Prevent RAS register access from lower ELs
This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set
SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register
accesses from EL1 or EL2 to EL3.
RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438
diff --git a/Makefile b/Makefile
index a0d2ae0..bc5604b 100644
--- a/Makefile
+++ b/Makefile
@@ -900,6 +900,7 @@
$(eval $(call assert_boolean,ENCRYPT_BL31))
$(eval $(call assert_boolean,ENCRYPT_BL32))
$(eval $(call assert_boolean,ERRATA_SPECULATIVE_AT))
+$(eval $(call assert_boolean,RAS_TRAP_LOWER_EL_ERR_ACCESS))
$(eval $(call assert_numeric,ARM_ARCH_MAJOR))
$(eval $(call assert_numeric,ARM_ARCH_MINOR))
@@ -979,6 +980,7 @@
$(eval $(call add_define,BL2_INV_DCACHE))
$(eval $(call add_define,USE_SPINLOCK_CAS))
$(eval $(call add_define,ERRATA_SPECULATIVE_AT))
+$(eval $(call add_define,RAS_TRAP_LOWER_EL_ERR_ACCESS))
ifeq (${SANITIZE_UB},trap)
$(eval $(call add_define,MONITOR_TRAPS))
diff --git a/docs/components/ras.rst b/docs/components/ras.rst
index 3d81f17..86529d7 100644
--- a/docs/components/ras.rst
+++ b/docs/components/ras.rst
@@ -32,7 +32,8 @@
The build option ``RAS_EXTENSION`` when set to ``1`` includes the RAS in run
time firmware; ``EL3_EXCEPTION_HANDLING`` and ``HANDLE_EA_EL3_FIRST`` must also
-be set ``1``.
+be set ``1``. ``RAS_TRAP_LOWER_EL_ERR_ACCESS`` controls the access to the RAS
+error record registers from lower ELs.
.. _ras-figure:
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 920f934..f207886 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -707,6 +707,10 @@
| 1530924 | Cortex-A53 |
+---------+--------------+
+- ``RAS_TRAP_LOWER_EL_ERR_ACCESS``: This flag enables/disables the SCR_EL3.TERR
+ bit, to trap access to the RAS ERR and RAS ERX registers from lower ELs.
+ This flag is disabled by default.
+
GICv3 driver options
--------------------
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index 10fe926..90569c3 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -342,6 +342,7 @@
#define SCR_EEL2_BIT (U(1) << 18)
#define SCR_API_BIT (U(1) << 17)
#define SCR_APK_BIT (U(1) << 16)
+#define SCR_TERR_BIT (U(1) << 15)
#define SCR_TWE_BIT (U(1) << 13)
#define SCR_TWI_BIT (U(1) << 12)
#define SCR_ST_BIT (U(1) << 11)
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 53b4ea3..f4a34bf 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -108,6 +108,14 @@
if (EP_GET_ST(ep->h.attr) != 0U)
scr_el3 |= SCR_ST_BIT;
+#if RAS_TRAP_LOWER_EL_ERR_ACCESS
+ /*
+ * SCR_EL3.TERR: Trap Error record accesses. Accesses to the RAS ERR
+ * and RAS ERX registers from EL1 and EL2 are trapped to EL3.
+ */
+ scr_el3 |= SCR_TERR_BIT;
+#endif
+
#if !HANDLE_EA_EL3_FIRST
/*
* SCR_EL3.EA: Do not route External Abort and SError Interrupt External
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 585f06f..6db228f 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -302,3 +302,6 @@
# Select workaround for AT speculative behaviour.
ERRATA_SPECULATIVE_AT := 0
+
+# Trap RAS error record access from lower EL
+RAS_TRAP_LOWER_EL_ERR_ACCESS := 0