FEAT_RAS}, 0)
+ $(error "PLATFORM_TEST_FFH_LSP_RAS_SP expects ENABLE_FEAT_RAS to be 1")
+ endif
+ ifeq (${HANDLE_EA_EL3_FIRST_NS}, 0)
+ $(error "PLATFORM_TEST_FFH_LSP_RAS_SP expects HANDLE_EA_EL3_FIRST_NS to be 1")
+ endif
+endif
+
ifeq (${ERRATA_ABI_SUPPORT}, 1)
include plat/arm/board/fvp/fvp_cpu_errata.mk
endif
diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h
index 5c9a7a3..b276f7b 100644
--- a/plat/arm/board/juno/include/platform_def.h
+++ b/plat/arm/board/juno/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -246,12 +246,14 @@
/* MHU related constants */
#define PLAT_CSS_MHU_BASE UL(0x2b1f0000)
+#if CSS_USE_SCMI_SDS_DRIVER
+/* Index of SDS region used in the communication between AP and SCP */
+#define SDS_SCP_AP_REGION_ID U(0)
+#else
/*
* Base address of the first memory region used for communication between AP
* and SCP. Used by the BOM and SCPI protocols.
- */
-#if !CSS_USE_SCMI_SDS_DRIVER
-/*
+ *
* Note that this is located at the same address as SCP_BOOT_CFG_ADDR, which
* means the SCP/AP configuration data gets overwritten when the AP initiates
* communication with the SCP. The configuration data is expected to be a
@@ -261,7 +263,7 @@
#define PLAT_CSS_SCP_COM_SHARED_MEM_BASE (ARM_TRUSTED_SRAM_BASE + UL(0x80))
#define PLAT_CSS_PRIMARY_CPU_SHIFT 8
#define PLAT_CSS_PRIMARY_CPU_BIT_WIDTH 4
-#endif
+#endif /* CSS_USE_SCMI_SDS_DRIVER */
/*
* SCP_BL2 uses up whatever remaining space is available as it is loaded before
diff --git a/plat/arm/board/juno/juno_bl1_setup.c b/plat/arm/board/juno/juno_bl1_setup.c
index a9d5cc3..2bc948d 100644
--- a/plat/arm/board/juno/juno_bl1_setup.c
+++ b/plat/arm/board/juno/juno_bl1_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -32,13 +32,14 @@
int ret;
uint32_t scp_reset_synd_flags;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SCP SDS initialization failed\n");
panic();
}
- ret = sds_struct_read(SDS_RESET_SYNDROME_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ SDS_RESET_SYNDROME_STRUCT_ID,
SDS_RESET_SYNDROME_OFFSET,
&scp_reset_synd_flags,
SDS_RESET_SYNDROME_SIZE,
diff --git a/plat/arm/board/juno/juno_common.c b/plat/arm/board/juno/juno_common.c
index 02614da..2cd01e4 100644
--- a/plat/arm/board/juno/juno_common.c
+++ b/plat/arm/board/juno/juno_common.c
@@ -1,14 +1,16 @@
/*
- * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <drivers/arm/css/sds.h>
#include <lib/smccc.h>
-#include <platform_def.h>
+#include <lib/utils_def.h>
#include <services/arm_arch_svc.h>
#include <plat/arm/common/plat_arm.h>
+#include <platform_def.h>
/*
* Table of memory regions for different BL stages to map using the MMU.
@@ -138,3 +140,16 @@
return (int32_t)(((sys_id >> V2M_SYS_ID_REV_SHIFT) &
V2M_SYS_ID_REV_MASK) & SOC_ID_REV_MASK);
}
+
+#if CSS_USE_SCMI_SDS_DRIVER
+static sds_region_desc_t juno_sds_regions[] = {
+ { .base = PLAT_ARM_SDS_MEM_BASE },
+};
+
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count)
+{
+ *region_count = ARRAY_SIZE(juno_sds_regions);
+
+ return juno_sds_regions;
+}
+#endif /* CSS_USE_SCMI_SDS_DRIVER */
diff --git a/plat/arm/board/morello/include/platform_def.h b/plat/arm/board/morello/include/platform_def.h
index 993aa46..3cf723e 100644
--- a/plat/arm/board/morello/include/platform_def.h
+++ b/plat/arm/board/morello/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -59,6 +59,10 @@
#if CSS_USE_SCMI_SDS_DRIVER
#define MORELLO_SCMI_PAYLOAD_BASE ULL(0x45400000)
+/*
+ * Index of SDS region used in the communication with SCP
+ */
+#define SDS_SCP_AP_REGION_ID U(0)
#else
#define PLAT_CSS_SCP_COM_SHARED_MEM_BASE ULL(0x45400000)
#endif
diff --git a/plat/arm/board/morello/morello_bl2_setup.c b/plat/arm/board/morello/morello_bl2_setup.c
index 39020e2..38e2e6a 100644
--- a/plat/arm/board/morello/morello_bl2_setup.c
+++ b/plat/arm/board/morello/morello_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -155,13 +155,14 @@
int ret;
struct morello_plat_info plat_info;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed. ret:%d\n", ret);
panic();
}
- ret = sds_struct_read(MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
MORELLO_SDS_PLATFORM_INFO_OFFSET,
&plat_info,
MORELLO_SDS_PLATFORM_INFO_SIZE,
diff --git a/plat/arm/board/morello/morello_bl31_setup.c b/plat/arm/board/morello/morello_bl31_setup.c
index 8469cd1..6373825 100644
--- a/plat/arm/board/morello/morello_bl31_setup.c
+++ b/plat/arm/board/morello/morello_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -43,13 +43,14 @@
#ifdef TARGET_PLATFORM_SOC
int ret;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed. ret:%d\n", ret);
panic();
}
- ret = sds_struct_read(MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
MORELLO_SDS_PLATFORM_INFO_OFFSET,
&plat_info,
MORELLO_SDS_PLATFORM_INFO_SIZE,
diff --git a/plat/arm/board/morello/morello_image_load.c b/plat/arm/board/morello/morello_image_load.c
index 4ea2bb3..cfe8bee 100644
--- a/plat/arm/board/morello/morello_image_load.c
+++ b/plat/arm/board/morello/morello_image_load.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,7 @@
#include "morello_def.h"
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
+#include <platform_def.h>
/* In client mode, a part of the DDR memory is reserved for Tag bits.
* Calculate the usable memory size after subtracting the Tag memory.
@@ -167,13 +168,14 @@
struct morello_plat_info plat_info;
struct morello_firmware_version fw_version;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed. ret:%d\n", ret);
panic();
}
- ret = sds_struct_read(MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
MORELLO_SDS_PLATFORM_INFO_OFFSET,
&plat_info,
MORELLO_SDS_PLATFORM_INFO_SIZE,
@@ -183,7 +185,8 @@
panic();
}
- ret = sds_struct_read(MORELLO_SDS_FIRMWARE_VERSION_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ MORELLO_SDS_FIRMWARE_VERSION_STRUCT_ID,
MORELLO_SDS_FIRMWARE_VERSION_OFFSET,
&fw_version,
MORELLO_SDS_FIRMWARE_VERSION_SIZE,
diff --git a/plat/arm/board/morello/morello_plat.c b/plat/arm/board/morello/morello_plat.c
index 2ca3d08..61fed64 100644
--- a/plat/arm/board/morello/morello_plat.c
+++ b/plat/arm/board/morello/morello_plat.c
@@ -1,12 +1,14 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
+#include <drivers/arm/css/sds.h>
#include <drivers/arm/sbsa.h>
+#include <lib/utils_def.h>
#include <plat/arm/common/plat_arm.h>
#include "morello_def.h"
@@ -68,3 +70,16 @@
{
sbsa_wdog_stop(SBSA_SECURE_WDOG_BASE);
}
+
+#if CSS_USE_SCMI_SDS_DRIVER
+static sds_region_desc_t morello_sds_regions[] = {
+ { .base = PLAT_ARM_SDS_MEM_BASE },
+};
+
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count)
+{
+ *region_count = ARRAY_SIZE(morello_sds_regions);
+
+ return morello_sds_regions;
+}
+#endif /* CSS_USE_SCMI_SDS_DRIVER */
diff --git a/plat/arm/board/n1sdp/include/platform_def.h b/plat/arm/board/n1sdp/include/platform_def.h
index 74d0c91..82f1e7f 100644
--- a/plat/arm/board/n1sdp/include/platform_def.h
+++ b/plat/arm/board/n1sdp/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -77,6 +77,10 @@
#if CSS_USE_SCMI_SDS_DRIVER
#define N1SDP_SCMI_PAYLOAD_BASE 0x45400000
+/*
+ * Index of SDS region used in the communication with SCP
+ */
+#define SDS_SCP_AP_REGION_ID U(0)
#else
#define PLAT_CSS_SCP_COM_SHARED_MEM_BASE 0x45400000
#endif
diff --git a/plat/arm/board/n1sdp/n1sdp_bl2_setup.c b/plat/arm/board/n1sdp/n1sdp_bl2_setup.c
index 5f8af9f..5a5b9a5 100644
--- a/plat/arm/board/n1sdp/n1sdp_bl2_setup.c
+++ b/plat/arm/board/n1sdp/n1sdp_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,6 +11,7 @@
#include "n1sdp_def.h"
#include <plat/arm/common/plat_arm.h>
+#include <platform_def.h>
struct n1sdp_plat_info {
bool multichip_mode;
@@ -60,13 +61,14 @@
int ret;
struct n1sdp_plat_info plat_info;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed\n");
panic();
}
- ret = sds_struct_read(N1SDP_SDS_PLATFORM_INFO_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ N1SDP_SDS_PLATFORM_INFO_STRUCT_ID,
N1SDP_SDS_PLATFORM_INFO_OFFSET,
&plat_info,
N1SDP_SDS_PLATFORM_INFO_SIZE,
diff --git a/plat/arm/board/n1sdp/n1sdp_bl31_setup.c b/plat/arm/board/n1sdp/n1sdp_bl31_setup.c
index 430aab6..27ea7f7 100644
--- a/plat/arm/board/n1sdp/n1sdp_bl31_setup.c
+++ b/plat/arm/board/n1sdp/n1sdp_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -127,13 +127,14 @@
int ret;
struct n1sdp_plat_info plat_info;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed\n");
panic();
}
- ret = sds_struct_read(N1SDP_SDS_PLATFORM_INFO_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ N1SDP_SDS_PLATFORM_INFO_STRUCT_ID,
N1SDP_SDS_PLATFORM_INFO_OFFSET,
&plat_info,
N1SDP_SDS_PLATFORM_INFO_SIZE,
diff --git a/plat/arm/board/n1sdp/n1sdp_image_load.c b/plat/arm/board/n1sdp/n1sdp_image_load.c
index 6c3528c..6ae2b26 100644
--- a/plat/arm/board/n1sdp/n1sdp_image_load.c
+++ b/plat/arm/board/n1sdp/n1sdp_image_load.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,7 @@
#include "n1sdp_def.h"
#include <plat/arm/common/plat_arm.h>
+#include <platform_def.h>
/*
* Platform information structure stored in SDS.
@@ -108,13 +109,14 @@
int ret;
struct n1sdp_plat_info plat_info;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed. ret:%d\n", ret);
panic();
}
- ret = sds_struct_read(N1SDP_SDS_PLATFORM_INFO_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ N1SDP_SDS_PLATFORM_INFO_STRUCT_ID,
N1SDP_SDS_PLATFORM_INFO_OFFSET,
&plat_info,
N1SDP_SDS_PLATFORM_INFO_SIZE,
diff --git a/plat/arm/board/n1sdp/n1sdp_plat.c b/plat/arm/board/n1sdp/n1sdp_plat.c
index 747ff06..42efdee 100644
--- a/plat/arm/board/n1sdp/n1sdp_plat.c
+++ b/plat/arm/board/n1sdp/n1sdp_plat.c
@@ -1,12 +1,14 @@
/*
- * Copyright (c) 2018-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
+#include <drivers/arm/css/sds.h>
#include <drivers/arm/sbsa.h>
+#include <lib/utils_def.h>
#include <plat/arm/common/plat_arm.h>
#include "n1sdp_def.h"
@@ -71,3 +73,16 @@
{
sbsa_wdog_stop(SBSA_SECURE_WDOG_BASE);
}
+
+#if CSS_USE_SCMI_SDS_DRIVER
+static sds_region_desc_t n1sdp_sds_regions[] = {
+ { .base = PLAT_ARM_SDS_MEM_BASE },
+};
+
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count)
+{
+ *region_count = ARRAY_SIZE(n1sdp_sds_regions);
+
+ return n1sdp_sds_regions;
+}
+#endif /* CSS_USE_SCMI_SDS_DRIVER */
diff --git a/plat/arm/board/tc/include/platform_def.h b/plat/arm/board/tc/include/platform_def.h
index 59fff6e..e8f97e1 100644
--- a/plat/arm/board/tc/include/platform_def.h
+++ b/plat/arm/board/tc/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -137,7 +137,7 @@
* little space for growth. Current size is considering that TRUSTED_BOARD_BOOT
* and MEASURED_BOOT is enabled.
*/
-# define PLAT_ARM_MAX_BL2_SIZE 0x26000
+# define PLAT_ARM_MAX_BL2_SIZE 0x29000
/*
@@ -240,6 +240,17 @@
#define PLAT_ARM_SCMI_CHANNEL_COUNT 1
+/* Index of SDS region used in the communication with SCP */
+#define SDS_SCP_AP_REGION_ID U(0)
+/* Index of SDS region used in the communication with RSS */
+#define SDS_RSS_AP_REGION_ID U(1)
+/*
+ * Memory region for RSS's shared data storage (SDS)
+ * It is placed right after the SCMI payload area.
+ */
+#define PLAT_ARM_RSS_AP_SDS_MEM_BASE (CSS_SCMI_PAYLOAD_BASE + \
+ CSS_SCMI_PAYLOAD_SIZE_MAX)
+
#define PLAT_ARM_CLUSTER_COUNT U(1)
#define PLAT_MAX_CPUS_PER_CLUSTER U(8)
#define PLAT_MAX_PE_PER_CPU U(1)
@@ -322,4 +333,18 @@
#define PLAT_ARM_FIP_OFFSET_IN_GPT 0x6000
#endif /* ARM_GPT_SUPPORT */
+/* UART related constants */
+
+#undef PLAT_ARM_BOOT_UART_BASE
+#define PLAT_ARM_BOOT_UART_BASE 0x2A410000
+
+#undef PLAT_ARM_RUN_UART_BASE
+#define PLAT_ARM_RUN_UART_BASE 0x2A400000
+
+#undef PLAT_ARM_SP_MIN_RUN_UART_BASE
+#define PLAT_ARM_SP_MIN_RUN_UART_BASE PLAT_ARM_RUN_UART_BASE
+
+#undef PLAT_ARM_CRASH_UART_BASE
+#define PLAT_ARM_CRASH_UART_BASE PLAT_ARM_RUN_UART_BASE
+
#endif /* PLATFORM_DEF_H */
diff --git a/plat/arm/board/tc/plat_tc_mbedtls_config.h b/plat/arm/board/tc/plat_tc_mbedtls_config.h
index 773629c..de7b1aa 100644
--- a/plat/arm/board/tc/plat_tc_mbedtls_config.h
+++ b/plat/arm/board/tc/plat_tc_mbedtls_config.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Ltd. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Ltd. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -19,11 +19,12 @@
#undef TF_MBEDTLS_HEAP_SIZE
#define TF_MBEDTLS_HEAP_SIZE PLATFORM_TEST_MIN_MBEDTLS_HEAP_SIZE
#endif
-#endif
+#endif /* TF_MBEDTLS_HEAP_SIZE */
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
#define MBEDTLS_ECP_C
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_NO_INTERNAL_RNG
#endif /* PLAT_TC_MBEDTLS_CONFIG_H */
diff --git a/plat/arm/board/tc/platform_test.mk b/plat/arm/board/tc/platform_test.mk
index 2fd5ea0..4e81b2c 100644
--- a/plat/arm/board/tc/platform_test.mk
+++ b/plat/arm/board/tc/platform_test.mk
@@ -1,4 +1,4 @@
-# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+# Copyright (c) 2022-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -13,7 +13,6 @@
# Code under testing.
BL31_SOURCES += lib/psa/rss_platform.c \
- drivers/arm/rss/rss_comms.c \
${RSS_COMMS_SOURCES}
PLAT_INCLUDES += -Iinclude/lib/psa
@@ -27,13 +26,13 @@
# Code under testing.
BL31_SOURCES += lib/psa/rss_platform.c \
- drivers/arm/rss/rss_comms.c \
${RSS_COMMS_SOURCES}
PLAT_INCLUDES += -Iinclude/lib/psa
$(eval $(call add_define,PLATFORM_TEST_ROTPK))
else ifeq (${PLATFORM_TEST},tfm-testsuite)
+ include drivers/arm/rss/rss_comms.mk
# The variables need to be set to compile the platform test:
ifeq (${TF_M_TESTS_PATH},)
@@ -56,7 +55,7 @@
MBEDTLS_CONFIG_FILE = "<plat_tc_mbedtls_config.h>"
- LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
+ LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
entropy.c \
entropy_poll.c \
hmac_drbg.c \
@@ -69,30 +68,31 @@
psa_crypto_slot_management.c \
)
- BL31_SOURCES += ${RSS_COMMS_SOURCES} \
- plat/arm/common/arm_dyn_cfg.c \
- ${TC_BASE}/rss_ap_tests.c \
- ${TC_BASE}/rss_ap_testsuites.c \
+ BL31_SOURCES += ${RSS_COMMS_SOURCES} \
+ plat/arm/common/arm_dyn_cfg.c \
+ ${TC_BASE}/rss_ap_tests.c \
+ ${TC_BASE}/rss_ap_testsuites.c \
${TC_BASE}/rss_ap_test_stubs.c \
- $(TF_M_TESTS_PATH)/test/framework/test_framework.c \
+ $(TF_M_TESTS_PATH)/tests_reg/test/framework/test_framework.c \
$(MEASURED_BOOT_TESTS_PATH)/measured_boot_common.c \
$(MEASURED_BOOT_TESTS_PATH)/measured_boot_tests_common.c \
$(DELEGATED_ATTEST_TESTS_PATH)/delegated_attest_test.c \
- drivers/auth/mbedtls/mbedtls_common.c \
- lib/psa/measured_boot.c \
+ drivers/auth/mbedtls/mbedtls_common.c \
+ lib/psa/measured_boot.c \
lib/psa/delegated_attestation.c
PLAT_INCLUDES += -I$(TF_M_EXTRAS_PATH)/partitions/measured_boot/interface/include \
-I$(TF_M_EXTRAS_PATH)/partitions/delegated_attestation/interface/include \
- -I$(TF_M_TESTS_PATH)/test/framework \
- -I$(TF_M_TESTS_PATH)/log \
- -I$(TF_M_TESTS_PATH)/test/secure_fw/suites/extra \
- -I$(MEASURED_BOOT_TESTS_PATH)/non_secure \
- -I$(DELEGATED_ATTEST_TESTS_PATH) \
- -I$(DELEGATED_ATTEST_TESTS_PATH)/non_secure \
- -Iplat/arm/board/tc \
- -Iinclude/drivers/auth/mbedtls \
- -Iinclude/drivers/arm
+ -I$(TF_M_TESTS_PATH)/tests_reg/test/framework \
+ -I$(TF_M_TESTS_PATH)/tests_reg/test/secure_fw/suites/extra \
+ -I$(TF_M_TESTS_PATH)/lib/log \
+ -I$(MEASURED_BOOT_TESTS_PATH)/non_secure \
+ -I$(DELEGATED_ATTEST_TESTS_PATH) \
+ -I$(DELEGATED_ATTEST_TESTS_PATH)/non_secure \
+ -Iplat/arm/board/tc \
+ -Iinclude/drivers/auth/mbedtls \
+ -Iinclude/drivers/arm \
+ -Iinclude/lib/psa
# Some of the PSA functions are declared in multiple header files, that
# triggers this warning.
diff --git a/plat/arm/board/tc/tc_plat.c b/plat/arm/board/tc/tc_plat.c
index 766bfb5..27d4b11 100644
--- a/plat/arm/board/tc/tc_plat.c
+++ b/plat/arm/board/tc/tc_plat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,8 @@
#include <common/bl_common.h>
#include <common/debug.h>
#include <drivers/arm/ccn.h>
+#include <drivers/arm/css/sds.h>
+#include <lib/utils_def.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <drivers/arm/sbsa.h>
@@ -159,3 +161,15 @@
{
sbsa_wdog_refresh(SBSA_SECURE_WDOG_REFRESH_BASE);
}
+
+static sds_region_desc_t tc_sds_regions[] = {
+ { .base = PLAT_ARM_SDS_MEM_BASE },
+ { .base = PLAT_ARM_RSS_AP_SDS_MEM_BASE },
+};
+
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count)
+{
+ *region_count = ARRAY_SIZE(tc_sds_regions);
+
+ return tc_sds_regions;
+}
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index 3e8109e..30d0647 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -23,9 +23,6 @@
#include <lib/optee_utils.h>
#endif
#include <lib/utils.h>
-#if ENABLE_RME
-#include <plat/arm/common/arm_pas_def.h>
-#endif
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
@@ -134,48 +131,6 @@
arm_bl2_platform_setup();
}
-#if ENABLE_RME
-static void arm_bl2_plat_gpt_setup(void)
-{
- /*
- * The GPT library might modify the gpt regions structure to optimize
- * the layout, so the array cannot be constant.
- */
- pas_region_t pas_regions[] = {
- ARM_PAS_KERNEL,
- ARM_PAS_SECURE,
- ARM_PAS_REALM,
- ARM_PAS_EL3_DRAM,
- ARM_PAS_GPTS,
- ARM_PAS_KERNEL_1
- };
-
- /* Initialize entire protected space to GPT_GPI_ANY. */
- if (gpt_init_l0_tables(GPCCR_PPS_64GB, ARM_L0_GPT_ADDR_BASE,
- ARM_L0_GPT_SIZE) < 0) {
- ERROR("gpt_init_l0_tables() failed!\n");
- panic();
- }
-
- /* Carve out defined PAS ranges. */
- if (gpt_init_pas_l1_tables(GPCCR_PGS_4K,
- ARM_L1_GPT_ADDR_BASE,
- ARM_L1_GPT_SIZE,
- pas_regions,
- (unsigned int)(sizeof(pas_regions) /
- sizeof(pas_region_t))) < 0) {
- ERROR("gpt_init_pas_l1_tables() failed!\n");
- panic();
- }
-
- INFO("Enabling Granule Protection Checks\n");
- if (gpt_enable() < 0) {
- ERROR("gpt_enable() failed!\n");
- panic();
- }
-}
-#endif /* ENABLE_RME */
-
/*******************************************************************************
* Perform the very early platform specific architectural setup here.
* When RME is enabled the secure environment is initialised before
@@ -216,7 +171,7 @@
enable_mmu_el3(0);
/* Initialise and enable granule protection after MMU. */
- arm_bl2_plat_gpt_setup();
+ arm_gpt_setup();
#else
enable_mmu_el1(0);
#endif
diff --git a/plat/arm/common/arm_common.c b/plat/arm/common/arm_common.c
index fc68114..21cc39c 100644
--- a/plat/arm/common/arm_common.c
+++ b/plat/arm/common/arm_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -241,3 +241,43 @@
{
return plat_arm_mmap;
}
+
+#if ENABLE_RME
+void arm_gpt_setup(void)
+{
+ /*
+ * It is to be noted that any Arm platform that reuses arm_gpt_setup
+ * must implement plat_arm_get_gpt_info within its platform code
+ */
+ const arm_gpt_info_t *arm_gpt_info =
+ plat_arm_get_gpt_info();
+
+ if (arm_gpt_info == NULL) {
+ ERROR("arm_gpt_info not initialized!!\n");
+ panic();
+ }
+
+ /* Initialize entire protected space to GPT_GPI_ANY. */
+ if (gpt_init_l0_tables(arm_gpt_info->pps, arm_gpt_info->l0_base,
+ arm_gpt_info->l0_size) < 0) {
+ ERROR("gpt_init_l0_tables() failed!\n");
+ panic();
+ }
+
+ /* Carve out defined PAS ranges. */
+ if (gpt_init_pas_l1_tables(arm_gpt_info->pgs,
+ arm_gpt_info->l1_base,
+ arm_gpt_info->l1_size,
+ arm_gpt_info->pas_region_base,
+ arm_gpt_info->pas_region_count) < 0) {
+ ERROR("gpt_init_pas_l1_tables() failed!\n");
+ panic();
+ }
+
+ INFO("Enabling Granule Protection Checks\n");
+ if (gpt_enable() < 0) {
+ ERROR("gpt_enable() failed!\n");
+ panic();
+ }
+}
+#endif /* ENABLE_RME */
diff --git a/plat/arm/common/fconf/arm_fconf_sp.c b/plat/arm/common/fconf/arm_fconf_sp.c
index 18c83c7..8655156 100644
--- a/plat/arm/common/fconf/arm_fconf_sp.c
+++ b/plat/arm/common/fconf/arm_fconf_sp.c
@@ -1,10 +1,11 @@
/*
- * Copyright (c) 2020-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
+#include <string.h>
#include <common/debug.h>
#include <common/desc_image_load.h>
@@ -27,7 +28,7 @@
int fconf_populate_arm_sp(uintptr_t config)
{
int sp_node, node, err;
- union uuid_helper_t uuid_helper;
+ struct uuid uuid;
unsigned int index = 0;
uint32_t val32;
const unsigned int sip_start = SP_PKG1_ID;
@@ -68,13 +69,14 @@
/* Read UUID */
err = fdtw_read_uuid(dtb, sp_node, "uuid", 16,
- (uint8_t *)&uuid_helper);
+ (uint8_t *)&uuid);
if (err < 0) {
ERROR("FCONF: cannot read SP uuid\n");
return -1;
}
- arm_sp.uuids[index] = uuid_helper;
+ memcpy_s(&arm_sp.uuids[index].uuid_struct, sizeof(struct uuid),
+ &uuid, sizeof(struct uuid));
/* Read Load address */
err = fdt_read_uint32(dtb, sp_node, "load-address", &val32);
@@ -88,16 +90,16 @@
" %02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x"
" load_addr=%lx\n",
__func__,
- uuid_helper.uuid_struct.time_low[0], uuid_helper.uuid_struct.time_low[1],
- uuid_helper.uuid_struct.time_low[2], uuid_helper.uuid_struct.time_low[3],
- uuid_helper.uuid_struct.time_mid[0], uuid_helper.uuid_struct.time_mid[1],
- uuid_helper.uuid_struct.time_hi_and_version[0],
- uuid_helper.uuid_struct.time_hi_and_version[1],
- uuid_helper.uuid_struct.clock_seq_hi_and_reserved,
- uuid_helper.uuid_struct.clock_seq_low,
- uuid_helper.uuid_struct.node[0], uuid_helper.uuid_struct.node[1],
- uuid_helper.uuid_struct.node[2], uuid_helper.uuid_struct.node[3],
- uuid_helper.uuid_struct.node[4], uuid_helper.uuid_struct.node[5],
+ uuid.time_low[0], uuid.time_low[1],
+ uuid.time_low[2], uuid.time_low[3],
+ uuid.time_mid[0], uuid.time_mid[1],
+ uuid.time_hi_and_version[0],
+ uuid.time_hi_and_version[1],
+ uuid.clock_seq_hi_and_reserved,
+ uuid.clock_seq_low,
+ uuid.node[0], uuid.node[1],
+ uuid.node[2], uuid.node[3],
+ uuid.node[4], uuid.node[5],
arm_sp.load_addr[index]);
/* Read owner field only for dualroot CoT */
diff --git a/plat/arm/common/plat_arm_sip_svc.c b/plat/arm/common/plat_arm_sip_svc.c
index b1dab16..d496d2e 100644
--- a/plat/arm/common/plat_arm_sip_svc.c
+++ b/plat/arm/common/plat_arm_sip_svc.c
@@ -1,10 +1,11 @@
/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stdint.h>
+#include <errno.h>
#include <common/debug.h>
#include <common/runtime_svc.h>
@@ -12,10 +13,73 @@
#include <plat/arm/common/arm_sip_svc.h>
#include <plat/common/platform.h>
+#if ENABLE_RME && SPMD_SPM_AT_SEL2
+#include <lib/gpt_rme/gpt_rme.h>
+#endif
+
#if ENABLE_SPMD_LP
#include <services/el3_spmd_logical_sp.h>
#endif
+#if (ENABLE_RME == 1) && (defined(SPD_spmd) && SPMD_SPM_AT_SEL2 == 1)
+static uint64_t plat_protect_memory(bool protect,
+ bool secure_origin,
+ const uint64_t base,
+ const size_t size,
+ void *handle)
+{
+ uint64_t ret = SMC_INVALID_PARAM;
+ uint64_t last_updated = 0;
+
+ if (!secure_origin) {
+ SMC_RET1(handle, SMC_UNK);
+ /* Shall not be reached. */
+ }
+
+ if ((base % PAGE_SIZE_4KB) != 0U &&
+ (size % PAGE_SIZE_4KB) != 0U) {
+ VERBOSE("Base address must be aligned to 4k.\n");
+ SMC_RET1(handle, SMC_INVALID_PARAM);
+ /* Shall not be reached. */
+ }
+
+ if ((ULONG_MAX - base) < size) {
+ VERBOSE("Base + Size results in overflow.\n");
+ SMC_RET1(handle, SMC_INVALID_PARAM);
+ /* Shall not be reached. */
+ }
+
+ for (uint64_t it = base; it < (base + size); it += PAGE_SIZE_4KB) {
+ /*
+ * If protect is true, add memory to secure PAS.
+ * Else unprotect it, making part of non-secure PAS.
+ */
+ ret = protect
+ ? gpt_delegate_pas(it, PAGE_SIZE_4KB,
+ SMC_FROM_SECURE)
+ : gpt_undelegate_pas(it, PAGE_SIZE_4KB,
+ SMC_FROM_SECURE);
+
+ switch (ret) {
+ case 0:
+ last_updated = it;
+ break;
+ case -EINVAL:
+ SMC_RET2(handle, SMC_INVALID_PARAM, last_updated);
+ break; /* Shall not be reached. */
+ case -EPERM:
+ SMC_RET2(handle, SMC_DENIED, last_updated);
+ break; /* Shall not be reached. */
+ default:
+ ERROR("Unexpected return\n");
+ panic();
+ }
+ }
+
+ SMC_RET1(handle, SMC_OK);
+}
+#endif /* ENABLE_RME && SPMD_SPM_AT_SEL2 */
+
uintptr_t plat_arm_sip_handler(uint32_t smc_fid,
u_register_t x1,
u_register_t x2,
@@ -25,13 +89,14 @@
void *handle,
u_register_t flags)
{
-#if PLAT_TEST_SPM
bool secure_origin;
/* Determine which security state this SMC originated from */
secure_origin = is_caller_secure(flags);
+ (void) secure_origin;
switch (smc_fid) {
+#if PLAT_TEST_SPM
case ARM_SIP_SET_INTERRUPT_PENDING:
if (!secure_origin) {
SMC_RET1(handle, SMC_UNK);
@@ -42,10 +107,19 @@
SMC_RET1(handle, SMC_OK);
break; /* Not reached */
- default:
+#endif
+
+#if (ENABLE_RME == 1) && (defined(SPD_spmd) && SPMD_SPM_AT_SEL2 == 1)
+ case PLAT_PROTECT_MEM_SMC64:
+ INFO("Sip Call - Protect memory\n");
+ return plat_protect_memory(true, secure_origin, x1, x2, handle);
break;
- }
+ case PLAT_UNPROTECT_MEM_SMC64:
+ INFO("Sip Call - Unprotect memory\n");
+ return plat_protect_memory(false, secure_origin, x1, x2, handle);
+ break;
#endif
+ }
#if ENABLE_SPMD_LP
return plat_spmd_logical_sp_smc_handler(smc_fid, x1, x2, x3, x4,
diff --git a/plat/arm/css/sgi/include/sgi_base_platform_def.h b/plat/arm/css/sgi/include/sgi_base_platform_def.h
index dab5f8b..2126a86 100644
--- a/plat/arm/css/sgi/include/sgi_base_platform_def.h
+++ b/plat/arm/css/sgi/include/sgi_base_platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -298,6 +298,8 @@
#endif
+/* Index of SDS region used in the communication with SCP */
+#define SDS_SCP_AP_REGION_ID U(0)
/* SDS ID for unusable CPU MPID list structure */
#define SDS_ISOLATED_CPU_LIST_ID U(128)
diff --git a/plat/arm/css/sgi/sgi-common.mk b/plat/arm/css/sgi/sgi-common.mk
index 2cd7034..efa3cc6 100644
--- a/plat/arm/css/sgi/sgi-common.mk
+++ b/plat/arm/css/sgi/sgi-common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -50,7 +50,8 @@
BL31_SOURCES += ${INTERCONNECT_SOURCES} \
${ENT_GIC_SOURCES} \
${CSS_ENT_BASE}/sgi_bl31_setup.c \
- ${CSS_ENT_BASE}/sgi_topology.c
+ ${CSS_ENT_BASE}/sgi_topology.c \
+ drivers/delay_timer/generic_delay_timer.c
ifneq (${RESET_TO_BL31},0)
$(error "Using BL31 as the reset vector is not supported on ${PLAT} platform. \
diff --git a/plat/arm/css/sgi/sgi_bl31_setup.c b/plat/arm/css/sgi/sgi_bl31_setup.c
index 7aa7b34..ac1ea48 100644
--- a/plat/arm/css/sgi/sgi_bl31_setup.c
+++ b/plat/arm/css/sgi/sgi_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,7 @@
#include <common/debug.h>
#include <drivers/arm/css/css_mhu_doorbell.h>
#include <drivers/arm/css/scmi.h>
+#include <drivers/generic_delay_timer.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
@@ -104,6 +105,8 @@
void sgi_bl31_common_platform_setup(void)
{
+ generic_delay_timer_init();
+
arm_bl31_platform_setup();
/* Configure the warm reboot SGI for primary core */
diff --git a/plat/arm/css/sgi/sgi_image_load.c b/plat/arm/css/sgi/sgi_image_load.c
index ac4bfd2..0a9bba9 100644
--- a/plat/arm/css/sgi/sgi_image_load.c
+++ b/plat/arm/css/sgi/sgi_image_load.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -30,13 +30,14 @@
{
int ret;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed, error: %d\n", ret);
panic();
}
- ret = sds_struct_read(SDS_ISOLATED_CPU_LIST_ID, 0, &list->num_entries,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ SDS_ISOLATED_CPU_LIST_ID, 0, &list->num_entries,
sizeof(list->num_entries), SDS_ACCESS_MODE_CACHED);
if (ret != SDS_OK) {
INFO("SDS CPU num elements read failed, error: %d\n", ret);
@@ -54,7 +55,8 @@
return;
}
- ret = sds_struct_read(SDS_ISOLATED_CPU_LIST_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ SDS_ISOLATED_CPU_LIST_ID,
sizeof(list->num_entries),
&list->mpid_list,
sizeof(list->mpid_list[0]) * list->num_entries,
@@ -152,4 +154,3 @@
return arm_get_next_bl_params();
}
-
diff --git a/plat/arm/css/sgi/sgi_plat.c b/plat/arm/css/sgi/sgi_plat.c
index 01b426e..fe64d34 100644
--- a/plat/arm/css/sgi/sgi_plat.c
+++ b/plat/arm/css/sgi/sgi_plat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,6 +11,8 @@
#include <common/bl_common.h>
#include <common/debug.h>
#include <drivers/arm/ccn.h>
+#include <drivers/arm/css/sds.h>
+#include <lib/utils_def.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <drivers/arm/sbsa.h>
@@ -174,3 +176,14 @@
{
sbsa_wdog_stop(SBSA_SECURE_WDOG_BASE);
}
+
+static sds_region_desc_t sgi_sds_regions[] = {
+ { .base = PLAT_ARM_SDS_MEM_BASE },
+};
+
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count)
+{
+ *region_count = ARRAY_SIZE(sgi_sds_regions);
+
+ return sgi_sds_regions;
+}
diff --git a/plat/arm/css/sgi/sgi_plat_v2.c b/plat/arm/css/sgi/sgi_plat_v2.c
index 624fed3..d241f70 100644
--- a/plat/arm/css/sgi/sgi_plat_v2.c
+++ b/plat/arm/css/sgi/sgi_plat_v2.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,9 +8,11 @@
#include <platform_def.h>
+#include <lib/utils_def.h>
+#include <drivers/arm/css/sds.h>
+#include <drivers/arm/sbsa.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
-#include <drivers/arm/sbsa.h>
#if SPM_MM
#include <services/spm_mm_partition.h>
@@ -176,3 +178,14 @@
{
sbsa_wdog_stop(SBSA_SECURE_WDOG_BASE);
}
+
+static sds_region_desc_t sgi_sds_regions[] = {
+ { .base = PLAT_ARM_SDS_MEM_BASE },
+};
+
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count)
+{
+ *region_count = ARRAY_SIZE(sgi_sds_regions);
+
+ return sgi_sds_regions;
+}
diff --git a/plat/imx/common/imx_sip_handler.c b/plat/imx/common/imx_sip_handler.c
index ec8631a..f830b64 100644
--- a/plat/imx/common/imx_sip_handler.c
+++ b/plat/imx/common/imx_sip_handler.c
@@ -17,6 +17,15 @@
#include <lib/mmio.h>
#include <sci/sci.h>
+#if defined(PLAT_imx8mn) || defined(PLAT_imx8mp)
+/*
+ * Defined in
+ * table 11. ROM event log buffer address location
+ * AN12853 "i.MX ROMs Log Events"
+ */
+#define ROM_LOG_BUFFER_ADDR 0x9E0
+#endif
+
#if defined(PLAT_imx8qm) || defined(PLAT_imx8qx)
#ifdef PLAT_imx8qm
@@ -177,6 +186,76 @@
}
#endif /* defined(PLAT_imx8mm) || defined(PLAT_imx8mq) */
+#if defined(PLAT_imx8mn) || defined(PLAT_imx8mp)
+static bool is_secondary_boot(void)
+{
+ uint32_t *rom_log_addr = (uint32_t *)ROM_LOG_BUFFER_ADDR;
+ bool is_secondary = false;
+ uint32_t *rom_log;
+ uint8_t event_id;
+
+ /* If the ROM event log pointer is not valid. */
+ if (*rom_log_addr < 0x900000 || *rom_log_addr >= 0xB00000 ||
+ *rom_log_addr & 0x3) {
+ return false;
+ }
+
+ /* Parse the ROM event ID version 2 log */
+ rom_log = (uint32_t *)(uintptr_t)(*rom_log_addr);
+ for (size_t i = 0; i < 128; i++) {
+ event_id = rom_log[i] >> 24;
+ switch (event_id) {
+ case 0x00: /* End of list */
+ return is_secondary;
+ /* Log entries with 1 parameter, skip 1 */
+ case 0x80: /* Perform the device initialization */
+ case 0x81: /* The boot device initialization completes */
+ case 0x82: /* Execute boot device driver pre-config */
+ case 0x8F: /* The boot device initialization fails */
+ case 0x90: /* Start to read data from boot device */
+ case 0x91: /* Reading data from boot device completes */
+ case 0x9F: /* Reading data from boot device fails */
+ i += 1;
+ continue;
+ /* Log entries with 2 parameters, skip 2 */
+ case 0xA0: /* Image authentication result */
+ case 0xC0: /* Jump to the boot image soon */
+ i += 2;
+ continue;
+ /* Booted the primary boot image */
+ case 0x50:
+ is_secondary = false;
+ continue;
+ /* Booted the secondary boot image */
+ case 0x51:
+ is_secondary = true;
+ continue;
+ }
+ }
+
+ return is_secondary;
+}
+
+int imx_src_handler(uint32_t smc_fid,
+ u_register_t x1,
+ u_register_t x2,
+ u_register_t x3,
+ void *handle)
+{
+ switch (x1) {
+ case IMX_SIP_SRC_SET_SECONDARY_BOOT:
+ /* we do support that on these SoCs */
+ break;
+ case IMX_SIP_SRC_IS_SECONDARY_BOOT:
+ return is_secondary_boot();
+ default:
+ return SMC_UNK;
+ };
+
+ return 0;
+}
+#endif /* defined(PLAT_imx8mn) || defined(PLAT_imx8mp) */
+
static uint64_t imx_get_commit_hash(u_register_t x2,
u_register_t x3,
u_register_t x4)
diff --git a/plat/imx/common/imx_sip_svc.c b/plat/imx/common/imx_sip_svc.c
index 6d6633c..69d4f05 100644
--- a/plat/imx/common/imx_sip_svc.c
+++ b/plat/imx/common/imx_sip_svc.c
@@ -60,7 +60,8 @@
case IMX_SIP_MISC_SET_TEMP:
SMC_RET1(handle, imx_misc_set_temp_handler(smc_fid, x1, x2, x3, x4));
#endif
-#if defined(PLAT_imx8mm) || defined(PLAT_imx8mq)
+#if defined(PLAT_imx8mm) || defined(PLAT_imx8mq) || defined(PLAT_imx8mn) || \
+ defined(PLAT_imx8mp)
case IMX_SIP_SRC:
SMC_RET1(handle, imx_src_handler(smc_fid, x1, x2, x3, handle));
break;
diff --git a/plat/imx/common/include/imx_sip_svc.h b/plat/imx/common/include/imx_sip_svc.h
index 0e91c71..35a9f47 100644
--- a/plat/imx/common/include/imx_sip_svc.h
+++ b/plat/imx/common/include/imx_sip_svc.h
@@ -68,7 +68,9 @@
u_register_t x2, u_register_t x3);
#endif
-#if defined(PLAT_imx8mm) || defined(PLAT_imx8mq)
+#if defined(PLAT_imx8mm) || defined(PLAT_imx8mq) || defined(PLAT_imx8mn) || \
+ defined(PLAT_imx8mp)
+
int imx_src_handler(uint32_t smc_fid, u_register_t x1,
u_register_t x2, u_register_t x3, void *handle);
#endif
diff --git a/plat/qemu/common/common.mk b/plat/qemu/common/common.mk
index 36d9f5b..16187ef 100644
--- a/plat/qemu/common/common.mk
+++ b/plat/qemu/common/common.mk
@@ -109,7 +109,9 @@
# 8.5
ENABLE_FEAT_RNG := 2
-ENABLE_FEAT_SB := 2
+# TF-A currently does not do dynamic detection of FEAT_SB.
+# Compiler puts SB instruction when it is enabled.
+ENABLE_FEAT_SB := 0
# 8.6
ENABLE_FEAT_FGT := 2
diff --git a/plat/qemu/qemu_sbsa/include/platform_def.h b/plat/qemu/qemu_sbsa/include/platform_def.h
index 14030e3..e8f0344 100644
--- a/plat/qemu/qemu_sbsa/include/platform_def.h
+++ b/plat/qemu/qemu_sbsa/include/platform_def.h
@@ -62,6 +62,11 @@
#define CACHE_WRITEBACK_GRANULE (1 << CACHE_WRITEBACK_SHIFT)
/*
+ * Define the max number of memory nodes.
+ */
+#define PLAT_MAX_MEM_NODES 128
+
+/*
* Partition memory into secure ROM, non-secure DRAM, secure "SRAM",
* and secure DRAM.
*/
diff --git a/plat/qemu/qemu_sbsa/sbsa_sip_svc.c b/plat/qemu/qemu_sbsa/sbsa_sip_svc.c
index ed49e91..535f0eb 100644
--- a/plat/qemu/qemu_sbsa/sbsa_sip_svc.c
+++ b/plat/qemu/qemu_sbsa/sbsa_sip_svc.c
@@ -30,6 +30,8 @@
#define SIP_SVC_GET_GIC_ITS SIP_FUNCTION_ID(101)
#define SIP_SVC_GET_CPU_COUNT SIP_FUNCTION_ID(200)
#define SIP_SVC_GET_CPU_NODE SIP_FUNCTION_ID(201)
+#define SIP_SVC_GET_MEMORY_NODE_COUNT SIP_FUNCTION_ID(300)
+#define SIP_SVC_GET_MEMORY_NODE SIP_FUNCTION_ID(301)
static uint64_t gic_its_addr;
@@ -38,9 +40,17 @@
uint32_t mpidr;
} cpu_data;
+typedef struct{
+ uint32_t nodeid;
+ uint64_t addr_base;
+ uint64_t addr_size;
+} memory_data;
+
static struct {
uint32_t num_cpus;
+ uint32_t num_memnodes;
cpu_data cpu[PLATFORM_CORE_COUNT];
+ memory_data memory[PLAT_MAX_MEM_NODES];
} dynamic_platform_info;
void sbsa_set_gic_bases(const uintptr_t gicd_base, const uintptr_t gicr_base);
@@ -127,6 +137,79 @@
INFO("Found %d cpus\n", dynamic_platform_info.num_cpus);
}
+void read_meminfo_from_dt(void *dtb)
+{
+ const fdt32_t *prop;
+ const char *type;
+ int prev, node;
+ int len;
+ uint32_t nodeid = 0;
+ uint32_t memnode = 0;
+ uint32_t higher_value, lower_value;
+ uint64_t cur_base, cur_size;
+
+ /*
+ * QEMU gives us this DeviceTree node:
+ *
+ * memory@100c0000000 {
+ * numa-node-id = <0x01>;
+ * reg = <0x100 0xc0000000 0x00 0x40000000>;
+ * device_type = "memory";
+ * };
+ *
+ * memory@10000000000 {
+ * numa-node-id = <0x00>;
+ * reg = <0x100 0x00 0x00 0xc0000000>;
+ * device_type = "memory";
+ * }
+ */
+
+ for (prev = 0;; prev = node) {
+ node = fdt_next_node(dtb, prev, NULL);
+ if (node < 0) {
+ break;
+ }
+
+ type = fdt_getprop(dtb, node, "device_type", &len);
+ if (type && strncmp(type, "memory", len) == 0) {
+ if (fdt_getprop(dtb, node, "numa-node-id", NULL)) {
+ fdt_read_uint32(dtb, node, "numa-node-id", &nodeid);
+ }
+
+ dynamic_platform_info.memory[memnode].nodeid = nodeid;
+
+ /*
+ * Get the 'reg' property of this node and
+ * assume two 8 bytes for base and size.
+ */
+ prop = fdt_getprop(dtb, node, "reg", &len);
+ if (prop != 0 && len == (2 * sizeof(int64_t))) {
+ higher_value = fdt32_to_cpu(*prop);
+ lower_value = fdt32_to_cpu(*(prop + 1));
+ cur_base = (uint64_t)(lower_value | ((uint64_t)higher_value) << 32);
+
+ higher_value = fdt32_to_cpu(*(prop + 2));
+ lower_value = fdt32_to_cpu(*(prop + 3));
+ cur_size = (uint64_t)(lower_value | ((uint64_t)higher_value) << 32);
+
+ dynamic_platform_info.memory[memnode].addr_base = cur_base;
+ dynamic_platform_info.memory[memnode].addr_size = cur_size;
+
+ INFO("RAM %d: node-id: %d, address: 0x%lx - 0x%lx\n",
+ memnode,
+ dynamic_platform_info.memory[memnode].nodeid,
+ dynamic_platform_info.memory[memnode].addr_base,
+ dynamic_platform_info.memory[memnode].addr_base +
+ dynamic_platform_info.memory[memnode].addr_size - 1);
+ }
+
+ memnode++;
+ }
+ }
+
+ dynamic_platform_info.num_memnodes = memnode;
+}
+
void read_platform_config_from_dt(void *dtb)
{
int node;
@@ -222,6 +305,7 @@
read_platform_config_from_dt(dtb);
read_cpuinfo_from_dt(dtb);
+ read_meminfo_from_dt(dtb);
}
/*
@@ -270,6 +354,20 @@
SMC_RET1(handle, SMC_ARCH_CALL_INVAL_PARAM);
}
+ case SIP_SVC_GET_MEMORY_NODE_COUNT:
+ SMC_RET2(handle, NULL, dynamic_platform_info.num_memnodes);
+
+ case SIP_SVC_GET_MEMORY_NODE:
+ index = x1;
+ if (index < PLAT_MAX_MEM_NODES) {
+ SMC_RET4(handle, NULL,
+ dynamic_platform_info.memory[index].nodeid,
+ dynamic_platform_info.memory[index].addr_base,
+ dynamic_platform_info.memory[index].addr_size);
+ } else {
+ SMC_RET1(handle, SMC_ARCH_CALL_INVAL_PARAM);
+ }
+
default:
ERROR("%s: unhandled SMC (0x%x) (function id: %d)\n", __func__, smc_fid,
smc_fid - SIP_FUNCTION);
diff --git a/plat/rockchip/rk3399/drivers/m0/Makefile b/plat/rockchip/rk3399/drivers/m0/Makefile
index 79e09f0..71548ba 100644
--- a/plat/rockchip/rk3399/drivers/m0/Makefile
+++ b/plat/rockchip/rk3399/drivers/m0/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -40,11 +40,10 @@
# Cross tool
CC := ${M0_CROSS_COMPILE}gcc
-CPP := ${M0_CROSS_COMPILE}cpp
-AR := ${M0_CROSS_COMPILE}ar
+CPP := ${M0_CROSS_COMPILE}gcc -E
+AR := ${M0_CROSS_COMPILE}gcc-ar
OC := ${M0_CROSS_COMPILE}objcopy
OD := ${M0_CROSS_COMPILE}objdump
-NM := ${M0_CROSS_COMPILE}nm
# NOTE: The line continuation '\' is required in the next define otherwise we
# end up with a line-feed characer at the end of the last c filename.
diff --git a/plat/st/common/include/stm32mp_common.h b/plat/st/common/include/stm32mp_common.h
index 66b9310..0ff6092 100644
--- a/plat/st/common/include/stm32mp_common.h
+++ b/plat/st/common/include/stm32mp_common.h
@@ -20,6 +20,12 @@
/* FWU configuration (max supported value is 15) */
#define FWU_MAX_TRIAL_REBOOT U(3)
+/* Define maximum page size for NAND devices */
+#define PLATFORM_MTD_MAX_PAGE_SIZE U(0x1000)
+
+/* Needed by STM32CubeProgrammer support */
+#define DWL_BUFFER_SIZE U(0x01000000)
+
/* Functions to save and get boot context address given by ROM code */
void stm32mp_save_boot_ctx_address(uintptr_t address);
uintptr_t stm32mp_get_boot_ctx_address(void);
diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c
index 321b8c5..fd86020 100644
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -367,7 +367,9 @@
print_reset_reason();
#if STM32MP15
- update_monotonic_counter();
+ if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) {
+ update_monotonic_counter();
+ }
#endif
stm32mp1_syscfg_enable_io_compensation_finish();
diff --git a/plat/st/stm32mp1/include/platform_def.h b/plat/st/stm32mp1/include/platform_def.h
index 75c8219..7e6d91f 100644
--- a/plat/st/stm32mp1/include/platform_def.h
+++ b/plat/st/stm32mp1/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -77,20 +77,6 @@
******************************************************************************/
#define BL33_BASE STM32MP_BL33_BASE
-/*
- * Load address of BL33 for this platform port
- */
-#define PLAT_STM32MP_NS_IMAGE_OFFSET BL33_BASE
-
-/* Needed by STM32CubeProgrammer support */
-#define DWL_BUFFER_SIZE U(0x01000000)
-
-/*
- * SSBL offset in case it's stored in eMMC boot partition.
- * We can fix it to 256K because TF-A size can't be bigger than SRAM
- */
-#define PLAT_EMMC_BOOT_SSBL_OFFSET U(0x40000)
-
/*******************************************************************************
* DTB specific defines.
******************************************************************************/
diff --git a/plat/st/stm32mp1/stm32mp1_def.h b/plat/st/stm32mp1/stm32mp1_def.h
index 8fc8c89..0d401f9 100644
--- a/plat/st/stm32mp1/stm32mp1_def.h
+++ b/plat/st/stm32mp1/stm32mp1_def.h
@@ -186,9 +186,6 @@
#endif
#define STM32MP_BL33_MAX_SIZE U(0x400000)
-/* Define maximum page size for NAND devices */
-#define PLATFORM_MTD_MAX_PAGE_SIZE U(0x1000)
-
/* Define location for the MTD scratch buffer */
#if STM32MP13
#define STM32MP_MTD_BUFFER (SRAM1_BASE + \
diff --git a/plat/st/stm32mp2/bl2_plat_setup.c b/plat/st/stm32mp2/bl2_plat_setup.c
index 5f05f63..a7cce62 100644
--- a/plat/st/stm32mp2/bl2_plat_setup.c
+++ b/plat/st/stm32mp2/bl2_plat_setup.c
@@ -7,8 +7,10 @@
#include <cdefs.h>
#include <stdint.h>
+#include <common/debug.h>
#include <plat/common/platform.h>
+#include <platform_def.h>
#include <stm32mp_common.h>
void bl2_el3_early_platform_setup(u_register_t arg0 __unused,
@@ -25,4 +27,8 @@
void bl2_el3_plat_arch_setup(void)
{
+ if (stm32_otp_probe() != 0U) {
+ ERROR("OTP probe failed\n");
+ panic();
+ }
}
diff --git a/plat/st/stm32mp2/platform.mk b/plat/st/stm32mp2/platform.mk
index 6ea4638..bf2952d 100644
--- a/plat/st/stm32mp2/platform.mk
+++ b/plat/st/stm32mp2/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023, STMicroelectronics - All Rights Reserved
+# Copyright (c) 2023-2024, STMicroelectronics - All Rights Reserved
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -26,6 +26,9 @@
# such as metadata (2) and fsbl-m (2) to find all the FIP partitions (default is 2).
PLAT_PARTITION_MAX_ENTRIES := $(shell echo $$(($(STM32_TF_A_COPIES) + 6)))
+# Set load address for serial boot devices
+DWL_BUFFER_BASE ?= 0x87000000
+
# Device tree
BL2_DTSI := stm32mp25-bl2.dtsi
FDT_SOURCES := $(addprefix ${BUILD_PLAT}/fdts/, $(patsubst %.dtb,%-bl2.dts,$(DTB_FILE_NAME)))
@@ -35,6 +38,11 @@
STM32_LD_FILE := plat/st/stm32mp2/${ARCH}/stm32mp2.ld.S
STM32_BINARY_MAPPING := plat/st/stm32mp2/${ARCH}/stm32mp2.S
+$(eval $(call add_defines,\
+ $(sort \
+ DWL_BUFFER_BASE \
+)))
+
# STM32MP2x is based on Cortex-A35, which is Armv8.0, and does not support BTI
# Disable mbranch-protection to avoid adding useless code
TF_CFLAGS += -mbranch-protection=none
@@ -46,7 +54,13 @@
PLAT_BL_COMMON_SOURCES += drivers/st/uart/${ARCH}/stm32_console.S
PLAT_BL_COMMON_SOURCES += plat/st/stm32mp2/${ARCH}/stm32mp2_helper.S
+PLAT_BL_COMMON_SOURCES += drivers/st/bsec/bsec3.c
+
BL2_SOURCES += plat/st/stm32mp2/plat_bl2_mem_params_desc.c
BL2_SOURCES += plat/st/stm32mp2/bl2_plat_setup.c
+ifeq (${STM32MP_USB_PROGRAMMER},1)
+BL2_SOURCES += plat/st/stm32mp2/stm32mp2_usb_dfu.c
+endif
+
include plat/st/common/common_rules.mk
diff --git a/plat/st/stm32mp2/stm32mp2_def.h b/plat/st/stm32mp2/stm32mp2_def.h
index ee105de..56c62e1 100644
--- a/plat/st/stm32mp2/stm32mp2_def.h
+++ b/plat/st/stm32mp2/stm32mp2_def.h
@@ -158,6 +158,96 @@
#define STM32MP_SDMMC3_BASE U(0x48240000)
/*******************************************************************************
+ * STM32MP2 BSEC / OTP
+ ******************************************************************************/
+/*
+ * 367 available OTPs, the other are masked
+ * - ECIES key: 368 to 375 (only readable by bootrom)
+ * - HWKEY: 376 to 383 (never reloadable or readable)
+ */
+#define STM32MP2_OTP_MAX_ID U(0x16F)
+#define STM32MP2_MID_OTP_START U(0x80)
+#define STM32MP2_UPPER_OTP_START U(0x100)
+
+/* OTP labels */
+#define PART_NUMBER_OTP "part-number-otp"
+#define PACKAGE_OTP "package-otp"
+#define HCONF1_OTP "otp124"
+#define NAND_OTP "otp16"
+#define NAND2_OTP "otp20"
+#define BOARD_ID_OTP "board-id"
+#define UID_OTP "uid-otp"
+#define LIFECYCLE2_OTP "otp18"
+#define PKH_OTP "otp144"
+#define ENCKEY_OTP "otp260"
+
+/* OTP mask */
+/* PACKAGE */
+#define PACKAGE_OTP_PKG_MASK GENMASK_32(2, 0)
+#define PACKAGE_OTP_PKG_SHIFT U(0)
+
+/* IWDG OTP */
+#define HCONF1_OTP_IWDG_HW_POS U(0)
+#define HCONF1_OTP_IWDG_FZ_STOP_POS U(1)
+#define HCONF1_OTP_IWDG_FZ_STANDBY_POS U(2)
+
+/* NAND OTP */
+/* NAND parameter storage flag */
+#define NAND_PARAM_STORED_IN_OTP BIT_32(31)
+
+/* NAND page size in bytes */
+#define NAND_PAGE_SIZE_MASK GENMASK_32(30, 29)
+#define NAND_PAGE_SIZE_SHIFT U(29)
+#define NAND_PAGE_SIZE_2K U(0)
+#define NAND_PAGE_SIZE_4K U(1)
+#define NAND_PAGE_SIZE_8K U(2)
+
+/* NAND block size in pages */
+#define NAND_BLOCK_SIZE_MASK GENMASK_32(28, 27)
+#define NAND_BLOCK_SIZE_SHIFT U(27)
+#define NAND_BLOCK_SIZE_64_PAGES U(0)
+#define NAND_BLOCK_SIZE_128_PAGES U(1)
+#define NAND_BLOCK_SIZE_256_PAGES U(2)
+
+/* NAND number of block (in unit of 256 blocks) */
+#define NAND_BLOCK_NB_MASK GENMASK_32(26, 19)
+#define NAND_BLOCK_NB_SHIFT U(19)
+#define NAND_BLOCK_NB_UNIT U(256)
+
+/* NAND bus width in bits */
+#define NAND_WIDTH_MASK BIT_32(18)
+#define NAND_WIDTH_SHIFT U(18)
+
+/* NAND number of ECC bits per 512 bytes */
+#define NAND_ECC_BIT_NB_MASK GENMASK_32(17, 15)
+#define NAND_ECC_BIT_NB_SHIFT U(15)
+#define NAND_ECC_BIT_NB_UNSET U(0)
+#define NAND_ECC_BIT_NB_1_BITS U(1)
+#define NAND_ECC_BIT_NB_4_BITS U(2)
+#define NAND_ECC_BIT_NB_8_BITS U(3)
+#define NAND_ECC_ON_DIE U(4)
+
+/* NAND number of planes */
+#define NAND_PLANE_BIT_NB_MASK BIT_32(14)
+
+/* NAND2 OTP */
+#define NAND2_PAGE_SIZE_SHIFT U(16)
+
+/* NAND2 config distribution */
+#define NAND2_CONFIG_DISTRIB BIT_32(0)
+#define NAND2_PNAND_NAND2_SNAND_NAND1 U(0)
+#define NAND2_PNAND_NAND1_SNAND_NAND2 U(1)
+
+/* MONOTONIC OTP */
+#define MAX_MONOTONIC_VALUE U(32)
+
+/* UID OTP */
+#define UID_WORD_NB U(3)
+
+/* Lifecycle OTP */
+#define SECURE_BOOT_CLOSED_SECURE GENMASK_32(3, 0)
+
+/*******************************************************************************
* STM32MP2 TAMP
******************************************************************************/
#define PLAT_MAX_TAMP_INT U(5)
diff --git a/plat/st/stm32mp2/stm32mp2_usb_dfu.c b/plat/st/stm32mp2/stm32mp2_usb_dfu.c
new file mode 100644
index 0000000..e967964
--- /dev/null
+++ b/plat/st/stm32mp2/stm32mp2_usb_dfu.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2024, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+
+#include <drivers/usb_device.h>
+
+#include <usb_dfu.h>
+
+struct usb_handle *usb_dfu_plat_init(void)
+{
+ return NULL;
+}
+
+uint8_t usb_dfu_get_phase(uint8_t alt)
+{
+ return 0;
+}
diff --git a/plat/ti/k3/common/drivers/sec_proxy/sec_proxy.c b/plat/ti/k3/common/drivers/sec_proxy/sec_proxy.c
index 1bed229..fb27336 100644
--- a/plat/ti/k3/common/drivers/sec_proxy/sec_proxy.c
+++ b/plat/ti/k3/common/drivers/sec_proxy/sec_proxy.c
@@ -320,7 +320,7 @@
i = msg->len - trail_bytes;
while (trail_bytes--) {
- msg->buf[i] = data_trail & 0xff;
+ msg->buf[i++] = data_trail & 0xff;
data_trail >>= 8;
}
}
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
index d04d805..8b77050 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
@@ -2,7 +2,7 @@
* Texas Instruments System Control Interface Driver
* Based on Linux and U-Boot implementation
*
- * Copyright (C) 2018-2022 Texas Instruments Incorporated - https://www.ti.com/
+ * Copyright (C) 2018-2024 Texas Instruments Incorporated - https://www.ti.com/
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -185,17 +185,20 @@
*
* Updates the SCI information in the internal data structure.
*
+ * @version: Structure containing the version info
+ *
* Return: 0 if all goes well, else appropriate error message
*/
-int ti_sci_get_revision(struct ti_sci_msg_resp_version *rev_info)
+int ti_sci_get_revision(struct ti_sci_msg_version *version)
{
+ struct ti_sci_msg_resp_version rev_info;
struct ti_sci_msg_hdr hdr;
struct ti_sci_xfer xfer;
int ret;
ret = ti_sci_setup_one_xfer(TI_SCI_MSG_VERSION, 0x0,
&hdr, sizeof(hdr),
- rev_info, sizeof(*rev_info),
+ &rev_info, sizeof(rev_info),
&xfer);
if (ret) {
ERROR("Message alloc failed (%d)\n", ret);
@@ -208,6 +211,14 @@
return ret;
}
+ memcpy(version->firmware_description, rev_info.firmware_description,
+ sizeof(rev_info.firmware_description));
+ version->abi_major = rev_info.abi_major;
+ version->abi_minor = rev_info.abi_minor;
+ version->firmware_revision = rev_info.firmware_revision;
+ version->sub_version = rev_info.sub_version;
+ version->patch_version = rev_info.patch_version;
+
return 0;
}
@@ -1729,27 +1740,3 @@
return 0;
}
-
-/**
- * ti_sci_init() - Basic initialization
- *
- * Return: 0 if all goes well, else appropriate error message
- */
-int ti_sci_init(void)
-{
- struct ti_sci_msg_resp_version rev_info;
- int ret;
-
- ret = ti_sci_get_revision(&rev_info);
- if (ret) {
- ERROR("Unable to communicate with control firmware (%d)\n", ret);
- return ret;
- }
-
- INFO("SYSFW ABI: %d.%d (firmware rev 0x%04x '%s')\n",
- rev_info.abi_major, rev_info.abi_minor,
- rev_info.firmware_revision,
- rev_info.firmware_description);
-
- return 0;
-}
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci.h b/plat/ti/k3/common/drivers/ti_sci/ti_sci.h
index c702a71..acaca4d 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci.h
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci.h
@@ -2,7 +2,7 @@
* Texas Instruments System Control Interface API
* Based on Linux and U-Boot implementation
*
- * Copyright (C) 2018-2022 Texas Instruments Incorporated - https://www.ti.com/
+ * Copyright (C) 2018-2024 Texas Instruments Incorporated - https://www.ti.com/
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,6 +14,41 @@
#include <stdbool.h>
/**
+ * User exported structures.
+ *
+ * The structures in ti_sci_protocol.h are used by the internal drivers.
+ * These are the structures that are exported for outside use and populated
+ * by the internal drivers.
+ *
+ * struct ti_sci_msg_version - Structure containing version info
+ *
+ * @firmware_description: String describing the firmware
+ * @firmware_revision: Firmware revision
+ * @abi_major: Major version of the ABI that firmware supports
+ * @abi_minor: Minor version of the ABI that firmware supports
+ * @sub_version: Sub-version number of the firmware
+ * @patch_version: Patch-version number of the firmware.
+ */
+struct ti_sci_msg_version {
+#define FIRMWARE_DESCRIPTION_LENGTH 32
+ char firmware_description[FIRMWARE_DESCRIPTION_LENGTH];
+ uint16_t firmware_revision;
+ uint8_t abi_major;
+ uint8_t abi_minor;
+ uint8_t sub_version;
+ uint8_t patch_version;
+};
+
+/**
+ * General Message
+ *
+ * ti_sci_get_revision - Get the revision of the SCI entity
+ * @version: Structure containing the version info
+ *
+ **/
+int ti_sci_get_revision(struct ti_sci_msg_version *version);
+
+/**
* Device control operations
*
* - ti_sci_device_get - command to request for device managed by TISCI
@@ -225,11 +260,4 @@
uint8_t mode,
uint64_t core_resume_addr);
-/**
- * ti_sci_init() - Basic initialization
- *
- * Return: 0 if all goes good, else appropriate error message.
- */
-int ti_sci_init(void);
-
#endif /* TI_SCI_H */
diff --git a/plat/ti/k3/common/k3_bl31_setup.c b/plat/ti/k3/common/k3_bl31_setup.c
index c5f60fe..63fe020 100644
--- a/plat/ti/k3/common/k3_bl31_setup.c
+++ b/plat/ti/k3/common/k3_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -119,10 +119,44 @@
void bl31_platform_setup(void)
{
+ struct ti_sci_msg_version version;
+ int ret;
+
k3_gic_driver_init(K3_GIC_BASE);
k3_gic_init();
+ ret = ti_sci_get_revision(&version);
+ if (ret) {
+ ERROR("Unable to communicate with the control firmware (%d)\n", ret);
+ return;
+ }
+
- ti_sci_init();
+ INFO("SYSFW ABI: %d.%d (firmware rev 0x%04x '%s')\n",
+ version.abi_major, version.abi_minor,
+ version.firmware_revision,
+ version.firmware_description);
+
+ /*
+ * Older firmware have a timing issue with DM that crashes few TF-A
+ * lite devices while trying to make calls to DM. Since there is no way
+ * to detect what current DM version we are running - we rely on the
+ * corresponding TIFS versioning to handle this check and ensure that
+ * the platform boots up
+ *
+ * Upgrading to TIFS version 9.1.7 along with the corresponding DM from
+ * ti-linux-firmware will enable this functionality.
+ */
+ if (version.firmware_revision > 9 ||
+ (version.firmware_revision == 9 && version.sub_version > 1) ||
+ (version.firmware_revision == 9 && version.sub_version == 1 &&
+ version.patch_version >= 7)
+ ) {
+ if (ti_sci_device_get(PLAT_BOARD_DEVICE_ID)) {
+ WARN("Unable to take system power reference\n");
+ }
+ } else {
+ NOTICE("Upgrade Firmwares for Power off functionality\n");
+ }
}
void platform_mem_init(void)
diff --git a/readme.rst b/readme.rst
index 148d477..171b32b 100644
--- a/readme.rst
+++ b/readme.rst
@@ -39,7 +39,7 @@
.. _Secure Monitor: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php
.. _Power State Coordination Interface (PSCI): PSCI_
.. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf
-.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest
.. _SMC Calling Convention: http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf
.. _System Control and Management Interface (SCMI): SCMI_
.. _SCMI: http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
diff --git a/services/oem/chromeos/widevine_smc_handlers.c b/services/oem/chromeos/widevine_smc_handlers.c
new file mode 100644
index 0000000..83c6ccc
--- /dev/null
+++ b/services/oem/chromeos/widevine_smc_handlers.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2024, The ChromiumOS Authors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <common/debug.h>
+#include <common/runtime_svc.h>
+#include <lib/psci/psci.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
+#include <services/oem/chromeos/widevine_smc_handlers.h>
+#include <tools_share/uuid.h>
+
+#define CROS_OEM_TPM_AUTH_PK_MAX_LEN 128
+#define CROS_OEM_HUK_LEN 32
+#define CROS_OEM_ROT_LEN 32
+
+static uint8_t cros_oem_tpm_auth_pk_buffer[CROS_OEM_TPM_AUTH_PK_MAX_LEN];
+static uint8_t cros_oem_huk_buffer[CROS_OEM_HUK_LEN];
+static uint8_t cros_oem_rot_len_buffer[CROS_OEM_ROT_LEN];
+
+struct cros_oem_data cros_oem_tpm_auth_pk = {
+ .buffer = cros_oem_tpm_auth_pk_buffer,
+ .max_length = sizeof(cros_oem_tpm_auth_pk_buffer),
+};
+
+struct cros_oem_data cros_oem_huk = {
+ .buffer = cros_oem_huk_buffer,
+ .max_length = sizeof(cros_oem_huk_buffer),
+};
+
+struct cros_oem_data cros_oem_rot = {
+ .buffer = cros_oem_rot_len_buffer,
+ .max_length = sizeof(cros_oem_rot_len_buffer),
+};
+
+static uintptr_t cros_write_data(struct cros_oem_data *data,
+ u_register_t length, u_register_t address,
+ void *handle)
+{
+ uintptr_t aligned_address;
+ uintptr_t aligned_size;
+ int32_t rc;
+
+ if (data->length) {
+ SMC_RET1(handle, PSCI_E_ALREADY_ON);
+ }
+
+ if (length > data->max_length) {
+ SMC_RET1(handle, PSCI_E_INVALID_PARAMS);
+ }
+
+ aligned_address = page_align(address, DOWN);
+ aligned_size = page_align(length + (address - aligned_address), UP);
+
+ /*
+ * We do not validate the passed in address because we are trusting the
+ * non-secure world at this point still.
+ */
+ rc = mmap_add_dynamic_region(aligned_address, aligned_address,
+ aligned_size, MT_MEMORY | MT_RO | MT_NS);
+ if (rc != 0) {
+ SMC_RET1(handle, PSCI_E_INVALID_ADDRESS);
+ }
+
+ memcpy(data->buffer, (void *)address, length);
+ data->length = length;
+
+ mmap_remove_dynamic_region(aligned_address, aligned_size);
+ SMC_RET1(handle, SMC_OK);
+}
+
+/* Handler for servicing specific SMC calls. */
+static uintptr_t cros_oem_svc_smc_handler(uint32_t smc_fid, u_register_t x1,
+ u_register_t x2, u_register_t x3,
+ u_register_t x4, void *cookie,
+ void *handle, u_register_t flags)
+{
+ switch (smc_fid) {
+ case CROS_OEM_SMC_DRM_SET_TPM_AUTH_PUB_FUNC_ID:
+ return cros_write_data(&cros_oem_tpm_auth_pk, x1, x2, handle);
+ case CROS_OEM_SMC_DRM_SET_HARDWARE_UNIQUE_KEY_FUNC_ID:
+ return cros_write_data(&cros_oem_huk, x1, x2, handle);
+ case CROS_OEM_SMC_DRM_SET_ROOT_OF_TRUST_FUNC_ID:
+ return cros_write_data(&cros_oem_rot, x1, x2, handle);
+ default:
+ WARN("Unimplemented OEM Call: 0x%x\n", smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+ }
+}
+
+/* Register OEM Service Calls as runtime service */
+DECLARE_RT_SVC(cros_oem_svc_smc_handler, OEN_OEM_START, OEN_OEM_END,
+ SMC_TYPE_FAST, NULL, cros_oem_svc_smc_handler);
diff --git a/services/spd/opteed/opteed.mk b/services/spd/opteed/opteed.mk
index f394744..289b3e7 100644
--- a/services/spd/opteed/opteed.mk
+++ b/services/spd/opteed/opteed.mk
@@ -33,3 +33,11 @@
$(eval $(call add_define,OPTEE_ALLOW_SMC_LOAD))
include lib/libfdt/libfdt.mk
endif
+
+CROS_WIDEVINE_SMC := 0
+ifeq ($(CROS_WIDEVINE_SMC),1)
+ifeq ($(OPTEE_ALLOW_SMC_LOAD),0)
+$(error When CROS_WIDEVINE_SMC=1, OPTEE_ALLOW_SMC_LOAD must also be 1)
+endif
+$(eval $(call add_define,CROS_WIDEVINE_SMC))
+endif
diff --git a/services/spd/opteed/opteed_main.c b/services/spd/opteed/opteed_main.c
index ab9896e..83b001a 100644
--- a/services/spd/opteed/opteed_main.c
+++ b/services/spd/opteed/opteed_main.c
@@ -33,6 +33,7 @@
#include <libfdt.h>
#endif /* OPTEE_ALLOW_SMC_LOAD */
#include <plat/common/platform.h>
+#include <services/oem/chromeos/widevine_smc_handlers.h>
#include <tools_share/uuid.h>
#include "opteed_private.h"
@@ -61,7 +62,7 @@
0xb1eafba3, 0x5d31, 0x4612, 0xb9, 0x06,
0xc4, 0xc7, 0xa4, 0xbe, 0x3c, 0xc0);
-#define OPTEED_FDT_SIZE 256
+#define OPTEED_FDT_SIZE 1024
static uint8_t fdt_buf[OPTEED_FDT_SIZE] __aligned(CACHE_WRITEBACK_GRANULE);
#else
@@ -299,6 +300,62 @@
}
#endif /* COREBOOT */
+#if CROS_WIDEVINE_SMC
+/*
+ * Adds a options/widevine node with the widevine table information to a device
+ * tree. Returns zero on success or if there is no widevine table information;
+ * failure code otherwise.
+ */
+static int add_options_widevine_node(void *fdt)
+{
+ int ret;
+
+ ret = fdt_begin_node(fdt, "options");
+ if (ret)
+ return ret;
+
+ ret = fdt_begin_node(fdt, "op-tee");
+ if (ret)
+ return ret;
+
+ ret = fdt_begin_node(fdt, "widevine");
+ if (ret)
+ return ret;
+
+ if (cros_oem_tpm_auth_pk.length) {
+ ret = fdt_property(fdt, "tcg,tpm-auth-public-key",
+ cros_oem_tpm_auth_pk.buffer,
+ cros_oem_tpm_auth_pk.length);
+ if (ret)
+ return ret;
+ }
+
+ if (cros_oem_huk.length) {
+ ret = fdt_property(fdt, "op-tee,hardware-unique-key",
+ cros_oem_huk.buffer, cros_oem_huk.length);
+ if (ret)
+ return ret;
+ }
+
+ if (cros_oem_rot.length) {
+ ret = fdt_property(fdt, "google,widevine-root-of-trust-ecc-p256",
+ cros_oem_rot.buffer, cros_oem_rot.length);
+ if (ret)
+ return ret;
+ }
+
+ ret = fdt_end_node(fdt);
+ if (ret)
+ return ret;
+
+ ret = fdt_end_node(fdt);
+ if (ret)
+ return ret;
+
+ return fdt_end_node(fdt);
+}
+#endif /* CROS_WIDEVINE_SMC */
+
/*
* Creates a device tree for passing into OP-TEE. Currently is populated with
* the coreboot table address.
@@ -326,6 +383,12 @@
return ret;
#endif /* COREBOOT */
+#if CROS_WIDEVINE_SMC
+ ret = add_options_widevine_node(fdt_buf);
+ if (ret)
+ return ret;
+#endif /* CROS_WIDEVINE_SMC */
+
ret = fdt_end_node(fdt_buf);
if (ret)
return ret;
diff --git a/services/std_svc/errata_abi/errata_abi_main.c b/services/std_svc/errata_abi/errata_abi_main.c
index 537cb5c..811adcb 100644
--- a/services/std_svc/errata_abi/errata_abi_main.c
+++ b/services/std_svc/errata_abi/errata_abi_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -237,12 +237,13 @@
[3] = {2242638, 0x01, 0x02, ERRATA_A78C_2242638},
[4] = {2376749, 0x01, 0x02, ERRATA_A78C_2376749},
[5] = {2395411, 0x01, 0x02, ERRATA_A78C_2395411},
- [6] = {2712575, 0x01, 0x02, ERRATA_A78C_2712575, \
+ [6] = {2683027, 0x01, 0x02, ERRATA_A78C_2683027},
+ [7] = {2712575, 0x01, 0x02, ERRATA_A78C_2712575, \
ERRATA_NON_ARM_INTERCONNECT},
- [7] = {2743232, 0x01, 0x02, ERRATA_A78C_2743232},
- [8] = {2772121, 0x00, 0x02, ERRATA_A78C_2772121},
- [9] = {2779484, 0x01, 0x02, ERRATA_A78C_2779484},
- [10 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [8] = {2743232, 0x01, 0x02, ERRATA_A78C_2743232},
+ [9] = {2772121, 0x00, 0x02, ERRATA_A78C_2772121},
+ [10] = {2779484, 0x01, 0x02, ERRATA_A78C_2779484},
+ [11 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A78C_H_INC */
@@ -434,9 +435,10 @@
{
.cpu_partnumber = CORTEX_A715_MIDR,
.cpu_errata_list = {
- [0] = {2701951, 0x00, 0x11, ERRATA_A715_2701951, \
+ [0] = {2561034, 0x10, 0x10, ERRATA_A715_2561034},
+ [1] = {2701951, 0x00, 0x11, ERRATA_A715_2701951, \
ERRATA_NON_ARM_INTERCONNECT},
- [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [2 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A715_H_INC */
@@ -446,12 +448,15 @@
.cpu_partnumber = CORTEX_X3_MIDR,
.cpu_errata_list = {
[0] = {2070301, 0x00, 0x12, ERRATA_X3_2070301},
- [1] = {2313909, 0x00, 0x10, ERRATA_X3_2313909},
- [2] = {2615812, 0x00, 0x11, ERRATA_X3_2615812},
- [3] = {2742421, 0x00, 0x11, ERRATA_X3_2742421},
- [4] = {2743088, 0x00, 0x11, ERRATA_X3_2743088},
- [5] = {2779509, 0x00, 0x11, ERRATA_X3_2779509},
- [6 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [1] = {2266875, 0x00, 0x10, ERRATA_X3_2266875},
+ [2] = {2302506, 0x00, 0x11, ERRATA_X3_2302506},
+ [3] = {2313909, 0x00, 0x10, ERRATA_X3_2313909},
+ [4] = {2615812, 0x00, 0x11, ERRATA_X3_2615812},
+ [5] = {2641945, 0x00, 0x10, ERRATA_X3_2641945},
+ [6] = {2742421, 0x00, 0x11, ERRATA_X3_2742421},
+ [7] = {2743088, 0x00, 0x11, ERRATA_X3_2743088},
+ [8] = {2779509, 0x00, 0x11, ERRATA_X3_2779509},
+ [9 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_X3_H_INC */
diff --git a/services/std_svc/sdei/sdei_intr_mgmt.c b/services/std_svc/sdei/sdei_intr_mgmt.c
index 3bdf4a2..72bc33f 100644
--- a/services/std_svc/sdei/sdei_intr_mgmt.c
+++ b/services/std_svc/sdei/sdei_intr_mgmt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -295,7 +295,7 @@
}
/* If MTE is implemented in the client el set the TCO bit */
- if (get_armv8_5_mte_support() >= MTE_IMPLEMENTED_ELX) {
+ if (is_feat_mte_supported()) {
sdei_spsr |= SPSR_TCO_BIT_AARCH64;
}
diff --git a/services/std_svc/spm/el3_spmc/spmc_main.c b/services/std_svc/spm/el3_spmc/spmc_main.c
index 9cfcd87..c6ec30c 100644
--- a/services/std_svc/spm/el3_spmc/spmc_main.c
+++ b/services/std_svc/spm/el3_spmc/spmc_main.c
@@ -234,7 +234,7 @@
/* If we originated in the normal world then switch contexts. */
else if (!secure_origin && ffa_is_secure_world_id(dst_id)) {
return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2,
- x3, x4, handle);
+ x3, x4, handle, flags);
} else {
/* Unknown State. */
panic();
@@ -1489,7 +1489,8 @@
void *handle,
uint64_t flags)
{
- char *chars;
+ /* Maximum number of characters is 48: 6 registers of 8 bytes each. */
+ char chars[48] = {0};
size_t chars_max;
size_t chars_count = x1;
@@ -1500,27 +1501,23 @@
assert(smc_fid == FFA_CONSOLE_LOG_SMC32 || smc_fid == FFA_CONSOLE_LOG_SMC64);
if (smc_fid == FFA_CONSOLE_LOG_SMC32) {
- uint32_t registers[] = {
- (uint32_t)x2,
- (uint32_t)x3,
- (uint32_t)x4,
- (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X5),
- (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X6),
- (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X7),
- };
- chars_max = ARRAY_SIZE(registers) * sizeof(uint32_t);
- chars = (char *)registers;
+ uint32_t *registers = (uint32_t *)chars;
+ registers[0] = (uint32_t)x2;
+ registers[1] = (uint32_t)x3;
+ registers[2] = (uint32_t)x4;
+ registers[3] = (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X5);
+ registers[4] = (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X6);
+ registers[5] = (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X7);
+ chars_max = 6 * sizeof(uint32_t);
} else {
- uint64_t registers[] = {
- x2,
- x3,
- x4,
- SMC_GET_GP(handle, CTX_GPREG_X5),
- SMC_GET_GP(handle, CTX_GPREG_X6),
- SMC_GET_GP(handle, CTX_GPREG_X7),
- };
- chars_max = ARRAY_SIZE(registers) * sizeof(uint64_t);
- chars = (char *)registers;
+ uint64_t *registers = (uint64_t *)chars;
+ registers[0] = x2;
+ registers[1] = x3;
+ registers[2] = x4;
+ registers[3] = SMC_GET_GP(handle, CTX_GPREG_X5);
+ registers[4] = SMC_GET_GP(handle, CTX_GPREG_X6);
+ registers[5] = SMC_GET_GP(handle, CTX_GPREG_X7);
+ chars_max = 6 * sizeof(uint64_t);
}
if ((chars_count == 0) || (chars_count > chars_max)) {
@@ -2490,9 +2487,11 @@
/*
* Forward the interrupt to the S-EL1 SP. The interrupt ID is not
* populated as the SP can determine this by itself.
+ * The flags field is forced to 0 mainly to pass the SVE hint bit
+ * cleared for consumption by the lower EL.
*/
return spmd_smc_switch_state(FFA_INTERRUPT, false,
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
- handle);
+ handle, 0ULL);
}
diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
index 5d19868..7572adf 100644
--- a/services/std_svc/spmd/spmd_main.c
+++ b/services/std_svc/spmd/spmd_main.c
@@ -667,11 +667,22 @@
uint64_t x2,
uint64_t x3,
uint64_t x4,
- void *handle)
+ void *handle,
+ uint64_t flags)
{
unsigned int secure_state_in = (secure_origin) ? SECURE : NON_SECURE;
unsigned int secure_state_out = (!secure_origin) ? SECURE : NON_SECURE;
+#if SPMD_SPM_AT_SEL2
+ if ((secure_state_out == SECURE) && (is_sve_hint_set(flags) == true)) {
+ /*
+ * Set the SVE hint bit in x0 and pass to the lower secure EL,
+ * if it was set by the caller.
+ */
+ smc_fid |= (FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT);
+ }
+#endif
+
/* Save incoming security state */
#if SPMD_SPM_AT_SEL2
if (secure_state_in == NON_SECURE) {
@@ -746,8 +757,9 @@
return spmc_smc_handler(smc_fid, secure_origin, x1, x2, x3, x4,
cookie, handle, flags);
}
+
return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2, x3, x4,
- handle);
+ handle, flags);
}
@@ -844,7 +856,7 @@
unsigned int linear_id = plat_my_core_pos();
spmd_spm_core_context_t *ctx = spmd_get_context();
bool secure_origin;
- int32_t ret;
+ int ret;
uint32_t input_version;
/* Determine which security state this SMC originated from */
diff --git a/tools/renesas/rcar_layout_create/makefile b/tools/renesas/rcar_layout_create/makefile
index d585754..01b3d62 100644
--- a/tools/renesas/rcar_layout_create/makefile
+++ b/tools/renesas/rcar_layout_create/makefile
@@ -113,8 +113,8 @@
# Compile
###################################################
-%.o:../%.c
- $(CC) -c -I $< -o $@
+%.o: %.c
+ $(CC) $(CPPFLAGS) $(CFLAGS) -c -o $@ $<
.PHONY: clean
clean:
diff --git a/tools/renesas/rzg_layout_create/makefile b/tools/renesas/rzg_layout_create/makefile
index 2d438b9..92a0557 100644
--- a/tools/renesas/rzg_layout_create/makefile
+++ b/tools/renesas/rzg_layout_create/makefile
@@ -110,8 +110,8 @@
# Compile
###################################################
-%.o:../%.c
- $(CC) -c -I $< -o $@
+%.o: %.c
+ $(CC) $(CPPFLAGS) $(CFLAGS) -c -o $@ $<
.PHONY: clean
clean:
