Merge "build(fpga): remove a710 from fpga build" into integration
diff --git a/docs/design_documents/index.rst b/docs/design_documents/index.rst
index d20fc58..ecc68b2 100644
--- a/docs/design_documents/index.rst
+++ b/docs/design_documents/index.rst
@@ -11,6 +11,7 @@
drtm_poc
rss
psci_osi_mode
+ measured_boot
--------------
diff --git a/docs/design_documents/measured_boot.rst b/docs/design_documents/measured_boot.rst
new file mode 100644
index 0000000..8130d7d
--- /dev/null
+++ b/docs/design_documents/measured_boot.rst
@@ -0,0 +1,212 @@
+Measured Boot Design
+====================
+
+This document briefly explains the Measured-Boot design implementation
+in |TF-A|.
+
+Introduction
+------------
+
+Measured Boot is the process of computing and securely recording hashes of code
+and critical data at each stage in the boot chain before the code/data is used.
+
+These measurements can be leveraged by other components in the system to
+implement a complete attestation system. For example, they could be used to
+enforce local attestation policies (such as releasing certain platform keys or
+not), or they could be securely sent to a remote challenger a.k.a. `verifier`
+after boot to attest to the state of the code and critical-data.
+
+Measured Boot does not authenticate the code or critical-data, but simply
+records what code/critical-data was present on the system during boot.
+
+It is assumed that BL1 is implicitly trusted (by virtue of immutability) and
+acts as the root of trust for measurement hence it is not measured.
+
+The Measured Boot implementation in TF-A supports multiple backends to securely
+store measurements mentioned below in the :ref:`Measured Boot Backends` section.
+
+Critical data
+-------------
+
+All firmware images - i.e. BLx images and their corresponding configuration
+files, if any - must be measured. In addition to that, there might be specific
+pieces of data which needs to be measured as well. These are typically different
+on each platform. They are referred to as *critical data*.
+
+Critical data for the platform can be determined using the following criteria:
+
+#. Data that influence boot flow behaviour such as -
+
+ - Configuration parameters that alter the boot flow path.
+ - Parameters that determine which firmware to load from NV-Storage to
+ SRAM/DRAM to pass the boot process successfully.
+
+#. Hardware configurations settings, debug settings and security policies
+ that need to be in a valid state for a device to maintain its security
+ posture during boot and runtime.
+#. Security-sensitive data that is being updated by hardware.
+
+Examples of Critical data:
+
+#. The list of errata workarounds being applied at reset.
+#. State of fuses such as whether an SoC is in secure mode.
+#. NV counters that determine whether firmware is up-to-date and secure.
+
+Measurement slot
+----------------
+
+The measurement slot resides in a Trusted Module and can be either a secure
+register or memory.
+The measurement slot is used to provide a method to cryptographically record
+(measure) images and critical data on a platform.
+The measurement slot update calculation, called an **extend** operation, is
+a one-way hash of all the previous measurements and the new measurement. It
+is the only way to change the slot value, thus no measurements can ever be
+removed or overwritten.
+
+.. _Measured Boot Backends:
+
+Measured Boot Backends
+----------------------
+
+The Measured Boot implementation in TF-A supports:
+
+#. Event Log
+
+ The TCG Event Log holds a record of measurements made into the Measurement
+ Slot aka PCR (Platform Configuration Register).
+
+ The `TCG EFI Protocol Specification`_ provides details on how to measure
+ components. The Arm document
+ `Arm® Server Base Security Guide`_ provides specific guidance for
+ measurements on an SBSA/SBBR server system. By considering these
+ specifications it is decided that -
+
+ #. Use PCR0 for images measurements.
+ #. Use PCR1 for Critical data measurements.
+
+ TCG has specified the architecture for the structure of this log in the
+ `TCG EFI Protocol Specification`_. The specification describes two event
+ log event records—the legacy, fixed size SHA1 structure called TCG_PCR_EVENT
+ and the variable length crypto agile structure called TCG_PCR_EVENT2. Event
+ Log driver implemented in TF-A covers later part.
+
+#. RSS
+
+ It is one of physical backend to extend the measurements. Please refer this
+ document :ref:`Runtime Security Subsystem (RSS)` for more details.
+
+Platform Interface
+------------------
+
+Every image which gets successfully loaded in memory (and authenticated, if
+trusted boot is enabled) then gets measured. In addition to that, platforms
+can measure any relevant piece of critical data at any point during the boot.
+The following diagram outlines the call sequence for Measured Boot platform
+interfaces invoked from generic code:
+
+.. image:: ../resources/diagrams/measured_boot_design.png
+
+These platform interfaces are used by BL1 and BL2 only, and are declared in
+``include/plat/common/platform.h``.
+BL31 does not load and thus does not measure any image.
+
+Responsibilities of these platform interfaces are -
+
+#. **Function : blx_plat_mboot_init()**
+
+ .. code-block:: c
+
+ void bl1_plat_mboot_init(void);
+ void bl2_plat_mboot_init(void);
+
+ Initialise all Measured Boot backends supported by the platform
+ (e.g. Event Log buffer, RSS). As these functions do not return any value,
+ the platform should deal with error management, such as logging the error
+ somewhere, or panicking the system if this is considered a fatal error.
+
+ - On the Arm FVP port -
+
+ - In BL1, this function is used to initialize the Event Log backend
+ driver, and also to write header information in the Event Log
+ buffer.
+ - In BL2, this function is used to initialize the Event Log buffer with
+ the information received from the BL1. It results in panic on
+ error.
+
+#. **Function : plat_mboot_measure_image()**
+
+ .. code-block:: c
+
+ int plat_mboot_measure_image(unsigned int image_id,
+ image_info_t *image_data);
+
+ - Measure the image using a hash function of the crypto module.
+
+ - Record the measurement in the corresponding backend -
+
+ - If it is Event Log backend, then record the measurement in TCG Event Log
+ format.
+ - If it is a secure crypto-processor (like RSS), then extend the designated
+ PCR (or slot) with the given measurement.
+ - This function must return 0 on success, a signed integer error code
+ otherwise.
+ - On the Arm FVP port, this function measures the given image and then
+ records that measurement in the Event Log buffer.
+ The passed id is used to retrieve information about on how to measure
+ the image (e.g. PCR number).
+
+#. **Function : blx_plat_mboot_finish()**
+
+ .. code-block:: c
+
+ void bl1_plat_mboot_finish(void);
+ void bl2_plat_mboot_finish(void);
+
+ - Do all teardown operations with respect to initialised Measured Boot backends.
+ This could be -
+
+ - Pass the Event Log details (start address and size) to Normal world or to
+ Secure World using any platform implementation way.
+ - Measure all critical data if any.
+ - As these functions do not return any value, the platform should deal with
+ error management, such as logging the error somewhere, or panicking the
+ system if this is considered a fatal error.
+
+ - On the Arm FVP port -
+
+ - In BL1, this function is used to pass the base address of
+ the Event Log buffer and its size to BL2 via tb_fw_config to extend the
+ Event Log buffer with the measurement of various images loaded by BL2.
+ It results in panic on error.
+ - In BL2, this function is used to pass the Event Log buffer information
+ (base address and size) to non-secure(BL33) and trusted OS(BL32) via
+ nt_fw and tos_fw config respectively.
+ See :ref:`DTB binding for Event Log properties` for a description of the
+ bindings used for Event Log properties.
+
+#. **Function : plat_mboot_measure_critical_data()**
+
+ .. code-block:: c
+
+ int plat_mboot_measure_critical_data(unsigned int critical_data_id,
+ const void *base,
+ size_t size);
+
+ This interface is not invoked by the generic code and it is up to the
+ platform layer to call it where appropriate.
+
+ This function measures the given critical data structure and records its
+ measurement using the Measured Boot backend driver.
+ This function must return 0 on success, a signed integer error code
+ otherwise.
+
+ In FVP, Non volatile counters get measured and recorded as Critical data
+ using the backend via this interface.
+
+--------------
+
+*Copyright (c) 2023, Arm Limited. All rights reserved.*
+
+.. _Arm® Server Base Security Guide: https://developer.arm.com/documentation/den0086/latest
+.. _TCG EFI Protocol Specification: https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf
diff --git a/docs/design_documents/measured_boot_poc.rst b/docs/design_documents/measured_boot_poc.rst
index 7f9519e..86cf4d1 100644
--- a/docs/design_documents/measured_boot_poc.rst
+++ b/docs/design_documents/measured_boot_poc.rst
@@ -10,6 +10,8 @@
This section focuses on the `TCG event log`_ backend, which stores measurements
in secure memory.
+See details of :ref:`Measured Boot Design`.
+
The driver also provides mechanisms to pass the Event Log to normal world if
needed.
diff --git a/docs/plat/arm/morello/index.rst b/docs/plat/arm/morello/index.rst
index b18001c..91549c0 100644
--- a/docs/plat/arm/morello/index.rst
+++ b/docs/plat/arm/morello/index.rst
@@ -12,9 +12,19 @@
Boot Sequence
-------------
-The execution begins from SCP_BL1 which loads the SCP_BL2 and starts its
-execution. SCP_BL2 powers up the AP which starts execution at AP_BL31. The AP
-then continues executing and hands off execution to Non-secure world (UEFI).
+The SCP initializes the RVBAR registers to point to the AP_BL1. Once RVBAR is
+initialized, the primary core is powered on. The primary core boots the AP_BL1.
+It performs minimum initialization necessary to load and authenticate the AP
+firmware image (the FIP image) from the AP QSPI NOR Flash Memory into the
+Trusted SRAM.
+
+AP_BL1 authenticates and loads the AP_BL2 image. AP_BL2 performs additional
+initializations, and then authenticates and loads the AP_BL31 and AP_BL33.
+AP_BL2 then transfers execution control to AP_BL31, which is the EL3 runtime
+firmware. Execution is finally handed off to AP_BL33, which is the non-secure
+world (UEFI).
+
+SCP -> AP_BL1 -> AP_BL2 -> AP_BL31 -> AP_BL33
Build Procedure (TF-A only)
~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -30,4 +40,4 @@
make PLAT=morello all
-*Copyright (c) 2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2023, Arm Limited. All rights reserved.*
diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst
index b557a16..f074021 100644
--- a/docs/porting-guide.rst
+++ b/docs/porting-guide.rst
@@ -1509,43 +1509,6 @@
the SMCCC function specified in the argument; otherwise returns
SMC_ARCH_CALL_NOT_SUPPORTED.
-Function : plat_mboot_measure_image()
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- Argument : unsigned int, image_info_t *
- Return : int
-
-When the MEASURED_BOOT flag is enabled:
-
-- This function measures the given image and records its measurement using
- the measured boot backend driver.
-- On the Arm FVP port, this function measures the given image using its
- passed id and information and then records that measurement in the
- Event Log buffer.
-- This function must return 0 on success, a signed integer error code
- otherwise.
-
-When the MEASURED_BOOT flag is disabled, this function doesn't do anything.
-
-Function : plat_mboot_measure_critical_data()
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- Argument : unsigned int, const void *, size_t
- Return : int
-
-When the MEASURED_BOOT flag is enabled:
-
-- This function measures the given critical data structure and records its
- measurement using the measured boot backend driver.
-- This function must return 0 on success, a signed integer error code
- otherwise.
-
-When the MEASURED_BOOT flag is disabled, this function doesn't do anything.
-
Function : plat_can_cmo()
~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -1813,42 +1776,6 @@
The default implementation of this function asserts therefore platforms must
override it when using the FWU feature.
-Function : bl1_plat_mboot_init() [optional]
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- Argument : void
- Return : void
-
-When the MEASURED_BOOT flag is enabled:
-
-- This function is used to initialize the backend driver(s) of measured boot.
-- On the Arm FVP port, this function is used to initialize the Event Log
- backend driver, and also to write header information in the Event Log buffer.
-
-When the MEASURED_BOOT flag is disabled, this function doesn't do anything.
-
-Function : bl1_plat_mboot_finish() [optional]
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- Argument : void
- Return : void
-
-When the MEASURED_BOOT flag is enabled:
-
-- This function is used to finalize the measured boot backend driver(s),
- and also, set the information for the next bootloader component to
- extend the measurement if needed.
-- On the Arm FVP port, this function is used to pass the base address of
- the Event Log buffer and its size to BL2 via tb_fw_config to extend the
- Event Log buffer with the measurement of various images loaded by BL2.
- It results in panic on error.
-
-When the MEASURED_BOOT flag is disabled, this function doesn't do anything.
-
Boot Loader Stage 2 (BL2)
-------------------------
@@ -1980,42 +1907,6 @@
must return 0, otherwise it must return 1. The default implementation
of this always returns 0.
-Function : bl2_plat_mboot_init() [optional]
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- Argument : void
- Return : void
-
-When the MEASURED_BOOT flag is enabled:
-
-- This function is used to initialize the backend driver(s) of measured boot.
-- On the Arm FVP port, this function is used to initialize the Event Log
- backend driver with the Event Log buffer information (base address and
- size) received from BL1. It results in panic on error.
-
-When the MEASURED_BOOT flag is disabled, this function doesn't do anything.
-
-Function : bl2_plat_mboot_finish() [optional]
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- Argument : void
- Return : void
-
-When the MEASURED_BOOT flag is enabled:
-
-- This function is used to finalize the measured boot backend driver(s),
- and also, set the information for the next bootloader component to extend
- the measurement if needed.
-- On the Arm FVP port, this function is used to pass the Event Log buffer
- information (base address and size) to non-secure(BL33) and trusted OS(BL32)
- via nt_fw and tos_fw config respectively. It results in panic on error.
-
-When the MEASURED_BOOT flag is disabled, this function doesn't do anything.
-
Boot Loader Stage 2 (BL2) at EL3
--------------------------------
@@ -3664,6 +3555,12 @@
dynamically allocating memory. This may also have the affect of limiting the
amount of open resources per driver.
+Measured Boot Platform Interface
+--------------------------------
+
+Enabling the MEASURED_BOOT flag adds extra platform requirements. Please refer
+to :ref:`Measured Boot Design` for more details.
+
--------------
*Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/resources/diagrams/Makefile b/docs/resources/diagrams/Makefile
index c951754..faf9634 100644
--- a/docs/resources/diagrams/Makefile
+++ b/docs/resources/diagrams/Makefile
@@ -79,7 +79,13 @@
FWU-update_struct_layers = "background"
FWU-update_struct_opts =
-all:$(RESET_PNGS) $(INT_PNGS) $(XLAT_PNG) $(RMM_PNG) $(RMM_EL3_MANIFEST_PNG) $(PSA_FWU_PNG)
+MB_DESIGN_DIA = measured_boot_design.dia
+MB_DESIGN_PNG = measured_boot_design.png
+
+measured_boot_design_layers = "background"
+measured_boot_design_opts =
+
+all:$(RESET_PNGS) $(INT_PNGS) $(XLAT_PNG) $(RMM_PNG) $(RMM_EL3_MANIFEST_PNG) $(PSA_FWU_PNG) $(MB_DESIGN_PNG)
$(RESET_PNGS):$(RESET_DIA)
$(call generate_image,$($(patsubst %.png,%_layers,$@)),$@,png,$($(patsubst %.png,%_opts,$@)),$<)
@@ -99,3 +105,6 @@
$(PSA_FWU_PNG):$(PSA_FWU_DIA)
$(call generate_image,$($(patsubst %.png,%_layers,$@)),$@,png,$($(patsubst %.png,%_opts,$@)),$<)
+
+$(MB_DESIGN_PNG):$(MB_DESIGN_DIA)
+ $(call generate_image,$($(patsubst %.png,%_layers,$@)),$@,png,$($(patsubst %.png,%_opts,$@)),$<)
diff --git a/docs/resources/diagrams/measured_boot_design.dia b/docs/resources/diagrams/measured_boot_design.dia
new file mode 100644
index 0000000..fdae464
--- /dev/null
+++ b/docs/resources/diagrams/measured_boot_design.dia
Binary files differ
diff --git a/docs/resources/diagrams/measured_boot_design.png b/docs/resources/diagrams/measured_boot_design.png
new file mode 100644
index 0000000..42469be
--- /dev/null
+++ b/docs/resources/diagrams/measured_boot_design.png
Binary files differ
diff --git a/lib/cpus/aarch64/cortex_a75.S b/lib/cpus/aarch64/cortex_a75.S
index e22c828..0a7b9fb 100644
--- a/lib/cpus/aarch64/cortex_a75.S
+++ b/lib/cpus/aarch64/cortex_a75.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -15,139 +15,43 @@
#error "Cortex-A75 must be compiled with HW_ASSISTED_COHERENCY enabled"
#endif
- /* --------------------------------------------------
- * Errata Workaround for Cortex A75 Errata #764081.
- * This applies only to revision r0p0 of Cortex A75.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * --------------------------------------------------
- */
-func errata_a75_764081_wa
- /*
- * Compare x0 against revision r0p0
- */
- mov x17, x30
- bl check_errata_764081
- cbz x0, 1f
- mrs x1, sctlr_el3
- orr x1, x1 ,#SCTLR_IESB_BIT
- msr sctlr_el3, x1
- isb
-1:
- ret x17
-endfunc errata_a75_764081_wa
+workaround_reset_start cortex_a75, ERRATUM(764081), ERRATA_A75_764081
+ sysreg_bit_set sctlr_el3, SCTLR_IESB_BIT
+workaround_reset_end cortex_a75, ERRATUM(764081)
-func check_errata_764081
- mov x1, #0x00
- b cpu_rev_var_ls
-endfunc check_errata_764081
+check_erratum_ls cortex_a75, ERRATUM(764081), CPU_REV(0, 0)
- /* --------------------------------------------------
- * Errata Workaround for Cortex A75 Errata #790748.
- * This applies only to revision r0p0 of Cortex A75.
- * Inputs:
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * --------------------------------------------------
- */
-func errata_a75_790748_wa
- /*
- * Compare x0 against revision r0p0
- */
- mov x17, x30
- bl check_errata_790748
- cbz x0, 1f
- mrs x1, CORTEX_A75_CPUACTLR_EL1
- orr x1, x1 ,#(1 << 13)
- msr CORTEX_A75_CPUACTLR_EL1, x1
- isb
-1:
- ret x17
-endfunc errata_a75_790748_wa
+workaround_reset_start cortex_a75, ERRATUM(790748), ERRATA_A75_790748
+ sysreg_bit_set CORTEX_A75_CPUACTLR_EL1, (1 << 13)
+workaround_reset_end cortex_a75, ERRATUM(790748)
-func check_errata_790748
- mov x1, #0x00
- b cpu_rev_var_ls
-endfunc check_errata_790748
+check_erratum_ls cortex_a75, ERRATUM(790748), CPU_REV(0, 0)
- /* -------------------------------------------------
- * The CPU Ops reset function for Cortex-A75.
- * -------------------------------------------------
- */
-func cortex_a75_reset_func
- mov x19, x30
- bl cpu_get_rev_var
- mov x18, x0
-
-#if ERRATA_A75_764081
- mov x0, x18
- bl errata_a75_764081_wa
-#endif
-
-#if ERRATA_A75_790748
- mov x0, x18
- bl errata_a75_790748_wa
-#endif
-
-#if IMAGE_BL31 && (WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960)
- cpu_check_csv2 x0, 1f
- adr x0, wa_cve_2017_5715_bpiall_vbar
- msr vbar_el3, x0
- isb
- /* Skip installing vector table again for CVE_2022_23960 */
- b 2f
-1:
-#if WORKAROUND_CVE_2022_23960
- adr x0, wa_cve_2017_5715_bpiall_vbar
- msr vbar_el3, x0
- isb
-#endif
-2:
-#endif /* IMAGE_BL31 && (WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960) */
-
-#if WORKAROUND_CVE_2018_3639
- mrs x0, CORTEX_A75_CPUACTLR_EL1
- orr x0, x0, #CORTEX_A75_CPUACTLR_EL1_DISABLE_LOAD_PASS_STORE
- msr CORTEX_A75_CPUACTLR_EL1, x0
- isb
-#endif
-
-#if ERRATA_DSU_798953
- bl errata_dsu_798953_wa
-#endif
-
-#if ERRATA_DSU_936184
- bl errata_dsu_936184_wa
-#endif
-
-#if ENABLE_FEAT_AMU
- /* Make sure accesses from EL0/EL1 and EL2 are not trapped to EL3 */
- mrs x0, actlr_el3
- orr x0, x0, #CORTEX_A75_ACTLR_AMEN_BIT
- msr actlr_el3, x0
- isb
-
- /* Make sure accesses from EL0/EL1 are not trapped to EL2 */
- mrs x0, actlr_el2
- orr x0, x0, #CORTEX_A75_ACTLR_AMEN_BIT
- msr actlr_el2, x0
- isb
+/* ERRATA_DSU_798953 :
+ * The errata is defined in dsu_helpers.S but applies to cortex_a75
+ * as well. Henceforth creating symbolic names to the already existing errata
+ * workaround functions to get them registered under the Errata Framework.
+ */
+.equ check_erratum_cortex_a75_798953, check_errata_dsu_798953
+.equ erratum_cortex_a75_798953_wa, errata_dsu_798953_wa
+add_erratum_entry cortex_a75, ERRATUM(798953), ERRATA_DSU_798953, APPLY_AT_RESET
- /* Enable group0 counters */
- mov x0, #CORTEX_A75_AMU_GROUP0_MASK
- msr CPUAMCNTENSET_EL0, x0
- isb
+/* ERRATA_DSU_936184 :
+ * The errata is defined in dsu_helpers.S but applies to cortex_a75
+ * as well. Henceforth creating symbolic names to the already existing errata
+ * workaround functions to get them registered under the Errata Framework.
+ */
+.equ check_erratum_cortex_a75_936184, check_errata_dsu_936184
+.equ erratum_cortex_a75_936184_wa, errata_dsu_936184_wa
+add_erratum_entry cortex_a75, ERRATUM(936184), ERRATA_DSU_936184, APPLY_AT_RESET
- /* Enable group1 counters */
- mov x0, #CORTEX_A75_AMU_GROUP1_MASK
- msr CPUAMCNTENSET_EL0, x0
- isb
-#endif
- ret x19
-endfunc cortex_a75_reset_func
+workaround_reset_start cortex_a75, CVE(2017, 5715), WORKAROUND_CVE_2017_5715
+#if IMAGE_BL31
+ override_vector_table wa_cve_2017_5715_bpiall_vbar
+#endif /* IMAGE_BL31 */
+workaround_reset_end cortex_a75, CVE(2017, 5715)
-func check_errata_cve_2017_5715
+check_erratum_custom_start cortex_a75, CVE(2017, 5715)
cpu_check_csv2 x0, 1f
#if WORKAROUND_CVE_2017_5715
mov x0, #ERRATA_APPLIES
@@ -158,18 +62,27 @@
1:
mov x0, #ERRATA_NOT_APPLIES
ret
-endfunc check_errata_cve_2017_5715
+check_erratum_custom_end cortex_a75, CVE(2017, 5715)
-func check_errata_cve_2018_3639
-#if WORKAROUND_CVE_2018_3639
- mov x0, #ERRATA_APPLIES
-#else
- mov x0, #ERRATA_MISSING
-#endif
- ret
-endfunc check_errata_cve_2018_3639
+workaround_reset_start cortex_a75, CVE(2018, 3639), WORKAROUND_CVE_2018_3639
+ sysreg_bit_set CORTEX_A75_CPUACTLR_EL1, CORTEX_A75_CPUACTLR_EL1_DISABLE_LOAD_PASS_STORE
+workaround_reset_end cortex_a75, CVE(2018, 3639)
-func check_errata_cve_2022_23960
+check_erratum_chosen cortex_a75, CVE(2018, 3639), WORKAROUND_CVE_2018_3639
+
+workaround_reset_start cortex_a75, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
+#if IMAGE_BL31
+ /* Skip installing vector table again if already done for CVE(2017, 5715) */
+ adr x0, wa_cve_2017_5715_bpiall_vbar
+ mrs x1, vbar_el3
+ cmp x0, x1
+ b.eq 1f
+ msr vbar_el3, x0
+1:
+#endif /* IMAGE_BL31 */
+workaround_reset_end cortex_a75, CVE(2022, 23960)
+
+check_erratum_custom_start cortex_a75, CVE(2022, 23960)
#if WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960
cpu_check_csv2 x0, 1f
mov x0, #ERRATA_APPLIES
@@ -184,7 +97,34 @@
#endif /* WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960 */
mov x0, #ERRATA_MISSING
ret
-endfunc check_errata_cve_2022_23960
+check_erratum_custom_end cortex_a75, CVE(2022, 23960)
+
+ /* -------------------------------------------------
+ * The CPU Ops reset function for Cortex-A75.
+ * -------------------------------------------------
+ */
+
+cpu_reset_func_start cortex_a75
+#if ENABLE_FEAT_AMU
+ /* Make sure accesses from EL0/EL1 and EL2 are not trapped to EL3 */
+ sysreg_bit_set actlr_el3, CORTEX_A75_ACTLR_AMEN_BIT
+ isb
+
+ /* Make sure accesses from EL0/EL1 are not trapped to EL2 */
+ sysreg_bit_set actlr_el2, CORTEX_A75_ACTLR_AMEN_BIT
+ isb
+
+ /* Enable group0 counters */
+ mov x0, #CORTEX_A75_AMU_GROUP0_MASK
+ msr CPUAMCNTENSET_EL0, x0
+ isb
+
+ /* Enable group1 counters */
+ mov x0, #CORTEX_A75_AMU_GROUP1_MASK
+ msr CPUAMCNTENSET_EL0, x0
+ /* isb included in cpu_reset_func_end macro */
+#endif
+cpu_reset_func_end cortex_a75
func check_smccc_arch_workaround_3
mov x0, #ERRATA_APPLIES
@@ -200,39 +140,13 @@
* Enable CPU power down bit in power control register
* ---------------------------------------------
*/
- mrs x0, CORTEX_A75_CPUPWRCTLR_EL1
- orr x0, x0, #CORTEX_A75_CORE_PWRDN_EN_MASK
- msr CORTEX_A75_CPUPWRCTLR_EL1, x0
+ sysreg_bit_set CORTEX_A75_CPUPWRCTLR_EL1, \
+ CORTEX_A75_CORE_PWRDN_EN_MASK
isb
ret
endfunc cortex_a75_core_pwr_dwn
-#if REPORT_ERRATA
-/*
- * Errata printing function for Cortex A75. Must follow AAPCS.
- */
-func cortex_a75_errata_report
- stp x8, x30, [sp, #-16]!
-
- bl cpu_get_rev_var
- mov x8, x0
-
- /*
- * Report all errata. The revision-variant information is passed to
- * checking functions of each errata.
- */
- report_errata ERRATA_A75_764081, cortex_a75, 764081
- report_errata ERRATA_A75_790748, cortex_a75, 790748
- report_errata WORKAROUND_CVE_2017_5715, cortex_a75, cve_2017_5715
- report_errata WORKAROUND_CVE_2018_3639, cortex_a75, cve_2018_3639
- report_errata ERRATA_DSU_798953, cortex_a75, dsu_798953
- report_errata ERRATA_DSU_936184, cortex_a75, dsu_936184
- report_errata WORKAROUND_CVE_2022_23960, cortex_a75, cve_2022_23960
-
- ldp x8, x30, [sp], #16
- ret
-endfunc cortex_a75_errata_report
-#endif
+errata_report_shim cortex_a75
/* ---------------------------------------------
* This function provides cortex_a75 specific
@@ -255,7 +169,7 @@
declare_cpu_ops_wa cortex_a75, CORTEX_A75_MIDR, \
cortex_a75_reset_func, \
- check_errata_cve_2017_5715, \
+ check_erratum_cortex_a75_5715, \
CPU_NO_EXTRA2_FUNC, \
check_smccc_arch_workaround_3, \
cortex_a75_core_pwr_dwn
diff --git a/plat/arm/board/fvp/fvp_pm.c b/plat/arm/board/fvp/fvp_pm.c
index b8c97f8..534a175 100644
--- a/plat/arm/board/fvp/fvp_pm.c
+++ b/plat/arm/board/fvp/fvp_pm.c
@@ -393,6 +393,10 @@
for (i = ARM_PWR_LVL0; i <= PLAT_MAX_PWR_LVL; i++)
req_state->pwr_domain_state[i] = ARM_LOCAL_STATE_OFF;
+
+#if PSCI_OS_INIT_MODE
+ req_state->last_at_pwrlvl = PLAT_MAX_PWR_LVL;
+#endif
}
#endif
diff --git a/plat/arm/board/tc/region_defs.h b/plat/arm/board/tc/region_defs.h
index d3dfd13..50ec2f1 100644
--- a/plat/arm/board/tc/region_defs.h
+++ b/plat/arm/board/tc/region_defs.h
@@ -7,6 +7,6 @@
#ifndef REGION_DEFS_H
#define REGION_DEFS_H
-#define PSA_INITIAL_ATTEST_TOKEN_MAX_SIZE 0x800
+#define PSA_INITIAL_ATTEST_MAX_TOKEN_SIZE 0x800
#endif /* REGION_DEFS_H */
diff --git a/plat/arm/board/tc/rss_ap_tests.c b/plat/arm/board/tc/rss_ap_tests.c
index 8c40271..ea90ac3 100644
--- a/plat/arm/board/tc/rss_ap_tests.c
+++ b/plat/arm/board/tc/rss_ap_tests.c
@@ -56,7 +56,7 @@
return 0;
}
-void run_platform_tests(void)
+int run_platform_tests(void)
{
size_t i;
int ret;
diff --git a/plat/intel/soc/agilex5/bl2_plat_setup.c b/plat/intel/soc/agilex5/bl2_plat_setup.c
index 88f9880..a2fafd2 100644
--- a/plat/intel/soc/agilex5/bl2_plat_setup.c
+++ b/plat/intel/soc/agilex5/bl2_plat_setup.c
@@ -68,7 +68,7 @@
{
static console_t console;
- handoff reverse_handoff_ptr;
+ handoff reverse_handoff_ptr = { 0 };
generic_delay_timer_init();
config_clkmgr_handoff(&reverse_handoff_ptr);
diff --git a/plat/intel/soc/agilex5/soc/agilex5_clock_manager.c b/plat/intel/soc/agilex5/soc/agilex5_clock_manager.c
index 522bf5d..cc68153 100644
--- a/plat/intel/soc/agilex5/soc/agilex5_clock_manager.c
+++ b/plat/intel/soc/agilex5/soc/agilex5_clock_manager.c
@@ -178,17 +178,7 @@
pllc_reg = CLKMGR_MAINPLL + main_pllc;
pllglob_reg = CLKMGR_MAINPLL + CLKMGR_MAINPLL_PLLGLOB;
break;
- case CLKMGR_PSRC_PER:
- pllm_reg = CLKMGR_PERPLL + CLKMGR_PERPLL_PLLM;
- pllc_reg = CLKMGR_PERPLL + per_pllc;
- pllglob_reg = CLKMGR_PERPLL + CLKMGR_PERPLL_PLLGLOB;
- break;
- default:
- return 0;
}
- pllm_reg = CLKMGR_MAINPLL + CLKMGR_MAINPLL_PLLM;
- pllc_reg = CLKMGR_MAINPLL + main_pllc;
- pllglob_reg = CLKMGR_MAINPLL + CLKMGR_MAINPLL_PLLGLOB;
ref_clk = get_ref_clk(mmio_read_32(pllglob_reg));
mdiv = CLKMGR_PLLM_MDIV(mmio_read_32(pllm_reg));
diff --git a/plat/qti/common/src/qti_pm.c b/plat/qti/common/src/qti_pm.c
index 487a56e..1113efc 100644
--- a/plat/qti/common/src/qti_pm.c
+++ b/plat/qti/common/src/qti_pm.c
@@ -260,6 +260,10 @@
state_id & QTI_LOCAL_PSTATE_MASK;
state_id >>= QTI_LOCAL_PSTATE_WIDTH;
}
+
+#if PSCI_OS_INIT_MODE
+ req_state->last_at_pwrlvl = PLAT_MAX_PWR_LVL;
+#endif
}
/*
diff --git a/plat/renesas/rcar/bl2_plat_setup.c b/plat/renesas/rcar/bl2_plat_setup.c
index 9ec4bcd..81ee93e 100644
--- a/plat/renesas/rcar/bl2_plat_setup.c
+++ b/plat/renesas/rcar/bl2_plat_setup.c
@@ -236,6 +236,56 @@
mmio_read_32(AXI_DCMPAREACRA0 + 0x8 * no),
mmio_read_32(AXI_DCMPAREACRB0 + 0x8 * no));
}
+
+static int bl2_create_reserved_memory(void)
+{
+ int ret;
+
+ int fcnlnode = fdt_add_subnode(fdt, 0, "reserved-memory");
+ if (fcnlnode < 0) {
+ NOTICE("BL2: Cannot create reserved mem node (ret=%i)\n",
+ fcnlnode);
+ panic();
+ }
+
+ ret = fdt_setprop(fdt, fcnlnode, "ranges", NULL, 0);
+ if (ret < 0) {
+ NOTICE("BL2: Cannot add FCNL ranges prop (ret=%i)\n", ret);
+ panic();
+ }
+
+ ret = fdt_setprop_u32(fdt, fcnlnode, "#address-cells", 2);
+ if (ret < 0) {
+ NOTICE("BL2: Cannot add FCNL #address-cells prop (ret=%i)\n", ret);
+ panic();
+ }
+
+ ret = fdt_setprop_u32(fdt, fcnlnode, "#size-cells", 2);
+ if (ret < 0) {
+ NOTICE("BL2: Cannot add FCNL #size-cells prop (ret=%i)\n", ret);
+ panic();
+ }
+
+ return fcnlnode;
+}
+
+static void bl2_create_fcnl_reserved_memory(void)
+{
+ int fcnlnode;
+
+ NOTICE("BL2: Lossy Decomp areas\n");
+
+ fcnlnode = bl2_create_reserved_memory();
+
+ bl2_lossy_setting(0, LOSSY_ST_ADDR0, LOSSY_END_ADDR0,
+ LOSSY_FMT0, LOSSY_ENA_DIS0, fcnlnode);
+ bl2_lossy_setting(1, LOSSY_ST_ADDR1, LOSSY_END_ADDR1,
+ LOSSY_FMT1, LOSSY_ENA_DIS1, fcnlnode);
+ bl2_lossy_setting(2, LOSSY_ST_ADDR2, LOSSY_END_ADDR2,
+ LOSSY_FMT2, LOSSY_ENA_DIS2, fcnlnode);
+}
+#else
+static void bl2_create_fcnl_reserved_memory(void) {}
#endif
void bl2_plat_flush_bl31_params(void)
@@ -820,9 +870,6 @@
#else
const char *boot_hyper160 = "HyperFlash(160MHz)";
#endif
-#if (RCAR_LOSSY_ENABLE == 1)
- int fcnlnode;
-#endif
bl2_init_generic_timer();
@@ -1099,23 +1146,8 @@
reg &= ~((uint32_t) 1 << 12);
mmio_write_32(CPG_PLL0CR, reg);
}
-#if (RCAR_LOSSY_ENABLE == 1)
- NOTICE("BL2: Lossy Decomp areas\n");
- fcnlnode = fdt_add_subnode(fdt, 0, "reserved-memory");
- if (fcnlnode < 0) {
- NOTICE("BL2: Cannot create reserved mem node (ret=%i)\n",
- fcnlnode);
- panic();
- }
-
- bl2_lossy_setting(0, LOSSY_ST_ADDR0, LOSSY_END_ADDR0,
- LOSSY_FMT0, LOSSY_ENA_DIS0, fcnlnode);
- bl2_lossy_setting(1, LOSSY_ST_ADDR1, LOSSY_END_ADDR1,
- LOSSY_FMT1, LOSSY_ENA_DIS1, fcnlnode);
- bl2_lossy_setting(2, LOSSY_ST_ADDR2, LOSSY_END_ADDR2,
- LOSSY_FMT2, LOSSY_ENA_DIS2, fcnlnode);
-#endif
+ bl2_create_fcnl_reserved_memory();
fdt_pack(fdt);
NOTICE("BL2: FDT at %p\n", fdt);
