Merge "feat(security): add support for SLS mitigation" into integration
diff --git a/Makefile b/Makefile
index ef01fef..a107785 100644
--- a/Makefile
+++ b/Makefile
@@ -8,8 +8,8 @@
# Trusted Firmware Version
#
VERSION_MAJOR := 2
-VERSION_MINOR := 9
-VERSION_PATCH := 0
+VERSION_MINOR := 10
+VERSION_PATCH := 0 # Only used for LTS releases
VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}
# Default goal is build all images
@@ -41,10 +41,6 @@
CHECKCODE_ARGS := --no-patch
# Do not check the coding style on imported library files or documentation files
-INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \
- include/drivers/arm/cryptocell, \
- $(wildcard include/drivers/arm/*)))
-INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h
INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \
include/drivers/arm, \
$(wildcard include/drivers/*)))
@@ -374,8 +370,10 @@
# GCC automatically adds fix-cortex-a53-843419 flag when used to link
# which breaks some builds, so disable if errata fix is not explicitly enabled
- ifneq (${ERRATA_A53_843419},1)
- TF_LDFLAGS += -mno-fix-cortex-a53-843419
+ ifeq (${ARCH},aarch64)
+ ifneq (${ERRATA_A53_843419},1)
+ TF_LDFLAGS += -mno-fix-cortex-a53-843419
+ endif
endif
TF_LDFLAGS += -nostdlib
TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
@@ -401,10 +399,6 @@
endif #(LD = armlink)
-DTC_FLAGS += -I dts -O dtb
-DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \
- -x assembler-with-cpp $(DEFINES)
-
################################################################################
# Setup ARCH_MAJOR/MINOR before parsing arch_features.
################################################################################
@@ -416,7 +410,6 @@
################################################################################
# Common sources and include directories
################################################################################
-include ${MAKE_HELPERS_DIRECTORY}arch_features.mk
include lib/compiler-rt/compiler-rt.mk
BL_COMMON_SOURCES += common/bl_common.c \
@@ -447,105 +440,11 @@
${PLAT_INCLUDES} \
${SPD_INCLUDES}
-include common/backtrace/backtrace.mk
-
-################################################################################
-# Process BRANCH_PROTECTION value and set
-# Pointer Authentication and Branch Target Identification flags
-################################################################################
-ifeq (${BRANCH_PROTECTION},0)
- # Default value turns off all types of branch protection
- BP_OPTION := none
-else ifneq (${ARCH},aarch64)
- $(error BRANCH_PROTECTION requires AArch64)
-else ifeq (${BRANCH_PROTECTION},1)
- # Enables all types of branch protection features
- BP_OPTION := standard
- ENABLE_BTI := 1
- ENABLE_PAUTH := 1
-else ifeq (${BRANCH_PROTECTION},2)
- # Return address signing to its standard level
- BP_OPTION := pac-ret
- ENABLE_PAUTH := 1
-else ifeq (${BRANCH_PROTECTION},3)
- # Extend the signing to include leaf functions
- BP_OPTION := pac-ret+leaf
- ENABLE_PAUTH := 1
-else ifeq (${BRANCH_PROTECTION},4)
- # Turn on branch target identification mechanism
- BP_OPTION := bti
- ENABLE_BTI := 1
-else
- $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
-endif #(BRANCH_PROTECTION)
-
-ifeq ($(ENABLE_PAUTH),1)
- CTX_INCLUDE_PAUTH_REGS := 1
-endif
-ifneq (${BP_OPTION},none)
- TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION}
-endif #(BP_OPTION)
-
-# Pointer Authentication sources
-ifeq (${ENABLE_PAUTH}, 1)
-# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the
-# Pauth support. As it's not secure, it must be reimplemented for real platforms
- BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S
-endif
-
-####################################################
-# Enable required options for Memory Stack Tagging.
-####################################################
-
-# Currently, these options are enabled only for clang and armclang compiler.
-ifeq (${SUPPORT_STACK_MEMTAG},yes)
- ifdef mem_tag_arch_support
- # Check for armclang and clang compilers
- ifneq ( ,$(filter $(notdir $(CC)),armclang clang))
- # Add "memtag" architecture feature modifier if not specified
- ifeq ( ,$(findstring memtag,$(arch-features)))
- arch-features := $(arch-features)+memtag
- endif # memtag
- ifeq ($(notdir $(CC)),armclang)
- TF_CFLAGS += -mmemtag-stack
- else ifeq ($(notdir $(CC)),clang)
- TF_CFLAGS += -fsanitize=memtag
- endif # armclang
- endif
- else
- $(error "Error: stack memory tagging is not supported for \
- architecture ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a")
- endif #(mem_tag_arch_support)
-endif #(SUPPORT_STACK_MEMTAG)
-
-################################################################################
-# RME dependent flags configuration, Enable optional features for RME.
-################################################################################
-# FEAT_RME
-ifeq (${ENABLE_RME},1)
- # RME doesn't support PIE
- ifneq (${ENABLE_PIE},0)
- $(error ENABLE_RME does not support PIE)
- endif
-
- # RME doesn't support BRBE
- ifneq (${ENABLE_BRBE_FOR_NS},0)
- $(error ENABLE_RME does not support BRBE.)
- endif
-
- # RME requires AARCH64
- ifneq (${ARCH},aarch64)
- $(error ENABLE_RME requires AArch64)
- endif
-
- # RME requires el2 context to be saved for now.
- CTX_INCLUDE_EL2_REGS := 1
- CTX_INCLUDE_AARCH32_REGS := 0
- CTX_INCLUDE_PAUTH_REGS := 1
+DTC_FLAGS += -I dts -O dtb
+DTC_CPPFLAGS += -P -nostdinc $(INCLUDES) -Ifdts -undef \
+ -x assembler-with-cpp $(DEFINES)
- # RME enables CSV2_2 extension by default.
- ENABLE_FEAT_CSV2_2 = 1
-endif #(FEAT_RME)
+include common/backtrace/backtrace.mk
################################################################################
# Generic definitions
@@ -643,16 +542,120 @@
endif
endif
-ifeq (${CTX_INCLUDE_EL2_REGS}, 1)
- ifeq (${SPD},none)
- ifeq (${ENABLE_RME},0)
- $(error CTX_INCLUDE_EL2_REGS is available only when SPD \
- or RME is enabled)
- endif
- endif
+################################################################################
+# Process BRANCH_PROTECTION value and set
+# Pointer Authentication and Branch Target Identification flags
+################################################################################
+ifeq (${BRANCH_PROTECTION},0)
+ # Default value turns off all types of branch protection
+ BP_OPTION := none
+else ifneq (${ARCH},aarch64)
+ $(error BRANCH_PROTECTION requires AArch64)
+else ifeq (${BRANCH_PROTECTION},1)
+ # Enables all types of branch protection features
+ BP_OPTION := standard
+ ENABLE_BTI := 1
+ ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},2)
+ # Return address signing to its standard level
+ BP_OPTION := pac-ret
+ ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},3)
+ # Extend the signing to include leaf functions
+ BP_OPTION := pac-ret+leaf
+ ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},4)
+ # Turn on branch target identification mechanism
+ BP_OPTION := bti
+ ENABLE_BTI := 1
+else
+ $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
+endif #(BRANCH_PROTECTION)
+
+ifeq ($(ENABLE_PAUTH),1)
+ CTX_INCLUDE_PAUTH_REGS := 1
endif
+ifneq (${BP_OPTION},none)
+ TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION}
+endif #(BP_OPTION)
+
+# Pointer Authentication sources
+ifeq (${ENABLE_PAUTH}, 1)
+# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the
+# Pauth support. As it's not secure, it must be reimplemented for real platforms
+ BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S
+endif
+
+################################################################################
+# Include the platform specific Makefile after the SPD Makefile (the platform
+# makefile may use all previous definitions in this file)
+################################################################################
+include ${PLAT_MAKEFILE_FULL}
+
+################################################################################
+# Setup arch_features based on ARM_ARCH_MAJOR, ARM_ARCH_MINOR provided from
+# platform.
+################################################################################
+include ${MAKE_HELPERS_DIRECTORY}arch_features.mk
+
+####################################################
+# Enable required options for Memory Stack Tagging.
+####################################################
+
+# Currently, these options are enabled only for clang and armclang compiler.
+ifeq (${SUPPORT_STACK_MEMTAG},yes)
+ ifdef mem_tag_arch_support
+ # Check for armclang and clang compilers
+ ifneq ( ,$(filter $(notdir $(CC)),armclang clang))
+ # Add "memtag" architecture feature modifier if not specified
+ ifeq ( ,$(findstring memtag,$(arch-features)))
+ arch-features := $(arch-features)+memtag
+ endif # memtag
+ ifeq ($(notdir $(CC)),armclang)
+ TF_CFLAGS += -mmemtag-stack
+ else ifeq ($(notdir $(CC)),clang)
+ TF_CFLAGS += -fsanitize=memtag
+ endif # armclang
+ endif
+ else
+ $(error "Error: stack memory tagging is not supported for \
+ architecture ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a")
+ endif #(mem_tag_arch_support)
+endif #(SUPPORT_STACK_MEMTAG)
################################################################################
+# RME dependent flags configuration, Enable optional features for RME.
+################################################################################
+# FEAT_RME
+ifeq (${ENABLE_RME},1)
+ # RME doesn't support BRBE
+ ENABLE_BRBE_FOR_NS := 0
+
+ # RME doesn't support PIE
+ ifneq (${ENABLE_PIE},0)
+ $(error ENABLE_RME does not support PIE)
+ endif
+
+ # RME doesn't support BRBE
+ ifneq (${ENABLE_BRBE_FOR_NS},0)
+ $(error ENABLE_RME does not support BRBE.)
+ endif
+
+ # RME requires AARCH64
+ ifneq (${ARCH},aarch64)
+ $(error ENABLE_RME requires AArch64)
+ endif
+
+ # RME requires el2 context to be saved for now.
+ CTX_INCLUDE_EL2_REGS := 1
+ CTX_INCLUDE_AARCH32_REGS := 0
+ CTX_INCLUDE_PAUTH_REGS := 1
+
+ # RME enables CSV2_2 extension by default.
+ ENABLE_FEAT_CSV2_2 = 1
+endif #(FEAT_RME)
+
+################################################################################
# Include rmmd Makefile if RME is enabled
################################################################################
ifneq (${ENABLE_RME},0)
@@ -672,12 +675,14 @@
$(warning "RME is an experimental feature")
endif
-################################################################################
-# Include the platform specific Makefile after the SPD Makefile (the platform
-# makefile may use all previous definitions in this file)
-################################################################################
-
-include ${PLAT_MAKEFILE_FULL}
+ifeq (${CTX_INCLUDE_EL2_REGS}, 1)
+ ifeq (${SPD},none)
+ ifeq (${ENABLE_RME},0)
+ $(error CTX_INCLUDE_EL2_REGS is available only when SPD \
+ or RME is enabled)
+ endif
+ endif
+endif
################################################################################
# Platform specific Makefile might provide us ARCH_MAJOR/MINOR use that to come
@@ -704,6 +709,14 @@
BL2_RUNS_AT_EL3 := 0
endif
+# This internal flag is set to 1 when Firmware First handling of External aborts
+# is required by lowe ELs. Currently only NS requires this support.
+ifeq ($(HANDLE_EA_EL3_FIRST_NS),1)
+ FFH_SUPPORT := 1
+else
+ FFH_SUPPORT := 0
+endif
+
$(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT}))
ifeq (${ARM_ARCH_MAJOR},7)
@@ -865,18 +878,9 @@
# RAS_EXTENSION is deprecated, provide alternate build options
ifeq ($(RAS_EXTENSION),1)
$(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \
- and RAS_FFH_SUPPORT instead")
+ and HANDLE_EA_EL3_FIRST_NS instead")
endif
-# RAS firmware first handling requires that EAs are handled in EL3 first
-ifeq ($(RAS_FFH_SUPPORT),1)
- ifneq ($(ENABLE_FEAT_RAS),1)
- $(error For RAS_FFH_SUPPORT, ENABLE_FEAT_RAS must also be 1)
- endif
- ifneq ($(HANDLE_EA_EL3_FIRST_NS),1)
- $(error For RAS_FFH_SUPPORT, HANDLE_EA_EL3_FIRST_NS must also be 1)
- endif
-endif #(RAS_FFH_SUPPORT)
# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled
ifeq ($(FAULT_INJECTION_SUPPORT),1)
@@ -1178,6 +1182,8 @@
ENABLE_RUNTIME_INSTRUMENTATION \
ENABLE_SME_FOR_SWD \
ENABLE_SVE_FOR_SWD \
+ ENABLE_FEAT_RAS \
+ FFH_SUPPORT \
ERROR_DEPRECATED \
FAULT_INJECTION_SUPPORT \
GENERATE_COT \
@@ -1190,7 +1196,6 @@
NS_TIMER_SWITCH \
OVERRIDE_LIBC \
PL011_GENERIC_UART \
- PLAT_RSS_NOT_SUPPORTED \
PROGRAMMABLE_RESET_ADDRESS \
PSCI_EXTENDED_STATE_ID \
PSCI_OS_INIT_MODE \
@@ -1233,9 +1238,9 @@
ERRATA_ABI_SUPPORT \
ERRATA_NON_ARM_INTERCONNECT \
CONDITIONAL_CMO \
- RAS_FFH_SUPPORT \
PSA_CRYPTO \
ENABLE_CONSOLE_GETC \
+ INIT_UNUSED_NS_EL2 \
)))
# Numeric_Flags
@@ -1256,7 +1261,6 @@
ENABLE_FEAT_AMU \
ENABLE_FEAT_AMUv1p1 \
ENABLE_FEAT_CSV2_2 \
- ENABLE_FEAT_RAS \
ENABLE_FEAT_DIT \
ENABLE_FEAT_ECV \
ENABLE_FEAT_FGT \
@@ -1273,7 +1277,7 @@
ENABLE_FEAT_GCS \
ENABLE_FEAT_VHE \
ENABLE_FEAT_MTE_PERM \
- ENABLE_MPAM_FOR_LOWER_ELS \
+ ENABLE_FEAT_MPAM \
ENABLE_RME \
ENABLE_SPE_FOR_NS \
ENABLE_SYS_REG_TRACE_FOR_NS \
@@ -1326,7 +1330,7 @@
AMU_RESTRICT_COUNTERS \
ENABLE_ASSERTIONS \
ENABLE_BTI \
- ENABLE_MPAM_FOR_LOWER_ELS \
+ ENABLE_FEAT_MPAM \
ENABLE_PAUTH \
ENABLE_PIE \
ENABLE_PMF \
@@ -1339,6 +1343,8 @@
ENABLE_SPE_FOR_NS \
ENABLE_SVE_FOR_NS \
ENABLE_SVE_FOR_SWD \
+ ENABLE_FEAT_RAS \
+ FFH_SUPPORT \
ENCRYPT_BL31 \
ENCRYPT_BL32 \
ERROR_DEPRECATED \
@@ -1352,12 +1358,9 @@
NS_TIMER_SWITCH \
PL011_GENERIC_UART \
PLAT_${PLAT} \
- PLAT_RSS_NOT_SUPPORTED \
PROGRAMMABLE_RESET_ADDRESS \
PSCI_EXTENDED_STATE_ID \
PSCI_OS_INIT_MODE \
- ENABLE_FEAT_RAS \
- RAS_FFH_SUPPORT \
RESET_TO_BL31 \
SEPARATE_CODE_AND_RODATA \
SEPARATE_BL2_NOLOAD_REGION \
@@ -1429,6 +1432,7 @@
ENABLE_SPMD_LP \
PSA_CRYPTO \
ENABLE_CONSOLE_GETC \
+ INIT_UNUSED_NS_EL2 \
)))
ifeq (${SANITIZE_UB},trap)
diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S
index dd6b4dc..28d2187 100644
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@@ -15,31 +15,11 @@
#include <cpu_macros.S>
#include <context.h>
- .globl handle_lower_el_ea_esb
.globl handle_lower_el_sync_ea
.globl handle_lower_el_async_ea
-
-
-/*
- * Function to delegate External Aborts synchronized by ESB instruction at EL3
- * vector entry. This function assumes GP registers x0-x29 have been saved, and
- * are available for use. It delegates the handling of the EA to platform
- * handler, and returns only upon successfully handling the EA; otherwise
- * panics. On return from this function, the original exception handler is
- * expected to resume.
- */
-func handle_lower_el_ea_esb
- mov x0, #ERROR_EA_ESB
- mrs x1, DISR_EL1
- b ea_proceed
-endfunc handle_lower_el_ea_esb
-
-
+ .globl handle_pending_async_ea
/*
- * This function forms the tail end of Synchronous Exception entry from lower
- * EL, and expects to handle Synchronous External Aborts from lower EL and CPU
- * Implementation Defined Exceptions. If any other kind of exception is detected,
- * then this function reports unhandled exception.
+ * This function handles Synchronous External Aborts from lower EL.
*
* It delegates the handling of the EA to platform handler, and upon successfully
* handling the EA, exits EL3; otherwise panics.
@@ -57,27 +37,8 @@
cmp x30, #EC_DABORT_LOWER_EL
b.eq 1f
- /* Save GP registers */
- stp x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
- stp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
- stp x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
-
- /* Get the cpu_ops pointer */
- bl get_cpu_ops_ptr
-
- /* Get the cpu_ops exception handler */
- ldr x0, [x0, #CPU_E_HANDLER_FUNC]
-
- /*
- * If the reserved function pointer is NULL, this CPU does not have an
- * implementation defined exception handler function
- */
- cbz x0, 2f
- mrs x1, esr_el3
- ubfx x1, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH
- blr x0
- b 2f
-
+ /* EA other than above are unhandled exceptions */
+ no_ret report_unhandled_exception
1:
/*
* Save general purpose and ARMv8.3-PAuth registers (if enabled).
@@ -98,14 +59,6 @@
/* el3_exit assumes SP_EL0 on entry */
msr spsel, #MODE_SP_EL0
b el3_exit
-2:
- ldp x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
- ldp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
- ldp x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
-
- /* Synchronous exceptions other than the above are assumed to be EA */
- ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
- no_ret report_unhandled_exception
endfunc handle_lower_el_sync_ea
@@ -140,6 +93,73 @@
b el3_exit
endfunc handle_lower_el_async_ea
+/*
+ * Handler for async EA from lower EL synchronized at EL3 entry in FFH mode.
+ *
+ * This scenario may arise when there is an error (EA) in the system which is not
+ * yet signaled to PE while executing in lower EL. During entry into EL3, the errors
+ * are synchronized either implicitly or explicitly causing async EA to pend at EL3.
+ *
+ * On detecting the pending EA (via ISR_EL1.A), if the EA routing model is Firmware
+ * First handling (FFH, SCR_EL3.EA = 1) this handler first handles the pending EA
+ * and then handles the original exception.
+ *
+ * This function assumes x30 has been saved.
+ */
+func handle_pending_async_ea
+ /*
+ * Prepare for nested handling of EA. Stash sysregs clobbered by nested
+ * exception and handler
+ */
+ str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_GPREG_LR]
+ mrs x30, esr_el3
+ str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ESR_EL3]
+ mrs x30, spsr_el3
+ str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_SPSR_EL3]
+ mrs x30, elr_el3
+ str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
+
+ mov x30, #1
+ str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+ /*
+ * Restore the original x30 saved as part of entering EL3. This is not
+ * required for the current function but for EL3 SError vector entry
+ * once PSTATE.A bit is unmasked. We restore x30 and then the same
+ * value is stored in EL3 SError vector entry.
+ */
+ ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+
+ /*
+ * After clearing PSTATE.A bit pending SError will trigger at current EL.
+ * Put explicit synchronization event to ensure newly unmasked interrupt
+ * is taken immediately.
+ */
+ unmask_async_ea
+
+ /* Restore the original exception information along with zeroing the storage */
+ ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
+ msr elr_el3, x30
+ str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
+ ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_SPSR_EL3]
+ msr spsr_el3, x30
+ str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_SPSR_EL3]
+ ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ESR_EL3]
+ msr esr_el3, x30
+ str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ESR_EL3]
+
+ /*
+ * If the original exception corresponds to SError from lower El, eret back
+ * to lower EL, otherwise return to vector table for original exception handling.
+ */
+ ubfx x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
+ cmp x30, #EC_SERROR
+ ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_GPREG_LR]
+ str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_GPREG_LR]
+ b.eq 1f
+ ret
+1:
+ exception_return
+endfunc handle_pending_async_ea
/*
* Prelude for Synchronous External Abort handling. This function assumes that
@@ -149,7 +169,7 @@
* x1: EA syndrome
*/
func delegate_sync_ea
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
/*
* Check for Uncontainable error type. If so, route to the platform
* fatal error handler rather than the generic EA one.
@@ -179,7 +199,7 @@
* x1: EA syndrome
*/
func delegate_async_ea
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
/* Check Exception Class to ensure SError, as this function should
* only be invoked for SError. If that is not the case, which implies
* either an HW error or programming error, panic.
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index 7336b91..ed48311 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,7 @@
#include <bl31/sync_handle.h>
#include <common/runtime_svc.h>
#include <context.h>
+#include <cpu_macros.S>
#include <el3_common_macros.S>
#include <lib/el3_runtime/cpu_data.h>
#include <lib/smccc.h>
@@ -47,72 +48,30 @@
str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
.endm
- /*
- * Macro that prepares entry to EL3 upon taking an exception.
- *
- * With RAS_FFH_SUPPORT, this macro synchronizes pending errors with an
- * ESB instruction. When an error is thus synchronized, the handling is
- * delegated to platform EA handler.
- *
- * Without RAS_FFH_SUPPORT, this macro synchronizes pending errors using
- * a DSB, unmasks Asynchronous External Aborts and saves X30 before
- * setting the flag CTX_IS_IN_EL3.
- */
- .macro check_and_unmask_ea
-#if RAS_FFH_SUPPORT
- /* Synchronize pending External Aborts */
- esb
-
- /* Unmask the SError interrupt */
- msr daifclr, #DAIF_ABT_BIT
-
- /* Check for SErrors synchronized by the ESB instruction */
- mrs x30, DISR_EL1
- tbz x30, #DISR_A_BIT, 1f
-
- /*
- * Save general purpose and ARMv8.3-PAuth registers (if enabled).
- * Also save PMCR_EL0 and set the PSTATE to a known state.
- */
- bl prepare_el3_entry
-
- bl handle_lower_el_ea_esb
-
- /* Restore general purpose, PMCR_EL0 and ARMv8.3-PAuth registers */
- bl restore_gp_pmcr_pauth_regs
-1:
-#else
- /*
- * Note 1: The explicit DSB at the entry of various exception vectors
- * for handling exceptions from lower ELs can inadvertently trigger an
- * SError exception in EL3 due to pending asynchronous aborts in lower
- * ELs. This will end up being handled by serror_sp_elx which will
- * ultimately panic and die.
- * The way to workaround is to update a flag to indicate if the exception
- * truly came from EL3. This flag is allocated in the cpu_context
- * structure and located at offset "CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3"
- * This is not a bullet proof solution to the problem at hand because
- * we assume the instructions following "isb" that help to update the
- * flag execute without causing further exceptions.
- */
+ .macro restore_x30
+ ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+ .endm
/*
- * For SoCs which do not implement RAS, use DSB as a barrier to
- * synchronize pending external aborts.
+ * Macro that synchronizes errors (EA) and checks for pending SError.
+ * On detecting a pending SError it either reflects it back to lower
+ * EL (KFH) or handles it in EL3 (FFH) based on EA routing model.
*/
- dsb sy
-
- /* Unmask the SError interrupt */
- msr daifclr, #DAIF_ABT_BIT
-
- /* Use ISB for the above unmask operation to take effect immediately */
- isb
-
- /* Refer Note 1. */
- mov x30, #1
- str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3]
- dmb sy
+ .macro sync_and_handle_pending_serror
+ synchronize_errors
+ mrs x30, ISR_EL1
+ tbz x30, #ISR_A_SHIFT, 2f
+#if FFH_SUPPORT
+ mrs x30, scr_el3
+ tst x30, #SCR_EA_BIT
+ b.eq 1f
+ bl handle_pending_async_ea
+ b 2f
#endif
+1:
+ /* This function never returns, but need LR for decision making */
+ bl reflect_pending_async_ea_to_lower_el
+2:
.endm
/* ---------------------------------------------------------------------
@@ -147,9 +106,19 @@
cmp x30, #EC_AARCH64_SYS
b.eq sync_handler64
- /* Synchronous exceptions other than the above are assumed to be EA */
- ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+ cmp x30, #EC_IMP_DEF_EL3
+ b.eq imp_def_el3_handler
+
+ /* If FFH Support then try to handle lower EL EA exceptions. */
+#if FFH_SUPPORT
+ mrs x30, scr_el3
+ tst x30, #SCR_EA_BIT
+ b.eq 1f
b handle_lower_el_sync_ea
+#endif
+1:
+ /* Synchronous exceptions other than the above are unhandled */
+ b report_unhandled_exception
.endm
vector_base runtime_exceptions
@@ -217,22 +186,33 @@
end_vector_entry fiq_sp_elx
vector_entry serror_sp_elx
-#if !RAS_FFH_SUPPORT
+#if FFH_SUPPORT
/*
* This will trigger if the exception was taken due to SError in EL3 or
* because of pending asynchronous external aborts from lower EL that got
- * triggered due to explicit synchronization in EL3. Refer Note 1.
+ * triggered due to implicit/explicit synchronization in EL3 (SCR_EL3.EA=1)
+ * during EL3 entry. For the former case we continue with "plat_handle_el3_ea".
+ * The later case will occur when PSTATE.A bit is cleared in
+ * "handle_pending_async_ea". This means we are doing a nested
+ * exception in EL3. Call the handler for async EA which will eret back to
+ * original el3 handler if it is nested exception. Also, unmask EA so that we
+ * catch any further EA arise when handling this nested exception at EL3.
*/
- /* Assumes SP_EL3 on entry */
save_x30
- ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3]
- cbnz x30, 1f
-
- /* Handle asynchronous external abort from lower EL */
+ ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+ cbz x30, 1f
+ /*
+ * This is nested exception handling, clear the flag to avoid taking this
+ * path for further exceptions caused by EA handling
+ */
+ str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+ unmask_async_ea
b handle_lower_el_async_ea
1:
+ restore_x30
#endif
no_ret plat_handle_el3_ea
+
end_vector_entry serror_sp_elx
/* ---------------------------------------------------------------------
@@ -248,34 +228,41 @@
*/
save_x30
apply_at_speculative_wa
- check_and_unmask_ea
+ sync_and_handle_pending_serror
+ unmask_async_ea
handle_sync_exception
end_vector_entry sync_exception_aarch64
vector_entry irq_aarch64
save_x30
apply_at_speculative_wa
- check_and_unmask_ea
+ sync_and_handle_pending_serror
+ unmask_async_ea
b handle_interrupt_exception
end_vector_entry irq_aarch64
vector_entry fiq_aarch64
save_x30
apply_at_speculative_wa
- check_and_unmask_ea
+ sync_and_handle_pending_serror
+ unmask_async_ea
b handle_interrupt_exception
end_vector_entry fiq_aarch64
+ /*
+ * Need to synchronize any outstanding SError since we can get a burst of errors.
+ * So reuse the sync mechanism to catch any further errors which are pending.
+ */
vector_entry serror_aarch64
+#if FFH_SUPPORT
save_x30
apply_at_speculative_wa
-#if RAS_FFH_SUPPORT
- msr daifclr, #DAIF_ABT_BIT
+ sync_and_handle_pending_serror
+ unmask_async_ea
+ b handle_lower_el_async_ea
#else
- check_and_unmask_ea
+ b report_unhandled_exception
#endif
- b handle_lower_el_async_ea
-
end_vector_entry serror_aarch64
/* ---------------------------------------------------------------------
@@ -291,34 +278,41 @@
*/
save_x30
apply_at_speculative_wa
- check_and_unmask_ea
+ sync_and_handle_pending_serror
+ unmask_async_ea
handle_sync_exception
end_vector_entry sync_exception_aarch32
vector_entry irq_aarch32
save_x30
apply_at_speculative_wa
- check_and_unmask_ea
+ sync_and_handle_pending_serror
+ unmask_async_ea
b handle_interrupt_exception
end_vector_entry irq_aarch32
vector_entry fiq_aarch32
save_x30
apply_at_speculative_wa
- check_and_unmask_ea
+ sync_and_handle_pending_serror
+ unmask_async_ea
b handle_interrupt_exception
end_vector_entry fiq_aarch32
+ /*
+ * Need to synchronize any outstanding SError since we can get a burst of errors.
+ * So reuse the sync mechanism to catch any further errors which are pending.
+ */
vector_entry serror_aarch32
+#if FFH_SUPPORT
save_x30
apply_at_speculative_wa
-#if RAS_FFH_SUPPORT
- msr daifclr, #DAIF_ABT_BIT
+ sync_and_handle_pending_serror
+ unmask_async_ea
+ b handle_lower_el_async_ea
#else
- check_and_unmask_ea
+ b report_unhandled_exception
#endif
- b handle_lower_el_async_ea
-
end_vector_entry serror_aarch32
#ifdef MONITOR_TRAPS
@@ -401,7 +395,7 @@
#if ENABLE_RME
/* Copy SCR_EL3.NSE bit to the flag to indicate caller's security */
- ubfx x7, x18, #SCR_NSE_SHIFT, 1
+ ubfx x7, x18, #SCR_NSE_SHIFT, #1
/*
* Shift copied SCR_EL3.NSE bit by 5 to create space for
@@ -608,6 +602,114 @@
b el3_exit
endfunc handle_interrupt_exception
+func imp_def_el3_handler
+ /* Save GP registers */
+ stp x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
+ stp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
+ stp x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
+
+ /* Get the cpu_ops pointer */
+ bl get_cpu_ops_ptr
+
+ /* Get the cpu_ops exception handler */
+ ldr x0, [x0, #CPU_E_HANDLER_FUNC]
+
+ /*
+ * If the reserved function pointer is NULL, this CPU does not have an
+ * implementation defined exception handler function
+ */
+ cbz x0, el3_handler_exit
+ mrs x1, esr_el3
+ ubfx x1, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH
+ blr x0
+el3_handler_exit:
+ ldp x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
+ ldp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
+ ldp x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
+ restore_x30
+ no_ret report_unhandled_exception
+endfunc imp_def_el3_handler
+
+/*
+ * Handler for async EA from lower EL synchronized at EL3 entry in KFH mode.
+ *
+ * This scenario may arise when there is an error (EA) in the system which is not
+ * yet signaled to PE while executing in lower EL. During entry into EL3, the errors
+ * are synchronized either implicitly or explicitly causing async EA to pend at EL3.
+ *
+ * On detecting the pending EA (via ISR_EL1.A) and if the EA routing model is
+ * KFH (SCR_EL3.EA = 1) this handler reflects ther error back to lower EL.
+ *
+ * This function assumes x30 has been saved.
+ */
+func reflect_pending_async_ea_to_lower_el
+ /*
+ * As the original exception was not handled we need to ensure that we return
+ * back to the instruction which caused the exception. To acheive that, eret
+ * to "elr-4" (Label "subtract_elr_el3") for SMC or simply eret otherwise
+ * (Label "skip_smc_check").
+ *
+ * LIMITATION: It could be that async EA is masked at the target exception level
+ * or the priority of async EA wrt to the EL3/secure interrupt is lower, which
+ * causes back and forth between lower EL and EL3. In case of back and forth between
+ * lower EL and EL3, we can track the loop count in "CTX_NESTED_EA_FLAG" and leverage
+ * previous ELR in "CTX_SAVED_ELR_EL3" to detect this cycle and further panic
+ * to indicate a problem here (Label "check_loop_ctr"). If we are in this cycle, loop
+ * counter retains its value but if we do a normal el3_exit this flag gets cleared.
+ * However, setting SCR_EL3.IESB = 1, should give priority to SError handling
+ * as per AArch64.TakeException pseudo code in Arm ARM.
+ *
+ * TODO: In future if EL3 gets a capability to inject a virtual SError to lower
+ * ELs, we can remove the el3_panic and handle the original exception first and
+ * inject SError to lower EL before ereting back.
+ */
+ stp x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
+ ldr x29, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
+ mrs x28, elr_el3
+ cmp x29, x28
+ b.eq check_loop_ctr
+ str x28, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
+ /* Zero the loop counter */
+ str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+ b skip_loop_ctr
+check_loop_ctr:
+ ldr x29, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+ add x29, x29, #1
+ str x29, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+ cmp x29, #ASYNC_EA_REPLAY_COUNTER
+ b.ge el3_panic
+skip_loop_ctr:
+ /*
+ * Logic to distinguish if we came from SMC or any other exception.
+ * Use offsets in vector entry to get which exception we are handling.
+ * In each vector entry of size 0x200, address "0x0-0x80" is for sync
+ * exception and "0x80-0x200" is for async exceptions.
+ * Use vector base address (vbar_el3) and exception offset (LR) to
+ * calculate whether the address we came from is any of the following
+ * "0x0-0x80", "0x200-0x280", "0x400-0x480" or "0x600-0x680"
+ */
+ mrs x29, vbar_el3
+ sub x30, x30, x29
+ and x30, x30, #0x1ff
+ cmp x30, #0x80
+ b.ge skip_smc_check
+ /* Its a synchronous exception, Now check if it is SMC or not? */
+ mrs x30, esr_el3
+ ubfx x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
+ cmp x30, #EC_AARCH32_SMC
+ b.eq subtract_elr_el3
+ cmp x30, #EC_AARCH64_SMC
+ b.eq subtract_elr_el3
+ b skip_smc_check
+subtract_elr_el3:
+ sub x28, x28, #4
+skip_smc_check:
+ msr elr_el3, x28
+ ldp x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
+ ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+ exception_return
+endfunc reflect_pending_async_ea_to_lower_el
+
/* ---------------------------------------------------------------------
* The following code handles exceptions caused by BRK instructions.
* Following a BRK instruction, the only real valid cause of action is
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 0c1d657..f0776c4 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -27,7 +27,6 @@
include lib/mpmm/mpmm.mk
ifeq (${SPMC_AT_EL3},1)
- $(warning "EL3 SPMC is an experimental feature")
$(info Including EL3 SPMC makefile)
include services/std_svc/spm/common/spm.mk
include services/std_svc/spm/el3_spmc/spmc.mk
@@ -39,7 +38,6 @@
bl31/interrupt_mgmt.c \
bl31/aarch64/bl31_entrypoint.S \
bl31/aarch64/crash_reporting.S \
- bl31/aarch64/ea_delegate.S \
bl31/aarch64/runtime_exceptions.S \
bl31/bl31_context_mgmt.c \
bl31/bl31_traps.c \
@@ -67,6 +65,10 @@
BL31_SOURCES += bl31/ehf.c
endif
+ifeq (${FFH_SUPPORT},1)
+BL31_SOURCES += bl31/aarch64/ea_delegate.S
+endif
+
ifeq (${SDEI_SUPPORT},1)
ifeq (${EL3_EXCEPTION_HANDLING},0)
$(error EL3_EXCEPTION_HANDLING must be 1 for SDEI support)
@@ -106,7 +108,7 @@
BL31_SOURCES += lib/extensions/sve/sve.c
endif
-ifneq (${ENABLE_MPAM_FOR_LOWER_ELS},0)
+ifneq (${ENABLE_FEAT_MPAM},0)
BL31_SOURCES += lib/extensions/mpam/mpam.c
endif
diff --git a/bl31/bl31_main.c b/bl31/bl31_main.c
index cae55f3..925c6a6 100644
--- a/bl31/bl31_main.c
+++ b/bl31/bl31_main.c
@@ -121,6 +121,9 @@
/* Init registers that never change for the lifetime of TF-A */
cm_manage_extensions_el3();
+ /* Init per-world context registers for non-secure world */
+ manage_extensions_nonsecure_per_world();
+
NOTICE("BL31: %s\n", version_string);
NOTICE("BL31: %s\n", build_message);
diff --git a/changelog.yaml b/changelog.yaml
index 2d6986b..1467ab4 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -150,6 +150,10 @@
scope: trf
- title: Platforms
+ scope: platforms
+
+ deprecated:
+ - plat/common
subsections:
- title: Allwinner
@@ -180,8 +184,8 @@
deprecated:
- arm_fgpa
- - arm_fpga
- plat/arm_fpga
+ - arm/fpga
- title: FVP
scope: fvp
@@ -254,6 +258,9 @@
- title: Broadcom
scope: brcm
+ - title: Cadence
+ scope: cadence
+
- title: HiSilicon
scope: hisilicon
@@ -499,6 +506,9 @@
- title: SBSA
scope: qemu-sbsa
+ deprecated:
+ - qemu_sbsa
+
- title: QTI
scope: qti
@@ -609,6 +619,9 @@
- plat/xilinx
subsections:
+ - title: DCC (Debug Communication Channel)
+ scope: dcc
+
- title: Versal
scope: versal
@@ -691,6 +704,9 @@
scope: spm
subsections:
+ - title: EL3 SPM
+ scope: el3-spm
+
- title: EL3 SPMC
scope: el3-spmc
@@ -716,6 +732,7 @@
- errata_abi
- title: Libraries
+ scope: lib
subsections:
- title: CPU Support
diff --git a/common/feat_detect.c b/common/feat_detect.c
index a1ffc39..be22c6e 100644
--- a/common/feat_detect.c
+++ b/common/feat_detect.c
@@ -169,7 +169,7 @@
check_feature(ENABLE_FEAT_DIT, read_feat_dit_id_field(), "DIT", 1, 1);
check_feature(ENABLE_FEAT_AMU, read_feat_amu_id_field(),
"AMUv1", 1, 2);
- check_feature(ENABLE_MPAM_FOR_LOWER_ELS, read_feat_mpam_version(),
+ check_feature(ENABLE_FEAT_MPAM, read_feat_mpam_version(),
"MPAM", 1, 17);
check_feature(CTX_INCLUDE_NEVE_REGS, read_feat_nv_id_field(),
"NV2", 2, 2);
diff --git a/docs/about/features.rst b/docs/about/features.rst
index 4a2c77e..c12509d 100644
--- a/docs/about/features.rst
+++ b/docs/about/features.rst
@@ -108,6 +108,28 @@
- Position-Independent Executable (PIE) support.
+Experimental features
+---------------------
+
+A feature is considered experimental when still in development or isn't known
+to the TF-A team as widely deployed or proven on end products. It is generally
+advised such options aren't pulled into real deployments, or done with the
+appropriate level of supplementary integration testing.
+
+A feature is no longer considered experimental when it is generally agreed
+the said feature has reached a level of maturity and quality comparable to
+other features that have been integrated into products.
+
+Experimental build options are found in following section
+:ref:`build_options_experimental`. Their use through the build emits a warning
+message.
+
+Additionally the following libraries are marked experimental when included
+in a platform:
+
+- MPU translation library ``lib/xlat_mpu``
+- RSS comms driver ``drivers/arm/rss``
+
Still to come
-------------
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index 6042053..4531a03 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -67,6 +67,8 @@
:|G|: `bytefire`_
:|M|: Varun Wadekar <vwadekar@nvidia.com>
:|G|: `vwadekar`_
+:|M|: Yann Gautier <yann.gautier@st.com>
+:|G|: `Yann-lms`_
.. _code owners:
@@ -422,6 +424,15 @@
:|F|: lib/gpt_rme
:|F|: include/lib/gpt_rme
+Firmware Handoff Library (Transfer List)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+:|M|: Raymond Mao <raymond.mao@linaro.org>
+:|G|: `raymo200915`_
+:|M|: Harrison Mutai <harrison.mutai@arm.com>
+:|G|: `harrisonmutai-arm`_
+:|F|: lib/transfer_list
+:|F|: include/lib/transfer_list.h
+
Platform Ports
~~~~~~~~~~~~~~
@@ -748,8 +759,6 @@
Renesas rcar-gen3 platform port
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Jorge Ramirez-Ortiz <jramirez@baylibre.com>
-:|G|: `ldts`_
:|M|: Marek Vasut <marek.vasut@gmail.com>
:|G|: `marex`_
:|F|: docs/plat/rcar-gen3.rst
@@ -959,7 +968,6 @@
.. _jwerner-chromium: https://github.com/jwerner-chromium
.. _kostapr: https://github.com/kostapr
.. _lachitp: https://github.com/lachitp
-.. _ldts: https://github.com/ldts
.. _marex: https://github.com/marex
.. _masahir0y: https://github.com/masahir0y
.. _michalsimek: https://github.com/michalsimek
@@ -1028,3 +1036,5 @@
.. _rutigl: https://github.com/rutigl
.. _avifishman: https://github.com/avifishman
.. _xueliang-zhong-arm: https://github.com/xueliang-zhong-arm
+.. _raymo200915: https://github.com/raymo200915
+.. _harrisonmutai-arm: https://github.com/harrisonmutai-arm
diff --git a/docs/about/release-information.rst b/docs/about/release-information.rst
index 9b51dab..654d65f 100644
--- a/docs/about/release-information.rst
+++ b/docs/about/release-information.rst
@@ -25,6 +25,18 @@
code freeze ver w.x code freeze ver y.z
+Version numbering
+~~~~~~~~~~~~~~~~~
+TF-A version is given in Makefile, through several macros:
+
+- VERSION_MAJOR
+- VERSION_MINOR
+- VERSION_PATCH
+
+For example, TF-A v2.10 has VERSION_MAJOR=2, VERSION_MINOR=10 and VERSION_PATCH=0.
+
+This VERSION_PATCH macro is only increased for LTS releases.
+
Upcoming Releases
~~~~~~~~~~~~~~~~~
@@ -69,7 +81,9 @@
| | Date | after | |
| | | Release | |
+================================+=============+=========+=========================================================+
-| None at this time | | | |
+| Mbedtls-2.x | 2.10 | 2.10 | Support for TF-A builds with Mbedtls-2.x will be removed|
++--------------------------------+-------------+---------+---------------------------------------------------------+
+| STM32MP15_OPTEE_RSV_SHM | 2.10 | 3.0 | OP-TEE manages its own memory on STM32MP15 |
+--------------------------------+-------------+---------+---------------------------------------------------------+
Removal of Deprecated Drivers
@@ -84,9 +98,7 @@
| | Date | after | |
| | | Release | |
+================================+=============+=========+=========================================================+
-| CryptoCell-712 | 2.9 | 2.10 | No longer maintained. |
-+--------------------------------+-------------+---------+---------------------------------------------------------+
-| CryptoCell-713 | 2.9 | 2.10 | No longer maintained. |
+| None at this time. | | | |
+--------------------------------+-------------+---------+---------------------------------------------------------+
--------------
diff --git a/docs/change-log.md b/docs/change-log.md
index b660c73..cfc8c56 100644
--- a/docs/change-log.md
+++ b/docs/change-log.md
@@ -3,6 +3,985 @@
This document contains a summary of the new features, changes, fixes and known
issues in each release of Trusted Firmware-A.
+## [2.10.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.9.0..refs/tags/v2.10.0) (2023-11-21)
+
+### âš BREAKING CHANGES
+
+- **Architecture**
+
+ - **Performance Monitors Extension (FEAT_PMUv3)**
+
+ - This patch explicitly breaks the EL2 entry path. It is
+ currently unsupported.
+
+ **See:** convert FEAT_MTPMU to C and move to persistent register init ([83a4dae](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/83a4dae1af916b938659b39b7d0884359c638185))
+
+- **Libraries**
+
+ - **EL3 Runtime**
+
+ - **Context Management**
+
+ - Initialisation code for handoff from EL3 to NS-EL1
+ disabled by default. Platforms which do that need to enable this macro
+ going forward
+
+ **See:** introduce INIT_UNUSED_NS_EL2 macro ([183329a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/183329a5847df2bc6164ac8e9dbe7de4ca92836d))
+
+- **Drivers**
+
+ - **Authentication**
+
+ - remove CryptoCell-712/713 support
+
+ **See:** remove CryptoCell-712/713 support ([b65dfe4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b65dfe40aef550ee9ef7e869749013cb7f3c4cce))
+
+### New Features
+
+- **Architecture**
+
+ - **CPU feature / ID register handling in general**
+
+ - add AArch32 PAN detection support ([d156c52](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d156c5220adb35971aafa0b0de922992e4b8aa66))
+ - add memory retention bit define for CLUSTERPWRDN ([278beb8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/278beb894aeda23278a01c3c6aff1f40b8ce0a34))
+ - deny AArch64-only features when building for AArch32 ([733d112](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/733d112f05ecb29f7d8fce12c66a9721031970df))
+ - initialize HFG*_EL2 registers ([4a530b4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4a530b4c6556c87deb22c027dfaf2c5d6c9997a3))
+
+ - **Memory Tagging Extension**
+
+ - adds feature detection for MTE_PERM ([4d0b663](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4d0b66323b242323ff738431c523aeb6d18dd3d5))
+
+ - **Performance Monitors Extension (FEAT_PMUv3)**
+
+ - introduce pmuv3 lib/extensions folder ([c73686a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c73686a11cea8f9d22d7df3c5480f8824cfeec09))
+
+- **Platforms**
+
+ - **Allwinner**
+
+ - use reset through scpi for warm/soft reset ([0cf5f08](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0cf5f08a205e4877c9daef5d90e1086643590226))
+
+ - **Arm**
+
+ - add IO policy to use backup gpt header ([3e6d245](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3e6d245772ccb4b43f1ba6cd9d1bb8abe86a516c))
+ - ecdsa p384/p256 full key support ([b8ae689](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b8ae68908de5560436c565ac22d59c0cbfc9a7df))
+ - enable FHI PPI interrupt to report CPU errors ([f1e4a28](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1e4a28d3f9e4c5e7905f44d41c13de63d735864))
+ - reuse SPM_MM specific defines for SPMC_AT_EL3 ([5df1dcc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5df1dccd0be06cc45e82a57dc01be5b6b5d1a21b))
+ - save BL32 image base and size in entry point info ([821b01f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/821b01fa7521c0d6a0f16d02929fac3c44d14f86))
+ - add memory map entry for CPER memory region ([4dc91ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4dc91ac9069271325ffd3552a6a146256f5d0da3))
+ - firmware first error handling support for base RAMs ([5b77a0e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5b77a0e6759733d8a7de86e4492bd9b8628282d5))
+ - update common platform RAS implementation ([7f15131](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7f15131df42a42fef86cc594a56b6e7998dd2ba4))
+
+ - **FVP**
+
+ - add mbedtls_asn1_get_len symbol in ROMlib ([0605060](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/06050601d2a0ff06f92ca30ab988cbaf4e9929a1))
+ - add public key-OID information in RSS metadata structure ([bfbb1cb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bfbb1cbaac3e74da37d906c9ce1d39993dce8b66))
+ - add spmd logical partition ([5cf311f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5cf311f3a41fc114289265305a6254a8fb412c0e))
+ - allow configurable FVP Trusted SRAM size ([41e56f4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/41e56f422df47b8bc1a7699ff258999f900a6290))
+ - capture timestamps in bl stages ([ed8f06d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ed8f06ddda52bc0333f79e9ff798419e67771ae5))
+ - implement platform function to measure and publish Public Key ([db55d23](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/db55d23d34b687cf6ce79c0723fedf10ef7227be))
+ - increase BL1 RW area for PSA_CRYPTO implementation ([ce18938](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ce189383dc816cf1a48c1a94329c00f44d8acdc3))
+ - mock support for CCA NV ctr ([02552d4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02552d45e526766e000f3e3ae91ef381d402dab1))
+ - new SiP call to set an interrupt pending ([2032401](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/20324013b17706751ecdd68f57c0ab95c522ca7e))
+ - spmd logical partition smc handler ([a1a9a95](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a1a9a950713468a734ef3d8da210baf97f7c1071))
+
+ - **Juno**
+
+ - add mbedtls_asn1_get_len symbol in ROMlib ([ec8ba97](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ec8ba97e4ffde486670cb5a22ec4aac01409d92e))
+
+ - **Morello**
+
+ - add cpuidle support ([4f7330d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4f7330dc78ee620b8564a4bbc1ca2f2ae4cd1d9e))
+ - add support for I2S audio ([6bcbe43](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6bcbe437909d3779111e19774f911c625e98f1b3))
+ - add TF-A version string to NT_FW_CONFIG ([f4e64d1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f4e64d1f5e8277013c35dbd8e056b8071942f759))
+ - fdts: add CoreSight DeviceTree bindings ([3e6cfa7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3e6cfa7bd05521935c7753401dad823d044bfa23))
+ - set NT_FW_CONFIG properties for MCC, PCC and SCP version ([10fd85d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/10fd85d8f4a8f338942616ed403a1e02a388a16f))
+
+ - **RD**
+
+ - **RD-N2**
+
+ - enable base element RAM RAS support on RD-N2 platform ([0288632](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02886326659db3e4f46c0abd10be91a2de82cc90))
+ - add defines needed for spmc-el3 ([b4bed4b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b4bed4b769e907c8431b07f698da24660dfe0059))
+ - add plat hook for memory transaction ([f99dcba](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f99dcbace7015169ac5d230b8007686d144962fb))
+ - enable Neoverse N2 CPU error handling support ([e802748](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e80274880bf694fd0b0e869a6ceb67e95e547544))
+ - introduce accessor function to obtain datastore ([f458934](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f45893426546703d9e21970889e6333ca30c0dd7))
+ - introduce platform handler for Group0 interrupt ([c47d049](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c47d0491ed078cfa8ca400e182fd4a44acd8041a))
+
+ - **SGI**
+
+ - remove RAS setup call from common code ([0f5e8eb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0f5e8eb4536e27f5fd99b1367b18710927b014b9))
+ - firmware first error handling for Neoverse N2 CPU ([31d1e4f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/31d1e4ff8dd70dc0094ff44df0c1844d27430e77))
+ - increase sp memmap size ([7c33bca](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7c33bcab5973fb73b8278c674677663f5109948e))
+
+ - **TC**
+
+ - define memory ranges for tc platform ([9be6b16](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9be6b168fb482835a13ad39e7567721f74d513f9))
+ - implement platform function to measure and publish Public Key ([eee9fb0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eee9fb02f7b2c29befa27a0f2f0b6cb966f6d7c5))
+ - deprecate Arm TC1 FVP platform ([6a2b11c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6a2b11c29da50eed969834f6c6ee97cdb90cb51e))
+
+ - **Aspeed**
+
+ - **AST2700**
+
+ - add Aspeed AST2700 platform support ([85f199b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85f199b774476706b21f793503b36d861cab0a14))
+
+ - **Intel**
+
+ - add intel_rsu_update() to sip_svc_v2 ([e3c3a48](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e3c3a48c85dd1478e311e2e773a22fecfda69ec5))
+ - ccu driver for Agilex5 SoC FPGA ([02df499](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02df49900006ed44b4a0c239299dd45ca8509c17))
+ - clock manager support for Agilex5 SoC FPGA ([1b1a3eb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1b1a3eb1edff99b49bb40ad4172073d04a230938))
+ - cold/warm reset and smp support for Agilex5 SoC FPGA ([79626f4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/79626f460f115cc32b0dbeb48e72828d2dbf662a))
+ - ddr driver for Agilex5 SoC FPGA ([29461e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/29461e4c880235532385c01f202e638fb5ba11de))
+ - mailbox and SMC support for Agilex5 SoC FPGA ([8e59b9f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8e59b9f42374aaa641409b6469c8fe9245a33107))
+ - memory controller support for Agilex5 SoC FPGA ([18adb4e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/18adb4efa42946252b489d02f06cccb61ad0c867))
+ - mmc support for Agilex5 SoC FPGA ([4a577da](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4a577da6612ef6584695311e687ca00c57d68d53))
+ - pinmux, peripheral and Handoff support for Agilex5 SoC FPGA ([fcbb5cf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fcbb5cf7eadb8b048149941b08f09d04a860fee0))
+ - platform enablement for Agilex5 SoC FPGA ([7931d33](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7931d3322dc137447981d261e900f5a62d2181ee))
+ - power manager for Agilex5 SoC FPGA ([a8bf898](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a8bf898f02185ed838d8039949800843146ab245))
+ - reset manager support for Agilex5 SoC FPGA ([9b8d813](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9b8d813cc96173ce8ab7634dea17fb7f89b21626))
+ - restructure sys mgr for Agilex ([6197dc9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6197dc98feba98c3e123256424d2d33d5de997b8))
+ - restructure sys mgr for S10/N5X ([b653f3c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b653f3caf0f5e624604564c8c89ac8f4b450ba20))
+ - sdmmc/nand/combo-phy/qspi driver for Agilex5 SoC FPGA ([ddaf02d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ddaf02d17142187d9f17acd4900aafa598666317))
+ - setup SEU ERR read interface for FP8 ([91239f2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/91239f2c05c5df041e4a570a9d29c0ccbc34269a))
+ - system manager support for Agilex5 SoC FPGA ([7618403](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7618403110dad81c84822332225a7a687dc7f684))
+ - uart support for Agilex5 SoC FPGA ([34971f8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/34971f816a777df5afb6672990b9eceda60e84b7))
+ - vab support for Agilex5 SoC FPGA ([4754925](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4754925057b27d5992d4c913276602666d303b01))
+
+ - **MediaTek**
+
+ - add APU bootup control smc call ([94a9e62](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/94a9e6243e3978b42017639dad93481267bcf6e4))
+ - add APU watchdog timeout control ([baa0d45](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/baa0d45ced6b058681ade9213e30ab0e91f4f4fb))
+
+ - **MT8188**
+
+ - add apusys ao devapc setting ([777e3b7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/777e3b71bb0a37f98b4105af657d97c2afc2d0bc))
+ - add backup/restore function when power on/off ([233d604](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/233d604f500b5693b0caa6bcfdf0e2f766fd4cbd))
+ - add devapc setting of apusys rcx ([5986ae5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5986ae57aa4468b392d0f5fcb8b5bc04388fa3e2))
+ - add DSB before udelay ([b254b98](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b254b9815ee25c90264a2305940bc575910f55e4))
+ - add emi mpu protection for APU secure memory ([176846a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/176846a50b73267ff787432f74a1d9607b57ed20))
+ - add EMI MPU support for SCP and DSP ([013006f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/013006f1f889f5869502147af464e38619459463))
+ - add support for SMC from OP-TEE ([34d9d61](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/34d9d619f1c58549736b63aa5c5cddd7f171762e))
+ - enable apusys domain remap ([b5900c9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b5900c92a1579371ea6f40199c70673beb08b1ac))
+ - enable apusys mailbox mpu protect ([ad7673a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ad7673adef9bc5eaeef333ecaca8e85e82abe342))
+ - increase TZRAM_SIZE from 192KB to 256KB ([aa1cb27](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aa1cb279b62d82e3d6e7b6ec17b9eb71d598497e))
+ - modify APU DAPC permission ([d06edab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d06edabfd14e0d196139fb1c780017f34366ae0d))
+ - update return value in mtk_emi_mpu_sip_handler ([d07eee2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d07eee245b3fcc6b276969df34dc63ded1d4c8a2))
+
+ - **MT8195**
+
+ - increase TZRAM ([4f79b67](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4f79b67250641f67327c3e351d2f8339e8fd2d26))
+
+ - **NXP**
+
+ - **i.MX**
+
+ - add dummy 'plat_mboot_measure_key' function ([b9bceef](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b9bceef8eebf5c0f7f213921cca885a3f3c64ec1))
+
+ - **i.MX 8M**
+
+ - add more dram pll setting ([8947404](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/89474044a59d74cc088eb09292e99a3ca623fe33))
+ - detect console base address during runtime ([df730d9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/df730d94cb5850683371dd695e242a0c3817f070))
+ - enable snvs privileged registers access ([8d150c9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8d150c9524b1459b61c9d881100e20da827c1bd0))
+ - move the gpc reg & macro to a separate header file ([2a6ffa9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2a6ffa99afb6091110231381d1263407e9d88c3f))
+
+ - **i.MX 8M Nano**
+
+ - add workaround for errata ERR050362 ([8562564](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85625646692597ba8a1829efaadf56163450efaf))
+
+ - **i.MX 9**
+
+ - **i.MX93**
+
+ - add cpuidle and basic suspend support ([422d30c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/422d30c626beef689967b56d26a68f029e7b7cf9))
+ - add OPTEE support ([27a0be7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/27a0be77a064cbc87aaefecbf45fe0a2b133b188))
+ - add reset & poweroff support ([cf7ef4c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cf7ef4c762ddb573ffb6f1f434c04fdc52f6c2cf))
+ - add the basic support ([2368d7b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2368d7b157c169b84bc46d3d8a57d080507e81bd))
+ - add the trdc driver ([2935291](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2935291009c2933714a027b7b5cd1c8e41f70aff))
+ - allow SoC masters access to system TCM ([3d3b769](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3d3b769a7c112bff9468dbb21e36ce44125a72c0))
+ - protect OPTEE memory to secure access only ([f560f84](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f560f843bdc0e33ef47918a6c10676fa6aff95ac))
+ - update the ocram trdc config for did10 ([eb76a24](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eb76a2416a9bd5239db7b55d846bd2a16eec417a))
+
+ - **QEMU**
+
+ - add sdei support for QEMU ([cef76a7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cef76a7c5df7056cb73667e4e0b83d022e1b50fa))
+ - add "cortex-a710" cpu support ([4734a62](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4734a62d2c22f5b6a1e2b0369248d42fb9eddd1b))
+ - add "neoverse-n2" cpu support ([408f9cb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/408f9cb485796a73c5b87da70644665a13c685e4))
+ - add "neoverse-v1" cpu support ([6d8d7d2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6d8d7d2380d5120b3235c6f00eddcab126c3d648))
+ - add "neoverse-v1" cpu support ([214de62](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/214de62c92b2fc4b7edda9d9d637b7a4c0ba1fa5))
+ - add A55 cpu support for virt ([409c20c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/409c20c84dcfa61de68754152f331a7277609fb2))
+ - add dummy plat_mboot_measure_key() BL1 function ([8e2fd6a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8e2fd6a84b17fde92cef48ecaccdc3b666ef0588))
+ - add dummy plat_mboot_measure_key() function ([f0f11ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f0f11acd86650da04a41298acbf4ae38b7e25894))
+ - implement firmware handoff on qemu ([322af23](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/322af23445fe7a86eaad335b8a0f2ed523f5c1df))
+
+ - **SBSA**
+
+ - handle platform version ([c681d02](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c681d02c6ce2652307a4fcef16bd5626135dfad9))
+ - handle GIC base ([1e67b1b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1e67b1b17a1692dd653d31016ccd8fa18b5f8f67))
+ - handle GIC ITS address ([4171e98](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4171e981d13e6aa764c2520a2b513beafe449818))
+
+ - **QTI**
+
+ - **MSM8916**
+
+ - add port for MDM9607 ([78aac78](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/78aac78ad246ac8a04e1946bb9cd41b5734ba909))
+ - add port for MSM8909 ([cf0a75f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cf0a75f04df8e90c7958304e6e0499a7d2e2519c))
+ - add port for MSM8939 ([c28e96c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c28e96cd52f8fbdbbfd0bbc8bacef353ac65bfd6))
+ - add SP_MIN port for AArch32 ([45b2bd0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/45b2bd0acbf4678eb59d36eb0db7746f5286a868))
+ - add Test Secure Payload (TSP) port ([6b8f9e1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6b8f9e16a7849852abaf190f96130462f70eae17))
+ - allow selecting which UART to use ([aad23f1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aad23f1a2c109fb853e498c17fa1e97fbdb6522c))
+ - clear CACHE_LOCK for MMU-500 r2p0+ ([d9b0442](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d9b04423cfbf18cb510fb8e65ad02e7a1f4fe873))
+ - initialize CCI-400 for multiple clusters ([1240dc7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1240dc7ef11e850bdf7a4e66de3d858e26555842))
+ - power on L2 caches for secondary clusters ([c822d26](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c822d26506a589d4fa017246eeb83627f2efb554))
+
+ - **ST**
+
+ - add RCC registers list ([4cfbb84](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4cfbb84aeb361d8e4d72f0b0652d02918168b55e))
+ - allow AARCH64 compilation for common code ([dad7181](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dad718169815f7cec09144b770fc66c6d9c58d17))
+ - introduce new platform STM32MP2 ([35527fb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/35527fb41829102083b488a5150c0c707c5ede15))
+ - support gcc as linker ([7762531](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7762531216a599d98dcf88aef8f8e980e0db90ed))
+ - update STM32MP DT files ([4c8e8ea](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4c8e8ea772905c1420720a900dd3e7d94eefbc7e))
+
+ - **STM32MP1**
+
+ - add FWU with boot from NOR-SPI ([dfbadfd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dfbadfd96b6f3d383e8f1c3c8b0c91ca2110ea2e))
+
+ - **STM32MP15**
+
+ - disable OP-TEE shared memory ([fb1d3bd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fb1d3bd9330ce70f735a344dd4223faffb261118))
+
+ - **STM32MP2**
+
+ - add console configuration ([87a940e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/87a940e027dd11d0ec03ec605f205374b18361ba))
+ - generate stm32 file ([e5839ed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e5839ed79e34b8aa8c7c94da8c79e8ee8a7467df))
+
+ - **Texas Instruments**
+
+ - add TI-SCI query firmware capabilities command support ([7ab7828](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7ab782801f8c78ae6a8293d25cad687c86a4ac4e))
+ - query firmware for suspend capability ([ce1008f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ce1008fef1ace613bc36886fd1627164edfef245))
+ - remove extra core counts in cluster 2 and 3 ([e986845](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e9868458e6de2ffb3c08e2fafa444a812b895337))
+
+ - **Xilinx**
+
+ - add support to get chipid ([0563601](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0563601f03f0404bbc57464d3458c07614f920ca))
+ - clean macro names ([bfd0626](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bfd0626554374dd94a0105a5633df0afeae731b1))
+ - fix IPI calculation for Versal/NET ([69a5bee](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/69a5bee4c3633fd963d97f90f3a98e95a640d2da))
+ - move IPI related macros to plat_ipi.h ([b2258ce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b2258ce30cf720d71b1022c9cbee135c879027c5))
+ - remove crash console unused macros ([473ada6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/473ada6be65af7fdad85845336f42ed481eea11b))
+ - setup local/remote id in header ([068b0bc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/068b0bc6e39f1fc18f9450619942c711f860a7e2))
+ - switch boot console to runtime ([9c1c8f0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9c1c8f010143e179dee76381f3796f3801e6d220))
+ - sync macro names ([04a4833](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/04a483359fef61353d95619e84ec6b495b27adfb))
+ - used console also as crash console ([3e6b96e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3e6b96e869238f21c8887b835c3bfed487dbe653))
+
+ - **Versal**
+
+ - add support for SMCC ARCH SOC ID ([079c6e2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/079c6e2403fd07db2b41f7c6e7e8c568467a2c6b))
+ - add tsp support ([7ff4d4f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7ff4d4fbe58273541da86fa72786d4bd4604be9a))
+ - ddr address reservation in dtb at runtime ([56d1857](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56d1857efc21cff5e75aa65bba21e333a8552d04))
+ - enable assertion ([0375188](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0375188a3e114edf62a732e80ea0f08dde3bf0b0))
+ - retrieval of console information from dtb ([7c36fbc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7c36fbcc13793899390a01a9b4a623ff2fbf7ee1))
+
+ - **Versal NET**
+
+ - add cluster check in handoff parameters ([01c8c6a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/01c8c6a5542fbf09fa91bbdbc95b735bbc9f02d7))
+ - add support for SMCC ARCH SOC ID ([1873e7f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1873e7f7d879c3d0aba54c3785df534b9a7037b7))
+ - add the IPI CRC checksum macro support ([ba56b01](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ba56b012c8ba8e5c4e6f77ab8a921e494d040a44))
+ - add tsp support ([639b367](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/639b3676cc30dcf3e3e4d478906e7f7f37a7f1e4))
+ - ddr address reservation in dtb at runtime ([46a08aa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/46a08aab4c56ad9e3f57b127a02fead1e6b8cf38))
+ - enable assertion ([80cb4b1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/80cb4b14049c01df9a57cad9d1b94b10f904462f))
+ - get the handoff params using IPI ([a36ac40](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a36ac40c4e93e56380374301f558f508ad2cbf96))
+ - remove empty crash console setup ([6a14246](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6a14246ad469664b56f1fdb111433515ffcccaf6))
+ - retrieval of console information from dtb ([a467e81](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a467e813a362fae69484e70ecb26fd8b14489d38))
+
+ - **ZynqMP**
+
+ - enable assertion ([2243ba3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2243ba3c38ae5bab894709a4e98f188815398ef1))
+ - remove pm_ioctl_set_sgmii_mode api ([7414aaa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7414aaa1a1e31df66866f0e1c97ba7c9add2427f))
+ - retrieval of console information from dtb ([3923462](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3923462239c9e54088bd5b01fd5df469b2758582))
+
+ - **Nuvoton**
+
+ - added support for npcm845x chip ([edcece1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/edcece15c76423832fc1ffdb255528bf4c719516))
+
+- **Bootloader Images**
+
+ - **BL2**
+
+ - add gpt support ([6ed98c4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6ed98c45db01023d52a47eb4ede0ffb44de85f00))
+
+ - **BL31**
+
+ - reuse SPM_MM specific defines for SPMC_AT_EL3 ([f5e1bed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f5e1bed2669cce46a1d7c6b8d3f8f884b4d589b3))
+
+ - **BL32**
+
+ - print entry point before exiting SP_MIN ([94e1be2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/94e1be2b2918d8e70ac33cc8551e913d75e86398))
+
+- **Services**
+
+ - **RME**
+
+ - save PAuth context when RME is enabled ([13cc1aa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/13cc1aa70a666bc8f768569e5481b3daf499b7d1))
+
+ - **RMMD**
+
+ - enable SME for RMM ([f92eb7e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f92eb7e261bdaea54c10ad34451a7667a6eb4084))
+ - pass SMCCCv1.3 SVE hint bit to RMM ([6788963](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/678896301b807cb1130ca27fa53acc66d57b855e))
+
+ - **RMM**
+
+ - update RMI VERSION command as per EAC5 ([ade6000](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ade6000ff0b3aa41d581d5738ce42f5ea4d3b77d))
+
+ - **SPM**
+
+ - separate StMM SP specifics to add support for a S-EL0 SP ([549bc04](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/549bc04f148f3b42ea0808b9ab0794a48d67007d))
+
+ - **EL3 SPMC**
+
+ - add a flag to enable support to load SEL0 SP ([801cd3c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/801cd3c84a7bb8a66c5a40de25e611ec6448239c))
+
+ - **SPMD**
+
+ - add partition info get regs ([0b850e9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0b850e9e7c89667f9a12d49492a60baf44750dd9))
+ - add spmd logical partitions ([890b508](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/890b5088203e990d683a9c837e976be62c6501aa))
+ - el3 direct message API ([66bdfd6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/66bdfd6e4e6d8e086a30397be6055dbb04846895))
+ - get logical partitions info ([95f7f6d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/95f7f6d86a6aadc9d235684fd1aa57ddc4c56ea9))
+
+ - **ERRATA ABI**
+
+ - add support for Cortex-X3 ([9c16521](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9c16521606b1269ef13a69ec450b8d14ef92bde9))
+
+- **Libraries**
+
+ - **CPU Support**
+
+ - add a concise way to implement AArch64 errata ([3f4c1e1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3f4c1e1e7b976e6950cbcc4ddf8c32e989d837ac))
+ - add a way to automatically report errata ([4f748cc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4f748cc44cb12160dfca86d94a1075f38f7c99e4))
+ - add errata framework helpers ([445f7b5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/445f7b5191992c760e1089f566b94473a0432a1e))
+ - add more errata framework helpers ([94a75ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/94a75ad456a8bda75ca1e4343f00be249a201a69))
+ - add support for Gelas CPU ([02586e0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02586e0e28e590fbc5e8461cfdc03db08485c14f))
+ - add support for hermes cpu ([a00e907](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a00e907696dd7dcae9ec221ea4ee49d4179a8e2a))
+ - add support for Nevis CPU ([5497958](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/549795895cae55b11c1a7ce522aa6740de863fb4))
+ - add support for Travis CPU ([a0594ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a0594add2e2661a1b1e1f392bf015687004197bb))
+ - conform DSU errata to errata framework PCS ([ee6d04d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ee6d04d449d7a23840bab00f3d3ffd88c6c7bca6))
+ - make revision procedure call optional ([4d22b0e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4d22b0e5ba01b423f9f5200e4702750102635145))
+ - wrappers to propagate AArch32 errata info ([34c51f3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/34c51f327d47653637cf3604b4cd20819e795f25))
+
+ - **EL3 Runtime**
+
+ - modify vector entry paths ([d04c04a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d04c04a4e8d968f9f82de810a3c763474e3faeb7))
+
+ - **RAS**
+
+ - reuse SPM_MM specific defines for SPMC_AT_EL3 ([6e92a82](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6e92a82c81d2b0e49df730f68c8312beec1d3b48))
+ - use FEAT_IESB for error synchronization ([6597fcf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6597fcf169fa548d40f1e63391d12d207c491266))
+
+ - **Translation Tables**
+
+ - detect 4KB and 16KB page support when FEAT_LPA2 is present ([bff074d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bff074dd941d4fb51d6abade5db4b636f977d6f7))
+
+ - **C Standard Library**
+
+ - add %X to printf/snprintf ([483edc2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/483edc207a533a5eaf07fa1e2c47f29f1dc64e4a))
+ - implement memcpy_s in lib ([f328bff](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f328bff667c12099e82de6e94f3775a124ee78c7))
+
+ - **PSA**
+
+ - interface with RSS for retrieving ROTPK ([50316e2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/50316e226fbbe30b5eb4121225958a9b63e58bb1))
+
+ - **Firmware Handoff**
+
+ - introduce firmware handoff library ([3ba2c15](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3ba2c15147cc0c86342a443cd0cbfab3d2931c06))
+ - port BL31-BL33 interface to fw handoff framework ([94c90ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/94c90ac8168f4e257b67e138a53a2dbc612e4194))
+
+- **Drivers**
+
+ - **Authentication**
+
+ - add CCA NV ctr to CCA CoT ([e3b1cc0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e3b1cc0c51c7b0bae6abd81e15e4c2a00442c5db))
+ - add explicit entries for key OIDs ([0cffcdd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0cffcdd617986f0750b384620f5b960059d91fc9))
+ - create a zero-OID for Subject Public Key ([9505d03](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9505d03e368d8e620c4defeb53dad846d5bc7e62))
+ - ecdsa p384 key support ([557f7d8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/557f7d806a62a460404f8d1bec84c9400585930b))
+ - measure and publicise the Public Key ([9eaa5a0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9eaa5a09ed5805ec6423bc751b4254fba19090c1))
+
+ - **mbedTLS**
+
+ - update to 3.4.1 ([e686cdb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e686cdb450bbf01d42850457f83e45208a2655f8))
+ - add deprecation notice ([267c106](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/267c106f02e6996071985adbe695406a4978e97f))
+
+ - **mbedTLS-PSA**
+
+ - initialise mbedtls psa crypto ([4eaaaa1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4eaaaa19299040cfee0585d7daa744dee716d398))
+ - introduce PSA_CRYPTO build option ([5782b89](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5782b890d29646924d8bd3f46acdc73a6e02feb2))
+ - mbedTLS PSA Crypto with ECDSA ([255ce97](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/255ce97d609a93ab5528a653735abc46c2627e8f))
+ - register an ad-hoc PSA crypto driver ([38f8936](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/38f893692ad9b8edb5413f4b2b9cd15a9b485685))
+ - use PSA crypto API during hash calculation ([484b586](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/484b58696d627c68869d86e2c401a9088392659e))
+ - use PSA crypto API during signature verification ([eaa62e8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eaa62e825e31fb22a6245d9a5ab9cf5c9f8c0e46))
+ - use PSA crypto API for hash verification ([2ed061c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2ed061c43525b8a9cd82b38d31277a8df594edd5))
+
+ - **Measured Boot**
+
+ - introduce platform function to measure and publish Public Key ([2971bad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2971bad8d48c6f0ddb7436efd16375bd72ade6bd))
+
+ - **GUID Partition Tables Support**
+
+ - add interface to init gpt ([f08460d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f08460dc085283f25fd6b5df792f263ccdf22421))
+ - add support to use backup GPT header ([ad2dd65](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ad2dd65871b4411c735271f98a4fa5102abb2a00))
+
+ - **Arm**
+
+ - **Ethos-N**
+
+ - update npu error handling ([4796d2d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4796d2d9bb4a1c0ccaffa4f6b49dbb0f0304d1d1))
+
+ - **RSS**
+
+ - set the signer-ID in the RSS metadata ([60861a0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/60861a04e06d98ba6a9ae984cc5565f064fac9d1))
+
+ - **ST**
+
+ - **Clock**
+
+ - allow aarch64 compilation of STGEN functions ([b1718c6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b1718c6382cff096c46dd216b5c99586eb303d29))
+ - stub fdt_get_rcc_secure_state ([19c3808](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/19c38081d3cbb4062d8894e6c3ec3c4e1d01a767))
+
+ - **UART**
+
+ - add AARCH64 stm32_console driver ([c6d070c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c6d070cdba2c9a37b2253354f4cc3ba7e127e35d))
+
+- **Miscellaneous**
+
+ - **AArch64**
+
+ - add stack debug information to assembly routines ([f832885](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f8328853031ab6dfc57059ff181138babc7779a0))
+
+ - **DT Bindings**
+
+ - add the STM32MP2 clock and reset bindings ([3ccb708](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3ccb708ecede0858c3c8633942dd9ceec1511fa5))
+
+ - **FDTs**
+
+ - **Morello**
+
+ - add thermal framework ([0b22160](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0b221603e909cd493feeaab96d9c6f5458c628a8))
+
+ - **STM32MP2**
+
+ - add stm32mp257f-ev1 board ([9aa5371](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9aa5371f2fde18ed9ef466f3ee08e599bcdca2dd))
+ - introduce stm32mp25 pinctrl files ([2c62cc4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2c62cc4a879b3ca5414227a2ddcd965814f3d112))
+ - introduce stm32mp25 SoCs family ([0dc283d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0dc283d29e4d962553046ea7ba30e90ea64f6d3d))
+
+ - **TBBR**
+
+ - add image id for backup GPT ([1051606](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1051606c3df3b5a0ebd4e4dad1e5e4a57e2f4d69))
+ - update PK_DER_LEN for ECDSA P-384 keys ([c1ec23d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c1ec23dd60954582a9b5dd49e85b092e9ece0680))
+
+- **Documentation**
+
+ - introduce STM32MP2 doc ([ee5076f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ee5076f9716591333f1f5aa73b02c130c57917db))
+ - save BL32 image base and size in entry point info ([31dcf23](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/31dcf2345172de50b098d7a080c65ee6faa87df8))
+ - add a threat model for TF-A with Arm CCA ([4463541](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/446354122cea54255630d250064f5f889045acb0))
+ - cover threats inherent to receiving data over UART ([348446a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/348446ad2a836f7fa0ab05cdf6142342a1c4a4b3))
+ - add a section for experimental build options ([4885600](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/48856003bfaf8c8d0ce7b29e2e1262f7f1dfbb5d))
+
+- **Build System**
+
+ - include plat header in fdt build ([e03dcc8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e03dcc8f5ee2c2c48732745c5c364951eb36ceec))
+ - manage patch version in Makefile ([055ebec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/055ebeca1b642ae69885a95e3c102f95d567a11e))
+ - march option selection ([7794d6c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7794d6c8f8c44acc14fbdc5ada5965310056be1e))
+ - pass CCA NV ctr option to cert_create ([0f19b7a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0f19b7aada428e0ca69d27ab016928b8fbc64a79))
+ - .gitignore to include memory tools ([82257de](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/82257de06df2f744b12907079d5224bd56704de1))
+ - allow gcc linker on Aarch32 platforms ([cfe6767](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cfe6767f7dd483f1bd76b2ba88a75809e013c5bd))
+ - bump certifi to version 2023.7.22 ([6cbf432](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6cbf43204f3ca7cc6db621652da182743748af3f))
+ - convert tabs and ifdef comparisons ([72f027c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/72f027c335a9e20e479e0d684132401546685616))
+ - convert tabs to spaces ([1ca73b4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1ca73b4f4a0f6929a6649b4eb12e4ce45644a892))
+ - disable ENABLE_FEAT_MPAM for Aarch32 ([a07b459](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a07b4590dd06c9e27ec6d403003bcf55afa9dc27))
+ - include Cortex-A78AE cpu file for FVP ([b996db1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b996db168dcdac89245bb2cb60212e3e1b3ad061))
+ - pass parameters through response files ([430be43](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/430be4396bbf779c9d2cac0ed8fefd07c7b8fde2))
+ - remove duplicated include order ([c189adb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c189adbd5559a31078749fd3ddd483337ad609f6))
+ - remove handling of mandatory options ([1ca902a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1ca902a537d622b9f7f53f872586120ae75e2603))
+
+- **Tools**
+
+ - **Firmware Image Package Tool**
+
+ - add ability to build statically ([4d4fec2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4d4fec281861066ab2249bc3db7c2decdd176f34))
+
+ - **Secure Partition Tool**
+
+ - generate `ARM_BL2_SP_LIST_DTS` file from `sp_layout.json` ([20629b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/20629b3153bccdda32116ed5c4861e61fa1fba95))
+
+ - **Certificate Creation Tool**
+
+ - add new option for CCA NV ctr ([60753a6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/60753a63290e255d6c4d34d0145ac00e8d69c9cf))
+ - add pkcs11 engine support ([616b3ce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/616b3ce27d9a8a83a189a16ff6a05698bc6df3c8))
+ - ecdsa p384 key support ([c512c89](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c512c89cde91f10e1b283522ac956fa4da85a797))
+
+ - **Memory Mapping Tool**
+
+ - add tabular memory use data ([d9d5eb1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d9d5eb138ded8d4abeaf0cd1341ddf451aa299b8))
+ - add topological memory view ([cc60aba](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cc60aba227e74a171c924146a0b745450af72f3d))
+
+### Resolved Issues
+
+- **Architecture**
+
+ - **CPU feature / ID register handling in general**
+
+ - move nested virtualization support to optionals ([8b2048c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8b2048c1c019d799d1806926724c2fbbc399c4c1))
+
+ - **Memory Partitioning and Monitoring (MPAM) Extension (FEAT_MPAM)**
+
+ - refine MPAM initialization and enablement process ([edebefb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/edebefbcbc01f4ab67a7838e0191736fd9ee0192))
+
+ - **Performance Monitors Extension (FEAT_PMUv3)**
+
+ - make MDCR_EL3.MTPME=1 out of reset ([33815eb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/33815eb7194e662169676b2ce88ee4785aac9ccd))
+
+- **Platforms**
+
+ - register PLAT_SP_PRI only if not already registered ([bf01999](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bf01999aba3949e810b7c66d3a164c4e3a964bf8))
+
+ - **Arm**
+
+ - add Event Log area behind Trustzone Controller ([d836df7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d836df71ea50e0863f7858f71b06653058e64140))
+ - correct the SPMC_AT_EL3 condition ([a0ef1c0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a0ef1c0ef030e8fee8ad8f8a5f4a0fa911403a7c))
+ - fix GIC macros for GICv4.1 support ([f1df8f1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1df8f10c6906519c54483f1f7a67f5cc507ec31))
+ - add RAS_FFH_SUPPORT check for RAS EHF priority ([1c01284](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1c012840cab6529edbbc1bc7e3bcba11477a6955))
+ - do not program DSU CLUSTERPWRDN register ([3209b35](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3209b35d2a372e71b96f3efbd7631d32518dc9b7))
+
+ - **FPGA**
+
+ - enable CPU features required for ARMv9.2 cores ([b321c24](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b321c243423b9341bc04e839a795ff31247eacd5))
+
+ - **FVP**
+
+ - adjust BL2 maximum size as per total SRAM size ([965aace](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/965aacea919525baa03308a5a08205e506be0bf4))
+ - adjust BL31 maximum size as per total SRAM size ([24e224b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/24e224b41cc6fda4b507861cf8e409d8e4a3f7cd))
+ - conditionally increase XLAT and MMAP table entries ([03cf4e9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/03cf4e9aad2774ce221ccfe6f345ffcc8aabee4a))
+ - extract core id from mpidr for pwrc operations ([70bc744](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/70bc74441b9901ee91ebb32be1def1e645374488))
+ - increase maximum MMAP and XLAT entries count ([12fe591](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/12fe591b3e05255c167c5a9e21eaac2a9946f55c))
+ - increase the maximum size of Event Log ([f1dfaa4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1dfaa42cf1a93523501ce694260d88acee7c0c0))
+ - resolve broken workaround reference ([bcb3ea9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bcb3ea92f8626e48340bd65c7c3007953e0ee8f4))
+ - update pwr_domain_suspend ([f51d277](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f51d277de3e5f84eafafb32596ca0b154d11c4d5))
+ - update system suspend in OS-initiated mode ([e0ef05b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e0ef05bb2c260e0441186dd8647dea531bb1daf3))
+
+ - **Morello**
+
+ - configure platform specific secure SPIs ([80f8769](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/80f8769b26efcbce842d0ed62950603dfd83ef9b))
+
+ - **N1SDP**
+
+ - configure platform specific secure SPIs ([7b0c95a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7b0c95abc8e399a4a676647f4cffffa7ed21b3e6))
+ - fix spi_ids range for n1sdp multichip boot ([31f60a9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/31f60a968347497562b0129134928d7ac4767710))
+
+ - **SGI**
+
+ - update PLAT_SP_PRI macro definition ([6f689a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6f689a51a577f740b341744e62c667733a79df94))
+
+ - **TC**
+
+ - Correct return type ([b0542b5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b0542b58ca77b922cf879dfb7d38356b32399c56))
+ - rename macro to match PSA spec ([1fc20d7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1fc20d7f523e5c4bafb23584b1309ca432307ea4))
+
+ - **Corstone-1000**
+
+ - add cpu_helpers.S to platform.mk ([cb27274](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cb27274c9964deab3b613a48c1f293c122126ee5))
+ - modify boot device dependencies ([3ff5fc2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3ff5fc2b35638afea2fad3cd0c76dcadc1adb8c2))
+ - removing the signature area ([5856a91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5856a91a641a4cd7403143bb90b098855a77ac16))
+
+ - **Aspeed**
+
+ - **AST2700**
+
+ - add device mapping for coherent memory ([cef2e92](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cef2e92568045da4e1d26a9ebfb38b0176b4ec33))
+
+ - **Broadcom**
+
+ - fix misspelled header inclusion guard ([a9779c1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a9779c11daa251abb9c523b4e01e6ef26c7d46fc))
+
+ - **Cadence**
+
+ - update console flush uart driver ([e27bebb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e27bebb0fe84bf58eed1fb61a65da9280309f24e))
+
+ - **Intel**
+
+ - fix ncore ccu snoop dvm enable bug ([106aa54](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/106aa54d922c8d0980c527530cbb417141fe3f83))
+ - resolved coverity checking ([1af7bf7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1af7bf71c042add4f473c056f850a8a4792b6bbd))
+ - update boot scratch cold register to use cold 8 ([655af4f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/655af4f49278476ebac6bb865e325eca865684f2))
+ - update checking for memcpy and memset ([c418064](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c418064eb5ae2f223457e4a25a91f379e8cf5223))
+
+ - **MediaTek**
+
+ - support saving/restoring GICR registers ([f73466e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f73466e9a2fe35fc31a7a58a2e24308a9db341d7))
+
+ - **NVIDIA**
+
+ - **Tegra**
+
+ - return correct error code for plat_core_pos_by_mpidr ([6bd79b1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6bd79b13f8a8566d047ff25da9110a887b4e36e7))
+
+ - **NXP**
+
+ - **i.MX**
+
+ - **i.MX 8M**
+
+ - make IMX_BOOT_UART_BASE autodetection option more obvious ([101f070](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/101f07022a0337b074c03e60078b94789bc766f6))
+ - map BL32 memory only if SPD_opteed or SPD_trusty is enabled ([4827613](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4827613c9a8db6238e9411b508ef20bda3113146))
+
+ - **QEMU**
+
+ - fix 32-bit builds with stack protector ([e57ca89](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e57ca899efe414bd685e89e335a21d15a25b04f8))
+
+ - **SBSA**
+
+ - align FIP base to BL1 size ([408cde8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/408cde8a59080ac2caa11c4d99474b2ef09f90df))
+
+ - **QTI**
+
+ - **SC7280**
+
+ - update pwr_domain_suspend ([a43be0f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a43be0f61003df1d8cf01bd706d5af305428c022))
+ - update system suspend in OS-initiated mode ([0a9270a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0a9270abe82b396bf6fa15c7eb39c3499452686a))
+
+ - **Renesas**
+
+ - **R-Car**
+
+ - add mandatory fields in 'reserved-memory' node ([f945498](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f945498faab3bd44f0f957931809de2f59517814))
+
+ - **R-Car 3**
+
+ - fix CPG register code comment ([69c371b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/69c371bc16533eb97a1d9bc408f9f17da87ba641))
+ - update Draak and Eagle board IDs ([281edfe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/281edfee02bc72d81aa4972d60216647f932f3df))
+
+ - **ST**
+
+ - allow crypto lib compilation in aarch64 ([76e4fab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/76e4fab000825c4361b4b9843c6e0c2f4f6eb1fd))
+ - enable RTC clock before accessing nv counter ([77ce6a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/77ce6a561eae769419559632afa4d807a4fc33b6))
+ - flush UART at the end of uart_read() ([a9cb7d0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a9cb7d002df4f09dce779b5b56640c2fdd77ba3b))
+ - properly check LOADADDR ([9f72f5e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9f72f5eac81c23fe39415b2346b112f64fba8610))
+ - reduce MMC block_buffer ([a2500ab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a2500ab7aba27ed5d613718f5f15371bbe895ca6))
+ - setting default KEY_SIZE ([6f3ca8a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6f3ca8ada60addc601f685fa51619d2101d7406a))
+ - update comment on encryption key ([5c506c7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5c506c73751cc3f51df88826b89b5f729d8955c5))
+ - update dt_get_ddr_size() type ([2a4abe0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2a4abe0b37f8d1987019c3de30e3301d8f8958d7))
+
+ - **STM32MP1**
+
+ - add void entry in plat_def_toc_entries ([8214ecd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8214ecdab22a72877dfff539eee31cfb92f36423))
+ - properly check PSCI functions return ([241f874](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/241f8745459ae413ca22fcc0f1081da8de48796f))
+ - use the BSEC nodes compatible for stm32mp13 ([2171bd9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2171bd9511258e7aebaa3ce2f9498093d3a3c63e))
+
+ - **Texas Instruments**
+
+ - align static device region addresses to reduce MMU table count ([53a868f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/53a868f676d9ad6ec37d69155241883b8e7bf0bf))
+ - fix TISCI API changes during refactor ([d7a7135](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d7a7135d32a8c7da004c0c19b75bd4e2813f9759))
+ - release lock in all TI-SCI xfer return paths ([e92375e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e92375e07cf54c2fbac6616e58116c98507ac177))
+ - remove check for zero value in BL31 boot args ([44edd3b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/44edd3bd7cfe1d5fb1599ab5eee9b81efea984e0))
+
+ - **Xilinx**
+
+ - add headers to resolve compile time issue ([744d60a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/744d60aab4e0173e21564fde092884c10267a6cc))
+ - dcache flush for dtb region ([93ed138](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/93ed138006dc09e5b09222cabae8952dd5363ad2))
+ - don't reserve 1 more byte ([c3b69bf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c3b69bf17bc0231b0dae613dc9e1e01e41f32236))
+ - dynamic mmap region for dtb ([7ca7fb1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7ca7fb1bf0873824531a6eee2da1214b61496b02))
+ - remove clock_setrate and clock_getrate api ([e5955d7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e5955d7c63291a736efe75fb93effbc3fefb19fb))
+ - remove console error message ([f9820f2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f9820f21b8317fb3a08598452b252f7a6a2a4ad7))
+ - update dtb when dtb address and tf-a ddr flow is used ([fdf8f92](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fdf8f929df078943c24154e25d9d7661139826b3))
+
+ - **DCC (Debug Communication Channel)**
+
+ - add dcc console unregister function ([0936abe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0936abe9b235dd996e9466288415bb994acbbe8f))
+ - enable DCC also for crash console ([c6d9186](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c6d9186f60a08b4a44b1ecf38071eacdc9553ef6))
+
+ - **Versal**
+
+ - add missing irq mapping for wakeup src ([06b9c4c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/06b9c4c87df0b2a052e4f3330b86cc572c7bf885))
+ - fix BLXX memory limits for user defined values ([f123b91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f123b91fddfcc882577590bbf4a54e1497ef9a64))
+ - make pmc ipi channel as secure ([96eaafa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/96eaafa3f855ea9e0b6ce13a44f37fa9f1026207))
+ - type cast addresses to fix integer overflow ([bfe82cf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bfe82cff6f6ab8e557e7ad7db8eae573f1fb02f3))
+ - use correct macro name for ocm base address ([56afab7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56afab73a852fd3e10e607d2d86dedc3bae3ff2d))
+
+ - **Versal NET**
+
+ - add redundant call to avoid glitches ([cebb7cc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cebb7cc110e02281060ec854a28a3bee382d8efa))
+ - change flag to increase security ([e8efb65](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e8efb65afb996c9832384c96b36aee3092b56a4b))
+ - correct device node indexes ([66b5620](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/66b5620c873ef656f779a4c2d844b187ba474d9d))
+ - don't clear pending interrupts ([fb73ea6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fb73ea6cc3f9f4f51195b416a0f803a72d81eff6))
+ - fix BLXX memory limits for user defined values ([a80da38](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a80da3899a5eea6bc022c37101ac0b7d970846f7))
+ - make pmc ipi channel as secure ([2c65b79](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2c65b79e256ea5ead117efeaa5d39c3e53c83bdc))
+ - use correct macro name for uart baudrate ([e2ef1df](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e2ef1dfcdbef7e448e9dd96852ffb8489c187d34))
+
+ - **ZynqMP**
+
+ - do not export apu_ipi ([237c5a7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/237c5a74a295d6306529be024aaa3d6af4b32898))
+ - fix BLXX memory limits for user defined values ([8ce2fbf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8ce2fbffe37ddcab5071601f1b311ee82a56b7cc))
+ - fix prepare_dtb() memory description ([3efee73](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3efee73d528578162b8eb046dce540f0c5f0041a))
+ - fix sdei arm_validate_ns_entrypoint() ([3b3c70a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3b3c70a418522176f3a55d8e266e3968f7d4f832))
+ - handling of type el3 interrrupts ([e8d61f7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e8d61f7d91901f577030f6a45a71cf389b96d9dc))
+ - make zynqmp_devices structure smaller ([7e3e799](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e3e79995a3c02871211dd0e983fb6e886a9c518))
+ - remove unused headers ([6288636](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/62886363a16f0dcef3b6acdff0a96880cf9940ce))
+ - resolve runtime error in TSP ([81ad3b1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/81ad3b14b95e019eaa8d89d444680c14ede4d8ab))
+ - type cast addresses to fix overflow issue ([9129163](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/91291633a1c99736803f39edb21cad95a3517ee8))
+ - validate clock_id to avoid OOB variable access ([abc79c2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/abc79c275be764d76bd983837ffc487664182dac))
+
+ - **Nuvoton**
+
+ - fix typo in platform.mk ([c7efb78](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c7efb78f8edc8fa66bbe2f9bad390d29f6a43fb0))
+
+- **Bootloader Images**
+
+ - **BL2**
+
+ - bl2 start address for RESET_TO_BL2+ENABLE_PIE ([d478ac1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d478ac16c9002114da1c4708a0efb083c494ce2f))
+
+ - **BL31**
+
+ - resolve runtime console garbage in next stage ([889e3d1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/889e3d1c68e37dc9f75ae432703fa8ffc7259546))
+
+ - **BL32**
+
+ - always include arm_arch_svc in SP_MIN ([cd0786c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cd0786c73e536a1d2507d77ce49e2ae2b8ee71a1))
+ - avoid clearing argument registers in RESET_TO_SP_MIN case ([56055e8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56055e87b0a756d4756a22ed26b855fbe7afe93c))
+
+ - **TSP**
+
+ - fix destination ID in direct request ([ed23d27](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ed23d274fae0b2787421a1b2558d7c1e9ebb07ab))
+ - flush uart console ([ae074b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ae074b369a25747acf98a23389e9d67b39738c71))
+
+- **Services**
+
+ - **RME**
+
+ - **RMMD**
+
+ - enable sme using sme_enable_per_world ([c0e16d3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c0e16d30ab70c51737f7a01a6b365d27c1a94f3b))
+
+ - **SPM**
+
+ - **EL3 SPM**
+
+ - fix LSP direct message response ([c040621](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c040621dba5f4c097441e67c9fd99b9df174ba4e))
+ - improve direct messaging validation ([48fe24c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/48fe24c50cd4990a76f88e89b77e71b9a90aec6c))
+
+ - **EL3 SPMC**
+
+ - avoid descriptor size calc overflow ([27c0242](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/27c02425089548786a18d355b15acccd51880676))
+ - correctly account for emad_offset ([0c2583c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0c2583c6fbfd03e70915554d4093e5f9148f3792))
+ - fix incorrect CASSERT ([1dd79f9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1dd79f9e2316e5a7a78b0ad5a34ec50288338e6f))
+ - only call spmc_shm_check_obj() on complete objects ([d781959](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d781959f81923bc3a59e77abd44df2fcc61f044e))
+ - prevent total_page_count overflow ([2d4da8e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2d4da8e265660ce7580219b51d5e79fd99ce1458))
+ - remove experimental flag ([630a06c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/630a06c4c64f3a6804dd633081190241b1e78484))
+ - use uint64_t for 64-bit type ([43318e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/43318e4a4dcc79935150de75fe5dccbb615f4719))
+ - use version-dependent minimum descriptor length ([52d8d50](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/52d8d506e715dbbeba0938cecd30ac6624d1dcfc))
+ - validate descriptor headers ([56c052d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56c052d31126c93b3c6782ea8e0c3348b5299b75))
+ - validate memory address alignment ([327b5b8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/327b5b8b74faedefc45e861c797197cf6fbd6def))
+ - validate shmem descriptor alignment ([dd94372](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dd94372d77ff107726a7be53318b5694f3309ddb))
+
+ - **SPMD**
+
+ - coverity scan issues ([b04343f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b04343f3c912c8abc1a37b0ebe461ab574959ecd))
+ - fix FFA_VERSION forwarding ([76d53ee](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/76d53ee1aafca7ba908c7439670509107377b309))
+ - perform G0 interrupt acknowledge and deactivation ([6c91fc4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6c91fc44580415aaca4cbd774d4373475f33deb2))
+ - relax use of EHF with SPMC at S-EL2 ([bb6d0a1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bb6d0a174f76240728cd911130703e712520ce16))
+
+ - **ERRATA ABI**
+
+ - added Neoverse N2 to Errata ABI list ([7e030b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e030b376329a0466ffe7676be215770bb46d10f))
+ - fix the rev-var for Cortex-A710 ([5c8fcc0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5c8fcc0ca7f5e6dc3aea947800e146fe0ffe9b84))
+ - update the Cortex-A76 errata ABI struct ([92d5b50](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/92d5b501d4ba7e00e2ddfd546dc90b786966a352))
+ - update the Cortex-A78C errata ABI struct ([7f2caec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7f2caecdbc64d1fbd34942285e1194e85c5e8614))
+ - update the neoverse-N1 errata ABI struct ([56747a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56747a5caa50eedeb627795f1c37e0a14953c2bf))
+ - update the Neoverse-N2 errata ABI struct ([80af87e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/80af87e476ec3dd1ad26d7a906da82268a29e2b5))
+
+- **Libraries**
+
+ - **CPU Support**
+
+ - assert invalid cpu_ops obtained ([3f721c6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3f721c6edd20cef11c241a3ef84d94c06f5bebb4))
+ - check for SME presence in Gelas ([0bbd432](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0bbd4329bf73b0da1ed69578c385dd36358e261e))
+ - fix minor issue seen with a9 cpu ([af70470](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/af704705c135f85b8b1eeda938e3dcdba3f6e561))
+ - fix the rev-var for Cortex-A710 ([2bf7939](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2bf7939a7b313352deb6c6b77ee1316eff142a7c))
+ - fix the rev-var of Cortex-X2 ([8ae66d6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8ae66d624e2f7cae9577ff8f99e0a45e21fb353d))
+ - fix the rev-var of Neoverse-V1 ([ab2b56d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ab2b56df266f73aa53ca348d7945b119e1ef71c7))
+ - flush L2 cache for Cortex-A7/12/15/17 ([c5c160c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c5c160cdddd1c365a447c1fcd148fabb9014cce0))
+ - integer suffix macro definition ([1a56ed4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1a56ed4b357e9023637c74c39c6885c558a737d2))
+ - reduce generic_errata_report()'s size ([f43e09a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f43e09a12e4f4f32185d3e2accceb65895d1f16b))
+ - revert erroneous use of override_vector_table macro in Cortex-A73 ([9a0c812](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9a0c81257ff116b2ca33f5b6737e0a000fb7e551))
+ - update the fix for Cortex-A78AE erratum 1941500 ([67a2ad1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/67a2ad171d1fb604d4cba8fa7f92ccb66d1ef3f9))
+ - update the rev-var for Cortex-A78AE ([c814619](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c814619a364aea3bd55b5ea238541864c0de7dab))
+ - workaround for Cortex-A510 erratum 2080326 ([6e86475](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6e86475d55fa2981bc342a0eb78b86be233d7718))
+ - workaround for Cortex-A710 erratum 2742423 ([d7bc2cb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d7bc2cb4303088873a715bcaa2ac3e0096b9d7f2))
+ - workaround for Cortex-X2 erratum 2742423 ([fe06e11](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fe06e118ab0837ff173f6b7e576dcc34b2d26bb1))
+ - workaround for Cortex-X3 erratum 2070301 ([2454316](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2454316c2ae4411d0071d88c3db3c95598f12498))
+ - workaround for Cortex-X3 erratum 2742421 ([5b0e443](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5b0e4438d0e604e80ffff17d02e37cae0f4b2a8f))
+ - workaround for Neoverse N2 erratum 2009478 ([74bfe31](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/74bfe31fd2c992d8e1e13bf396a9d5c136967ca5))
+ - workaround for Neoverse N2 erratum 2340933 ([68085ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/68085ad4827ac7daa39767d479d0565daa32cb47))
+ - workaround for Neoverse N2 erratum 2346952 ([6cb8be1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6cb8be17a53f4e11880ba13b78fca15895281cfe))
+ - workaround for Neoverse N2 erratum 2743014 ([eb44035](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eb44035cdec5d47d7eb3c904c8e5d8443b9dfcba))
+ - workaround for Neoverse N2 erratum 2779511 ([12d2806](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/12d28067c9e76a78b148ed6fb94faf96de5e8502))
+ - workaround for Neoverse V2 erratum 2331132 ([8852fb5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8852fb5b7d94229475446c81cfa58851bc2204ff))
+ - workaround for Neoverse V2 erratum 2719105 ([b011402](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b01140256b5c0620cbde8e98c0df0e95343a3c71))
+ - workaround for Neoverse V2 erratum 2743011 ([58dd153](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/58dd153cc88e832a6b019f1d4c2e6d64986ea69d))
+ - workaround for Neoverse V2 erratum 2779510 ([ff34264](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ff342643bcfaf20d61148b90a068694fa1c44dca))
+ - workaround for Neoverse V2 erratum 2801372 ([40c81ed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/40c81ed5335191fbe32466e56aa4fb6db1da466c))
+
+ - **EL3 Runtime**
+
+ - leverage generic interrupt controller helpers ([07f867b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/07f867b12251235b8582bec38e9cf39a95703e77))
+ - restrict lower el EA handlers in FFH mode ([6d22b08](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6d22b089ffb1793d581fde4de76245397ad7d4ee))
+
+ - **Context Management**
+
+ - make ICC_SRE_EL2 fixup generic to all worlds ([5e8cc72](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5e8cc7278659820bcd64c243cbd89c131462314c))
+ - set MDCR_EL3.{NSPBE, STE} explicitly ([99506fa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/99506face112410ae37cf617b6efa809b4eee0ee))
+
+ - **RAS**
+
+ - remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT ([f87e54f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f87e54f73cfee5042df526af6185ac6d9653a8f5))
+ - restrict ENABLE_FEAT_RAS to have only two states ([970a4a8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/970a4a8d8c0d6894fe2fd483d06b6392639e8760))
+
+ - **PSCI**
+
+ - add optional pwr_domain_validate_suspend to plat_psci_ops_t ([d348861](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d34886140c74c0afc48ab20e63523505fcfb4b7d))
+
+ - **SMCCC**
+
+ - ensure that mpidr passed through SMC is valid ([e60c184](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e60c18471fc7488cc0bf1dc7eae3b43be77045a4))
+ - pass SMCCCv1.3 SVE hint to internal flags ([b2d8517](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b2d851785f6c03cae4feb015fe69091582e18f5e))
+
+ - **Translation Tables**
+
+ - fix defects on the xlat library reported by coverity scan ([2974ad8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2974ad87b8561706176e113e2ec4457c919cb99a))
+ - set MAX_PHYS_ADDR to total mapped physical region ([1a38aaf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1a38aafbff93e478aa6f9e19af1ed76024062a73))
+
+- **Drivers**
+
+ - **Authentication**
+
+ - allow hashes of different lengths ([22a5354](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/22a53545aa37c06a1ffd0f3c15e870b256a41cb7))
+ - don't overwrite pk with converted pk when rotpk is hash ([1046b41](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1046b41808b23b4079f04cad370646e05207ded5))
+
+ - **Measured Boot**
+
+ - don't strip last non-0 char ([b85bcb8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b85bcb8ec92126c238572ed7d242115125e411e1))
+
+ - **MMC**
+
+ - initialises response buffer with zeros ([b1a2c51](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b1a2c51a0820fce803431e6ee5bd078bb1a65b0d))
+
+ - **MTD**
+
+ - **NAND**
+
+ - reset the SLC NAND ([f4d765a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f4d765a12815e3f4bd9c4dff5fd88661b3615114))
+
+ - **SPI NAND**
+
+ - add Quad Enable management ([da7a33c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/da7a33cf2f27545d9d290ff0c2ee1ec333b061bb))
+
+ - **SCMI**
+
+ - add parameter for plat_scmi_clock_rates_array ([ca9d6ed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ca9d6edc892165c38f1b2710b537c10d4a57062d))
+
+ - **UFS**
+
+ - performs unsigned shift for doorbell ([e47d8a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e47d8a58b0d5745c943c36fad2ec8a98af709bea))
+ - set data segment length ([9d6786c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9d6786cacee7c0eff33d1cec42c09c7002dd83d2))
+
+ - **Arm**
+
+ - **GIC**
+
+ - **GICv3**
+
+ - map generic interrupt type to GICv3 group ([632e5ff](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/632e5ffeb8f50a98090065b63d9d071b72acd23c))
+ - move invocation of gicv3_get_multichip_base function ([36704d0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/36704d09c6b26045fe2d18530a020ed23d74593d))
+
+ - **GIC-600**
+
+ - fix gic600 maximum SPI ID ([69ed7dc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/69ed7dc2e964c66eb8ff926a63a47b701ae1f3c6))
+
+ - **Renesas**
+
+ - **R-Car3**
+
+ - update DDR setting ([138ddcb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/138ddcbf4d330d13a11576d973513014055f98c1))
+
+ - **ST**
+
+ - **Clock**
+
+ - disabling CKPER clock is not functional on stm32mp13 ([1bbcb58](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1bbcb58a69c4ee2ee13e9d5de4499438ca08b149))
+
+ - **Crypto**
+
+ - do not read RNG data if it's not ready ([53092a7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/53092a7780fa3d1b926aae8666f1c5a19cb039f1))
+ - use GENMASK_32 to define PKA registers masks ([379d77b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/379d77b3705b0f3a88332663bba956289cad5797))
+
+ - **DDR**
+
+ - express memory size with size_t type ([b4e1e8f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b4e1e8fbf0dde5679d6b3717b8579f7a3343fdf8))
+
+ - **UART**
+
+ - allow 64 bit compilation ([6fef0f6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6fef0f67e47b3b42fc9b5dbc55bdef00a970765d))
+ - correctly check UART enabled in flush fonction ([a527380](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a5273808aa1a4514f7849ca91b7859e15bf82bff))
+ - skip console flush if UART is disabled ([b156d7b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b156d7b1cca1542f0c1c6f5d4354c43e048dc4a0))
+
+- **Miscellaneous**
+
+ - **AArch32**
+
+ - disable workaround discovery on aarch32 for now ([d1f2748](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d1f2748ed25748237e894c68c5a163326a8c33b9))
+
+ - **FDTs**
+
+ - **STM32MP1**
+
+ - move /omit-if-no-ref/ to overlay files ([f351f91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f351f9110f29a33923780c40d0896832fdb0ac81))
+
+ - **STM32MP13**
+
+ - correct the BSEC nodes compatible ([85c2ea8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85c2ea8fd325797a44e814b575611aafae9e7613))
+ - cosmetic fixes in PLL nodes ([8b82663](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8b826636a39e0f20cc2c0557288b1eeab46fb923))
+
+ - **SDEI**
+
+ - ensure that interrupt ID is valid ([a7eff34](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a7eff3477dcf3624c74f5217419b1a27b7ebd2aa))
+
+ - **TBBR**
+
+ - guard defines under MBEDTLS_CONFIG_FILE ([81c2e15](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/81c2e1566dc4484c23d293961744489a9a6ea3f0))
+ - unrecognised 'tos-fw-key-cert' option ([f1cb5bd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1cb5bd19034407f2de7cad23f2cc52ca924e561))
+
+- **Documentation**
+
+ - match boot-order size to implementation ([fd1479d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fd1479d9194d3f3ec98d235e077c9d6e24276fa2))
+ - add missing line in the fiptool command for stm32mp1 ([d526d00](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d526d00a13f86bbd2c073c065b6e9aff339e1b41))
+ - fix build errors for latexpdf ([443d6ea](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/443d6ea69992986f56246bcee44e537ab8dec069))
+ - remove out-dated information about CI review comments ([74306b2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/74306b2ac8971693d148b34d02c556d94b3e4926))
+ - replace deprecated urls under tfa/docs ([5fdf198](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5fdf198c117a4b6dbcf5242f5136f7224ceff6ff))
+ - update maintainers list ([9766f41](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9766f41d3c4cae4cd515c2f9266bb7adb4725349))
+ - updated certain Neoverse N2 erratum status in docs ([d6d34b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d6d34b39132425dfa8c75352711c463d2989a216))
+ - use rsvg-convert as the conversion backend ([c365476](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c3654760033c08e7ffa9337e05c48336032eacb9))
+
+- **Tools**
+
+ - **Firmware Image Package Tool**
+
+ - move juno plat_fiptool.mk ([570a230](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/570a23099c32cafcb63ecb6cc0516d76ea099daf))
+
+ - **Certificate Creation Tool**
+
+ - fix key loading logic ([bb3b0c0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bb3b0c0b09ff1d969ddd49b99642740ce2a07064))
+ - key: Avoid having a temporary value for pkey in key_load ([ea6f845](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ea6f8452f6eb561a0fa96a712da93fcdba40cd9c))
+
+ - **Memory Mapping Tool**
+
+ - reintroduce support for GNU map files ([d0e3053](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d0e3053c4f5b9d2bc70daf4db3c71f99c6da216d))
+
## [2.9.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.8.0..refs/tags/v2.9.0) (2023-05-16)
### âš BREAKING CHANGES
diff --git a/docs/components/ras.rst b/docs/components/ras.rst
index 8d00345..747367a 100644
--- a/docs/components/ras.rst
+++ b/docs/components/ras.rst
@@ -10,6 +10,9 @@
Reference Manual and `RAS Supplement`_. The rest of this document assumes
familiarity with architecture and terminology.
+**IMPORTANT NOTE**: TF-A implementation assumes that if RAS extension is present
+then FEAT_IESB is also implmented.
+
There are two philosophies for handling RAS errors from Non-secure world point
of view.
@@ -56,26 +59,87 @@
EA's originating/attributed to NS world are handled first in NS and Kernel navigates
the std error records directly.
+- KFH is the default handling mode if platform does not explicitly enable FFH mode.
+- KFH mode does not need any EL3 involvement except for the reflection of errors back
+ to lower EL. This happens when there is an error (EA) in the system which is not yet
+ signaled to PE while executing at lower EL. During entry into EL3 the errors (EA) are
+ synchronized causing async EA to pend at EL3.
+
+Error Syncronization at EL3 entry
+=================================
+
+During entry to EL3 from lower EL, if there is any pending async EAs they are either
+reflected back to lower EL (KFH) or handled in EL3 itself (FFH).
+
-**KFH can be supported in a platform without TF-A being aware of it but there are few
-corner cases where TF-A needs to have special handling, which is currently missing and
-will be added in future**
+|Image 1|
TF-A build options
==================
-- **ENABLE_FEAT_RAS**: Manage FEAT_RAS extension when switching the world.
-- **RAS_FFH_SUPPORT**: Pull in necessary framework and platform hooks for Firmware first
- handling(FFH) of RAS errors.
+- **ENABLE_FEAT_RAS**: Enable RAS extension feature at EL3.
+- **HANDLE_EA_EL3_FIRST_NS**: Required for FFH
- **RAS_TRAP_NS_ERR_REC_ACCESS**: Trap Non-secure access of RAS error record registers.
-- **RAS_EXTENSION**: Deprecated macro, equivalent to ENABLE_FEAT_RAS and RAS_FFH_SUPPORT
- put together.
+- **RAS_EXTENSION**: Deprecated macro, equivalent to ENABLE_FEAT_RAS and
+ HANDLE_EA_EL3_FIRST_NS put together.
+
+RAS internal macros
+
+- **FFH_SUPPORT**: Gets enabled if **HANDLE_EA_EL3_FIRST_NS** is enabled.
RAS feature has dependency on some other TF-A build flags
- **EL3_EXCEPTION_HANDLING**: Required for FFH
-- **HANDLE_EA_EL3_FIRST_NS**: Required for FFH
- **FAULT_INJECTION_SUPPORT**: Required for testing RAS feature on fvp platform
+TF-A Tests
+==========
+
+RAS functionality is regularly tested in TF-A CI using `RAS test group`_ which has multiple
+configurations for testing lower EL External aborts.
+
+All the tests are written in TF-A tests which runs as NS-EL2 payload.
+
+- **FFH without RAS extension**
+
+ *fvp-ea-ffh,fvp-ea-ffh:fvp-tftf-fip.tftf-aemv8a-debug*
+
+ Couple of tests, one each for sync EA and async EA from lower EL which gets handled in El3.
+ Inject External aborts(sync/async) which traps in EL3, FVP has a handler which gracefully
+ handles these errors and returns back to TF-A Tests
+
+ Build Configs : **HANDLE_EA_EL3_FIRST_NS** , **PLATFORM_TEST_EA_FFH**
+
+- **FFH with RAS extension**
+
+ Three Tests :
+
+ - *fvp-ras-ffh,fvp-single-fault:fvp-tftf-fip.tftf-aemv8a.fi-debug*
+
+ Inject an unrecoverable RAS error, which gets handled in EL3.
+
+ - *fvp-ras-ffh,fvp-uncontainable:fvp-tftf.fault-fip.tftf-aemv8a.fi-debug*
+
+ Inject uncontainable RAS errors which causes platform to panic.
+
+ - *fvp-ras-ffh,fvp-ras-ffh-nested:fvp-tftf-fip.tftf-ras_ffh_nested-aemv8a.fi-debug*
+
+ Test nested exception handling at El3 for synchronized async EAs. Inject an SError in lower EL
+ which remain pending until we enter EL3 through SMC call. At EL3 entry on encountering a pending
+ async EA it will handle the async EA first (nested exception) before handling the original SMC call.
+
+- **KFH with RAS extension**
+
+ Couple of tests in the group :
+
+ - *fvp-ras-kfh,fvp-ras-kfh:fvp-tftf-fip.tftf-aemv8a.fi-debug*
+
+ Inject and handle RAS errors in TF-A tests (no El3 involvement)
+
+ - *fvp-ras-kfh,fvp-ras-kfh-reflect:fvp-tftf-fip.tftf-ras_kfh_reflection-aemv8a.fi-debug*
+
+ Reflection of synchronized errors from EL3 to TF-A tests, two tests one each for reflecting
+ in IRQ and SMC path.
+
RAS Framework
=============
@@ -238,7 +302,7 @@
Enabling RAS support is a platform choice
The RAS support in |TF-A| introduces a default implementation of
-``plat_ea_handler``, the External Abort handler in EL3. When ``RAS_FFH_SUPPORT``
+``plat_ea_handler``, the External Abort handler in EL3. When ``ENABLE_FEAT_RAS``
is set to ``1``, it'll first call ``ras_ea_handler()`` function, which is the
top-level RAS exception handler. ``ras_ea_handler`` is responsible for iterating
to through platform-supplied error records, probe them, and when an error is
@@ -277,3 +341,6 @@
*Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.*
.. _RAS Supplement: https://developer.arm.com/documentation/ddi0587/latest
+.. _RAS Test group: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/tree/group/tf-l3-boot-tests-ras?h=refs/heads/master
+
+.. |Image 1| image:: ../resources/diagrams/bl31-exception-entry-error-synchronization.png
diff --git a/docs/components/secure-partition-manager-mm.rst b/docs/components/secure-partition-manager-mm.rst
index 4cdb96c..d9b2b1b 100644
--- a/docs/components/secure-partition-manager-mm.rst
+++ b/docs/components/secure-partition-manager-mm.rst
@@ -4,17 +4,10 @@
Foreword
========
-Two implementations of a Secure Partition Manager co-exist in the TF-A codebase:
-
-- SPM based on the FF-A specification (:ref:`Secure Partition Manager`).
-- SPM based on the MM interface.
-
-Both implementations differ in their architectures and only one can be selected
-at build time.
-
-This document describes the latter implementation where the Secure Partition Manager
-resides at EL3 and management services run from isolated Secure Partitions at S-EL0.
-The communication protocol is established through the Management Mode (MM) interface.
+This document describes the implementation where the Secure Partition Manager
+resides at EL3 and management services run from isolated Secure Partitions at
+S-EL0. The communication protocol is established through the Management Mode
+(MM) interface.
Background
==========
diff --git a/docs/conf.py b/docs/conf.py
index 9e7a5f8..d4e5423 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -14,8 +14,8 @@
project = "Trusted Firmware-A"
author = "Trusted Firmware-A contributors"
-version = "2.9.0"
-release = "2.9.0"
+version = "2.10.0"
+release = "2.10.0"
# -- General configuration ---------------------------------------------------
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index ad05a50..8782f18 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -335,26 +335,26 @@
CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1 and r1p2 and
it is still open.
-For Cortex-A78 AE, the following errata build flags are defined :
+For Cortex-A78AE, the following errata build flags are defined :
- ``ERRATA_A78_AE_1941500`` : This applies errata 1941500 workaround to
- Cortex-A78 AE CPU. This needs to be enabled for revisions r0p0 and r0p1.
+ Cortex-A78AE CPU. This needs to be enabled for revisions r0p0 and r0p1.
This erratum is still open.
- ``ERRATA_A78_AE_1951502`` : This applies errata 1951502 workaround to
- Cortex-A78 AE CPU. This needs to be enabled for revisions r0p0 and r0p1. This
+ Cortex-A78AE CPU. This needs to be enabled for revisions r0p0 and r0p1. This
erratum is still open.
- ``ERRATA_A78_AE_2376748`` : This applies errata 2376748 workaround to
- Cortex-A78 AE CPU. This needs to be enabled for revisions r0p0 and r0p1. This
- erratum is still open.
+ Cortex-A78AE CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2.
+ This erratum is still open.
- ``ERRATA_A78_AE_2395408`` : This applies errata 2395408 workaround to
- Cortex-A78 AE CPU. This needs to be enabled for revisions r0p0 and r0p1. This
+ Cortex-A78AE CPU. This needs to be enabled for revisions r0p0 and r0p1. This
erratum is still open.
- ``ERRATA_A78_AE_2712574`` : This applies erratum 2712574 workaround to
- Cortex-A78 AE CPU. This erratum affects system configurations that do not use
+ Cortex-A78AE CPU. This erratum affects system configurations that do not use
an ARM interconnect IP. This needs to be enabled for revisions r0p0, r0p1 and
r0p2. This erratum is still open.
@@ -389,6 +389,10 @@
an ARM interconnect IP. This needs to be enabled for revisions r0p1 and r0p2
and is still open.
+- ``ERRATA_A78C_2743232`` : This applies erratum 2743232 workaround to
+ Cortex-A78C CPU. This needs to be enabled for revisions r0p1 and r0p2.
+ This erratum is still open.
+
- ``ERRATA_A78C_2772121`` : This applies errata 2772121 workaround to
Cortex-A78C CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2.
This erratum is still open.
@@ -498,7 +502,12 @@
revision. It is still open.
- ``ERRATA_V1_2294912``: This applies errata 2294912 workaround to Neoverse-V1
- CPU. This needs to be enabled for revisions r0p0, r1p0, and r1p1 of the CPU.
+ CPU. This needs to be enabled for revisions r0p0, r1p0, and r1p1 and r1p2 of
+ the CPU.
+
+- ``ERRATA_V1_2348377``: This applies errata 2348377 workaroud to Neoverse-V1
+ CPU. This needs to be enabled for revisions r0p0, r1p0 and r1p1 of the CPU.
+ It has been fixed in r1p2.
- ``ERRATA_V1_2372203``: This applies errata 2372203 workaround to Neoverse-V1
CPU. This needs to be enabled for revisions r0p0, r1p0 and r1p1 of the CPU.
@@ -572,7 +581,7 @@
- ``ERRATA_A710_2058056``: This applies errata 2058056 workaround to
Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0
- of the CPU and is still open.
+ and r2p1 of the CPU and is still open.
- ``ERRATA_A710_2267065``: This applies errata 2267065 workaround to
Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0
@@ -611,6 +620,10 @@
interconnect IP. This needs to be enabled for r0p0, r1p0, r2p0 and r2p1 and
is still open.
+- ``ERRATA_A710_2742423``: This applies errata 2742423 workaround to
+ Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and
+ r2p1 of the CPU and is still open.
+
- ``ERRATA_A710_2768515``: This applies errata 2768515 workaround to
Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and
r2p1 of the CPU and is still open.
@@ -654,6 +667,14 @@
CPU. This needs to be enabled for revision r0p0 of the CPU, it is fixed in
r0p1.
+- ``ERRATA_N2_2340933``: This applies errata 2340933 workaround to Neoverse-N2
+ CPU. This needs to be enabled for revision r0p0 of the CPU, it is fixed in
+ r0p1.
+
+- ``ERRATA_N2_2346952``: This applies errata 2346952 workaround to Neoverse-N2
+ CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2 of the CPU,
+ it is fixed in r0p3.
+
- ``ERRATA_N2_2376738``: This applies errata 2376738 workaround to Neoverse-N2
CPU. This needs to be enabled for revision r0p0, r0p1, r0p2, r0p3 and is still open.
@@ -685,7 +706,7 @@
it is still open.
- ``ERRATA_X2_2058056``: This applies errata 2058056 workaround to Cortex-X2
- CPU. This needs to be enabled for revisions r0p0, r1p0, and r2p0 of the CPU,
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the CPU,
it is still open.
- ``ERRATA_X2_2083908``: This applies errata 2083908 workaround to Cortex-X2
@@ -720,6 +741,10 @@
This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 and is
still open.
+- ``ERRATA_X2_2742423``: This applies errata 2742423 workaround to Cortex-X2
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
+ CPU and is still open.
+
- ``ERRATA_X2_2768515``: This applies errata 2768515 workaround to Cortex-X2
CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
CPU and is still open.
@@ -742,6 +767,10 @@
Cortex-X3 CPU. This needs to be enabled only for revisions r0p0, r1p0 and
r1p1. It is fixed in r1p2.
+- ``ERRATA_X3_2779509``: This applies errata 2779509 workaround to Cortex-X3
+ CPU. This needs to be enabled only for revisions r0p0, r1p0 and r1p1 of the
+ CPU. It is fixed in r1p2.
+
For Cortex-A510, the following errata build flags are defined :
- ``ERRATA_A510_1922240``: This applies errata 1922240 workaround to
@@ -761,6 +790,11 @@
in r0p3. The issue is also present in r0p0 and r0p1 but there is no
workaround for those revisions.
+- ``ERRATA_A510_2080326``: This applies errata 2080326 workaround to
+ Cortex-A510 CPU. This needs to be enabled only for revision r0p2 and is
+ fixed in r0p3. This issue is also present in r0p0 and r0p1 but there is no
+ workaround for those revisions.
+
- ``ERRATA_A510_2250311``: This applies errata 2250311 workaround to
Cortex-A510 CPU. This needs to be enabled for revisions r0p0, r0p1, r0p2,
r0p3 and r1p0, it is fixed in r1p1. This workaround disables MPMM even if
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index 879ddda..3fce393 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -130,6 +130,12 @@
- For other BL3x images, if the firmware configuration file is loaded by
BL2, then its address is passed in ``arg0`` and if HW_CONFIG is loaded
then its address is passed in ``arg1``.
+ - In case SPMC_AT_EL3 is enabled, populate the BL32 image base, size and max
+ limit in the entry point information, since there is no platform function
+ to retrieve these in generic code. We choose ``arg2``, ``arg3`` and
+ ``arg4`` since the generic code uses ``arg1`` for stashing the SP manifest
+ size. The SPMC setup uses these arguments to update SP manifest with
+ actual SP's base address and it size.
- In case of the Arm FVP platform, FW_CONFIG address passed in ``arg1`` to
BL31/SP_MIN, and the SOC_FW_CONFIG and HW_CONFIG details are retrieved
from FW_CONFIG device tree.
@@ -1118,6 +1124,65 @@
``bl31_main()`` will set up the return to the normal world firmware BL33 and
continue the boot process in the normal world.
+Exception handling in BL31
+--------------------------
+
+When exception occurs, PE must execute handler corresponding to exception. The
+location in memory where the handler is stored is called the exception vector.
+For ARM architecture, exception vectors are stored in a table, called the exception
+vector table.
+
+Each EL (except EL0) has its own vector table, VBAR_ELn register stores the base
+of vector table. Refer to `AArch64 exception vector table`_
+
+Current EL with SP_EL0
+~~~~~~~~~~~~~~~~~~~~~~
+
+- Sync exception : Not expected except for BRK instruction, its debugging tool which
+ a programmer may place at specific points in a program, to check the state of
+ processor flags at these points in the code.
+
+- IRQ/FIQ : Unexpected exception, panic
+
+- SError : "plat_handle_el3_ea", defaults to panic
+
+Current EL with SP_ELx
+~~~~~~~~~~~~~~~~~~~~~~
+
+- Sync exception : Unexpected exception, panic
+
+- IRQ/FIQ : Unexpected exception, panic
+
+- SError : "plat_handle_el3_ea" Except for special handling of lower EL's SError exception
+ which gets triggered in EL3 when PSTATE.A is unmasked. Its only applicable when lower
+ EL's EA is routed to EL3 (FFH_SUPPORT=1).
+
+Lower EL Exceptions
+~~~~~~~~~~~~~~~~~~~
+
+Applies to all the exceptions in both AArch64/AArch32 mode of lower EL.
+
+Before handling any lower EL exception, we synchronize the errors at EL3 entry to ensure
+that any errors pertaining to lower EL is isolated/identified. If we continue without
+identifying these errors early on then these errors will trigger in EL3 (as SError from
+current EL) any time after PSTATE.A is unmasked. This is wrong because the error originated
+in lower EL but exception happened in EL3.
+
+To solve this problem, synchronize the errors at EL3 entry and check for any pending
+errors (async EA). If there is no pending error then continue with original exception.
+If there is a pending error then, handle them based on routing model of EA's. Refer to
+:ref:`Reliability, Availability, and Serviceability (RAS) Extensions` for details about
+routing models.
+
+- KFH : Reflect it back to lower EL using **reflect_pending_async_ea_to_lower_el()**
+
+- FFH : Handle the synchronized error first using **handle_pending_async_ea()** after
+ that continue with original exception. It is the only scenario where EL3 is capable
+ of doing nested exception handling.
+
+After synchronizing and handling lower EL SErrors, unmask EA (PSTATE.A) to ensure
+that any further EA's caused by EL3 are caught.
+
Crash Reporting in BL31
-----------------------
@@ -2803,5 +2868,6 @@
.. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT) Armv8-A (ARM DEN0006D): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
.. _Arm Confidential Compute Architecture (Arm CCA): https://www.arm.com/why-arm/architecture/security-features/arm-confidential-compute-architecture
+.. _AArch64 exception vector table: https://developer.arm.com/documentation/100933/0100/AArch64-exception-vector-table
.. |Image 1| image:: ../resources/diagrams/rt-svc-descs-layout.png
diff --git a/docs/design_documents/measured_boot.rst b/docs/design_documents/measured_boot.rst
index c4e5213..8a2ab2d 100644
--- a/docs/design_documents/measured_boot.rst
+++ b/docs/design_documents/measured_boot.rst
@@ -222,7 +222,7 @@
- Public key data size is passed as the third argument to this function.
- This function must return 0 on success, a signed integer error code
otherwise.
- - In FVP platform, this function is used to calculate the hash of the given
+ - In TC2 platform, this function is used to calculate the hash of the given
key and forward this hash to RSS alongside the measurement of the image
which the key signs.
diff --git a/docs/getting_started/build-internals.rst b/docs/getting_started/build-internals.rst
index a015d71..390c367 100644
--- a/docs/getting_started/build-internals.rst
+++ b/docs/getting_started/build-internals.rst
@@ -12,3 +12,10 @@
interest when Armv8.4-SecEL2 or RME extension is implemented.
Default is 0 (disabled). This option will be set to 1 (enabled) when ``SPD=spmd``
and ``SPMD_SPM_AT_SEL2`` is set or when ``ENABLE_RME`` is set to 1 (enabled).
+
+- ``FFH_SUPPORT``: This boolean option provides support to enable Firmware First
+ handling (FFH) of External aborts and SError interrupts originating from lower
+ ELs which gets trapped in EL3. This option will be set to 1 (enabled) if
+ ``HANDLE_EA_EL3_FIRST_NS`` is set. Currently only NS world routes EA to EL3 but
+ in future when Secure/Realm wants to use FFH then they can introduce new macros
+ which will enable this option implicitly.
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index f0f1cac..7ca0300 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -397,7 +397,7 @@
support in GCC for TF-A. This option is currently only supported for
AArch64. Default is 0.
-- ``ENABLE_MPAM_FOR_LOWER_ELS``: Numeric value to enable lower ELs to use MPAM
+- ``ENABLE_FEAT_MPAM``: Numeric value to enable lower ELs to use MPAM
feature. MPAM is an optional Armv8.4 extension that enables various memory
system components and resources to define partitions; software running at
various ELs can assign themselves to desired partition to control their
@@ -408,7 +408,9 @@
access their own MPAM registers without trapping into EL3. This option
doesn't make use of partitioning in EL3, however. Platform initialisation
code should configure and use partitions in EL3 as required. This option
- defaults to ``0``.
+ defaults to ``2`` since MPAM is enabled by default for NS world only.
+ The flag is automatically disabled when the target
+ architecture is AArch32.
- ``ENABLE_MPMM``: Boolean option to enable support for the Maximum Power
Mitigation Mechanism supported by certain Arm cores, which allows the SoC
@@ -434,40 +436,12 @@
be enabled. If ``ENABLE_PMF`` is set, the residency statistics are tracked in
software.
-- ``ENABLE_RME``: Numeric value to enable support for the ARMv9 Realm
- Management Extension. This flag can take the values 0 to 2, to align with
- the ``FEATURE_DETECTION`` mechanism. Default value is 0. This is currently
- an experimental feature.
-
- ``ENABLE_RUNTIME_INSTRUMENTATION``: Boolean option to enable runtime
instrumentation which injects timestamp collection points into TF-A to
allow runtime performance to be measured. Currently, only PSCI is
instrumented. Enabling this option enables the ``ENABLE_PMF`` build option
as well. Default is 0.
-- ``ENABLE_SME_FOR_NS``: Numeric value to enable Scalable Matrix Extension
- (SME), SVE, and FPU/SIMD for the non-secure world only. These features share
- registers so are enabled together. Using this option without
- ENABLE_SME_FOR_SWD=1 will cause SME, SVE, and FPU/SIMD instructions in secure
- world to trap to EL3. Requires ``ENABLE_SVE_FOR_NS`` to be set as SME is a
- superset of SVE. SME is an optional architectural feature for AArch64
- and TF-A support is experimental. At this time, this build option cannot be
- used on systems that have SPD=spmd/SPM_MM and atempting to build with this
- option will fail. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. Default is 0.
-
-- ``ENABLE_SME2_FOR_NS``: Numeric value to enable Scalable Matrix Extension
- version 2 (SME2) for the non-secure world only. SME2 is an optional
- architectural feature for AArch64 and TF-A support is experimental.
- This should be set along with ENABLE_SME_FOR_NS=1, if not, the default SME
- accesses will still be trapped. This flag can take the values 0 to 2, to
- align with the ``FEATURE_DETECTION`` mechanism. Default is 0.
-
-- ``ENABLE_SME_FOR_SWD``: Boolean option to enable the Scalable Matrix
- Extension for secure world. Used along with SVE and FPU/SIMD.
- ENABLE_SME_FOR_NS and ENABLE_SVE_FOR_SWD must also be set to use this.
- This is experimental. Default is 0.
-
- ``ENABLE_SPE_FOR_NS`` : Numeric value to enable Statistical Profiling
extensions. This is an optional architectural feature for AArch64.
This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
@@ -553,44 +527,6 @@
This feature is intended for testing purposes only, and is advisable to keep
disabled for production images.
-- ``FEATURE_DETECTION``: Boolean option to enable the architectural features
- detection mechanism. It detects whether the Architectural features enabled
- through feature specific build flags are supported by the PE or not by
- validating them either at boot phase or at runtime based on the value
- possessed by the feature flag (0 to 2) and report error messages at an early
- stage. This flag will also enable errata ordering checking for ``DEBUG``
- builds.
-
- This prevents and benefits us from EL3 runtime exceptions during context save
- and restore routines guarded by these build flags. Henceforth validating them
- before their usage provides more control on the actions taken under them.
-
- The mechanism permits the build flags to take values 0, 1 or 2 and
- evaluates them accordingly.
-
- Lets consider ``ENABLE_FEAT_HCX``, build flag for ``FEAT_HCX`` as an example:
-
- ::
-
- ENABLE_FEAT_HCX = 0: Feature disabled statically at compile time.
- ENABLE_FEAT_HCX = 1: Feature Enabled and the flag is validated at boottime.
- ENABLE_FEAT_HCX = 2: Feature Enabled and the flag is validated at runtime.
-
- In the above example, if the feature build flag, ``ENABLE_FEAT_HCX`` set to
- 0, feature is disabled statically during compilation. If it is defined as 1,
- feature is validated, wherein FEAT_HCX is detected at boot time. In case not
- implemented by the PE, a hard panic is generated. Finally, if the flag is set
- to 2, feature is validated at runtime.
-
- Note that the entire implementation is divided into two phases, wherein as
- as part of phase-1 we are supporting the values 0,1. Value 2 is currently not
- supported and is planned to be handled explicilty in phase-2 implementation.
-
- FEATURE_DETECTION macro is disabled by default, and is currently an
- experimental procedure. Platforms can explicitly make use of this by
- mechanism, by enabling it to validate whether they have set their build flags
- properly at an early phase.
-
- ``FIP_NAME``: This is an optional build option which specifies the FIP
filename for the ``fip`` target. Default is ``fip.bin``.
@@ -690,7 +626,7 @@
+---------------------------+------------------------------------+
| KEY_ALG | Possible key sizes |
+===========================+====================================+
- | rsa | 1024 , 2048 (default), 3072, 4096* |
+ | rsa | 1024 , 2048 (default), 3072, 4096 |
+---------------------------+------------------------------------+
| ecdsa | 256 (default), 384 |
+---------------------------+------------------------------------+
@@ -699,10 +635,6 @@
| ecdsa-brainpool-twisted | unavailable |
+---------------------------+------------------------------------+
-
- * Only 2048 bits size is available with CryptoCell 712 SBROM release 1.
- Only 3072 bits size is available with CryptoCell 712 SBROM release 2.
-
- ``HASH_ALG``: This build flag enables the user to select the secure hash
algorithm. It accepts 3 values: ``sha256``, ``sha384`` and ``sha512``.
The default value of this flag is ``sha256``.
@@ -732,15 +664,6 @@
This option defaults to 0.
-- ``DRTM_SUPPORT``: Boolean flag to enable support for Dynamic Root of Trust
- for Measurement (DRTM). This feature has trust dependency on BL31 for taking
- the measurements and recording them as per `PSA DRTM specification`_. For
- platforms which use BL2 to load/authenticate BL31 ``TRUSTED_BOARD_BOOT`` can
- be used and for the platforms which use ``RESET_TO_BL31`` platform owners
- should have mechanism to authenticate BL31. This is an experimental feature.
-
- This option defaults to 0.
-
- ``MARCH_DIRECTIVE``: used to pass a -march option from the platform build
options to the compiler. An example usage:
@@ -822,14 +745,12 @@
- ``PSCI_OS_INIT_MODE``: Boolean flag to enable support for optional PSCI
OS-initiated mode. This option defaults to 0.
-- ``ENABLE_FEAT_RAS``: Numeric value to enable Armv8.2 RAS features. RAS features
+- ``ENABLE_FEAT_RAS``: Boolean flag to enable Armv8.2 RAS features. RAS features
are an optional extension for pre-Armv8.2 CPUs, but are mandatory for Armv8.2
- or later CPUs. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism.
-
-- ``RAS_FFH_SUPPORT``: Support to enable Firmware first handling of RAS errors
- originating from NS world. When ``RAS_FFH_SUPPORT`` is set to ``1``,
- ``HANDLE_EA_EL3_FIRST_NS`` and ``ENABLE_FEAT_RAS`` must also be set to ``1``.
+ or later CPUs. This flag can take the values 0 or 1. The default value is 0.
+ NOTE: This flag enables use of IESB capability to reduce entry latency into
+ EL3 even when RAS error handling is not performed on the platform. Hence this
+ flag is recommended to be turned on Armv8.2 and later CPUs.
- ``RESET_TO_BL31``: Enable BL31 entrypoint as the CPU reset vector instead
of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1
@@ -911,7 +832,7 @@
Dispatcher option (``SPD=spmd``). When enabled (1) it indicates the SPMC
component runs at the EL3 exception level. The default value is ``0`` (
disabled). This configuration supports pre-Armv8.4 platforms (aka not
- implementing the ``FEAT_SEL2`` extension). This is an experimental feature.
+ implementing the ``FEAT_SEL2`` extension).
- ``SPMC_AT_EL3_SEL0_SP`` : Boolean option to enable SEL0 SP load support when
``SPMC_AT_EL3`` is enabled. The default value if ``0`` (disabled). This
@@ -931,12 +852,6 @@
support pre-Armv8.4 platforms (aka not implementing the ``FEAT_SEL2``
extension).
-- ``ENABLE_SPMD_LP`` : This boolean option is used jointly with the SPM
- Dispatcher option (``SPD=spmd``). When enabled (1) it indicates support
- for logical partitions in EL3, managed by the SPMD as defined in the FF-A
- 1.2 specification. This flag is disabled by default. This flag must not be
- used if ``SPMC_AT_EL3`` is enabled. This is an experimental feature.
-
- ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure
Partition Manager (SPM) implementation. The default value is ``0``
(disabled). This option cannot be enabled (``1``) when SPM Dispatcher is
@@ -962,11 +877,6 @@
hardware will limit the effective VL to the maximum physically supported
VL.
-- ``TRANSFER_LIST``: Setting this to ``1`` enables support for Firmware
- Handoff using Transfer List defined in `Firmware Handoff specification`_.
- This defaults to ``0``. Please note that this is an experimental feature
- based on Firmware Handoff specification v0.9.
-
- ``TRNG_SUPPORT``: Setting this to ``1`` enables support for True
Random Number Generator Interface to BL31 image. This defaults to ``0``.
@@ -1025,10 +935,6 @@
(Coherent memory region is included) or 0 (Coherent memory region is
excluded). Default is 1.
-- ``USE_DEBUGFS``: When set to 1 this option activates an EXPERIMENTAL feature
- exposing a virtual filesystem interface through BL31 as a SiP SMC function.
- Default is 0.
-
- ``ARM_IO_IN_DTB``: This flag determines whether to use IO based on the
firmware configuration framework. This will move the io_policies into a
configuration device tree, instead of static structure in the code base.
@@ -1184,11 +1090,6 @@
if FEAT_TRF is implemented. This flag can take the values 0 to 2, to align
with the ``FEATURE_DETECTION`` mechanism. This flag is disabled by default.
-- ``PLAT_RSS_NOT_SUPPORTED``: Boolean option to enable the usage of the PSA
- APIs on platforms that doesn't support RSS (providing Arm CCA HES
- functionalities). When enabled (``1``), a mocked version of the APIs are used.
- The default value is 0.
-
- ``CONDITIONAL_CMO``: Boolean option to enable call to platform-defined routine
``plat_can_cmo`` which will return zero if cache management operations should
be skipped and non-zero otherwise. By default, this option is disabled which
@@ -1202,12 +1103,6 @@
errata mitigation for platforms with a non-arm interconnect using the errata
ABI. By default its disabled (``0``).
-- ``PSA_CRYPTO``: Boolean option for enabling MbedTLS PSA crypto APIs support.
- The platform will use PSA compliant Crypto APIs during authentication and
- image measurement process by enabling this option. It uses APIs defined as
- per the `PSA Crypto API specification`_. This feature is only supported if
- using MbedTLS 3.x version. By default it is disabled (``0``).
-
- ``ENABLE_CONSOLE_GETC``: Boolean option to enable `getc()` feature in console
driver(s). By default it is disabled (``0``) because it constitutes an attack
vector into TF-A by potentially allowing an attacker to inject arbitrary data.
@@ -1304,8 +1199,118 @@
# Resume execution
continue
+.. _build_options_experimental:
+
+Experimental build options
+---------------------------
+
+Common build options
+~~~~~~~~~~~~~~~~~~~~
+
+- ``DRTM_SUPPORT``: Boolean flag to enable support for Dynamic Root of Trust
+ for Measurement (DRTM). This feature has trust dependency on BL31 for taking
+ the measurements and recording them as per `PSA DRTM specification`_. For
+ platforms which use BL2 to load/authenticate BL31 ``TRUSTED_BOARD_BOOT`` can
+ be used and for the platforms which use ``RESET_TO_BL31`` platform owners
+ should have mechanism to authenticate BL31. This option defaults to 0.
+
+- ``ENABLE_RME``: Numeric value to enable support for the ARMv9 Realm
+ Management Extension. This flag can take the values 0 to 2, to align with
+ the ``FEATURE_DETECTION`` mechanism. Default value is 0.
+
+- ``ENABLE_SME_FOR_NS``: Numeric value to enable Scalable Matrix Extension
+ (SME), SVE, and FPU/SIMD for the non-secure world only. These features share
+ registers so are enabled together. Using this option without
+ ENABLE_SME_FOR_SWD=1 will cause SME, SVE, and FPU/SIMD instructions in secure
+ world to trap to EL3. Requires ``ENABLE_SVE_FOR_NS`` to be set as SME is a
+ superset of SVE. SME is an optional architectural feature for AArch64.
+ At this time, this build option cannot be used on systems that have
+ SPD=spmd/SPM_MM and atempting to build with this option will fail.
+ This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ mechanism. Default is 0.
+
+- ``ENABLE_SME2_FOR_NS``: Numeric value to enable Scalable Matrix Extension
+ version 2 (SME2) for the non-secure world only. SME2 is an optional
+ architectural feature for AArch64.
+ This should be set along with ENABLE_SME_FOR_NS=1, if not, the default SME
+ accesses will still be trapped. This flag can take the values 0 to 2, to
+ align with the ``FEATURE_DETECTION`` mechanism. Default is 0.
+
+- ``ENABLE_SME_FOR_SWD``: Boolean option to enable the Scalable Matrix
+ Extension for secure world. Used along with SVE and FPU/SIMD.
+ ENABLE_SME_FOR_NS and ENABLE_SVE_FOR_SWD must also be set to use this.
+ Default is 0.
+
+- ``ENABLE_SPMD_LP`` : This boolean option is used jointly with the SPM
+ Dispatcher option (``SPD=spmd``). When enabled (1) it indicates support
+ for logical partitions in EL3, managed by the SPMD as defined in the
+ FF-A v1.2 specification. This flag is disabled by default. This flag
+ must not be used if ``SPMC_AT_EL3`` is enabled.
+
+- ``FEATURE_DETECTION``: Boolean option to enable the architectural features
+ detection mechanism. It detects whether the Architectural features enabled
+ through feature specific build flags are supported by the PE or not by
+ validating them either at boot phase or at runtime based on the value
+ possessed by the feature flag (0 to 2) and report error messages at an early
+ stage. This flag will also enable errata ordering checking for ``DEBUG``
+ builds.
+
+ This prevents and benefits us from EL3 runtime exceptions during context save
+ and restore routines guarded by these build flags. Henceforth validating them
+ before their usage provides more control on the actions taken under them.
+
+ The mechanism permits the build flags to take values 0, 1 or 2 and
+ evaluates them accordingly.
+
+ Lets consider ``ENABLE_FEAT_HCX``, build flag for ``FEAT_HCX`` as an example:
+
+ ::
+
+ ENABLE_FEAT_HCX = 0: Feature disabled statically at compile time.
+ ENABLE_FEAT_HCX = 1: Feature Enabled and the flag is validated at boottime.
+ ENABLE_FEAT_HCX = 2: Feature Enabled and the flag is validated at runtime.
+
+ In the above example, if the feature build flag, ``ENABLE_FEAT_HCX`` set to
+ 0, feature is disabled statically during compilation. If it is defined as 1,
+ feature is validated, wherein FEAT_HCX is detected at boot time. In case not
+ implemented by the PE, a hard panic is generated. Finally, if the flag is set
+ to 2, feature is validated at runtime.
+
+ Note that the entire implementation is divided into two phases, wherein as
+ as part of phase-1 we are supporting the values 0,1. Value 2 is currently not
+ supported and is planned to be handled explicilty in phase-2 implementation.
+
+ ``FEATURE_DETECTION`` macro is disabled by default. Platforms can explicitly
+ make use of this by mechanism, by enabling it to validate whether they have
+ set their build flags properly at an early phase.
+
+- ``PSA_CRYPTO``: Boolean option for enabling MbedTLS PSA crypto APIs support.
+ The platform will use PSA compliant Crypto APIs during authentication and
+ image measurement process by enabling this option. It uses APIs defined as
+ per the `PSA Crypto API specification`_. This feature is only supported if
+ using MbedTLS 3.x version. It is disabled (``0``) by default.
+
+- ``TRANSFER_LIST``: Setting this to ``1`` enables support for Firmware
+ Handoff using Transfer List defined in `Firmware Handoff specification`_.
+ This defaults to ``0``. Current implementation follows the Firmware Handoff
+ specification v0.9.
+
+- ``USE_DEBUGFS``: When set to 1 this option exposes a virtual filesystem
+ interface through BL31 as a SiP SMC function.
+ Default is disabled (0).
+
Firmware update options
------------------------
+~~~~~~~~~~~~~~~~~~~~~~~
+
+- ``PSA_FWU_SUPPORT``: Enable the firmware update mechanism as per the
+ `PSA FW update specification`_. The default value is 0.
+ PSA firmware update implementation has few limitations, such as:
+
+ - BL2 is not part of the protocol-updatable images. If BL2 needs to
+ be updated, then it should be done through another platform-defined
+ mechanism.
+
+ - It assumes the platform's hardware supports CRC32 instructions.
- ``NR_OF_FW_BANKS``: Define the number of firmware banks. This flag is used
in defining the firmware update metadata structure. This flag is by default
@@ -1317,14 +1322,6 @@
This flag is used in defining the firmware update metadata structure. This
flag is by default set to '1'.
-- ``PSA_FWU_SUPPORT``: Enable the firmware update mechanism as per the
- `PSA FW update specification`_. The default value is 0, and this is an
- experimental feature.
- PSA firmware update implementation has some limitations, such as BL2 is
- not part of the protocol-updatable images, if BL2 needs to be updated, then
- it should be done through another platform-defined mechanism, and it assumes
- that the platform's hardware supports CRC32 instructions.
-
--------------
*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
diff --git a/docs/perf/psci-performance-juno.rst b/docs/perf/psci-performance-juno.rst
index d458d86..bab1086 100644
--- a/docs/perf/psci-performance-juno.rst
+++ b/docs/perf/psci-performance-juno.rst
@@ -73,83 +73,157 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
- parallel
+ parallel (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 243.76 | 239.92 | 6.32 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 663.5 | 30.32 | 167.82 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 105.12 | 22.84 | 5.88 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 384.16 | 19.06 | 4.7 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 523.98 | 270.46 | 4.74 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 950.54 | 220.9 | 89.2 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 104.58 | 241.20 | 5.26 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 384.24 | 22.50 | 138.76 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 244.56 | 22.18 | 5.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 670.56 | 18.58 | 4.44 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 809.36 | 269.28 | 4.44 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 984.96 | 219.70 | 79.62 |
+ +---------+------+-----------+--------+-------------+
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
- serial
+ parallel (v2.10)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 266.96 | 31.74 | 167.92 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 266.9 | 31.52 | 167.82 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 279.86 | 23.42 | 87.52 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 101.38 | 18.8 | 4.64 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 101.18 | 19.28 | 4.64 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 101.32 | 19.02 | 4.62 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-------------------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-------------------+--------+-------------+
+ | 0 | 0 | 242.66 (+132.03%) | 245.1 | 5.4 |
+ +---------+------+-------------------+--------+-------------+
+ | 0 | 1 | 522.08 (+35.87%) | 26.24 | 138.32 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 0 | 104.36 (-57.33%) | 27.1 | 5.32 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 1 | 382.56 (-42.95%) | 23.34 | 4.42 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 2 | 807.74 | 271.54 | 4.64 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 3 | 981.36 | 221.8 | 79.48 |
+ +---------+------+-------------------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
+ serial (v2.9)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 236.56 | 23.24 | 138.18 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 236.86 | 23.28 | 138.10 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 281.04 | 22.80 | 77.24 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 100.28 | 18.52 | 4.54 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 100.12 | 18.78 | 4.50 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 100.36 | 18.94 | 4.44 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
+ serial (v2.10)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 236.84 | 27.1 | 138.36 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 236.96 | 27.1 | 138.32 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 280.06 | 26.94 | 77.5 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 100.76 | 23.42 | 4.36 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 100.02 | 23.42 | 4.44 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 100.08 | 23.2 | 4.4 |
+ +---------+------+-----------+--------+-------------+
``CPU_SUSPEND`` to power level 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
- parallel
+ parallel (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- +---------+------+-----------+---------+-------------+
- | 0 | 0 | 661.94 | 22.88 | 9.66 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 801.64 | 23.38 | 9.62 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 105.56 | 16.02 | 8.12 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 245.42 | 16.26 | 7.78 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 384.42 | 16.1 | 7.84 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 523.74 | 15.4 | 8.02 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 662.34 | 15.22 | 8.08 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 802.00 | 15.50 | 8.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 385.22 | 15.74 | 7.88 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 106.16 | 16.06 | 7.44 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 524.38 | 15.64 | 7.34 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 246.00 | 15.78 | 7.72 |
+ +---------+------+-----------+--------+-------------+
-.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
+ parallel (v2.10)
+
+ +---------+------+-------------------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-------------------+--------+-------------+
+ | 0 | 0 | 801.04 | 18.66 | 8.22 |
+ +---------+------+-------------------+--------+-------------+
+ | 0 | 1 | 661.28 | 19.08 | 7.88 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 0 | 105.9 (-72.51%) | 20.3 | 7.58 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 1 | 383.58 (+261.32%) | 20.4 | 7.42 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 2 | 523.52 | 20.1 | 7.74 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 3 | 244.5 | 20.16 | 7.56 |
+ +---------+------+-------------------+--------+-------------+
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 102.16 | 23.64 | 6.7 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 101.66 | 23.78 | 6.6 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 277.74 | 15.96 | 4.66 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 98.0 | 15.88 | 4.64 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 97.66 | 15.88 | 4.62 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 97.76 | 15.38 | 4.64 |
- +---------+------+-----------+---------+-------------+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial (v2.9)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 99.80 | 15.94 | 5.42 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 99.76 | 15.80 | 5.24 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 278.26 | 16.16 | 4.58 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 96.88 | 16.00 | 4.52 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 96.80 | 16.12 | 4.54 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 96.88 | 16.12 | 4.54 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial (v2.10)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 99.84 | 18.86 | 5.54 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 100.2 | 18.82 | 5.66 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 278.12 | 20.56 | 4.48 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 96.68 | 20.62 | 4.3 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 96.94 | 20.14 | 4.42 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 96.68 | 20.46 | 4.32 |
+ +---------+------+-----------+--------+-------------+
``CPU_OFF`` on all non-lead CPUs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -157,44 +231,82 @@
``CPU_OFF`` on all non-lead CPUs in sequence then, ``CPU_SUSPEND`` on the lead
core to the deepest power level.
-.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs
+.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 265.38 | 34.12 | 167.36 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 265.72 | 33.98 | 167.48 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 185.3 | 23.18 | 87.42 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 101.58 | 23.46 | 4.48 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 101.66 | 22.02 | 4.72 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 101.48 | 22.22 | 4.52 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 235.76 | 26.14 | 137.80 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 235.40 | 25.72 | 137.62 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 174.70 | 22.40 | 77.26 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 100.92 | 24.04 | 4.52 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 100.68 | 22.44 | 4.36 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 101.36 | 22.70 | 4.52 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs (v2.10)
+
+ +---------------------------------------------------+
+ | test_rt_instr_cpu_off_serial (latest) |
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 236.04 | 30.02 | 137.9 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 235.38 | 29.7 | 137.72 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 175.18 | 26.96 | 77.26 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 100.56 | 28.34 | 4.32 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 100.38 | 26.82 | 4.3 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 100.86 | 26.98 | 4.42 |
+ +---------+------+-----------+--------+-------------+
``CPU_VERSION`` in parallel
~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores (2.9)
+
-.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores
+ +-------------+--------+-------------+
+ | Cluster | Core | Latency |
+ +-------------+--------+-------------+
+ | 0 | 0 | 1.48 |
+ +-------------+--------+-------------+
+ | 0 | 1 | 1.04 |
+ +-------------+--------+-------------+
+ | 1 | 0 | 0.56 |
+ +-------------+--------+-------------+
+ | 1 | 1 | 0.92 |
+ +-------------+--------+-------------+
+ | 1 | 2 | 0.96 |
+ +-------------+--------+-------------+
+ | 1 | 3 | 0.96 |
+ +-------------+--------+-------------+
+
+.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores (2.10)
- +-------------+--------+--------------+
- | Cluster | Core | Latency |
- +=============+========+==============+
- | 0 | 0 | 1.22 |
- +-------------+--------+--------------+
- | 0 | 1 | 1.2 |
- +-------------+--------+--------------+
- | 1 | 0 | 0.6 |
- +-------------+--------+--------------+
- | 1 | 1 | 1.08 |
- +-------------+--------+--------------+
- | 1 | 2 | 1.04 |
- +-------------+--------+--------------+
- | 1 | 3 | 1.04 |
- +-------------+--------+--------------+
+ +-------------+--------+----------------------+
+ | Cluster | Core | Latency |
+ +-------------+--------+----------------------+
+ | 0 | 0 | 1.1 (-25.68%) |
+ +-------------+--------+----------------------+
+ | 0 | 1 | 1.06 |
+ +-------------+--------+----------------------+
+ | 1 | 0 | 0.58 |
+ +-------------+--------+----------------------+
+ | 1 | 1 | 0.88 |
+ +-------------+--------+----------------------+
+ | 1 | 2 | 0.92 |
+ +-------------+--------+----------------------+
+ | 1 | 3 | 0.9 |
+ +-------------+--------+----------------------+
Annotated Historic Results
--------------------------
diff --git a/docs/perf/psci-performance-n1sdp.rst b/docs/perf/psci-performance-n1sdp.rst
index ae1b89b..fd3c9c9 100644
--- a/docs/perf/psci-performance-n1sdp.rst
+++ b/docs/perf/psci-performance-n1sdp.rst
@@ -93,66 +93,129 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
- parallel
+ parallel (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 3.44 | 10.04 | 0.4 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 4.98 | 12.72 | 0.16 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 3.58 | 15.42 | 0.2 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 5.24 | 17.78 | 0.18 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 2.80 | 10.08 | 0.80 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 4.14 | 15.92 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 3.68 | 12.96 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 3.36 | 18.58 | 0.18 |
+ +---------+------+-----------+--------+-------------+
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
- serial
+ parallel (v2.10)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 1.82 | 9.98 | 0.32 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 1.96 | 9.96 | 0.18 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 2.0 | 10.5 | 0.16 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 2.22 | 10.56 | 0.16 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+----------------+------------------+-----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+----------------+------------------+-----------------+
+ | 0 | 0 | 2.12 | 23.94 (+137.50%) | 0.42 (-47.50%) |
+ +---------+------+----------------+------------------+-----------------+
+ | 0 | 0 | 3.52 | 42.08 (+164.32%) | 0.26 (+62.50%) |
+ +---------+------+----------------+------------------+-----------------+
+ | 1 | 0 | 2.76 (-25.00%) | 38.3 (+195.52%) | 0.26 (+62.50%) |
+ +---------+------+----------------+------------------+-----------------+
+ | 1 | 0 | 2.64 | 44.56 (+139.83%) | 0.36 (+100.00%) |
+ +---------+------+----------------+------------------+-----------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
+ serial (v2.9)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 1.86 | 9.92 | 0.32 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 2.70 | 10.48 | 0.36 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.78 | 9.72 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.94 | 10.44 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
+ serial (v2.10)
+
+ +---------+------+-----------+------------------+----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+------------------+----------------+
+ | 0 | 0 | 1.74 | 23.7 (+138.91%) | 0.3 |
+ +---------+------+-----------+------------------+----------------+
+ | 0 | 0 | 2.08 | 23.96 (+128.63%) | 0.26 (-27.78%) |
+ +---------+------+-----------+------------------+----------------+
+ | 1 | 0 | 1.9 | 23.62 (+143.00%) | 0.28 (+75.00%) |
+ +---------+------+-----------+------------------+----------------+
+ | 1 | 0 | 2.06 | 23.92 (+129.12%) | 0.26 (+62.50%) |
+ +---------+------+-----------+------------------+----------------+
``CPU_SUSPEND`` to power level 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
- parallel
+ parallel (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 1.52 | 11.84 | 0.34 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 1.1 | 13.66 | 0.14 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 2.18 | 9.48 | 0.18 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 2.06 | 14.4 | 0.16 |
- +---------+------+-----------+---------+-------------+
+ +---------------------------------------------------+
+ | test_rt_instr_cpu_susp_parallel |
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 0.88 | 12.32 | 0.26 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 2.12 | 14.62 | 0.26 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.86 | 14.14 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.92 | 9.44 | 0.18 |
+ +---------+------+-----------+--------+-------------+
-.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
+ parallel (v2.10)
+
+ +---------+------+---------------+------------------+----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+---------------+------------------+----------------+
+ | 0 | 0 | 1.5 (+70.45%) | 35.02 (+184.25%) | 0.24 |
+ +---------+------+---------------+------------------+----------------+
+ | 0 | 0 | 1.92 | 38.12 (+160.74%) | 0.28 |
+ +---------+------+---------------+------------------+----------------+
+ | 1 | 0 | 1.88 | 38.1 (+169.45%) | 0.26 (+62.50%) |
+ +---------+------+---------------+------------------+----------------+
+ | 1 | 0 | 2.04 | 23.1 (+144.70%) | 0.24 |
+ +---------+------+---------------+------------------+----------------+
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 1.54 | 9.34 | 0.3 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 1.88 | 9.5 | 0.16 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 1.86 | 9.86 | 0.2 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 2.02 | 9.64 | 0.18 |
- +---------+------+-----------+---------+-------------+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial (v2.9)
+
+ +---------------------------------------------------+
+ | test_rt_instr_cpu_susp_serial |
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 1.52 | 9.40 | 0.30 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 1.92 | 9.80 | 0.18 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 2.20 | 9.60 | 0.14 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.82 | 9.78 | 0.18 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial (v2.10)
+
+ +---------+------+-----------+------------------+-----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+------------------+-----------------+
+ | 0 | 0 | 1.52 | 23.08 (+145.53%) | 0.3 |
+ +---------+------+-----------+------------------+-----------------+
+ | 0 | 0 | 1.98 | 23.68 (+141.63%) | 0.28 (+55.56%) |
+ +---------+------+-----------+------------------+-----------------+
+ | 1 | 0 | 1.84 | 23.86 (+148.54%) | 0.28 (+100.00%) |
+ +---------+------+-----------+------------------+-----------------+
+ | 1 | 0 | 1.98 | 23.68 (+142.13%) | 0.28 (+55.56%) |
+ +---------+------+-----------+------------------+-----------------+
``CPU_OFF`` on all non-lead CPUs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -160,36 +223,68 @@
``CPU_OFF`` on all non-lead CPUs in sequence then, ``CPU_SUSPEND`` on the lead
core to the deepest power level.
-.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs
+.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 1.86 | 9.88 | 0.32 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 21.1 | 12.44 | 0.42 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 21.22 | 13.2 | 0.32 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 21.56 | 13.18 | 0.54 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 1.84 | 9.94 | 0.32 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 14.20 | 13.10 | 0.50 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 13.88 | 12.36 | 0.42 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 14.40 | 13.26 | 0.52 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs (v2.10)
+
+ +---------+------+-----------+------------------+----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+------------------+----------------+
+ | 0 | 0 | 1.78 | 23.7 (+138.43%) | 0.3 |
+ +---------+------+-----------+------------------+----------------+
+ | 0 | 0 | 13.96 | 31.16 (+137.86%) | 0.34 (-32.00%) |
+ +---------+------+-----------+------------------+----------------+
+ | 1 | 0 | 13.54 | 30.24 (+144.66%) | 0.26 (-38.10%) |
+ +---------+------+-----------+------------------+----------------+
+ | 1 | 0 | 14.46 | 31.12 (+134.69%) | 0.7 (+34.62%) |
+ +---------+------+-----------+------------------+----------------+
``CPU_VERSION`` in parallel
~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores (v2.9)
+
-.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores
+ +------------------------------------+
+ | test_rt_instr_psci_version_parallel|
+ +-------------+--------+-------------+
+ | Cluster | Core | Latency |
+ +-------------+--------+-------------+
+ | 0 | 0 | 0.08 |
+ +-------------+--------+-------------+
+ | 0 | 0 | 0.26 |
+ +-------------+--------+-------------+
+ | 1 | 0 | 0.20 |
+ +-------------+--------+-------------+
+ | 1 | 0 | 0.26 |
+ +-------------+--------+-------------+
+
+.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores (v2.10)
- +-------------+--------+--------------+
- | Cluster | Core | Latency |
- +=============+========+==============+
- | 0 | 0 | 0.08 |
- +-------------+--------+--------------+
- | 0 | 1 | 0.22 |
- +-------------+--------+--------------+
- | 1 | 0 | 0.28 |
- +-------------+--------+--------------+
- | 1 | 1 | 0.26 |
- +-------------+--------+--------------+
+ +----------------------------------------------+
+ | test_rt_instr_psci_version_parallel (latest) |
+ +-------------+--------+-----------------------+
+ | Cluster | Core | Latency |
+ +-------------+--------+-----------------------+
+ | 0 | 0 | 0.14 (+75.00%) |
+ +-------------+--------+-----------------------+
+ | 0 | 0 | 0.22 |
+ +-------------+--------+-----------------------+
+ | 1 | 0 | 0.2 |
+ +-------------+--------+-----------------------+
+ | 1 | 0 | 0.26 |
+ +-------------+--------+-----------------------+
--------------
diff --git a/docs/plat/arm/arm-build-options.rst b/docs/plat/arm/arm-build-options.rst
index e81052b..3301067 100644
--- a/docs/plat/arm/arm-build-options.rst
+++ b/docs/plat/arm/arm-build-options.rst
@@ -90,11 +90,6 @@
of the translation tables library instead of version 2. It is set to 0 by
default, which selects version 2.
-- ``ARM_CRYPTOCELL_INTEG`` : bool option to enable TF-A to invoke Arm®
- TrustZone® CryptoCell functionality for Trusted Board Boot on capable Arm
- platforms. If this option is specified, then the path to the CryptoCell
- SBROM library must be specified via ``CCSBROM_LIB_PATH`` flag.
-
- ``ARM_GPT_SUPPORT``: Enable GPT parser to get the entry address and length of
the various partitions present in the GPT image. This support is available
only for the BL2 component, and it is disabled by default.
diff --git a/docs/plat/arm/fvp/index.rst b/docs/plat/arm/fvp/index.rst
index fcfa04a..700020f 100644
--- a/docs/plat/arm/fvp/index.rst
+++ b/docs/plat/arm/fvp/index.rst
@@ -12,7 +12,7 @@
(64-bit host machine only).
.. note::
- The FVP models used are Version 11.19 Build 14, unless otherwise stated.
+ The FVP models used are Version 11.22 Build 14, unless otherwise stated.
- ``Foundation_Platform``
- ``FVP_Base_AEMv8A-AEMv8A-AEMv8A-AEMv8A-CCN502`` (Version 11.17/21)
@@ -41,18 +41,18 @@
- ``FVP_Base_Cortex-A76AE``
- ``FVP_Base_Cortex-A77``
- ``FVP_Base_Cortex-A78``
+- ``FVP_Base_Cortex-A78AE``
- ``FVP_Base_Cortex-A78C``
- ``FVP_Base_Cortex-X2x4`` (Version 11.17/21)
- ``FVP_Base_Neoverse-E1``
- ``FVP_Base_Neoverse-N1``
-- ``FVP_Base_Neoverse-N2x4`` (Version 11.16/16)
- ``FVP_Base_Neoverse-V1``
- ``FVP_Base_RevC-2xAEMvA``
-- ``FVP_Morello`` (Version 0.11/33)
-- ``FVP_RD_E1_edge`` (Version 11.17/29)
-- ``FVP_RD_V1`` (Version 11.17/29)
-- ``FVP_TC1`` (Version 11.17/33)
-- ``FVP_TC2`` (Version 11.18/28)
+- ``FVP_BaseR_AEMv8R``
+- ``FVP_Morello`` (Version 0.11/33)
+- ``FVP_RD_V1``
+- ``FVP_TC1``
+- ``FVP_TC2`` (Version 11.20/24)
The latest version of the AArch32 build of TF-A has been tested on the
following Arm FVPs without shifted affinities, and that do not support threaded
diff --git a/docs/plat/arm/tc/index.rst b/docs/plat/arm/tc/index.rst
index c5058f5..9469e9a 100644
--- a/docs/plat/arm/tc/index.rst
+++ b/docs/plat/arm/tc/index.rst
@@ -18,7 +18,7 @@
is the CPUs supported as below:
- TC0 has support for Cortex A510, Cortex A710 and Cortex X2. (Note TC0 is now deprecated)
-- TC1 has support for Cortex A510, Cortex A715 and Cortex X3.
+- TC1 has support for Cortex A510, Cortex A715 and Cortex X3. (Note TC1 is now deprecated)
- TC2 has support for Cortex A520, Cortex A720 and Cortex x4.
Boot Sequence
diff --git a/docs/plat/index.rst b/docs/plat/index.rst
index fc3effd..b1ccaa5 100644
--- a/docs/plat/index.rst
+++ b/docs/plat/index.rst
@@ -73,12 +73,14 @@
+----------------+----------------+--------------------+--------------------+
| mt6795 | MTK | 2.5 | 2.7 |
+----------------+----------------+--------------------+--------------------+
-| sgi575 | Arm | 2.8 | 2.10 |
+| sgi575 | Arm | 2.8 | TBD |
+----------------+----------------+--------------------+--------------------+
-| rdn1edge | Arm | 2.8 | 2.10 |
+| rdn1edge | Arm | 2.8 | TBD |
+----------------+----------------+--------------------+--------------------+
| tc0 | Arm | 2.8 | 2.10 |
+----------------+----------------+--------------------+--------------------+
+| tc1 | Arm | 2.10 | TBD |
++----------------+----------------+--------------------+--------------------+
| rde1edge | Arm | 2.9 | 3.0 |
+----------------+----------------+--------------------+--------------------+
diff --git a/docs/plat/xilinx-versal-net.rst b/docs/plat/xilinx-versal-net.rst
index 5d04639..1db7695 100644
--- a/docs/plat/xilinx-versal-net.rst
+++ b/docs/plat/xilinx-versal-net.rst
@@ -14,6 +14,11 @@
make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal_net bl31
```
+To build bl32 TSP you have to rebuild bl31 too
+```bash
+make CROSS_COMPILE=aarch64-none-elf- PLAT=versal_net SPD=tspd RESET_TO_BL31=1 bl31 bl32
+```
+
To build TF-A for JTAG DCC console:
```bash
make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal_net VERSAL_NET_CONSOLE=dcc bl31
diff --git a/docs/plat/xilinx-versal.rst b/docs/plat/xilinx-versal.rst
index 09a6ee2..b71776d 100644
--- a/docs/plat/xilinx-versal.rst
+++ b/docs/plat/xilinx-versal.rst
@@ -19,6 +19,11 @@
make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal VERSAL_PLATFORM=versal_virt bl31
```
+To build bl32 TSP you have to rebuild bl31 too
+```bash
+make CROSS_COMPILE=aarch64-none-elf- PLAT=versal SPD=tspd RESET_TO_BL31=1 bl31 bl32
+```
+
To build TF-A for JTAG DCC console
```bash
make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal bl31 VERSAL_CONSOLE=dcc
diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst
index f612e1c..7c66d11 100644
--- a/docs/porting-guide.rst
+++ b/docs/porting-guide.rst
@@ -319,13 +319,6 @@
Firmware Update (FWU) certificate identifier, used by NS_BL1U to load the
FWU content certificate.
-- **#define : PLAT_CRYPTOCELL_BASE**
-
- This defines the base address of Arm® TrustZone® CryptoCell and must be
- defined if CryptoCell crypto driver is used for Trusted Board Boot. For
- capable Arm platforms, this driver is used if ``ARM_CRYPTOCELL_INTEG`` is
- set.
-
If the AP Firmware Updater Configuration image, BL2U is used, the following
must also be defined:
@@ -3298,10 +3291,10 @@
Argument : uint64_t
Return : void
-This function is invoked by the RAS framework for the platform to handle an
-External Abort received at EL3. The intention of the function is to attempt to
-resolve the cause of External Abort and return; if that's not possible, to
-initiate orderly shutdown of the system.
+This function is invoked by the runtime exception handling framework for the
+platform to handle an External Abort received at EL3. The intention of the
+function is to attempt to resolve the cause of External Abort and return;
+if that's not possible then an orderly shutdown of the system is initiated.
The first parameter (``int ea_reason``) indicates the reason for External Abort.
Its value is one of ``ERROR_EA_*`` constants defined in ``ea_handle.h``.
@@ -3316,13 +3309,8 @@
(``uint64_t flags``) indicates the preempted security state. These parameters
are received from the top-level exception handler.
-If ``RAS_FFH_SUPPORT`` is set to ``1``, the default implementation of this
-function iterates through RAS handlers registered by the platform. If any of the
-RAS handlers resolve the External Abort, no further action is taken.
-
-If ``RAS_FFH_SUPPORT`` is set to ``0``, or if none of the platform RAS handlers
-could resolve the External Abort, the default implementation prints an error
-message, and panics.
+This function must be implemented if a platform expects Firmware First handling
+of External Aborts.
Function : plat_handle_uncontainable_ea
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/resources/diagrams/bl31-exception-entry-error-synchronization.png b/docs/resources/diagrams/bl31-exception-entry-error-synchronization.png
new file mode 100644
index 0000000..cdfdcb9
--- /dev/null
+++ b/docs/resources/diagrams/bl31-exception-entry-error-synchronization.png
Binary files differ
diff --git a/docs/resources/diagrams/ffa-ns-interrupt-handling-managed-exit.png b/docs/resources/diagrams/ffa-ns-interrupt-handling-managed-exit.png
deleted file mode 100644
index 0619cf2..0000000
--- a/docs/resources/diagrams/ffa-ns-interrupt-handling-managed-exit.png
+++ /dev/null
Binary files differ
diff --git a/docs/resources/diagrams/ffa-ns-interrupt-handling-sp-preemption.png b/docs/resources/diagrams/ffa-ns-interrupt-handling-sp-preemption.png
deleted file mode 100644
index f110028..0000000
--- a/docs/resources/diagrams/ffa-ns-interrupt-handling-sp-preemption.png
+++ /dev/null
Binary files differ
diff --git a/docs/resources/diagrams/plantuml/tfa_arm_cca_dfd.puml b/docs/resources/diagrams/plantuml/tfa_arm_cca_dfd.puml
new file mode 100644
index 0000000..493f078
--- /dev/null
+++ b/docs/resources/diagrams/plantuml/tfa_arm_cca_dfd.puml
@@ -0,0 +1,82 @@
+/'
+ ' Copyright (c) 2023, Arm Limited. All rights reserved.
+ '
+ ' SPDX-License-Identifier: BSD-3-Clause
+ '/
+
+/'
+TF-A with Arm CCA Data Flow Diagram
+'/
+
+@startuml
+digraph tfa_dfd {
+
+ # Arrange nodes from left to right
+ rankdir="LR"
+
+ # Allow arrows to end on cluster boundaries
+ compound=true
+
+ # Default settings for edges and nodes
+ edge [minlen=2 color="#8c1b07"]
+ node [fillcolor="#ffb866" style=filled shape=box fixedsize=true width=1.6 height=0.7]
+
+ # Nodes outside of the trust boundary
+ realm [label="Realm\nClients"]
+ nsec [label="Non-secure\nClients"]
+ sec [label="Secure\nClients"]
+ dbg [label="Debug & Trace"]
+ uart [label="UART"]
+ nvm [label="Non-volatile\nMemory"]
+
+ # Trust boundary cluster
+ subgraph cluster_trusted{
+ graph [style=dashed color="#f22430"]
+
+ # HW IPs cluster
+ subgraph cluster_ip{
+ label ="Hardware IPs";
+ graph [style=filled color="#000000" fillcolor="#ffd29e"]
+
+ rank="same"
+ gic [label="GIC" width=1.2 height=0.5]
+ mmu [label="MMU" width=1.2 height=0.5]
+ etc [label="..." shape=none style=none height=0.5]
+ }
+
+ # TF-A cluster
+ subgraph cluster_tfa{
+ label ="TF-A";
+ graph [style=filled color="#000000" fillcolor="#faf9cd"]
+
+ bl1 [label="Boot ROM\n(BL1)" fillcolor="#ddffb3"];
+ bl2 [label="Trusted Boot\nFirmware\n(BL2)" fillcolor="#ddffb3" height=1]
+ bl31 [label="TF-A Runtime\n(BL31)" fillcolor="#ddffb3"]
+ }
+
+ # HES cluster
+ subgraph cluster_hes{
+ label ="Arm CCA HES";
+ graph [style=filled color="#000000" fillcolor="#ffd29e"]
+
+ hes [label="Hardware\nEnforced Security"]
+ }
+ }
+
+ # Interactions between nodes
+
+ # -- The following lines are copied from tfa_dfd.puml and must not be
+ # changed, at the risk of invalidating DF* references.
+ nvm -> bl31 [lhead=cluster_tfa label="DF1"]
+ uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
+ dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
+ sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
+ nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
+ bl2 -> mmu [dir="both" ltail=cluster_tfa lhead=cluster_ip label="DF6"]
+
+ # -- The following lines are new for Arm CCA DFD.
+ bl2 -> hes [dir="both" ltail=cluster_tfa lhead=cluster_hes label="DF7"]
+ realm -> bl2 [dir="both" lhead=cluster_tfa label="DF8"]
+}
+
+@enduml
diff --git a/docs/resources/diagrams/plantuml/tfa_dfd.puml b/docs/resources/diagrams/plantuml/tfa_dfd.puml
index 0007911..9d3dcba 100644
--- a/docs/resources/diagrams/plantuml/tfa_dfd.puml
+++ b/docs/resources/diagrams/plantuml/tfa_dfd.puml
@@ -25,7 +25,7 @@
nsec [label="Non-secure\nClients"]
sec [label="Secure\nClients"]
dbg [label="Debug & Trace"]
- logs [label="Logs\n(UART)"]
+ uart [label="UART"]
nvm [label="Non-volatile\nMemory"]
# Trust boundary cluster
@@ -56,7 +56,7 @@
# Interactions between nodes
nvm -> bl31 [lhead=cluster_tfa label="DF1"]
- logs -> bl31 [dir="back" lhead=cluster_tfa label="DF2"]
+ uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
diff --git a/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml b/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
index 23f5b17..a7e0ce5 100644
--- a/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
+++ b/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
@@ -25,7 +25,7 @@
nsec [label="Non-secure\nClients"]
sec [label="Secure\nClients"]
dbg [label="Debug & Trace"]
- logs [label="Logs\n(UART)"]
+ uart [label="UART"]
nvm [label="Non-volatile\nMemory"]
@@ -65,7 +65,7 @@
# Interactions between nodes
nvm -> bl31 [lhead=cluster_tfa label="DF1"]
- logs -> bl31 [dir="back" lhead=cluster_tfa label="DF2"]
+ uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
diff --git a/docs/threat_model/index.rst b/docs/threat_model/index.rst
index b22fb18..e22378b 100644
--- a/docs/threat_model/index.rst
+++ b/docs/threat_model/index.rst
@@ -31,10 +31,10 @@
:caption: Contents
threat_model
- threat_model_spm
threat_model_el3_spm
threat_model_fvp_r
threat_model_rss_interface
+ threat_model_arm_cca
--------------
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 57a5e1b..0da2558 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -36,6 +36,9 @@
- There are no Root and Realm worlds. These are introduced by :ref:`Realm
Management Extension (RME)`.
+ The :ref:`Threat Model for TF-A with Arm CCA support` covers these types of
+ configurations.
+
- No experimental features are enabled. We do not consider threats that may come
from them.
@@ -63,8 +66,10 @@
| | images include TF-A BL2 and BL31 images, as well as |
| | other secure and non-secure images. |
+-----------------+--------------------------------------------------------+
- | DF2 | | TF-A log system framework outputs debug messages |
- | | over a UART interface. |
+ | DF2 | | TF-A log system framework outputs debug or |
+ | | informative messages over a UART interface. |
+ | | |
+ | | | Also, characters can be read from a UART interface. |
+-----------------+--------------------------------------------------------+
| DF3 | | Debug and trace IP on a platform can allow access |
| | to registers and memory of TF-A. |
@@ -272,6 +277,8 @@
them. To help developers implement mitigations in the right place, threats below
are categorized based on the firmware image that should mitigate them.
+.. _General Threats:
+
General Threats for All Firmware Images
---------------------------------------
@@ -552,9 +559,62 @@
| | soon as they are not needed anymore. |
+------------------------+-----------------------------------------------------+
| Mitigations | | Yes / Platform specific |
+| implemented? | |
+------------------------+-----------------------------------------------------+
++------------------------+-----------------------------------------------------+
+| ID | 15 |
++========================+=====================================================+
+| Threat | | **Improper handling of input data received over |
+| | a UART interface may allow an attacker to tamper |
+| | with TF-A execution environment.** |
+| | |
+| | | The consequences of the attack depend on the |
+| | the exact usage of input data received over UART. |
+| | Examples are injection of arbitrary data, |
+| | sensitive data tampering, influencing the |
+| | execution path, denial of service (if using |
+| | blocking I/O). This list may not be exhaustive. |
++------------------------+-----------------------------------------------------+
+| Diagram Elements | DF2, DF4, DF5 |
++------------------------+-----------------------------------------------------+
+| Affected TF-A | BL1, BL2, BL31 |
+| Components | |
++------------------------+-----------------------------------------------------+
+| Assets | Sensitive Data, Code Execution, Availability |
++------------------------+-----------------------------------------------------+
+| Threat Agent | NSCode, SecCode |
++------------------------+-----------------------------------------------------+
+| Threat Type | Tampering, Information Disclosure, Denial of |
+| | service, Elevation of privilege. |
++------------------------+-------------------+----------------+----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-------------------+----------------+----------------+
+| Impact | Critical (5) | Critical (5) | Critical (5) |
++------------------------+-------------------+----------------+----------------+
+| Likelihood | Critical (5) | Critical (5) | Critical (5) |
++------------------------+-------------------+----------------+----------------+
+| Total Risk Rating | Critical (25) | Critical (25) | Critical (25) |
++------------------------+-------------------+----------------+----------------+
+| Mitigations | | By default, the code to read input data from UART |
+| | interfaces is disabled (see `ENABLE_CONSOLE_GETC` |
+| | build option). It should only be enabled on a |
+| | need basis. |
+| | |
+| | | Data received over UART interfaces should be |
+| | treated as untrusted data. As such, it should be |
+| | properly sanitized and handled with caution. |
++------------------------+-----------------------------------------------------+
+| Mitigations | | Platform specific. |
+| implemented? | |
+| | | Generic code does not read any input data from |
+| | UART interface(s). |
++------------------------+-----------------------------------------------------+
+
+
+.. _Boot Firmware Threats:
+
Threats to be Mitigated by the Boot Firmware
--------------------------------------------
@@ -789,6 +849,8 @@
since the |SRTM| includes all secure world components.
+.. _Runtime Firmware Threats:
+
Threats to be Mitigated by the Runtime EL3 Firmware
---------------------------------------------------
diff --git a/docs/threat_model/threat_model_arm_cca.rst b/docs/threat_model/threat_model_arm_cca.rst
new file mode 100644
index 0000000..fbf3327
--- /dev/null
+++ b/docs/threat_model/threat_model_arm_cca.rst
@@ -0,0 +1,225 @@
+Threat Model for TF-A with Arm CCA support
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Introduction
+************
+
+This document provides a threat model of TF-A firmware for platforms with Arm
+Realm Management Extension (RME) support which implement Arm Confidential
+Compute Architecture (Arm CCA).
+
+Although it is a separate document, it references the :ref:`Generic Threat
+Model` in a number of places, as some of the contents is commonly applicable to
+TF-A with or without Arm CCA support.
+
+Target of Evaluation
+********************
+
+In this threat model, the target of evaluation is the Trusted Firmware for
+A-class Processors (TF-A) with RME support and Arm CCA support. This includes
+the boot ROM (BL1), the trusted boot firmware (BL2) and the runtime EL3 firmware
+(BL31).
+
+Assumptions
+===========
+
+We make the following assumptions:
+
+- :ref:`Realm Management Extension (RME)` is enabled on the platform.
+
+- Arm CCA Hardware Enforced Security (HES) is available on the platform, as
+ recommended by `Arm CCA security model`_:
+
+ *[R0004] Arm strongly recommends that all implementations of CCA utilize*
+ *hardware enforced security (CCA HES).*
+
+- All TF-A images run from on-chip memory. Data used by these images also live
+ in on-chip memory. This means TF-A is not vulnerable to an attacker that can
+ probe or tamper with off-chip memory.
+
+ These are requirements of the `Arm CCA security model`_:
+
+ *[R0147] Monitor code executes entirely from on-chip memory.*
+
+ *[R0149] Any monitor data that may affect the CCA security guarantee, other*
+ *than GPT, is either held in on-chip memory, or in external memory but with*
+ *additional integrity protection.*
+
+ Note that this threat model hardens *[R0149]* requirement by forbidding to
+ hold data in external memory, even if it is integrity-protected - except for
+ GPT data.
+
+- TF-A BL1 image is immutable and thus implicitly trusted. It runs from
+ read-only memory or write-protected memory. This could be on-chip ROM, on-chip
+ OTP, locked on-chip flash, or write-protected on-chip RAM for example.
+
+ This is a requirement of the `Arm CCA security model`_:
+
+ *[R0158] Arm recommends that all initial boot code is immutable on a*
+ *secured system.*
+
+ *[R0050] If all or part of initial boot code is instantiated in on-chip*
+ *memory then other trusted subsystems or application PE cannot modify that*
+ *code before it has been executed.*
+
+- Trusted boot and measured boot are enabled. This means an attacker can't boot
+ arbitrary images that are not approved by platform providers.
+
+ These are requirements of the `Arm CCA security model`_:
+
+ *[R0048] A secured system can only load authorized CCA firmware.*
+
+ *[R0079] All Monitor firmware loaded by PE initial boot is measured and*
+ *verified as outlined in Verified boot.*
+
+- No experimental features are enabled. These are typically incomplete features,
+ which need more time to stabilize. Thus, we do not consider threats that may
+ come from them. It is not recommended to use these features in production
+ builds.
+
+Data Flow Diagram
+=================
+
+Figure 1 shows a high-level data flow diagram for TF-A. The diagram shows a
+model of the different components of a TF-A-based system and their interactions
+with TF-A. A description of each diagram element is given on Table 1. On the
+diagram, the red broken lines indicate trust boundaries. Components outside of
+the broken lines are considered untrusted by TF-A.
+
+.. uml:: ../resources/diagrams/plantuml/tfa_arm_cca_dfd.puml
+ :caption: Figure 1: Data Flow Diagram
+
+.. table:: Table 1: Data Flow Diagram Description
+
+ +-----------------+--------------------------------------------------------+
+ | Diagram Element | Description |
+ +=================+========================================================+
+ | DF1 | | Refer to DF1 description in the |
+ | | :ref:`Generic Threat Model`. Additionally TF-A |
+ | | loads realm images. |
+ +-----------------+--------------------------------------------------------+
+ | DF2-DF6 | | Refer to DF2-DF6 descriptions in the |
+ | | :ref:`Generic Threat Model`. |
+ +-----------------+--------------------------------------------------------+
+ | DF7 | | Boot images interact with Arm CCA HES to record boot |
+ | | measurements and retrieve data used for AP images |
+ | | authentication. |
+ | | |
+ | | | The runtime firmware interacts with Arm CCA HES to |
+ | | obtain sensitive attestation data for the realm |
+ | | world. |
+ +-----------------+--------------------------------------------------------+
+ | DF8 | | Realm world software (e.g. TF-RMM) interact with |
+ | | TF-A through SMC call interface and/or shared |
+ | | memory. |
+ +-----------------+--------------------------------------------------------+
+
+Threat Analysis
+***************
+
+In this threat model, we use the same method to analyse threats as in the
+:ref:`Generic Threat Model`. This section only points out differences where
+applicable.
+
+- There is an additional threat agent: *RealmCode*. It takes the form of
+ malicious or faulty code running in the realm world, including R-EL2, R-EL1
+ and R-EL0 levels.
+
+- At this time we only consider the ``Server`` target environment. New threats
+ identified in this threat model will only be given a risk rating for this
+ environment. Other environments may be added in a future revision
+
+Threat Assessment
+=================
+
+General Threats for All Firmware Images
+---------------------------------------
+
+The following table analyses the :ref:`General Threats` in the context of this
+threat model. Only deltas are pointed out.
+
+ +----+-------------+-------------------------------------------------------+
+ | ID | Applicable? | Comments |
+ +====+=============+=======================================================+
+ | 05 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+ | 06 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+ | 08 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 11 | Yes | | Misconfiguration of the Memory Management Unit |
+ | | | (MMU) may allow a **normal/secure/realm** world |
+ | | | software to access sensitive data, execute arbitrary|
+ | | | code or access otherwise restricted HW interface. |
+ | | | |
+ | | | | **Note that on RME systems, MMU configuration also |
+ | | | includes Granule Protection Tables (GPT) setup.** |
+ | | | |
+ | | | | Additional diagram elements: DF4, DF7, DF8. |
+ | | | |
+ | | | | Additional threat agents: SecCode, RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 13 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 15 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+
+Threats to be Mitigated by the Boot Firmware
+--------------------------------------------
+
+The following table analyses the :ref:`Boot Firmware Threats` in the context of
+this threat model. Only deltas are pointed out.
+
+ +----+-------------+-------------------------------------------------------+
+ | ID | Applicable? | Comments |
+ +====+=============+=======================================================+
+ | 01 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 02 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 03 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+ | 04 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+
+Threats to be Mitigated by the Runtime EL3 Firmware
+---------------------------------------------------
+
+The following table analyses the :ref:`Runtime Firmware Threats` in the context
+of this threat model. Only deltas are pointed out.
+
+ +----+-------------+-------------------------------------------------------+
+ | ID | Applicable? | Comments |
+ +====+=============+=======================================================+
+ | 07 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 09 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 10 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 12 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 14 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+
+*Copyright (c) 2023, Arm Limited. All rights reserved.*
+
+.. _Arm CCA Security Model: https://developer.arm.com/documentation/DEN0096/A_a
diff --git a/docs/threat_model/threat_model_fvp_r.rst b/docs/threat_model/threat_model_fvp_r.rst
index c1462bb..725eeed 100644
--- a/docs/threat_model/threat_model_fvp_r.rst
+++ b/docs/threat_model/threat_model_fvp_r.rst
@@ -90,8 +90,10 @@
and since the MPU configuration is equivalent with that for the fvp
platform and others, this is not expected to be a concern.
+ - ID 15: Improper handling of input data received over a UART interface may
+ allow an attacker to tamper with TF-A execution environment.
--------------
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
diff --git a/docs/threat_model/threat_model_spm.rst b/docs/threat_model/threat_model_spm.rst
deleted file mode 100644
index 24a115b..0000000
--- a/docs/threat_model/threat_model_spm.rst
+++ /dev/null
@@ -1,1340 +0,0 @@
-SPMC Threat Model
-*****************
-
-************************
-Introduction
-************************
-This document provides a threat model for the TF-A :ref:`Secure Partition Manager`
-(SPM) implementation or more generally the S-EL2 reference firmware running on
-systems implementing the FEAT_SEL2 (formerly Armv8.4 Secure EL2) architecture
-extension. The SPM implementation is based on the `Arm Firmware Framework for
-Arm A-profile`_ specification.
-
-In brief, the broad FF-A specification and S-EL2 firmware implementation
-provide:
-
-- Isolation of mutually mistrusting SW components, or endpoints in the FF-A
- terminology.
-- Distinct sandboxes in the secure world called secure partitions. This permits
- isolation of services from multiple vendors.
-- A standard protocol for communication and memory sharing between FF-A
- endpoints.
-- Mutual isolation of the normal world and the secure world (e.g. a Trusted OS
- is prevented to map an arbitrary NS physical memory region such as the kernel
- or the Hypervisor).
-
-************************
-Target of Evaluation
-************************
-In this threat model, the target of evaluation is the S-EL2 firmware or the
-``Secure Partition Manager Core`` component (SPMC).
-The monitor and SPMD at EL3 are covered by the :ref:`Generic TF-A threat model
-<threat_analysis>`.
-
-The scope for this threat model is:
-
-- The TF-A implementation for the S-EL2 SPMC based on the Hafnium hypervisor
- running in the secure world of TrustZone (at S-EL2 exception level).
- The threat model is not related to the normal world Hypervisor or VMs.
- The S-EL1 and EL3 SPMC solutions are not covered.
-- The implementation complies with the FF-A v1.0 specification, and a few
- features of FF-A v1.1 specification.
-- Secure partitions are statically provisioned at boot time.
-- Focus on the run-time part of the life-cycle (no specific emphasis on boot
- time, factory firmware provisioning, firmware udpate etc.)
-- Not covering advanced or invasive physical attacks such as decapsulation,
- FIB etc.
-- Assumes secure boot or in particular TF-A trusted boot (TBBR or dual CoT) is
- enabled. An attacker cannot boot arbitrary images that are not approved by the
- SiP or platform providers.
-
-Data Flow Diagram
-======================
-Figure 1 shows a high-level data flow diagram for the SPM split into an SPMD
-component at EL3 and an SPMC component at S-EL2. The SPMD mostly acts as a
-relayer/pass-through between the normal world and the secure world. It is
-assumed to expose small attack surface.
-
-A description of each diagram element is given in Table 1. In the diagram, the
-red broken lines indicate trust boundaries.
-
-Components outside of the broken lines are considered untrusted.
-
-.. uml:: ../resources/diagrams/plantuml/spm_dfd.puml
- :caption: Figure 1: SPMC Data Flow Diagram
-
-.. table:: Table 1: SPMC Data Flow Diagram Description
-
- +---------------------+--------------------------------------------------------+
- | Diagram Element | Description |
- +=====================+========================================================+
- | ``DF1`` | SP to SPMC communication. FF-A function invocation or |
- | | implementation-defined Hypervisor call. |
- +---------------------+--------------------------------------------------------+
- | ``DF2`` | SPMC to SPMD FF-A call. |
- +---------------------+--------------------------------------------------------+
- | ``DF3`` | SPMD to NS forwarding. |
- +---------------------+--------------------------------------------------------+
- | ``DF4`` | SP to SP FF-A direct message request/response. |
- | | Note as a matter of simplifying the diagram |
- | | the SP to SP communication happens through the SPMC |
- | | (SP1 performs a direct message request to the |
- | | SPMC targeting SP2 as destination. And similarly for |
- | | the direct message response from SP2 to SP1). |
- +---------------------+--------------------------------------------------------+
- | ``DF5`` | HW control. |
- +---------------------+--------------------------------------------------------+
- | ``DF6`` | Bootloader image loading. |
- +---------------------+--------------------------------------------------------+
- | ``DF7`` | External memory access. |
- +---------------------+--------------------------------------------------------+
-
-*********************
-Threat Analysis
-*********************
-
-This threat model follows a similar methodology to the :ref:`Generic TF-A threat model
-<threat_analysis>`.
-The following sections define:
-
-- Trust boundaries
-- Assets
-- Theat agents
-- Threat types
-
-Trust boundaries
-============================
-
-- Normal world is untrusted.
-- Secure world and normal world are separate trust boundaries.
-- EL3 monitor, SPMD and SPMC are trusted.
-- Bootloaders (in particular BL1/BL2 if using TF-A) and run-time BL31 are
- implicitely trusted by the usage of secure boot.
-- EL3 monitor, SPMD, SPMC do not trust SPs.
-
-.. figure:: ../resources/diagrams/spm-threat-model-trust-boundaries.png
-
- Figure 2: Trust boundaries
-
-Assets
-============================
-
-The following assets are identified:
-
-- SPMC state.
-- SP state.
-- Information exchange between endpoints (partition messages).
-- SPMC secrets (e.g. pointer authentication key when enabled)
-- SP secrets (e.g. application keys).
-- Scheduling cycles.
-- Shared memory.
-
-Threat Agents
-============================
-
-The following threat agents are identified:
-
-- NS-Endpoint identifies a non-secure endpoint: normal world client at NS-EL2
- (Hypervisor) or NS-EL1 (VM or OS kernel).
-- S-Endpoint identifies a secure endpoint typically a secure partition.
-- Hardware attacks (non-invasive) requiring a physical access to the device,
- such as bus probing or DRAM stress.
-
-Threat types
-============================
-
-The following threat categories as exposed in the :ref:`Generic TF-A threat model
-<threat_analysis>`
-are re-used:
-
-- Spoofing
-- Tampering
-- Repudiation
-- Information disclosure
-- Denial of service
-- Elevation of privileges
-
-Similarly this threat model re-uses the same threat risk ratings. The risk
-analysis is evaluated based on the environment being ``Server`` or ``Mobile``.
-
-Threat Assessment
-============================
-
-The following threats are identified by applying STRIDE analysis on each diagram
-element of the data flow diagram.
-
-+------------------------+----------------------------------------------------+
-| ID | 01 |
-+========================+====================================================+
-| ``Threat`` | **An endpoint impersonates the sender or receiver |
-| | FF-A ID in a direct request/response invocation.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMD, SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------++----------------+---------------+
-| ``Impact`` | Critical(5) | Critical(5) | |
-+------------------------+------------------++----------------+---------------+
-| ``Likelihood`` | Critical(5) | Critical(5) | |
-+------------------------+------------------++----------------+---------------+
-| ``Total Risk Rating`` | Critical(25) | Critical(25) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
-| | The guidance below is left for a system integrator |
-| | to implemented as necessary. |
-| | The SPMC must enforce checks in the direct message |
-| | request/response interfaces such an endpoint cannot|
-| | spoof the origin and destination worlds (e.g. a NWd|
-| | originated message directed to the SWd cannot use a|
-| | SWd ID as the sender ID). |
-| | Additionally a software component residing in the |
-| | SPMC can be added for the purpose of direct |
-| | request/response filtering. |
-| | It can be configured with the list of known IDs |
-| | and about which interaction can occur between one |
-| | and another endpoint (e.g. which NWd endpoint ID |
-| | sends a direct request to which SWd endpoint ID). |
-| | This component checks the sender/receiver fields |
-| | for a legitimate communication between endpoints. |
-| | A similar component can exist in the OS kernel |
-| | driver, or Hypervisor although it remains untrusted|
-| | by the SPMD/SPMC. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 02 |
-+========================+====================================================+
-| ``Threat`` | **Tampering with memory shared between an endpoint |
-| | and the SPMC.** |
-| | A malicious endpoint may attempt tampering with its|
-| | RX/TX buffer contents while the SPMC is processing |
-| | it (TOCTOU). |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF3, DF4, DF7 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | Shared memory, Information exchange |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | High (4) | High (4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (16) | High (16) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | In context of FF-A v1.0 and v1.1 this is the case |
-| | of sharing the RX/TX buffer pair and usage in the |
-| | PARTITION_INFO_GET or mem sharing primitives. |
-| | The SPMC must copy the contents of the TX buffer |
-| | to an internal temporary buffer before processing |
-| | its contents. The SPMC must implement hardened |
-| | input validation on data transmitted through the TX|
-| | buffer by an untrusted endpoint. |
-| | The TF-A SPMC mitigates this threat by enforcing |
-| | checks on data transmitted through RX/TX buffers. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 03 |
-+========================+====================================================+
-| ``Threat`` | **An endpoint may tamper with its own state or the |
-| | state of another endpoint.** |
-| | A malicious endpoint may attempt violating: |
-| | - its own or another SP state by using an unusual |
-| | combination (or out-of-order) FF-A function |
-| | invocations. |
-| | This can also be an endpoint emitting |
-| | FF-A function invocations to another endpoint while|
-| | the latter is not in a state to receive it (e.g. a |
-| | SP sends a direct request to the normal world early|
-| | while the normal world is not booted yet). |
-| | - the SPMC state itself by employing unexpected |
-| | transitions in FF-A memory sharing, direct requests|
-| | and responses, or handling of interrupts. |
-| | This can be led by random stimuli injection or |
-| | fuzzing. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMD, SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state, SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (12) | High (12) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC provides mitigation against such |
-| | threat by following the guidance for partition |
-| | runtime models as described in FF-A v1.1 EAC0 spec.|
-| | The SPMC performs numerous checks in runtime to |
-| | prevent illegal state transitions by adhering to |
-| | the partition runtime model. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 04 |
-+========================+====================================================+
-| ``Threat`` | *An attacker may attempt injecting errors by the |
-| | use of external DRAM stress techniques.** |
-| | A malicious agent may attempt toggling an SP |
-| | Stage-2 MMU descriptor bit within the page tables |
-| | that the SPMC manages. This can happen in Rowhammer|
-| | types of attack. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF7 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP or SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | Hardware attack |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | Low (2) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | Medium (8) | High (12) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | The TF-A SPMC does not provide mitigations to this |
-| | type of attack. It can be addressed by the use of |
-| | dedicated HW circuity or hardening at the chipset |
-| | or platform level left to the integrator. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 05 |
-+========================+====================================================+
-| ``Threat`` | **Protection of the SPMC from a DMA capable device |
-| | upstream to an SMMU.** |
-| | A device may attempt to tamper with the internal |
-| | SPMC code/data sections. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC or SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Elevation of privileges |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | High (12) | High (12) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | A platform may prefer assigning boot time, |
-| | statically alocated memory regions through the SMMU|
-| | configuration and page tables. The FF-A v1.1 |
-| | specification provisions this capability through |
-| | static DMA isolation. |
-| | The TF-A SPMC does not mitigate this threat. |
-| | It will adopt the static DMA isolation approach in |
-| | a future release. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 06 |
-+========================+====================================================+
-| ``Threat`` | **Replay fragments of past communication between |
-| | endpoints.** |
-| | A malicious endpoint may replay a message exchange |
-| | that occured between two legitimate endpoint as |
-| | a matter of triggering a malfunction or extracting |
-| | secrets from the receiving endpoint. In particular |
-| | the memory sharing operation with fragmented |
-| | messages between an endpoint and the SPMC may be |
-| | replayed by a malicious agent as a matter of |
-| | getting access or gaining permissions to a memory |
-| | region which does not belong to this agent. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | Information exchange |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Repdudiation |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | High (4) | High (4) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | High (12) | High (12) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 07 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may attempt to extract data |
-| | or state information by the use of invalid or |
-| | incorrect input arguments.** |
-| | Lack of input parameter validation or side effects |
-| | of maliciously forged input parameters might affect|
-| | the SPMC. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMD, SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP secrets, SPMC secrets, SP state, SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information discolure |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | High (12) | High (12) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | Secure Partitions must follow security standards |
-| | and best practises as a way to mitigate the risk |
-| | of common vulnerabilities to be exploited. |
-| | The use of software (canaries) or hardware |
-| | hardening techniques (XN, WXN, BTI, pointer |
-| | authentication, MTE) helps detecting and stopping |
-| | an exploitation early. |
-| | The TF-A SPMC mitigates this threat by implementing|
-| | stack protector, pointer authentication, BTI, XN, |
-| | WXN, security hardening techniques. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 08 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may forge a direct message |
-| | request such that it reveals the internal state of |
-| | another endpoint through the direct message |
-| | response.** |
-| | The secure partition or SPMC replies to a partition|
-| | message by a direct message response with |
-| | information which may reveal its internal state |
-| | (.e.g. partition message response outside of |
-| | allowed bounds). |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC or SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information discolure |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | Low (2) | Low (2) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | Medium (6) | Medium (6) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | For the specific case of direct requests targeting |
-| | the SPMC, the latter is hardened to prevent |
-| | its internal state or the state of an SP to be |
-| | revealed through a direct message response. |
-| | Further, SPMC performs numerous checks in runtime |
-| | on the basis of the rules established by partition |
-| | runtime models to stop any malicious attempts by |
-| | an endpoint to extract internal state of another |
-| | endpoint. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 09 |
-+========================+====================================================+
-| ``Threat`` | **Probing the FF-A communication between |
-| | endpoints.** |
-| | SPMC and SPs are typically loaded to external |
-| | memory (protected by a TrustZone memory |
-| | controller). A malicious agent may use non invasive|
-| | methods to probe the external memory bus and |
-| | extract the traffic between an SP and the SPMC or |
-| | among SPs when shared buffers are held in external |
-| | memory. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF7 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP/SPMC state, SP/SPMC secrets |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | Hardware attack |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information disclosure |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low (2) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (6) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | It is expected the platform or chipset provides |
-| | guarantees in protecting the DRAM contents. |
-| | The TF-A SPMC does not mitigate this class of |
-| | attack and this is left to the integrator. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 10 |
-+========================+====================================================+
-| ``Threat`` | **A malicious agent may attempt revealing the SPMC |
-| | state or secrets by the use of software-based cache|
-| | side-channel attack techniques.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF7 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP or SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information disclosure |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low (2) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (6) | Medium (6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | From an integration perspective it is assumed |
-| | platforms consuming the SPMC component at S-EL2 |
-| | (hence implementing the Armv8.4 FEAT_SEL2 |
-| | architecture extension) implement mitigations to |
-| | Spectre, Meltdown or other cache timing |
-| | side-channel type of attacks. |
-| | The TF-A SPMC implements one mitigation (barrier |
-| | preventing speculation past exeception returns). |
-| | The SPMC may be hardened further with SW |
-| | mitigations (e.g. speculation barriers) for the |
-| | cases not covered in HW. Usage of hardened |
-| | compilers and appropriate options, code inspection |
-| | are recommended ways to mitigate Spectre types of |
-| | attacks. For non-hardened cores, the usage of |
-| | techniques such a kernel page table isolation can |
-| | help mitigating Meltdown type of attacks. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 11 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may attempt flooding the |
-| | SPMC with requests targeting a service within an |
-| | endpoint such that it denies another endpoint to |
-| | access this service.** |
-| | Similarly, the malicious endpoint may target a |
-| | a service within an endpoint such that the latter |
-| | is unable to request services from another |
-| | endpoint. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
-| | Bounding the time for operations to complete can |
-| | be achieved by the usage of a trusted watchdog. |
-| | Other quality of service monitoring can be achieved|
-| | in the SPMC such as counting a number of operations|
-| | in a limited timeframe. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 12 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may attempt to allocate |
-| | notifications bitmaps in the SPMC, through the |
-| | FFA_NOTIFICATION_BITMAP_CREATE.** |
-| | This might be an attempt to exhaust SPMC's memory, |
-| | or to allocate a bitmap for a VM that was not |
-| | intended to receive notifications from SPs. Thus |
-| | creating the possibility for a channel that was not|
-| | meant to exist. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of service, Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium(9) | Medium(9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this threat by defining a |
-| | a fixed size pool for bitmap allocation. |
-| | It also limits the designated FF-A calls to be used|
-| | from NWd endpoints. |
-| | In the NWd the hypervisor is supposed to limit the |
-| | access to the designated FF-A call. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 13 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may attempt to destroy the |
-| | notifications bitmaps in the SPMC, through the |
-| | FFA_NOTIFICATION_BITMAP_DESTROY.** |
-| | This might be an attempt to tamper with the SPMC |
-| | state such that a partition isn't able to receive |
-| | notifications. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Low(4) | Low(4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this issue by limiting the |
-| | designated FF-A call to be issued by the NWd. |
-| | Also, the notifications bitmap can't be destroyed |
-| | if there are pending notifications. |
-| | In the NWd, the hypervisor must restrict the |
-| | NS-endpoints that can issue the designated call. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 14 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint might attempt to give |
-| | permissions to an unintended sender to set |
-| | notifications targeting another receiver using the |
-| | FF-A call FFA_NOTIFICATION_BIND.** |
-| | This might be an attempt to tamper with the SPMC |
-| | state such that an unintended, and possibly |
-| | malicious, communication channel is established. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium(6) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this by restricting |
-| | designated FFA_NOTIFICATION_BIND call to be issued |
-| | by the receiver only. The receiver is responsible |
-| | for allocating the notifications IDs to one |
-| | specific partition. |
-| | Also, receivers that are not meant to receive |
-| | notifications, must have notifications receipt |
-| | disabled in the respective partition's manifest. |
-| | As for calls coming from NWd, if the NWd VM has had|
-| | its bitmap allocated at initialization, the TF-A |
-| | SPMC can't guarantee this threat won't happen. |
-| | The Hypervisor must mitigate in the NWd, similarly |
-| | to SPMC for calls in SWd. Though, if the Hypervisor|
-| | has been compromised, the SPMC won't be able to |
-| | mitigate it for calls forwarded from NWd. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 15 |
-+========================+====================================================+
-| ``Threat`` | **A malicious partition endpoint might attempt to |
-| | set notifications that are not bound to it.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Low(4) | Low(4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this by checking the |
-| | sender's ID provided in the input to the call |
-| | FFA_NOTIFICATION_SET. The SPMC keeps track of which|
-| | notifications are bound to which sender, for a |
-| | given receiver. If the sender is an SP, the |
-| | provided sender ID must match the ID of the |
-| | currently running partition. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 16 |
-+========================+====================================================+
-| ``Threat`` | **A malicious partition endpoint might attempt to |
-| | get notifications that are not targeted to it.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Informational(1) | Informational(1)| |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this by checking the |
-| | receiver's ID provided in the input to the call |
-| | FFA_NOTIFICATION_GET. The SPMC keeps track of which|
-| | notifications are pending for each receiver. |
-| | The provided receiver ID must match the ID of the |
-| | currently running partition, if it is an SP. |
-| | For calls forwarded from NWd, the SPMC will return |
-| | the pending notifications if the receiver had its |
-| | bitmap created, and has pending notifications. |
-| | If Hypervisor or OS kernel are compromised, the |
-| | SPMC won't be able to mitigate calls from rogue NWd|
-| | endpoints. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 17 |
-+========================+====================================================+
-| ``Threat`` | **A malicious partition endpoint might attempt to |
-| | get the information about pending notifications, |
-| | through the FFA_NOTIFICATION_INFO_GET call.** |
-| | This call is meant to be used by the NWd FF-A |
-| | driver. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information disclosure |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium(6) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this by returning error to |
-| | calls made by SPs to FFA_NOTIFICATION_INFO_GET. |
-| | If Hypervisor or OS kernel are compromised, the |
-| | SPMC won't be able mitigate calls from rogue NWd |
-| | endpoints. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 18 |
-+========================+====================================================+
-| ``Threat`` | **A malicious partition endpoint might attempt to |
-| | flood another partition endpoint with notifications|
-| | hindering its operation.** |
-| | The intent of the malicious endpoint could be to |
-| | interfere with both the receiver's and/or primary |
-| | endpoint execution, as they can both be preempted |
-| | by the NPI and SRI, respectively. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, CPU cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | DoS |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium(6) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
-| | However, the impact is limited due to the |
-| | architecture: |
-| | - Notifications are not queued, one that has been |
-| | signaled needs to be retrieved by the receiver, |
-| | until it can be sent again. |
-| | - Both SRI and NPI can't be pended until handled |
-| | which limits the amount of spurious interrupts. |
-| | - A given receiver could only bind a maximum number|
-| | of notifications to a given sender, within a given |
-| | execution context. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 19 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may abuse FFA_RUN call to |
-| | resume or turn on other endpoint execution |
-| | contexts, attempting to alter the internal state of|
-| | SPMC and SPs, potentially leading to illegal state |
-| | transitions and deadlocks.** |
-| | An endpoint can call into another endpoint |
-| | execution context using FFA_MSG_SEND_DIRECT_REQ |
-| | ABI to create a call chain. A malicious endpoint |
-| | could abuse this to form loops in a call chain that|
-| | could lead to potential deadlocks. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC provides mitigation against such |
-| | threats by following the guidance for partition |
-| | runtime models as described in FF-A v1.1 EAC0 spec.|
-| | The SPMC performs numerous checks in runtime to |
-| | prevent illegal state transitions by adhering to |
-| | the partition runtime model. Further, if the |
-| | receiver endpoint is a predecessor of current |
-| | endpoint in the present call chain, the SPMC denies|
-| | any attempts to form loops by returning FFA_DENIED |
-| | error code. Only the primary scheduler is allowed |
-| | to turn on execution contexts of other partitions |
-| | though SPMC does not have the ability to |
-| | scrutinize its identity. Secure partitions have |
-| | limited ability to resume execution contexts of |
-| | other partitions based on the runtime model. Such |
-| | attempts cannot compromise the integrity of the |
-| | SPMC. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 20 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint can perform a |
-| | denial-of-service attack by using FFA_INTERRUPT |
-| | call that could attempt to cause the system to |
-| | crash or enter into an unknown state as no physical|
-| | interrupt could be pending for it to be handled in |
-| | the SPMC.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC provides mitigation against such |
-| | attack by detecting invocations from partitions |
-| | and simply returning FFA_ERROR status interface. |
-| | SPMC only allows SPMD to use FFA_INTERRUPT ABI to |
-| | communicate a pending secure interrupt triggered |
-| | while execution was in normal world. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 21 |
-+========================+====================================================+
-| ``Threat`` | **A malicious secure endpoint might deactivate a |
-| | (virtual) secure interrupt that was not originally |
-| | signaled by SPMC, thereby attempting to alter the |
-| | state of the SPMC and potentially lead to system |
-| | crash.** |
-| | SPMC maps the virtual interrupt ids to the physical|
-| | interrupt ids to keep the implementation of virtual|
-| | interrupt driver simple. |
-| | Similarly, a malicious secure endpoint might invoke|
-| | the deactivation ABI more than once for a secure |
-| | interrupt. Moreover, a malicious secure endpoint |
-| | might attempt to deactivate a (virtual) secure |
-| | interrupt that was signaled to another endpoint |
-| | execution context by the SPMC even before secure |
-| | interrupt was handled. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | At initialization, the TF-A SPMC parses the |
-| | partition manifests to find the target execution |
-| | context responsible for handling the various |
-| | secure physical interrupts. The TF-A SPMC provides |
-| | mitigation against above mentioned threats by: |
-| | |
-| | - Keeping track of each pending virtual interrupt |
-| | signaled to an execution context of a secure |
-| | secure partition. |
-| | - Denying any deactivation call from SP if there is|
-| | no pending physical interrupt mapped to the |
-| | given virtual interrupt. |
-| | - Denying any deactivation call from SP if the |
-| | virtual interrupt has not been signaled to the |
-| | current execution context. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 22 |
-+========================+====================================================+
-| ``Threat`` | **A malicious secure endpoint might not deactivate |
-| | a virtual interrupt signaled to it by the SPMC but |
-| | perform secure interrupt signal completion. This |
-| | attempt to corrupt the internal state of the SPMC |
-| | could lead to an unknown state and further lead to |
-| | system crash.** |
-| | Similarly, a malicious secure endpoint could |
-| | deliberately not perform either interrupt |
-| | deactivation or interrupt completion signal. Since,|
-| | the SPMC can only process one secure interrupt at a|
-| | time, this could choke the system where all |
-| | interrupts are indefinitely masked which could |
-| | potentially lead to system crash or reboot. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not provide mitigation against |
-| | such threat. This is a limitation of the current |
-| | SPMC implementation and needs to be handled in the |
-| | future releases. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 23 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint could leverage non-secure |
-| | interrupts to preempt a secure endpoint, thereby |
-| | attempting to render it unable to handle a secure |
-| | virtual interrupt targetted for it. This could lead|
-| | to priority inversion as secure virtual interrupts |
-| | are kept pending while non-secure interrupts are |
-| | handled by normal world VMs.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC alone does not provide mitigation |
-| | against such threats. System integrators must take |
-| | necessary high level design decisions that takes |
-| | care of interrupt prioritization. The SPMC performs|
-| | its role of enabling SPs to specify appropriate |
-| | action towards non-secure interrupt with the help |
-| | of partition manifest based on the guidance in the |
-| | FF-A v1.1 EAC0 specification. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 24 |
-+========================+====================================================+
-| ``Threat`` | **A secure endpoint depends on primary scheduler |
-| | for CPU cycles. A malicious endpoint could delay |
-| | the secure endpoint from being scheduled. Secure |
-| | interrupts, if not handled timely, could compromise|
-| | the state of SP and SPMC, thereby rendering the |
-| | system unresponsive.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not provide full mitigation |
-| | against such threats. However, based on the |
-| | guidance provided in the FF-A v1.1 EAC0 spec, SPMC |
-| | provisions CPU cycles to run a secure endpoint |
-| | execution context in SPMC schedule mode which |
-| | cannot be preempted by a non-secure interrupt. |
-| | This reduces the dependency on primary scheduler |
-| | for cycle allocation. Moreover, all further |
-| | interrupts are masked until pending secure virtual |
-| | interrupt on current CPU is handled. This allows SP|
-| | execution context to make progress even upon being |
-| | interrupted. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 25 |
-+========================+====================================================+
-| ``Threat`` | **A rogue FF-A endpoint can use memory sharing |
-| | calls to exhaust SPMC resources.** |
-| | For each on-going operation that involves an SP, |
-| | the SPMC allocates resources to track its state. |
-| | If the operation is never concluded, the resources |
-| | are never freed. |
-| | In the worst scenario, multiple operations that |
-| | never conclude may exhaust the SPMC resources to a |
-| | point in which renders memory sharing operations |
-| | impossible. This could affect other, non-harmful |
-| | FF-A endpoints, from legitimately using memory |
-| | share functionality. The intent might even be |
-| | to cause the SPMC to consume excessive CPU cycles, |
-| | attempting to make it deny its service to the NWd. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | High (4) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (16) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC uses a statically allocated pool of |
-| | memory to keep track of on-going memory sharing |
-| | operations. After a possible attack, this could |
-| | fail due to insufficient memory, and return an |
-| | error to the caller. At this point, any other |
-| | endpoint that requires use of memory sharing for |
-| | its operation could get itself in an unusable |
-| | state. |
-| | Regarding CPU cycles starving threat, the SPMC |
-| | doesn't provide any mitigation for this, as any |
-| | FF-A endpoint, at the virtual FF-A instance is |
-| | allowed to invoke memory share/lend/donate. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 26 |
-+========================+====================================================+
-| ``Threat`` | **A borrower may interfere with lender's |
-| | operation, if it terminates due to a fatal error |
-| | condition without releasing the memory |
-| | shared/lent.** |
-| | Such scenario may render the lender inoperable. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (12) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not provide mitigation for such |
-| | scenario. The FF-A endpoints must attempt to |
-| | relinquish memory shared/lent themselves in |
-| | case of failure. The memory used to track the |
-| | operation in the SPMC will also remain usuable. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 27 |
-+========================+====================================================+
-| ``Threat`` | **A rogue FF-A endpoint may attempt to tamper with |
-| | the content of the memory shared/lent, whilst |
-| | being accessed by other FF-A endpoints.** |
-| | It might attempt to do so: using one of the clear |
-| | flags, when either retrieving or relinquishing |
-| | access to the memory via the respective FF-A |
-| | calls; or directly accessing memory without |
-| | respecting the synchronization protocol between |
-| | all involved endpoints. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, FF-A endpoint |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service, Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low (2) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (6) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The first case defined in the threat, the TF-A |
-| | SPMC mitigates it, by ensuring a memory is cleared |
-| | only when all borrowers have relinquished access |
-| | to the memory, in a scenario involving multiple |
-| | borrowers. Also, if the receiver is granted RO, |
-| | permissions, the SPMC will reject any request |
-| | to clear memory on behalf of the borrower, by |
-| | returning an error to the respective FF-A call. |
-| | The second case defined in the threat can't be |
-| | mitigated by the SPMC. It is up to the NS/S FF-A |
-| | endpoints to establish a robust protocol for using |
-| | the shared memory. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 28 |
-+========================+====================================================+
-| ``Threat`` | **A rogue FF-A endpoint may attempt to share |
-| | memory that is not in its translation regime, or |
-| | attempt to specify attributes more permissive than |
-| | those it possesses at a given time.** |
-| | Both ways could be an attempt for escalating its |
-| | privileges. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, FF-A endpoint |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service, Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (12) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this threat by performing |
-| | sanity checks to the provided memory region |
-| | descriptor. |
-| | For operations at the virtual FF-A instance, and |
-| | once the full memory descriptor is provided, |
-| | the SPMC validates that the memory is part of the |
-| | caller's translation regime. The SPMC also checks |
-| | that the memory attributes provided are within |
-| | those the owner possesses, in terms of |
-| | permissiveness. If more permissive attributes are |
-| | specified, the SPMC returns an error |
-| | FFA_INVALID_PARAMETERS. The permissiveness rules |
-| | are enforced in any call to share/lend or donate |
-| | the memory, and in retrieve requests. |
-+------------------------+----------------------------------------------------+
-
---------------
-
-*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
-
-.. _Arm Firmware Framework for Arm A-profile: https://developer.arm.com/docs/den0077/latest
-.. _FF-A ACS: https://github.com/ARM-software/ff-a-acs/releases
-
diff --git a/drivers/arm/dcc/dcc_console.c b/drivers/arm/dcc/dcc_console.c
index d8f9462..19c3450 100644
--- a/drivers/arm/dcc/dcc_console.c
+++ b/drivers/arm/dcc/dcc_console.c
@@ -137,7 +137,8 @@
static struct dcc_console dcc_console = {
.console = {
.flags = CONSOLE_FLAG_BOOT |
- CONSOLE_FLAG_RUNTIME,
+ CONSOLE_FLAG_RUNTIME |
+ CONSOLE_FLAG_CRASH,
.putc = dcc_console_putc,
#if ENABLE_CONSOLE_GETC
.getc = dcc_console_getc,
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index 14c3172..608866c 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -25,13 +25,6 @@
/* ASN.1 tags */
#define ASN1_INTEGER 0x02
-#define return_if_error(rc) \
- do { \
- if (rc != 0) { \
- return rc; \
- } \
- } while (0)
-
#pragma weak plat_set_nv_ctr2
static int cmp_auth_param_type_desc(const auth_param_type_desc_t *a,
@@ -99,24 +92,37 @@
{
void *data_ptr, *hash_der_ptr;
unsigned int data_len, hash_der_len;
- int rc = 0;
+ int rc;
/* Get the hash from the parent image. This hash will be DER encoded
* and contain the hash algorithm */
rc = auth_get_param(param->hash, img_desc->parent,
&hash_der_ptr, &hash_der_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Get the data to be hashed from the current image */
rc = img_parser_get_auth_param(img_desc->img_type, param->data,
img, img_len, &data_ptr, &data_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Ask the crypto module to verify this hash */
rc = crypto_mod_verify_hash(data_ptr, data_len,
hash_der_ptr, hash_der_len);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
- return rc;
+ return 0;
}
/*
@@ -153,22 +159,34 @@
void *data_ptr, *pk_ptr, *cnv_pk_ptr, *pk_plat_ptr, *sig_ptr, *sig_alg_ptr, *pk_oid;
unsigned int data_len, pk_len, cnv_pk_len, pk_plat_len, sig_len, sig_alg_len;
unsigned int flags = 0;
- int rc = 0;
+ int rc;
/* Get the data to be signed from current image */
rc = img_parser_get_auth_param(img_desc->img_type, param->data,
img, img_len, &data_ptr, &data_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Get the signature from current image */
rc = img_parser_get_auth_param(img_desc->img_type, param->sig,
img, img_len, &sig_ptr, &sig_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Get the signature algorithm from current image */
rc = img_parser_get_auth_param(img_desc->img_type, param->alg,
img, img_len, &sig_alg_ptr, &sig_alg_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Get the public key from the parent. If there is no parent (NULL),
* the certificate has been signed with the ROTPK, so we have to get
@@ -176,7 +194,11 @@
if (img_desc->parent != NULL) {
rc = auth_get_param(param->pk, img_desc->parent,
&pk_ptr, &pk_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
} else {
/*
* Root certificates are signed with the ROTPK, so we have to
@@ -184,7 +206,11 @@
*/
rc = plat_get_rotpk_info(param->pk->cookie, &pk_plat_ptr,
&pk_plat_len, &flags);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
assert(is_rotpk_flags_valid(flags));
@@ -192,7 +218,11 @@
rc = img_parser_get_auth_param(img_desc->img_type,
param->pk, img, img_len,
&pk_ptr, &pk_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/*
* Validate the certificate's key against the platform ROTPK.
@@ -211,7 +241,11 @@
* suffixed or modified pk
*/
rc = crypto_mod_convert_pk(pk_ptr, pk_len, &cnv_pk_ptr, &cnv_pk_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/*
* The hash of the certificate's public key must match
@@ -219,7 +253,11 @@
*/
rc = crypto_mod_verify_hash(cnv_pk_ptr, cnv_pk_len,
pk_plat_ptr, pk_plat_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
} else {
/* Platform supports full ROTPK */
if ((pk_len != pk_plat_len) ||
@@ -245,7 +283,8 @@
*/
rc = plat_mboot_measure_key(pk_oid, pk_ptr, pk_len);
if (rc != 0) {
- WARN("Public Key measurement failure = %d\n", rc);
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
}
}
@@ -254,8 +293,13 @@
sig_ptr, sig_len,
sig_alg_ptr, sig_alg_len,
pk_ptr, pk_len);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
- return rc;
+ return 0;
}
/*
@@ -283,14 +327,18 @@
void *data_ptr = NULL;
unsigned int data_len, len, i;
unsigned int plat_nv_ctr;
- int rc = 0;
+ int rc;
bool is_trial_run = false;
/* Get the counter value from current image. The AM expects the IPM
* to return the counter value as a DER encoded integer */
rc = img_parser_get_auth_param(img_desc->img_type, param->cert_nv_ctr,
img, img_len, &data_ptr, &data_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Parse the DER encoded integer */
assert(data_ptr);
@@ -329,7 +377,11 @@
/* Get the counter from the platform */
rc = plat_get_nv_ctr(param->plat_nv_ctr->cookie, &plat_nv_ctr);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
if (*cert_nv_ctr < plat_nv_ctr) {
/* Invalid NV-counter */
@@ -417,7 +469,11 @@
/* Ask the parser to check the image integrity */
rc = img_parser_check_integrity(img_desc->img_type, img_ptr, img_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Authenticate the image using the methods indicated in the image
* descriptor. */
@@ -449,7 +505,11 @@
rc = 1;
break;
}
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
- return_if_error(rc);
}
/*
@@ -459,7 +519,11 @@
if (need_nv_ctr_upgrade && sig_auth_done) {
rc = plat_set_nv_ctr2(nv_ctr_param->plat_nv_ctr->cookie,
img_desc, cert_nv_ctr);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
}
/* Extract the parameters indicated in the image descriptor to
@@ -474,7 +538,11 @@
rc = img_parser_get_auth_param(img_desc->img_type,
img_desc->authenticated_data[i].type_desc,
img_ptr, img_len, ¶m_ptr, ¶m_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Check parameter size */
if (param_len > img_desc->authenticated_data[i].data.len) {
@@ -495,8 +563,8 @@
param_ptr,
param_len);
if (rc != 0) {
- WARN("Public Key measurement "
- "failure = %d\n", rc);
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
}
}
}
diff --git a/drivers/auth/cryptocell/712/cryptocell_crypto.c b/drivers/auth/cryptocell/712/cryptocell_crypto.c
deleted file mode 100644
index bba13f8..0000000
--- a/drivers/auth/cryptocell/712/cryptocell_crypto.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/*
- * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <stddef.h>
-#include <string.h>
-
-#include <mbedtls/oid.h>
-#include <mbedtls/x509.h>
-
-#include <arch_helpers.h>
-#include <common/debug.h>
-#include <drivers/arm/cryptocell/712/crypto_driver.h>
-#include <drivers/arm/cryptocell/712/rsa.h>
-#include <drivers/arm/cryptocell/712/sbrom_bsv_api.h>
-#include <drivers/arm/cryptocell/712/secureboot_base_func.h>
-#include <drivers/arm/cryptocell/712/secureboot_gen_defs.h>
-#include <drivers/arm/cryptocell/712/util.h>
-#include <drivers/auth/crypto_mod.h>
-#include <drivers/auth/mbedtls/mbedtls_common.h>
-#include <lib/utils.h>
-
-#include <platform_def.h>
-
-#define LIB_NAME "CryptoCell 712 SBROM"
-#define RSA_SALT_LEN 32
-#define RSA_EXPONENT 65537
-
-/*
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL
- * }
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING
- * }
- *
- * DigestInfo ::= SEQUENCE {
- * digestAlgorithm AlgorithmIdentifier,
- * digest OCTET STRING
- * }
- *
- * RSASSA-PSS-params ::= SEQUENCE {
- * hashAlgorithm [0] HashAlgorithm,
- * maskGenAlgorithm [1] MaskGenAlgorithm,
- * saltLength [2] INTEGER,
- * trailerField [3] TrailerField DEFAULT trailerFieldBC
- * }
- */
-
-/*
- * Initialize the library and export the descriptor
- */
-static void init(void)
-{
- CCError_t ret;
- uint32_t lcs;
-
- /* Initialize CC SBROM */
- ret = CC_BsvSbromInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvSbromInit() error %x\n", ret);
- panic();
- }
-
- /* Initialize lifecycle state */
- ret = CC_BsvLcsGetAndInit((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvLcsGetAndInit() error %x\n", ret);
- panic();
- }
-
- /* If the lifecyclestate is `SD`, then stop further execution */
- if (lcs == CC_BSV_SECURITY_DISABLED_LCS) {
- ERROR("CryptoCell LCS is security-disabled\n");
- panic();
- }
-}
-
-/*
- * Verify a signature.
- *
- * Parameters are passed using the DER encoding format following the ASN.1
- * structures detailed above.
- */
-static int verify_signature(void *data_ptr, unsigned int data_len,
- void *sig_ptr, unsigned int sig_len,
- void *sig_alg, unsigned int sig_alg_len,
- void *pk_ptr, unsigned int pk_len)
-{
- CCError_t error;
- CCSbNParams_t pk;
- CCSbSignature_t signature;
- int rc, exp, expected_salt_len;
- mbedtls_asn1_buf sig_oid, alg_oid, params;
- mbedtls_md_type_t md_alg, mgf1_hash_id;
- mbedtls_pk_type_t pk_alg;
- size_t len;
- uint8_t *p, *end;
- /* Temp buf to store the public key modulo (N) in LE format */
- uint32_t RevN[SB_RSA_MOD_SIZE_IN_WORDS];
-
- /* Verify the signature algorithm */
- /* Get pointers to signature OID and parameters */
- p = sig_alg;
- end = p + sig_alg_len;
- rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, ¶ms);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Get the actual signature algorithm (MD + PK) */
- rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* The CryptoCell only supports RSASSA-PSS signature */
- if ((pk_alg != MBEDTLS_PK_RSASSA_PSS) || (md_alg != MBEDTLS_MD_NONE)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Verify the RSASSA-PSS params */
- /* The trailer field is verified to be 0xBC internally by this API */
- rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg,
- &mgf1_hash_id,
- &expected_salt_len);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* The CryptoCell only supports SHA256 as hash algorithm */
- if ((md_alg != MBEDTLS_MD_SHA256) || (mgf1_hash_id != MBEDTLS_MD_SHA256)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (expected_salt_len != RSA_SALT_LEN) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Parse the public key */
- p = pk_ptr;
- end = p + pk_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- end = p + len;
- rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (pk_alg != MBEDTLS_PK_RSA) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (*p == 0) {
- p++; len--;
- }
-
- if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /*
- * The CCSbVerifySignature() API expects N and Np in BE format and
- * the signature in LE format. Copy N from certificate.
- */
- memcpy(pk.N, p, RSA_MOD_SIZE_IN_BYTES);
-
- /* Verify the RSA exponent */
- p += len;
- rc = mbedtls_asn1_get_int(&p, end, &exp);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (exp != RSA_EXPONENT) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /*
- * Calculate the Np (Barrett n' value). The RSA_CalcNp() API expects
- * N in LE format. Hence reverse N into a temporary buffer `RevN`.
- */
- UTIL_ReverseMemCopy((uint8_t *)RevN, (uint8_t *)pk.N, sizeof(RevN));
-
- RSA_CalcNp((uintptr_t)PLAT_CRYPTOCELL_BASE, RevN, pk.Np);
-
- /* Np is in LE format. Reverse it to BE */
- UTIL_ReverseBuff((uint8_t *)pk.Np, sizeof(pk.Np));
-
- /* Get the signature (bitstring) */
- p = sig_ptr;
- end = p + sig_len;
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /*
- * The signature is BE format. Convert it to LE before calling
- * CCSbVerifySignature().
- */
- UTIL_ReverseMemCopy((uint8_t *)signature.sig, p, RSA_MOD_SIZE_IN_BYTES);
-
- /*
- * CryptoCell utilises DMA internally to transfer data. Flush the data
- * from caches.
- */
- flush_dcache_range((uintptr_t)data_ptr, data_len);
-
- /* Verify the signature */
- error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
- (uint32_t *)data_ptr, &pk, &signature,
- data_len, RSA_PSS);
- if (error != CC_OK) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Signature verification success */
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Match a hash
- *
- * Digest info is passed in DER format following the ASN.1 structure detailed
- * above.
- */
-static int verify_hash(void *data_ptr, unsigned int data_len,
- void *digest_info_ptr, unsigned int digest_info_len)
-{
- mbedtls_asn1_buf hash_oid, params;
- mbedtls_md_type_t md_alg;
- uint8_t *p, *end, *hash;
- CCHashResult_t pubKeyHash;
- size_t len;
- int rc;
- CCError_t error;
-
- /* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
- p = digest_info_ptr;
- end = p + digest_info_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Get the hash algorithm */
- rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, ¶ms);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Verify that hash algorithm is SHA256 */
- if (md_alg != MBEDTLS_MD_SHA256) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Hash should be octet string type */
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Length of hash must match the algorithm's size */
- if (len != HASH_RESULT_SIZE_IN_BYTES) {
- return CRYPTO_ERR_HASH;
- }
-
- /*
- * CryptoCell utilises DMA internally to transfer data. Flush the data
- * from caches.
- */
- flush_dcache_range((uintptr_t)data_ptr, data_len);
-
- hash = p;
- error = SBROM_CryptoHash((uintptr_t)PLAT_CRYPTOCELL_BASE,
- (uintptr_t)data_ptr, data_len, pubKeyHash);
- if (error != CC_OK) {
- return CRYPTO_ERR_HASH;
- }
-
- rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Register crypto library descriptor
- */
-REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL, NULL);
-
diff --git a/drivers/auth/cryptocell/712/cryptocell_plat_helpers.c b/drivers/auth/cryptocell/712/cryptocell_plat_helpers.c
deleted file mode 100644
index 53d77db..0000000
--- a/drivers/auth/cryptocell/712/cryptocell_plat_helpers.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <assert.h>
-#include <stddef.h>
-#include <string.h>
-
-#include <platform_def.h>
-
-#include <plat/common/platform.h>
-#include <tools_share/tbbr_oid.h>
-
-#include <common/debug.h>
-#include <drivers/arm/cryptocell/712/sbrom_bsv_api.h>
-#include <drivers/arm/cryptocell/712/nvm.h>
-#include <drivers/arm/cryptocell/712/nvm_otp.h>
-
-/*
- * Return the ROTPK hash
- *
- * dst: buffer into which the ROTPK hash will be copied into
- * len: length of the provided buffer, which must be at least enough for a
- * SHA256 hash
- * flags: a pointer to integer that will be set to indicate the ROTPK status
- *
- * Return: 0 = success, Otherwise = error
- */
-int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
-{
- CCError_t error;
- uint32_t lcs;
-
- assert(dst != NULL);
- assert(len >= HASH_RESULT_SIZE_IN_WORDS);
- assert(flags != NULL);
-
- error = NVM_GetLCS(PLAT_CRYPTOCELL_BASE, &lcs);
- if (error != CC_OK)
- return 1;
-
- /* If the lifecycle state is `SD`, return failure */
- if (lcs == CC_BSV_SECURITY_DISABLED_LCS)
- return 1;
-
- /*
- * If the lifecycle state is `CM` or `DM`, ROTPK shouldn't be verified.
- * Return success after setting ROTPK_NOT_DEPLOYED flag
- */
- if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) ||
- (lcs == CC_BSV_DEVICE_MANUFACTURE_LCS)) {
- *flags = ROTPK_NOT_DEPLOYED;
- return 0;
- }
-
- /* Copy the DER header */
- error = NVM_ReadHASHPubKey(PLAT_CRYPTOCELL_BASE,
- CC_SB_HASH_BOOT_KEY_256B,
- (uint32_t *)dst, HASH_RESULT_SIZE_IN_WORDS);
- if (error != CC_OK)
- return 1;
-
- *flags = ROTPK_IS_HASH;
- return 0;
-}
-
-/*
- * Return the non-volatile counter value stored in the platform. The cookie
- * specifies the OID of the counter in the certificate.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER1, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER2, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
-/*
- * Store a new non-volatile counter value in the counter specified by the OID
- * in the cookie. This function is not expected to be called if the Lifecycle
- * state is RMA as the values in the certificate are expected to always match
- * the nvcounter values. But if called when the LCS is RMA, the underlying
- * helper functions will return success but without updating the counter.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER1, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER2, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
diff --git a/drivers/auth/cryptocell/713/cryptocell_crypto.c b/drivers/auth/cryptocell/713/cryptocell_crypto.c
deleted file mode 100644
index 6601b3a..0000000
--- a/drivers/auth/cryptocell/713/cryptocell_crypto.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- * Copyright (c) 2017-2023 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <assert.h>
-#include <stddef.h>
-#include <string.h>
-
-#include <mbedtls/oid.h>
-#include <mbedtls/x509.h>
-
-#include <drivers/arm/cryptocell/713/bsv_api.h>
-#include <drivers/arm/cryptocell/713/bsv_crypto_asym_api.h>
-#include <drivers/auth/crypto_mod.h>
-
-#include <platform_def.h>
-
-#define LIB_NAME "CryptoCell 713 SBROM"
-#define RSA_SALT_LEN 32
-#define RSA_EXPONENT 65537
-
-/*
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL
- * }
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING
- * }
- *
- * DigestInfo ::= SEQUENCE {
- * digestAlgorithm AlgorithmIdentifier,
- * digest OCTET STRING
- * }
- *
- * RSASSA-PSS-params ::= SEQUENCE {
- * hashAlgorithm [0] HashAlgorithm,
- * maskGenAlgorithm [1] MaskGenAlgorithm,
- * saltLength [2] INTEGER,
- * trailerField [3] TrailerField DEFAULT trailerFieldBC
- * }
- */
-
-/*
- * Initialize the library and export the descriptor
- */
-static void init(void)
-{
- CCError_t ret;
- uint32_t lcs;
-
- /* Initialize CC SBROM */
- ret = CC_BsvInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvInit() error %x\n", ret);
- panic();
- }
-
- /* Initialize lifecycle state */
- ret = CC_BsvGetAndInitLcs((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvGetAndInitLcs() error %x\n", ret);
- panic();
- }
-}
-
-/*
- * Verify a signature.
- *
- * Parameters are passed using the DER encoding format following the ASN.1
- * structures detailed above.
- */
-static int verify_signature(void *data_ptr, unsigned int data_len,
- void *sig_ptr, unsigned int sig_len,
- void *sig_alg, unsigned int sig_alg_len,
- void *pk_ptr, unsigned int pk_len)
-{
- CCError_t error;
- CCBsvNBuff_t NBuff;
- CCBsvSignature_t signature;
- int rc, exp, expected_salt_len;
- mbedtls_asn1_buf sig_oid, alg_oid, params;
- mbedtls_md_type_t md_alg, mgf1_hash_id;
- mbedtls_pk_type_t pk_alg;
-
- size_t len;
- uint8_t *p, *end;
- CCHashResult_t digest;
- CCBool_t is_verified;
- /* This is a rather large array, we don't want it on stack */
- static uint32_t workspace[BSV_RSA_WORKSPACE_MIN_SIZE];
-
- /* Verify the signature algorithm */
- /* Get pointers to signature OID and parameters */
- p = sig_alg;
- end = p + sig_alg_len;
- rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, ¶ms);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Get the actual signature algorithm (MD + PK) */
- rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* The CryptoCell only supports RSASSA-PSS signature */
- if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Verify the RSASSA-PSS params */
- /* The trailer field is verified to be 0xBC internally by this API */
- rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg,
- &mgf1_hash_id,
- &expected_salt_len);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* The CryptoCell only supports SHA256 as hash algorithm */
- if (md_alg != MBEDTLS_MD_SHA256 ||
- mgf1_hash_id != MBEDTLS_MD_SHA256) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (expected_salt_len != RSA_SALT_LEN) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Parse the public key */
- p = pk_ptr;
- end = p + pk_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- end = p + len;
- rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (pk_alg != MBEDTLS_PK_RSA) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (*p == 0) {
- p++; len--;
- }
- if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /*
- * Copy N from certificate.
- */
- memcpy(NBuff, p, BSV_CERT_RSA_KEY_SIZE_IN_BYTES);
-
- /* Verify the RSA exponent */
- p += len;
- rc = mbedtls_asn1_get_int(&p, end, &exp);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (exp != RSA_EXPONENT) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Get the signature (bitstring) */
- p = sig_ptr;
- end = p + sig_len;
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /*
- * Copy the signature (in BE format)
- */
- memcpy((uint8_t *)signature, p, BSV_CERT_RSA_KEY_SIZE_IN_BYTES);
-
- error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE,
- data_ptr, data_len, digest);
- if (error != CC_OK) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Verify the signature */
- error = CC_BsvRsaPssVerify((uintptr_t)PLAT_CRYPTOCELL_BASE, NBuff,
- NULL, signature, digest, workspace,
- BSV_RSA_WORKSPACE_MIN_SIZE, &is_verified);
- if ((error != CC_OK) || (is_verified != CC_TRUE)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Signature verification success */
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Match a hash
- *
- * Digest info is passed in DER format following the ASN.1 structure detailed
- * above.
- */
-static int verify_hash(void *data_ptr, unsigned int data_len,
- void *digest_info_ptr, unsigned int digest_info_len)
-{
- mbedtls_asn1_buf hash_oid, params;
- mbedtls_md_type_t md_alg;
- uint8_t *p, *end, *hash;
- CCHashResult_t pubKeyHash;
- size_t len;
- int rc;
- CCError_t error;
-
- /* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
- p = digest_info_ptr;
- end = p + digest_info_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Get the hash algorithm */
- rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, ¶ms);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Verify that hash algorithm is SHA256 */
- if (md_alg != MBEDTLS_MD_SHA256) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Hash should be octet string type */
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Length of hash must match the algorithm's size */
- if (len != HASH_RESULT_SIZE_IN_BYTES) {
- return CRYPTO_ERR_HASH;
- }
-
- hash = p;
- error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE, data_ptr,
- data_len, pubKeyHash);
- if (error != CC_OK) {
- return CRYPTO_ERR_HASH;
- }
-
- rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Register crypto library descriptor
- */
-REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL, NULL);
diff --git a/drivers/auth/cryptocell/713/cryptocell_plat_helpers.c b/drivers/auth/cryptocell/713/cryptocell_plat_helpers.c
deleted file mode 100644
index 17e1280..0000000
--- a/drivers/auth/cryptocell/713/cryptocell_plat_helpers.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <assert.h>
-#include <stddef.h>
-#include <string.h>
-
-#include <plat/common/platform.h>
-#include <tools_share/tbbr_oid.h>
-
-#include <lib/libc/endian.h>
-#include <drivers/arm/cryptocell/713/bsv_api.h>
-#include <drivers/arm/cryptocell/713/bsv_error.h>
-
-/*
- * Return the ROTPK hash
- *
- * Return: 0 = success, Otherwise = error
- */
-int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
-{
- CCError_t error;
- uint32_t lcs;
- int i;
- uint32_t *key = (uint32_t *)dst;
-
- assert(dst != NULL);
- assert(len >= HASH_RESULT_SIZE_IN_WORDS);
- assert(flags != NULL);
-
- error = CC_BsvLcsGet(PLAT_CRYPTOCELL_BASE, &lcs);
- if (error != CC_OK)
- return 1;
-
- if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) || (lcs == CC_BSV_RMA_LCS)) {
- *flags = ROTPK_NOT_DEPLOYED;
- return 0;
- }
-
- error = CC_BsvPubKeyHashGet(PLAT_CRYPTOCELL_BASE,
- CC_SB_HASH_BOOT_KEY_256B,
- key, HASH_RESULT_SIZE_IN_WORDS);
-
- if (error == CC_BSV_HASH_NOT_PROGRAMMED_ERR) {
- *flags = ROTPK_NOT_DEPLOYED;
- return 0;
- }
-
- if (error == CC_OK) {
-
- /* Keys are stored in OTP in little-endian format */
- for (i = 0; i < HASH_RESULT_SIZE_IN_WORDS; i++)
- key[i] = le32toh(key[i]);
-
- *flags = ROTPK_IS_HASH;
- return 0;
- }
-
- return 1;
-}
-
-/*
- * Return the non-volatile counter value stored in the platform. The cookie
- * specifies the OID of the counter in the certificate.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_TRUSTED, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_NON_TRUSTED, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
-/*
- * Store a new non-volatile counter value in the counter specified by the OID
- * in the cookie. This function is not expected to be called if the Lifecycle
- * state is RMA as the values in the certificate are expected to always match
- * the nvcounter values. But if called when the LCS is RMA, the underlying
- * helper functions will return success but without updating the counter.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_TRUSTED, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_NON_TRUSTED, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
diff --git a/drivers/auth/cryptocell/cryptocell_crypto.mk b/drivers/auth/cryptocell/cryptocell_crypto.mk
deleted file mode 100644
index db39047..0000000
--- a/drivers/auth/cryptocell/cryptocell_crypto.mk
+++ /dev/null
@@ -1,40 +0,0 @@
-#
-# Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
-#
-# SPDX-License-Identifier: BSD-3-Clause
-#
-
-include drivers/auth/mbedtls/mbedtls_common.mk
-
-# The algorithm is RSA when using Cryptocell crypto driver
-TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA
-
-# Needs to be set to drive mbed TLS configuration correctly
-$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
-
-$(eval $(call add_define,KEY_SIZE))
-
-# CCSBROM_LIB_PATH must be set to the Cryptocell SBROM library path
-ifeq (${CCSBROM_LIB_PATH},)
- $(error Error: CCSBROM_LIB_PATH not set)
-endif
-
-CRYPTOCELL_VERSION ?= 712
-ifeq (${CRYPTOCELL_VERSION},712)
- CCSBROM_LIB_FILENAME := cc_712sbromx509
-else ifeq (${CRYPTOCELL_VERSION},713)
- CCSBROM_LIB_FILENAME := cc_713bsv
-else
- $(error Error: CRYPTOCELL_VERSION set to invalid version)
-endif
-
-CRYPTOCELL_SRC_DIR := drivers/auth/cryptocell/${CRYPTOCELL_VERSION}/
-
-CRYPTOCELL_SOURCES := ${CRYPTOCELL_SRC_DIR}/cryptocell_crypto.c \
- ${CRYPTOCELL_SRC_DIR}/cryptocell_plat_helpers.c
-
-TF_LDFLAGS += -L$(CCSBROM_LIB_PATH)
-LDLIBS += -l$(CCSBROM_LIB_FILENAME)
-
-BL1_SOURCES += ${CRYPTOCELL_SOURCES}
-BL2_SOURCES += ${CRYPTOCELL_SOURCES}
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index e380c86..a2c6430 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -21,7 +21,8 @@
# Specify mbed TLS configuration file
ifeq (${MBEDTLS_MAJOR}, 2)
- MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-2.h>"
+ $(info Deprecation Notice: Please migrate to Mbedtls version 3.x (refer to TF-A documentation for the exact version number))
+ MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-2.h>"
else ifeq (${MBEDTLS_MAJOR}, 3)
ifeq (${PSA_CRYPTO},1)
MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
diff --git a/drivers/auth/mbedtls/mbedtls_psa_crypto.c b/drivers/auth/mbedtls/mbedtls_psa_crypto.c
index 2fa8e63..5891acf 100644
--- a/drivers/auth/mbedtls/mbedtls_psa_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_psa_crypto.c
@@ -28,6 +28,13 @@
#define LIB_NAME "mbed TLS PSA"
+/* Maximum length of R_S pair in the ECDSA signature in bytes */
+#define MAX_ECDSA_R_S_PAIR_LEN 64U
+
+/* Size of ASN.1 length and tag in bytes*/
+#define SIZE_OF_ASN1_LEN 1U
+#define SIZE_OF_ASN1_TAG 1U
+
#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
/*
@@ -108,6 +115,7 @@
static void construct_psa_key_alg_and_type(mbedtls_pk_type_t pk_alg,
mbedtls_md_type_t md_alg,
+ psa_ecc_family_t psa_ecc_family,
psa_algorithm_t *psa_alg,
psa_key_type_t *psa_key_type)
{
@@ -118,14 +126,173 @@
*psa_alg = PSA_ALG_RSA_PSS(psa_md_alg);
*psa_key_type = PSA_KEY_TYPE_RSA_PUBLIC_KEY;
break;
+ case MBEDTLS_PK_ECDSA:
+ *psa_alg = PSA_ALG_ECDSA(psa_md_alg);
+ *psa_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_ecc_family);
+ break;
default:
*psa_alg = PSA_ALG_NONE;
*psa_key_type = PSA_KEY_TYPE_NONE;
break;
}
+}
+
+
+#if TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA || \
+TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA
+
+/*
+ * This is a helper function to detect padding byte (if the MSB bit of the
+ * first data byte is set to 1, for example 0x80) and on detection, ignore the
+ * padded byte(0x00) and increase the buffer pointer beyond padded byte and
+ * decrease the length of the buffer by 1.
+ *
+ * On Success returns 0, error otherwise.
+ **/
+static inline int ignore_asn1_int_padding_byte(unsigned char **buf_start,
+ size_t *buf_len)
+{
+ unsigned char *local_buf = *buf_start;
+
+ /* Check for negative number */
+ if ((local_buf[0] & 0x80U) != 0U) {
+ return -1;
+ }
+
+ if ((local_buf[0] == 0U) && (local_buf[1] > 0x7FU) &&
+ (*buf_len > 1U)) {
+ *buf_start = &local_buf[1];
+ (*buf_len)--;
+ }
+
+ return 0;
+}
+
+/*
+ * This is a helper function that gets a pointer to the encoded ECDSA publicKey
+ * and its length (as per RFC5280) and returns corresponding decoded publicKey
+ * and its length. As well, it retrieves the family of ECC key in the PSA
+ * format.
+ *
+ * This function returns error(CRYPTO_ERR_SIGNATURE) on ASN.1 parsing failure,
+ * otherwise success(0).
+ **/
+static int get_ecdsa_pkinfo_from_asn1(unsigned char **pk_start,
+ unsigned int *pk_len,
+ psa_ecc_family_t *psa_ecc_family)
+{
+ mbedtls_asn1_buf alg_oid, alg_params;
+ mbedtls_ecp_group_id grp_id;
+ int rc;
+ unsigned char *pk_end;
+ size_t len;
+ size_t curve_bits;
+ unsigned char *pk_ptr = *pk_start;
+
+ pk_end = pk_ptr + *pk_len;
+ rc = mbedtls_asn1_get_tag(&pk_ptr, pk_end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE);
+ if (rc != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ pk_end = pk_ptr + len;
+ rc = mbedtls_asn1_get_alg(&pk_ptr, pk_end, &alg_oid, &alg_params);
+ if (rc != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ if (alg_params.tag == MBEDTLS_ASN1_OID) {
+ if (mbedtls_oid_get_ec_grp(&alg_params, &grp_id) != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+ *psa_ecc_family = mbedtls_ecc_group_to_psa(grp_id,
+ &curve_bits);
+ } else {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ pk_end = pk_ptr + len - (alg_oid.len + alg_params.len +
+ 2 * (SIZE_OF_ASN1_LEN + SIZE_OF_ASN1_TAG));
+ rc = mbedtls_asn1_get_bitstring_null(&pk_ptr, pk_end, &len);
+ if (rc != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ *pk_start = pk_ptr;
+ *pk_len = len;
+
+ return rc;
}
/*
+ * Ecdsa-Sig-Value ::= SEQUENCE {
+ * r INTEGER,
+ * s INTEGER
+ * }
+ *
+ * This helper function that gets a pointer to the encoded ECDSA signature and
+ * its length (as per RFC5280) and returns corresponding decoded signature
+ * (R_S pair) and its size.
+ *
+ * This function returns error(CRYPTO_ERR_SIGNATURE) on ASN.1 parsing failure,
+ * otherwise success(0).
+ **/
+static int get_ecdsa_signature_from_asn1(unsigned char *sig_ptr,
+ size_t *sig_len,
+ unsigned char *r_s_pair)
+{
+ int rc;
+ unsigned char *sig_end;
+ size_t len, r_len, s_len;
+
+ sig_end = sig_ptr + *sig_len;
+ rc = mbedtls_asn1_get_tag(&sig_ptr, sig_end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE);
+ if (rc != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ sig_end = sig_ptr + len;
+ rc = mbedtls_asn1_get_tag(&sig_ptr, sig_end, &r_len,
+ MBEDTLS_ASN1_INTEGER);
+ if (rc != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ if (ignore_asn1_int_padding_byte(&sig_ptr, &r_len) != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ (void)memcpy((void *)&r_s_pair[0], (const void *)sig_ptr, r_len);
+
+ sig_ptr = sig_ptr + r_len;
+ sig_end = sig_ptr + len - (r_len + (SIZE_OF_ASN1_LEN +
+ SIZE_OF_ASN1_TAG));
+ rc = mbedtls_asn1_get_tag(&sig_ptr, sig_end, &s_len,
+ MBEDTLS_ASN1_INTEGER);
+ if (rc != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ if (ignore_asn1_int_padding_byte(&sig_ptr, &s_len) != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ (void)memcpy((void *)&r_s_pair[r_len], (const void *)sig_ptr, s_len);
+
+ *sig_len = s_len + r_len;
+
+ return 0;
+}
+#endif /*
+ * TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA || \
+ * TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA
+ **/
+
+/*
* Verify a signature.
*
* Parameters are passed using the DER encoding format following the ASN.1
@@ -143,6 +310,10 @@
int rc;
void *sig_opts = NULL;
unsigned char *p, *end;
+ unsigned char *local_sig_ptr;
+ size_t local_sig_len;
+ psa_ecc_family_t psa_ecc_family = 0U;
+ __unused unsigned char reformatted_sig[MAX_ECDSA_R_S_PAIR_LEN] = {0};
/* construct PSA key algo and type */
psa_status_t status = PSA_SUCCESS;
@@ -174,10 +345,36 @@
rc = CRYPTO_ERR_SIGNATURE;
goto end2;
}
- signature.p = p;
+
+ local_sig_ptr = p;
+ local_sig_len = signature.len;
+
+#if TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA || \
+TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA
+ if (pk_alg == MBEDTLS_PK_ECDSA) {
+ rc = get_ecdsa_signature_from_asn1(local_sig_ptr,
+ &local_sig_len,
+ reformatted_sig);
+ if (rc != 0) {
+ goto end2;
+ }
+
+ local_sig_ptr = reformatted_sig;
+
+ rc = get_ecdsa_pkinfo_from_asn1((unsigned char **)&pk_ptr,
+ &pk_len,
+ &psa_ecc_family);
+ if (rc != 0) {
+ goto end2;
+ }
+ }
+#endif /*
+ * TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA || \
+ * TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA
+ **/
/* Convert this pk_alg and md_alg to PSA key type and key algorithm */
- construct_psa_key_alg_and_type(pk_alg, md_alg,
+ construct_psa_key_alg_and_type(pk_alg, md_alg, psa_ecc_family,
&psa_alg, &psa_key_type);
@@ -208,7 +405,7 @@
*/
status = psa_verify_message(psa_key_id, psa_alg,
data_ptr, data_len,
- signature.p, signature.len);
+ local_sig_ptr, local_sig_len);
if (status != PSA_SUCCESS) {
rc = CRYPTO_ERR_SIGNATURE;
diff --git a/drivers/partition/partition.c b/drivers/partition/partition.c
index 1881c91..c60820d 100644
--- a/drivers/partition/partition.c
+++ b/drivers/partition/partition.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -49,30 +49,43 @@
static int load_mbr_header(uintptr_t image_handle, mbr_entry_t *mbr_entry)
{
size_t bytes_read;
- uintptr_t offset;
int result;
+ mbr_entry_t *tmp;
assert(mbr_entry != NULL);
/* MBR partition table is in LBA0. */
result = io_seek(image_handle, IO_SEEK_SET, MBR_OFFSET);
if (result != 0) {
- WARN("Failed to seek (%i)\n", result);
+ VERBOSE("Failed to seek (%i)\n", result);
return result;
}
result = io_read(image_handle, (uintptr_t)&mbr_sector,
PLAT_PARTITION_BLOCK_SIZE, &bytes_read);
- if (result != 0) {
- WARN("Failed to read data (%i)\n", result);
+ if ((result != 0) || (bytes_read != PLAT_PARTITION_BLOCK_SIZE)) {
+ VERBOSE("Failed to read data (%i)\n", result);
return result;
}
/* Check MBR boot signature. */
if ((mbr_sector[LEGACY_PARTITION_BLOCK_SIZE - 2] != MBR_SIGNATURE_FIRST) ||
(mbr_sector[LEGACY_PARTITION_BLOCK_SIZE - 1] != MBR_SIGNATURE_SECOND)) {
+ VERBOSE("MBR boot signature failure\n");
return -ENOENT;
}
- offset = (uintptr_t)&mbr_sector + MBR_PRIMARY_ENTRY_OFFSET;
- memcpy(mbr_entry, (void *)offset, sizeof(mbr_entry_t));
+
+ tmp = (mbr_entry_t *)(&mbr_sector[MBR_PRIMARY_ENTRY_OFFSET]);
+
+ if (tmp->first_lba != 1) {
+ VERBOSE("MBR header may have an invalid first LBA\n");
+ return -EINVAL;
+ }
+
+ if ((tmp->sector_nums == 0) || (tmp->sector_nums == UINT32_MAX)) {
+ VERBOSE("MBR header entry has an invalid number of sectors\n");
+ return -EINVAL;
+ }
+
+ memcpy(mbr_entry, tmp, sizeof(mbr_entry_t));
return 0;
}
@@ -80,24 +93,31 @@
* Load GPT header and check the GPT signature and header CRC.
* If partition numbers could be found, check & update it.
*/
-static int load_gpt_header(uintptr_t image_handle)
+static int load_gpt_header(uintptr_t image_handle, size_t header_offset,
+ unsigned long long *part_lba)
{
gpt_header_t header;
size_t bytes_read;
int result;
uint32_t header_crc, calc_crc;
- result = io_seek(image_handle, IO_SEEK_SET, GPT_HEADER_OFFSET);
+ result = io_seek(image_handle, IO_SEEK_SET, header_offset);
if (result != 0) {
+ VERBOSE("Failed to seek into the GPT image at offset (%zu)\n",
+ header_offset);
return result;
}
result = io_read(image_handle, (uintptr_t)&header,
sizeof(gpt_header_t), &bytes_read);
if ((result != 0) || (sizeof(gpt_header_t) != bytes_read)) {
+ VERBOSE("GPT header read error(%i) or read mismatch occurred,"
+ "expected(%zu) and actual(%zu)\n", result,
+ sizeof(gpt_header_t), bytes_read);
return result;
}
if (memcmp(header.signature, GPT_SIGNATURE,
- sizeof(header.signature)) != 0) {
+ sizeof(header.signature)) != 0) {
+ VERBOSE("GPT header signature failure\n");
return -EINVAL;
}
@@ -109,7 +129,7 @@
header_crc = header.header_crc;
header.header_crc = 0U;
- calc_crc = tf_crc32(0U, (uint8_t *)&header, DEFAULT_GPT_HEADER_SIZE);
+ calc_crc = tf_crc32(0U, (uint8_t *)&header, sizeof(gpt_header_t));
if (header_crc != calc_crc) {
ERROR("Invalid GPT Header CRC: Expected 0x%x but got 0x%x.\n",
header_crc, calc_crc);
@@ -123,11 +143,16 @@
if (list.entry_count > PLAT_PARTITION_MAX_ENTRIES) {
list.entry_count = PLAT_PARTITION_MAX_ENTRIES;
}
+
+ *part_lba = header.part_lba;
return 0;
}
+/*
+ * Load a single MBR entry based on details from MBR header.
+ */
static int load_mbr_entry(uintptr_t image_handle, mbr_entry_t *mbr_entry,
- int part_number)
+ int part_number)
{
size_t bytes_read;
uintptr_t offset;
@@ -137,19 +162,20 @@
/* MBR partition table is in LBA0. */
result = io_seek(image_handle, IO_SEEK_SET, MBR_OFFSET);
if (result != 0) {
- WARN("Failed to seek (%i)\n", result);
+ VERBOSE("Failed to seek (%i)\n", result);
return result;
}
result = io_read(image_handle, (uintptr_t)&mbr_sector,
PLAT_PARTITION_BLOCK_SIZE, &bytes_read);
if (result != 0) {
- WARN("Failed to read data (%i)\n", result);
+ VERBOSE("Failed to read data (%i)\n", result);
return result;
}
/* Check MBR boot signature. */
if ((mbr_sector[LEGACY_PARTITION_BLOCK_SIZE - 2] != MBR_SIGNATURE_FIRST) ||
(mbr_sector[LEGACY_PARTITION_BLOCK_SIZE - 1] != MBR_SIGNATURE_SECOND)) {
+ VERBOSE("MBR Entry boot signature failure\n");
return -ENOENT;
}
offset = (uintptr_t)&mbr_sector +
@@ -160,6 +186,9 @@
return 0;
}
+/*
+ * Load MBR entries based on max number of partition entries.
+ */
static int load_mbr_entries(uintptr_t image_handle)
{
mbr_entry_t mbr_entry;
@@ -177,33 +206,60 @@
return 0;
}
+/*
+ * Try to read and load a single GPT entry.
+ */
static int load_gpt_entry(uintptr_t image_handle, gpt_entry_t *entry)
{
- size_t bytes_read;
+ size_t bytes_read = 0U;
int result;
assert(entry != NULL);
result = io_read(image_handle, (uintptr_t)entry, sizeof(gpt_entry_t),
- &bytes_read);
- if (sizeof(gpt_entry_t) != bytes_read)
+ &bytes_read);
+ if ((result != 0) || (sizeof(gpt_entry_t) != bytes_read)) {
+ VERBOSE("GPT Entry read error(%i) or read mismatch occurred,"
+ "expected(%zu) and actual(%zu)\n", result,
+ sizeof(gpt_entry_t), bytes_read);
return -EINVAL;
+ }
+
return result;
}
-static int verify_partition_gpt(uintptr_t image_handle)
+/*
+ * Retrieve each entry in the partition table, parse the data from each
+ * entry and store them in the list of partition table entries.
+ */
+static int load_partition_gpt(uintptr_t image_handle,
+ unsigned long long part_lba)
{
+ const signed long long gpt_entry_offset = LBA(part_lba);
gpt_entry_t entry;
int result, i;
+ result = io_seek(image_handle, IO_SEEK_SET, gpt_entry_offset);
+ if (result != 0) {
+ VERBOSE("Failed to seek (%i), Failed loading GPT partition"
+ "table entries\n", result);
+ return result;
+ }
+
for (i = 0; i < list.entry_count; i++) {
result = load_gpt_entry(image_handle, &entry);
- assert(result == 0);
+ if (result != 0) {
+ VERBOSE("Failed to load gpt entry data(%i) error is (%i)\n",
+ i, result);
+ return result;
+ }
+
result = parse_gpt_entry(&entry, &list.list[i]);
if (result != 0) {
break;
}
}
if (i == 0) {
+ VERBOSE("No Valid GPT Entries found\n");
return -EINVAL;
}
/*
@@ -216,6 +272,94 @@
return 0;
}
+/*
+ * Try retrieving and parsing the backup-GPT header and backup GPT entries.
+ * Last 33 blocks contains the backup-GPT entries and header.
+ */
+static int load_backup_gpt(unsigned int image_id, unsigned int sector_nums)
+{
+ int result;
+ unsigned long long part_lba = 0;
+ size_t gpt_header_offset;
+ uintptr_t dev_handle, image_spec, image_handle;
+ io_block_spec_t *block_spec;
+ int part_num_entries;
+
+ result = plat_get_image_source(image_id, &dev_handle, &image_spec);
+ if (result != 0) {
+ VERBOSE("Failed to obtain reference to image id=%u (%i)\n",
+ image_id, result);
+ return result;
+ }
+
+ block_spec = (io_block_spec_t *)image_spec;
+ /*
+ * We need to read 32 blocks of GPT entries and one block of GPT header
+ * try mapping only last 33 last blocks from the image to read the
+ * Backup-GPT header and its entries.
+ */
+ part_num_entries = (PLAT_PARTITION_MAX_ENTRIES / 4);
+ /* Move the offset base to LBA-33 */
+ block_spec->offset += LBA(sector_nums - part_num_entries);
+ /*
+ * Set length as LBA-33, 32 blocks of backup-GPT entries and one
+ * block of backup-GPT header.
+ */
+ block_spec->length = LBA(part_num_entries + 1);
+
+ result = io_open(dev_handle, image_spec, &image_handle);
+ if (result != 0) {
+ VERBOSE("Failed to access image id (%i)\n", result);
+ return result;
+ }
+
+ INFO("Trying to retrieve back-up GPT header\n");
+ /* Last block is backup-GPT header, after the end of GPT entries */
+ gpt_header_offset = LBA(part_num_entries);
+ result = load_gpt_header(image_handle, gpt_header_offset, &part_lba);
+ if ((result != 0) || (part_lba == 0)) {
+ ERROR("Failed to retrieve Backup GPT header,"
+ "Partition maybe corrupted\n");
+ goto out;
+ }
+
+ /*
+ * Note we mapped last 33 blocks(LBA-33), first block here starts with
+ * entries while last block was header.
+ */
+ result = load_partition_gpt(image_handle, 0);
+
+out:
+ io_close(image_handle);
+ return result;
+}
+
+/*
+ * Load a GPT partition, Try retrieving and parsing the primary GPT header,
+ * if its corrupted try loading backup GPT header and then retrieve list
+ * of partition table entries found from the GPT.
+ */
+static int load_primary_gpt(uintptr_t image_handle, unsigned int first_lba)
+{
+ int result;
+ unsigned long long part_lba;
+ size_t gpt_header_offset;
+
+ /* Try to load Primary GPT header from LBA1 */
+ gpt_header_offset = LBA(first_lba);
+ result = load_gpt_header(image_handle, gpt_header_offset, &part_lba);
+ if ((result != 0) || (part_lba == 0)) {
+ VERBOSE("Failed to retrieve Primary GPT header,"
+ "trying to retrieve back-up GPT header\n");
+ return result;
+ }
+
+ return load_partition_gpt(image_handle, part_lba);
+}
+
+/*
+ * Load the partition table info based on the image id provided.
+ */
int load_partition_table(unsigned int image_id)
{
uintptr_t dev_handle, image_handle, image_spec = 0;
@@ -224,36 +368,41 @@
result = plat_get_image_source(image_id, &dev_handle, &image_spec);
if (result != 0) {
- WARN("Failed to obtain reference to image id=%u (%i)\n",
+ VERBOSE("Failed to obtain reference to image id=%u (%i)\n",
image_id, result);
return result;
}
result = io_open(dev_handle, image_spec, &image_handle);
if (result != 0) {
- WARN("Failed to access image id=%u (%i)\n", image_id, result);
+ VERBOSE("Failed to access image id=%u (%i)\n", image_id, result);
return result;
}
result = load_mbr_header(image_handle, &mbr_entry);
if (result != 0) {
- WARN("Failed to access image id=%u (%i)\n", image_id, result);
- return result;
+ VERBOSE("Failed to access image id=%u (%i)\n", image_id, result);
+ goto out;
}
if (mbr_entry.type == PARTITION_TYPE_GPT) {
- result = load_gpt_header(image_handle);
- assert(result == 0);
- result = io_seek(image_handle, IO_SEEK_SET, GPT_ENTRY_OFFSET);
- assert(result == 0);
- result = verify_partition_gpt(image_handle);
+ result = load_primary_gpt(image_handle, mbr_entry.first_lba);
+ if (result != 0) {
+ io_close(image_handle);
+ return load_backup_gpt(BKUP_GPT_IMAGE_ID,
+ mbr_entry.sector_nums);
+ }
} else {
result = load_mbr_entries(image_handle);
}
+out:
io_close(image_handle);
return result;
}
+/*
+ * Try retrieving a partition table entry based on the name of the partition.
+ */
const partition_entry_t *get_partition_entry(const char *name)
{
int i;
@@ -266,6 +415,9 @@
return NULL;
}
+/*
+ * Try retrieving a partition table entry based on the GUID.
+ */
const partition_entry_t *get_partition_entry_by_type(const uuid_t *type_uuid)
{
int i;
@@ -279,6 +431,9 @@
return NULL;
}
+/*
+ * Try retrieving a partition table entry based on the UUID.
+ */
const partition_entry_t *get_partition_entry_by_uuid(const uuid_t *part_uuid)
{
int i;
@@ -292,12 +447,32 @@
return NULL;
}
+/*
+ * Return entry to the list of partition table entries.
+ */
const partition_entry_list_t *get_partition_entry_list(void)
{
return &list;
}
+/*
+ * Try loading partition table info for the given image ID.
+ */
void partition_init(unsigned int image_id)
{
+ int ret;
+
+ ret = load_partition_table(image_id);
+ if (ret != 0) {
+ ERROR("Failed to parse partition with image id = %u\n",
+ image_id);
+ }
+}
+
+/*
+ * Load a GPT based image.
+ */
+int gpt_partition_init(void)
+{
- load_partition_table(image_id);
+ return load_partition_table(GPT_IMAGE_ID);
}
diff --git a/drivers/renesas/common/ddr/ddr_b/boot_init_dram.c b/drivers/renesas/common/ddr/ddr_b/boot_init_dram.c
index 8d002de..3f6a948 100644
--- a/drivers/renesas/common/ddr/ddr_b/boot_init_dram.c
+++ b/drivers/renesas/common/ddr/ddr_b/boot_init_dram.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation.
* All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -1180,6 +1180,11 @@
ddrtbl_getval(_cnf_DDR_PHY_ADR_G_REGSET,
_reg_PHY_LP4_BOOT_TOP_PLL_CTRL
));
+ if (ddrtbl_getval(_cnf_DDR_PHY_ADR_G_REGSET, _reg_PHY_LP4_BOOT_LOW_FREQ_SEL)) {
+ reg_ddrphy_write_a(ddr_regdef_adr(_reg_PHY_LP4_BOOT_LOW_FREQ_SEL),
+ _cnf_DDR_PHY_ADR_G_REGSET[0x7f & ddr_regdef_adr(
+ _reg_PHY_LP4_BOOT_LOW_FREQ_SEL)]);
+ }
}
reg_ddrphy_write_a(ddr_regdef_adr(_reg_PHY_LPDDR3_CS),
@@ -2856,6 +2861,16 @@
timeout = wait_freqchgreq(1);
+ if ((!((prr_product == PRR_PRODUCT_H3) && (prr_cut <= PRR_PRODUCT_11))) && (on)) {
+ if (((1600U * ddr_mbpsdiv) < ddr_mbps) || (prr_product == PRR_PRODUCT_M3)) {
+ reg_ddrphy_write_a(ddr_regdef_adr(_reg_PHY_PLL_CTRL), 0x01421142U);
+ reg_ddrphy_write_a(ddr_regdef_adr(_reg_PHY_PLL_CTRL_CA), 0x00000142U);
+ } else {
+ reg_ddrphy_write_a(ddr_regdef_adr(_reg_PHY_PLL_CTRL), 0x03421342U);
+ reg_ddrphy_write_a(ddr_regdef_adr(_reg_PHY_PLL_CTRL_CA), 0x00000342U);
+ }
+ }
+
if (timeout) {
return 1;
}
diff --git a/drivers/renesas/common/ddr/ddr_b/boot_init_dram_regdef.h b/drivers/renesas/common/ddr/ddr_b/boot_init_dram_regdef.h
index 3cb1975..328adbf 100644
--- a/drivers/renesas/common/ddr/ddr_b/boot_init_dram_regdef.h
+++ b/drivers/renesas/common/ddr/ddr_b/boot_init_dram_regdef.h
@@ -1,11 +1,11 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation.
* All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
-#define RCAR_DDR_VERSION "rev.0.41"
+#define RCAR_DDR_VERSION "rev.0.42"
#define DRAM_CH_CNT 0x04
#define SLICE_CNT 0x04
#define CS_CNT 0x02
diff --git a/drivers/renesas/common/ddr/ddr_b/init_dram_tbl_h3ver2.h b/drivers/renesas/common/ddr/ddr_b/init_dram_tbl_h3ver2.h
index e5258af..5a662ec 100644
--- a/drivers/renesas/common/ddr/ddr_b/init_dram_tbl_h3ver2.h
+++ b/drivers/renesas/common/ddr/ddr_b/init_dram_tbl_h3ver2.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2019, Renesas Electronics Corporation.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation.
* All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -230,8 +230,8 @@
/*0693*/ 0x00000000,
/*0694*/ 0x00000000,
/*0695*/ 0x00005064,
- /*0696*/ 0x01421142,
- /*0697*/ 0x00000142,
+ /*0696*/ 0x05421542,
+ /*0697*/ 0x00000542,
/*0698*/ 0x00000000,
/*0699*/ 0x000f1100,
/*069a*/ 0x0f110f11,
@@ -240,12 +240,12 @@
/*069d*/ 0x0002c000,
/*069e*/ 0x02c002c0,
/*069f*/ 0x000002c0,
- /*06a0*/ 0x03421342,
- /*06a1*/ 0x00000342,
+ /*06a0*/ 0x05421542,
+ /*06a1*/ 0x00000542,
/*06a2*/ 0x00000000,
/*06a3*/ 0x00000000,
/*06a4*/ 0x05020000,
- /*06a5*/ 0x14000000,
+ /*06a5*/ 0x14000001,
/*06a6*/ 0x027f6e00,
/*06a7*/ 0x047f027f,
/*06a8*/ 0x00027f6e,
diff --git a/drivers/renesas/common/ddr/ddr_b/init_dram_tbl_m3.h b/drivers/renesas/common/ddr/ddr_b/init_dram_tbl_m3.h
index b491f0e..482a2a5 100644
--- a/drivers/renesas/common/ddr/ddr_b/init_dram_tbl_m3.h
+++ b/drivers/renesas/common/ddr/ddr_b/init_dram_tbl_m3.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2019, Renesas Electronics Corporation.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation.
* All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -210,8 +210,8 @@
/*0b8b*/ 0x01010100,
/*0b8c*/ 0x00000600,
/*0b8d*/ 0x50640000,
- /*0b8e*/ 0x01421142,
- /*0b8f*/ 0x00000142,
+ /*0b8e*/ 0x03421342,
+ /*0b8f*/ 0x00000342,
/*0b90*/ 0x00000000,
/*0b91*/ 0x000f1600,
/*0b92*/ 0x0f160f16,
diff --git a/drivers/renesas/common/ddr/ddr_b/init_dram_tbl_m3n.h b/drivers/renesas/common/ddr/ddr_b/init_dram_tbl_m3n.h
index fb3032d..436c1a0 100644
--- a/drivers/renesas/common/ddr/ddr_b/init_dram_tbl_m3n.h
+++ b/drivers/renesas/common/ddr/ddr_b/init_dram_tbl_m3n.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2020, Renesas Electronics Corporation.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation.
* All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -230,8 +230,8 @@
/*0b93*/ 0x00000000,
/*0b94*/ 0x00000000,
/*0b95*/ 0x00005064,
- /*0b96*/ 0x01421142,
- /*0b97*/ 0x00000142,
+ /*0b96*/ 0x05421542,
+ /*0b97*/ 0x00000542,
/*0b98*/ 0x00000000,
/*0b99*/ 0x000f1600,
/*0b9a*/ 0x0f160f16,
@@ -241,12 +241,12 @@
/*0b9e*/ 0x02c002c0,
/*0b9f*/ 0x000002c0,
/*0ba0*/ 0x08040201,
- /*0ba1*/ 0x03421342,
- /*0ba2*/ 0x00000342,
+ /*0ba1*/ 0x05421542,
+ /*0ba2*/ 0x00000542,
/*0ba3*/ 0x00000000,
/*0ba4*/ 0x00000000,
/*0ba5*/ 0x05030000,
- /*0ba6*/ 0x00010700,
+ /*0ba6*/ 0x00010701,
/*0ba7*/ 0x00000014,
/*0ba8*/ 0x00027f6e,
/*0ba9*/ 0x047f027f,
diff --git a/drivers/renesas/rcar/board/board.h b/drivers/renesas/rcar/board/board.h
index 51a8e30..2346911 100644
--- a/drivers/renesas/rcar/board/board.h
+++ b/drivers/renesas/rcar/board/board.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2018, Renesas Electronics Corporation. All rights
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights
* reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -11,13 +11,13 @@
#define BOARD_SALVATOR_X (0x00)
#define BOARD_KRIEK (0x01)
#define BOARD_STARTER_KIT (0x02)
+#define BOARD_EAGLE (0x03)
#define BOARD_SALVATOR_XS (0x04)
+#define BOARD_DRAAK (0x07)
#define BOARD_EBISU (0x08)
#define BOARD_STARTER_KIT_PRE (0x0B)
-#define BOARD_EBISU_4D (0x0DU)
-#define BOARD_DRAAK (0x0EU)
-#define BOARD_EAGLE (0x0FU)
-#define BOARD_UNKNOWN (BOARD_EAGLE + 1U)
+#define BOARD_EBISU_4D (0x0D)
+#define BOARD_UNKNOWN (BOARD_EBISU_4D + 1U)
#define BOARD_REV_UNKNOWN (0xFF)
diff --git a/fdts/stm32mp13-bl2.dtsi b/fdts/stm32mp13-bl2.dtsi
index 2b23daf..06db796 100644
--- a/fdts/stm32mp13-bl2.dtsi
+++ b/fdts/stm32mp13-bl2.dtsi
@@ -3,15 +3,6 @@
* Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved
*/
-/omit-if-no-ref/ &i2c4_pins_a;
-/omit-if-no-ref/ &sdmmc1_b4_pins_a;
-/omit-if-no-ref/ &sdmmc1_clk_pins_a;
-/omit-if-no-ref/ &sdmmc2_b4_pins_a;
-/omit-if-no-ref/ &sdmmc2_clk_pins_a;
-/omit-if-no-ref/ &uart4_pins_a;
-/omit-if-no-ref/ &uart8_pins_a;
-/omit-if-no-ref/ &usart1_pins_a;
-
/ {
aliases {
#if !STM32MP_EMMC && !STM32MP_SDMMC
diff --git a/fdts/stm32mp13-pinctrl.dtsi b/fdts/stm32mp13-pinctrl.dtsi
index 323d5ba..6de9bb0 100644
--- a/fdts/stm32mp13-pinctrl.dtsi
+++ b/fdts/stm32mp13-pinctrl.dtsi
@@ -6,6 +6,7 @@
#include <dt-bindings/pinctrl/stm32-pinfunc.h>
&pinctrl {
+ /omit-if-no-ref/
i2c4_pins_a: i2c4-0 {
pins {
pinmux = <STM32_PINMUX('E', 15, AF6)>, /* I2C4_SCL */
@@ -16,6 +17,7 @@
};
};
+ /omit-if-no-ref/
sdmmc1_b4_pins_a: sdmmc1-b4-0 {
pins {
pinmux = <STM32_PINMUX('C', 8, AF12)>, /* SDMMC1_D0 */
@@ -29,6 +31,7 @@
};
};
+ /omit-if-no-ref/
sdmmc1_clk_pins_a: sdmmc1-clk-0 {
pins {
pinmux = <STM32_PINMUX('C', 12, AF12)>; /* SDMMC1_CK */
@@ -38,6 +41,7 @@
};
};
+ /omit-if-no-ref/
sdmmc2_b4_pins_a: sdmmc2-b4-0 {
pins {
pinmux = <STM32_PINMUX('B', 14, AF10)>, /* SDMMC2_D0 */
@@ -51,6 +55,7 @@
};
};
+ /omit-if-no-ref/
sdmmc2_clk_pins_a: sdmmc2-clk-0 {
pins {
pinmux = <STM32_PINMUX('E', 3, AF10)>; /* SDMMC2_CK */
@@ -60,6 +65,7 @@
};
};
+ /omit-if-no-ref/
uart4_pins_a: uart4-0 {
pins1 {
pinmux = <STM32_PINMUX('D', 6, AF8)>; /* UART4_TX */
@@ -73,6 +79,7 @@
};
};
+ /omit-if-no-ref/
usart1_pins_a: usart1-0 {
pins1 {
pinmux = <STM32_PINMUX('C', 0, AF7)>, /* USART1_TX */
@@ -88,6 +95,7 @@
};
};
+ /omit-if-no-ref/
uart8_pins_a: uart8-0 {
pins1 {
pinmux = <STM32_PINMUX('E', 1, AF8)>; /* UART8_TX */
diff --git a/fdts/stm32mp131.dtsi b/fdts/stm32mp131.dtsi
index 2be39af..8bcf363 100644
--- a/fdts/stm32mp131.dtsi
+++ b/fdts/stm32mp131.dtsi
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
/*
- * Copyright (C) STMicroelectronics 2022 - All Rights Reserved
+ * Copyright (C) 2022-2023, STMicroelectronics - All Rights Reserved
* Author: Alexandre Torgue <alexandre.torgue@foss.st.com> for STMicroelectronics.
*/
#include <dt-bindings/clock/stm32mp13-clks.h>
@@ -276,23 +276,20 @@
};
fmc: memory-controller@58002000 {
- #address-cells = <2>;
- #size-cells = <1>;
compatible = "st,stm32mp1-fmc2-ebi";
reg = <0x58002000 0x1000>;
- clocks = <&rcc FMC_K>;
- resets = <&rcc FMC_R>;
- status = "disabled";
-
ranges = <0 0 0x60000000 0x04000000>, /* EBI CS 1 */
<1 0 0x64000000 0x04000000>, /* EBI CS 2 */
<2 0 0x68000000 0x04000000>, /* EBI CS 3 */
<3 0 0x6c000000 0x04000000>, /* EBI CS 4 */
<4 0 0x80000000 0x10000000>; /* NAND */
+ #address-cells = <2>;
+ #size-cells = <1>;
+ clocks = <&rcc FMC_K>;
+ resets = <&rcc FMC_R>;
+ status = "disabled";
nand-controller@4,0 {
- #address-cells = <1>;
- #size-cells = <0>;
compatible = "st,stm32mp1-fmc2-nfc";
reg = <4 0x00000000 0x1000>,
<4 0x08010000 0x1000>,
@@ -300,6 +297,8 @@
<4 0x01000000 0x1000>,
<4 0x09010000 0x1000>,
<4 0x09020000 0x1000>;
+ #address-cells = <1>;
+ #size-cells = <0>;
interrupts = <GIC_SPI 49 IRQ_TYPE_LEVEL_HIGH>;
status = "disabled";
};
@@ -341,7 +340,7 @@
status = "disabled";
};
- usbh_ohci: usbh-ohci@5800c000 {
+ usbh_ohci: usb@5800c000 {
compatible = "generic-ohci";
reg = <0x5800c000 0x1000>;
clocks = <&rcc USBH>;
@@ -350,7 +349,7 @@
status = "disabled";
};
- usbh_ehci: usbh-ehci@5800d000 {
+ usbh_ehci: usb@5800d000 {
compatible = "generic-ehci";
reg = <0x5800d000 0x1000>;
clocks = <&rcc USBH>;
@@ -424,7 +423,7 @@
cfg0_otp: cfg0_otp@0 {
reg = <0x0 0x2>;
};
- part_number_otp: part_number_otp@4 {
+ part_number_otp: part-number-otp@4 {
reg = <0x4 0x2>;
};
monotonic_otp: monotonic_otp@10 {
@@ -470,7 +469,6 @@
ranges = <0 0x50002000 0x8400>;
interrupt-parent = <&exti>;
st,syscfg = <&exti 0x60 0xff>;
- pins-are-numbered;
gpioa: gpio@50002000 {
gpio-controller;
diff --git a/fdts/stm32mp15-bl2.dtsi b/fdts/stm32mp15-bl2.dtsi
index 53aeec5..18a4ba9 100644
--- a/fdts/stm32mp15-bl2.dtsi
+++ b/fdts/stm32mp15-bl2.dtsi
@@ -3,37 +3,8 @@
* Copyright (c) 2020-2023, STMicroelectronics - All Rights Reserved
*/
-/omit-if-no-ref/ &fmc_pins_a;
-/omit-if-no-ref/ &i2c2_pins_a;
-/omit-if-no-ref/ &i2c4_pins_a;
/omit-if-no-ref/ &i2c6;
-/omit-if-no-ref/ &qspi_bk1_pins_a;
-/omit-if-no-ref/ &qspi_bk2_pins_a;
-/omit-if-no-ref/ &qspi_clk_pins_a;
-/omit-if-no-ref/ &sdmmc1_b4_pins_a;
-/omit-if-no-ref/ &sdmmc1_dir_pins_a;
-/omit-if-no-ref/ &sdmmc1_dir_pins_b;
-/omit-if-no-ref/ &sdmmc2_b4_pins_a;
-/omit-if-no-ref/ &sdmmc2_b4_pins_b;
-/omit-if-no-ref/ &sdmmc2_d47_pins_a;
-/omit-if-no-ref/ &sdmmc2_d47_pins_b;
-/omit-if-no-ref/ &sdmmc2_d47_pins_c;
-/omit-if-no-ref/ &sdmmc2_d47_pins_d;
/omit-if-no-ref/ &spi6;
-/omit-if-no-ref/ &uart4_pins_a;
-/omit-if-no-ref/ &uart4_pins_b;
-/omit-if-no-ref/ &uart7_pins_a;
-/omit-if-no-ref/ &uart7_pins_b;
-/omit-if-no-ref/ &uart7_pins_c;
-/omit-if-no-ref/ &uart8_pins_a;
-/omit-if-no-ref/ &usart2_pins_a;
-/omit-if-no-ref/ &usart2_pins_b;
-/omit-if-no-ref/ &usart2_pins_c;
-/omit-if-no-ref/ &usart3_pins_a;
-/omit-if-no-ref/ &usart3_pins_b;
-/omit-if-no-ref/ &usart3_pins_c;
-/omit-if-no-ref/ &usbotg_fs_dp_dm_pins_a;
-/omit-if-no-ref/ &usbotg_hs_pins_a;
/ {
#if !STM32MP_EMMC && !STM32MP_SDMMC
diff --git a/fdts/stm32mp15-bl32.dtsi b/fdts/stm32mp15-bl32.dtsi
index 7b63f1b..6882224 100644
--- a/fdts/stm32mp15-bl32.dtsi
+++ b/fdts/stm32mp15-bl32.dtsi
@@ -3,37 +3,8 @@
* Copyright (c) 2020-2023, STMicroelectronics - All Rights Reserved
*/
-/omit-if-no-ref/ &fmc_pins_a;
-/omit-if-no-ref/ &i2c2_pins_a;
-/omit-if-no-ref/ &i2c4_pins_a;
/omit-if-no-ref/ &i2c6;
-/omit-if-no-ref/ &qspi_bk1_pins_a;
-/omit-if-no-ref/ &qspi_bk2_pins_a;
-/omit-if-no-ref/ &qspi_clk_pins_a;
-/omit-if-no-ref/ &sdmmc1_b4_pins_a;
-/omit-if-no-ref/ &sdmmc1_dir_pins_a;
-/omit-if-no-ref/ &sdmmc1_dir_pins_b;
-/omit-if-no-ref/ &sdmmc2_b4_pins_a;
-/omit-if-no-ref/ &sdmmc2_b4_pins_b;
-/omit-if-no-ref/ &sdmmc2_d47_pins_a;
-/omit-if-no-ref/ &sdmmc2_d47_pins_b;
-/omit-if-no-ref/ &sdmmc2_d47_pins_c;
-/omit-if-no-ref/ &sdmmc2_d47_pins_d;
/omit-if-no-ref/ &spi6;
-/omit-if-no-ref/ &uart4_pins_a;
-/omit-if-no-ref/ &uart4_pins_b;
-/omit-if-no-ref/ &uart7_pins_a;
-/omit-if-no-ref/ &uart7_pins_b;
-/omit-if-no-ref/ &uart7_pins_c;
-/omit-if-no-ref/ &uart8_pins_a;
-/omit-if-no-ref/ &usart2_pins_a;
-/omit-if-no-ref/ &usart2_pins_b;
-/omit-if-no-ref/ &usart2_pins_c;
-/omit-if-no-ref/ &usart3_pins_a;
-/omit-if-no-ref/ &usart3_pins_b;
-/omit-if-no-ref/ &usart3_pins_c;
-/omit-if-no-ref/ &usbotg_fs_dp_dm_pins_a;
-/omit-if-no-ref/ &usbotg_hs_pins_a;
/ {
aliases {
diff --git a/fdts/stm32mp15-pinctrl.dtsi b/fdts/stm32mp15-pinctrl.dtsi
index a1be447..70d1db1 100644
--- a/fdts/stm32mp15-pinctrl.dtsi
+++ b/fdts/stm32mp15-pinctrl.dtsi
@@ -6,6 +6,7 @@
#include <dt-bindings/pinctrl/stm32-pinfunc.h>
&pinctrl {
+ /omit-if-no-ref/
fmc_pins_a: fmc-0 {
pins1 {
pinmux = <STM32_PINMUX('D', 4, AF12)>, /* FMC_NOE */
@@ -31,6 +32,7 @@
};
};
+ /omit-if-no-ref/
i2c2_pins_a: i2c2-0 {
pins {
pinmux = <STM32_PINMUX('H', 4, AF4)>, /* I2C2_SCL */
@@ -41,6 +43,7 @@
};
};
+ /omit-if-no-ref/
qspi_clk_pins_a: qspi-clk-0 {
pins {
pinmux = <STM32_PINMUX('F', 10, AF9)>; /* QSPI_CLK */
@@ -50,8 +53,9 @@
};
};
+ /omit-if-no-ref/
qspi_bk1_pins_a: qspi-bk1-0 {
- pins1 {
+ pins {
pinmux = <STM32_PINMUX('F', 8, AF10)>, /* QSPI_BK1_IO0 */
<STM32_PINMUX('F', 9, AF10)>, /* QSPI_BK1_IO1 */
<STM32_PINMUX('F', 7, AF9)>, /* QSPI_BK1_IO2 */
@@ -60,16 +64,11 @@
drive-push-pull;
slew-rate = <1>;
};
- pins2 {
- pinmux = <STM32_PINMUX('B', 6, AF10)>; /* QSPI_BK1_NCS */
- bias-pull-up;
- drive-push-pull;
- slew-rate = <1>;
- };
};
+ /omit-if-no-ref/
qspi_bk2_pins_a: qspi-bk2-0 {
- pins1 {
+ pins {
pinmux = <STM32_PINMUX('H', 2, AF9)>, /* QSPI_BK2_IO0 */
<STM32_PINMUX('H', 3, AF9)>, /* QSPI_BK2_IO1 */
<STM32_PINMUX('G', 10, AF11)>, /* QSPI_BK2_IO2 */
@@ -78,7 +77,21 @@
drive-push-pull;
slew-rate = <1>;
};
- pins2 {
+ };
+
+ /omit-if-no-ref/
+ qspi_cs1_pins_a: qspi-cs1-0 {
+ pins {
+ pinmux = <STM32_PINMUX('B', 6, AF10)>; /* QSPI_BK1_NCS */
+ bias-pull-up;
+ drive-push-pull;
+ slew-rate = <1>;
+ };
+ };
+
+ /omit-if-no-ref/
+ qspi_cs2_pins_a: qspi-cs2-0 {
+ pins {
pinmux = <STM32_PINMUX('C', 0, AF10)>; /* QSPI_BK2_NCS */
bias-pull-up;
drive-push-pull;
@@ -86,6 +99,7 @@
};
};
+ /omit-if-no-ref/
sdmmc1_b4_pins_a: sdmmc1-b4-0 {
pins1 {
pinmux = <STM32_PINMUX('C', 8, AF12)>, /* SDMMC1_D0 */
@@ -105,6 +119,7 @@
};
};
+ /omit-if-no-ref/
sdmmc1_dir_pins_a: sdmmc1-dir-0 {
pins1 {
pinmux = <STM32_PINMUX('F', 2, AF11)>, /* SDMMC1_D0DIR */
@@ -120,6 +135,7 @@
};
};
+ /omit-if-no-ref/
sdmmc1_dir_pins_b: sdmmc1-dir-1 {
pins1 {
pinmux = <STM32_PINMUX('F', 2, AF11)>, /* SDMMC1_D0DIR */
@@ -129,12 +145,13 @@
drive-push-pull;
bias-pull-up;
};
- pins2{
+ pins2 {
pinmux = <STM32_PINMUX('E', 4, AF8)>; /* SDMMC1_CKIN */
bias-pull-up;
};
};
+ /omit-if-no-ref/
sdmmc2_b4_pins_a: sdmmc2-b4-0 {
pins1 {
pinmux = <STM32_PINMUX('B', 14, AF9)>, /* SDMMC2_D0 */
@@ -154,6 +171,7 @@
};
};
+ /omit-if-no-ref/
sdmmc2_b4_pins_b: sdmmc2-b4-1 {
pins1 {
pinmux = <STM32_PINMUX('B', 14, AF9)>, /* SDMMC2_D0 */
@@ -173,6 +191,7 @@
};
};
+ /omit-if-no-ref/
sdmmc2_d47_pins_a: sdmmc2-d47-0 {
pins {
pinmux = <STM32_PINMUX('A', 8, AF9)>, /* SDMMC2_D4 */
@@ -185,6 +204,7 @@
};
};
+ /omit-if-no-ref/
sdmmc2_d47_pins_b: sdmmc2-d47-1 {
pins {
pinmux = <STM32_PINMUX('A', 8, AF9)>, /* SDMMC2_D4 */
@@ -197,6 +217,7 @@
};
};
+ /omit-if-no-ref/
sdmmc2_d47_pins_c: sdmmc2-d47-2 {
pins {
pinmux = <STM32_PINMUX('A', 8, AF9)>, /* SDMMC2_D4 */
@@ -209,6 +230,7 @@
};
};
+ /omit-if-no-ref/
sdmmc2_d47_pins_d: sdmmc2-d47-3 {
pins {
pinmux = <STM32_PINMUX('A', 8, AF9)>, /* SDMMC2_D4 */
@@ -218,6 +240,7 @@
};
};
+ /omit-if-no-ref/
uart4_pins_a: uart4-0 {
pins1 {
pinmux = <STM32_PINMUX('G', 11, AF6)>; /* UART4_TX */
@@ -231,6 +254,7 @@
};
};
+ /omit-if-no-ref/
uart4_pins_b: uart4-1 {
pins1 {
pinmux = <STM32_PINMUX('D', 1, AF8)>; /* UART4_TX */
@@ -244,6 +268,7 @@
};
};
+ /omit-if-no-ref/
uart7_pins_a: uart7-0 {
pins1 {
pinmux = <STM32_PINMUX('E', 8, AF7)>; /* UART7_TX */
@@ -259,6 +284,7 @@
};
};
+ /omit-if-no-ref/
uart7_pins_b: uart7-1 {
pins1 {
pinmux = <STM32_PINMUX('F', 7, AF7)>; /* UART7_TX */
@@ -272,6 +298,7 @@
};
};
+ /omit-if-no-ref/
uart7_pins_c: uart7-2 {
pins1 {
pinmux = <STM32_PINMUX('E', 8, AF7)>; /* UART7_TX */
@@ -281,10 +308,11 @@
};
pins2 {
pinmux = <STM32_PINMUX('E', 7, AF7)>; /* UART7_RX */
- bias-disable;
+ bias-pull-up;
};
};
+ /omit-if-no-ref/
uart8_pins_a: uart8-0 {
pins1 {
pinmux = <STM32_PINMUX('E', 1, AF8)>; /* UART8_TX */
@@ -298,6 +326,7 @@
};
};
+ /omit-if-no-ref/
usart2_pins_a: usart2-0 {
pins1 {
pinmux = <STM32_PINMUX('F', 5, AF7)>, /* USART2_TX */
@@ -313,6 +342,7 @@
};
};
+ /omit-if-no-ref/
usart2_pins_b: usart2-1 {
pins1 {
pinmux = <STM32_PINMUX('F', 5, AF7)>, /* USART2_TX */
@@ -328,13 +358,14 @@
};
};
+ /omit-if-no-ref/
usart2_pins_c: usart2-2 {
pins1 {
pinmux = <STM32_PINMUX('D', 5, AF7)>, /* USART2_TX */
<STM32_PINMUX('D', 4, AF7)>; /* USART2_RTS */
bias-disable;
drive-push-pull;
- slew-rate = <3>;
+ slew-rate = <0>;
};
pins2 {
pinmux = <STM32_PINMUX('D', 6, AF7)>, /* USART2_RX */
@@ -343,6 +374,7 @@
};
};
+ /omit-if-no-ref/
usart3_pins_a: usart3-0 {
pins1 {
pinmux = <STM32_PINMUX('B', 10, AF7)>; /* USART3_TX */
@@ -356,6 +388,7 @@
};
};
+ /omit-if-no-ref/
usart3_pins_b: usart3-1 {
pins1 {
pinmux = <STM32_PINMUX('B', 10, AF7)>, /* USART3_TX */
@@ -371,6 +404,7 @@
};
};
+ /omit-if-no-ref/
usart3_pins_c: usart3-2 {
pins1 {
pinmux = <STM32_PINMUX('B', 10, AF7)>, /* USART3_TX */
@@ -386,12 +420,14 @@
};
};
+ /omit-if-no-ref/
usbotg_hs_pins_a: usbotg-hs-0 {
pins {
pinmux = <STM32_PINMUX('A', 10, ANALOG)>; /* OTG_ID */
};
};
+ /omit-if-no-ref/
usbotg_fs_dp_dm_pins_a: usbotg-fs-dp-dm-0 {
pins {
pinmux = <STM32_PINMUX('A', 11, ANALOG)>, /* OTG_FS_DM */
@@ -401,6 +437,7 @@
};
&pinctrl_z {
+ /omit-if-no-ref/
i2c4_pins_a: i2c4-0 {
pins {
pinmux = <STM32_PINMUX('Z', 4, AF6)>, /* I2C4_SCL */
diff --git a/fdts/stm32mp151.dtsi b/fdts/stm32mp151.dtsi
index 869b912..7a22a1c 100644
--- a/fdts/stm32mp151.dtsi
+++ b/fdts/stm32mp151.dtsi
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
/*
- * Copyright (c) 2017-2022, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2017-2023, STMicroelectronics - All Rights Reserved
* Author: Ludovic Barre <ludovic.barre@st.com> for STMicroelectronics.
*/
#include <dt-bindings/interrupt-controller/arm-gic.h>
@@ -324,9 +324,8 @@
sdmmc1: mmc@58005000 {
compatible = "st,stm32-sdmmc2", "arm,pl18x", "arm,primecell";
arm,primecell-periphid = <0x00253180>;
- reg = <0x58005000 0x1000>, <0x58006000 0x1000>;
+ reg = <0x58005000 0x1000>;
interrupts = <GIC_SPI 49 IRQ_TYPE_LEVEL_HIGH>;
- interrupt-names = "cmd_irq";
clocks = <&rcc SDMMC1_K>;
clock-names = "apb_pclk";
resets = <&rcc SDMMC1_R>;
@@ -339,9 +338,8 @@
sdmmc2: mmc@58007000 {
compatible = "st,stm32-sdmmc2", "arm,pl18x", "arm,primecell";
arm,primecell-periphid = <0x00253180>;
- reg = <0x58007000 0x1000>, <0x58008000 0x1000>;
+ reg = <0x58007000 0x1000>;
interrupts = <GIC_SPI 124 IRQ_TYPE_LEVEL_HIGH>;
- interrupt-names = "cmd_irq";
clocks = <&rcc SDMMC2_K>;
clock-names = "apb_pclk";
resets = <&rcc SDMMC2_R>;
@@ -463,7 +461,7 @@
cfg0_otp: cfg0_otp@0 {
reg = <0x0 0x1>;
};
- part_number_otp: part_number_otp@4 {
+ part_number_otp: part-number-otp@4 {
reg = <0x4 0x1>;
};
monotonic_otp: monotonic_otp@10 {
@@ -523,7 +521,7 @@
};
tamp: tamp@5c00a000 {
- compatible = "st,stm32-tamp", "simple-bus", "syscon", "simple-mfd";
+ compatible = "st,stm32-tamp", "syscon", "simple-mfd";
reg = <0x5c00a000 0x400>;
secure-interrupts = <GIC_SPI 197 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&rcc RTCAPB>;
@@ -540,7 +538,6 @@
ranges = <0 0x50002000 0xa400>;
interrupt-parent = <&exti>;
st,syscfg = <&exti 0x60 0xff>;
- pins-are-numbered;
gpioa: gpio@50002000 {
gpio-controller;
@@ -669,7 +666,6 @@
#size-cells = <1>;
compatible = "st,stm32mp157-z-pinctrl";
ranges = <0 0x54004000 0x400>;
- pins-are-numbered;
interrupt-parent = <&exti>;
st,syscfg = <&exti 0x60 0xff>;
diff --git a/fdts/stm32mp151a-prtt1a.dts b/fdts/stm32mp151a-prtt1a.dts
index be9bdae..3634620 100644
--- a/fdts/stm32mp151a-prtt1a.dts
+++ b/fdts/stm32mp151a-prtt1a.dts
@@ -39,7 +39,9 @@
&qspi {
pinctrl-names = "default", "sleep";
- pinctrl-0 = <&qspi_clk_pins_a &qspi_bk1_pins_a>;
+ pinctrl-0 = <&qspi_clk_pins_a
+ &qspi_bk1_pins_a
+ &qspi_cs1_pins_a>;
reg = <0x58003000 0x1000>, <0x70000000 0x4000000>;
#address-cells = <1>;
#size-cells = <0>;
@@ -56,7 +58,7 @@
};
&qspi_bk1_pins_a {
- pins1 {
+ pins {
bias-pull-up;
drive-push-pull;
slew-rate = <1>;
diff --git a/fdts/stm32mp157a-dk1.dts b/fdts/stm32mp157a-dk1.dts
index a73bef8..b4d5d20 100644
--- a/fdts/stm32mp157a-dk1.dts
+++ b/fdts/stm32mp157a-dk1.dts
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
/*
- * Copyright (C) STMicroelectronics 2019 - All Rights Reserved
+ * Copyright (C) 2019-2023, STMicroelectronics - All Rights Reserved
* Author: Alexandre Torgue <alexandre.torgue@st.com> for STMicroelectronics.
*/
@@ -15,12 +15,6 @@
model = "STMicroelectronics STM32MP157A-DK1 Discovery Board";
compatible = "st,stm32mp157a-dk1", "st,stm32mp157";
- aliases {
- serial0 = &uart4;
- serial1 = &usart3;
- serial2 = &uart7;
- };
-
chosen {
stdout-path = "serial0:115200n8";
};
diff --git a/fdts/stm32mp157c-dk2.dts b/fdts/stm32mp157c-dk2.dts
index be8300e..f6f3782 100644
--- a/fdts/stm32mp157c-dk2.dts
+++ b/fdts/stm32mp157c-dk2.dts
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
/*
- * Copyright (C) STMicroelectronics 2019 - All Rights Reserved
+ * Copyright (C) 2019-2023, STMicroelectronics - All Rights Reserved
* Author: Alexandre Torgue <alexandre.torgue@st.com> for STMicroelectronics.
*/
@@ -17,9 +17,6 @@
compatible = "st,stm32mp157c-dk2", "st,stm32mp157";
aliases {
- serial0 = &uart4;
- serial1 = &usart3;
- serial2 = &uart7;
serial3 = &usart2;
};
diff --git a/fdts/stm32mp157c-ed1.dts b/fdts/stm32mp157c-ed1.dts
index 63753bd..949c929 100644
--- a/fdts/stm32mp157c-ed1.dts
+++ b/fdts/stm32mp157c-ed1.dts
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
/*
- * Copyright (c) 2017-2022, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2017-2023, STMicroelectronics - All Rights Reserved
* Author: Ludovic Barre <ludovic.barre@st.com> for STMicroelectronics.
*/
/dts-v1/;
@@ -16,6 +16,10 @@
model = "STMicroelectronics STM32MP157C eval daughter";
compatible = "st,stm32mp157c-ed1", "st,stm32mp157";
+ aliases {
+ serial0 = &uart4;
+ };
+
chosen {
stdout-path = "serial0:115200n8";
};
@@ -24,10 +28,6 @@
device_type = "memory";
reg = <0xC0000000 0x40000000>;
};
-
- aliases {
- serial0 = &uart4;
- };
};
&bsec {
diff --git a/fdts/stm32mp157c-ev1.dts b/fdts/stm32mp157c-ev1.dts
index 02840a2..e274645 100644
--- a/fdts/stm32mp157c-ev1.dts
+++ b/fdts/stm32mp157c-ev1.dts
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
/*
- * Copyright (c) 2017-2021, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2017-2023, STMicroelectronics - All Rights Reserved
* Author: Ludovic Barre <ludovic.barre@st.com> for STMicroelectronics.
*/
/dts-v1/;
@@ -11,13 +11,13 @@
model = "STMicroelectronics STM32MP157C eval daughter on eval mother";
compatible = "st,stm32mp157c-ev1", "st,stm32mp157c-ed1", "st,stm32mp157";
- chosen {
- stdout-path = "serial0:115200n8";
- };
-
aliases {
serial1 = &usart3;
};
+
+ chosen {
+ stdout-path = "serial0:115200n8";
+ };
};
&fmc {
@@ -39,13 +39,15 @@
&qspi {
pinctrl-names = "default";
- pinctrl-0 = <&qspi_clk_pins_a &qspi_bk1_pins_a>;
+ pinctrl-0 = <&qspi_clk_pins_a
+ &qspi_bk1_pins_a
+ &qspi_cs1_pins_a>;
reg = <0x58003000 0x1000>, <0x70000000 0x4000000>;
#address-cells = <1>;
#size-cells = <0>;
status = "okay";
- flash0: mx66l51235l@0 {
+ flash0: flash@0 {
compatible = "jedec,spi-nor";
reg = <0>;
spi-rx-bus-width = <4>;
diff --git a/fdts/stm32mp15xx-dhcom-som.dtsi b/fdts/stm32mp15xx-dhcom-som.dtsi
index c9f21b0..7737a44 100644
--- a/fdts/stm32mp15xx-dhcom-som.dtsi
+++ b/fdts/stm32mp15xx-dhcom-som.dtsi
@@ -2,6 +2,7 @@
/*
* Copyright (C) 2019-2020 Marek Vasut <marex@denx.de>
* Copyright (C) 2022 DH electronics GmbH
+ * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
*/
#include "stm32mp15-pinctrl.dtsi"
@@ -169,7 +170,9 @@
&qspi {
pinctrl-names = "default";
- pinctrl-0 = <&qspi_clk_pins_a &qspi_bk1_pins_a>;
+ pinctrl-0 = <&qspi_clk_pins_a
+ &qspi_bk1_pins_a
+ &qspi_cs1_pins_a>;
reg = <0x58003000 0x1000>, <0x70000000 0x4000000>;
#address-cells = <1>;
#size-cells = <0>;
diff --git a/fdts/stm32mp15xx-dhcor-som.dtsi b/fdts/stm32mp15xx-dhcor-som.dtsi
index c241efc..8d829a4 100644
--- a/fdts/stm32mp15xx-dhcor-som.dtsi
+++ b/fdts/stm32mp15xx-dhcor-som.dtsi
@@ -4,6 +4,7 @@
* Author: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
* Copyright (C) 2020 Marek Vasut <marex@denx.de>
* Copyright (C) 2022 DH electronics GmbH
+ * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
*/
#include "stm32mp15-pinctrl.dtsi"
@@ -164,7 +165,9 @@
&qspi {
pinctrl-names = "default";
- pinctrl-0 = <&qspi_clk_pins_a &qspi_bk1_pins_a>;
+ pinctrl-0 = <&qspi_clk_pins_a
+ &qspi_bk1_pins_a
+ &qspi_cs1_pins_a>;
reg = <0x58003000 0x1000>, <0x70000000 0x200000>;
#address-cells = <1>;
#size-cells = <0>;
diff --git a/fdts/stm32mp15xx-dkx.dtsi b/fdts/stm32mp15xx-dkx.dtsi
index 52d4170..f8baa9d 100644
--- a/fdts/stm32mp15xx-dkx.dtsi
+++ b/fdts/stm32mp15xx-dkx.dtsi
@@ -8,6 +8,12 @@
#include "stm32mp15-ddr3-1x4Gb-1066-binG.dtsi"
/ {
+ aliases {
+ serial0 = &uart4;
+ serial1 = &usart3;
+ serial2 = &uart7;
+ };
+
memory@c0000000 {
device_type = "memory";
reg = <0xc0000000 0x20000000>;
diff --git a/fdts/stm32mp25-bl2.dtsi b/fdts/stm32mp25-bl2.dtsi
index 7a6bbbe..438a58c 100644
--- a/fdts/stm32mp25-bl2.dtsi
+++ b/fdts/stm32mp25-bl2.dtsi
@@ -2,5 +2,3 @@
/*
* Copyright (C) 2023, STMicroelectronics - All Rights Reserved
*/
-
-/omit-if-no-ref/ &usart2_pins_a;
diff --git a/fdts/stm32mp25-pinctrl.dtsi b/fdts/stm32mp25-pinctrl.dtsi
index 8d0eaaf..05876a3 100644
--- a/fdts/stm32mp25-pinctrl.dtsi
+++ b/fdts/stm32mp25-pinctrl.dtsi
@@ -6,6 +6,7 @@
#include <dt-bindings/pinctrl/stm32-pinfunc.h>
&pinctrl {
+ /omit-if-no-ref/
usart2_pins_a: usart2-0 {
pins1 {
pinmux = <STM32_PINMUX('A', 4, AF6)>; /* USART2_TX */
diff --git a/fdts/stm32mp251.dtsi b/fdts/stm32mp251.dtsi
index 821eb49..f55a3b9 100644
--- a/fdts/stm32mp251.dtsi
+++ b/fdts/stm32mp251.dtsi
@@ -67,7 +67,7 @@
<0x0 0x4ac60000 0x0 0x2000>;
};
- timer: timer {
+ timer {
compatible = "arm,armv8-timer";
interrupt-parent = <&intc>;
interrupts = <GIC_PPI 13 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>,
diff --git a/fdts/stm32mp257f-ev1.dts b/fdts/stm32mp257f-ev1.dts
index 916d1e2..b7e92e4 100644
--- a/fdts/stm32mp257f-ev1.dts
+++ b/fdts/stm32mp257f-ev1.dts
@@ -25,7 +25,7 @@
memory@80000000 {
device_type = "memory";
- reg = <0x0 0x80000000 0x1 0x00000000>;
+ reg = <0x0 0x80000000 0x1 0x0>;
};
};
diff --git a/include/arch/aarch32/arch.h b/include/arch/aarch32/arch.h
index da4ee7f..a711753 100644
--- a/include/arch/aarch32/arch.h
+++ b/include/arch/aarch32/arch.h
@@ -796,5 +796,6 @@
#define DSU_CLUSTER_PWR_OFF 0
#define DSU_CLUSTER_PWR_ON 1
#define DSU_CLUSTER_PWR_MASK U(1)
+#define DSU_CLUSTER_MEM_RET BIT(1)
#endif /* ARCH_H */
diff --git a/include/arch/aarch32/asm_macros.S b/include/arch/aarch32/asm_macros.S
index 83e94ca..3ba86e9 100644
--- a/include/arch/aarch32/asm_macros.S
+++ b/include/arch/aarch32/asm_macros.S
@@ -120,6 +120,14 @@
.endm
#endif
+ /* Macro for error synchronization */
+ .macro synchronize_errors
+ /* Complete any stores that may return an abort */
+ dsb sy
+ /* Synchronise the CPU context with the completion of the dsb */
+ isb
+ .endm
+
#if (ARM_ARCH_MAJOR == 7)
/* ARMv7 does not support stl instruction */
.macro stl _reg, _write_lock
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index c10102a..e9d22b6 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -962,6 +962,7 @@
#define EC_AARCH64_HVC U(0x16)
#define EC_AARCH64_SMC U(0x17)
#define EC_AARCH64_SYS U(0x18)
+#define EC_IMP_DEF_EL3 U(0x1f)
#define EC_IABORT_LOWER_EL U(0x20)
#define EC_IABORT_CUR_EL U(0x21)
#define EC_PC_ALIGN U(0x22)
@@ -1231,7 +1232,9 @@
/* MPAM register definitions */
#define MPAM3_EL3_MPAMEN_BIT (ULL(1) << 63)
+#define MPAM3_EL3_TRAPLOWER_BIT (ULL(1) << 62)
#define MPAMHCR_EL2_TRAP_MPAMIDR_EL1 (ULL(1) << 31)
+#define MPAM3_EL3_RESET_VAL MPAM3_EL3_TRAPLOWER_BIT
#define MPAM2_EL2_TRAPMPAM0EL1 (ULL(1) << 49)
#define MPAM2_EL2_TRAPMPAM1EL1 (ULL(1) << 48)
@@ -1414,6 +1417,7 @@
#define DSU_CLUSTER_PWR_OFF 0
#define DSU_CLUSTER_PWR_ON 1
#define DSU_CLUSTER_PWR_MASK U(1)
+#define DSU_CLUSTER_MEM_RET BIT(1)
/*******************************************************************************
* Definitions for CPU Power/Performance Management registers
diff --git a/include/arch/aarch64/arch_features.h b/include/arch/aarch64/arch_features.h
index bd41fef..cf8da5e 100644
--- a/include/arch/aarch64/arch_features.h
+++ b/include/arch/aarch64/arch_features.h
@@ -159,7 +159,7 @@
}
CREATE_FEATURE_FUNCS_VER(feat_mpam, read_feat_mpam_version, 1U,
- ENABLE_MPAM_FOR_LOWER_ELS)
+ ENABLE_FEAT_MPAM)
/* FEAT_HCX: Extended Hypervisor Configuration Register */
CREATE_FEATURE_FUNCS(feat_hcx, id_aa64mmfr1_el1, ID_AA64MMFR1_EL1_HCX_SHIFT,
diff --git a/include/arch/aarch64/asm_macros.S b/include/arch/aarch64/asm_macros.S
index 6091f62..d09ad0f 100644
--- a/include/arch/aarch64/asm_macros.S
+++ b/include/arch/aarch64/asm_macros.S
@@ -292,4 +292,29 @@
#endif
.endm
+ /*
+ * Macro to unmask External Aborts by changing PSTATE.A bit.
+ * Put explicit synchronization event to ensure newly unmasked interrupt
+ * is taken immediately.
+ */
+ .macro unmask_async_ea
+ msr daifclr, #DAIF_ABT_BIT
+ isb
+ .endm
+
+ /* Macro for error synchronization on exception boundries.
+ * With FEAT_RAS enabled, it is assumed that FEAT_IESB is also present
+ * and enabled.
+ * FEAT_IESB provides an implicit error synchronization event at exception
+ * entry and exception return, so there is no need for any explicit instruction.
+ */
+ .macro synchronize_errors
+#if !ENABLE_FEAT_RAS
+ /* Complete any stores that may return an abort */
+ dsb sy
+ /* Synchronise the CPU context with the completion of the dsb */
+ isb
+#endif
+ .endm
+
#endif /* ASM_MACROS_S */
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S
index 536d807..a78837f 100644
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@@ -208,6 +208,10 @@
*/
mov_imm x0, (SCTLR_RESET_VAL & ~(SCTLR_EE_BIT | SCTLR_WXN_BIT \
| SCTLR_SA_BIT | SCTLR_A_BIT | SCTLR_DSSBS_BIT))
+#if ENABLE_FEAT_RAS
+ /* If FEAT_RAS is present assume FEAT_IESB is also present */
+ orr x0, x0, #SCTLR_IESB_BIT
+#endif
msr sctlr_el3, x0
isb
.endif /* _init_sctlr */
@@ -441,4 +445,20 @@
#endif
.endm
+/* -----------------------------------------------------------------
+ * The below macro reads SCR_EL3 from the context structure to
+ * determine the security state of the context upon ERET.
+ * ------------------------------------------------------------------
+ */
+ .macro get_security_state _ret:req, _scr_reg:req
+ ubfx \_ret, \_scr_reg, #SCR_NSE_SHIFT, #1
+ cmp \_ret, #1
+ beq realm_state
+ bfi \_ret, \_scr_reg, #0, #1
+ b end
+ realm_state:
+ mov \_ret, #2
+ end:
+ .endm
+
#endif /* EL3_COMMON_MACROS_S */
diff --git a/include/bl31/ea_handle.h b/include/bl31/ea_handle.h
index 68f012c..7cd7b6a 100644
--- a/include/bl31/ea_handle.h
+++ b/include/bl31/ea_handle.h
@@ -21,4 +21,6 @@
/* RAS event signalled as peripheral interrupt */
#define ERROR_INTERRUPT 3
+#define ASYNC_EA_REPLAY_COUNTER U(100)
+
#endif /* EA_HANDLE_H */
diff --git a/include/common/tbbr/cot_def.h b/include/common/tbbr/cot_def.h
index 1d28772..bf23917 100644
--- a/include/common/tbbr/cot_def.h
+++ b/include/common/tbbr/cot_def.h
@@ -32,7 +32,12 @@
* buffers must be big enough to hold either. As RSA keys are bigger than ECDSA
* ones for all key sizes we support, they impose the minimum size of these
* buffers.
+ *
+ * If the platform employs its own mbedTLS configuration, it is the platform's
+ * responsibility to define TF_MBEDTLS_USE_RSA or TF_MBEDTLS_USE_ECDSA to
+ * establish the appropriate PK_DER_LEN size.
*/
+#ifdef MBEDTLS_CONFIG_FILE
#if TF_MBEDTLS_USE_RSA
#if TF_MBEDTLS_KEY_SIZE == 1024
#define PK_DER_LEN 162
@@ -45,7 +50,7 @@
#else
#error "Invalid value for TF_MBEDTLS_KEY_SIZE"
#endif
-#else /* Only using ECDSA keys. */
+#elif TF_MBEDTLS_USE_ECDSA
#if TF_MBEDTLS_KEY_SIZE == 384
#define PK_DER_LEN 120
#elif TF_MBEDTLS_KEY_SIZE == 256
@@ -53,7 +58,9 @@
#else
#error "Invalid value for TF_MBEDTLS_KEY_SIZE"
#endif
-#endif
+#else
+#error "Invalid value of algorithm"
+#endif /* TF_MBEDTLS_USE_RSA */
#if TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256
#define HASH_DER_LEN 51
@@ -64,5 +71,6 @@
#else
#error "Invalid value for TF_MBEDTLS_HASH_ALG_ID"
#endif
+#endif /* MBEDTLS_CONFIG_FILE */
#endif /* COT_DEF_H */
diff --git a/include/drivers/arm/cryptocell/712/cc_crypto_boot_defs.h b/include/drivers/arm/cryptocell/712/cc_crypto_boot_defs.h
deleted file mode 100644
index 2cb8938..0000000
--- a/include/drivers/arm/cryptocell/712/cc_crypto_boot_defs.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_CRYPTO_BOOT_DEFS_H
-#define _CC_CRYPTO_BOOT_DEFS_H
-
-/*! @file
-@brief This file contains SBROM definitions
-*/
-
-/*! Version counters value. */
-typedef enum {
-
- CC_SW_VERSION_COUNTER1 = 1, /*!< Counter 1 - trusted version. */
- CC_SW_VERSION_COUNTER2, /*!< Counter 2 - non trusted version. */
-
- CC_SW_VERSION_MAX = 0x7FFFFFFF
-
-} CCSbSwVersionId_t;
-
-/* HASH boot key definition */
-typedef enum {
- CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< 128-bit truncated SHA256 digest of public key 0. */
- CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< 128-bit truncated SHA256 digest of public key 1. */
- CC_SB_HASH_BOOT_KEY_256B = 2, /*!< 256-bit SHA256 digest of public key. */
- CC_SB_HASH_BOOT_NOT_USED = 0xFF,
- CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!\internal use external 128-bit truncated SHA256 digest */
-} CCSbPubKeyIndexType_t;
-
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/cc_pal_sb_plat.h b/include/drivers/arm/cryptocell/712/cc_pal_sb_plat.h
deleted file mode 100644
index 212a710..0000000
--- a/include/drivers/arm/cryptocell/712/cc_pal_sb_plat.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/*!
-@file
-@brief This file contains the platform-dependent definitions that are used in the SBROM code.
-*/
-
-#ifndef _CC_PAL_SB_PLAT_H
-#define _CC_PAL_SB_PLAT_H
-
-#include "cc_pal_types.h"
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
-typedef uint64_t CCDmaAddr_t;
-/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
-typedef uintptr_t CCAddr_t;
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/cc_pal_types.h b/include/drivers/arm/cryptocell/712/cc_pal_types.h
deleted file mode 100644
index 8c09b23..0000000
--- a/include/drivers/arm/cryptocell/712/cc_pal_types.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef CC_PAL_TYPES_H
-#define CC_PAL_TYPES_H
-
-/*!
-@file
-@brief This file contains platform-dependent definitions and types.
-*/
-
-#include "cc_pal_types_plat.h"
-
-typedef enum {
- CC_FALSE = 0,
- CC_TRUE = 1
-} CCBool;
-
-#define CC_SUCCESS 0UL
-#define CC_FAIL 1UL
-
-#define CC_1K_SIZE_IN_BYTES 1024
-#define CC_BITS_IN_BYTE 8
-#define CC_BITS_IN_32BIT_WORD 32
-#define CC_32BIT_WORD_SIZE (sizeof(uint32_t))
-
-#define CC_OK CC_SUCCESS
-
-#define CC_UNUSED_PARAM(prm) ((void)prm)
-
-#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
-
-#define CALC_FULL_BYTES(numBits) (((numBits) + (CC_BITS_IN_BYTE - 1))/CC_BITS_IN_BYTE)
-#define CALC_FULL_32BIT_WORDS(numBits) (((numBits) + (CC_BITS_IN_32BIT_WORD - 1))/CC_BITS_IN_32BIT_WRD)
-#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) (((sizeBytes) + CC_32BIT_WORD_SIZE - 1)/CC_32BIT_WORD_SIZE)
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/cc_pal_types_plat.h b/include/drivers/arm/cryptocell/712/cc_pal_types_plat.h
deleted file mode 100644
index f6d41d7..0000000
--- a/include/drivers/arm/cryptocell/712/cc_pal_types_plat.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/*! @file
-@brief This file contains basic type definitions that are platform-dependent.
-*/
-#ifndef _CC_PAL_TYPES_PLAT_H
-#define _CC_PAL_TYPES_PLAT_H
-/* Host specific types for standard (ISO-C99) compliant platforms */
-
-#include <stddef.h>
-#include <stdint.h>
-
-typedef uint32_t CCStatus;
-
-#define CCError_t CCStatus
-#define CC_INFINITE 0xFFFFFFFF
-
-#define CEXPORT_C
-#define CIMPORT_C
-
-#endif /*_CC_PAL_TYPES_PLAT_H*/
diff --git a/include/drivers/arm/cryptocell/712/cc_sec_defs.h b/include/drivers/arm/cryptocell/712/cc_sec_defs.h
deleted file mode 100644
index d419218..0000000
--- a/include/drivers/arm/cryptocell/712/cc_sec_defs.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_SEC_DEFS_H
-#define _CC_SEC_DEFS_H
-
-/*!
-@file
-@brief This file contains general hash definitions and types.
-*/
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! The hashblock size in words. */
-#define HASH_BLOCK_SIZE_IN_WORDS 16
-/*! The hash - SHA2 results in words. */
-#define HASH_RESULT_SIZE_IN_WORDS 8
-#define HASH_RESULT_SIZE_IN_BYTES 32
-
-/*! Definition for hash result array. */
-typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/crypto_driver.h b/include/drivers/arm/cryptocell/712/crypto_driver.h
deleted file mode 100644
index 18104dd..0000000
--- a/include/drivers/arm/cryptocell/712/crypto_driver.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CRYPTO_DRIVER_H
-#define _CRYPTO_DRIVER_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_sb_plat.h"
-#include "cc_sec_defs.h"
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-/*!
- * @brief This function gives the functionality of integrated hash
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- * @param[out] hashResult - the HASH result.
- *
- */
-CCError_t SBROM_CryptoHash(unsigned long hwBaseAddress, CCDmaAddr_t inputDataAddr, uint32_t BlockSize,
- CCHashResult_t hashResult);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/nvm.h b/include/drivers/arm/cryptocell/712/nvm.h
deleted file mode 100644
index a70289f..0000000
--- a/include/drivers/arm/cryptocell/712/nvm.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _NVM__H
-#define _NVM__H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_crypto_boot_defs.h"
-#include "cc_pal_types.h"
-#include "cc_sec_defs.h"
-
-/*------------------------------------
- DEFINES
--------------------------------------*/
-
-/**
- * @brief This function reads the LCS from the SRAM/NVM
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in/out] lcs_ptr - pointer to memory to store the LCS
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-CCError_t NVM_GetLCS(unsigned long hwBaseAddress, uint32_t *lcs_ptr);
-
-/**
- * @brief The NVM_ReadHASHPubKey function is a NVM interface function -
- * The function retrieves the HASH of the device Public key from the SRAM/NVM
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in] pubKeyIndex - Index of HASH in the OTP
- *
- * @param[out] PubKeyHASH - the public key HASH.
- *
- * @param[in] hashSizeInWords - hash size (valid values: 4W, 8W)
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-
-CCError_t NVM_ReadHASHPubKey(unsigned long hwBaseAddress, CCSbPubKeyIndexType_t pubKeyIndex, CCHashResult_t PubKeyHASH, uint32_t hashSizeInWords);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/nvm_otp.h b/include/drivers/arm/cryptocell/712/nvm_otp.h
deleted file mode 100644
index 390d62b..0000000
--- a/include/drivers/arm/cryptocell/712/nvm_otp.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _NVM_OTP_H
-#define _NVM_OTP_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_crypto_boot_defs.h"
-#include "cc_pal_types.h"
-
-/*------------------------------------
- DEFINES
--------------------------------------*/
-
-
-
-/**
- * @brief The NVM_GetSwVersion function is a NVM interface function -
- * The function retrieves the SW version from the SRAM/NVM.
- * In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in] counterId - relevant only for OTP (valid values: 1,2)
- *
- * @param[out] swVersion - the minimum SW version
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-CCError_t NVM_GetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t *swVersion);
-
-
-/**
- * @brief The NVM_SetSwVersion function is a NVM interface function -
- * The function writes the SW version into the SRAM/NVM.
- * In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in] counterId - relevant only for OTP (valid values: 1,2)
- *
- * @param[in] swVersion - the minimum SW version
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-CCError_t NVM_SetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t swVersion);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/rsa.h b/include/drivers/arm/cryptocell/712/rsa.h
deleted file mode 100644
index 825214d..0000000
--- a/include/drivers/arm/cryptocell/712/rsa.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef RSA_H
-#define RSA_H
-
-/*
- * All the includes that are needed for code using this module to
- * compile correctly should be #included here.
- */
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-
-/************************ Defines ******************************/
-
-/* the modulus size in bits */
-#if (KEY_SIZE == 2048)
-#define RSA_MOD_SIZE_IN_BITS 2048UL
-#elif (KEY_SIZE == 3072)
-#define RSA_MOD_SIZE_IN_BITS 3072UL
-#else
-#error Unsupported CryptoCell key size requested
-#endif
-
-#define RSA_MOD_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_MOD_SIZE_IN_BITS))
-#define RSA_MOD_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_MOD_SIZE_IN_BITS))
-#define RSA_MOD_SIZE_IN_256BITS (RSA_MOD_SIZE_IN_WORDS/8)
-#define RSA_EXP_SIZE_IN_BITS 17UL
-#define RSA_EXP_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_EXP_SIZE_IN_BITS))
-
-/*
- * @brief The RSA_CalcNp calculates Np value and saves it into Np_ptr:
- *
- *
-
- * @param[in] hwBaseAddress - HW base address. Relevant for HW
- * implementation, for SW it is ignored.
- * @N_ptr[in] - The pointer to the modulus buffer.
- * @Np_ptr[out] - pointer to Np vector buffer. Its size must be >= 160.
- */
-void RSA_CalcNp(unsigned long hwBaseAddress,
- uint32_t *N_ptr,
- uint32_t *Np_ptr);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/sbrom_bsv_api.h b/include/drivers/arm/cryptocell/712/sbrom_bsv_api.h
deleted file mode 100644
index de83546..0000000
--- a/include/drivers/arm/cryptocell/712/sbrom_bsv_api.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _SBROM_BSV_API_H
-#define _SBROM_BSV_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! @file
-@brief This file contains all SBROM library APIs and definitions.
-*/
-#include "cc_pal_types.h"
-
-/* Life cycle state definitions */
-#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< CM lifecycle value. */
-#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< DM lifecycle value. */
-#define CC_BSV_SECURITY_DISABLED_LCS 0x3 /*!< SD lifecycle value. */
-#define CC_BSV_SECURE_LCS 0x5 /*!< Secure lifecycle value. */
-#define CC_BSV_RMA_LCS 0x7 /*!< RMA lifecycle value. */
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/*!
-@brief This function should be the first ARM TrustZone CryptoCell TEE SBROM library API called.
-It verifies the HW product and version numbers.
-
-@return CC_OK On success.
-@return A non-zero value from sbrom_bsv_error.h on failure.
-*/
-CCError_t CC_BsvSbromInit(
- unsigned long hwBaseAddress /*!< [in] HW registers base address. */
- );
-
-
-/*!
-@brief This function can be used for checking the LCS value, after CC_BsvLcsGetAndInit was called by the Boot ROM.
-
-@return CC_OK On success.
-@return A non-zero value from sbrom_bsv_error.h on failure.
-*/
-CCError_t CC_BsvLcsGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- uint32_t *pLcs /*!< [out] Returned lifecycle state. */
- );
-
-/*!
-@brief This function retrieves the HW security lifecycle state, performs validity checks,
-and additional initializations in case the LCS is RMA (sets the Kce to fixed value).
-\note Invalid LCS results in an error returned.
-In this case, the customer's code must completely disable the device.
-
-@return CC_OK On success.
-@return A non-zero value from sbrom_bsv_error.h on failure.
-*/
-CCError_t CC_BsvLcsGetAndInit(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- uint32_t *pLcs /*!< [out] Returned lifecycle state. */
- );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/secureboot_base_func.h b/include/drivers/arm/cryptocell/712/secureboot_base_func.h
deleted file mode 100644
index 6db596e..0000000
--- a/include/drivers/arm/cryptocell/712/secureboot_base_func.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _SECURE_BOOT_BASE_FUNC_H
-#define _SECURE_BOOT_BASE_FUNC_H
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-#include "secureboot_gen_defs.h"
-
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/**
- * @brief This function calculates the HASH over the given data and than verify
- * RSA signature on that hashed data
- *
- * @param[in] hwBaseAddr - CryptoCell base address
- * @param[in] pData - pointer to the data to be verified
- * @param[in] pNParams - a pointer to the public key parameters
- * @param[in] pSignature - a pointer to the signature structure
- * @param[in] sizeOfData - size of the data to calculate the HASH on (in bytes)
- * @param[in] RSAAlg - RSA algorithm to use
- *
- * @return CCError_t - On success the value CC_OK is returned,
- * on failure - a value from BootImagesVerifier_error.h
- */
-CCError_t CCSbVerifySignature(unsigned long hwBaseAddress,
- uint32_t *pData,
- CCSbNParams_t *pNParams,
- CCSbSignature_t *pSignature,
- uint32_t sizeOfData,
- CCSbRsaAlg_t RSAAlg);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h b/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h
deleted file mode 100644
index ed1f283..0000000
--- a/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _SECURE_BOOT_GEN_DEFS_H
-#define _SECURE_BOOT_GEN_DEFS_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! @file
-@brief This file contains all of the definitions and structures that are used for the secure boot.
-*/
-
-#include "cc_pal_sb_plat.h"
-#include "cc_sec_defs.h"
-
-
-/* General definitions */
-/***********************/
-
-/*RSA definitions*/
-#if (KEY_SIZE == 2048)
-#define SB_RSA_MOD_SIZE_IN_WORDS 64
-#elif (KEY_SIZE == 3072)
-#define SB_RSA_MOD_SIZE_IN_WORDS 96
-#else
-#error Unsupported CryptoCell key size requested
-#endif
-
-#define SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS 5
-
-
-/*! Public key data structure. */
-typedef struct {
- uint32_t N[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< N public key, big endian representation. */
- uint32_t Np[SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS]; /*!< Np (Barrett n' value). */
-} CCSbNParams_t;
-
-/*! Signature structure. */
-typedef struct {
- uint32_t sig[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< RSA PSS signature. */
-} CCSbSignature_t;
-
-
-/********* Supported algorithms definitions ***********/
-
-/*! RSA supported algorithms */
-/* Note: this applies to either 2k or 3k based on CryptoCell SBROM library
- * version - it means 2k in version 1 and 3k in version 2 (yes, really).
- */
-typedef enum {
- RSA_PSS = 0x01, /*!< RSA PSS after hash SHA 256 */
- RSA_PKCS15 = 0x02, /*!< RSA PKX15 */
- RSA_Last = 0x7FFFFFFF
-} CCSbRsaAlg_t;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/util.h b/include/drivers/arm/cryptocell/712/util.h
deleted file mode 100644
index 18fb599..0000000
--- a/include/drivers/arm/cryptocell/712/util.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef UTIL_H
-#define UTIL_H
-
-/*
- * All the includes that are needed for code using this module to
- * compile correctly should be #included here.
- */
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/************************ Defines ******************************/
-
-/* invers the bytes on a word- used for output from HASH */
-#ifdef BIG__ENDIAN
-#define UTIL_INVERSE_UINT32_BYTES(val) (val)
-#else
-#define UTIL_INVERSE_UINT32_BYTES(val) \
- (((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
-#endif
-
-/* invers the bytes on a word - used for input data for HASH */
-#ifdef BIG__ENDIAN
-#define UTIL_REVERT_UINT32_BYTES(val) \
- (((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
-#else
-#define UTIL_REVERT_UINT32_BYTES(val) (val)
-#endif
-
- /* ------------------------------------------------------------
- **
- * @brief This function executes a reverse bytes copying from one buffer to another buffer.
- *
- * @param[in] dst_ptr - The pointer to destination buffer.
- * @param[in] src_ptr - The pointer to source buffer.
- * @param[in] size - The size in bytes.
- *
- */
-
-void UTIL_ReverseMemCopy(uint8_t *dst_ptr, uint8_t *src_ptr, uint32_t size);
-
-
- /* ------------------------------------------------------------
- **
- * @brief This function executes a reversed byte copy on a specified buffer.
- *
- * on a 6 byte byffer:
- *
- * buff[5] <---> buff[0]
- * buff[4] <---> buff[1]
- * buff[3] <---> buff[2]
- *
- * @param[in] dst_ptr - The counter buffer.
- * @param[in] src_ptr - The counter size in bytes.
- *
- */
-void UTIL_ReverseBuff(uint8_t *buff_ptr, uint32_t size);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/713/bsv_api.h b/include/drivers/arm/cryptocell/713/bsv_api.h
deleted file mode 100644
index dc49473..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_api.h
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_API_H
-#define _BSV_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file contains the Boot Services APIs and definitions.
-
-@defgroup cc_bsv_api CryptoCell Boot Services APIs and definitions
-@{
-@ingroup cc_bsv
-*/
-
-#include "cc_pal_types.h"
-#include "cc_sec_defs.h"
-#include "cc_boot_defs.h"
-
-/* Life cycle state definitions. */
-#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< The CM life-cycle state (LCS) value. */
-#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< The DM life-cycle state (LCS) value. */
-#define CC_BSV_SECURE_LCS 0x5 /*!< The Secure life-cycle state (LCS) value. */
-#define CC_BSV_RMA_LCS 0x7 /*!< The RMA life-cycle state (LCS) value. */
-#define CC_BSV_INVALID_LCS 0xff /*!< The invalid life-cycle state (LCS) value. */
-
-/*----------------------------
- TYPES
------------------------------------*/
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-
-/*!
-@brief This function verifies the product and version numbers of the HW, and initializes it.
-
-\warning This function must be the first CryptoCell-7xx SBROM library API called.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvInit(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-
-/*!
-@brief This function retrieves the HW LCS and performs validity checks.
-
-If the LCS is RMA, it also sets the OTP secret keys to a fixed value.
-
-@note An error is returned if there is an invalid LCS. If this happens, your code must
-completely disable the device.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvGetAndInitLcs(
- unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- uint32_t *pLcs /*!< [out] The value of the current LCS. */
- );
-
-/*!
-@brief This function retrieves the LCS from the NVM manager.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvLcsGet(
- unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- uint32_t *pLcs /*!< [out] The value of the current LCS. */
- );
-
-/*!
-@brief This function reads software revocation counter from OTP memory, according to the provided sw version index.
-SW version is stored in NVM counter and represented by ones. Meaning seVersion=5 would be stored as binary 0b11111;
-hence:
- the maximal of trusted is 32
- the maximal of non-trusted is 224
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSwVersionGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCSbSwVersionId_t id, /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
- uint32_t *swVersion /*!< [out] The value of the requested counter as read from OTP memory. */
- );
-
-/*!
-@brief This function sets the NVM counter according to swVersionID (trusted/non-trusted).
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSwVersionSet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCSbSwVersionId_t id, /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
- uint32_t swVersion /*!< [in] New value of the counter to be programmed in OTP memory. */
- );
-
-/*!
-@brief This function sets the "fatal error" flag in the NVM manager, to disable the use of
-any HW keys or security services.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvFatalErrorSet(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-
-/*!
-@brief This function retrieves the public key hash from OTP memory, according to the provided index.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvPubKeyHashGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCSbPubKeyIndexType_t keyIndex, /*!< [in] Enumeration defining the key hash to retrieve: 128-bit HBK0, 128-bit HBK1, or 256-bit HBK. */
- uint32_t *hashedPubKey, /*!< [out] A buffer to contain the public key HASH. */
- uint32_t hashResultSizeWords /*!< [in] The size of the hash in 32-bit words:
- - Must be 4 for 128-bit hash.
- - Must be 8 for 256bit hash. */
- );
-
-/*!
-@brief This function permanently sets the RMA LCS for the ICV and the OEM.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvRMAModeEnable(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-
-/*!
-@brief This function is called by the ICV code, to disable the OEM code from changing the ICV RMA bit flag.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvICVRMAFlagBitLock(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-
-/*!
-@brief This function locks the defined ICV class keys from further usage.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvICVKeyLock(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCBool_t isICVProvisioningKeyLock, /*!< [in] Should the provisioning key be locked. */
- CCBool_t isICVCodeEncKeyLock /*!< [in] Should the encryption key be locked. */
- );
-
-
-/*!
-@brief This function retrieves the value of "secure disable" bit.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSecureDisableGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCBool_t *isSDEnabled /*!< [out] The value of the SD Enable bit. */
- );
-
-
-/*!
-@brief This function derives the platform key (Kplt) from the Kpicv, and then decrypts the customer key (Kcst)
-from the EKcst (burned in the OTP). The decryption is done only in Secure and RMA LCS mode using AES-ECB.
-The customer ROM should invoke this function during early boot, prior to running any non-ROM code, only if Kcst exists.
-The resulting Kcst is saved in a HW register.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvCustomerKeyDecrypt(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-#ifdef __cplusplus
-}
-#endif
-
-/*!
-@brief This function derives the unique SoC_ID for the device, as hashed (Hbk || AES_CMAC (HUK)).
-
-@note SoC_ID is required to create debug certificates.
-
-The OEM or ICV must provide a method for a developer to discover the SoC_ID of a target
-device without having to first enable debugging.
-One suggested implementation is to have the device ROM code compute the SoC_ID and place
-it in a specific location in the flash memory, from where it can be accessed by the developer.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSocIDCompute(
- unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- CCHashResult_t hashResult /*!< [out] The derived SoC_ID. */
- );
-
-#endif /* _BSV_API_H */
-
-/**
-@}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/bsv_crypto_api.h b/include/drivers/arm/cryptocell/713/bsv_crypto_api.h
deleted file mode 100644
index 1e60579..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_crypto_api.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_CRYPTO_API_H
-#define _BSV_CRYPTO_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file contains the cryptographic ROM APIs of the Boot Services.
-
-@defgroup cc_bsv_crypto_api CryptoCell Boot Services cryptographic ROM APIs
-@{
-@ingroup cc_bsv
-*/
-
-#include "cc_pal_types.h"
-#include "cc_sec_defs.h"
-#include "cc_address_defs.h"
-#include "bsv_crypto_defs.h"
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/*!
-@brief This function calculates the SHA-256 digest over contiguous memory
-in an integrated operation.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSha256(
- unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- uint8_t *pDataIn, /*!< [in] A pointer to the input buffer to be hashed. The buffer must be contiguous. */
- size_t dataSize, /*!< [in] The size of the data to be hashed, in bytes. */
- CCHashResult_t hashBuff /*!< [out] A pointer to a word-aligned 32-byte buffer. */
- );
-
-
-/*!
-@brief This function allows you to calculate SHA256 digest of an image with decryption base on AES-CTR,
-with HW or user key.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure. (in this case, hashBuff will be returned clean, while the output data should be cleaned by the user).
-*/
-CCError_t CC_BsvCryptoImageDecrypt( unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- CCBsvflowMode_t flow, /*!< [in] The supported operations are: HASH, AES to HASH, AES and HASH. */
- CCBsvKeyType_t keyType, /*!< [in] The key type to use: Kce, Kceicv, or user key. */
- uint8_t *pUserKey, /*!< [in] A pointer to the user key buffer in case keyType is CC_BSV_USER_KEY. */
- size_t userKeySize, /*!< [in] The user key size in bytes (128bits) in case keyType is CC_BSV_USER_KEY. */
- uint8_t *pIvBuf, /*!< [in] A pointer to the IV / counter buffer. */
- uint8_t *pInputData, /*!< [in] A pointer to the input data. */
- uint8_t *pOutputData, /*!< [out] A pointer to the output buffer. (optional – should be null in case of hash only). */
- size_t dataSize, /*!< [in] The size of the input data in bytes. MUST be multiple of AES block size. */
- CCHashResult_t hashBuff /*!< [out] A pointer to a word-aligned 32-byte digest output buffer. */
- );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h b/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h
deleted file mode 100644
index 406e1ef..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_CRYPTO_ASYM_API_H
-#define _BSV_CRYPTO_ASYM_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file contains the cryptographic Asymmetric ROM APIs of the Boot Services.
-
-@defgroup cc_bsv_crypto_asym_api CryptoCell Boot Services cryptographic Asymmetric ROM APIs
-@{
-@ingroup cc_bsv
-*/
-
-#include "cc_pal_types.h"
-#include "cc_pka_hw_plat_defs.h"
-#include "cc_sec_defs.h"
-#include "bsv_crypto_api.h"
-
-/*! Defines the workspace size in bytes needed for internal Asymmetric operations. */
-#define BSV_RSA_WORKSPACE_MIN_SIZE (4*BSV_CERT_RSA_KEY_SIZE_IN_BYTES +\
- 2*RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES)
-
-/*! Definition for the RSA public modulus array. */
-typedef uint32_t CCBsvNBuff_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
-
-/*! Definition for the RSA Barrett mod tag array. */
-typedef uint32_t CCBsvNpBuff_t[RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES];
-
-/*! Definition for the RSA signature array. */
-typedef uint32_t CCBsvSignature_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
-
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/*!
-@brief This function performs the primitive operation of RSA, meaning exponent and modulus.
- outBuff = (pInBuff ^ Exp) mod NBuff. ( Exp = 0x10001 )
-
- The function supports 2k and 3K bit size of modulus, based on compile time define.
- There are no restriction on pInBuff location, however its size must be equal to BSV_RSA_KEY_SIZE_IN_BYTES and its
- value must be smaller than the modulus.
-
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvRsaPrimVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- CCBsvNBuff_t NBuff, /*!< [in] The modulus buffer big endian format. */
- CCBsvNpBuff_t NpBuff, /*!< [in] The barret tag buffer big endian format - optional. */
- uint32_t *pInBuff, /*!< [in] The DataIn buffer to be encrypted. */
- size_t inBuffSize, /*!< [in] The DataIn buffer size in bytes, must be BSV_RSA_KEY_SIZE_IN_BYTES. */
- CCBsvSignature_t pOutBuff, /*!< [out] The encrypted buffer in big endian format. */
- uint32_t *pWorkSpace, /*!< [in] The pointer to user allocated buffer for internal use. */
- size_t workBufferSize /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
-);
-
-
-/*!
-@brief This function performs RSA PSS verify.
-
- The function should support 2k and 3K bit size of modulus, based on compile time define.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvRsaPssVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- CCBsvNBuff_t NBuff, /*!< [in] The modulus buffer big endian format. */
- CCBsvNpBuff_t NpBuff, /*!< [in] The barret tag buffer big endian format - optional. */
- CCBsvSignature_t signature, /*!< [in] The signature buffer to verify - big endian format. */
- CCHashResult_t hashedData, /*!< [in] The data-in buffer to be verified as sha256 digest. */
- uint32_t *pWorkSpace, /*!< [in] The pointer to user allocated buffer for internal use. */
- size_t workBufferSize, /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
- CCBool_t *pIsVerified /*!< [out] The flag indicates whether the signature is verified or not.
- If verified value will be CC_TRUE, otherwise CC_FALSE */
-);
-
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h b/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h
deleted file mode 100644
index 9ea354d..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_CRYPTO_DEFS_H
-#define _BSV_CRYPTO_DEFS_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file contains the definitions of the cryptographic ROM APIs.
-
-@defgroup cc_bsv_crypto_defs CryptoCell Boot Services cryptographic ROM API definitions
-@{
-@ingroup cc_bsv
-*/
-
-/*! AES supported HW key code table. */
-typedef enum {
-
- CC_BSV_USER_KEY = 0, /*!< Definition for a user key. */
- CC_BSV_HUK_KEY = 1, /*!< Definition for the HW unique key. */
- CC_BSV_RTL_KEY = 2, /*!< Definition for the RTL key. */
- CC_BSV_SESSION_KEY = 3, /*!< Definition for the Session key. */
- CC_BSV_CE_KEY = 4, /*!< Definition for the Kce. */
- CC_BSV_PLT_KEY = 5, /*!< Definition for the Platform key. */
- CC_BSV_KCST_KEY = 6, /*!< Definition for Kcst. */
- CC_BSV_ICV_PROV_KEY = 0xd, /*!< Definition for the Kpicv. */
- CC_BSV_ICV_CE_KEY = 0xe, /*!< Definition for the Kceicv. */
- CC_BSV_PROV_KEY = 0xf, /*!< Definition for the Kcp. */
- CC_BSV_END_OF_KEY_TYPE = INT32_MAX, /*!< Reserved. */
-}CCBsvKeyType_t;
-
-/*! AES directions. */
-typedef enum bsvAesDirection {
- BSV_AES_DIRECTION_ENCRYPT = 0, /*!< Encrypt.*/
- BSV_AES_DIRECTION_DECRYPT = 1, /*!< Decrypt.*/
- BSV_AES_NUM_OF_ENCRYPT_MODES, /*!< The maximal number of operations. */
- BSV_AES_DIRECTION_RESERVE32B = INT32_MAX /*!< Reserved.*/
-}bsvAesDirection_t;
-
-/*! Definitions of the cryptographic flow supported as part of the Secure Boot. */
-typedef enum {
- CC_BSV_CRYPTO_HASH_MODE = 0, /*!< Hash mode only. */
- CC_BSV_CRYPTO_AES_CTR_AND_HASH_MODE = 1, /*!< Data goes into the AES and Hash engines. */
- CC_BSV_CRYPTO_AES_CTR_TO_HASH_MODE = 2 /*!< Data goes into the AES and from the AES to the Hash engine. */
-}CCBsvflowMode_t;
-
-/*! CryptoImage HW completion sequence mode */
-typedef enum
-{
- BSV_CRYPTO_COMPLETION_NO_WAIT = 0, /*!< The driver waits only before reading the output. */
- BSV_CRYPTO_COMPLETION_WAIT_UPON_END = 1 /*!< The driver waits after each chunk of data. */
-}bsvCryptoCompletionMode_t;
-
-
-/*! AES-CMAC result size, in words. */
-#define CC_BSV_CMAC_RESULT_SIZE_IN_WORDS 4 /* 128b */
-/*! AES-CMAC result size, in bytes. */
-#define CC_BSV_CMAC_RESULT_SIZE_IN_BYTES 16 /* 128b */
-/*! AES-CCM 128bit key size, in bytes. */
-#define CC_BSV_CCM_KEY_SIZE_BYTES 16
-/*! AES-CCM 128bit key size, in words. */
-#define CC_BSV_CCM_KEY_SIZE_WORDS 4
-/*! AES-CCM NONCE size, in bytes. */
-#define CC_BSV_CCM_NONCE_SIZE_BYTES 12
-
-
-/*! AES-CMAC result buffer. */
-typedef uint32_t CCBsvCmacResult_t[CC_BSV_CMAC_RESULT_SIZE_IN_WORDS];
-/*! AES-CCM key buffer.*/
-typedef uint32_t CCBsvCcmKey_t[CC_BSV_CCM_KEY_SIZE_WORDS];
-/*! AES-CCM nonce buffer.*/
-typedef uint8_t CCBsvCcmNonce_t[CC_BSV_CCM_NONCE_SIZE_BYTES];
-/*! AES-CCM MAC buffer.*/
-typedef uint8_t CCBsvCcmMacRes_t[CC_BSV_CMAC_RESULT_SIZE_IN_BYTES];
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/bsv_error.h b/include/drivers/arm/cryptocell/713/bsv_error.h
deleted file mode 100644
index 4d72e60..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_error.h
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_ERROR_H
-#define _BSV_ERROR_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file defines the error code types that are returned from the Boot Services APIs.
-
-@defgroup cc_bsv_error CryptoCell Boot Services error codes
-@{
-@ingroup cc_bsv
-*/
-
-/*! Defines the base address for Boot Services errors. */
-#define CC_BSV_BASE_ERROR 0x0B000000
-/*! Defines the base address for Boot Services cryptographic errors. */
-#define CC_BSV_CRYPTO_ERROR 0x0C000000
-
-/*! Illegal input parameter. */
-#define CC_BSV_ILLEGAL_INPUT_PARAM_ERR (CC_BSV_BASE_ERROR + 0x00000001)
-/*! Illegal HUK value. */
-#define CC_BSV_ILLEGAL_HUK_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000002)
-/*! Illegal Kcp value. */
-#define CC_BSV_ILLEGAL_KCP_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000003)
-/*! Illegal Kce value. */
-#define CC_BSV_ILLEGAL_KCE_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000004)
-/*! Illegal Kpicv value. */
-#define CC_BSV_ILLEGAL_KPICV_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000005)
-/*! Illegal Kceicv value. */
-#define CC_BSV_ILLEGAL_KCEICV_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000006)
-/*! Illegal EKcst value. */
-#define CC_BSV_ILLEGAL_EKCST_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000007)
-/*! Hash boot key not programmed in the OTP. */
-#define CC_BSV_HASH_NOT_PROGRAMMED_ERR (CC_BSV_BASE_ERROR + 0x00000008)
-/*! Illegal Hash boot key zero count in the OTP. */
-#define CC_BSV_HBK_ZERO_COUNT_ERR (CC_BSV_BASE_ERROR + 0x00000009)
-/*! Illegal LCS. */
-#define CC_BSV_ILLEGAL_LCS_ERR (CC_BSV_BASE_ERROR + 0x0000000A)
-/*! OTP write compare failure. */
-#define CC_BSV_OTP_WRITE_CMP_FAIL_ERR (CC_BSV_BASE_ERROR + 0x0000000B)
-/*! OTP access error */
-#define CC_BSV_OTP_ACCESS_ERR (CC_BSV_BASE_ERROR + 0x0000000C)
-/*! Erase key in OTP failed. */
-#define CC_BSV_ERASE_KEY_FAILED_ERR (CC_BSV_BASE_ERROR + 0x0000000D)
-/*! Illegal PIDR. */
-#define CC_BSV_ILLEGAL_PIDR_ERR (CC_BSV_BASE_ERROR + 0x0000000E)
-/*! Illegal CIDR. */
-#define CC_BSV_ILLEGAL_CIDR_ERR (CC_BSV_BASE_ERROR + 0x0000000F)
-/*! Device failed to move to fatal error state. */
-#define CC_BSV_FAILED_TO_SET_FATAL_ERR (CC_BSV_BASE_ERROR + 0x00000010)
-/*! Failed to set RMA LCS. */
-#define CC_BSV_FAILED_TO_SET_RMA_ERR (CC_BSV_BASE_ERROR + 0x00000011)
-/*! Illegal RMA indication. */
-#define CC_BSV_ILLEGAL_RMA_INDICATION_ERR (CC_BSV_BASE_ERROR + 0x00000012)
-/*! Boot Services version is not initialized. */
-#define CC_BSV_VER_IS_NOT_INITIALIZED_ERR (CC_BSV_BASE_ERROR + 0x00000013)
-/*! APB secure mode is locked. */
-#define CC_BSV_APB_SECURE_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000014)
-/*! APB privilege mode is locked. */
-#define CC_BSV_APB_PRIVILEG_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000015)
-/*! Illegal operation. */
-#define CC_BSV_ILLEGAL_OPERATION_ERR (CC_BSV_BASE_ERROR + 0x00000016)
-/*! Illegal asset size. */
-#define CC_BSV_ILLEGAL_ASSET_SIZE_ERR (CC_BSV_BASE_ERROR + 0x00000017)
-/*! Illegal asset value. */
-#define CC_BSV_ILLEGAL_ASSET_VAL_ERR (CC_BSV_BASE_ERROR + 0x00000018)
-/*! Kpicv is locked. */
-#define CC_BSV_KPICV_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000019)
-/*! Illegal SW version. */
-#define CC_BSV_ILLEGAL_SW_VERSION_ERR (CC_BSV_BASE_ERROR + 0x0000001A)
-/*! AO write operation. */
-#define CC_BSV_AO_WRITE_FAILED_ERR (CC_BSV_BASE_ERROR + 0x0000001B)
-/*! Chip state is already initialized. */
-#define CC_BSV_CHIP_INITIALIZED_ERR (CC_BSV_BASE_ERROR + 0x0000001C)
-/*! SP is not enabled. */
-#define CC_BSV_SP_NOT_ENABLED_ERR (CC_BSV_BASE_ERROR + 0x0000001D)
-/*! Production secure provisioning - header fields. */
-#define CC_BSV_PROD_PKG_HEADER_ERR (CC_BSV_BASE_ERROR + 0x0000001E)
-/*! Production secure provisioning - header MAC. */
-#define CC_BSV_PROD_PKG_HEADER_MAC_ERR (CC_BSV_BASE_ERROR + 0x0000001F)
-/*! Overrun buffer or size. */
-#define CC_BSV_OVERRUN_ERR (CC_BSV_BASE_ERROR + 0x00000020)
-/*! Kceicv is locked. */
-#define CC_BSV_KCEICV_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000021)
-/*! Chip indication is CHIP_STATE_ERROR. */
-#define CC_BSV_CHIP_INDICATION_ERR (CC_BSV_BASE_ERROR + 0x00000022)
-/*! Device is locked in fatal error state. */
-#define CC_BSV_FATAL_ERR_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000023)
-/*! Device has security disable feature enabled. */
-#define CC_BSV_SECURE_DISABLE_ERROR (CC_BSV_BASE_ERROR + 0x00000024)
-/*! Device has Kcst in disabled state */
-#define CC_BSV_KCST_DISABLE_ERROR (CC_BSV_BASE_ERROR + 0x00000025)
-
-
-/*! Illegal data-in pointer. */
-#define CC_BSV_CRYPTO_INVALID_DATA_IN_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000001)
-/*! Illegal data-out pointer. */
-#define CC_BSV_CRYPTO_INVALID_DATA_OUT_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000002)
-/*! Illegal data size. */
-#define CC_BSV_CRYPTO_INVALID_DATA_SIZE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000003)
-/*! Illegal key type. */
-#define CC_BSV_CRYPTO_INVALID_KEY_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000004)
-/*! Illegal key size. */
-#define CC_BSV_CRYPTO_INVALID_KEY_SIZE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000005)
-/*! Invalid key pointer. */
-#define CC_BSV_CRYPTO_INVALID_KEY_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000006)
-/*! Illegal key DMA type. */
-#define CC_BSV_CRYPTO_INVALID_KEY_DMA_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000007)
-/*! Illegal IV pointer. */
-#define CC_BSV_CRYPTO_INVALID_IV_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000008)
-/*! Illegal cipher mode. */
-#define CC_BSV_CRYPTO_INVALID_CIPHER_MODE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000009)
-/*! Illegal result buffer pointer. */
-#define CC_BSV_CRYPTO_INVALID_RESULT_BUFFER_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000A)
-/*! Invalid DMA type. */
-#define CC_BSV_CRYPTO_INVALID_DMA_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000B)
-/*! Invalid in/out buffers overlapping. */
-#define CC_BSV_CRYPTO_DATA_OUT_DATA_IN_OVERLAP_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000C)
-/*! Invalid KDF label size. */
-#define CC_BSV_CRYPTO_ILLEGAL_KDF_LABEL_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000D)
-/*! Invalid KDF Context size. */
-#define CC_BSV_CRYPTO_ILLEGAL_KDF_CONTEXT_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000E)
-/*! Invalid CCM key. */
-#define CC_BSV_CCM_INVALID_KEY_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000f)
-/*! Invalid CCM Nonce. */
-#define CC_BSV_CCM_INVALID_NONCE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000010)
-/*! Invalid CCM associated data. */
-#define CC_BSV_CCM_INVALID_ASSOC_DATA_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000011)
-/*! Invalid CCM text data. */
-#define CC_BSV_CCM_INVALID_TEXT_DATA_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000012)
-/*! Invalid CCM-MAC buffer. */
-#define CC_BSV_CCM_INVALID_MAC_BUF_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000013)
-/*! CCM-MAC comparison failed. */
-#define CC_BSV_CCM_TAG_LENGTH_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000014)
-/*! CCM-MAC comparison failed. */
-#define CC_BSV_CCM_MAC_INVALID_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000015)
-/*! Illegal flow mode. */
-#define CC_BSV_CRYPTO_INVALID_FLOW_MODE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000016)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
-
-
diff --git a/include/drivers/arm/cryptocell/713/cc_address_defs.h b/include/drivers/arm/cryptocell/713/cc_address_defs.h
deleted file mode 100644
index 0abc15c..0000000
--- a/include/drivers/arm/cryptocell/713/cc_address_defs.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_ADDRESS_DEFS_H
-#define _CC_ADDRESS_DEFS_H
-
-/*!
-@file
-@brief This file contains general definitions.
-*/
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-
-/************************ Defines ******************************/
-
-/**
- * Address types within CC
- */
-/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
-typedef uint64_t CCDmaAddr_t;
-/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
-typedef uint64_t CCAddr_t;
-/*! Definition of CC SRAM address type, can be 32 bits according to CryptoCell's HW. */
-typedef uint32_t CCSramAddr_t;
-
-/*
- * CCSramAddr_t is being cast into pointer type which can be 64 bit.
- */
-/*! Definition of MACRO that casts SRAM addresses to pointer types. */
-#define CCSramAddr2Ptr(sramAddr) ((uintptr_t)sramAddr)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
- @}
- */
-
-
diff --git a/include/drivers/arm/cryptocell/713/cc_boot_defs.h b/include/drivers/arm/cryptocell/713/cc_boot_defs.h
deleted file mode 100644
index 4d29a6d..0000000
--- a/include/drivers/arm/cryptocell/713/cc_boot_defs.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_BOOT_DEFS_H
-#define _CC_BOOT_DEFS_H
-
-/*!
- @file
- @brief This file contains general definitions of types and enums of Boot APIs.
- */
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! Version counters value. */
-typedef enum {
-
- CC_SW_VERSION_TRUSTED = 0, /*!< Trusted counter. */
- CC_SW_VERSION_NON_TRUSTED, /*!< Non trusted counter. */
- CC_SW_VERSION_MAX = 0x7FFFFFFF /*!< Reserved */
-} CCSbSwVersionId_t;
-
-/*! The hash boot key definition. */
-typedef enum {
- CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< Hbk0: 128-bit truncated SHA-256 digest of PubKB0. Used by ICV */
- CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< Hbk1: 128-bit truncated SHA-256 digest of PubKB1. Used by OEM */
- CC_SB_HASH_BOOT_KEY_256B = 2, /*!< Hbk: 256-bit SHA-256 digest of public key. */
- CC_SB_HASH_BOOT_NOT_USED = 0xF, /*!< Hbk is not used. */
- CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!< Reserved. */
-} CCSbPubKeyIndexType_t;
-
-/*! Chip state. */
-typedef enum {
- CHIP_STATE_NOT_INITIALIZED = 0, /*! Chip is not initialized. */
- CHIP_STATE_TEST = 1, /*! Chip is in Production state. */
- CHIP_STATE_PRODUCTION = 2, /*! Chip is in Production state. */
- CHIP_STATE_ERROR = 3, /*! Chip is in Error state. */
-} CCBsvChipState_t;
-#ifdef __cplusplus
-}
-#endif
-
-#endif /*_CC_BOOT_DEFS_H */
-
-/**
-@}
- */
diff --git a/include/drivers/arm/cryptocell/713/cc_pal_types.h b/include/drivers/arm/cryptocell/713/cc_pal_types.h
deleted file mode 100644
index 4ab3960..0000000
--- a/include/drivers/arm/cryptocell/713/cc_pal_types.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef CC_PAL_TYPES_H
-#define CC_PAL_TYPES_H
-
-/*!
-@file
-@brief This file contains platform-dependent definitions and types of the PAL layer.
-
-@defgroup cc_pal_types CryptoCell platform-dependent PAL layer definitions and types
-@{
-@ingroup cc_pal
-
- @{
- @ingroup cc_pal
- @}
-*/
-
-#include "cc_pal_types_plat.h"
-
-/*! Definition of Boolean type.*/
-typedef enum {
- /*! Boolean false.*/
- CC_FALSE = 0,
- /*! Boolean true.*/
- CC_TRUE = 1
-} CCBool_t;
-
-/*! Success. */
-#define CC_SUCCESS 0UL
-/*! Failure. */
-#define CC_FAIL 1UL
-
-/*! Success (OK). */
-#define CC_OK 0
-
-/*! This macro handles unused parameters in the code, to avoid compilation warnings. */
-#define CC_UNUSED_PARAM(prm) ((void)prm)
-
-/*! The maximal uint32 value.*/
-#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
-
-
-/* Minimal and Maximal macros */
-#ifdef min
-/*! Definition for minimal calculation. */
-#define CC_MIN(a,b) min( a , b )
-#else
-/*! Definition for minimal calculation. */
-#define CC_MIN( a , b ) ( ( (a) < (b) ) ? (a) : (b) )
-#endif
-
-#ifdef max
-/*! Definition for maximal calculation. */
-#define CC_MAX(a,b) max( a , b )
-#else
-/*! Definition for maximal calculation.. */
-#define CC_MAX( a , b ) ( ( (a) > (b) ) ? (a) : (b) )
-#endif
-
-/*! This macro calculates the number of full Bytes from bits, where seven bits are one Byte. */
-#define CALC_FULL_BYTES(numBits) ((numBits)/CC_BITS_IN_BYTE + (((numBits) & (CC_BITS_IN_BYTE-1)) > 0))
-/*! This macro calculates the number of full 32-bit words from bits where 31 bits are one word. */
-#define CALC_FULL_32BIT_WORDS(numBits) ((numBits)/CC_BITS_IN_32BIT_WORD + (((numBits) & (CC_BITS_IN_32BIT_WORD-1)) > 0))
-/*! This macro calculates the number of full 32-bit words from Bytes where three Bytes are one word. */
-#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) ((sizeBytes)/CC_32BIT_WORD_SIZE + (((sizeBytes) & (CC_32BIT_WORD_SIZE-1)) > 0))
-/*! This macro calculates the number of full 32-bit words from 64-bits dwords. */
-#define CALC_32BIT_WORDS_FROM_64BIT_DWORD(sizeWords) (sizeWords * CC_32BIT_WORD_IN_64BIT_DWORD)
-/*! This macro rounds up bits to 32-bit words. */
-#define ROUNDUP_BITS_TO_32BIT_WORD(numBits) (CALC_FULL_32BIT_WORDS(numBits) * CC_BITS_IN_32BIT_WORD)
-/*! This macro rounds up bits to Bytes. */
-#define ROUNDUP_BITS_TO_BYTES(numBits) (CALC_FULL_BYTES(numBits) * CC_BITS_IN_BYTE)
-/*! This macro rounds up bytes to 32-bit words. */
-#define ROUNDUP_BYTES_TO_32BIT_WORD(sizeBytes) (CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) * CC_32BIT_WORD_SIZE)
-/*! This macro calculates the number Bytes from words. */
-#define CALC_WORDS_TO_BYTES(numwords) ((numwords)*CC_32BIT_WORD_SIZE)
-/*! Definition of 1 KB in Bytes. */
-#define CC_1K_SIZE_IN_BYTES 1024
-/*! Definition of number of bits in a Byte. */
-#define CC_BITS_IN_BYTE 8
-/*! Definition of number of bits in a 32-bits word. */
-#define CC_BITS_IN_32BIT_WORD 32
-/*! Definition of number of Bytes in a 32-bits word. */
-#define CC_32BIT_WORD_SIZE 4
-/*! Definition of number of 32-bits words in a 64-bits dword. */
-#define CC_32BIT_WORD_IN_64BIT_DWORD 2
-
-
-#endif
-
-/**
-@}
- */
-
-
-
diff --git a/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h b/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h
deleted file mode 100644
index 0c102a0..0000000
--- a/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/*! @file
-@brief This file contains basic type definitions that are platform-dependent.
-*/
-#ifndef _CC_PAL_TYPES_PLAT_H
-#define _CC_PAL_TYPES_PLAT_H
-/* Host specific types for standard (ISO-C99) compliant platforms */
-
-#include <stddef.h>
-#include <stdint.h>
-
-typedef uint32_t CCStatus;
-
-#define CCError_t CCStatus
-#define CC_INFINITE 0xFFFFFFFF
-
-#define CEXPORT_C
-#define CIMPORT_C
-
-#endif /*_CC_PAL_TYPES_PLAT_H*/
diff --git a/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h b/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h
deleted file mode 100644
index 1a1bce0..0000000
--- a/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_PKA_HW_PLAT_DEFS_H
-#define _CC_PKA_HW_PLAT_DEFS_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-
-#include "cc_pal_types.h"
-/*!
-@file
-@brief Contains the enums and definitions that are used in the PKA code (definitions that are platform dependent).
-*/
-
-/*! The size of the PKA engine word. */
-#define CC_PKA_WORD_SIZE_IN_BITS 128
-
-/*! The maximal supported size of modulus in RSA in bits. */
-#define CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 4096
-/*! The maximal supported size of key-generation in RSA in bits. */
-#define CC_RSA_MAX_KEY_GENERATION_HW_SIZE_BITS 4096
-
-/*! Secure boot/debug certificate RSA public modulus key size in bits. */
-#if (KEY_SIZE == 3072)
- #define BSV_CERT_RSA_KEY_SIZE_IN_BITS 3072
-#else
- #define BSV_CERT_RSA_KEY_SIZE_IN_BITS 2048
-#endif
-/*! Secure boot/debug certificate RSA public modulus key size in bytes. */
-#define BSV_CERT_RSA_KEY_SIZE_IN_BYTES (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_BYTE)
-/*! Secure boot/debug certificate RSA public modulus key size in words. */
-#define BSV_CERT_RSA_KEY_SIZE_IN_WORDS (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD)
-
-/*! The maximal count of extra bits in PKA operations. */
-#define PKA_EXTRA_BITS 8
-/*! The number of memory registers in PKA operations. */
-#define PKA_MAX_COUNT_OF_PHYS_MEM_REGS 32
-
-/*! Size of buffer for Barrett modulus tag in words. */
-#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS 5
-/*! Size of buffer for Barrett modulus tag in bytes. */
-#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES (RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS*CC_32BIT_WORD_SIZE)
-
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif //_CC_PKA_HW_PLAT_DEFS_H
-
-/**
- @}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/cc_sec_defs.h b/include/drivers/arm/cryptocell/713/cc_sec_defs.h
deleted file mode 100644
index 8fb698f..0000000
--- a/include/drivers/arm/cryptocell/713/cc_sec_defs.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_SEC_DEFS_H
-#define _CC_SEC_DEFS_H
-
-/*!
-@file
-@brief This file contains general definitions and types.
-*/
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-
-/*! Hashblock size in words. */
-#define HASH_BLOCK_SIZE_IN_WORDS 16
-/*! Hash - SHA2 results in words. */
-#define HASH_RESULT_SIZE_IN_WORDS 8
-/*! Hash - SHA2 results in bytes. */
-#define HASH_RESULT_SIZE_IN_BYTES 32
-
-/*! Definition for hash result array. */
-typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
-
-/*! Definition for converting pointer to Host address. */
-#define CONVERT_TO_ADDR(ptr) (unsigned long)ptr
-
-/*! Definition for converting pointer to SRAM address. */
-#define CONVERT_TO_SRAM_ADDR(ptr) (0xFFFFFFFF & ptr)
-
-/*! The data size of the signed SW image, in bytes. */
-/*!\internal ContentCertImageRecord_t includes: HS(8W) + 64-b dstAddr(2W) + imgSize(1W) + isCodeEncUsed(1W) */
-#define SW_REC_SIGNED_DATA_SIZE_IN_BYTES 48
-
-/*! The data size of the unsigned SW image, in bytes. */
-/*!\internal CCSbSwImgAddData_t includes: 64-b srcAddr(2W)*/
-#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES 8
-
-/*! The additional data size - storage address and length of the unsigned SW image, in words. */
-#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_WORDS SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES/CC_32BIT_WORD_SIZE
-
-/*! The additional data section size, in bytes. */
-#define CC_SB_MAX_SIZE_ADDITIONAL_DATA_BYTES 128
-
-/*! Indication of whether or not to load the SW image to memory. */
-#define CC_SW_COMP_NO_MEM_LOAD_INDICATION 0xFFFFFFFFFFFFFFFFUL
-
-/*! Indication of product version, stored in certificate version field. */
-#define CC_SB_CERT_VERSION_PROJ_PRD 0x713
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
-
-
diff --git a/include/drivers/arm/cryptocell/cc_rotpk.h b/include/drivers/arm/cryptocell/cc_rotpk.h
deleted file mode 100644
index 9398496..0000000
--- a/include/drivers/arm/cryptocell/cc_rotpk.h
+++ /dev/null
@@ -1,13 +0,0 @@
-/*
- * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_ROTPK_H
-#define _CC_ROTPK_H
-
-int cc_get_rotpk_hash(unsigned char *dst, unsigned int len,
- unsigned int *flags);
-
-#endif
diff --git a/include/drivers/partition/gpt.h b/include/drivers/partition/gpt.h
index c2a229e..383c17d 100644
--- a/include/drivers/partition/gpt.h
+++ b/include/drivers/partition/gpt.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,10 +12,6 @@
#include <tools_share/uuid.h>
#define PARTITION_TYPE_GPT 0xee
-#define GPT_HEADER_OFFSET PLAT_PARTITION_BLOCK_SIZE
-#define GPT_ENTRY_OFFSET (GPT_HEADER_OFFSET + \
- PLAT_PARTITION_BLOCK_SIZE)
-
#define GPT_SIGNATURE "EFI PART"
typedef struct gpt_entry {
@@ -45,7 +41,7 @@
/* size of a single partition entry (usually 128) */
unsigned int part_size;
unsigned int part_crc;
-} gpt_header_t;
+} __packed gpt_header_t;
int parse_gpt_entry(gpt_entry_t *gpt_entry, partition_entry_t *entry);
diff --git a/include/drivers/partition/partition.h b/include/drivers/partition/partition.h
index 6cb59c3..d567d4c 100644
--- a/include/drivers/partition/partition.h
+++ b/include/drivers/partition/partition.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -29,7 +29,7 @@
#define LEGACY_PARTITION_BLOCK_SIZE 512
-#define DEFAULT_GPT_HEADER_SIZE 92
+#define LBA(n) ((unsigned long long)(n) * PLAT_PARTITION_BLOCK_SIZE)
typedef struct partition_entry {
uint64_t start;
@@ -50,5 +50,6 @@
const partition_entry_t *get_partition_entry_by_uuid(const uuid_t *part_uuid);
const partition_entry_list_t *get_partition_entry_list(void);
void partition_init(unsigned int image_id);
+int gpt_partition_init(void);
#endif /* PARTITION_H */
diff --git a/include/export/common/tbbr/tbbr_img_def_exp.h b/include/export/common/tbbr/tbbr_img_def_exp.h
index 98a0099..ce17b4a 100644
--- a/include/export/common/tbbr/tbbr_img_def_exp.h
+++ b/include/export/common/tbbr/tbbr_img_def_exp.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2019-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -79,41 +79,44 @@
/* NT_FW_CONFIG */
#define NT_FW_CONFIG_ID U(27)
-/* GPT Partition */
+/* GPT primary header and entries */
#define GPT_IMAGE_ID U(28)
+/* GPT backup header and entries */
+#define BKUP_GPT_IMAGE_ID U(29)
+
/* Binary with STM32 header */
-#define STM32_IMAGE_ID U(29)
+#define STM32_IMAGE_ID U(30)
/* Encrypted image identifier */
-#define ENC_IMAGE_ID U(30)
+#define ENC_IMAGE_ID U(31)
/* FW_CONFIG */
-#define FW_CONFIG_ID U(31)
+#define FW_CONFIG_ID U(32)
/*
* Primary FWU metadata image ID
*/
-#define FWU_METADATA_IMAGE_ID U(32)
+#define FWU_METADATA_IMAGE_ID U(33)
/*
* Backup FWU metadata image ID
*/
-#define BKUP_FWU_METADATA_IMAGE_ID U(33)
+#define BKUP_FWU_METADATA_IMAGE_ID U(34)
/* Realm Monitor Manager (RMM) */
-#define RMM_IMAGE_ID U(34)
+#define RMM_IMAGE_ID U(35)
/* CCA Content Certificate ID */
-#define CCA_CONTENT_CERT_ID U(35)
+#define CCA_CONTENT_CERT_ID U(36)
/* Core SWD Key Certificate ID */
-#define CORE_SWD_KEY_CERT_ID U(36)
+#define CORE_SWD_KEY_CERT_ID U(37)
/* Platform Key Certificate ID */
-#define PLAT_KEY_CERT_ID U(37)
+#define PLAT_KEY_CERT_ID U(38)
/* Max Images */
-#define MAX_IMAGE_IDS U(38)
+#define MAX_IMAGE_IDS U(39)
#endif /* ARM_TRUSTED_FIRMWARE_EXPORT_COMMON_TBBR_TBBR_IMG_DEF_EXP_H */
diff --git a/include/lib/cpus/aarch64/cortex_a78c.h b/include/lib/cpus/aarch64/cortex_a78c.h
index 301be69..d600eca 100644
--- a/include/lib/cpus/aarch64/cortex_a78c.h
+++ b/include/lib/cpus/aarch64/cortex_a78c.h
@@ -47,4 +47,9 @@
#define CORTEX_A78C_IMP_CPUPOR_EL3 S3_6_C15_C8_2
#define CORTEX_A78C_IMP_CPUPMR_EL3 S3_6_C15_C8_3
+/*******************************************************************************
+ * CPU Auxiliary Control register 5 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A78C_ACTLR5_EL1 S3_0_C15_C9_0
+
#endif /* CORTEX_A78C_H */
diff --git a/include/lib/cpus/aarch64/cortex_x3.h b/include/lib/cpus/aarch64/cortex_x3.h
index 04548ea..4a3ac77 100644
--- a/include/lib/cpus/aarch64/cortex_x3.h
+++ b/include/lib/cpus/aarch64/cortex_x3.h
@@ -47,4 +47,10 @@
#define CORTEX_X3_CPUECTLR2_EL1_PF_MODE_WIDTH U(4)
#define CORTEX_X3_CPUECTLR2_EL1_PF_MODE_CNSRV ULL(0x9)
+/*******************************************************************************
+ * CPU Auxiliary Control register 3 specific definitions.
+ ******************************************************************************/
+#define CORTEX_X3_CPUACTLR3_EL1 S3_0_C15_C1_2
+#define CORTEX_X3_CPUACTLR3_EL1_BIT_47 (ULL(1) << 47)
+
#endif /* CORTEX_X3_H */
diff --git a/include/lib/cpus/aarch64/neoverse_n2.h b/include/lib/cpus/aarch64/neoverse_n2.h
index 0d50854..b379fab 100644
--- a/include/lib/cpus/aarch64/neoverse_n2.h
+++ b/include/lib/cpus/aarch64/neoverse_n2.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -65,5 +65,8 @@
#define NEOVERSE_N2_CPUECTLR2_EL1_PF_MODE_CNSRV ULL(9)
#define CPUECTLR2_EL1_PF_MODE_LSB U(11)
#define CPUECTLR2_EL1_PF_MODE_WIDTH U(4)
+#define CPUECTLR2_EL1_TXREQ_STATIC_FULL ULL(0)
+#define CPUECTLR2_EL1_TXREQ_LSB U(0)
+#define CPUECTLR2_EL1_TXREQ_WIDTH U(3)
#endif /* NEOVERSE_N2_H */
diff --git a/include/lib/cpus/aarch64/neoverse_v1.h b/include/lib/cpus/aarch64/neoverse_v1.h
index d618994..1e2d7ea 100644
--- a/include/lib/cpus/aarch64/neoverse_v1.h
+++ b/include/lib/cpus/aarch64/neoverse_v1.h
@@ -47,5 +47,6 @@
#define NEOVERSE_V1_ACTLR5_EL1 S3_0_C15_C9_0
#define NEOVERSE_V1_ACTLR5_EL1_BIT_55 (ULL(1) << 55)
#define NEOVERSE_V1_ACTLR5_EL1_BIT_56 (ULL(1) << 56)
+#define NEOVERSE_V1_ACTLR5_EL1_BIT_61 (ULL(1) << 61)
#endif /* NEOVERSE_V1_H */
diff --git a/include/lib/cpus/aarch64/travis.h b/include/lib/cpus/aarch64/travis.h
new file mode 100644
index 0000000..a8a2556
--- /dev/null
+++ b/include/lib/cpus/aarch64/travis.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef TRAVIS_H
+#define TRAVIS_H
+
+#define TRAVIS_MIDR U(0x410FD8C0)
+
+/*******************************************************************************
+ * CPU Extended Control register specific definitions
+ ******************************************************************************/
+#define TRAVIS_IMP_CPUECTLR_EL1 S3_0_C15_C1_4
+
+/*******************************************************************************
+ * CPU Power Control register specific definitions
+ ******************************************************************************/
+#define TRAVIS_IMP_CPUPWRCTLR_EL1 S3_0_C15_C2_7
+#define TRAVIS_IMP_CPUPWRCTLR_EL1_CORE_PWRDN_EN_BIT U(1)
+
+/*******************************************************************************
+ * SME Control registers
+ ******************************************************************************/
+#define TRAVIS_SVCRSM S0_3_C4_C2_3
+#define TRAVIS_SVCRZA S0_3_C4_C4_3
+
+#endif /* TRAVIS_H */
diff --git a/include/lib/el3_runtime/aarch64/context.h b/include/lib/el3_runtime/aarch64/context.h
index ebd0e30..47d91de 100644
--- a/include/lib/el3_runtime/aarch64/context.h
+++ b/include/lib/el3_runtime/aarch64/context.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,7 @@
#ifndef CONTEXT_H
#define CONTEXT_H
+#include <lib/el3_runtime/cpu_data.h>
#include <lib/utils_def.h>
/*******************************************************************************
@@ -61,9 +62,23 @@
#define CTX_ELR_EL3 U(0x20)
#define CTX_PMCR_EL0 U(0x28)
#define CTX_IS_IN_EL3 U(0x30)
-#define CTX_CPTR_EL3 U(0x38)
-#define CTX_ZCR_EL3 U(0x40)
-#define CTX_EL3STATE_END U(0x50) /* Align to the next 16 byte boundary */
+#define CTX_MPAM3_EL3 U(0x38)
+/* Constants required in supporting nested exception in EL3 */
+#define CTX_SAVED_ELR_EL3 U(0x40)
+/*
+ * General purpose flag, to save various EL3 states
+ * FFH mode : Used to identify if handling nested exception
+ * KFH mode : Used as counter value
+ */
+#define CTX_NESTED_EA_FLAG U(0x48)
+#if FFH_SUPPORT
+ #define CTX_SAVED_ESR_EL3 U(0x50)
+ #define CTX_SAVED_SPSR_EL3 U(0x58)
+ #define CTX_SAVED_GPREG_LR U(0x60)
+ #define CTX_EL3STATE_END U(0x70) /* Align to the next 16 byte boundary */
+#else
+ #define CTX_EL3STATE_END U(0x50) /* Align to the next 16 byte boundary */
+#endif
/*******************************************************************************
* Constants that allow assembler code to access members of and the
@@ -323,6 +338,13 @@
#define CTX_PAUTH_REGS_END U(0)
#endif /* CTX_INCLUDE_PAUTH_REGS */
+/*******************************************************************************
+ * Registers initialised in a per-world context.
+ ******************************************************************************/
+#define CTX_CPTR_EL3 U(0x0)
+#define CTX_ZCR_EL3 U(0x8)
+#define CTX_GLOBAL_EL3STATE_END U(0x10)
+
#ifndef __ASSEMBLER__
#include <stdint.h>
@@ -433,6 +455,17 @@
#endif
} cpu_context_t;
+/*
+ * Per-World Context.
+ * It stores registers whose values can be shared across CPUs.
+ */
+typedef struct per_world_context {
+ uint64_t ctx_cptr_el3;
+ uint64_t ctx_zcr_el3;
+} per_world_context_t;
+
+extern per_world_context_t per_world_context[CPU_DATA_CONTEXT_NUM];
+
/* Macros to access members of the 'cpu_context_t' structure */
#define get_el3state_ctx(h) (&((cpu_context_t *) h)->el3state_ctx)
#if CTX_INCLUDE_FPREGS
diff --git a/include/lib/el3_runtime/context_mgmt.h b/include/lib/el3_runtime/context_mgmt.h
index aa76f3b..b2bdaf5 100644
--- a/include/lib/el3_runtime/context_mgmt.h
+++ b/include/lib/el3_runtime/context_mgmt.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -39,6 +39,7 @@
#ifdef __aarch64__
#if IMAGE_BL31
void cm_manage_extensions_el3(void);
+void manage_extensions_nonsecure_per_world(void);
#endif
#if CTX_INCLUDE_EL2_REGS
void cm_el2_sysregs_context_save(uint32_t security_state);
@@ -88,6 +89,7 @@
void *cm_get_next_context(void);
void cm_set_next_context(void *context);
static inline void cm_manage_extensions_el3(void) {}
+static inline void manage_extensions_nonsecure_per_world(void) {}
#endif /* __aarch64__ */
#endif /* CONTEXT_MGMT_H */
diff --git a/include/lib/extensions/amu.h b/include/lib/extensions/amu.h
index 09d8dee..a396b99 100644
--- a/include/lib/extensions/amu.h
+++ b/include/lib/extensions/amu.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -19,9 +19,11 @@
void amu_enable(cpu_context_t *ctx);
void amu_init_el3(void);
void amu_init_el2_unused(void);
+void amu_enable_per_world(per_world_context_t *per_world_ctx);
#else
void amu_enable(bool el2_unused);
-#endif
+#endif /* __aarch64__ */
+
#else
#if __aarch64__
void amu_enable(cpu_context_t *ctx)
@@ -33,12 +35,15 @@
void amu_init_el2_unused(void)
{
}
+void amu_enable_per_world(per_world_context_t *per_world_ctx)
+{
+}
#else
static inline void amu_enable(bool el2_unused)
{
}
-#endif
-#endif
+#endif /*__aarch64__ */
+#endif /* ENABLE_FEAT_AMU */
#if ENABLE_AMU_AUXILIARY_COUNTERS
/*
diff --git a/include/lib/extensions/mpam.h b/include/lib/extensions/mpam.h
index e5438ce..170f919 100644
--- a/include/lib/extensions/mpam.h
+++ b/include/lib/extensions/mpam.h
@@ -9,16 +9,18 @@
#include <stdbool.h>
-#if ENABLE_MPAM_FOR_LOWER_ELS
-void mpam_init_el3(void);
+#include <context.h>
+
+#if ENABLE_FEAT_MPAM
+void mpam_enable(cpu_context_t *context);
void mpam_init_el2_unused(void);
#else
-static inline void mpam_init_el3(void)
+static inline void mpam_enable(cpu_context_t *context)
{
}
static inline void mpam_init_el2_unused(void)
{
}
-#endif /* ENABLE_MPAM_FOR_LOWER_ELS */
+#endif /* ENABLE_FEAT_MPAM */
#endif /* MPAM_H */
diff --git a/include/lib/extensions/sme.h b/include/lib/extensions/sme.h
index dbefdfc..bd7948e 100644
--- a/include/lib/extensions/sme.h
+++ b/include/lib/extensions/sme.h
@@ -21,23 +21,31 @@
#define SME_SMCR_LEN_MAX U(0x1FF)
#if ENABLE_SME_FOR_NS
-void sme_enable(cpu_context_t *context);
void sme_init_el3(void);
void sme_init_el2_unused(void);
+void sme_enable(cpu_context_t *context);
void sme_disable(cpu_context_t *context);
+void sme_enable_per_world(per_world_context_t *per_world_ctx);
+void sme_disable_per_world(per_world_context_t *per_world_ctx);
#else
-static inline void sme_enable(cpu_context_t *context)
-{
-}
static inline void sme_init_el3(void)
{
}
static inline void sme_init_el2_unused(void)
{
}
+static inline void sme_enable(cpu_context_t *context)
+{
+}
static inline void sme_disable(cpu_context_t *context)
{
}
+static inline void sme_enable_per_world(per_world_context_t *per_world_ctx)
+{
+}
+static inline void sme_disable_per_world(per_world_context_t *per_world_ctx)
+{
+}
#endif /* ENABLE_SME_FOR_NS */
#endif /* SME_H */
diff --git a/include/lib/extensions/sve.h b/include/lib/extensions/sve.h
index fc76a16..947c905 100644
--- a/include/lib/extensions/sve.h
+++ b/include/lib/extensions/sve.h
@@ -10,17 +10,17 @@
#include <context.h>
#if (ENABLE_SME_FOR_NS || ENABLE_SVE_FOR_NS)
-void sve_enable(cpu_context_t *context);
void sve_init_el2_unused(void);
-void sve_disable(cpu_context_t *context);
+void sve_enable_per_world(per_world_context_t *per_world_ctx);
+void sve_disable_per_world(per_world_context_t *per_world_ctx);
#else
-static inline void sve_enable(cpu_context_t *context)
+static inline void sve_init_el2_unused(void)
{
}
-static inline void sve_init_el2_unused(void)
+static inline void sve_enable_per_world(per_world_context_t *per_world_ctx)
{
}
-static inline void sve_disable(cpu_context_t *context)
+static inline void sve_disable_per_world(per_world_context_t *per_world_ctx)
{
}
#endif /* ( ENABLE_SME_FOR_NS | ENABLE_SVE_FOR_NS ) */
diff --git a/include/lib/extensions/sys_reg_trace.h b/include/lib/extensions/sys_reg_trace.h
index beda88a..7004267 100644
--- a/include/lib/extensions/sys_reg_trace.h
+++ b/include/lib/extensions/sys_reg_trace.h
@@ -12,8 +12,8 @@
#if ENABLE_SYS_REG_TRACE_FOR_NS
#if __aarch64__
-void sys_reg_trace_enable(cpu_context_t *context);
-void sys_reg_trace_disable(cpu_context_t *context);
+void sys_reg_trace_enable_per_world(per_world_context_t *per_world_ctx);
+void sys_reg_trace_disable_per_world(per_world_context_t *per_world_ctx);
void sys_reg_trace_init_el2_unused(void);
#else
void sys_reg_trace_init_el3(void);
@@ -22,10 +22,10 @@
#else /* !ENABLE_SYS_REG_TRACE_FOR_NS */
#if __aarch64__
-static inline void sys_reg_trace_enable(cpu_context_t *context)
+static inline void sys_reg_trace_enable_per_world(per_world_context_t *per_world_ctx)
{
}
-static inline void sys_reg_trace_disable(cpu_context_t *context)
+static inline void sys_reg_trace_disable_per_world(per_world_context_t *per_world_ctx)
{
}
static inline void sys_reg_trace_init_el2_unused(void)
diff --git a/include/lib/libfdt/fdt.h b/include/lib/libfdt/fdt.h
index eb9edb7..c9acc0c 100644
--- a/include/lib/libfdt/fdt.h
+++ b/include/lib/libfdt/fdt.h
@@ -35,14 +35,14 @@
struct fdt_node_header {
fdt32_t tag;
- char name[0];
+ char name[];
};
struct fdt_property {
fdt32_t tag;
fdt32_t len;
fdt32_t nameoff;
- char data[0];
+ char data[];
};
#endif /* !__ASSEMBLER__*/
diff --git a/include/lib/libfdt/libfdt.h b/include/lib/libfdt/libfdt.h
index a7f432c..d0a2ed2 100644
--- a/include/lib/libfdt/libfdt.h
+++ b/include/lib/libfdt/libfdt.h
@@ -660,6 +660,13 @@
const struct fdt_property *fdt_get_property_by_offset(const void *fdt,
int offset,
int *lenp);
+static inline struct fdt_property *fdt_get_property_by_offset_w(void *fdt,
+ int offset,
+ int *lenp)
+{
+ return (struct fdt_property *)(uintptr_t)
+ fdt_get_property_by_offset(fdt, offset, lenp);
+}
/**
* fdt_get_property_namelen - find a property based on substring
diff --git a/include/plat/arm/common/aarch64/arm_macros.S b/include/plat/arm/common/aarch64/arm_macros.S
index d47e4e0..8aacfb0 100644
--- a/include/plat/arm/common/aarch64/arm_macros.S
+++ b/include/plat/arm/common/aarch64/arm_macros.S
@@ -39,11 +39,17 @@
* ---------------------------------------------
*/
.macro arm_print_gic_regs
- /* Check for GICv3 system register access */
+ /* Check for GICv3/v4 system register access.
+ * ID_AA64PFR0_GIC indicates presence of the CPU
+ * system registers by either 0b0011 or 0xb0001.
+ * A value of 0b000 means CPU system registers aren't
+ * available and the code needs to use the memory
+ * mapped registers like in GICv2.
+ */
mrs x7, id_aa64pfr0_el1
ubfx x7, x7, #ID_AA64PFR0_GIC_SHIFT, #ID_AA64PFR0_GIC_WIDTH
- cmp x7, #1
- b.ne print_gicv2
+ cmp x7, #0
+ b.eq print_gicv2
/* Check for SRE enable */
mrs x8, ICC_SRE_EL3
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index 314eb93..e098c10 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -196,16 +196,7 @@
ARM_AP_TZC_DRAM1_SIZE - 1U)
/* Define the Access permissions for Secure peripherals to NS_DRAM */
-#if ARM_CRYPTOCELL_INTEG
-/*
- * Allow Secure peripheral to read NS DRAM when integrated with CryptoCell.
- * This is required by CryptoCell to authenticate BL33 which is loaded
- * into the Non Secure DDR.
- */
-#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_RD
-#else
#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_NONE
-#endif
#ifdef SPD_opteed
/*
@@ -774,7 +765,7 @@
#define PLAT_PERCPU_BAKERY_LOCK_SIZE (1 * CACHE_WRITEBACK_GRANULE)
/* Priority levels for ARM platforms */
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
#define PLAT_RAS_PRI 0x10
#endif
#define PLAT_SDEI_CRITICAL_PRI 0x60
diff --git a/include/plat/arm/common/arm_sip_svc.h b/include/plat/arm/common/arm_sip_svc.h
index 025d10e..266092e 100644
--- a/include/plat/arm/common/arm_sip_svc.h
+++ b/include/plat/arm/common/arm_sip_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019,2021-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019,2021-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -35,4 +35,21 @@
#define ARM_SIP_SVC_VERSION_MAJOR U(0x0)
#define ARM_SIP_SVC_VERSION_MINOR U(0x2)
+/*
+ * Arm SiP SMC calls that are primarily used for testing purposes.
+ */
+#if PLAT_TEST_SPM
+#define ARM_SIP_SET_INTERRUPT_PENDING U(0x82000100)
+#endif
+
+/* SiP handler specific to each Arm platform. */
+uintptr_t plat_arm_sip_handler(uint32_t smc_fid,
+ u_register_t x1,
+ u_register_t x2,
+ u_register_t x3,
+ u_register_t x4,
+ void *cookie,
+ void *handle,
+ u_register_t flags);
+
#endif /* ARM_SIP_SVC_H */
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index c92121f..4d1b1c1 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -80,6 +80,20 @@
int plat_core_pos_by_mpidr(u_register_t mpidr);
int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size);
+/*******************************************************************************
+ * Simple routine to determine whether a mpidr is valid or not.
+ ******************************************************************************/
+static inline bool is_valid_mpidr(u_register_t mpidr)
+{
+ int pos = plat_core_pos_by_mpidr(mpidr);
+
+ if ((pos < 0) || ((unsigned int)pos >= PLATFORM_CORE_COUNT)) {
+ return false;
+ }
+
+ return true;
+}
+
#if STACK_PROTECTOR_ENABLED
/*
* Return a new value to be used for the stack protection's canary.
diff --git a/include/plat/nuvoton/common/npcm845x_arm_def.h b/include/plat/nuvoton/common/npcm845x_arm_def.h
index faddb88..5a44907 100644
--- a/include/plat/nuvoton/common/npcm845x_arm_def.h
+++ b/include/plat/nuvoton/common/npcm845x_arm_def.h
@@ -149,16 +149,7 @@
ARM_AP_TZC_DRAM1_SIZE - 1U)
/* Define the Access permissions for Secure peripherals to NS_DRAM */
-#if ARM_CRYPTOCELL_INTEG
-/*
- * Allow Secure peripheral to read NS DRAM when integrated with CryptoCell.
- * This is required by CryptoCell to authenticate BL33 which is loaded
- * into the Non Secure DDR.
- */
-#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_RD
-#else
#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_NONE
-#endif /* ARM_CRYPTOCELL_INTEG */
#ifdef SPD_opteed
/*
diff --git a/include/services/rmmd_svc.h b/include/services/rmmd_svc.h
index 55d778e..a567d28 100644
--- a/include/services/rmmd_svc.h
+++ b/include/services/rmmd_svc.h
@@ -91,6 +91,10 @@
#define E_RMM_NOMEM -4
#define E_RMM_INVAL -5
+/* Return error codes from RMI SMCs */
+#define RMI_SUCCESS 0
+#define RMI_ERROR_INPUT 1
+
/* Acceptable SHA sizes for Challenge object */
#define SHA256_DIGEST_SIZE 32U
#define SHA384_DIGEST_SIZE 48U
diff --git a/lib/compiler-rt/builtins/divmoddi4.c b/lib/compiler-rt/builtins/divmoddi4.c
index e7cbbb1..64bbb69 100644
--- a/lib/compiler-rt/builtins/divmoddi4.c
+++ b/lib/compiler-rt/builtins/divmoddi4.c
@@ -18,8 +18,8 @@
const int bits_in_dword_m1 = (int)(sizeof(di_int) * CHAR_BIT) - 1;
di_int s_a = a >> bits_in_dword_m1; // s_a = a < 0 ? -1 : 0
di_int s_b = b >> bits_in_dword_m1; // s_b = b < 0 ? -1 : 0
- a = (a ^ s_a) - s_a; // negate if s_a == -1
- b = (b ^ s_b) - s_b; // negate if s_b == -1
+ a = (du_int)(a ^ s_a) - s_a; // negate if s_a == -1
+ b = (du_int)(b ^ s_b) - s_b; // negate if s_b == -1
s_b ^= s_a; // sign of quotient
du_int r;
di_int q = (__udivmoddi4(a, b, &r) ^ s_b) - s_b; // negate if s_b == -1
diff --git a/lib/compiler-rt/builtins/int_lib.h b/lib/compiler-rt/builtins/int_lib.h
index fb791eb..04ea2d9 100644
--- a/lib/compiler-rt/builtins/int_lib.h
+++ b/lib/compiler-rt/builtins/int_lib.h
@@ -49,7 +49,7 @@
#define SYMBOL_NAME(name) XSTR(__USER_LABEL_PREFIX__) #name
#if defined(__ELF__) || defined(__MINGW32__) || defined(__wasm__) || \
- defined(_AIX)
+ defined(_AIX) || defined(__CYGWIN__)
#define COMPILER_RT_ALIAS(name, aliasname) \
COMPILER_RT_ABI __typeof(name) aliasname __attribute__((__alias__(#name)));
#elif defined(__APPLE__)
diff --git a/lib/compiler-rt/builtins/int_math.h b/lib/compiler-rt/builtins/int_math.h
index 48b9580..74d3e31 100644
--- a/lib/compiler-rt/builtins/int_math.h
+++ b/lib/compiler-rt/builtins/int_math.h
@@ -65,6 +65,11 @@
#define crt_copysign(x, y) __builtin_copysign((x), (y))
#define crt_copysignf(x, y) __builtin_copysignf((x), (y))
#define crt_copysignl(x, y) __builtin_copysignl((x), (y))
+#if __has_builtin(__builtin_copysignf128)
+#define crt_copysignf128(x, y) __builtin_copysignf128((x), (y))
+#elif __has_builtin(__builtin_copysignq) || (defined(__GNUC__) && __GNUC__ >= 7)
+#define crt_copysignf128(x, y) __builtin_copysignq((x), (y))
+#endif
#endif
#if defined(_MSC_VER) && !defined(__clang__)
@@ -75,6 +80,11 @@
#define crt_fabs(x) __builtin_fabs((x))
#define crt_fabsf(x) __builtin_fabsf((x))
#define crt_fabsl(x) __builtin_fabsl((x))
+#if __has_builtin(__builtin_fabsf128)
+#define crt_fabsf128(x) __builtin_fabsf128((x))
+#elif __has_builtin(__builtin_fabsq) || (defined(__GNUC__) && __GNUC__ >= 7)
+#define crt_fabsf128(x) __builtin_fabsq((x))
+#endif
#endif
#if defined(_MSC_VER) && !defined(__clang__)
diff --git a/lib/compiler-rt/builtins/int_types.h b/lib/compiler-rt/builtins/int_types.h
index e94d315..18bf0a7 100644
--- a/lib/compiler-rt/builtins/int_types.h
+++ b/lib/compiler-rt/builtins/int_types.h
@@ -165,16 +165,80 @@
#define HAS_80_BIT_LONG_DOUBLE 0
#endif
-#if CRT_HAS_FLOATING_POINT
+#if HAS_80_BIT_LONG_DOUBLE
+typedef long double xf_float;
typedef union {
uqwords u;
- long double f;
-} long_double_bits;
+ xf_float f;
+} xf_bits;
+#endif
+
+#ifdef __powerpc64__
+// From https://gcc.gnu.org/wiki/Ieee128PowerPC:
+// PowerPC64 uses the following suffixes:
+// IFmode: IBM extended double
+// KFmode: IEEE 128-bit floating point
+// TFmode: Matches the default for long double. With -mabi=ieeelongdouble,
+// it is IEEE 128-bit, with -mabi=ibmlongdouble IBM extended double
+// Since compiler-rt only implements the tf set of libcalls, we use long double
+// for the tf_float typedef.
+typedef long double tf_float;
+#define CRT_LDBL_128BIT
+#define CRT_HAS_F128
+#if __LDBL_MANT_DIG__ == 113 && !defined(__LONG_DOUBLE_IBM128__)
+#define CRT_HAS_IEEE_TF
+#define CRT_LDBL_IEEE_F128
+#endif
+#define TF_C(x) x##L
+#elif __LDBL_MANT_DIG__ == 113
+// Use long double instead of __float128 if it matches the IEEE 128-bit format.
+#define CRT_LDBL_128BIT
+#define CRT_HAS_F128
+#define CRT_HAS_IEEE_TF
+#define CRT_LDBL_IEEE_F128
+typedef long double tf_float;
+#define TF_C(x) x##L
+#elif defined(__FLOAT128__) || defined(__SIZEOF_FLOAT128__)
+#define CRT_HAS___FLOAT128_KEYWORD
+#define CRT_HAS_F128
+// NB: we assume the __float128 type uses IEEE representation.
+#define CRT_HAS_IEEE_TF
+typedef __float128 tf_float;
+#define TF_C(x) x##Q
+#endif
+
+#ifdef CRT_HAS_F128
+typedef union {
+ uqwords u;
+ tf_float f;
+} tf_bits;
+#endif
+// __(u)int128_t is currently needed to compile the *tf builtins as we would
+// otherwise need to manually expand the bit manipulation on two 64-bit value.
+#if defined(CRT_HAS_128BIT) && defined(CRT_HAS_F128)
+#define CRT_HAS_TF_MODE
+#endif
+
+#if CRT_HAS_FLOATING_POINT
#if __STDC_VERSION__ >= 199901L
typedef float _Complex Fcomplex;
typedef double _Complex Dcomplex;
typedef long double _Complex Lcomplex;
+#if defined(CRT_LDBL_128BIT)
+typedef Lcomplex Qcomplex;
+#define CRT_HAS_NATIVE_COMPLEX_F128
+#elif defined(CRT_HAS___FLOAT128_KEYWORD)
+#if defined(__clang_major__) && __clang_major__ > 10
+// Clang prior to 11 did not support __float128 _Complex.
+typedef __float128 _Complex Qcomplex;
+#define CRT_HAS_NATIVE_COMPLEX_F128
+#elif defined(__GNUC__) && __GNUC__ >= 7
+// GCC does not allow __float128 _Complex, but accepts _Float128 _Complex.
+typedef _Float128 _Complex Qcomplex;
+#define CRT_HAS_NATIVE_COMPLEX_F128
+#endif
+#endif
#define COMPLEX_REAL(x) __real__(x)
#define COMPLEX_IMAGINARY(x) __imag__(x)
@@ -194,5 +258,17 @@
#define COMPLEX_REAL(x) (x).real
#define COMPLEX_IMAGINARY(x) (x).imaginary
#endif
+
+#ifdef CRT_HAS_NATIVE_COMPLEX_F128
+#define COMPLEXTF_REAL(x) __real__(x)
+#define COMPLEXTF_IMAGINARY(x) __imag__(x)
+#elif defined(CRT_HAS_F128)
+typedef struct {
+ tf_float real, imaginary;
+} Qcomplex;
+#define COMPLEXTF_REAL(x) (x).real
+#define COMPLEXTF_IMAGINARY(x) (x).imaginary
+#endif
+
#endif
#endif // INT_TYPES_H
diff --git a/lib/cpus/aarch64/cortex_a510.S b/lib/cpus/aarch64/cortex_a510.S
index 6fce24e..a59b92c 100644
--- a/lib/cpus/aarch64/cortex_a510.S
+++ b/lib/cpus/aarch64/cortex_a510.S
@@ -57,6 +57,30 @@
check_erratum_ls cortex_a510, ERRATUM(2042739), CPU_REV(0, 2)
+workaround_reset_start cortex_a510, ERRATUM(2080326), ERRATA_A510_2080326
+ /* Apply workaround */
+ mov x0, #1
+ msr S3_6_C15_C4_0, x0
+ isb
+
+ mov x0, #0x0100
+ movk x0, #0x0E08, lsl #16
+ msr S3_6_C15_C4_2, x0
+
+ mov x0, #0x0300
+ movk x0, #0x0F1F, lsl #16
+ movk x0, #0x0008, lsl #32
+ msr S3_6_C15_C4_3, x0
+
+ mov x0, #0x03F1
+ movk x0, #0x00C0, lsl #16
+ msr S3_6_C15_C4_1, x0
+
+ isb
+workaround_reset_end cortex_a510, ERRATUM(2080326)
+
+check_erratum_range cortex_a510, ERRATUM(2080326), CPU_REV(0, 2), CPU_REV(0, 2)
+
workaround_reset_start cortex_a510, ERRATUM(2172148), ERRATA_A510_2172148
/*
* Force L2 allocation of transient lines by setting
diff --git a/lib/cpus/aarch64/cortex_a710.S b/lib/cpus/aarch64/cortex_a710.S
index eab5ada..f3931d7 100644
--- a/lib/cpus/aarch64/cortex_a710.S
+++ b/lib/cpus/aarch64/cortex_a710.S
@@ -80,14 +80,14 @@
sysreg_bit_set CORTEX_A710_CPUACTLR_EL1, CORTEX_A710_CPUACTLR_EL1_BIT_46
workaround_reset_end cortex_a710, ERRATUM(2055002)
-check_erratum_ls cortex_a710, ERRATUM(2055002), CPU_REV(2, 0)
+check_erratum_range cortex_a710, ERRATUM(2055002), CPU_REV(1, 0), CPU_REV(2, 0)
workaround_reset_start cortex_a710, ERRATUM(2058056), ERRATA_A710_2058056
sysreg_bitfield_insert CORTEX_A710_CPUECTLR2_EL1, CORTEX_A710_CPUECTLR2_EL1_PF_MODE_CNSRV, \
CPUECTLR2_EL1_PF_MODE_LSB, CPUECTLR2_EL1_PF_MODE_WIDTH
workaround_reset_end cortex_a710, ERRATUM(2058056)
-check_erratum_ls cortex_a710, ERRATUM(2058056), CPU_REV(2, 0)
+check_erratum_ls cortex_a710, ERRATUM(2058056), CPU_REV(2, 1)
workaround_reset_start cortex_a710, ERRATUM(2081180), ERRATA_A710_2081180
ldr x0,=0x3
@@ -178,6 +178,14 @@
check_erratum_ls cortex_a710, ERRATUM(2371105), CPU_REV(2, 0)
+workaround_reset_start cortex_a710, ERRATUM(2742423), ERRATA_A710_2742423
+ /* Set CPUACTLR5_EL1[56:55] to 2'b01 */
+ sysreg_bit_set CORTEX_A710_CPUACTLR5_EL1, BIT(55)
+ sysreg_bit_clear CORTEX_A710_CPUACTLR5_EL1, BIT(56)
+workaround_reset_end cortex_a710, ERRATUM(2742423)
+
+check_erratum_ls cortex_a710, ERRATUM(2742423), CPU_REV(2, 1)
+
workaround_runtime_start cortex_a710, ERRATUM(2768515), ERRATA_A710_2768515
/* dsb before isb of power down sequence */
dsb sy
diff --git a/lib/cpus/aarch64/cortex_a78_ae.S b/lib/cpus/aarch64/cortex_a78_ae.S
index 94f6465..d3a3e5d 100644
--- a/lib/cpus/aarch64/cortex_a78_ae.S
+++ b/lib/cpus/aarch64/cortex_a78_ae.S
@@ -70,7 +70,7 @@
sysreg_bit_set CORTEX_A78_AE_ACTLR2_EL1, CORTEX_A78_AE_ACTLR2_EL1_BIT_0
workaround_reset_end cortex_a78_ae, ERRATUM(2376748)
-check_erratum_ls cortex_a78_ae, ERRATUM(2376748), CPU_REV(0, 1)
+check_erratum_ls cortex_a78_ae, ERRATUM(2376748), CPU_REV(0, 2)
workaround_reset_start cortex_a78_ae, ERRATUM(2395408), ERRATA_A78_AE_2395408
/* --------------------------------------------------------
diff --git a/lib/cpus/aarch64/cortex_a78c.S b/lib/cpus/aarch64/cortex_a78c.S
index d19c693..2e6e8b6 100644
--- a/lib/cpus/aarch64/cortex_a78c.S
+++ b/lib/cpus/aarch64/cortex_a78c.S
@@ -72,6 +72,14 @@
check_erratum_range cortex_a78c, ERRATUM(2395411), CPU_REV(0, 1), CPU_REV(0, 2)
+workaround_reset_start cortex_a78c, ERRATUM(2743232), ERRATA_A78C_2743232
+ /* Set CPUACTLR5_EL1[56:55] to 2'b01 */
+ sysreg_bit_set CORTEX_A78C_ACTLR5_EL1, BIT(55)
+ sysreg_bit_clear CORTEX_A78C_ACTLR5_EL1, BIT(56)
+workaround_reset_end cortex_a78c, ERRATUM(2743232)
+
+check_erratum_range cortex_a78c, ERRATUM(2743232), CPU_REV(0, 1), CPU_REV(0, 2)
+
workaround_runtime_start cortex_a78c, ERRATUM(2772121), ERRATA_A78C_2772121
/* dsb before isb of power down sequence */
dsb sy
diff --git a/lib/cpus/aarch64/cortex_x2.S b/lib/cpus/aarch64/cortex_x2.S
index 816a58f..258288c 100644
--- a/lib/cpus/aarch64/cortex_x2.S
+++ b/lib/cpus/aarch64/cortex_x2.S
@@ -50,7 +50,7 @@
CORTEX_X2_CPUECTLR2_EL1_PF_MODE_SHIFT, CORTEX_X2_CPUECTLR2_EL1_PF_MODE_WIDTH
workaround_reset_end cortex_x2, ERRATUM(2058056)
-check_erratum_ls cortex_x2, ERRATUM(2058056), CPU_REV(2, 0)
+check_erratum_ls cortex_x2, ERRATUM(2058056), CPU_REV(2, 1)
workaround_reset_start cortex_x2, ERRATUM(2081180), ERRATA_X2_2081180
/* Apply instruction patching sequence */
@@ -118,6 +118,14 @@
check_erratum_ls cortex_x2, ERRATUM(2371105), CPU_REV(2, 0)
+workaround_reset_start cortex_x2, ERRATUM(2742423), ERRATA_X2_2742423
+ /* Set CPUACTLR5_EL1[56:55] to 2'b01 */
+ sysreg_bit_set CORTEX_X2_CPUACTLR5_EL1, BIT(55)
+ sysreg_bit_clear CORTEX_X2_CPUACTLR5_EL1, BIT(56)
+workaround_reset_end cortex_x2, ERRATUM(2742423)
+
+check_erratum_ls cortex_x2, ERRATUM(2742423), CPU_REV(2, 1)
+
workaround_reset_start cortex_x2, ERRATUM(2768515), ERRATA_X2_2768515
/* dsb before isb of power down sequence */
dsb sy
diff --git a/lib/cpus/aarch64/cortex_x3.S b/lib/cpus/aarch64/cortex_x3.S
index 0cb3b97..95f3d10 100644
--- a/lib/cpus/aarch64/cortex_x3.S
+++ b/lib/cpus/aarch64/cortex_x3.S
@@ -57,6 +57,13 @@
check_erratum_ls cortex_x3, ERRATUM(2742421), CPU_REV(1, 1)
+workaround_reset_start cortex_x3, ERRATUM(2779509), ERRATA_X3_2779509
+ /* Set CPUACTLR3_EL1 bit 47 */
+ sysreg_bit_set CORTEX_X3_CPUACTLR3_EL1, CORTEX_X3_CPUACTLR3_EL1_BIT_47
+workaround_reset_end cortex_x3, ERRATUM(2779509)
+
+check_erratum_ls cortex_x3, ERRATUM(2779509), CPU_REV(1, 1)
+
workaround_reset_start cortex_x3, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
override_vector_table wa_cve_vbar_cortex_x3
diff --git a/lib/cpus/aarch64/dsu_helpers.S b/lib/cpus/aarch64/dsu_helpers.S
index a34b9a6..8e5b459 100644
--- a/lib/cpus/aarch64/dsu_helpers.S
+++ b/lib/cpus/aarch64/dsu_helpers.S
@@ -151,13 +151,22 @@
* This function is called from both assembly and C environment. So it
* follows AAPCS.
*
- * Clobbers: x0-x3
+ * Clobbers: x0-x4
* -----------------------------------------------------------------------
*/
.globl check_errata_dsu_2313941
.globl errata_dsu_2313941_wa
func check_errata_dsu_2313941
+ mov x4, x30
+ bl is_scu_present_in_dsu
+ cmp x0, xzr
+ /* Default error status */
+ mov x0, #ERRATA_NOT_APPLIES
+
+ /* If SCU is not present, return without applying patch */
+ b.eq 1f
+
mov x2, #ERRATA_APPLIES
mov x3, #ERRATA_NOT_APPLIES
@@ -170,7 +179,8 @@
mov x1, #(0x31 << CLUSTERIDR_REV_SHIFT)
cmp x0, x1
csel x0, x2, x3, LS
- ret
+1:
+ ret x4
endfunc check_errata_dsu_2313941
/* --------------------------------------------------
diff --git a/lib/cpus/aarch64/neoverse_n2.S b/lib/cpus/aarch64/neoverse_n2.S
index ead3908..477522f 100644
--- a/lib/cpus/aarch64/neoverse_n2.S
+++ b/lib/cpus/aarch64/neoverse_n2.S
@@ -165,6 +165,23 @@
check_erratum_ls neoverse_n2, ERRATUM(2326639), CPU_REV(0, 0)
+workaround_runtime_start neoverse_n2, ERRATUM(2340933), ERRATA_N2_2340933
+ /* Set bit 61 in CPUACTLR5_EL1 */
+ sysreg_bit_set NEOVERSE_N2_CPUACTLR5_EL1, BIT(61)
+workaround_runtime_end neoverse_n2, ERRATUM(2340933)
+
+check_erratum_ls neoverse_n2, ERRATUM(2340933), CPU_REV(0, 0)
+
+workaround_runtime_start neoverse_n2, ERRATUM(2346952), ERRATA_N2_2346952
+ /* Set TXREQ to STATIC and full L2 TQ size */
+ mrs x1, NEOVERSE_N2_CPUECTLR2_EL1
+ mov x0, #CPUECTLR2_EL1_TXREQ_STATIC_FULL
+ bfi x1, x0, #CPUECTLR2_EL1_TXREQ_LSB, #CPUECTLR2_EL1_TXREQ_WIDTH
+ msr NEOVERSE_N2_CPUECTLR2_EL1, x1
+workaround_runtime_end neoverse_n2, ERRATUM(2346952)
+
+check_erratum_ls neoverse_n2, ERRATUM(2346952), CPU_REV(0, 2)
+
workaround_reset_start neoverse_n2, ERRATUM(2376738), ERRATA_N2_2376738
/* Set CPUACTLR2_EL1[0] to 1 to force PLDW/PFRM
* ST to behave like PLD/PFRM LD and not cause
diff --git a/lib/cpus/aarch64/neoverse_v1.S b/lib/cpus/aarch64/neoverse_v1.S
index 35d2c48..c2fbb11 100644
--- a/lib/cpus/aarch64/neoverse_v1.S
+++ b/lib/cpus/aarch64/neoverse_v1.S
@@ -161,7 +161,7 @@
msr NEOVERSE_V1_CPUECTLR_EL1, x1
workaround_reset_end neoverse_v1, ERRATUM(2108267)
-check_erratum_ls neoverse_v1, ERRATUM(2108267), CPU_REV(1, 1)
+check_erratum_ls neoverse_v1, ERRATUM(2108267), CPU_REV(1, 2)
workaround_reset_start neoverse_v1, ERRATUM(2139242), ERRATA_V1_2139242
mov x0, #0x3
@@ -194,7 +194,14 @@
sysreg_bit_set NEOVERSE_V1_ACTLR2_EL1, NEOVERSE_V1_ACTLR2_EL1_BIT_0
workaround_reset_end neoverse_v1, ERRATUM(2294912)
-check_erratum_ls neoverse_v1, ERRATUM(2294912), CPU_REV(1, 1)
+check_erratum_ls neoverse_v1, ERRATUM(2294912), CPU_REV(1, 2)
+
+workaround_runtime_start neoverse_v1, ERRATUM(2348377), ERRATA_V1_2348377
+ /* Set bit 61 in CPUACTLR5_EL1 */
+ sysreg_bit_set NEOVERSE_V1_ACTLR5_EL1, NEOVERSE_V1_ACTLR5_EL1_BIT_61
+workaround_runtime_end neoverse_v1, ERRATUM(2348377)
+
+check_erratum_ls neoverse_v1, ERRATUM(2348377), CPU_REV(1, 1)
workaround_reset_start neoverse_v1, ERRATUM(2372203), ERRATA_V1_2372203
/* Set bit 40 in ACTLR2_EL1 */
diff --git a/lib/cpus/aarch64/travis.S b/lib/cpus/aarch64/travis.S
new file mode 100644
index 0000000..2abefe9
--- /dev/null
+++ b/lib/cpus/aarch64/travis.S
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <arch.h>
+#include <asm_macros.S>
+#include <common/bl_common.h>
+#include <travis.h>
+#include <cpu_macros.S>
+#include <plat_macros.S>
+
+/* Hardware handled coherency */
+#if HW_ASSISTED_COHERENCY == 0
+#error "Travis must be compiled with HW_ASSISTED_COHERENCY enabled"
+#endif
+
+/* 64-bit only core */
+#if CTX_INCLUDE_AARCH32_REGS == 1
+#error "Travis supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
+#endif
+
+cpu_reset_func_start travis
+ /* ----------------------------------------------------
+ * Disable speculative loads
+ * ----------------------------------------------------
+ */
+ msr SSBS, xzr
+cpu_reset_func_end travis
+
+func travis_core_pwr_dwn
+#if ENABLE_SME_FOR_NS
+ /* ---------------------------------------------------
+ * Disable SME if enabled and supported
+ * ---------------------------------------------------
+ */
+ mrs x0, ID_AA64PFR1_EL1
+ ubfx x0, x0, #ID_AA64PFR1_EL1_SME_SHIFT, \
+ #ID_AA64PFR1_EL1_SME_WIDTH
+ cmp x0, #ID_AA64PFR1_EL1_SME_NOT_SUPPORTED
+ b.eq 1f
+ msr TRAVIS_SVCRSM, xzr
+ msr TRAVIS_SVCRZA, xzr
+1:
+#endif
+ /* ---------------------------------------------------
+ * Enable CPU power down bit in power control register
+ * ---------------------------------------------------
+ */
+ sysreg_bit_set TRAVIS_IMP_CPUPWRCTLR_EL1, \
+ TRAVIS_IMP_CPUPWRCTLR_EL1_CORE_PWRDN_EN_BIT
+ isb
+ ret
+endfunc travis_core_pwr_dwn
+
+errata_report_shim travis
+
+.section .rodata.travis_regs, "aS"
+travis_regs: /* The ASCII list of register names to be reported */
+ .asciz "cpuectlr_el1", ""
+
+func travis_cpu_reg_dump
+ adr x6, travis_regs
+ mrs x8, TRAVIS_IMP_CPUECTLR_EL1
+ ret
+endfunc travis_cpu_reg_dump
+
+declare_cpu_ops travis, TRAVIS_MIDR, \
+ travis_reset_func, \
+ travis_core_pwr_dwn
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index e12795f..3901d17 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -352,7 +352,7 @@
CPU_FLAG_LIST += ERRATA_A78_AE_1951502
# Flag to apply erratum 2376748 workaround during reset. This erratum applies
-# to revisions r0p0 and r0p1 of the A78 AE cpu. It is still open.
+# to revisions r0p0, r0p1 and r0p2 of the A78 AE cpu. It is still open.
CPU_FLAG_LIST += ERRATA_A78_AE_2376748
# Flag to apply erratum 2395408 workaround during reset. This erratum applies
@@ -393,6 +393,10 @@
# It is still open.
CPU_FLAG_LIST += ERRATA_A78C_2712575
+# Flag to apply erratum 2743232 workaround during reset. This erratum applies
+# to revisions r0p1 and r0p2 of the A78C cpu. It is still open.
+CPU_FLAG_LIST += ERRATA_A78C_2743232
+
# Flag to apply erratum 2772121 workaround during powerdown. This erratum
# applies to revisions r0p0, r0p1 and r0p2 of the A78C cpu. It is still open.
CPU_FLAG_LIST += ERRATA_A78C_2772121
@@ -517,9 +521,13 @@
CPU_FLAG_LIST += ERRATA_V1_2216392
# Flag to apply erratum 2294912 workaround during reset. This erratum applies
-# to revisions r0p0, r1p0, and r1p1 of the Neoverse V1 cpu and is still open.
+# to revisions r0p0, r1p0, and r1p1 and r1p2 of the Neoverse V1 cpu and is still open.
CPU_FLAG_LIST += ERRATA_V1_2294912
+# Flag to apply erratum 2348377 workaround during reset. This erratum applies
+# to revisions r0p0, r1p0 and r1p1 of the Neoverse V1 cpu and is fixed in r1p2.
+CPU_FLAG_LIST += ERRATA_V1_2348377
+
# Flag to apply erratum 2372203 workaround during reset. This erratum applies
# to revisions r0p0, r1p0 and r1p1 of the Neoverse V1 cpu and is still open.
CPU_FLAG_LIST += ERRATA_V1_2372203
@@ -557,7 +565,8 @@
CPU_FLAG_LIST += ERRATA_A710_2083908
# Flag to apply erratum 2058056 workaround during reset. This erratum applies
-# to revisions r0p0, r1p0 and r2p0 of the Cortex-A710 cpu and is still open.
+# to revisions r0p0, r1p0, r2p0 and r2p1 of the Cortex-A710 cpu and is still
+# open.
CPU_FLAG_LIST += ERRATA_A710_2058056
# Flag to apply erratum 2055002 workaround during reset. This erratum applies
@@ -606,6 +615,11 @@
# and is still open.
CPU_FLAG_LIST += ERRATA_A710_2701952
+# Flag to apply erratum 2742423 workaround during reset. This erratum applies
+# to revision r0p0, r1p0, r2p0 and r2p1 of the Cortex-A710 cpu and is still
+# open.
+CPU_FLAG_LIST += ERRATA_A710_2742423
+
# Flag to apply erratum 2768515 workaround during power down. This erratum
# applies to revision r0p0, r1p0, r2p0 and r2p1 of the Cortex-A710 cpu and is
# still open.
@@ -655,10 +669,18 @@
# to revision r0p0 of the Neoverse N2 cpu and is fixed in r0p1.
CPU_FLAG_LIST += ERRATA_N2_2280757
-# Flag to apply erraturm 2326639 workaroud during powerdown. This erratum
+# Flag to apply erratum 2326639 workaroud during powerdown. This erratum
# applies to revision r0p0 of the Neoverse N2 cpu and is fixed in r0p1.
CPU_FLAG_LIST += ERRATA_N2_2326639
+# Flag to apply erratum 2340933 workaroud during reset. This erratum
+# applies to revision r0p0 of the Neoverse N2 cpu and is fixed in r0p1.
+CPU_FLAG_LIST += ERRATA_N2_2340933
+
+# Flag to apply erratum 2346952 workaround during reset. This erratum applies
+# to r0p0, r0p1, r0p2 of the Neoverse N2 cpu, it is fixed in r0p3.
+CPU_FLAG_LIST += ERRATA_N2_2346952
+
# Flag to apply erratum 2376738 workaround during reset. This erratum applies
# to revision r0p0, r0p1, r0p2, r0p3 of the Neoverse N2 cpu and is still open.
CPU_FLAG_LIST += ERRATA_N2_2376738
@@ -689,7 +711,7 @@
CPU_FLAG_LIST += ERRATA_X2_2002765
# Flag to apply erratum 2058056 workaround during reset. This erratum applies
-# to revisions r0p0, r1p0, and r2p0 of the Cortex-X2 cpu and is still open.
+# to revisions r0p0, r1p0, r2p0 and r2p1 of the Cortex-X2 cpu and is still open.
CPU_FLAG_LIST += ERRATA_X2_2058056
# Flag to apply erratum 2083908 workaround during reset. This erratum applies
@@ -729,6 +751,10 @@
# and is still open.
CPU_FLAG_LIST += ERRATA_X2_2701952
+# Flag to apply erratum 2742423 workaround during reset. This erratum applies
+# to revisions r0p0, r1p0, r2p0 and r2p1 of the Cortex-X2 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_X2_2742423
+
# Flag to apply erratum 2768515 workaround during power down. This erratum
# applies to revision r0p0, r1p0, r2p0 and r2p1 of the Cortex-X2 cpu and is
# still open.
@@ -751,6 +777,10 @@
# to revisions r0p0, r1p0 and r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_X3_2742421
+# Flag to apply erratum 2779509 workaround on reset. This erratum applies
+# to revisions r0p0, r1p0, r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
+CPU_FLAG_LIST += ERRATA_X3_2779509
+
# Flag to apply erratum 1922240 workaround during reset. This erratum applies
# to revision r0p0 of the Cortex-A510 cpu and is fixed in r0p1.
CPU_FLAG_LIST += ERRATA_A510_1922240
@@ -769,6 +799,11 @@
# present in r0p0 and r0p1 but there is no workaround for those revisions.
CPU_FLAG_LIST += ERRATA_A510_2041909
+# Flag to aply erratum 2080326 workaround during reset. This erratum applies
+# to revision r0p2 of the Cortex-A510 cpu and is fixed in r0p3. The issue is
+# also present in r0p0 and r0p1 but there is no workaround for those revisions.
+CPU_FLAG_LIST += ERRATA_A510_2080326
+
# Flag to apply erratum 2250311 workaround during reset. This erratum applies
# to revisions r0p0, r0p1, r0p2, r0p3 and r1p0, and is fixed in r1p1.
CPU_FLAG_LIST += ERRATA_A510_2250311
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index 290a93a..631094f 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -350,6 +350,43 @@
#endif /* ENABLE_FEAT_DIT */
.endm /* set_unset_pstate_bits */
+/*-------------------------------------------------------------------------
+ * This macro checks the ENABLE_FEAT_MPAM state, performs ID register
+ * check to see if the platform supports MPAM extension and restores MPAM3
+ * register value if it is FEAT_STATE_ENABLED/FEAT_STATE_CHECKED.
+ *
+ * This is particularly more complicated because we can't check
+ * if the platform supports MPAM by looking for status of a particular bit
+ * in the MDCR_EL3 or CPTR_EL3 register like other extensions.
+ * ------------------------------------------------------------------------
+ */
+
+ .macro restore_mpam3_el3
+#if ENABLE_FEAT_MPAM
+#if ENABLE_FEAT_MPAM == 2
+
+ mrs x8, id_aa64pfr0_el1
+ lsr x8, x8, #(ID_AA64PFR0_MPAM_SHIFT)
+ and x8, x8, #(ID_AA64PFR0_MPAM_MASK)
+ mrs x7, id_aa64pfr1_el1
+ lsr x7, x7, #(ID_AA64PFR1_MPAM_FRAC_SHIFT)
+ and x7, x7, #(ID_AA64PFR1_MPAM_FRAC_MASK)
+ orr x7, x7, x8
+ cbz x7, no_mpam
+#endif
+ /* -----------------------------------------------------------
+ * Restore MPAM3_EL3 register as per context state
+ * Currently we only enable MPAM for NS world and trap to EL3
+ * for MPAM access in lower ELs of Secure and Realm world
+ * -----------------------------------------------------------
+ */
+ ldr x17, [sp, #CTX_EL3STATE_OFFSET + CTX_MPAM3_EL3]
+ msr S3_6_C10_C5_0, x17 /* mpam3_el3 */
+
+no_mpam:
+#endif
+ .endm /* restore_mpam3_el3 */
+
/* ------------------------------------------------------------------
* The following macro is used to save and restore all the general
* purpose and ARMv8.3-PAuth (if enabled) registers.
@@ -533,6 +570,25 @@
ret
endfunc save_and_update_ptw_el1_sys_regs
+/* -----------------------------------------------------------------
+* The below macro returns the address of the per_world context for
+* the security state, retrieved through "get_security_state" macro.
+* The per_world context address is returned in the register argument.
+* Clobbers: x9, x10
+* ------------------------------------------------------------------
+*/
+
+.macro get_per_world_context _reg:req
+ ldr x10, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
+ get_security_state x9, x10
+ mov_imm x10, (CTX_GLOBAL_EL3STATE_END - CTX_CPTR_EL3)
+ mul x9, x9, x10
+ adrp x10, per_world_context
+ add x10, x10, :lo12:per_world_context
+ add x9, x9, x10
+ mov \_reg, x9
+.endm
+
/* ------------------------------------------------------------------
* This routine assumes that the SP_EL3 is pointing to a valid
* context structure from where the gp regs and other special
@@ -563,7 +619,11 @@
* Synchronization is required before zcr_el3 is addressed.
* ----------------------------------------------------------
*/
- ldp x19, x20, [sp, #CTX_EL3STATE_OFFSET + CTX_CPTR_EL3]
+
+ /* The address of the per_world context is stored in x9 */
+ get_per_world_context x9
+
+ ldp x19, x20, [x9, #CTX_CPTR_EL3]
msr cptr_el3, x19
#if IMAGE_BL31
@@ -573,6 +633,9 @@
isb
msr S3_6_C1_C2_0, x20 /* zcr_el3 */
sve_not_enabled:
+
+ restore_mpam3_el3
+
#endif /* IMAGE_BL31 */
#if IMAGE_BL31 && DYNAMIC_WORKAROUND_CVE_2018_3639
@@ -586,23 +649,9 @@
1:
#endif /* IMAGE_BL31 && DYNAMIC_WORKAROUND_CVE_2018_3639 */
-/*
- * This is a hot path, so we don't want to do some actual FEAT_RAS runtime
- * detection here. The "esb" is a cheaper variant, so using "dsb" in the
- * ENABLE_FEAT_RAS==2 case is not ideal, but won't hurt.
- */
-#if IMAGE_BL31 && ENABLE_FEAT_RAS == 1
- /* ----------------------------------------------------------
- * Issue Error Synchronization Barrier to synchronize SErrors
- * before exiting EL3. We're running with EAs unmasked, so
- * any synchronized errors would be taken immediately;
- * therefore no need to inspect DISR_EL1 register.
- * ----------------------------------------------------------
- */
- esb
-#else
- dsb sy
-#endif /* IMAGE_BL31 && ENABLE_FEAT_RAS */
+#if IMAGE_BL31
+ synchronize_errors
+#endif /* IMAGE_BL31 */
/* ----------------------------------------------------------
* Restore SPSR_EL3, ELR_EL3 and SCR_EL3 prior to ERET
@@ -626,7 +675,8 @@
ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
#ifdef IMAGE_BL31
- str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3]
+ /* Clear the EL3 flag as we are exiting el3 */
+ str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
#endif /* IMAGE_BL31 */
exception_return
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 3a7e50f..fdd1388 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -20,6 +20,7 @@
#include <context.h>
#include <drivers/arm/gicv3.h>
#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/el3_runtime/cpu_data.h>
#include <lib/el3_runtime/pubsub_events.h>
#include <lib/extensions/amu.h>
#include <lib/extensions/brbe.h>
@@ -38,8 +39,12 @@
CASSERT(((TWED_DELAY & ~SCR_TWEDEL_MASK) == 0U), assert_twed_delay_value_check);
#endif /* ENABLE_FEAT_TWED */
+per_world_context_t per_world_context[CPU_DATA_CONTEXT_NUM];
+static bool has_secure_perworld_init;
+
static void manage_extensions_nonsecure(cpu_context_t *ctx);
static void manage_extensions_secure(cpu_context_t *ctx);
+static void manage_extensions_secure_per_world(void);
static void setup_el1_context(cpu_context_t *ctx, const struct entry_point_info *ep)
{
@@ -146,6 +151,18 @@
#endif
manage_extensions_secure(ctx);
+
+ /**
+ * manage_extensions_secure_per_world api has to be executed once,
+ * as the registers getting initialised, maintain constant value across
+ * all the cpus for the secure world.
+ * Henceforth, this check ensures that the registers are initialised once
+ * and avoids re-initialization from multiple cores.
+ */
+ if (!has_secure_perworld_init) {
+ manage_extensions_secure_per_world();
+ }
+
}
#if ENABLE_RME
@@ -301,7 +318,6 @@
******************************************************************************/
static void setup_context_common(cpu_context_t *ctx, const entry_point_info_t *ep)
{
- u_register_t cptr_el3;
u_register_t scr_el3;
el3_state_t *state;
gp_regs_t *gp_regs;
@@ -425,21 +441,6 @@
}
/*
- * Initialise CPTR_EL3, setting all fields rather than relying on hw.
- * All fields are architecturally UNKNOWN on reset.
- *
- * CPTR_EL3.TFP: Set to zero so that accesses to the V- or Z- registers
- * by Advanced SIMD, floating-point or SVE instructions (if
- * implemented) do not trap to EL3.
- *
- * CPTR_EL3.TCPAC: Set to zero so that accesses to CPACR_EL1,
- * CPTR_EL2,CPACR, or HCPTR do not trap to EL3.
- */
- cptr_el3 = CPTR_EL3_RESET_VAL & ~(TFP_BIT | TCPAC_BIT);
-
- write_ctx_reg(state, CTX_CPTR_EL3, cptr_el3);
-
- /*
* SCR_EL3.HCE: Enable HVC instructions if next execution state is
* AArch64 and next EL is EL2, or if next execution state is AArch32 and
* next mode is Hyp.
@@ -482,6 +483,11 @@
}
#endif /* (IMAGE_BL31 && defined(SPD_spmd) && SPMD_SPM_AT_SEL2) */
+ if (is_feat_mpam_supported()) {
+ write_ctx_reg(get_el3state_ctx(ctx), CTX_MPAM3_EL3, \
+ MPAM3_EL3_RESET_VAL);
+ }
+
/*
* Populate EL3 state so that we've the right context
* before doing ERET
@@ -578,10 +584,6 @@
sme_init_el3();
}
- if (is_feat_mpam_supported()) {
- mpam_init_el3();
- }
-
if (is_feat_trbe_supported()) {
trbe_init_el3();
}
@@ -599,6 +601,82 @@
#endif /* IMAGE_BL31 */
/*******************************************************************************
+ * Initialise per_world_context for Non-Secure world.
+ * This function enables the architecture extensions, which have same value
+ * across the cores for the non-secure world.
+ ******************************************************************************/
+#if IMAGE_BL31
+void manage_extensions_nonsecure_per_world(void)
+{
+ if (is_feat_sme_supported()) {
+ sme_enable_per_world(&per_world_context[CPU_CONTEXT_NS]);
+ }
+
+ if (is_feat_sve_supported()) {
+ sve_enable_per_world(&per_world_context[CPU_CONTEXT_NS]);
+ }
+
+ if (is_feat_amu_supported()) {
+ amu_enable_per_world(&per_world_context[CPU_CONTEXT_NS]);
+ }
+
+ if (is_feat_sys_reg_trace_supported()) {
+ sys_reg_trace_enable_per_world(&per_world_context[CPU_CONTEXT_NS]);
+ }
+}
+#endif /* IMAGE_BL31 */
+
+/*******************************************************************************
+ * Initialise per_world_context for Secure world.
+ * This function enables the architecture extensions, which have same value
+ * across the cores for the secure world.
+ ******************************************************************************/
+
+static void manage_extensions_secure_per_world(void)
+{
+#if IMAGE_BL31
+ if (is_feat_sme_supported()) {
+
+ if (ENABLE_SME_FOR_SWD) {
+ /*
+ * Enable SME, SVE, FPU/SIMD in secure context, SPM must ensure
+ * SME, SVE, and FPU/SIMD context properly managed.
+ */
+ sme_enable_per_world(&per_world_context[CPU_CONTEXT_SECURE]);
+ } else {
+ /*
+ * Disable SME, SVE, FPU/SIMD in secure context so non-secure
+ * world can safely use the associated registers.
+ */
+ sme_disable_per_world(&per_world_context[CPU_CONTEXT_SECURE]);
+ }
+ }
+ if (is_feat_sve_supported()) {
+ if (ENABLE_SVE_FOR_SWD) {
+ /*
+ * Enable SVE and FPU in secure context, SPM must ensure
+ * that the SVE and FPU register contexts are properly managed.
+ */
+ sve_enable_per_world(&per_world_context[CPU_CONTEXT_SECURE]);
+ } else {
+ /*
+ * Disable SVE and FPU in secure context so non-secure world
+ * can safely use them.
+ */
+ sve_disable_per_world(&per_world_context[CPU_CONTEXT_SECURE]);
+ }
+ }
+
+ /* NS can access this but Secure shouldn't */
+ if (is_feat_sys_reg_trace_supported()) {
+ sys_reg_trace_disable_per_world(&per_world_context[CPU_CONTEXT_SECURE]);
+ }
+
+ has_secure_perworld_init = true;
+#endif /* IMAGE_BL31 */
+}
+
+/*******************************************************************************
* Enable architecture extensions on first entry to Non-secure world.
******************************************************************************/
static void manage_extensions_nonsecure(cpu_context_t *ctx)
@@ -608,19 +686,13 @@
amu_enable(ctx);
}
- /* Enable SVE and FPU/SIMD */
- if (is_feat_sve_supported()) {
- sve_enable(ctx);
- }
-
if (is_feat_sme_supported()) {
sme_enable(ctx);
}
- if (is_feat_sys_reg_trace_supported()) {
- sys_reg_trace_enable(ctx);
+ if (is_feat_mpam_supported()) {
+ mpam_enable(ctx);
}
-
pmuv3_enable(ctx);
#endif /* IMAGE_BL31 */
}
@@ -639,6 +711,7 @@
write_hcr_el2(hcr_el2);
}
+#if INIT_UNUSED_NS_EL2
/*******************************************************************************
* Enable architecture extensions in-place at EL2 on first entry to Non-secure
* world when EL2 is empty and unused.
@@ -685,6 +758,7 @@
#endif /* ENABLE_PAUTH */
#endif /* IMAGE_BL31 */
}
+#endif /* INIT_UNUSED_NS_EL2 */
/*******************************************************************************
* Enable architecture extensions on first entry to Secure world.
@@ -692,23 +766,6 @@
static void manage_extensions_secure(cpu_context_t *ctx)
{
#if IMAGE_BL31
- if (is_feat_sve_supported()) {
- if (ENABLE_SVE_FOR_SWD) {
- /*
- * Enable SVE and FPU in secure context, secure manager must
- * ensure that the SVE and FPU register contexts are properly
- * managed.
- */
- sve_enable(ctx);
- } else {
- /*
- * Disable SVE and FPU in secure context so non-secure world
- * can safely use them.
- */
- sve_disable(ctx);
- }
- }
-
if (is_feat_sme_supported()) {
if (ENABLE_SME_FOR_SWD) {
/*
@@ -725,11 +782,6 @@
sme_disable(ctx);
}
}
-
- /* NS can access this but Secure shouldn't */
- if (is_feat_sys_reg_trace_supported()) {
- sys_reg_trace_disable(ctx);
- }
#endif /* IMAGE_BL31 */
}
@@ -759,8 +811,9 @@
}
/* EL2 present but unused, need to disable safely. SCTLR_EL2 can be ignored */
-static __unused void init_nonsecure_el2_unused(cpu_context_t *ctx)
+static void init_nonsecure_el2_unused(cpu_context_t *ctx)
{
+#if INIT_UNUSED_NS_EL2
u_register_t hcr_el2 = HCR_RESET_VAL;
u_register_t mdcr_el2;
u_register_t scr_el3;
@@ -859,6 +912,7 @@
write_cnthp_ctl_el2(CNTHP_CTL_RESET_VAL & ~(CNTHP_CTL_ENABLE_BIT));
manage_extensions_nonsecure_el2_unused();
+#endif /* INIT_UNUSED_NS_EL2 */
}
/*******************************************************************************
diff --git a/lib/extensions/amu/aarch64/amu.c b/lib/extensions/amu/aarch64/amu.c
index 53bdb55..cb9a0f2 100644
--- a/lib/extensions/amu/aarch64/amu.c
+++ b/lib/extensions/amu/aarch64/amu.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -180,15 +180,6 @@
*/
void amu_enable(cpu_context_t *ctx)
{
- /*
- * Set CPTR_EL3.TAM to zero so that any accesses to the Activity Monitor
- * registers do not trap to EL3.
- */
- u_register_t cptr_el3 = read_ctx_reg(get_el3state_ctx(ctx), CTX_CPTR_EL3);
-
- cptr_el3 &= ~TAM_BIT;
- write_ctx_reg(get_el3state_ctx(ctx), CTX_CPTR_EL3, cptr_el3);
-
/* Initialize FEAT_AMUv1p1 features if present. */
if (is_feat_amuv1p1_supported()) {
/*
@@ -199,6 +190,18 @@
}
}
+void amu_enable_per_world(per_world_context_t *per_world_ctx)
+{
+ /*
+ * Set CPTR_EL3.TAM to zero so that any accesses to the Activity Monitor
+ * registers do not trap to EL3.
+ */
+ uint64_t cptr_el3 = per_world_ctx->ctx_cptr_el3;
+
+ cptr_el3 &= ~TAM_BIT;
+ per_world_ctx->ctx_cptr_el3 = cptr_el3;
+}
+
void amu_init_el3(void)
{
uint64_t group0_impl_ctr = read_amcgcr_el0_cg0nc();
diff --git a/lib/extensions/mpam/mpam.c b/lib/extensions/mpam/mpam.c
index 6462c97..875ad9c 100644
--- a/lib/extensions/mpam/mpam.c
+++ b/lib/extensions/mpam/mpam.c
@@ -11,14 +11,19 @@
#include <arch_helpers.h>
#include <lib/extensions/mpam.h>
-void mpam_init_el3(void)
+void mpam_enable(cpu_context_t *context)
{
+ u_register_t mpam3_el3;
+
+ mpam3_el3 = read_ctx_reg(get_el3state_ctx(context), CTX_MPAM3_EL3);
+
/*
* Enable MPAM, and disable trapping to EL3 when lower ELs access their
- * own MPAM registers.
+ * own MPAM registers
*/
- write_mpam3_el3(MPAM3_EL3_MPAMEN_BIT);
-
+ mpam3_el3 = (mpam3_el3 | MPAM3_EL3_MPAMEN_BIT) &
+ ~(MPAM3_EL3_TRAPLOWER_BIT);
+ write_ctx_reg(get_el3state_ctx(context), CTX_MPAM3_EL3, mpam3_el3);
}
/*
diff --git a/lib/extensions/sme/sme.c b/lib/extensions/sme/sme.c
index d705b64..b1409b9 100644
--- a/lib/extensions/sme/sme.c
+++ b/lib/extensions/sme/sme.c
@@ -22,17 +22,22 @@
/* Get the context state. */
state = get_el3state_ctx(context);
- /* Enable SME in CPTR_EL3. */
- reg = read_ctx_reg(state, CTX_CPTR_EL3);
- reg |= ESM_BIT;
- write_ctx_reg(state, CTX_CPTR_EL3, reg);
-
/* Set the ENTP2 bit in SCR_EL3 to enable access to TPIDR2_EL0. */
reg = read_ctx_reg(state, CTX_SCR_EL3);
reg |= SCR_ENTP2_BIT;
write_ctx_reg(state, CTX_SCR_EL3, reg);
}
+void sme_enable_per_world(per_world_context_t *per_world_ctx)
+{
+ u_register_t reg;
+
+ /* Enable SME in CPTR_EL3. */
+ reg = per_world_ctx->ctx_cptr_el3;
+ reg |= ESM_BIT;
+ per_world_ctx->ctx_cptr_el3 = reg;
+}
+
void sme_init_el3(void)
{
u_register_t cptr_el3 = read_cptr_el3();
@@ -43,7 +48,7 @@
isb();
/*
- * Set the max LEN value and FA64 bit. This register is set up globally
+ * Set the max LEN value and FA64 bit. This register is set up per_world
* to be the least restrictive, then lower ELs can restrict as needed
* using SMCR_EL2 and SMCR_EL1.
*/
@@ -87,15 +92,20 @@
/* Get the context state. */
state = get_el3state_ctx(context);
- /* Disable SME, SVE, and FPU since they all share registers. */
- reg = read_ctx_reg(state, CTX_CPTR_EL3);
- reg &= ~ESM_BIT; /* Trap SME */
- reg &= ~CPTR_EZ_BIT; /* Trap SVE */
- reg |= TFP_BIT; /* Trap FPU/SIMD */
- write_ctx_reg(state, CTX_CPTR_EL3, reg);
-
/* Disable access to TPIDR2_EL0. */
reg = read_ctx_reg(state, CTX_SCR_EL3);
reg &= ~SCR_ENTP2_BIT;
write_ctx_reg(state, CTX_SCR_EL3, reg);
}
+
+void sme_disable_per_world(per_world_context_t *per_world_ctx)
+{
+ u_register_t reg;
+
+ /* Disable SME, SVE, and FPU since they all share registers. */
+ reg = per_world_ctx->ctx_cptr_el3;
+ reg &= ~ESM_BIT; /* Trap SME */
+ reg &= ~CPTR_EZ_BIT; /* Trap SVE */
+ reg |= TFP_BIT; /* Trap FPU/SIMD */
+ per_world_ctx->ctx_cptr_el3 = reg;
+}
diff --git a/lib/extensions/sve/sve.c b/lib/extensions/sve/sve.c
index eb4ac8d..143717e 100644
--- a/lib/extensions/sve/sve.c
+++ b/lib/extensions/sve/sve.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,19 +22,17 @@
*/
#define CONVERT_SVE_LENGTH(x) (((x / 128) - 1))
-void sve_enable(cpu_context_t *context)
+void sve_enable_per_world(per_world_context_t *per_world_ctx)
{
u_register_t cptr_el3;
- cptr_el3 = read_ctx_reg(get_el3state_ctx(context), CTX_CPTR_EL3);
-
/* Enable access to SVE functionality for all ELs. */
+ cptr_el3 = per_world_ctx->ctx_cptr_el3;
cptr_el3 = (cptr_el3 | CPTR_EZ_BIT) & ~(TFP_BIT);
- write_ctx_reg(get_el3state_ctx(context), CTX_CPTR_EL3, cptr_el3);
+ per_world_ctx->ctx_cptr_el3 = cptr_el3;
/* Restrict maximum SVE vector length (SVE_VECTOR_LEN+1) * 128. */
- write_ctx_reg(get_el3state_ctx(context), CTX_ZCR_EL3,
- (ZCR_EL3_LEN_MASK & CONVERT_SVE_LENGTH(SVE_VECTOR_LEN)));
+ per_world_ctx->ctx_zcr_el3 = (ZCR_EL3_LEN_MASK & CONVERT_SVE_LENGTH(SVE_VECTOR_LEN));
}
void sve_init_el2_unused(void)
@@ -47,17 +45,13 @@
write_cptr_el2(read_cptr_el2() & ~CPTR_EL2_TFP_BIT);
}
-void sve_disable(cpu_context_t *context)
+void sve_disable_per_world(per_world_context_t *per_world_ctx)
{
u_register_t reg;
- el3_state_t *state;
-
- /* Get the context state. */
- state = get_el3state_ctx(context);
/* Disable SVE and FPU since they share registers. */
- reg = read_ctx_reg(state, CTX_CPTR_EL3);
+ reg = per_world_ctx->ctx_cptr_el3;
reg &= ~CPTR_EZ_BIT; /* Trap SVE */
reg |= TFP_BIT; /* Trap FPU/SIMD */
- write_ctx_reg(state, CTX_CPTR_EL3, reg);
+ per_world_ctx->ctx_cptr_el3 = reg;
}
diff --git a/lib/extensions/sys_reg_trace/aarch64/sys_reg_trace.c b/lib/extensions/sys_reg_trace/aarch64/sys_reg_trace.c
index 1349566..2170763 100644
--- a/lib/extensions/sys_reg_trace/aarch64/sys_reg_trace.c
+++ b/lib/extensions/sys_reg_trace/aarch64/sys_reg_trace.c
@@ -10,29 +10,27 @@
#include <arch_helpers.h>
#include <lib/extensions/sys_reg_trace.h>
-void sys_reg_trace_enable(cpu_context_t *ctx)
+void sys_reg_trace_enable_per_world(per_world_context_t *per_world_ctx)
{
/*
* CPTR_EL3.TTA: Set to zero so that System register accesses to the
* trace registers do not trap to EL3.
*/
- uint64_t val = read_ctx_reg(get_el3state_ctx(ctx), CTX_CPTR_EL3);
-
+ uint64_t val = per_world_ctx->ctx_cptr_el3;
val &= ~(TTA_BIT);
- write_ctx_reg(get_el3state_ctx(ctx), CTX_CPTR_EL3, val);
+ per_world_ctx->ctx_cptr_el3 = val;
}
-void sys_reg_trace_disable(cpu_context_t *ctx)
+void sys_reg_trace_disable_per_world(per_world_context_t *per_world_ctx)
{
/*
* CPTR_EL3.TTA: Set to one so that System register accesses to the
* trace registers trap to EL3, unless it is trapped by CPACR.TRCDIS,
* CPACR_EL1.TTA, or CPTR_EL2.TTA
*/
- uint64_t val = read_ctx_reg(get_el3state_ctx(ctx), CTX_CPTR_EL3);
-
+ uint64_t val = per_world_ctx->ctx_cptr_el3;
val |= TTA_BIT;
- write_ctx_reg(get_el3state_ctx(ctx), CTX_CPTR_EL3, val);
+ per_world_ctx->ctx_cptr_el3 = val;
}
void sys_reg_trace_init_el2_unused(void)
diff --git a/lib/pmf/pmf_main.c b/lib/pmf/pmf_main.c
index bf0ad83..b33f49c 100644
--- a/lib/pmf/pmf_main.c
+++ b/lib/pmf/pmf_main.c
@@ -165,7 +165,7 @@
/* Search for registered service. */
svc_desc = get_service(tid);
- if ((svc_desc == NULL) || (plat_core_pos_by_mpidr(mpidr) < 0)) {
+ if (svc_desc == NULL) {
*ts_value = 0;
return -EINVAL;
} else {
diff --git a/lib/pmf/pmf_smc.c b/lib/pmf/pmf_smc.c
index 71486df..f3dd112 100644
--- a/lib/pmf/pmf_smc.c
+++ b/lib/pmf/pmf_smc.c
@@ -26,6 +26,10 @@
int rc;
unsigned long long ts_value;
+ /* Determine if the cpu exists of not */
+ if (!is_valid_mpidr(x2))
+ return PSCI_E_INVALID_PARAMS;
+
if (((smc_fid >> FUNCID_CC_SHIFT) & FUNCID_CC_MASK) == SMC_32) {
x1 = (uint32_t)x1;
diff --git a/lib/psa/delegated_attestation.c b/lib/psa/delegated_attestation.c
index a813e84..81e2621 100644
--- a/lib/psa/delegated_attestation.c
+++ b/lib/psa/delegated_attestation.c
@@ -5,13 +5,10 @@
*
*/
-#include <string.h>
-
#include <delegated_attestation.h>
#include <psa/client.h>
#include <psa_manifest/sid.h>
-#if !PLAT_RSS_NOT_SUPPORTED
psa_status_t
rss_delegated_attest_get_delegated_key(uint8_t ecc_curve,
uint32_t key_bits,
@@ -74,143 +71,3 @@
return status;
}
-
-
-#else /* !PLAT_RSS_NOT_SUPPORTED */
-
-static const uint8_t delegated_key[] = {
- 0x20, 0x11, 0xC7, 0xF0, 0x3C, 0xEE, 0x43, 0x25, 0x17, 0x6E,
- 0x52, 0x4F, 0x03, 0x3C, 0x0C, 0xE1, 0xE2, 0x1A, 0x76, 0xE6,
- 0xC1, 0xA4, 0xF0, 0xB8, 0x39, 0xAA, 0x1D, 0xF6, 0x1E, 0x0E,
- 0x8A, 0x5C, 0x8A, 0x05, 0x74, 0x0F, 0x9B, 0x69, 0xEF, 0xA7,
- 0xEB, 0x1A, 0x41, 0x85, 0xBD, 0x11, 0x7F, 0x68
-};
-
-static const uint8_t platform_token[] = {
- 0xD2, 0x84, 0x44, 0xA1, 0x01, 0x38, 0x22, 0xA0,
- 0x59, 0x02, 0x33, 0xA9, 0x19, 0x01, 0x09, 0x78,
- 0x1C, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F,
- 0x61, 0x72, 0x6D, 0x2E, 0x63, 0x6F, 0x6D, 0x2F,
- 0x43, 0x43, 0x41, 0x2D, 0x53, 0x53, 0x44, 0x2F,
- 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x0A, 0x58, 0x20,
- 0xB5, 0x97, 0x3C, 0xB6, 0x8B, 0xAA, 0x9F, 0xC5,
- 0x55, 0x58, 0x78, 0x6B, 0x7E, 0xC6, 0x7F, 0x69,
- 0xE4, 0x0D, 0xF5, 0xBA, 0x5A, 0xA9, 0x21, 0xCD,
- 0x0C, 0x27, 0xF4, 0x05, 0x87, 0xA0, 0x11, 0xEA,
- 0x19, 0x09, 0x5C, 0x58, 0x20, 0x7F, 0x45, 0x4C,
- 0x46, 0x02, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x3E,
- 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x58, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x19, 0x01, 0x00,
- 0x58, 0x21, 0x01, 0x07, 0x06, 0x05, 0x04, 0x03,
- 0x02, 0x01, 0x00, 0x0F, 0x0E, 0x0D, 0x0C, 0x0B,
- 0x0A, 0x09, 0x08, 0x17, 0x16, 0x15, 0x14, 0x13,
- 0x12, 0x11, 0x10, 0x1F, 0x1E, 0x1D, 0x1C, 0x1B,
- 0x1A, 0x19, 0x18, 0x19, 0x09, 0x61, 0x58, 0x21,
- 0x01, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01,
- 0x00, 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09,
- 0x08, 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11,
- 0x10, 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19,
- 0x18, 0x19, 0x09, 0x5B, 0x19, 0x30, 0x03, 0x19,
- 0x09, 0x62, 0x67, 0x73, 0x68, 0x61, 0x2D, 0x32,
- 0x35, 0x36, 0x19, 0x09, 0x5F, 0x84, 0xA5, 0x01,
- 0x62, 0x42, 0x4C, 0x05, 0x58, 0x20, 0x07, 0x06,
- 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
- 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
- 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
- 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x04, 0x65,
- 0x33, 0x2E, 0x34, 0x2E, 0x32, 0x02, 0x58, 0x20,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08,
- 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10,
- 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18,
- 0x06, 0x74, 0x54, 0x46, 0x2D, 0x4D, 0x5F, 0x53,
- 0x48, 0x41, 0x32, 0x35, 0x36, 0x4D, 0x65, 0x6D,
- 0x50, 0x72, 0x65, 0x58, 0x49, 0x50, 0xA4, 0x01,
- 0x62, 0x4D, 0x31, 0x05, 0x58, 0x20, 0x07, 0x06,
- 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
- 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
- 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
- 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x04, 0x63,
- 0x31, 0x2E, 0x32, 0x02, 0x58, 0x20, 0x07, 0x06,
- 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
- 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
- 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
- 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0xA4, 0x01,
- 0x62, 0x4D, 0x32, 0x05, 0x58, 0x20, 0x07, 0x06,
- 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
- 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
- 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
- 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x04, 0x65,
- 0x31, 0x2E, 0x32, 0x2E, 0x33, 0x02, 0x58, 0x20,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08,
- 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10,
- 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18,
- 0xA4, 0x01, 0x62, 0x4D, 0x33, 0x05, 0x58, 0x20,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08,
- 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10,
- 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18,
- 0x04, 0x61, 0x31, 0x02, 0x58, 0x20, 0x07, 0x06,
- 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
- 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
- 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
- 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x19, 0x09,
- 0x60, 0x6C, 0x77, 0x68, 0x61, 0x74, 0x65, 0x76,
- 0x65, 0x72, 0x2E, 0x63, 0x6F, 0x6D, 0x58, 0x60,
- 0xE6, 0xB6, 0x38, 0x4F, 0xAE, 0x3F, 0x6E, 0x67,
- 0xF5, 0xD4, 0x97, 0x4B, 0x3F, 0xFD, 0x0A, 0xFA,
- 0x1D, 0xF0, 0x2F, 0x73, 0xB8, 0xFF, 0x5F, 0x02,
- 0xC0, 0x0F, 0x40, 0xAC, 0xF3, 0xA2, 0x9D, 0xB5,
- 0x31, 0x50, 0x16, 0x4F, 0xFA, 0x34, 0x3D, 0x0E,
- 0xAF, 0xE0, 0xD0, 0xD1, 0x6C, 0xF0, 0x9D, 0xC1,
- 0x01, 0x42, 0xA2, 0x3C, 0xCE, 0xD4, 0x4A, 0x59,
- 0xDC, 0x29, 0x0A, 0x30, 0x93, 0x5F, 0xB4, 0x98,
- 0x61, 0xBA, 0xE3, 0x91, 0x22, 0x95, 0x24, 0xF4,
- 0xAE, 0x47, 0x93, 0xD3, 0x84, 0xA3, 0x76, 0xD0,
- 0xC1, 0x26, 0x96, 0x53, 0xA3, 0x60, 0x3F, 0x6C,
- 0x75, 0x96, 0x90, 0x6A, 0xF9, 0x4E, 0xDA, 0x30
-};
-
-psa_status_t
-rss_delegated_attest_get_delegated_key(uint8_t ecc_curve,
- uint32_t key_bits,
- uint8_t *key_buf,
- size_t key_buf_size,
- size_t *key_size,
- uint32_t hash_algo)
-{
- (void)ecc_curve;
- (void)key_bits;
- (void)hash_algo;
-
- if (key_buf_size < sizeof(delegated_key)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- (void)memcpy(key_buf, delegated_key, sizeof(delegated_key));
- *key_size = sizeof(delegated_key);
-
- return PSA_SUCCESS;
-}
-psa_status_t
-rss_delegated_attest_get_token(const uint8_t *dak_pub_hash,
- size_t dak_pub_hash_size,
- uint8_t *token_buf,
- size_t token_buf_size,
- size_t *token_size)
-{
- (void)dak_pub_hash;
- (void)dak_pub_hash_size;
-
- if (token_buf_size < sizeof(platform_token)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- (void)memcpy(token_buf, platform_token, sizeof(platform_token));
- *token_size = sizeof(platform_token);
-
- return PSA_SUCCESS;
-}
-#endif /* !PLAT_RSS_NOT_SUPPORTED */
diff --git a/lib/psa/measured_boot.c b/lib/psa/measured_boot.c
index c359e9f..38990b5 100644
--- a/lib/psa/measured_boot.c
+++ b/lib/psa/measured_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -61,7 +61,6 @@
INFO(" - locking : %s\n", lock_measurement ? "true" : "false");
}
-#if !PLAT_RSS_NOT_SUPPORTED
psa_status_t
rss_measured_boot_extend_measurement(uint8_t index,
const uint8_t *signer_id,
@@ -175,47 +174,3 @@
return status;
}
-
-#else /* !PLAT_RSS_NOT_SUPPORTED */
-
-psa_status_t
-rss_measured_boot_extend_measurement(uint8_t index,
- const uint8_t *signer_id,
- size_t signer_id_size,
- const uint8_t *version,
- size_t version_size,
- uint32_t measurement_algo,
- const uint8_t *sw_type,
- size_t sw_type_size,
- const uint8_t *measurement_value,
- size_t measurement_value_size,
- bool lock_measurement)
-{
- log_measurement(index, signer_id, signer_id_size,
- version, version_size, sw_type, sw_type_size,
- measurement_algo, measurement_value,
- measurement_value_size, lock_measurement);
-
- return PSA_SUCCESS;
-}
-
-psa_status_t rss_measured_boot_read_measurement(uint8_t index,
- uint8_t *signer_id,
- size_t signer_id_size,
- size_t *signer_id_len,
- uint8_t *version,
- size_t version_size,
- size_t *version_len,
- uint32_t *measurement_algo,
- uint8_t *sw_type,
- size_t sw_type_size,
- size_t *sw_type_len,
- uint8_t *measurement_value,
- size_t measurement_value_size,
- size_t *measurement_value_len,
- bool *is_locked)
-{
- return PSA_SUCCESS;
-}
-
-#endif /* !PLAT_RSS_NOT_SUPPORTED */
diff --git a/lib/psci/psci_common.c b/lib/psci/psci_common.c
index 70bf77e..f9de432 100644
--- a/lib/psci/psci_common.c
+++ b/lib/psci/psci_common.c
@@ -818,20 +818,6 @@
}
/*******************************************************************************
- * Simple routine to determine whether a mpidr is valid or not.
- ******************************************************************************/
-int psci_validate_mpidr(u_register_t mpidr)
-{
- int pos = plat_core_pos_by_mpidr(mpidr);
-
- if ((pos < 0) || ((unsigned int)pos >= PLATFORM_CORE_COUNT)) {
- return PSCI_E_INVALID_PARAMS;
- }
-
- return PSCI_E_SUCCESS;
-}
-
-/*******************************************************************************
* This function determines the full entrypoint information for the requested
* PSCI entrypoint on power on/resume and returns it.
******************************************************************************/
diff --git a/lib/psci/psci_main.c b/lib/psci/psci_main.c
index 326f125..a015531 100644
--- a/lib/psci/psci_main.c
+++ b/lib/psci/psci_main.c
@@ -29,9 +29,8 @@
int rc;
entry_point_info_t ep;
- /* Determine if the cpu exists of not */
- rc = psci_validate_mpidr(target_cpu);
- if (rc != PSCI_E_SUCCESS)
+ /* Validate the target CPU */
+ if (!is_valid_mpidr(target_cpu))
return PSCI_E_INVALID_PARAMS;
/* Validate the entry point and get the entry_point_info */
@@ -245,19 +244,18 @@
int psci_affinity_info(u_register_t target_affinity,
unsigned int lowest_affinity_level)
{
- int ret;
unsigned int target_idx;
+ /* Validate the target affinity */
+ if (!is_valid_mpidr(target_affinity))
+ return PSCI_E_INVALID_PARAMS;
+
/* We dont support level higher than PSCI_CPU_PWR_LVL */
if (lowest_affinity_level > PSCI_CPU_PWR_LVL)
return PSCI_E_INVALID_PARAMS;
/* Calculate the cpu index of the target */
- ret = plat_core_pos_by_mpidr(target_affinity);
- if (ret == -1) {
- return PSCI_E_INVALID_PARAMS;
- }
- target_idx = (unsigned int)ret;
+ target_idx = (unsigned int) plat_core_pos_by_mpidr(target_affinity);
/*
* Generic management:
@@ -285,6 +283,10 @@
int rc;
u_register_t resident_cpu_mpidr;
+ /* Validate the target cpu */
+ if (!is_valid_mpidr(target_cpu))
+ return PSCI_E_INVALID_PARAMS;
+
rc = psci_spd_migrate_info(&resident_cpu_mpidr);
if (rc != PSCI_TOS_UP_MIG_CAP)
return (rc == PSCI_TOS_NOT_UP_MIG_CAP) ?
@@ -298,8 +300,7 @@
return PSCI_E_NOT_PRESENT;
/* Check the validity of the specified target cpu */
- rc = psci_validate_mpidr(target_cpu);
- if (rc != PSCI_E_SUCCESS)
+ if (!is_valid_mpidr(target_cpu))
return PSCI_E_INVALID_PARAMS;
assert((psci_spd_pm != NULL) && (psci_spd_pm->svc_migrate != NULL));
@@ -339,8 +340,7 @@
int rc;
/* Validate target_cpu */
- rc = psci_validate_mpidr(target_cpu);
- if (rc != PSCI_E_SUCCESS)
+ if (!is_valid_mpidr(target_cpu))
return PSCI_E_INVALID_PARAMS;
/* Validate power_level against PLAT_MAX_PWR_LVL */
diff --git a/lib/psci/psci_on.c b/lib/psci/psci_on.c
index 31875ff..b279774 100644
--- a/lib/psci/psci_on.c
+++ b/lib/psci/psci_on.c
@@ -61,15 +61,7 @@
{
int rc;
aff_info_state_t target_aff_state;
- int ret = plat_core_pos_by_mpidr(target_cpu);
- unsigned int target_idx;
-
- /* Calling function must supply valid input arguments */
- assert(ret >= 0);
- assert((unsigned int)ret < PLATFORM_CORE_COUNT);
- assert(ep != NULL);
-
- target_idx = (unsigned int)ret;
+ unsigned int target_idx = (unsigned int)plat_core_pos_by_mpidr(target_cpu);
/*
* This function must only be called on platforms where the
diff --git a/lib/psci/psci_private.h b/lib/psci/psci_private.h
index 04f93bd..2eb4a9b 100644
--- a/lib/psci/psci_private.h
+++ b/lib/psci/psci_private.h
@@ -286,7 +286,6 @@
int psci_validate_power_state(unsigned int power_state,
psci_power_state_t *state_info);
void psci_query_sys_suspend_pwrstate(psci_power_state_t *state_info);
-int psci_validate_mpidr(u_register_t mpidr);
void psci_init_req_local_pwr_states(void);
#if PSCI_OS_INIT_MODE
void psci_update_req_local_pwr_states(unsigned int end_pwrlvl,
diff --git a/lib/psci/psci_stat.c b/lib/psci/psci_stat.c
index ad88d07..bedb816 100644
--- a/lib/psci/psci_stat.c
+++ b/lib/psci/psci_stat.c
@@ -181,10 +181,8 @@
psci_power_state_t state_info = { {PSCI_LOCAL_STATE_RUN} };
plat_local_state_t local_state;
- /* Validate the target_cpu parameter and determine the cpu index */
+ /* Determine the cpu index */
target_idx = (unsigned int) plat_core_pos_by_mpidr(target_cpu);
- if (target_idx == (unsigned int) -1)
- return PSCI_E_INVALID_PARAMS;
/* Validate the power_state parameter */
if (psci_plat_pm_ops->translate_power_state_by_mpidr == NULL)
@@ -228,6 +226,11 @@
unsigned int power_state)
{
psci_stat_t psci_stat;
+
+ /* Validate the target cpu */
+ if (!is_valid_mpidr(target_cpu))
+ return 0;
+
int rc = psci_get_stat(target_cpu, power_state, &psci_stat);
if (rc == PSCI_E_SUCCESS)
@@ -241,6 +244,11 @@
unsigned int power_state)
{
psci_stat_t psci_stat;
+
+ /* Validate the target cpu */
+ if (!is_valid_mpidr(target_cpu))
+ return 0;
+
int rc = psci_get_stat(target_cpu, power_state, &psci_stat);
if (rc == PSCI_E_SUCCESS)
diff --git a/lib/xlat_tables_v2/xlat_tables_context.c b/lib/xlat_tables_v2/xlat_tables_context.c
index 2fbbc78..ae9244a 100644
--- a/lib/xlat_tables_v2/xlat_tables_context.c
+++ b/lib/xlat_tables_v2/xlat_tables_context.c
@@ -200,7 +200,7 @@
* region. Therefore, in this case we have to assume that the whole address
* space size might be mapped.
*/
-#ifdef PLAT_XLAT_TABLES_DYNAMIC
+#if PLAT_XLAT_TABLES_DYNAMIC
#define MAX_PHYS_ADDR tf_xlat_ctx.pa_max_address
#else
#define MAX_PHYS_ADDR tf_xlat_ctx.max_pa
diff --git a/lib/zlib/adler32.c b/lib/zlib/adler32.c
index d0be438..04b81d2 100644
--- a/lib/zlib/adler32.c
+++ b/lib/zlib/adler32.c
@@ -7,8 +7,6 @@
#include "zutil.h"
-local uLong adler32_combine_ OF((uLong adler1, uLong adler2, z_off64_t len2));
-
#define BASE 65521U /* largest prime smaller than 65536 */
#define NMAX 5552
/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */
@@ -60,11 +58,7 @@
#endif
/* ========================================================================= */
-uLong ZEXPORT adler32_z(adler, buf, len)
- uLong adler;
- const Bytef *buf;
- z_size_t len;
-{
+uLong ZEXPORT adler32_z(uLong adler, const Bytef *buf, z_size_t len) {
unsigned long sum2;
unsigned n;
@@ -131,20 +125,12 @@
}
/* ========================================================================= */
-uLong ZEXPORT adler32(adler, buf, len)
- uLong adler;
- const Bytef *buf;
- uInt len;
-{
+uLong ZEXPORT adler32(uLong adler, const Bytef *buf, uInt len) {
return adler32_z(adler, buf, len);
}
/* ========================================================================= */
-local uLong adler32_combine_(adler1, adler2, len2)
- uLong adler1;
- uLong adler2;
- z_off64_t len2;
-{
+local uLong adler32_combine_(uLong adler1, uLong adler2, z_off64_t len2) {
unsigned long sum1;
unsigned long sum2;
unsigned rem;
@@ -169,18 +155,10 @@
}
/* ========================================================================= */
-uLong ZEXPORT adler32_combine(adler1, adler2, len2)
- uLong adler1;
- uLong adler2;
- z_off_t len2;
-{
+uLong ZEXPORT adler32_combine(uLong adler1, uLong adler2, z_off_t len2) {
return adler32_combine_(adler1, adler2, len2);
}
-uLong ZEXPORT adler32_combine64(adler1, adler2, len2)
- uLong adler1;
- uLong adler2;
- z_off64_t len2;
-{
+uLong ZEXPORT adler32_combine64(uLong adler1, uLong adler2, z_off64_t len2) {
return adler32_combine_(adler1, adler2, len2);
}
diff --git a/lib/zlib/crc32.c b/lib/zlib/crc32.c
index 21a69a8..6c38f5c 100644
--- a/lib/zlib/crc32.c
+++ b/lib/zlib/crc32.c
@@ -103,19 +103,6 @@
# define ARMCRC32
#endif
-/* Local functions. */
-local z_crc_t multmodp OF((z_crc_t a, z_crc_t b));
-local z_crc_t x2nmodp OF((z_off64_t n, unsigned k));
-
-#if defined(W) && (!defined(ARMCRC32) || defined(DYNAMIC_CRC_TABLE))
- local z_word_t byte_swap OF((z_word_t word));
-#endif
-
-#if defined(W) && !defined(ARMCRC32)
- local z_crc_t crc_word OF((z_word_t data));
- local z_word_t crc_word_big OF((z_word_t data));
-#endif
-
#if defined(W) && (!defined(ARMCRC32) || defined(DYNAMIC_CRC_TABLE))
/*
Swap the bytes in a z_word_t to convert between little and big endian. Any
@@ -123,9 +110,7 @@
instruction, if one is available. This assumes that word_t is either 32 bits
or 64 bits.
*/
-local z_word_t byte_swap(word)
- z_word_t word;
-{
+local z_word_t byte_swap(z_word_t word) {
# if W == 8
return
(word & 0xff00000000000000) >> 56 |
@@ -146,24 +131,77 @@
}
#endif
+#ifdef DYNAMIC_CRC_TABLE
+/* =========================================================================
+ * Table of powers of x for combining CRC-32s, filled in by make_crc_table()
+ * below.
+ */
+ local z_crc_t FAR x2n_table[32];
+#else
+/* =========================================================================
+ * Tables for byte-wise and braided CRC-32 calculations, and a table of powers
+ * of x for combining CRC-32s, all made by make_crc_table().
+ */
+# include "crc32.h"
+#endif
+
/* CRC polynomial. */
#define POLY 0xedb88320 /* p(x) reflected, with x^32 implied */
-#ifdef DYNAMIC_CRC_TABLE
+/*
+ Return a(x) multiplied by b(x) modulo p(x), where p(x) is the CRC polynomial,
+ reflected. For speed, this requires that a not be zero.
+ */
+local z_crc_t multmodp(z_crc_t a, z_crc_t b) {
+ z_crc_t m, p;
+
+ m = (z_crc_t)1 << 31;
+ p = 0;
+ for (;;) {
+ if (a & m) {
+ p ^= b;
+ if ((a & (m - 1)) == 0)
+ break;
+ }
+ m >>= 1;
+ b = b & 1 ? (b >> 1) ^ POLY : b >> 1;
+ }
+ return p;
+}
+/*
+ Return x^(n * 2^k) modulo p(x). Requires that x2n_table[] has been
+ initialized.
+ */
+local z_crc_t x2nmodp(z_off64_t n, unsigned k) {
+ z_crc_t p;
+
+ p = (z_crc_t)1 << 31; /* x^0 == 1 */
+ while (n) {
+ if (n & 1)
+ p = multmodp(x2n_table[k & 31], p);
+ n >>= 1;
+ k++;
+ }
+ return p;
+}
+
+#ifdef DYNAMIC_CRC_TABLE
+/* =========================================================================
+ * Build the tables for byte-wise and braided CRC-32 calculations, and a table
+ * of powers of x for combining CRC-32s.
+ */
local z_crc_t FAR crc_table[256];
-local z_crc_t FAR x2n_table[32];
-local void make_crc_table OF((void));
#ifdef W
local z_word_t FAR crc_big_table[256];
local z_crc_t FAR crc_braid_table[W][256];
local z_word_t FAR crc_braid_big_table[W][256];
- local void braid OF((z_crc_t [][256], z_word_t [][256], int, int));
+ local void braid(z_crc_t [][256], z_word_t [][256], int, int);
#endif
#ifdef MAKECRCH
- local void write_table OF((FILE *, const z_crc_t FAR *, int));
- local void write_table32hi OF((FILE *, const z_word_t FAR *, int));
- local void write_table64 OF((FILE *, const z_word_t FAR *, int));
+ local void write_table(FILE *, const z_crc_t FAR *, int);
+ local void write_table32hi(FILE *, const z_word_t FAR *, int);
+ local void write_table64(FILE *, const z_word_t FAR *, int);
#endif /* MAKECRCH */
/*
@@ -176,7 +214,6 @@
/* Definition of once functionality. */
typedef struct once_s once_t;
-local void once OF((once_t *, void (*)(void)));
/* Check for the availability of atomics. */
#if defined(__STDC__) && __STDC_VERSION__ >= 201112L && \
@@ -196,10 +233,7 @@
invoke once() at the same time. The state must be a once_t initialized with
ONCE_INIT.
*/
-local void once(state, init)
- once_t *state;
- void (*init)(void);
-{
+local void once(once_t *state, void (*init)(void)) {
if (!atomic_load(&state->done)) {
if (atomic_flag_test_and_set(&state->begun))
while (!atomic_load(&state->done))
@@ -222,10 +256,7 @@
/* Test and set. Alas, not atomic, but tries to minimize the period of
vulnerability. */
-local int test_and_set OF((int volatile *));
-local int test_and_set(flag)
- int volatile *flag;
-{
+local int test_and_set(int volatile *flag) {
int was;
was = *flag;
@@ -234,10 +265,7 @@
}
/* Run the provided init() function once. This is not thread-safe. */
-local void once(state, init)
- once_t *state;
- void (*init)(void);
-{
+local void once(once_t *state, void (*init)(void)) {
if (!state->done) {
if (test_and_set(&state->begun))
while (!state->done)
@@ -279,8 +307,7 @@
combinations of CRC register values and incoming bytes.
*/
-local void make_crc_table(void)
-{
+local void make_crc_table(void) {
unsigned i, j, n;
z_crc_t p;
@@ -447,11 +474,7 @@
Write the 32-bit values in table[0..k-1] to out, five per line in
hexadecimal separated by commas.
*/
-local void write_table(out, table, k)
- FILE *out;
- const z_crc_t FAR *table;
- int k;
-{
+local void write_table(FILE *out, const z_crc_t FAR *table, int k) {
int n;
for (n = 0; n < k; n++)
@@ -464,11 +487,7 @@
Write the high 32-bits of each value in table[0..k-1] to out, five per line
in hexadecimal separated by commas.
*/
-local void write_table32hi(out, table, k)
-FILE *out;
-const z_word_t FAR *table;
-int k;
-{
+local void write_table32hi(FILE *out, const z_word_t FAR *table, int k) {
int n;
for (n = 0; n < k; n++)
@@ -484,11 +503,7 @@
bits. If not, then the type cast and format string can be adjusted
accordingly.
*/
-local void write_table64(out, table, k)
- FILE *out;
- const z_word_t FAR *table;
- int k;
-{
+local void write_table64(FILE *out, const z_word_t FAR *table, int k) {
int n;
for (n = 0; n < k; n++)
@@ -498,8 +513,7 @@
}
/* Actually do the deed. */
-int main(void)
-{
+int main(void) {
make_crc_table();
return 0;
}
@@ -511,12 +525,7 @@
Generate the little and big-endian braid tables for the given n and z_word_t
size w. Each array must have room for w blocks of 256 elements.
*/
-local void braid(ltl, big, n, w)
- z_crc_t ltl[][256];
- z_word_t big[][256];
- int n;
- int w;
-{
+local void braid(z_crc_t ltl[][256], z_word_t big[][256], int n, int w) {
int k;
z_crc_t i, p, q;
for (k = 0; k < w; k++) {
@@ -531,69 +540,13 @@
}
#endif
-#else /* !DYNAMIC_CRC_TABLE */
-/* ========================================================================
- * Tables for byte-wise and braided CRC-32 calculations, and a table of powers
- * of x for combining CRC-32s, all made by make_crc_table().
- */
-#include "crc32.h"
#endif /* DYNAMIC_CRC_TABLE */
-/* ========================================================================
- * Routines used for CRC calculation. Some are also required for the table
- * generation above.
- */
-
-/*
- Return a(x) multiplied by b(x) modulo p(x), where p(x) is the CRC polynomial,
- reflected. For speed, this requires that a not be zero.
- */
-local z_crc_t multmodp(a, b)
- z_crc_t a;
- z_crc_t b;
-{
- z_crc_t m, p;
-
- m = (z_crc_t)1 << 31;
- p = 0;
- for (;;) {
- if (a & m) {
- p ^= b;
- if ((a & (m - 1)) == 0)
- break;
- }
- m >>= 1;
- b = b & 1 ? (b >> 1) ^ POLY : b >> 1;
- }
- return p;
-}
-
-/*
- Return x^(n * 2^k) modulo p(x). Requires that x2n_table[] has been
- initialized.
- */
-local z_crc_t x2nmodp(n, k)
- z_off64_t n;
- unsigned k;
-{
- z_crc_t p;
-
- p = (z_crc_t)1 << 31; /* x^0 == 1 */
- while (n) {
- if (n & 1)
- p = multmodp(x2n_table[k & 31], p);
- n >>= 1;
- k++;
- }
- return p;
-}
-
/* =========================================================================
* This function can be used by asm versions of crc32(), and to force the
* generation of the CRC tables in a threaded application.
*/
-const z_crc_t FAR * ZEXPORT get_crc_table()
-{
+const z_crc_t FAR * ZEXPORT get_crc_table(void) {
#ifdef DYNAMIC_CRC_TABLE
once(&made, make_crc_table);
#endif /* DYNAMIC_CRC_TABLE */
@@ -619,11 +572,8 @@
#define Z_BATCH_ZEROS 0xa10d3d0c /* computed from Z_BATCH = 3990 */
#define Z_BATCH_MIN 800 /* fewest words in a final batch */
-unsigned long ZEXPORT crc32_z(crc, buf, len)
- unsigned long crc;
- const unsigned char FAR *buf;
- z_size_t len;
-{
+unsigned long ZEXPORT crc32_z(unsigned long crc, const unsigned char FAR *buf,
+ z_size_t len) {
z_crc_t val;
z_word_t crc1, crc2;
const z_word_t *word;
@@ -723,18 +673,14 @@
least-significant byte of the word as the first byte of data, without any pre
or post conditioning. This is used to combine the CRCs of each braid.
*/
-local z_crc_t crc_word(data)
- z_word_t data;
-{
+local z_crc_t crc_word(z_word_t data) {
int k;
for (k = 0; k < W; k++)
data = (data >> 8) ^ crc_table[data & 0xff];
return (z_crc_t)data;
}
-local z_word_t crc_word_big(data)
- z_word_t data;
-{
+local z_word_t crc_word_big(z_word_t data) {
int k;
for (k = 0; k < W; k++)
data = (data << 8) ^
@@ -745,11 +691,8 @@
#endif
/* ========================================================================= */
-unsigned long ZEXPORT crc32_z(crc, buf, len)
- unsigned long crc;
- const unsigned char FAR *buf;
- z_size_t len;
-{
+unsigned long ZEXPORT crc32_z(unsigned long crc, const unsigned char FAR *buf,
+ z_size_t len) {
/* Return initial CRC, if requested. */
if (buf == Z_NULL) return 0;
@@ -781,8 +724,8 @@
words = (z_word_t const *)buf;
/* Do endian check at execution time instead of compile time, since ARM
- processors can change the endianess at execution time. If the
- compiler knows what the endianess will be, it can optimize out the
+ processors can change the endianness at execution time. If the
+ compiler knows what the endianness will be, it can optimize out the
check and the unused branch. */
endian = 1;
if (*(unsigned char *)&endian) {
@@ -1069,20 +1012,13 @@
#endif
/* ========================================================================= */
-unsigned long ZEXPORT crc32(crc, buf, len)
- unsigned long crc;
- const unsigned char FAR *buf;
- uInt len;
-{
+unsigned long ZEXPORT crc32(unsigned long crc, const unsigned char FAR *buf,
+ uInt len) {
return crc32_z(crc, buf, len);
}
/* ========================================================================= */
-uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
- uLong crc1;
- uLong crc2;
- z_off64_t len2;
-{
+uLong ZEXPORT crc32_combine64(uLong crc1, uLong crc2, z_off64_t len2) {
#ifdef DYNAMIC_CRC_TABLE
once(&made, make_crc_table);
#endif /* DYNAMIC_CRC_TABLE */
@@ -1090,18 +1026,12 @@
}
/* ========================================================================= */
-uLong ZEXPORT crc32_combine(crc1, crc2, len2)
- uLong crc1;
- uLong crc2;
- z_off_t len2;
-{
+uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2) {
return crc32_combine64(crc1, crc2, (z_off64_t)len2);
}
/* ========================================================================= */
-uLong ZEXPORT crc32_combine_gen64(len2)
- z_off64_t len2;
-{
+uLong ZEXPORT crc32_combine_gen64(z_off64_t len2) {
#ifdef DYNAMIC_CRC_TABLE
once(&made, make_crc_table);
#endif /* DYNAMIC_CRC_TABLE */
@@ -1109,17 +1039,11 @@
}
/* ========================================================================= */
-uLong ZEXPORT crc32_combine_gen(len2)
- z_off_t len2;
-{
+uLong ZEXPORT crc32_combine_gen(z_off_t len2) {
return crc32_combine_gen64((z_off64_t)len2);
}
/* ========================================================================= */
-uLong ZEXPORT crc32_combine_op(crc1, crc2, op)
- uLong crc1;
- uLong crc2;
- uLong op;
-{
+uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op) {
return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
}
diff --git a/lib/zlib/inffast.c b/lib/zlib/inffast.c
index 1fec7f3..9354676 100644
--- a/lib/zlib/inffast.c
+++ b/lib/zlib/inffast.c
@@ -47,10 +47,7 @@
requires strm->avail_out >= 258 for each loop to avoid checking for
output space.
*/
-void ZLIB_INTERNAL inflate_fast(strm, start)
-z_streamp strm;
-unsigned start; /* inflate()'s starting value for strm->avail_out */
-{
+void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start) {
struct inflate_state FAR *state;
z_const unsigned char FAR *in; /* local strm->next_in */
z_const unsigned char FAR *last; /* have enough input while in < last */
diff --git a/lib/zlib/inffast.h b/lib/zlib/inffast.h
index e5c1aa4..49c6d15 100644
--- a/lib/zlib/inffast.h
+++ b/lib/zlib/inffast.h
@@ -8,4 +8,4 @@
subject to change. Applications should only use zlib.h.
*/
-void ZLIB_INTERNAL inflate_fast OF((z_streamp strm, unsigned start));
+void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start);
diff --git a/lib/zlib/inflate.c b/lib/zlib/inflate.c
index aa25e61..b0757a9 100644
--- a/lib/zlib/inflate.c
+++ b/lib/zlib/inflate.c
@@ -91,20 +91,7 @@
# endif
#endif
-/* function prototypes */
-local int inflateStateCheck OF((z_streamp strm));
-local void fixedtables OF((struct inflate_state FAR *state));
-local int updatewindow OF((z_streamp strm, const unsigned char FAR *end,
- unsigned copy));
-#ifdef BUILDFIXED
- void makefixed OF((void));
-#endif
-local unsigned syncsearch OF((unsigned FAR *have, const unsigned char FAR *buf,
- unsigned len));
-
-local int inflateStateCheck(strm)
-z_streamp strm;
-{
+local int inflateStateCheck(z_streamp strm) {
struct inflate_state FAR *state;
if (strm == Z_NULL ||
strm->zalloc == (alloc_func)0 || strm->zfree == (free_func)0)
@@ -116,9 +103,7 @@
return 0;
}
-int ZEXPORT inflateResetKeep(strm)
-z_streamp strm;
-{
+int ZEXPORT inflateResetKeep(z_streamp strm) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
@@ -142,9 +127,7 @@
return Z_OK;
}
-int ZEXPORT inflateReset(strm)
-z_streamp strm;
-{
+int ZEXPORT inflateReset(z_streamp strm) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
@@ -155,10 +138,7 @@
return inflateResetKeep(strm);
}
-int ZEXPORT inflateReset2(strm, windowBits)
-z_streamp strm;
-int windowBits;
-{
+int ZEXPORT inflateReset2(z_streamp strm, int windowBits) {
int wrap;
struct inflate_state FAR *state;
@@ -195,12 +175,8 @@
return inflateReset(strm);
}
-int ZEXPORT inflateInit2_(strm, windowBits, version, stream_size)
-z_streamp strm;
-int windowBits;
-const char *version;
-int stream_size;
-{
+int ZEXPORT inflateInit2_(z_streamp strm, int windowBits,
+ const char *version, int stream_size) {
int ret;
struct inflate_state FAR *state;
@@ -239,22 +215,17 @@
return ret;
}
-int ZEXPORT inflateInit_(strm, version, stream_size)
-z_streamp strm;
-const char *version;
-int stream_size;
-{
+int ZEXPORT inflateInit_(z_streamp strm, const char *version,
+ int stream_size) {
return inflateInit2_(strm, DEF_WBITS, version, stream_size);
}
-int ZEXPORT inflatePrime(strm, bits, value)
-z_streamp strm;
-int bits;
-int value;
-{
+int ZEXPORT inflatePrime(z_streamp strm, int bits, int value) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+ if (bits == 0)
+ return Z_OK;
state = (struct inflate_state FAR *)strm->state;
if (bits < 0) {
state->hold = 0;
@@ -278,9 +249,7 @@
used for threaded applications, since the rewriting of the tables and virgin
may not be thread-safe.
*/
-local void fixedtables(state)
-struct inflate_state FAR *state;
-{
+local void fixedtables(struct inflate_state FAR *state) {
#ifdef BUILDFIXED
static int virgin = 1;
static code *lenfix, *distfix;
@@ -396,11 +365,7 @@
output will fall in the output data, making match copies simpler and faster.
The advantage may be dependent on the size of the processor's data caches.
*/
-local int updatewindow(strm, end, copy)
-z_streamp strm;
-const Bytef *end;
-unsigned copy;
-{
+local int updatewindow(z_streamp strm, const Bytef *end, unsigned copy) {
struct inflate_state FAR *state;
unsigned dist;
@@ -622,10 +587,7 @@
will return Z_BUF_ERROR if it has not reached the end of the stream.
*/
-int ZEXPORT inflate(strm, flush)
-z_streamp strm;
-int flush;
-{
+int ZEXPORT inflate(z_streamp strm, int flush) {
struct inflate_state FAR *state;
z_const unsigned char FAR *next; /* next input */
unsigned char FAR *put; /* next output */
@@ -1301,9 +1263,7 @@
return ret;
}
-int ZEXPORT inflateEnd(strm)
-z_streamp strm;
-{
+int ZEXPORT inflateEnd(z_streamp strm) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm))
return Z_STREAM_ERROR;
@@ -1315,11 +1275,8 @@
return Z_OK;
}
-int ZEXPORT inflateGetDictionary(strm, dictionary, dictLength)
-z_streamp strm;
-Bytef *dictionary;
-uInt *dictLength;
-{
+int ZEXPORT inflateGetDictionary(z_streamp strm, Bytef *dictionary,
+ uInt *dictLength) {
struct inflate_state FAR *state;
/* check state */
@@ -1338,11 +1295,8 @@
return Z_OK;
}
-int ZEXPORT inflateSetDictionary(strm, dictionary, dictLength)
-z_streamp strm;
-const Bytef *dictionary;
-uInt dictLength;
-{
+int ZEXPORT inflateSetDictionary(z_streamp strm, const Bytef *dictionary,
+ uInt dictLength) {
struct inflate_state FAR *state;
unsigned long dictid;
int ret;
@@ -1373,10 +1327,7 @@
return Z_OK;
}
-int ZEXPORT inflateGetHeader(strm, head)
-z_streamp strm;
-gz_headerp head;
-{
+int ZEXPORT inflateGetHeader(z_streamp strm, gz_headerp head) {
struct inflate_state FAR *state;
/* check state */
@@ -1401,11 +1352,8 @@
called again with more data and the *have state. *have is initialized to
zero for the first call.
*/
-local unsigned syncsearch(have, buf, len)
-unsigned FAR *have;
-const unsigned char FAR *buf;
-unsigned len;
-{
+local unsigned syncsearch(unsigned FAR *have, const unsigned char FAR *buf,
+ unsigned len) {
unsigned got;
unsigned next;
@@ -1424,9 +1372,7 @@
return next;
}
-int ZEXPORT inflateSync(strm)
-z_streamp strm;
-{
+int ZEXPORT inflateSync(z_streamp strm) {
unsigned len; /* number of bytes to look at or looked at */
int flags; /* temporary to save header status */
unsigned long in, out; /* temporary to save total_in and total_out */
@@ -1482,9 +1428,7 @@
block. When decompressing, PPP checks that at the end of input packet,
inflate is waiting for these length bytes.
*/
-int ZEXPORT inflateSyncPoint(strm)
-z_streamp strm;
-{
+int ZEXPORT inflateSyncPoint(z_streamp strm) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
@@ -1492,10 +1436,7 @@
return state->mode == STORED && state->bits == 0;
}
-int ZEXPORT inflateCopy(dest, source)
-z_streamp dest;
-z_streamp source;
-{
+int ZEXPORT inflateCopy(z_streamp dest, z_streamp source) {
struct inflate_state FAR *state;
struct inflate_state FAR *copy;
unsigned char FAR *window;
@@ -1539,10 +1480,7 @@
return Z_OK;
}
-int ZEXPORT inflateUndermine(strm, subvert)
-z_streamp strm;
-int subvert;
-{
+int ZEXPORT inflateUndermine(z_streamp strm, int subvert) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
@@ -1557,10 +1495,7 @@
#endif
}
-int ZEXPORT inflateValidate(strm, check)
-z_streamp strm;
-int check;
-{
+int ZEXPORT inflateValidate(z_streamp strm, int check) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
@@ -1572,9 +1507,7 @@
return Z_OK;
}
-long ZEXPORT inflateMark(strm)
-z_streamp strm;
-{
+long ZEXPORT inflateMark(z_streamp strm) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm))
@@ -1585,9 +1518,7 @@
(state->mode == MATCH ? state->was - state->length : 0));
}
-unsigned long ZEXPORT inflateCodesUsed(strm)
-z_streamp strm;
-{
+unsigned long ZEXPORT inflateCodesUsed(z_streamp strm) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return (unsigned long)-1;
state = (struct inflate_state FAR *)strm->state;
diff --git a/lib/zlib/inftrees.c b/lib/zlib/inftrees.c
index 57d2793..8a208c2 100644
--- a/lib/zlib/inftrees.c
+++ b/lib/zlib/inftrees.c
@@ -1,5 +1,5 @@
/* inftrees.c -- generate Huffman trees for efficient decoding
- * Copyright (C) 1995-2022 Mark Adler
+ * Copyright (C) 1995-2023 Mark Adler
* For conditions of distribution and use, see copyright notice in zlib.h
*/
@@ -9,7 +9,7 @@
#define MAXBITS 15
const char inflate_copyright[] =
- " inflate 1.2.13 Copyright 1995-2022 Mark Adler ";
+ " inflate 1.3 Copyright 1995-2023 Mark Adler ";
/*
If you use the zlib library in a product, an acknowledgment is welcome
in the documentation of your product. If for some reason you cannot
@@ -29,14 +29,9 @@
table index bits. It will differ if the request is greater than the
longest code or if it is less than the shortest code.
*/
-int ZLIB_INTERNAL inflate_table(type, lens, codes, table, bits, work)
-codetype type;
-unsigned short FAR *lens;
-unsigned codes;
-code FAR * FAR *table;
-unsigned FAR *bits;
-unsigned short FAR *work;
-{
+int ZLIB_INTERNAL inflate_table(codetype type, unsigned short FAR *lens,
+ unsigned codes, code FAR * FAR *table,
+ unsigned FAR *bits, unsigned short FAR *work) {
unsigned len; /* a code's length in bits */
unsigned sym; /* index of code symbols */
unsigned min, max; /* minimum and maximum code lengths */
@@ -62,7 +57,7 @@
35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0};
static const unsigned short lext[31] = { /* Length codes 257..285 extra */
16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,
- 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 194, 65};
+ 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 198, 203};
static const unsigned short dbase[32] = { /* Distance codes 0..29 base */
1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,
257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,
diff --git a/lib/zlib/inftrees.h b/lib/zlib/inftrees.h
index f536653..a10712d 100644
--- a/lib/zlib/inftrees.h
+++ b/lib/zlib/inftrees.h
@@ -57,6 +57,6 @@
DISTS
} codetype;
-int ZLIB_INTERNAL inflate_table OF((codetype type, unsigned short FAR *lens,
- unsigned codes, code FAR * FAR *table,
- unsigned FAR *bits, unsigned short FAR *work));
+int ZLIB_INTERNAL inflate_table(codetype type, unsigned short FAR *lens,
+ unsigned codes, code FAR * FAR *table,
+ unsigned FAR *bits, unsigned short FAR *work);
diff --git a/lib/zlib/zconf.h b/lib/zlib/zconf.h
index bf977d3..fb76ffe 100644
--- a/lib/zlib/zconf.h
+++ b/lib/zlib/zconf.h
@@ -241,7 +241,11 @@
#endif
#ifdef Z_SOLO
- typedef unsigned long z_size_t;
+# ifdef _WIN64
+ typedef unsigned long long z_size_t;
+# else
+ typedef unsigned long z_size_t;
+# endif
#else
# define z_longlong long long
# if defined(NO_SIZE_T)
@@ -520,7 +524,7 @@
#if !defined(_WIN32) && defined(Z_LARGE64)
# define z_off64_t off64_t
#else
-# if defined(_WIN32) && !defined(__GNUC__) && !defined(Z_SOLO)
+# if defined(_WIN32) && !defined(__GNUC__)
# define z_off64_t __int64
# else
# define z_off64_t z_off_t
diff --git a/lib/zlib/zlib.h b/lib/zlib/zlib.h
index 953cb50..6b7244f 100644
--- a/lib/zlib/zlib.h
+++ b/lib/zlib/zlib.h
@@ -1,7 +1,7 @@
/* zlib.h -- interface of the 'zlib' general purpose compression library
- version 1.2.13, October 13th, 2022
+ version 1.3, August 18th, 2023
- Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler
+ Copyright (C) 1995-2023 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
@@ -37,11 +37,11 @@
extern "C" {
#endif
-#define ZLIB_VERSION "1.2.13"
-#define ZLIB_VERNUM 0x12d0
+#define ZLIB_VERSION "1.3"
+#define ZLIB_VERNUM 0x1300
#define ZLIB_VER_MAJOR 1
-#define ZLIB_VER_MINOR 2
-#define ZLIB_VER_REVISION 13
+#define ZLIB_VER_MINOR 3
+#define ZLIB_VER_REVISION 0
#define ZLIB_VER_SUBREVISION 0
/*
@@ -78,8 +78,8 @@
even in the case of corrupted input.
*/
-typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size));
-typedef void (*free_func) OF((voidpf opaque, voidpf address));
+typedef voidpf (*alloc_func)(voidpf opaque, uInt items, uInt size);
+typedef void (*free_func)(voidpf opaque, voidpf address);
struct internal_state;
@@ -217,7 +217,7 @@
/* basic functions */
-ZEXTERN const char * ZEXPORT zlibVersion OF((void));
+ZEXTERN const char * ZEXPORT zlibVersion(void);
/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
If the first character differs, the library code actually used is not
compatible with the zlib.h header file used by the application. This check
@@ -225,12 +225,12 @@
*/
/*
-ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level));
+ZEXTERN int ZEXPORT deflateInit(z_streamp strm, int level);
Initializes the internal stream state for compression. The fields
zalloc, zfree and opaque must be initialized before by the caller. If
zalloc and zfree are set to Z_NULL, deflateInit updates them to use default
- allocation functions.
+ allocation functions. total_in, total_out, adler, and msg are initialized.
The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
1 gives best speed, 9 gives best compression, 0 gives no compression at all
@@ -247,7 +247,7 @@
*/
-ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush));
+ZEXTERN int ZEXPORT deflate(z_streamp strm, int flush);
/*
deflate compresses as much data as possible, and stops when the input
buffer becomes empty or the output buffer becomes full. It may introduce
@@ -320,8 +320,8 @@
with the same value of the flush parameter and more output space (updated
avail_out), until the flush is complete (deflate returns with non-zero
avail_out). In the case of a Z_FULL_FLUSH or Z_SYNC_FLUSH, make sure that
- avail_out is greater than six to avoid repeated flush markers due to
- avail_out == 0 on return.
+ avail_out is greater than six when the flush marker begins, in order to avoid
+ repeated flush markers upon calling deflate() again when avail_out == 0.
If the parameter flush is set to Z_FINISH, pending input is processed,
pending output is flushed and deflate returns with Z_STREAM_END if there was
@@ -360,7 +360,7 @@
*/
-ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm));
+ZEXTERN int ZEXPORT deflateEnd(z_streamp strm);
/*
All dynamically allocated data structures for this stream are freed.
This function discards any unprocessed input and does not flush any pending
@@ -375,7 +375,7 @@
/*
-ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm));
+ZEXTERN int ZEXPORT inflateInit(z_streamp strm);
Initializes the internal stream state for decompression. The fields
next_in, avail_in, zalloc, zfree and opaque must be initialized before by
@@ -383,7 +383,8 @@
read or consumed. The allocation of a sliding window will be deferred to
the first call of inflate (if the decompression does not complete on the
first call). If zalloc and zfree are set to Z_NULL, inflateInit updates
- them to use default allocation functions.
+ them to use default allocation functions. total_in, total_out, adler, and
+ msg are initialized.
inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
@@ -397,7 +398,7 @@
*/
-ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush));
+ZEXTERN int ZEXPORT inflate(z_streamp strm, int flush);
/*
inflate decompresses as much data as possible, and stops when the input
buffer becomes empty or the output buffer becomes full. It may introduce
@@ -517,7 +518,7 @@
*/
-ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm));
+ZEXTERN int ZEXPORT inflateEnd(z_streamp strm);
/*
All dynamically allocated data structures for this stream are freed.
This function discards any unprocessed input and does not flush any pending
@@ -535,12 +536,12 @@
*/
/*
-ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm,
- int level,
- int method,
- int windowBits,
- int memLevel,
- int strategy));
+ZEXTERN int ZEXPORT deflateInit2(z_streamp strm,
+ int level,
+ int method,
+ int windowBits,
+ int memLevel,
+ int strategy);
This is another version of deflateInit with more compression options. The
fields zalloc, zfree and opaque must be initialized before by the caller.
@@ -607,9 +608,9 @@
compression: this will be done by deflate().
*/
-ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength));
+ZEXTERN int ZEXPORT deflateSetDictionary(z_streamp strm,
+ const Bytef *dictionary,
+ uInt dictLength);
/*
Initializes the compression dictionary from the given byte sequence
without producing any compressed output. When using the zlib format, this
@@ -651,9 +652,9 @@
not perform any compression: this will be done by deflate().
*/
-ZEXTERN int ZEXPORT deflateGetDictionary OF((z_streamp strm,
- Bytef *dictionary,
- uInt *dictLength));
+ZEXTERN int ZEXPORT deflateGetDictionary(z_streamp strm,
+ Bytef *dictionary,
+ uInt *dictLength);
/*
Returns the sliding dictionary being maintained by deflate. dictLength is
set to the number of bytes in the dictionary, and that many bytes are copied
@@ -673,8 +674,8 @@
stream state is inconsistent.
*/
-ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest,
- z_streamp source));
+ZEXTERN int ZEXPORT deflateCopy(z_streamp dest,
+ z_streamp source);
/*
Sets the destination stream as a complete copy of the source stream.
@@ -691,20 +692,20 @@
destination.
*/
-ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm));
+ZEXTERN int ZEXPORT deflateReset(z_streamp strm);
/*
This function is equivalent to deflateEnd followed by deflateInit, but
does not free and reallocate the internal compression state. The stream
will leave the compression level and any other attributes that may have been
- set unchanged.
+ set unchanged. total_in, total_out, adler, and msg are initialized.
deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
stream state was inconsistent (such as zalloc or state being Z_NULL).
*/
-ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm,
- int level,
- int strategy));
+ZEXTERN int ZEXPORT deflateParams(z_streamp strm,
+ int level,
+ int strategy);
/*
Dynamically update the compression level and compression strategy. The
interpretation of level and strategy is as in deflateInit2(). This can be
@@ -729,7 +730,7 @@
Then no more input data should be provided before the deflateParams() call.
If this is done, the old level and strategy will be applied to the data
compressed before deflateParams(), and the new level and strategy will be
- applied to the the data compressed after deflateParams().
+ applied to the data compressed after deflateParams().
deflateParams returns Z_OK on success, Z_STREAM_ERROR if the source stream
state was inconsistent or if a parameter was invalid, or Z_BUF_ERROR if
@@ -740,11 +741,11 @@
retried with more output space.
*/
-ZEXTERN int ZEXPORT deflateTune OF((z_streamp strm,
- int good_length,
- int max_lazy,
- int nice_length,
- int max_chain));
+ZEXTERN int ZEXPORT deflateTune(z_streamp strm,
+ int good_length,
+ int max_lazy,
+ int nice_length,
+ int max_chain);
/*
Fine tune deflate's internal compression parameters. This should only be
used by someone who understands the algorithm used by zlib's deflate for
@@ -757,8 +758,8 @@
returns Z_OK on success, or Z_STREAM_ERROR for an invalid deflate stream.
*/
-ZEXTERN uLong ZEXPORT deflateBound OF((z_streamp strm,
- uLong sourceLen));
+ZEXTERN uLong ZEXPORT deflateBound(z_streamp strm,
+ uLong sourceLen);
/*
deflateBound() returns an upper bound on the compressed size after
deflation of sourceLen bytes. It must be called after deflateInit() or
@@ -772,9 +773,9 @@
than Z_FINISH or Z_NO_FLUSH are used.
*/
-ZEXTERN int ZEXPORT deflatePending OF((z_streamp strm,
- unsigned *pending,
- int *bits));
+ZEXTERN int ZEXPORT deflatePending(z_streamp strm,
+ unsigned *pending,
+ int *bits);
/*
deflatePending() returns the number of bytes and bits of output that have
been generated, but not yet provided in the available output. The bytes not
@@ -787,9 +788,9 @@
stream state was inconsistent.
*/
-ZEXTERN int ZEXPORT deflatePrime OF((z_streamp strm,
- int bits,
- int value));
+ZEXTERN int ZEXPORT deflatePrime(z_streamp strm,
+ int bits,
+ int value);
/*
deflatePrime() inserts bits in the deflate output stream. The intent
is that this function is used to start off the deflate output with the bits
@@ -804,8 +805,8 @@
source stream state was inconsistent.
*/
-ZEXTERN int ZEXPORT deflateSetHeader OF((z_streamp strm,
- gz_headerp head));
+ZEXTERN int ZEXPORT deflateSetHeader(z_streamp strm,
+ gz_headerp head);
/*
deflateSetHeader() provides gzip header information for when a gzip
stream is requested by deflateInit2(). deflateSetHeader() may be called
@@ -821,16 +822,17 @@
gzip file" and give up.
If deflateSetHeader is not used, the default gzip header has text false,
- the time set to zero, and os set to 255, with no extra, name, or comment
- fields. The gzip header is returned to the default state by deflateReset().
+ the time set to zero, and os set to the current operating system, with no
+ extra, name, or comment fields. The gzip header is returned to the default
+ state by deflateReset().
deflateSetHeader returns Z_OK if success, or Z_STREAM_ERROR if the source
stream state was inconsistent.
*/
/*
-ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm,
- int windowBits));
+ZEXTERN int ZEXPORT inflateInit2(z_streamp strm,
+ int windowBits);
This is another version of inflateInit with an extra parameter. The
fields next_in, avail_in, zalloc, zfree and opaque must be initialized
@@ -883,9 +885,9 @@
deferred until inflate() is called.
*/
-ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength));
+ZEXTERN int ZEXPORT inflateSetDictionary(z_streamp strm,
+ const Bytef *dictionary,
+ uInt dictLength);
/*
Initializes the decompression dictionary from the given uncompressed byte
sequence. This function must be called immediately after a call of inflate,
@@ -906,9 +908,9 @@
inflate().
*/
-ZEXTERN int ZEXPORT inflateGetDictionary OF((z_streamp strm,
- Bytef *dictionary,
- uInt *dictLength));
+ZEXTERN int ZEXPORT inflateGetDictionary(z_streamp strm,
+ Bytef *dictionary,
+ uInt *dictLength);
/*
Returns the sliding dictionary being maintained by inflate. dictLength is
set to the number of bytes in the dictionary, and that many bytes are copied
@@ -921,7 +923,7 @@
stream state is inconsistent.
*/
-ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm));
+ZEXTERN int ZEXPORT inflateSync(z_streamp strm);
/*
Skips invalid compressed data until a possible full flush point (see above
for the description of deflate with Z_FULL_FLUSH) can be found, or until all
@@ -940,8 +942,8 @@
input each time, until success or end of the input data.
*/
-ZEXTERN int ZEXPORT inflateCopy OF((z_streamp dest,
- z_streamp source));
+ZEXTERN int ZEXPORT inflateCopy(z_streamp dest,
+ z_streamp source);
/*
Sets the destination stream as a complete copy of the source stream.
@@ -956,18 +958,19 @@
destination.
*/
-ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm));
+ZEXTERN int ZEXPORT inflateReset(z_streamp strm);
/*
This function is equivalent to inflateEnd followed by inflateInit,
but does not free and reallocate the internal decompression state. The
stream will keep attributes that may have been set by inflateInit2.
+ total_in, total_out, adler, and msg are initialized.
inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
stream state was inconsistent (such as zalloc or state being Z_NULL).
*/
-ZEXTERN int ZEXPORT inflateReset2 OF((z_streamp strm,
- int windowBits));
+ZEXTERN int ZEXPORT inflateReset2(z_streamp strm,
+ int windowBits);
/*
This function is the same as inflateReset, but it also permits changing
the wrap and window size requests. The windowBits parameter is interpreted
@@ -980,9 +983,9 @@
the windowBits parameter is invalid.
*/
-ZEXTERN int ZEXPORT inflatePrime OF((z_streamp strm,
- int bits,
- int value));
+ZEXTERN int ZEXPORT inflatePrime(z_streamp strm,
+ int bits,
+ int value);
/*
This function inserts bits in the inflate input stream. The intent is
that this function is used to start inflating at a bit position in the
@@ -1001,7 +1004,7 @@
stream state was inconsistent.
*/
-ZEXTERN long ZEXPORT inflateMark OF((z_streamp strm));
+ZEXTERN long ZEXPORT inflateMark(z_streamp strm);
/*
This function returns two values, one in the lower 16 bits of the return
value, and the other in the remaining upper bits, obtained by shifting the
@@ -1029,8 +1032,8 @@
source stream state was inconsistent.
*/
-ZEXTERN int ZEXPORT inflateGetHeader OF((z_streamp strm,
- gz_headerp head));
+ZEXTERN int ZEXPORT inflateGetHeader(z_streamp strm,
+ gz_headerp head);
/*
inflateGetHeader() requests that gzip header information be stored in the
provided gz_header structure. inflateGetHeader() may be called after
@@ -1070,8 +1073,8 @@
*/
/*
-ZEXTERN int ZEXPORT inflateBackInit OF((z_streamp strm, int windowBits,
- unsigned char FAR *window));
+ZEXTERN int ZEXPORT inflateBackInit(z_streamp strm, int windowBits,
+ unsigned char FAR *window);
Initialize the internal stream state for decompression using inflateBack()
calls. The fields zalloc, zfree and opaque in strm must be initialized
@@ -1091,13 +1094,13 @@
the version of the header file.
*/
-typedef unsigned (*in_func) OF((void FAR *,
- z_const unsigned char FAR * FAR *));
-typedef int (*out_func) OF((void FAR *, unsigned char FAR *, unsigned));
+typedef unsigned (*in_func)(void FAR *,
+ z_const unsigned char FAR * FAR *);
+typedef int (*out_func)(void FAR *, unsigned char FAR *, unsigned);
-ZEXTERN int ZEXPORT inflateBack OF((z_streamp strm,
- in_func in, void FAR *in_desc,
- out_func out, void FAR *out_desc));
+ZEXTERN int ZEXPORT inflateBack(z_streamp strm,
+ in_func in, void FAR *in_desc,
+ out_func out, void FAR *out_desc);
/*
inflateBack() does a raw inflate with a single call using a call-back
interface for input and output. This is potentially more efficient than
@@ -1165,7 +1168,7 @@
cannot return Z_OK.
*/
-ZEXTERN int ZEXPORT inflateBackEnd OF((z_streamp strm));
+ZEXTERN int ZEXPORT inflateBackEnd(z_streamp strm);
/*
All memory allocated by inflateBackInit() is freed.
@@ -1173,7 +1176,7 @@
state was inconsistent.
*/
-ZEXTERN uLong ZEXPORT zlibCompileFlags OF((void));
+ZEXTERN uLong ZEXPORT zlibCompileFlags(void);
/* Return flags indicating compile-time options.
Type sizes, two bits each, 00 = 16 bits, 01 = 32, 10 = 64, 11 = other:
@@ -1226,8 +1229,8 @@
you need special options.
*/
-ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen));
+ZEXTERN int ZEXPORT compress(Bytef *dest, uLongf *destLen,
+ const Bytef *source, uLong sourceLen);
/*
Compresses the source buffer into the destination buffer. sourceLen is
the byte length of the source buffer. Upon entry, destLen is the total size
@@ -1241,9 +1244,9 @@
buffer.
*/
-ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen,
- int level));
+ZEXTERN int ZEXPORT compress2(Bytef *dest, uLongf *destLen,
+ const Bytef *source, uLong sourceLen,
+ int level);
/*
Compresses the source buffer into the destination buffer. The level
parameter has the same meaning as in deflateInit. sourceLen is the byte
@@ -1257,15 +1260,15 @@
Z_STREAM_ERROR if the level parameter is invalid.
*/
-ZEXTERN uLong ZEXPORT compressBound OF((uLong sourceLen));
+ZEXTERN uLong ZEXPORT compressBound(uLong sourceLen);
/*
compressBound() returns an upper bound on the compressed size after
compress() or compress2() on sourceLen bytes. It would be used before a
compress() or compress2() call to allocate the destination buffer.
*/
-ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen));
+ZEXTERN int ZEXPORT uncompress(Bytef *dest, uLongf *destLen,
+ const Bytef *source, uLong sourceLen);
/*
Decompresses the source buffer into the destination buffer. sourceLen is
the byte length of the source buffer. Upon entry, destLen is the total size
@@ -1282,8 +1285,8 @@
buffer with the uncompressed data up to that point.
*/
-ZEXTERN int ZEXPORT uncompress2 OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong *sourceLen));
+ZEXTERN int ZEXPORT uncompress2(Bytef *dest, uLongf *destLen,
+ const Bytef *source, uLong *sourceLen);
/*
Same as uncompress, except that sourceLen is a pointer, where the
length of the source is *sourceLen. On return, *sourceLen is the number of
@@ -1302,7 +1305,7 @@
typedef struct gzFile_s *gzFile; /* semi-opaque gzip file descriptor */
/*
-ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode));
+ZEXTERN gzFile ZEXPORT gzopen(const char *path, const char *mode);
Open the gzip (.gz) file at path for reading and decompressing, or
compressing and writing. The mode parameter is as in fopen ("rb" or "wb")
@@ -1339,7 +1342,7 @@
file could not be opened.
*/
-ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode));
+ZEXTERN gzFile ZEXPORT gzdopen(int fd, const char *mode);
/*
Associate a gzFile with the file descriptor fd. File descriptors are
obtained from calls like open, dup, creat, pipe or fileno (if the file has
@@ -1362,7 +1365,7 @@
will not detect if fd is invalid (unless fd is -1).
*/
-ZEXTERN int ZEXPORT gzbuffer OF((gzFile file, unsigned size));
+ZEXTERN int ZEXPORT gzbuffer(gzFile file, unsigned size);
/*
Set the internal buffer size used by this library's functions for file to
size. The default buffer size is 8192 bytes. This function must be called
@@ -1378,7 +1381,7 @@
too late.
*/
-ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy));
+ZEXTERN int ZEXPORT gzsetparams(gzFile file, int level, int strategy);
/*
Dynamically update the compression level and strategy for file. See the
description of deflateInit2 for the meaning of these parameters. Previously
@@ -1389,7 +1392,7 @@
or Z_MEM_ERROR if there is a memory allocation error.
*/
-ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len));
+ZEXTERN int ZEXPORT gzread(gzFile file, voidp buf, unsigned len);
/*
Read and decompress up to len uncompressed bytes from file into buf. If
the input file is not in gzip format, gzread copies the given number of
@@ -1419,8 +1422,8 @@
Z_STREAM_ERROR.
*/
-ZEXTERN z_size_t ZEXPORT gzfread OF((voidp buf, z_size_t size, z_size_t nitems,
- gzFile file));
+ZEXTERN z_size_t ZEXPORT gzfread(voidp buf, z_size_t size, z_size_t nitems,
+ gzFile file);
/*
Read and decompress up to nitems items of size size from file into buf,
otherwise operating as gzread() does. This duplicates the interface of
@@ -1445,14 +1448,14 @@
file, resetting and retrying on end-of-file, when size is not 1.
*/
-ZEXTERN int ZEXPORT gzwrite OF((gzFile file, voidpc buf, unsigned len));
+ZEXTERN int ZEXPORT gzwrite(gzFile file, voidpc buf, unsigned len);
/*
Compress and write the len uncompressed bytes at buf to file. gzwrite
returns the number of uncompressed bytes written or 0 in case of error.
*/
-ZEXTERN z_size_t ZEXPORT gzfwrite OF((voidpc buf, z_size_t size,
- z_size_t nitems, gzFile file));
+ZEXTERN z_size_t ZEXPORT gzfwrite(voidpc buf, z_size_t size,
+ z_size_t nitems, gzFile file);
/*
Compress and write nitems items of size size from buf to file, duplicating
the interface of stdio's fwrite(), with size_t request and return types. If
@@ -1465,7 +1468,7 @@
is returned, and the error state is set to Z_STREAM_ERROR.
*/
-ZEXTERN int ZEXPORTVA gzprintf Z_ARG((gzFile file, const char *format, ...));
+ZEXTERN int ZEXPORTVA gzprintf(gzFile file, const char *format, ...);
/*
Convert, format, compress, and write the arguments (...) to file under
control of the string format, as in fprintf. gzprintf returns the number of
@@ -1480,7 +1483,7 @@
This can be determined using zlibCompileFlags().
*/
-ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s));
+ZEXTERN int ZEXPORT gzputs(gzFile file, const char *s);
/*
Compress and write the given null-terminated string s to file, excluding
the terminating null character.
@@ -1488,7 +1491,7 @@
gzputs returns the number of characters written, or -1 in case of error.
*/
-ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len));
+ZEXTERN char * ZEXPORT gzgets(gzFile file, char *buf, int len);
/*
Read and decompress bytes from file into buf, until len-1 characters are
read, or until a newline character is read and transferred to buf, or an
@@ -1502,13 +1505,13 @@
buf are indeterminate.
*/
-ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c));
+ZEXTERN int ZEXPORT gzputc(gzFile file, int c);
/*
Compress and write c, converted to an unsigned char, into file. gzputc
returns the value that was written, or -1 in case of error.
*/
-ZEXTERN int ZEXPORT gzgetc OF((gzFile file));
+ZEXTERN int ZEXPORT gzgetc(gzFile file);
/*
Read and decompress one byte from file. gzgetc returns this byte or -1
in case of end of file or error. This is implemented as a macro for speed.
@@ -1517,7 +1520,7 @@
points to has been clobbered or not.
*/
-ZEXTERN int ZEXPORT gzungetc OF((int c, gzFile file));
+ZEXTERN int ZEXPORT gzungetc(int c, gzFile file);
/*
Push c back onto the stream for file to be read as the first character on
the next read. At least one character of push-back is always allowed.
@@ -1529,7 +1532,7 @@
gzseek() or gzrewind().
*/
-ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush));
+ZEXTERN int ZEXPORT gzflush(gzFile file, int flush);
/*
Flush all pending output to file. The parameter flush is as in the
deflate() function. The return value is the zlib error number (see function
@@ -1545,8 +1548,8 @@
*/
/*
-ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file,
- z_off_t offset, int whence));
+ZEXTERN z_off_t ZEXPORT gzseek(gzFile file,
+ z_off_t offset, int whence);
Set the starting position to offset relative to whence for the next gzread
or gzwrite on file. The offset represents a number of bytes in the
@@ -1564,7 +1567,7 @@
would be before the current position.
*/
-ZEXTERN int ZEXPORT gzrewind OF((gzFile file));
+ZEXTERN int ZEXPORT gzrewind(gzFile file);
/*
Rewind file. This function is supported only for reading.
@@ -1572,7 +1575,7 @@
*/
/*
-ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file));
+ZEXTERN z_off_t ZEXPORT gztell(gzFile file);
Return the starting position for the next gzread or gzwrite on file.
This position represents a number of bytes in the uncompressed data stream,
@@ -1583,7 +1586,7 @@
*/
/*
-ZEXTERN z_off_t ZEXPORT gzoffset OF((gzFile file));
+ZEXTERN z_off_t ZEXPORT gzoffset(gzFile file);
Return the current compressed (actual) read or write offset of file. This
offset includes the count of bytes that precede the gzip stream, for example
@@ -1592,7 +1595,7 @@
be used for a progress indicator. On error, gzoffset() returns -1.
*/
-ZEXTERN int ZEXPORT gzeof OF((gzFile file));
+ZEXTERN int ZEXPORT gzeof(gzFile file);
/*
Return true (1) if the end-of-file indicator for file has been set while
reading, false (0) otherwise. Note that the end-of-file indicator is set
@@ -1607,7 +1610,7 @@
has grown since the previous end of file was detected.
*/
-ZEXTERN int ZEXPORT gzdirect OF((gzFile file));
+ZEXTERN int ZEXPORT gzdirect(gzFile file);
/*
Return true (1) if file is being copied directly while reading, or false
(0) if file is a gzip stream being decompressed.
@@ -1628,7 +1631,7 @@
gzip file reading and decompression, which may not be desired.)
*/
-ZEXTERN int ZEXPORT gzclose OF((gzFile file));
+ZEXTERN int ZEXPORT gzclose(gzFile file);
/*
Flush all pending output for file, if necessary, close file and
deallocate the (de)compression state. Note that once file is closed, you
@@ -1641,8 +1644,8 @@
last read ended in the middle of a gzip stream, or Z_OK on success.
*/
-ZEXTERN int ZEXPORT gzclose_r OF((gzFile file));
-ZEXTERN int ZEXPORT gzclose_w OF((gzFile file));
+ZEXTERN int ZEXPORT gzclose_r(gzFile file);
+ZEXTERN int ZEXPORT gzclose_w(gzFile file);
/*
Same as gzclose(), but gzclose_r() is only for use when reading, and
gzclose_w() is only for use when writing or appending. The advantage to
@@ -1653,7 +1656,7 @@
zlib library.
*/
-ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum));
+ZEXTERN const char * ZEXPORT gzerror(gzFile file, int *errnum);
/*
Return the error message for the last error which occurred on file.
errnum is set to zlib error number. If an error occurred in the file system
@@ -1669,7 +1672,7 @@
functions above that do not distinguish those cases in their return values.
*/
-ZEXTERN void ZEXPORT gzclearerr OF((gzFile file));
+ZEXTERN void ZEXPORT gzclearerr(gzFile file);
/*
Clear the error and end-of-file flags for file. This is analogous to the
clearerr() function in stdio. This is useful for continuing to read a gzip
@@ -1686,7 +1689,7 @@
library.
*/
-ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len));
+ZEXTERN uLong ZEXPORT adler32(uLong adler, const Bytef *buf, uInt len);
/*
Update a running Adler-32 checksum with the bytes buf[0..len-1] and
return the updated checksum. An Adler-32 value is in the range of a 32-bit
@@ -1706,15 +1709,15 @@
if (adler != original_adler) error();
*/
-ZEXTERN uLong ZEXPORT adler32_z OF((uLong adler, const Bytef *buf,
- z_size_t len));
+ZEXTERN uLong ZEXPORT adler32_z(uLong adler, const Bytef *buf,
+ z_size_t len);
/*
Same as adler32(), but with a size_t length.
*/
/*
-ZEXTERN uLong ZEXPORT adler32_combine OF((uLong adler1, uLong adler2,
- z_off_t len2));
+ZEXTERN uLong ZEXPORT adler32_combine(uLong adler1, uLong adler2,
+ z_off_t len2);
Combine two Adler-32 checksums into one. For two sequences of bytes, seq1
and seq2 with lengths len1 and len2, Adler-32 checksums were calculated for
@@ -1724,7 +1727,7 @@
negative, the result has no meaning or utility.
*/
-ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len));
+ZEXTERN uLong ZEXPORT crc32(uLong crc, const Bytef *buf, uInt len);
/*
Update a running CRC-32 with the bytes buf[0..len-1] and return the
updated CRC-32. A CRC-32 value is in the range of a 32-bit unsigned integer.
@@ -1742,14 +1745,14 @@
if (crc != original_crc) error();
*/
-ZEXTERN uLong ZEXPORT crc32_z OF((uLong crc, const Bytef *buf,
- z_size_t len));
+ZEXTERN uLong ZEXPORT crc32_z(uLong crc, const Bytef *buf,
+ z_size_t len);
/*
Same as crc32(), but with a size_t length.
*/
/*
-ZEXTERN uLong ZEXPORT crc32_combine OF((uLong crc1, uLong crc2, z_off_t len2));
+ZEXTERN uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2);
Combine two CRC-32 check values into one. For two sequences of bytes,
seq1 and seq2 with lengths len1 and len2, CRC-32 check values were
@@ -1759,13 +1762,13 @@
*/
/*
-ZEXTERN uLong ZEXPORT crc32_combine_gen OF((z_off_t len2));
+ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t len2);
Return the operator corresponding to length len2, to be used with
crc32_combine_op().
*/
-ZEXTERN uLong ZEXPORT crc32_combine_op OF((uLong crc1, uLong crc2, uLong op));
+ZEXTERN uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op);
/*
Give the same result as crc32_combine(), using op in place of len2. op is
is generated from len2 by crc32_combine_gen(). This will be faster than
@@ -1778,20 +1781,20 @@
/* deflateInit and inflateInit are macros to allow checking the zlib version
* and the compiler's view of z_stream:
*/
-ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level,
- const char *version, int stream_size));
-ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm,
- const char *version, int stream_size));
-ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method,
- int windowBits, int memLevel,
- int strategy, const char *version,
- int stream_size));
-ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits,
- const char *version, int stream_size));
-ZEXTERN int ZEXPORT inflateBackInit_ OF((z_streamp strm, int windowBits,
- unsigned char FAR *window,
- const char *version,
- int stream_size));
+ZEXTERN int ZEXPORT deflateInit_(z_streamp strm, int level,
+ const char *version, int stream_size);
+ZEXTERN int ZEXPORT inflateInit_(z_streamp strm,
+ const char *version, int stream_size);
+ZEXTERN int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
+ int windowBits, int memLevel,
+ int strategy, const char *version,
+ int stream_size);
+ZEXTERN int ZEXPORT inflateInit2_(z_streamp strm, int windowBits,
+ const char *version, int stream_size);
+ZEXTERN int ZEXPORT inflateBackInit_(z_streamp strm, int windowBits,
+ unsigned char FAR *window,
+ const char *version,
+ int stream_size);
#ifdef Z_PREFIX_SET
# define z_deflateInit(strm, level) \
deflateInit_((strm), (level), ZLIB_VERSION, (int)sizeof(z_stream))
@@ -1836,7 +1839,7 @@
unsigned char *next;
z_off64_t pos;
};
-ZEXTERN int ZEXPORT gzgetc_ OF((gzFile file)); /* backward compatibility */
+ZEXTERN int ZEXPORT gzgetc_(gzFile file); /* backward compatibility */
#ifdef Z_PREFIX_SET
# undef z_gzgetc
# define z_gzgetc(g) \
@@ -1853,13 +1856,13 @@
* without large file support, _LFS64_LARGEFILE must also be true
*/
#ifdef Z_LARGE64
- ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *));
- ZEXTERN z_off64_t ZEXPORT gzseek64 OF((gzFile, z_off64_t, int));
- ZEXTERN z_off64_t ZEXPORT gztell64 OF((gzFile));
- ZEXTERN z_off64_t ZEXPORT gzoffset64 OF((gzFile));
- ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off64_t));
- ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off64_t));
- ZEXTERN uLong ZEXPORT crc32_combine_gen64 OF((z_off64_t));
+ ZEXTERN gzFile ZEXPORT gzopen64(const char *, const char *);
+ ZEXTERN z_off64_t ZEXPORT gzseek64(gzFile, z_off64_t, int);
+ ZEXTERN z_off64_t ZEXPORT gztell64(gzFile);
+ ZEXTERN z_off64_t ZEXPORT gzoffset64(gzFile);
+ ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off64_t);
+ ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off64_t);
+ ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off64_t);
#endif
#if !defined(ZLIB_INTERNAL) && defined(Z_WANT64)
@@ -1881,50 +1884,50 @@
# define crc32_combine_gen crc32_combine_gen64
# endif
# ifndef Z_LARGE64
- ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *));
- ZEXTERN z_off_t ZEXPORT gzseek64 OF((gzFile, z_off_t, int));
- ZEXTERN z_off_t ZEXPORT gztell64 OF((gzFile));
- ZEXTERN z_off_t ZEXPORT gzoffset64 OF((gzFile));
- ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine_gen64 OF((z_off_t));
+ ZEXTERN gzFile ZEXPORT gzopen64(const char *, const char *);
+ ZEXTERN z_off_t ZEXPORT gzseek64(gzFile, z_off_t, int);
+ ZEXTERN z_off_t ZEXPORT gztell64(gzFile);
+ ZEXTERN z_off_t ZEXPORT gzoffset64(gzFile);
+ ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off_t);
# endif
#else
- ZEXTERN gzFile ZEXPORT gzopen OF((const char *, const char *));
- ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile, z_off_t, int));
- ZEXTERN z_off_t ZEXPORT gztell OF((gzFile));
- ZEXTERN z_off_t ZEXPORT gzoffset OF((gzFile));
- ZEXTERN uLong ZEXPORT adler32_combine OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine_gen OF((z_off_t));
+ ZEXTERN gzFile ZEXPORT gzopen(const char *, const char *);
+ ZEXTERN z_off_t ZEXPORT gzseek(gzFile, z_off_t, int);
+ ZEXTERN z_off_t ZEXPORT gztell(gzFile);
+ ZEXTERN z_off_t ZEXPORT gzoffset(gzFile);
+ ZEXTERN uLong ZEXPORT adler32_combine(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t);
#endif
#else /* Z_SOLO */
- ZEXTERN uLong ZEXPORT adler32_combine OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine_gen OF((z_off_t));
+ ZEXTERN uLong ZEXPORT adler32_combine(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t);
#endif /* !Z_SOLO */
/* undocumented functions */
-ZEXTERN const char * ZEXPORT zError OF((int));
-ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp));
-ZEXTERN const z_crc_t FAR * ZEXPORT get_crc_table OF((void));
-ZEXTERN int ZEXPORT inflateUndermine OF((z_streamp, int));
-ZEXTERN int ZEXPORT inflateValidate OF((z_streamp, int));
-ZEXTERN unsigned long ZEXPORT inflateCodesUsed OF((z_streamp));
-ZEXTERN int ZEXPORT inflateResetKeep OF((z_streamp));
-ZEXTERN int ZEXPORT deflateResetKeep OF((z_streamp));
+ZEXTERN const char * ZEXPORT zError(int);
+ZEXTERN int ZEXPORT inflateSyncPoint(z_streamp);
+ZEXTERN const z_crc_t FAR * ZEXPORT get_crc_table(void);
+ZEXTERN int ZEXPORT inflateUndermine(z_streamp, int);
+ZEXTERN int ZEXPORT inflateValidate(z_streamp, int);
+ZEXTERN unsigned long ZEXPORT inflateCodesUsed(z_streamp);
+ZEXTERN int ZEXPORT inflateResetKeep(z_streamp);
+ZEXTERN int ZEXPORT deflateResetKeep(z_streamp);
#if defined(_WIN32) && !defined(Z_SOLO)
-ZEXTERN gzFile ZEXPORT gzopen_w OF((const wchar_t *path,
- const char *mode));
+ZEXTERN gzFile ZEXPORT gzopen_w(const wchar_t *path,
+ const char *mode);
#endif
#if defined(STDC) || defined(Z_HAVE_STDARG_H)
# ifndef Z_SOLO
-ZEXTERN int ZEXPORTVA gzvprintf Z_ARG((gzFile file,
- const char *format,
- va_list va));
+ZEXTERN int ZEXPORTVA gzvprintf(gzFile file,
+ const char *format,
+ va_list va);
# endif
#endif
diff --git a/lib/zlib/zutil.c b/lib/zlib/zutil.c
index 9543ae8..b1c5d2d 100644
--- a/lib/zlib/zutil.c
+++ b/lib/zlib/zutil.c
@@ -24,13 +24,11 @@
};
-const char * ZEXPORT zlibVersion()
-{
+const char * ZEXPORT zlibVersion(void) {
return ZLIB_VERSION;
}
-uLong ZEXPORT zlibCompileFlags()
-{
+uLong ZEXPORT zlibCompileFlags(void) {
uLong flags;
flags = 0;
@@ -121,9 +119,7 @@
# endif
int ZLIB_INTERNAL z_verbose = verbose;
-void ZLIB_INTERNAL z_error(m)
- char *m;
-{
+void ZLIB_INTERNAL z_error(char *m) {
fprintf(stderr, "%s\n", m);
exit(1);
}
@@ -132,9 +128,7 @@
/* exported to allow conversion of error code to string for compress() and
* uncompress()
*/
-const char * ZEXPORT zError(err)
- int err;
-{
+const char * ZEXPORT zError(int err) {
return ERR_MSG(err);
}
@@ -148,22 +142,14 @@
#ifndef HAVE_MEMCPY
-void ZLIB_INTERNAL zmemcpy(dest, source, len)
- Bytef* dest;
- const Bytef* source;
- uInt len;
-{
+void ZLIB_INTERNAL zmemcpy(Bytef* dest, const Bytef* source, uInt len) {
if (len == 0) return;
do {
*dest++ = *source++; /* ??? to be unrolled */
} while (--len != 0);
}
-int ZLIB_INTERNAL zmemcmp(s1, s2, len)
- const Bytef* s1;
- const Bytef* s2;
- uInt len;
-{
+int ZLIB_INTERNAL zmemcmp(const Bytef* s1, const Bytef* s2, uInt len) {
uInt j;
for (j = 0; j < len; j++) {
@@ -172,10 +158,7 @@
return 0;
}
-void ZLIB_INTERNAL zmemzero(dest, len)
- Bytef* dest;
- uInt len;
-{
+void ZLIB_INTERNAL zmemzero(Bytef* dest, uInt len) {
if (len == 0) return;
do {
*dest++ = 0; /* ??? to be unrolled */
@@ -216,8 +199,7 @@
* a protected system like OS/2. Use Microsoft C instead.
*/
-voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items, unsigned size)
-{
+voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items, unsigned size) {
voidpf buf;
ulg bsize = (ulg)items*size;
@@ -242,8 +224,7 @@
return buf;
}
-void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr)
-{
+void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr) {
int n;
(void)opaque;
@@ -279,14 +260,12 @@
# define _hfree hfree
#endif
-voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, uInt items, uInt size)
-{
+voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, uInt items, uInt size) {
(void)opaque;
return _halloc((long)items, size);
}
-void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr)
-{
+void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr) {
(void)opaque;
_hfree(ptr);
}
@@ -299,25 +278,18 @@
#ifndef MY_ZCALLOC /* Any system without a special alloc function */
#ifndef STDC
-extern voidp malloc OF((uInt size));
-extern voidp calloc OF((uInt items, uInt size));
-extern void free OF((voidpf ptr));
+extern voidp malloc(uInt size);
+extern voidp calloc(uInt items, uInt size);
+extern void free(voidpf ptr);
#endif
-voidpf ZLIB_INTERNAL zcalloc(opaque, items, size)
- voidpf opaque;
- unsigned items;
- unsigned size;
-{
+voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items, unsigned size) {
(void)opaque;
return sizeof(uInt) > 2 ? (voidpf)malloc(items * size) :
(voidpf)calloc(items, size);
}
-void ZLIB_INTERNAL zcfree(opaque, ptr)
- voidpf opaque;
- voidpf ptr;
-{
+void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr) {
(void)opaque;
free(ptr);
}
diff --git a/lib/zlib/zutil.h b/lib/zlib/zutil.h
index 0bc7f4e..902a304 100644
--- a/lib/zlib/zutil.h
+++ b/lib/zlib/zutil.h
@@ -191,9 +191,9 @@
/* provide prototypes for these when building zlib without LFS */
#if !defined(_WIN32) && \
(!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0)
- ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine_gen64 OF((z_off_t));
+ ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off_t);
#endif
/* common defaults */
@@ -232,16 +232,16 @@
# define zmemzero(dest, len) memset(dest, 0, len)
# endif
#else
- void ZLIB_INTERNAL zmemcpy OF((Bytef* dest, const Bytef* source, uInt len));
- int ZLIB_INTERNAL zmemcmp OF((const Bytef* s1, const Bytef* s2, uInt len));
- void ZLIB_INTERNAL zmemzero OF((Bytef* dest, uInt len));
+ void ZLIB_INTERNAL zmemcpy(Bytef* dest, const Bytef* source, uInt len);
+ int ZLIB_INTERNAL zmemcmp(const Bytef* s1, const Bytef* s2, uInt len);
+ void ZLIB_INTERNAL zmemzero(Bytef* dest, uInt len);
#endif
/* Diagnostic functions */
#ifdef ZLIB_DEBUG
# include <stdio.h>
extern int ZLIB_INTERNAL z_verbose;
- extern void ZLIB_INTERNAL z_error OF((char *m));
+ extern void ZLIB_INTERNAL z_error(char *m);
# define Assert(cond,msg) {if(!(cond)) z_error(msg);}
# define Trace(x) {if (z_verbose>=0) fprintf x ;}
# define Tracev(x) {if (z_verbose>0) fprintf x ;}
@@ -258,9 +258,9 @@
#endif
#ifndef Z_SOLO
- voidpf ZLIB_INTERNAL zcalloc OF((voidpf opaque, unsigned items,
- unsigned size));
- void ZLIB_INTERNAL zcfree OF((voidpf opaque, voidpf ptr));
+ voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items,
+ unsigned size);
+ void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr);
#endif
#define ZALLOC(strm, items, size) \
diff --git a/make_helpers/arch_features.mk b/make_helpers/arch_features.mk
index f90136b..a337e76 100644
--- a/make_helpers/arch_features.mk
+++ b/make_helpers/arch_features.mk
@@ -8,12 +8,64 @@
# and enables them based on the configured architecture version.
# This file follows the following format:
-# - By default disable any mandatory features.
-# - Then Enable mandatory feature if applicable to an Arch Version.
+# - Enable mandatory feature if applicable to an Arch Version.
+# - By default disable any mandatory features if they have not been defined yet.
# - Disable or enable any optional feature this would be enabled/disabled if needed by platform.
#
################################################################################
+# Enable Mandatory features based on Arch versions.
+################################################################################
+#
+
+# Enable the features which are mandatory from ARCH version 8.1 and upwards.
+ifeq "8.1" "$(word 1, $(sort 8.1 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+ENABLE_FEAT_PAN := 1
+ENABLE_FEAT_VHE := 1
+endif
+
+# Enable the features which are mandatory from ARCH version 8.2 and upwards.
+ifeq "8.2" "$(word 1, $(sort 8.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+ENABLE_FEAT_RAS := 1
+endif
+
+# Enable the features which are mandatory from ARCH version 8.4 and upwards.
+ifeq "8.4" "$(word 1, $(sort 8.4 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+ENABLE_FEAT_SEL2 := 1
+ENABLE_TRF_FOR_NS := 1
+ENABLE_FEAT_DIT := 1
+endif
+
+# Enable the features which are mandatory from ARCH version 8.5 and upwards.
+ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+ENABLE_FEAT_RNG := 1
+ENABLE_FEAT_SB := 1
+
+# Enable Memory tagging, Branch Target Identification for aarch64 only.
+ifeq ($(ARCH), aarch64)
+ mem_tag_arch_support := yes
+endif #(ARCH=aarch64)
+
+endif
+
+# Enable the features which are mandatory from ARCH version 8.6 and upwards.
+ifeq "8.6" "$(word 1, $(sort 8.6 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+ENABLE_FEAT_ECV := 1
+ENABLE_FEAT_FGT := 1
+endif
+
+# Enable the features which are mandatory from ARCH version 8.7 and upwards.
+ifeq "8.7" "$(word 1, $(sort 8.7 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+ENABLE_FEAT_HCX := 1
+endif
+
+# Enable the features which are mandatory from ARCH version 8.9 and upwards.
+ifeq "8.9" "$(word 1, $(sort 8.9 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+ENABLE_FEAT_TCR2 := 1
+endif
+
+#
+################################################################################
# Set mandatory features by default to zero.
################################################################################
#
@@ -23,17 +75,17 @@
#----
# Flag to enable access to Privileged Access Never bit of PSTATE.
-ENABLE_FEAT_PAN := 0
+ENABLE_FEAT_PAN ?= 0
# Flag to enable Virtualization Host Extensions.
-ENABLE_FEAT_VHE := 0
+ENABLE_FEAT_VHE ?= 0
#----
# 8.2
#----
# Enable RAS Support.
-ENABLE_FEAT_RAS := 0
+ENABLE_FEAT_RAS ?= 0
#----
# 8.3
@@ -41,118 +93,67 @@
# Flag to enable Pointer Authentication. Internal flag not meant for
# direct setting. Use BRANCH_PROTECTION to enable PAUTH.
-ENABLE_PAUTH := 0
+ENABLE_PAUTH ?= 0
# Include pointer authentication (ARMv8.3-PAuth) registers in cpu context. This
# must be set to 1 if the platform wants to use this feature in the Secure
# world. It is not necessary for use in the Non-secure world.
-CTX_INCLUDE_PAUTH_REGS := 0
+CTX_INCLUDE_PAUTH_REGS ?= 0
+
#----
# 8.4
#----
# Flag to enable Secure EL-2 feature.
-ENABLE_FEAT_SEL2 := 0
+ENABLE_FEAT_SEL2 ?= 0
# By default, disable trace filter control register access to lower non-secure
# exception levels, i.e. NS-EL2, or NS-EL1 if NS-EL2 is implemented, but
# trace filter control register access is unused if FEAT_TRF is implemented.
-ENABLE_TRF_FOR_NS := 0
+ENABLE_TRF_FOR_NS ?= 0
# Flag to enable Data Independent Timing instructions.
-ENABLE_FEAT_DIT := 0
+ENABLE_FEAT_DIT ?= 0
#----
# 8.5
#----
-# Flag to enable access to the Random Number Generator registers.
-ENABLE_FEAT_RNG := 0
-
-# Flag to enable Speculation Barrier Instruction.
-ENABLE_FEAT_SB := 0
-
# Flag to enable Branch Target Identification.
# Internal flag not meant for direct setting.
# Use BRANCH_PROTECTION to enable BTI.
-ENABLE_BTI := 0
+ENABLE_BTI ?= 0
+
+# Flag to enable access to the Random Number Generator registers.
+ENABLE_FEAT_RNG ?= 0
+
+# Flag to enable Speculation Barrier Instruction.
+ENABLE_FEAT_SB ?= 0
#----
# 8.6
#----
# Flag to enable access to the CNTPOFF_EL2 register.
-ENABLE_FEAT_ECV := 0
+ENABLE_FEAT_ECV ?= 0
# Flag to enable access to the HDFGRTR_EL2 register.
-ENABLE_FEAT_FGT := 0
+ENABLE_FEAT_FGT ?= 0
#----
# 8.7
#----
# Flag to enable access to the HCRX_EL2 register by setting SCR_EL3.HXEn.
-ENABLE_FEAT_HCX := 0
+ENABLE_FEAT_HCX ?= 0
#----
# 8.9
#----
# Flag to enable access to TCR2 (FEAT_TCR2).
-ENABLE_FEAT_TCR2 := 0
-
-#
-################################################################################
-# Enable Mandatory features based on Arch versions.
-################################################################################
-#
-
-# Enable the features which are mandatory from ARCH version 8.1 and upwards.
-ifeq "8.1" "$(word 1, $(sort 8.1 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_PAN := 1
-ENABLE_FEAT_VHE := 1
-endif
-
-# Enable the features which are mandatory from ARCH version 8.2 and upwards.
-ifeq "8.2" "$(word 1, $(sort 8.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_RAS := 1
-endif
-
-# Enable the features which are mandatory from ARCH version 8.4 and upwards.
-ifeq "8.4" "$(word 1, $(sort 8.4 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_SEL2 := 1
-ENABLE_TRF_FOR_NS := 1
-ENABLE_FEAT_DIT := 1
-endif
-
-# Enable the features which are mandatory from ARCH version 8.5 and upwards.
-ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_RNG := 1
-ENABLE_FEAT_SB := 1
-
-# Enable Memory tagging, Branch Target Identification for aarch64 only.
-ifeq ($(ARCH), aarch64)
- mem_tag_arch_support := yes
-endif #(ARCH=aarch64)
-
-endif
-
-# Enable the features which are mandatory from ARCH version 8.6 and upwards.
-ifeq "8.6" "$(word 1, $(sort 8.6 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_ECV := 1
-ENABLE_FEAT_FGT := 1
-endif
-
-# Enable the features which are mandatory from ARCH version 8.7 and upwards.
-ifeq "8.7" "$(word 1, $(sort 8.7 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_HCX := 1
-endif
-
-# Enable the features which are mandatory from ARCH version 8.9 and upwards.
-ifeq "8.9" "$(word 1, $(sort 8.9 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_TCR2 := 1
-endif
+ENABLE_FEAT_TCR2 ?= 0
#
################################################################################
@@ -182,25 +183,25 @@
# Build option to enable/disable the Statistical Profiling Extension,
# keep it enabled by default for AArch64.
ifeq (${ARCH},aarch64)
- ENABLE_SPE_FOR_NS ?= 2
+ ENABLE_SPE_FOR_NS ?= 2
else ifeq (${ARCH},aarch32)
- ifdef ENABLE_SPE_FOR_NS
- $(error ENABLE_SPE_FOR_NS is not supported for AArch32)
- else
- ENABLE_SPE_FOR_NS := 0
- endif
+ ifneq ($(or $(ENABLE_SPE_FOR_NS),0),0)
+ $(error ENABLE_SPE_FOR_NS is not supported for AArch32)
+ else
+ ENABLE_SPE_FOR_NS := 0
+ endif
endif
# Enable SVE for non-secure world by default.
ifeq (${ARCH},aarch64)
- ENABLE_SVE_FOR_NS ?= 2
+ ENABLE_SVE_FOR_NS ?= 2
# SVE is only supported on AArch64 so disable it on AArch32.
else ifeq (${ARCH},aarch32)
- ifdef ENABLE_SVE_FOR_NS
- $(error ENABLE_SVE_FOR_NS is not supported for AArch32)
- else
- ENABLE_SVE_FOR_NS := 0
- endif
+ ifneq ($(or $(ENABLE_SVE_FOR_NS),0),0)
+ $(error ENABLE_SVE_FOR_NS is not supported for AArch32)
+ else
+ ENABLE_SVE_FOR_NS := 0
+ endif
endif
#----
@@ -214,7 +215,16 @@
AMU_RESTRICT_COUNTERS ?= 0
# Build option to enable MPAM for lower ELs.
-ENABLE_MPAM_FOR_LOWER_ELS ?= 0
+# Enabling it by default
+ifeq (${ARCH},aarch64)
+ ENABLE_FEAT_MPAM ?= 2
+else ifeq (${ARCH},aarch32)
+ ifneq ($(or $(ENABLE_FEAT_MPAM),0),0)
+ $(error ENABLE_FEAT_MPAM is not supported for AArch32)
+ else
+ ENABLE_FEAT_MPAM := 0
+ endif
+endif
# Include nested virtualization control (Armv8.4-NV) registers in cpu context.
# This must be set to 1 if architecture implements Nested Virtualization
@@ -291,13 +301,13 @@
# Note FEAT_TRBE is only supported on AArch64 - therefore do not enable in
# AArch32.
ifeq (${ARCH},aarch64)
- ENABLE_TRBE_FOR_NS ?= 0
+ ENABLE_TRBE_FOR_NS ?= 0
else ifeq (${ARCH},aarch32)
- ifdef ENABLE_TRBE_FOR_NS
- $(error ENABLE_TRBE_FOR_NS is not supported for AArch32)
- else
- ENABLE_TRBE_FOR_NS := 0
- endif
+ ifneq ($(or $(ENABLE_TRBE_FOR_NS),0),0)
+ $(error ENABLE_TRBE_FOR_NS is not supported for AArch32)
+ else
+ ENABLE_TRBE_FOR_NS := 0
+ endif
endif
#----
diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk
index a5c93a6..71cf18b 100644
--- a/make_helpers/build_macros.mk
+++ b/make_helpers/build_macros.mk
@@ -558,7 +558,7 @@
$(ELF): $(OBJS) $(DEFAULT_LINKER_SCRIPT) $(LINKER_SCRIPTS) | $(1)_dirs libraries $(BL_LIBS)
$$(ECHO) " LD $$@"
ifdef MAKE_BUILD_STRINGS
- $(call MAKE_BUILD_STRINGS, $(BUILD_DIR)/build_message.o)
+ $(call MAKE_BUILD_STRINGS,$(BUILD_DIR)/build_message.o)
else
@echo 'const char build_message[] = "Built : "$(BUILD_MESSAGE_TIMESTAMP); \
const char version_string[] = "${VERSION_STRING}"; \
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 57529ee..8829fcb 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -195,9 +195,6 @@
# Enable PSCI OS-initiated mode support
PSCI_OS_INIT_MODE := 0
-# Enable RAS Firmware First Handling Support
-RAS_FFH_SUPPORT := 0
-
# By default, BL1 acts as the reset handler, not BL31
RESET_TO_BL31 := 0
@@ -354,9 +351,6 @@
# Disable Firmware update support by default
PSA_FWU_SUPPORT := 0
-# By default, disable the mocking of RSS provided services
-PLAT_RSS_NOT_SUPPORTED := 0
-
# Dynamic Root of Trust for Measurement support
DRTM_SUPPORT := 0
@@ -374,3 +368,9 @@
# Disabled by default because it constitutes an attack vector into TF-A. It
# should only be enabled if there is a use case for it.
ENABLE_CONSOLE_GETC := 0
+
+# Build option to disable EL2 when it is not used.
+# Most platforms switch from EL3 to NS-EL2 and hence the unused NS-EL2
+# functions must be enabled by platforms if they require it.
+# Disabled by default.
+INIT_UNUSED_NS_EL2 := 0
diff --git a/make_helpers/windows.mk b/make_helpers/windows.mk
index b6d6f0b..ac0f940 100644
--- a/make_helpers/windows.mk
+++ b/make_helpers/windows.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -83,8 +83,9 @@
VERSION_STRING_MESSAGE = const char version_string[] = "${VERSION_STRING}";
VERSION_MESSAGE = const char version[] = "${VERSION}";
define MAKE_BUILD_STRINGS
+ $$(file >$1.in,$$(TF_CFLAGS) $$(CFLAGS))
@echo $$(BUILT_TIME_DATE_STRING) $$(VERSION_STRING_MESSAGE) $$(VERSION_MESSAGE) | \
- $$(CC) $$(TF_CFLAGS) $$(CFLAGS) -x c -c - -o $1
+ $$(CC) @$1.in -x c -c - -o $1
endef
MSVC_NMAKE := nmake.exe
diff --git a/package-lock.json b/package-lock.json
index e23f9a4..e43fa65 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "trusted-firmware-a",
- "version": "2.9.0",
+ "version": "2.10.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "trusted-firmware-a",
- "version": "2.9.0",
+ "version": "2.10.0",
"hasInstallScript": true,
"license": "BSD-3-Clause",
"devDependencies": {
diff --git a/package.json b/package.json
index 8b724dae..1c557fd 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "trusted-firmware-a",
- "version": "2.9.0",
+ "version": "2.10.0",
"license": "BSD-3-Clause",
"private": true,
"scripts": {
diff --git a/plat/arm/board/a5ds/a5ds_bl2_setup.c b/plat/arm/board/a5ds/a5ds_bl2_setup.c
index 1979c50..a0aa639 100644
--- a/plat/arm/board/a5ds/a5ds_bl2_setup.c
+++ b/plat/arm/board/a5ds/a5ds_bl2_setup.c
@@ -16,3 +16,8 @@
{
arm_bl2_platform_setup();
}
+
+int bl2_plat_handle_post_image_load(unsigned int image_id)
+{
+ return arm_bl2_plat_handle_post_image_load(image_id);
+}
diff --git a/plat/arm/board/arm_fpga/platform.mk b/plat/arm/board/arm_fpga/platform.mk
index bd56f30..f44b37d 100644
--- a/plat/arm/board/arm_fpga/platform.mk
+++ b/plat/arm/board/arm_fpga/platform.mk
@@ -41,7 +41,6 @@
ENABLE_FEAT_ECV := 2
ENABLE_FEAT_FGT := 2
ENABLE_FEAT_HCX := 2
-ENABLE_MPAM_FOR_LOWER_ELS := 2
ENABLE_SYS_REG_TRACE_FOR_NS := 2
ENABLE_TRF_FOR_NS := 2
diff --git a/plat/arm/board/common/board_arm_trusted_boot.c b/plat/arm/board/common/board_arm_trusted_boot.c
index c4f15dd..655a4d2 100644
--- a/plat/arm/board/common/board_arm_trusted_boot.c
+++ b/plat/arm/board/common/board_arm_trusted_boot.c
@@ -9,7 +9,6 @@
#include <string.h>
#include <common/debug.h>
-#include <drivers/arm/cryptocell/cc_rotpk.h>
#include <drivers/delay_timer.h>
#include <lib/cassert.h>
#include <lib/fconf/fconf.h>
@@ -27,11 +26,9 @@
#include <plat/arm/common/plat_arm.h>
#include <platform_def.h>
-#if !ARM_CRYPTOCELL_INTEG
#if !ARM_ROTPK_LOCATION_ID
#error "ARM_ROTPK_LOCATION_ID not defined"
#endif
-#endif
#if COT_DESC_IN_DTB && defined(IMAGE_BL2)
uintptr_t nv_cntr_base_addr[MAX_NV_CTR_IDS];
@@ -50,7 +47,7 @@
extern unsigned char arm_rotpk_header[], arm_rotpk_key[], arm_rotpk_hash_end[],
arm_rotpk_key_end[];
-#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID) || ARM_CRYPTOCELL_INTEG
+#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
static unsigned char rotpk_hash_der[ARM_ROTPK_HEADER_LEN + ARM_ROTPK_HASH_LEN];
#endif
@@ -117,38 +114,12 @@
}
#endif
-#if ARM_CRYPTOCELL_INTEG
-/*
- * Return ROTPK hash from CryptoCell.
- */
-int arm_get_rotpk_info_cc(void **key_ptr, unsigned int *key_len,
- unsigned int *flags)
-{
- unsigned char *dst;
-
- assert(key_ptr != NULL);
- assert(key_len != NULL);
- assert(flags != NULL);
-
- /* Copy the DER header */
- memcpy(rotpk_hash_der, arm_rotpk_header, ARM_ROTPK_HEADER_LEN);
- dst = &rotpk_hash_der[ARM_ROTPK_HEADER_LEN];
- *key_ptr = rotpk_hash_der;
- *key_len = sizeof(rotpk_hash_der);
- return cc_get_rotpk_hash(dst, ARM_ROTPK_HASH_LEN, flags);
-}
-#endif
-
/*
* Wrapper function for most Arm platforms to get ROTPK info.
*/
static int get_rotpk_info(void **key_ptr, unsigned int *key_len,
unsigned int *flags)
{
-#if ARM_CRYPTOCELL_INTEG
- return arm_get_rotpk_info_cc(key_ptr, key_len, flags);
-#else
-
#if ARM_USE_DEVEL_ROTPK
return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
#elif (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
@@ -156,7 +127,6 @@
#else
return 1;
#endif
-#endif /* ARM_CRYPTOCELL_INTEG */
}
#if defined(ARM_COT_tbbr)
diff --git a/plat/arm/board/common/board_common.mk b/plat/arm/board/common/board_common.mk
index cbdbf70..365a960 100644
--- a/plat/arm/board/common/board_common.mk
+++ b/plat/arm/board/common/board_common.mk
@@ -13,7 +13,7 @@
ifneq (${TRUSTED_BOARD_BOOT},0)
ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_dev_rotpk.S
-ifneq (${ARM_CRYPTOCELL_INTEG}, 1)
+
# ROTPK hash location
ifeq (${ARM_ROTPK_LOCATION}, regs)
ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID
@@ -79,13 +79,7 @@
# On others, we mock it by aliasing it to the Trusted Firmware Non-Volatile counter,
# hence we set both counters to the same default value.
CCAFW_NVCTR_VAL ?= 31
-else
-# Certificate NV-Counters when CryptoCell is integrated. For development
-# platforms we set the counter to first valid value.
-TFW_NVCTR_VAL ?= 0
-NTFW_NVCTR_VAL ?= 0
-CCAFW_NVCTR_VAL ?= 0
-endif
+
BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
${ARM_ROTPK_S}
BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c
index 0235f8b..ed3801c 100644
--- a/plat/arm/board/corstone1000/common/corstone1000_plat.c
+++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -33,36 +33,16 @@
static void set_fip_image_source(void)
{
const struct plat_io_policy *policy;
- /*
- * metadata for firmware update is written at 0x0000 offset of the flash.
- * PLAT_ARM_BOOT_BANK_FLAG contains the boot bank that TF-M is booted.
- * As per firmware update spec, at a given point of time, only one bank
- * is active. This means, TF-A should boot from the same bank as TF-M.
- */
- volatile uint32_t *boot_bank_flag = (uint32_t *)(PLAT_ARM_BOOT_BANK_FLAG);
-
- if (*boot_bank_flag > 1) {
- VERBOSE("Boot_bank is set higher than possible values");
- }
-
- VERBOSE("Boot bank flag = %u.\n\r", *boot_bank_flag);
-
policy = FCONF_GET_PROPERTY(arm, io_policies, FIP_IMAGE_ID);
assert(policy != NULL);
assert(policy->image_spec != 0UL);
+ /* FIP Partition contains Signature area at the beginning which TF-A doesn't expect */
io_block_spec_t *spec = (io_block_spec_t *)policy->image_spec;
+ spec->offset += FIP_SIGNATURE_AREA_SIZE;
+ spec->length -= FIP_SIGNATURE_AREA_SIZE;
- if ((*boot_bank_flag) == 0) {
- VERBOSE("Booting from bank 0: fip offset = 0x%lx\n\r",
- PLAT_ARM_FIP_BASE_BANK0);
- spec->offset = PLAT_ARM_FIP_BASE_BANK0;
- } else {
- VERBOSE("Booting from bank 1: fip offset = 0x%lx\n\r",
- PLAT_ARM_FIP_BASE_BANK1);
- spec->offset = PLAT_ARM_FIP_BASE_BANK1;
- }
}
void bl2_platform_setup(void)
diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h
index 584d485..442d187 100644
--- a/plat/arm/board/corstone1000/common/include/platform_def.h
+++ b/plat/arm/board/corstone1000/common/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -173,16 +173,15 @@
/* NOR Flash */
-#define PLAT_ARM_BOOT_BANK_FLAG UL(0x08002000)
-#define PLAT_ARM_FIP_BASE_BANK0 UL(0x081EF000)
-#define PLAT_ARM_FIP_BASE_BANK1 UL(0x0916F000)
-#define PLAT_ARM_FIP_MAX_SIZE UL(0x1ff000) /* 1.996 MB */
-
#define PLAT_ARM_NVM_BASE V2M_FLASH0_BASE
#define PLAT_ARM_NVM_SIZE (SZ_32M) /* 32 MB */
-
-#define PLAT_ARM_FLASH_IMAGE_BASE PLAT_ARM_FIP_BASE_BANK0
+#define PLAT_ARM_FIP_MAX_SIZE UL(0x1ff000) /* 1.996 MB */
+#define PLAT_ARM_FLASH_IMAGE_BASE UL(0x08000000)
#define PLAT_ARM_FLASH_IMAGE_MAX_SIZE PLAT_ARM_FIP_MAX_SIZE
+#define PLAT_ARM_FIP_OFFSET_IN_GPT (0x86000)
+
+/* FIP Information */
+#define FIP_SIGNATURE_AREA_SIZE (0x1000) /* 4 KB */
/*
* Some data must be aligned on the biggest cache line size in the platform.
diff --git a/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts b/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts
index 4f97339..e159248 100644
--- a/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts
+++ b/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts
@@ -35,6 +35,11 @@
load_address = <0x7000000>;
vcpu_count = <8>;
mem_size = <1048576>;
+ /*
+ * Platform specific SiP SMC call handled at EL3. Used
+ * to pend an interrupt for testing purpose.
+ */
+ smc_whitelist = <0x82000100>;
};
vm2 {
is_ffa_partition;
diff --git a/plat/arm/board/fvp/fvp_bl2_setup.c b/plat/arm/board/fvp/fvp_bl2_setup.c
index b93922a..ebd5266 100644
--- a/plat/arm/board/fvp/fvp_bl2_setup.c
+++ b/plat/arm/board/fvp/fvp_bl2_setup.c
@@ -11,6 +11,7 @@
#include <drivers/arm/sp804_delay_timer.h>
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
+#include <lib/transfer_list.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
@@ -18,6 +19,8 @@
#include "fvp_private.h"
+static struct transfer_list_header *ns_tl __unused;
+
void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3)
{
arm_bl2_early_platform_setup((uintptr_t)arg0, (meminfo_t *)arg1);
@@ -30,6 +33,10 @@
{
arm_bl2_platform_setup();
+#if TRANSFER_LIST
+ ns_tl = transfer_list_init((void *)FW_NS_HANDOFF_BASE, FW_HANDOFF_SIZE);
+ assert(ns_tl != NULL);
+#endif
/* Initialize System level generic or SP804 timer */
fvp_timer_init();
}
@@ -41,6 +48,7 @@
{
struct bl_params *arm_bl_params;
const struct dyn_cfg_dtb_info_t *hw_config_info __unused;
+ struct transfer_list_entry *te __unused;
bl_mem_params_node_t *param_node __unused;
arm_bl_params = arm_get_next_bl_params();
@@ -48,7 +56,6 @@
#if !RESET_TO_BL2 && !EL3_PAYLOAD_BASE
const struct dyn_cfg_dtb_info_t *fw_config_info;
uintptr_t fw_config_base = 0UL;
- entry_point_info_t *ep_info;
#if __aarch64__
/* Get BL31 image node */
@@ -59,47 +66,75 @@
#endif /* __aarch64__ */
assert(param_node != NULL);
- /* get fw_config load address */
+ /* Update the next image's ep info with the FW config address */
fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, FW_CONFIG_ID);
assert(fw_config_info != NULL);
fw_config_base = fw_config_info->config_addr;
assert(fw_config_base != 0UL);
+ param_node->ep_info.args.arg1 = (uint32_t)fw_config_base;
+
+ /* Update BL33's ep info with the NS HW config address */
+ param_node = get_bl_mem_params_node(BL33_IMAGE_ID);
+ assert(param_node != NULL);
+
- /*
- * Get the entry point info of next executable image and override
- * arg1 of entry point info with fw_config base address
- */
- ep_info = ¶m_node->ep_info;
- ep_info->args.arg1 = (uint32_t)fw_config_base;
+#if TRANSFER_LIST
+ /* Update BL33's ep info with NS HW config address */
+ te = transfer_list_find(ns_tl, TL_TAG_FDT);
+ assert(te != NULL);
- /* grab NS HW config address */
+ param_node->ep_info.args.arg1 = TRANSFER_LIST_SIGNATURE |
+ REGISTER_CONVENTION_VERSION_MASK;
+ param_node->ep_info.args.arg2 = 0;
+ param_node->ep_info.args.arg3 = (uintptr_t)ns_tl;
+ param_node->ep_info.args.arg0 =
+ te ? (uintptr_t)transfer_list_entry_data(te) : 0;
+#else
hw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, HW_CONFIG_ID);
assert(hw_config_info != NULL);
- /* To retrieve actual size of the HW_CONFIG */
- param_node = get_bl_mem_params_node(HW_CONFIG_ID);
- assert(param_node != NULL);
+ param_node->ep_info.args.arg1 = hw_config_info->secondary_config_addr;
+#endif /* TRANSFER_LIST */
+#endif /* !RESET_TO_BL2 && !EL3_PAYLOAD_BASE */
+
+ return arm_bl_params;
+}
- /* Copy HW config from Secure address to NS address */
- memcpy((void *)hw_config_info->secondary_config_addr,
- (void *)hw_config_info->config_addr,
- (size_t)param_node->image_info.image_size);
+int bl2_plat_handle_post_image_load(unsigned int image_id)
+{
+#if !RESET_TO_BL2 && !EL3_PAYLOAD_BASE
+ if (image_id == HW_CONFIG_ID) {
+ const struct dyn_cfg_dtb_info_t *hw_config_info;
+ struct transfer_list_entry *te __unused;
- /*
- * Ensure HW-config device tree committed to memory, as there is
- * a possibility to use HW-config without cache and MMU enabled
- * at BL33
- */
- flush_dcache_range(hw_config_info->secondary_config_addr,
- param_node->image_info.image_size);
+ const bl_mem_params_node_t *param_node =
+ get_bl_mem_params_node(image_id);
+ assert(param_node != NULL);
- param_node = get_bl_mem_params_node(BL33_IMAGE_ID);
- assert(param_node != NULL);
+ hw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, HW_CONFIG_ID);
+ assert(hw_config_info != NULL);
- /* Update BL33's ep info with NS HW config address */
- param_node->ep_info.args.arg1 = hw_config_info->secondary_config_addr;
+#if TRANSFER_LIST
+ /* Update BL33's ep info with NS HW config address */
+ te = transfer_list_add(ns_tl, TL_TAG_FDT,
+ param_node->image_info.image_size,
+ (void *)hw_config_info->config_addr);
+ assert(te != NULL);
+#else
+ memcpy((void *)hw_config_info->secondary_config_addr,
+ (void *)hw_config_info->config_addr,
+ (size_t)param_node->image_info.image_size);
+
+ /*
+ * Ensure HW-config device tree is committed to memory, as the HW-Config
+ * might be used without cache and MMU enabled at BL33.
+ */
+ flush_dcache_range(hw_config_info->secondary_config_addr,
+ param_node->image_info.image_size);
+#endif /* TRANSFER_LIST */
+ }
#endif /* !RESET_TO_BL2 && !EL3_PAYLOAD_BASE */
- return arm_bl_params;
+ return arm_bl2_plat_handle_post_image_load(image_id);
}
diff --git a/plat/arm/board/fvp/fvp_common.c b/plat/arm/board/fvp/fvp_common.c
index 283918b..c40a3ce 100644
--- a/plat/arm/board/fvp/fvp_common.c
+++ b/plat/arm/board/fvp/fvp_common.c
@@ -71,6 +71,14 @@
DEVICE2_SIZE, \
MT_DEVICE | MT_RW | MT_SECURE)
+#if TRANSFER_LIST
+#ifdef FW_NS_HANDOFF_BASE
+#define MAP_FW_NS_HANDOFF MAP_REGION_FLAT(FW_NS_HANDOFF_BASE, \
+ FW_HANDOFF_SIZE, \
+ MT_MEMORY | MT_RW | MT_NS)
+#endif
+#endif
+
/*
* Table of memory regions for various BL stages to map using the MMU.
* This doesn't include Trusted SRAM as setup_page_tables() already takes care
@@ -183,6 +191,9 @@
ARM_MAP_GPT_L1_DRAM,
ARM_MAP_EL3_RMM_SHARED_MEM,
#endif
+#ifdef MAP_FW_NS_HANDOFF
+ MAP_FW_NS_HANDOFF,
+#endif
{0}
};
diff --git a/plat/arm/board/fvp/fvp_common_measured_boot.c b/plat/arm/board/fvp/fvp_common_measured_boot.c
index 0c1d5e7..d56f510 100644
--- a/plat/arm/board/fvp/fvp_common_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_common_measured_boot.c
@@ -19,7 +19,6 @@
int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
{
int err;
- int rc = 0;
/* Calculate image hash and record data in Event Log */
err = event_log_measure_and_record(image_data->image_base,
@@ -29,26 +28,14 @@
if (err != 0) {
ERROR("%s%s image id %u (%i)\n",
"Failed to ", "record in event log", image_id, err);
- rc = err;
+ return err;
}
- /* Calculate image hash and record data in RSS */
- err = rss_mboot_measure_and_record(fvp_rss_mboot_metadata,
- image_data->image_base,
- image_data->image_size,
- image_id);
- if (err != 0) {
- ERROR("%s%s image id %u (%i)\n",
- "Failed to ", "record in RSS", image_id, err);
- rc = (rc == 0) ? err : -1;
- }
-
- return rc;
+ return 0;
}
int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr,
size_t pk_len)
{
- return rss_mboot_set_signer_id(fvp_rss_mboot_metadata, pk_oid, pk_ptr,
- pk_len);
+ return 0;
}
diff --git a/plat/arm/board/fvp/fvp_plat_attest_token.c b/plat/arm/board/fvp/fvp_plat_attest_token.c
index 5af2405..5fb3141 100644
--- a/plat/arm/board/fvp/fvp_plat_attest_token.c
+++ b/plat/arm/board/fvp/fvp_plat_attest_token.c
@@ -4,23 +4,115 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include <delegated_attestation.h>
-#include <psa/error.h>
+#include <errno.h>
+#include <string.h>
+
+#include <plat/common/platform.h>
+
+static const uint8_t sample_platform_token[] = {
+ 0xD2, 0x84, 0x44, 0xA1, 0x01, 0x38, 0x22, 0xA0,
+ 0x59, 0x02, 0x33, 0xA9, 0x19, 0x01, 0x09, 0x78,
+ 0x1C, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F,
+ 0x61, 0x72, 0x6D, 0x2E, 0x63, 0x6F, 0x6D, 0x2F,
+ 0x43, 0x43, 0x41, 0x2D, 0x53, 0x53, 0x44, 0x2F,
+ 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x0A, 0x58, 0x20,
+ 0xB5, 0x97, 0x3C, 0xB6, 0x8B, 0xAA, 0x9F, 0xC5,
+ 0x55, 0x58, 0x78, 0x6B, 0x7E, 0xC6, 0x7F, 0x69,
+ 0xE4, 0x0D, 0xF5, 0xBA, 0x5A, 0xA9, 0x21, 0xCD,
+ 0x0C, 0x27, 0xF4, 0x05, 0x87, 0xA0, 0x11, 0xEA,
+ 0x19, 0x09, 0x5C, 0x58, 0x20, 0x7F, 0x45, 0x4C,
+ 0x46, 0x02, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x3E,
+ 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x58, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x19, 0x01, 0x00,
+ 0x58, 0x21, 0x01, 0x07, 0x06, 0x05, 0x04, 0x03,
+ 0x02, 0x01, 0x00, 0x0F, 0x0E, 0x0D, 0x0C, 0x0B,
+ 0x0A, 0x09, 0x08, 0x17, 0x16, 0x15, 0x14, 0x13,
+ 0x12, 0x11, 0x10, 0x1F, 0x1E, 0x1D, 0x1C, 0x1B,
+ 0x1A, 0x19, 0x18, 0x19, 0x09, 0x61, 0x58, 0x21,
+ 0x01, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01,
+ 0x00, 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09,
+ 0x08, 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11,
+ 0x10, 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19,
+ 0x18, 0x19, 0x09, 0x5B, 0x19, 0x30, 0x03, 0x19,
+ 0x09, 0x62, 0x67, 0x73, 0x68, 0x61, 0x2D, 0x32,
+ 0x35, 0x36, 0x19, 0x09, 0x5F, 0x84, 0xA5, 0x01,
+ 0x62, 0x42, 0x4C, 0x05, 0x58, 0x20, 0x07, 0x06,
+ 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
+ 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
+ 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
+ 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x04, 0x65,
+ 0x33, 0x2E, 0x34, 0x2E, 0x32, 0x02, 0x58, 0x20,
+ 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
+ 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08,
+ 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10,
+ 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18,
+ 0x06, 0x74, 0x54, 0x46, 0x2D, 0x4D, 0x5F, 0x53,
+ 0x48, 0x41, 0x32, 0x35, 0x36, 0x4D, 0x65, 0x6D,
+ 0x50, 0x72, 0x65, 0x58, 0x49, 0x50, 0xA4, 0x01,
+ 0x62, 0x4D, 0x31, 0x05, 0x58, 0x20, 0x07, 0x06,
+ 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
+ 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
+ 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
+ 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x04, 0x63,
+ 0x31, 0x2E, 0x32, 0x02, 0x58, 0x20, 0x07, 0x06,
+ 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
+ 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
+ 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
+ 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0xA4, 0x01,
+ 0x62, 0x4D, 0x32, 0x05, 0x58, 0x20, 0x07, 0x06,
+ 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
+ 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
+ 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
+ 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x04, 0x65,
+ 0x31, 0x2E, 0x32, 0x2E, 0x33, 0x02, 0x58, 0x20,
+ 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
+ 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08,
+ 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10,
+ 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18,
+ 0xA4, 0x01, 0x62, 0x4D, 0x33, 0x05, 0x58, 0x20,
+ 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
+ 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08,
+ 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10,
+ 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18,
+ 0x04, 0x61, 0x31, 0x02, 0x58, 0x20, 0x07, 0x06,
+ 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
+ 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
+ 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
+ 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x19, 0x09,
+ 0x60, 0x6C, 0x77, 0x68, 0x61, 0x74, 0x65, 0x76,
+ 0x65, 0x72, 0x2E, 0x63, 0x6F, 0x6D, 0x58, 0x60,
+ 0xE6, 0xB6, 0x38, 0x4F, 0xAE, 0x3F, 0x6E, 0x67,
+ 0xF5, 0xD4, 0x97, 0x4B, 0x3F, 0xFD, 0x0A, 0xFA,
+ 0x1D, 0xF0, 0x2F, 0x73, 0xB8, 0xFF, 0x5F, 0x02,
+ 0xC0, 0x0F, 0x40, 0xAC, 0xF3, 0xA2, 0x9D, 0xB5,
+ 0x31, 0x50, 0x16, 0x4F, 0xFA, 0x34, 0x3D, 0x0E,
+ 0xAF, 0xE0, 0xD0, 0xD1, 0x6C, 0xF0, 0x9D, 0xC1,
+ 0x01, 0x42, 0xA2, 0x3C, 0xCE, 0xD4, 0x4A, 0x59,
+ 0xDC, 0x29, 0x0A, 0x30, 0x93, 0x5F, 0xB4, 0x98,
+ 0x61, 0xBA, 0xE3, 0x91, 0x22, 0x95, 0x24, 0xF4,
+ 0xAE, 0x47, 0x93, 0xD3, 0x84, 0xA3, 0x76, 0xD0,
+ 0xC1, 0x26, 0x96, 0x53, 0xA3, 0x60, 0x3F, 0x6C,
+ 0x75, 0x96, 0x90, 0x6A, 0xF9, 0x4E, 0xDA, 0x30
+};
/*
- * Get the platform attestation token through the PSA delegated attestation
- * layer.
- *
- * FVP cannot support RSS hardware at the moment, but it can still mock the
- * RSS implementation of the PSA interface (see PLAT_RSS_NOT_SUPPORTED).
+ * Get the hardcoded platform attestation token as FVP does not support
+ * RSS.
*/
int plat_rmmd_get_cca_attest_token(uintptr_t buf, size_t *len,
uintptr_t hash, size_t hash_size)
{
- psa_status_t ret;
+ (void)hash;
+ (void)hash_size;
- ret = rss_delegated_attest_get_token((const uint8_t *)hash, hash_size,
- (uint8_t *)buf, *len, len);
+ if (*len < sizeof(sample_platform_token)) {
+ return -EINVAL;
+ }
+
+ (void)memcpy((void *)buf, (const void *)sample_platform_token,
+ sizeof(sample_platform_token));
+ *len = sizeof(sample_platform_token);
- return ret;
+ return 0;
}
diff --git a/plat/arm/board/fvp/fvp_realm_attest_key.c b/plat/arm/board/fvp/fvp_realm_attest_key.c
index 26354f4..fe0cde7 100644
--- a/plat/arm/board/fvp/fvp_realm_attest_key.c
+++ b/plat/arm/board/fvp/fvp_realm_attest_key.c
@@ -4,27 +4,33 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include <assert.h>
-#include <delegated_attestation.h>
-#include <psa/error.h>
-#include <services/rmmd_svc.h>
+#include <errno.h>
+#include <string.h>
+
+#include <plat/common/platform.h>
+
+static const uint8_t sample_delegated_key[] = {
+ 0x20, 0x11, 0xC7, 0xF0, 0x3C, 0xEE, 0x43, 0x25, 0x17, 0x6E,
+ 0x52, 0x4F, 0x03, 0x3C, 0x0C, 0xE1, 0xE2, 0x1A, 0x76, 0xE6,
+ 0xC1, 0xA4, 0xF0, 0xB8, 0x39, 0xAA, 0x1D, 0xF6, 0x1E, 0x0E,
+ 0x8A, 0x5C, 0x8A, 0x05, 0x74, 0x0F, 0x9B, 0x69, 0xEF, 0xA7,
+ 0xEB, 0x1A, 0x41, 0x85, 0xBD, 0x11, 0x7F, 0x68
+};
/*
- * Get the delegated realm attestation key through the PSA delegated
- * attestation layer.
- *
- * FVP cannot support RSS hardware at the moment, but it can still mock
- * the RSS implementation of the PSA interface (see PLAT_RSS_NOT_SUPPORTED).
+ * Get the hardcoded delegated realm attestation key as FVP
+ * does not support RSS.
*/
int plat_rmmd_get_cca_realm_attest_key(uintptr_t buf, size_t *len,
unsigned int type)
{
- psa_status_t ret;
+ if (*len < sizeof(sample_delegated_key)) {
+ return -EINVAL;
+ }
- assert(type == ATTEST_KEY_CURVE_ECC_SECP384R1);
-
- ret = rss_delegated_attest_get_delegated_key(0U, 0U, (uint8_t *)buf,
- *len, len, 0U);
+ (void)memcpy((void *)buf, (const void *)sample_delegated_key,
+ sizeof(sample_delegated_key));
+ *len = sizeof(sample_delegated_key);
- return ret;
+ return 0;
}
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index 826fca2..aad0417 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -128,6 +128,11 @@
*/
#define PLAT_ARM_NS_IMAGE_BASE (ARM_DRAM1_BASE + UL(0x8000000))
+#if TRANSFER_LIST
+#define FW_HANDOFF_SIZE 0x4000
+#define FW_NS_HANDOFF_BASE (PLAT_ARM_NS_IMAGE_BASE - FW_HANDOFF_SIZE)
+#endif
+
/*
* PLAT_ARM_MMAP_ENTRIES depends on the number of entries in the
* plat_arm_mmap array defined for each BL stage.
@@ -188,8 +193,10 @@
/*
* PLAT_ARM_MAX_BL1_RW_SIZE is calculated using the current BL1 RW debug size
* plus a little space for growth.
+ * In case of PSA Crypto API, few algorithms like ECDSA needs bigger BL1 RW
+ * area.
*/
-#if TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA
+#if TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA || PSA_CRYPTO
#define PLAT_ARM_MAX_BL1_RW_SIZE UL(0xC000)
#else
#define PLAT_ARM_MAX_BL1_RW_SIZE UL(0xB000)
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index 3c02485..df26dd7 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -28,6 +28,9 @@
# the FVP platform. This option defaults to 256.
FVP_TRUSTED_SRAM_SIZE := 256
+# Macro to enable helpers for running SPM tests. Disabled by default.
+PLAT_TEST_SPM := 0
+
# This is a very trickly TEMPORARY fix. Enabling ALL features exceeds BL31's
# progbits limit. We need a way to build all useful configurations while waiting
# on the fvp to increase its SRAM size. The problem is twofild:
@@ -50,11 +53,9 @@
ENABLE_FEAT_AMU := 2
ENABLE_FEAT_AMUv1p1 := 2
ENABLE_FEAT_HCX := 2
- ENABLE_MPAM_FOR_LOWER_ELS := 2
ENABLE_FEAT_RNG := 2
ENABLE_FEAT_TWED := 2
ENABLE_FEAT_GCS := 2
- ENABLE_FEAT_RAS := 2
ifeq (${ARCH}, aarch64)
ifneq (${SPD}, spmd)
ifeq (${SPM_MM}, 0)
@@ -69,11 +70,9 @@
# enable unconditionally for all builds
ifeq (${ARCH}, aarch64)
-ifeq (${ENABLE_RME},0)
- ENABLE_BRBE_FOR_NS := 2
+ ENABLE_BRBE_FOR_NS := 2
+ ENABLE_TRBE_FOR_NS := 2
endif
-endif
-ENABLE_TRBE_FOR_NS := 2
ENABLE_SYS_REG_TRACE_FOR_NS := 2
ENABLE_FEAT_CSV2_2 := 2
ENABLE_FEAT_DIT := 2
@@ -213,7 +212,8 @@
lib/cpus/aarch64/neoverse_e1.S \
lib/cpus/aarch64/cortex_x2.S \
lib/cpus/aarch64/cortex_gelas.S \
- lib/cpus/aarch64/nevis.S
+ lib/cpus/aarch64/nevis.S \
+ lib/cpus/aarch64/travis.S
endif
# AArch64/AArch32 cores
FVP_CPU_LIBS += lib/cpus/aarch64/cortex_a55.S \
@@ -267,11 +267,6 @@
BL31_SOURCES += plat/arm/board/fvp/fvp_plat_attest_token.c \
plat/arm/board/fvp/fvp_realm_attest_key.c
-
-# FVP platform does not support RSS, but it can leverage RSS APIs to
-# provide hardcoded token/key on request.
-BL31_SOURCES += lib/psa/delegated_attestation.c
-
endif
ifeq (${ENABLE_FEAT_RNG_TRAP},1)
@@ -356,6 +351,10 @@
$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TOS_FW_CONFIG},--tos-fw-config,${FVP_TOS_FW_CONFIG}))
endif
+ifeq (${TRANSFER_LIST}, 1)
+include lib/transfer_list/transfer_list.mk
+endif
+
ifeq (${SPD},spmd)
ifeq ($(ARM_SPMC_MANIFEST_DTS),)
@@ -398,8 +397,12 @@
endif
endif
-ifeq (${RAS_FFH_SUPPORT},1)
+ifeq (${HANDLE_EA_EL3_FIRST_NS},1)
+ifeq (${ENABLE_FEAT_RAS},1)
BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ras.c
+else
+BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ea.c
+endif
endif
ifneq (${ENABLE_STACK_PROTECTOR},0)
@@ -437,10 +440,6 @@
override BL1_SOURCES =
endif
-# RSS is not supported on FVP right now. Thus, we use the mocked version
-# of the provided PSA APIs. They return with success and hard-coded token/key.
-PLAT_RSS_NOT_SUPPORTED := 1
-
# Include Measured Boot makefile before any Crypto library makefile.
# Crypto library makefile may need default definitions of Measured Boot build
# flags present in Measured Boot makefile.
@@ -468,25 +467,8 @@
BL2_SOURCES += plat/arm/board/fvp/fvp_common_measured_boot.c \
plat/arm/board/fvp/fvp_bl2_measured_boot.c \
lib/psa/measured_boot.c
-
-# Even though RSS is not supported on FVP (see above), we support overriding
-# PLAT_RSS_NOT_SUPPORTED from the command line, just for the purpose of building
-# the code to detect any build regressions. The resulting firmware will not be
-# functional.
-ifneq (${PLAT_RSS_NOT_SUPPORTED},1)
- $(warning "RSS is not supported on FVP. The firmware will not be functional.")
- include drivers/arm/rss/rss_comms.mk
- BL1_SOURCES += ${RSS_COMMS_SOURCES}
- BL2_SOURCES += ${RSS_COMMS_SOURCES}
- BL31_SOURCES += ${RSS_COMMS_SOURCES}
-
- BL1_CFLAGS += -DPLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0
- BL2_CFLAGS += -DPLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0
- BL31_CFLAGS += -DPLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0
endif
-endif
-
ifeq (${DRTM_SUPPORT}, 1)
BL31_SOURCES += plat/arm/board/fvp/fvp_drtm_addr.c \
plat/arm/board/fvp/fvp_drtm_dma_prot.c \
@@ -519,19 +501,25 @@
# Test specific macros, keep them at bottom of this file
$(eval $(call add_define,PLATFORM_TEST_EA_FFH))
ifeq (${PLATFORM_TEST_EA_FFH}, 1)
- ifeq (${HANDLE_EA_EL3_FIRST_NS}, 0)
- $(error "PLATFORM_TEST_EA_FFH expects HANDLE_EA_EL3_FIRST_NS to be 1")
+ ifeq (${FFH_SUPPORT}, 0)
+ $(error "PLATFORM_TEST_EA_FFH expects FFH_SUPPORT to be 1")
endif
-BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ea.c
+
endif
$(eval $(call add_define,PLATFORM_TEST_RAS_FFH))
ifeq (${PLATFORM_TEST_RAS_FFH}, 1)
- ifeq (${RAS_EXTENSION}, 0)
- $(error "PLATFORM_TEST_RAS_FFH expects RAS_EXTENSION to be 1")
+ ifeq (${ENABLE_FEAT_RAS}, 0)
+ $(error "PLATFORM_TEST_RAS_FFH expects ENABLE_FEAT_RAS to be 1")
+ endif
+ ifeq (${HANDLE_EA_EL3_FIRST_NS}, 0)
+ $(error "PLATFORM_TEST_RAS_FFH expects HANDLE_EA_EL3_FIRST_NS to be 1")
endif
endif
ifeq (${ERRATA_ABI_SUPPORT}, 1)
include plat/arm/board/fvp/fvp_cpu_errata.mk
endif
+
+# Build macro necessary for running SPM tests on FVP platform
+$(eval $(call add_define,PLAT_TEST_SPM))
diff --git a/plat/arm/board/fvp_r/fvp_r_bl1_setup.c b/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
index a642929..6a7c0c8 100644
--- a/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
+++ b/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
@@ -105,9 +105,6 @@
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
-#if ARM_CRYPTOCELL_INTEG
- ARM_MAP_BL_COHERENT_RAM,
-#endif
/* DRAM1_region: */
MAP_REGION_FLAT(
PLAT_ARM_DRAM1_BASE,
diff --git a/plat/arm/board/fvp_ve/fvp_ve_bl2_setup.c b/plat/arm/board/fvp_ve/fvp_ve_bl2_setup.c
index 4ccae27..cc29f36 100644
--- a/plat/arm/board/fvp_ve/fvp_ve_bl2_setup.c
+++ b/plat/arm/board/fvp_ve/fvp_ve_bl2_setup.c
@@ -39,3 +39,8 @@
generic_delay_timer_init();
#endif /* USE_SP804_TIMER */
}
+
+int bl2_plat_handle_post_image_load(unsigned int image_id)
+{
+ return arm_bl2_plat_handle_post_image_load(image_id);
+}
diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h
index aa96038..5c9a7a3 100644
--- a/plat/arm/board/juno/include/platform_def.h
+++ b/plat/arm/board/juno/include/platform_def.h
@@ -32,9 +32,6 @@
#define PLATFORM_CORE_COUNT (JUNO_CLUSTER0_CORE_COUNT + \
JUNO_CLUSTER1_CORE_COUNT)
-/* Cryptocell HW Base address */
-#define PLAT_CRYPTOCELL_BASE UL(0x60050000)
-
/*
* Other platform porting definitions are provided by included headers
*/
diff --git a/plat/arm/board/juno/juno_trusted_boot.c b/plat/arm/board/juno/juno_trusted_boot.c
index 25a7470..c730406 100644
--- a/plat/arm/board/juno/juno_trusted_boot.c
+++ b/plat/arm/board/juno/juno_trusted_boot.c
@@ -8,7 +8,6 @@
#include <stdint.h>
#include <string.h>
-#include <drivers/arm/cryptocell/cc_rotpk.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/common_def.h>
#include <plat/common/platform.h>
@@ -109,10 +108,6 @@
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags)
{
-#if ARM_CRYPTOCELL_INTEG
- return arm_get_rotpk_info_cc(key_ptr, key_len, flags);
-#else
-
#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \
(ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID)
return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
@@ -121,6 +116,4 @@
#else
return 1;
#endif
-
-#endif /* ARM_CRYPTOCELL_INTEG */
}
diff --git a/plat/arm/board/morello/fdts/morello_nt_fw_config.dts b/plat/arm/board/morello/fdts/morello_nt_fw_config.dts
index e730d34..6ec282d 100644
--- a/plat/arm/board/morello/fdts/morello_nt_fw_config.dts
+++ b/plat/arm/board/morello/fdts/morello_nt_fw_config.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -23,4 +23,19 @@
scc-config = <0x0>;
#endif
};
+
+ /*
+ * Placeholder for firmware-version node with default values.
+ * The value will be set to the correct values during
+ * the BL2 stage of boot.
+ */
+ firmware-version {
+#ifdef TARGET_PLATFORM_SOC
+ mcc-fw-version = <0x0>;
+ pcc-fw-version = <0x0>;
+#endif
+ scp-fw-version = <0x0>;
+ scp-fw-commit = <0x0>;
+ tfa-fw-version = "unknown-dirty_00000000";
+ };
};
diff --git a/plat/arm/board/morello/morello_def.h b/plat/arm/board/morello/morello_def.h
index e42a03c..25122e6 100644
--- a/plat/arm/board/morello/morello_def.h
+++ b/plat/arm/board/morello/morello_def.h
@@ -15,6 +15,15 @@
MORELLO_NS_SRAM_SIZE, \
MT_DEVICE | MT_RW | MT_SECURE)
+/* SDS Firmware version defines */
+#define MORELLO_SDS_FIRMWARE_VERSION_STRUCT_ID U(2)
+#define MORELLO_SDS_FIRMWARE_VERSION_OFFSET U(0)
+#ifdef TARGET_PLATFORM_FVP
+# define MORELLO_SDS_FIRMWARE_VERSION_SIZE U(8)
+#else
+# define MORELLO_SDS_FIRMWARE_VERSION_SIZE U(16)
+#endif
+
/* SDS Platform information defines */
#define MORELLO_SDS_PLATFORM_INFO_STRUCT_ID U(8)
#define MORELLO_SDS_PLATFORM_INFO_OFFSET U(0)
@@ -122,8 +131,40 @@
} __packed;
#endif
-/* Compile time assertion to ensure the size of structure is of the required bytes */
+/* SDS Firmware revision struct definition */
+#ifdef TARGET_PLATFORM_FVP
+/*
+ * Firmware revision structure stored in SDS.
+ * This structure holds information about firmware versions.
+ * - SCP firmware version
+ * - SCP firmware commit
+ */
+struct morello_firmware_version {
+ uint32_t scp_fw_ver;
+ uint32_t scp_fw_commit;
+} __packed;
+#else
+/*
+ * Firmware revision structure stored in SDS.
+ * This structure holds information about firmware versions.
+ * - SCP firmware version
+ * - SCP firmware commit
+ * - MCC firmware version
+ * - PCC firmware version
+ */
+struct morello_firmware_version {
+ uint32_t scp_fw_ver;
+ uint32_t scp_fw_commit;
+ uint32_t mcc_fw_ver;
+ uint32_t pcc_fw_ver;
+} __packed;
+#endif
+
+/* Compile time assertions to ensure the size of structures are of the required bytes */
CASSERT(sizeof(struct morello_plat_info) == MORELLO_SDS_PLATFORM_INFO_SIZE,
assert_invalid_plat_info_size);
+CASSERT(sizeof(struct morello_firmware_version) == MORELLO_SDS_FIRMWARE_VERSION_SIZE,
+ assert_invalid_firmware_version_size);
+
#endif /* MORELLO_DEF_H */
diff --git a/plat/arm/board/morello/morello_image_load.c b/plat/arm/board/morello/morello_image_load.c
index b5d9bd5..4ea2bb3 100644
--- a/plat/arm/board/morello/morello_image_load.c
+++ b/plat/arm/board/morello/morello_image_load.c
@@ -23,7 +23,8 @@
}
/*******************************************************************************
- * This function inserts Platform information via device tree nodes as,
+ * This function inserts Platform information and firmware versions
+ * via device tree nodes as,
* platform-info {
* local-ddr-size = <0x0 0x0>;
*#ifdef TARGET_PLATFORM_SOC
@@ -33,12 +34,22 @@
* scc-config = <0x0>;
*#endif
* };
+ * firmware-version {
+ *#ifdef TARGET_PLATFORM_SOC
+ * mcc-fw-version = <0x0>;
+ * pcc-fw-version = <0x0>;
+ *#endif
+ * scp-fw-version = <0x0>;
+ * scp-fw-commit = <0x0>;
+ * tfa-fw-version = "unknown-dirty_00000000";
+ * };
******************************************************************************/
-static int plat_morello_append_config_node(struct morello_plat_info *plat_info)
+static int plat_morello_append_config_node(struct morello_plat_info *plat_info,
+ struct morello_firmware_version *fw_version)
{
bl_mem_params_node_t *mem_params;
void *fdt;
- int nodeoffset, err;
+ int nodeoffset_plat, nodeoffset_fw, err;
uint64_t usable_mem_size;
usable_mem_size = plat_info->local_ddr_size;
@@ -57,35 +68,41 @@
return -1;
}
- nodeoffset = fdt_subnode_offset(fdt, 0, "platform-info");
- if (nodeoffset < 0) {
+ nodeoffset_plat = fdt_subnode_offset(fdt, 0, "platform-info");
+ if (nodeoffset_plat < 0) {
ERROR("NT_FW_CONFIG: Failed to get platform-info node offset\n");
return -1;
}
+ nodeoffset_fw = fdt_subnode_offset(fdt, 0, "firmware-version");
+ if (nodeoffset_fw < 0) {
+ ERROR("NT_FW_CONFIG: Failed to get firmware-version node offset\n");
+ return -1;
+ }
+
#ifdef TARGET_PLATFORM_SOC
- err = fdt_setprop_u64(fdt, nodeoffset, "remote-ddr-size",
+ err = fdt_setprop_u64(fdt, nodeoffset_plat, "remote-ddr-size",
plat_info->remote_ddr_size);
if (err < 0) {
ERROR("NT_FW_CONFIG: Failed to set remote-ddr-size\n");
return -1;
}
- err = fdt_setprop_u32(fdt, nodeoffset, "remote-chip-count",
+ err = fdt_setprop_u32(fdt, nodeoffset_plat, "remote-chip-count",
plat_info->remote_chip_count);
if (err < 0) {
ERROR("NT_FW_CONFIG: Failed to set remote-chip-count\n");
return -1;
}
- err = fdt_setprop_u32(fdt, nodeoffset, "multichip-mode",
+ err = fdt_setprop_u32(fdt, nodeoffset_plat, "multichip-mode",
plat_info->multichip_mode);
if (err < 0) {
ERROR("NT_FW_CONFIG: Failed to set multichip-mode\n");
return -1;
}
- err = fdt_setprop_u32(fdt, nodeoffset, "scc-config",
+ err = fdt_setprop_u32(fdt, nodeoffset_plat, "scc-config",
plat_info->scc_config);
if (err < 0) {
ERROR("NT_FW_CONFIG: Failed to set scc-config\n");
@@ -95,8 +112,41 @@
if (plat_info->scc_config & MORELLO_SCC_CLIENT_MODE_MASK) {
usable_mem_size = get_mem_client_mode(plat_info->local_ddr_size);
}
+
+ err = fdt_setprop_u32(fdt, nodeoffset_fw, "mcc-fw-version",
+ fw_version->mcc_fw_ver);
+ if (err < 0) {
+ ERROR("NT_FW_CONFIG: Failed to set mcc-fw-version\n");
+ return -1;
+ }
+
+ err = fdt_setprop_u32(fdt, nodeoffset_fw, "pcc-fw-version",
+ fw_version->pcc_fw_ver);
+ if (err < 0) {
+ ERROR("NT_FW_CONFIG: Failed to set pcc-fw-version\n");
+ return -1;
+ }
#endif
- err = fdt_setprop_u64(fdt, nodeoffset, "local-ddr-size",
+ err = fdt_setprop_u32(fdt, nodeoffset_fw, "scp-fw-version",
+ fw_version->scp_fw_ver);
+ if (err < 0) {
+ ERROR("NT_FW_CONFIG: Failed to set scp-fw-version\n");
+ return -1;
+ }
+
+ err = fdt_setprop_u32(fdt, nodeoffset_fw, "scp-fw-commit",
+ fw_version->scp_fw_commit);
+ if (err < 0) {
+ ERROR("NT_FW_CONFIG: Failed to set scp-fw-commit\n");
+ return -1;
+ }
+
+ err = fdt_setprop_string(fdt, nodeoffset_fw, "tfa-fw-version", version_string);
+ if (err < 0) {
+ WARN("NT_FW_CONFIG: Unable to set tfa-fw-version\n");
+ }
+
+ err = fdt_setprop_u64(fdt, nodeoffset_plat, "local-ddr-size",
usable_mem_size);
if (err < 0) {
ERROR("NT_FW_CONFIG: Failed to set local-ddr-size\n");
@@ -115,6 +165,7 @@
{
int ret;
struct morello_plat_info plat_info;
+ struct morello_firmware_version fw_version;
ret = sds_init();
if (ret != SDS_OK) {
@@ -132,6 +183,16 @@
panic();
}
+ ret = sds_struct_read(MORELLO_SDS_FIRMWARE_VERSION_STRUCT_ID,
+ MORELLO_SDS_FIRMWARE_VERSION_OFFSET,
+ &fw_version,
+ MORELLO_SDS_FIRMWARE_VERSION_SIZE,
+ SDS_ACCESS_MODE_NON_CACHED);
+ if (ret != SDS_OK) {
+ ERROR("Error getting firmware version from SDS. ret:%d\n", ret);
+ panic();
+ }
+
/* Validate plat_info SDS */
#ifdef TARGET_PLATFORM_FVP
if (plat_info.local_ddr_size == 0U) {
@@ -146,7 +207,7 @@
panic();
}
- ret = plat_morello_append_config_node(&plat_info);
+ ret = plat_morello_append_config_node(&plat_info, &fw_version);
if (ret != 0) {
panic();
}
diff --git a/plat/arm/board/n1sdp/platform.mk b/plat/arm/board/n1sdp/platform.mk
index bd62614..f937ee7 100644
--- a/plat/arm/board/n1sdp/platform.mk
+++ b/plat/arm/board/n1sdp/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -14,6 +14,10 @@
N1SDP_CPU_SOURCES := lib/cpus/aarch64/neoverse_n1.S
+# Neoverse N1 cores support Armv8.2 extensions
+ARM_ARCH_MAJOR := 8
+ARM_ARCH_MINOR := 2
+
# GIC-600 configuration
GICV3_SUPPORT_GIC600 := 1
GICV3_IMPL_GIC600_MULTICHIP := 1
diff --git a/plat/arm/board/rdn2/platform.mk b/plat/arm/board/rdn2/platform.mk
index 1506714..ef8f3d4 100644
--- a/plat/arm/board/rdn2/platform.mk
+++ b/plat/arm/board/rdn2/platform.mk
@@ -69,7 +69,7 @@
BL31_CFLAGS += -DPLAT_XLAT_TABLES_DYNAMIC
endif
-ifeq (${RAS_FFH_SUPPORT},1)
+ifeq (${ENABLE_FEAT_RAS}-${HANDLE_EA_EL3_FIRST_NS},1-1)
BL31_SOURCES += ${RDN2_BASE}/rdn2_ras.c \
${CSS_ENT_BASE}/ras/sgi_ras_common.c \
${CSS_ENT_BASE}/ras/sgi_ras_sram.c \
diff --git a/plat/arm/board/rdn2/rdn2_plat.c b/plat/arm/board/rdn2/rdn2_plat.c
index f117456..2a6c658 100644
--- a/plat/arm/board/rdn2/rdn2_plat.c
+++ b/plat/arm/board/rdn2/rdn2_plat.c
@@ -137,7 +137,7 @@
sgi_bl31_common_platform_setup();
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
sgi_ras_platform_setup(&ras_config);
#endif
}
diff --git a/plat/arm/board/rdn2/rdn2_security.c b/plat/arm/board/rdn2/rdn2_security.c
index b836a7f..7cd4a1c 100644
--- a/plat/arm/board/rdn2/rdn2_security.c
+++ b/plat/arm/board/rdn2/rdn2_security.c
@@ -15,7 +15,7 @@
static const arm_tzc_regions_info_t tzc_regions[] = {
ARM_TZC_REGIONS_DEF,
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
RDN2_TZC_CPER_REGION,
#endif
{}
diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk
index 8ca33ca..6874cfa 100644
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@@ -9,6 +9,11 @@
$(error Platform ${PLAT}$(TARGET_PLATFORM) is deprecated.)
endif
+ifeq ($(TARGET_PLATFORM), 1)
+ $(warning Platform ${PLAT}$(TARGET_PLATFORM) is deprecated. \
+ Some of the features might not work as expected)
+endif
+
ifeq ($(shell expr $(TARGET_PLATFORM) \<= 2), 0)
$(error TARGET_PLATFORM must be less than or equal to 2)
endif
@@ -21,8 +26,6 @@
ENABLE_FEAT_RAS := 1
-RAS_FFH_SUPPORT := 0
-
SDEI_SUPPORT := 0
EL3_EXCEPTION_HANDLING := 0
diff --git a/plat/arm/common/aarch64/arm_helpers.S b/plat/arm/common/aarch64/arm_helpers.S
index ed85ea1..3e56691 100644
--- a/plat/arm/common/aarch64/arm_helpers.S
+++ b/plat/arm/common/aarch64/arm_helpers.S
@@ -86,51 +86,3 @@
func platform_mem_init
ret
endfunc platform_mem_init
-
-/*
- * Need to use coherent stack when ARM Cryptocell is used to autheticate images
- * since Cryptocell uses DMA to transfer data and it is not coherent with the
- * AP CPU.
- */
-#if ARM_CRYPTOCELL_INTEG
-#if defined(IMAGE_BL1) || defined(IMAGE_BL2)
- .globl plat_get_my_stack
- .globl plat_set_my_stack
- .local platform_coherent_stacks
-
- /* -------------------------------------------------------
- * uintptr_t plat_get_my_stack ()
- *
- * For cold-boot BL images, only the primary CPU needs a
- * stack. This function returns the stack pointer for a
- * stack allocated in coherent memory.
- * -------------------------------------------------------
- */
-func plat_get_my_stack
- get_up_stack platform_coherent_stacks, PLATFORM_STACK_SIZE
- ret
-endfunc plat_get_my_stack
-
- /* -------------------------------------------------------
- * void plat_set_my_stack ()
- *
- * For cold-boot BL images, only the primary CPU needs a
- * stack. This function sets the stack pointer to a stack
- * allocated in coherent memory.
- * -------------------------------------------------------
- */
-func plat_set_my_stack
- get_up_stack platform_coherent_stacks, PLATFORM_STACK_SIZE
- mov sp, x0
- ret
-endfunc plat_set_my_stack
-
- /* ----------------------------------------------------
- * Single cpu stack in coherent memory.
- * ----------------------------------------------------
- */
-declare_stack platform_coherent_stacks, .tzfw_coherent_mem, \
- PLATFORM_STACK_SIZE, 1, CACHE_WRITEBACK_GRANULE
-
-#endif /* defined(IMAGE_BL1) || defined(IMAGE_BL2) */
-#endif /* ARM_CRYPTOCELL_INTEG */
diff --git a/plat/arm/common/arm_bl1_setup.c b/plat/arm/common/arm_bl1_setup.c
index 7000236..feff691 100644
--- a/plat/arm/common/arm_bl1_setup.c
+++ b/plat/arm/common/arm_bl1_setup.c
@@ -108,11 +108,8 @@
*****************************************************************************/
void arm_bl1_plat_arch_setup(void)
{
-#if USE_COHERENT_MEM && !ARM_CRYPTOCELL_INTEG
- /*
- * Ensure ARM platforms don't use coherent memory in BL1 unless
- * cryptocell integration is enabled.
- */
+#if USE_COHERENT_MEM
+ /* Ensure ARM platforms don't use coherent memory in BL1. */
assert((BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE) == 0U);
#endif
@@ -123,9 +120,6 @@
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
-#if ARM_CRYPTOCELL_INTEG
- ARM_MAP_BL_COHERENT_RAM,
-#endif
{0}
};
diff --git a/plat/arm/common/arm_bl2_el3_setup.c b/plat/arm/common/arm_bl2_el3_setup.c
index b598c59..01e0db0 100644
--- a/plat/arm/common/arm_bl2_el3_setup.c
+++ b/plat/arm/common/arm_bl2_el3_setup.c
@@ -7,6 +7,7 @@
#include <assert.h>
#include <drivers/generic_delay_timer.h>
+#include <drivers/partition/partition.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <platform_def.h>
@@ -94,7 +95,15 @@
void bl2_el3_plat_arch_setup(void)
{
+ int __maybe_unused ret;
arm_bl2_el3_plat_arch_setup();
+#if ARM_GPT_SUPPORT
+ ret = gpt_partition_init();
+ if (ret != 0) {
+ ERROR("GPT partition initialisation failed!\n");
+ panic();
+ }
+#endif /* ARM_GPT_SUPPORT */
}
void bl2_el3_plat_prepare_exit(void)
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index b142b62..3e8109e 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -69,6 +69,8 @@
void arm_bl2_early_platform_setup(uintptr_t fw_config,
struct meminfo *mem_layout)
{
+ int __maybe_unused ret;
+
/* Initialize the console to provide early debug support */
arm_console_boot_init();
@@ -82,9 +84,13 @@
/* Load partition table */
#if ARM_GPT_SUPPORT
- partition_init(GPT_IMAGE_ID);
-#endif /* ARM_GPT_SUPPORT */
+ ret = gpt_partition_init();
+ if (ret != 0) {
+ ERROR("GPT partition initialisation failed!\n");
+ panic();
+ }
+#endif /* ARM_GPT_SUPPORT */
}
void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3)
@@ -178,11 +184,8 @@
******************************************************************************/
void arm_bl2_plat_arch_setup(void)
{
-#if USE_COHERENT_MEM && !ARM_CRYPTOCELL_INTEG
- /*
- * Ensure ARM platforms don't use coherent memory in BL2 unless
- * cryptocell integration is enabled.
- */
+#if USE_COHERENT_MEM
+ /* Ensure ARM platforms don't use coherent memory in BL2. */
assert((BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE) == 0U);
#endif
@@ -193,9 +196,6 @@
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
-#if ARM_CRYPTOCELL_INTEG
- ARM_MAP_BL_COHERENT_RAM,
-#endif
ARM_MAP_BL_CONFIG_REGION,
#if ENABLE_RME
ARM_MAP_L0_GPT_REGION,
@@ -312,8 +312,3 @@
#endif
return arm_bl2_handle_post_image_load(image_id);
}
-
-int bl2_plat_handle_post_image_load(unsigned int image_id)
-{
- return arm_bl2_plat_handle_post_image_load(image_id);
-}
diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c
index cfd1aac..8e90615 100644
--- a/plat/arm/common/arm_bl31_setup.c
+++ b/plat/arm/common/arm_bl31_setup.c
@@ -198,6 +198,24 @@
while (bl_params != NULL) {
if (bl_params->image_id == BL32_IMAGE_ID) {
bl32_image_ep_info = *bl_params->ep_info;
+#if SPMC_AT_EL3
+ /*
+ * Populate the BL32 image base, size and max limit in
+ * the entry point information, since there is no
+ * platform function to retrieve them in generic
+ * code. We choose arg2, arg3 and arg4 since the generic
+ * code uses arg1 for stashing the SP manifest size. The
+ * SPMC setup uses these arguments to update SP manifest
+ * with actual SP's base address and it size.
+ */
+ bl32_image_ep_info.args.arg2 =
+ bl_params->image_info->image_base;
+ bl32_image_ep_info.args.arg3 =
+ bl_params->image_info->image_size;
+ bl32_image_ep_info.args.arg4 =
+ bl_params->image_info->image_base +
+ bl_params->image_info->image_max_size;
+#endif
}
#if ENABLE_RME
else if (bl_params->image_id == RMM_IMAGE_ID) {
@@ -295,7 +313,7 @@
/* Initialize power controller before setting up topology */
plat_arm_pwrc_setup();
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
ras_init();
#endif
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 41d1b66..ae0d85d 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -164,24 +164,11 @@
endif
endif
-# Disable ARM Cryptocell by default
-ARM_CRYPTOCELL_INTEG := 0
-$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG))
-$(eval $(call add_define,ARM_CRYPTOCELL_INTEG))
-
# Enable PIE support for RESET_TO_BL31/RESET_TO_SP_MIN case
ifneq ($(filter 1,${RESET_TO_BL31} ${RESET_TO_SP_MIN}),)
ENABLE_PIE := 1
endif
-# CryptoCell integration relies on coherent buffers for passing data from
-# the AP CPU to the CryptoCell
-ifeq (${ARM_CRYPTOCELL_INTEG},1)
- ifeq (${USE_COHERENT_MEM},0)
- $(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.")
- endif
-endif
-
# Disable GPT parser support, use FIP image by default
ARM_GPT_SUPPORT := 0
$(eval $(call assert_boolean,ARM_GPT_SUPPORT))
@@ -331,9 +318,11 @@
ifeq (${ARCH}, aarch64)
BL31_SOURCES += plat/arm/common/aarch64/execution_state_switch.c\
plat/arm/common/arm_sip_svc.c \
+ plat/arm/common/plat_arm_sip_svc.c \
${ARM_SVC_HANDLER_SRCS}
else
BL32_SOURCES += plat/arm/common/arm_sip_svc.c \
+ plat/arm/common/plat_arm_sip_svc.c \
${ARM_SVC_HANDLER_SRCS}
endif
endif
@@ -350,7 +339,7 @@
endif
# RAS sources
-ifeq (${RAS_FFH_SUPPORT},1)
+ifeq (${ENABLE_FEAT_RAS}-${HANDLE_EA_EL3_FIRST_NS},1-1)
BL31_SOURCES += lib/extensions/ras/std_err_record.c \
lib/extensions/ras/ras_common.c
endif
@@ -445,11 +434,7 @@
BL31_SOURCES += drivers/auth/crypto_mod.c
# We expect to locate the *.mk files under the directories specified below
- ifeq (${ARM_CRYPTOCELL_INTEG},0)
- CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
- else
- CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
- endif
+ CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
$(info Including ${CRYPTO_LIB_MK})
include ${CRYPTO_LIB_MK}
diff --git a/plat/arm/common/arm_gicv3.c b/plat/arm/common/arm_gicv3.c
index 8c16877..5becbcd 100644
--- a/plat/arm/common/arm_gicv3.c
+++ b/plat/arm/common/arm_gicv3.c
@@ -41,7 +41,7 @@
static const interrupt_prop_t arm_interrupt_props[] = {
PLAT_ARM_G1S_IRQ_PROPS(INTR_GROUP1S),
PLAT_ARM_G0_IRQ_PROPS(INTR_GROUP0),
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
INTR_PROP_DESC(PLAT_CORE_FAULT_IRQ, PLAT_RAS_PRI, INTR_GROUP0,
GIC_INTR_CFG_LEVEL)
#endif
diff --git a/plat/arm/common/arm_sip_svc.c b/plat/arm/common/arm_sip_svc.c
index 352d477..09226f4 100644
--- a/plat/arm/common/arm_sip_svc.c
+++ b/plat/arm/common/arm_sip_svc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,9 +13,6 @@
#include <lib/pmf/pmf.h>
#include <plat/arm/common/arm_sip_svc.h>
#include <plat/arm/common/plat_arm.h>
-#if ENABLE_SPMD_LP
-#include <services/el3_spmd_logical_sp.h>
-#endif
#include <tools_share/uuid.h>
/* ARM SiP Service UUID */
@@ -136,15 +133,16 @@
SMC_RET2(handle, ARM_SIP_SVC_VERSION_MAJOR, ARM_SIP_SVC_VERSION_MINOR);
default:
-#if ENABLE_SPMD_LP
- return plat_spmd_logical_sp_smc_handler(smc_fid, x1, x2, x3, x4,
- cookie, handle, flags);
-#else
- WARN("Unimplemented ARM SiP Service Call: 0x%x \n", smc_fid);
- SMC_RET1(handle, SMC_UNK);
-#endif
+ break;
}
+ /*
+ * Fall back to allow Arm platform specific handler.
+ * TODO: Refactor needed to move out generic handlers from this file and
+ * only keep Arm Platform specific handlers here.
+ */
+ return plat_arm_sip_handler(smc_fid, x1, x2, x3, x4,
+ cookie, handle, flags);
}
diff --git a/plat/arm/common/fconf/arm_fconf_io.c b/plat/arm/common/fconf/arm_fconf_io.c
index 27acc3a..07f6a82 100644
--- a/plat/arm/common/fconf/arm_fconf_io.c
+++ b/plat/arm/common/fconf/arm_fconf_io.c
@@ -45,10 +45,21 @@
* each sector has 4 partition entries, and there are
* 2 reserved sectors i.e. protective MBR and primary
* GPT header hence length gets calculated as,
- * length = 512 * (128/4 + 2)
+ * length = PLAT_PARTITION_BLOCK_SIZE * (128/4 + 2)
*/
- .length = PLAT_PARTITION_BLOCK_SIZE *
- (PLAT_PARTITION_MAX_ENTRIES / 4 + 2),
+ .length = LBA(PLAT_PARTITION_MAX_ENTRIES / 4 + 2),
+};
+
+/*
+ * length will be assigned at runtime based on MBR header data.
+ * Backup GPT Header is present in Last LBA-1 and its entries
+ * are last 32 blocks starts at LBA-33, On runtime update these
+ * before device usage. Update offset to beginning LBA-33 and
+ * length to LBA-33.
+ */
+static io_block_spec_t bkup_gpt_spec = {
+ .offset = PLAT_ARM_FLASH_IMAGE_BASE,
+ .length = 0,
};
#endif /* ARM_GPT_SUPPORT */
@@ -107,6 +118,11 @@
(uintptr_t)&gpt_spec,
open_memmap
},
+ [BKUP_GPT_IMAGE_ID] = {
+ &memmap_dev_handle,
+ (uintptr_t)&bkup_gpt_spec,
+ open_memmap
+ },
#endif /* ARM_GPT_SUPPORT */
#if PSA_FWU_SUPPORT
[FWU_METADATA_IMAGE_ID] = {
diff --git a/plat/arm/common/plat_arm_sip_svc.c b/plat/arm/common/plat_arm_sip_svc.c
new file mode 100644
index 0000000..b1dab16
--- /dev/null
+++ b/plat/arm/common/plat_arm_sip_svc.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+
+#include <common/debug.h>
+#include <common/runtime_svc.h>
+
+#include <plat/arm/common/arm_sip_svc.h>
+#include <plat/common/platform.h>
+
+#if ENABLE_SPMD_LP
+#include <services/el3_spmd_logical_sp.h>
+#endif
+
+uintptr_t plat_arm_sip_handler(uint32_t smc_fid,
+ u_register_t x1,
+ u_register_t x2,
+ u_register_t x3,
+ u_register_t x4,
+ void *cookie,
+ void *handle,
+ u_register_t flags)
+{
+#if PLAT_TEST_SPM
+ bool secure_origin;
+
+ /* Determine which security state this SMC originated from */
+ secure_origin = is_caller_secure(flags);
+
+ switch (smc_fid) {
+ case ARM_SIP_SET_INTERRUPT_PENDING:
+ if (!secure_origin) {
+ SMC_RET1(handle, SMC_UNK);
+ }
+
+ VERBOSE("SiP Call- Set interrupt pending %d\n", (uint32_t)x1);
+ plat_ic_set_interrupt_pending(x1);
+
+ SMC_RET1(handle, SMC_OK);
+ break; /* Not reached */
+ default:
+ break;
+ }
+#endif
+
+#if ENABLE_SPMD_LP
+ return plat_spmd_logical_sp_smc_handler(smc_fid, x1, x2, x3, x4,
+ cookie, handle, flags);
+#else
+ WARN("Unimplemented ARM SiP Service Call: 0x%x\n", smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+#endif
+}
diff --git a/plat/arm/css/common/css_bl2_setup.c b/plat/arm/css/common/css_bl2_setup.c
index 002c6eb..1e055c5 100644
--- a/plat/arm/css/common/css_bl2_setup.c
+++ b/plat/arm/css/common/css_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -84,3 +84,8 @@
# endif /* EL3_PAYLOAD_BASE */
#endif /* CSS_USE_SCMI_SDS_DRIVER */
+
+int bl2_plat_handle_post_image_load(unsigned int image_id)
+{
+ return arm_bl2_plat_handle_post_image_load(image_id);
+}
diff --git a/plat/arm/css/sgi/include/sgi_base_platform_def.h b/plat/arm/css/sgi/include/sgi_base_platform_def.h
index 8a13bf3..dab5f8b 100644
--- a/plat/arm/css/sgi/include/sgi_base_platform_def.h
+++ b/plat/arm/css/sgi/include/sgi_base_platform_def.h
@@ -34,10 +34,10 @@
*/
#if defined(IMAGE_BL31)
# if SPM_MM || (SPMC_AT_EL3 && SPMC_AT_EL3_SEL0_SP)
-# define PLAT_ARM_MMAP_ENTRIES (9 + ((CSS_SGI_CHIP_COUNT - 1) * 3))
-# define MAX_XLAT_TABLES (7 + ((CSS_SGI_CHIP_COUNT - 1) * 3))
-# define PLAT_SP_IMAGE_MMAP_REGIONS 10
-# define PLAT_SP_IMAGE_MAX_XLAT_TABLES 12
+# define PLAT_ARM_MMAP_ENTRIES (10 + ((CSS_SGI_CHIP_COUNT - 1) * 3))
+# define MAX_XLAT_TABLES (8 + ((CSS_SGI_CHIP_COUNT - 1) * 3))
+# define PLAT_SP_IMAGE_MMAP_REGIONS 12
+# define PLAT_SP_IMAGE_MAX_XLAT_TABLES 14
# else
# define PLAT_ARM_MMAP_ENTRIES (5 + ((CSS_SGI_CHIP_COUNT - 1) * 3))
# define MAX_XLAT_TABLES (6 + ((CSS_SGI_CHIP_COUNT - 1) * 3))
@@ -105,7 +105,7 @@
* A buffer of ~35KB is added to account for future expansion of the image,
* making it a total of 100KB.
*/
-#define CSS_SGI_BL31_SIZE (100 * 1024) /* 100 KB */
+#define CSS_SGI_BL31_SIZE (116 * 1024) /* 116 KB */
#define PLAT_ARM_MAX_BL31_SIZE (CSS_SGI_BL31_SIZE + \
PLAT_ARM_MAX_BL2_SIZE + \
PLAT_ARM_MAX_BL1_RW_SIZE)
@@ -204,20 +204,20 @@
SOC_CSS_DEVICE_SIZE, \
MT_DEVICE | MT_RW | MT_SECURE | MT_USER)
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
#define PLAT_SP_PRI PLAT_RAS_PRI
#else
#define PLAT_SP_PRI 0x10
#endif
-#if (SPM_MM || (SPMC_AT_EL3 && SPMC_AT_EL3_SEL0_SP)) && RAS_FFH_SUPPORT
+#if (SPM_MM || (SPMC_AT_EL3 && SPMC_AT_EL3_SEL0_SP)) && ENABLE_FEAT_RAS && FFH_SUPPORT
/*
* CPER buffer memory of 128KB is reserved and it is placed adjacent to the
* memory shared between EL3 and S-EL0.
*/
#define CSS_SGI_SP_CPER_BUF_BASE (PLAT_SP_IMAGE_NS_BUF_BASE + \
PLAT_SP_IMAGE_NS_BUF_SIZE)
-#define CSS_SGI_SP_CPER_BUF_SIZE ULL(0x20000)
+#define CSS_SGI_SP_CPER_BUF_SIZE ULL(0x10000)
#define CSS_SGI_SP_CPER_BUF_MMAP MAP_REGION2( \
CSS_SGI_SP_CPER_BUF_BASE, \
CSS_SGI_SP_CPER_BUF_BASE, \
@@ -239,7 +239,7 @@
*/
#define PLAT_ARM_SP_IMAGE_STACK_BASE (PLAT_SP_IMAGE_NS_BUF_BASE + \
PLAT_SP_IMAGE_NS_BUF_SIZE)
-#endif /* SPM_MM && RAS_FFH_SUPPORT */
+#endif /* SPM_MM && ENABLE_FEAT_RAS && FFH_SUPPORT */
/* Platform ID address */
#define SSC_VERSION (SSC_REG_BASE + SSC_VERSION_OFFSET)
diff --git a/plat/arm/css/sgi/sgi-common.mk b/plat/arm/css/sgi/sgi-common.mk
index 358316c..2cd7034 100644
--- a/plat/arm/css/sgi/sgi-common.mk
+++ b/plat/arm/css/sgi/sgi-common.mk
@@ -10,8 +10,6 @@
ENABLE_FEAT_RAS := 1
-RAS_FFH_SUPPORT := 0
-
SDEI_SUPPORT := 0
EL3_EXCEPTION_HANDLING := 0
diff --git a/plat/arm/css/sgi/sgi_plat.c b/plat/arm/css/sgi/sgi_plat.c
index 7f79d54..01b426e 100644
--- a/plat/arm/css/sgi/sgi_plat.c
+++ b/plat/arm/css/sgi/sgi_plat.c
@@ -93,7 +93,7 @@
PLAT_ARM_SECURE_MAP_DEVICE,
ARM_SP_IMAGE_MMAP,
ARM_SP_IMAGE_NS_BUF_MMAP,
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
CSS_SGI_SP_CPER_BUF_MMAP,
#endif
ARM_SP_IMAGE_RW_MMAP,
diff --git a/plat/arm/css/sgi/sgi_plat_v2.c b/plat/arm/css/sgi/sgi_plat_v2.c
index 85f99d4..624fed3 100644
--- a/plat/arm/css/sgi/sgi_plat_v2.c
+++ b/plat/arm/css/sgi/sgi_plat_v2.c
@@ -87,7 +87,7 @@
SOC_PLATFORM_PERIPH_MAP_DEVICE_USER,
ARM_SP_IMAGE_MMAP,
ARM_SP_IMAGE_NS_BUF_MMAP,
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
CSS_SGI_SP_CPER_BUF_MMAP,
#endif
ARM_SP_IMAGE_RW_MMAP,
diff --git a/plat/aspeed/ast2700/plat_bl31_setup.c b/plat/aspeed/ast2700/plat_bl31_setup.c
index fde5dbb..92a48ff 100644
--- a/plat/aspeed/ast2700/plat_bl31_setup.c
+++ b/plat/aspeed/ast2700/plat_bl31_setup.c
@@ -76,6 +76,12 @@
BL_END - BL_CODE_END,
MT_RW_DATA | MT_SECURE);
+#if USE_COHERENT_MEM
+ mmap_add_region(BL_COHERENT_RAM_BASE, BL_COHERENT_RAM_BASE,
+ BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE,
+ MT_DEVICE | MT_RW | MT_SECURE);
+#endif
+
mmap_add_region(BL32_BASE, BL32_BASE, BL32_SIZE,
MT_MEMORY | MT_RW);
diff --git a/plat/common/aarch64/plat_common.c b/plat/common/aarch64/plat_common.c
index eca81b1..ab99b15 100644
--- a/plat/common/aarch64/plat_common.c
+++ b/plat/common/aarch64/plat_common.c
@@ -11,7 +11,7 @@
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/console.h>
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
#include <lib/extensions/ras.h>
#endif
#include <lib/xlat_tables/xlat_mmu_helpers.h>
@@ -29,7 +29,9 @@
#pragma weak plat_sdei_validate_entry_point
#endif
+#if FFH_SUPPORT
#pragma weak plat_ea_handler = plat_default_ea_handler
+#endif
void bl31_plat_runtime_setup(void)
{
@@ -77,11 +79,12 @@
return "EL1";
}
+#if FFH_SUPPORT
/* Handler for External Aborts from lower EL including RAS errors */
void plat_default_ea_handler(unsigned int ea_reason, uint64_t syndrome, void *cookie,
void *handle, uint64_t flags)
{
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
/* Call RAS EA handler */
int handled = ras_ea_handler(ea_reason, syndrome, cookie, handle, flags);
if (handled != 0)
@@ -99,3 +102,4 @@
*/
lower_el_panic();
}
+#endif
diff --git a/plat/common/aarch64/plat_ehf.c b/plat/common/aarch64/plat_ehf.c
index 41b175d..6100a20 100644
--- a/plat/common/aarch64/plat_ehf.c
+++ b/plat/common/aarch64/plat_ehf.c
@@ -12,7 +12,7 @@
* Enumeration of priority levels on ARM platforms.
*/
ehf_pri_desc_t plat_exceptions[] = {
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
/* RAS Priority */
EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_RAS_PRI),
#endif
@@ -26,7 +26,7 @@
#endif
#if SPM_MM || (SPMC_AT_EL3 && SPMC_AT_EL3_SEL0_SP)
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
#if (PLAT_SP_PRI != PLAT_RAS_PRI)
EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_SP_PRI),
#endif
diff --git a/plat/intel/soc/agilex/include/socfpga_plat_def.h b/plat/intel/soc/agilex/include/socfpga_plat_def.h
index a744d09..ff7d971 100644
--- a/plat/intel/soc/agilex/include/socfpga_plat_def.h
+++ b/plat/intel/soc/agilex/include/socfpga_plat_def.h
@@ -65,7 +65,7 @@
#define DEVICE4_SIZE (0x0100000000)
#define BL2_BASE (0xffe00000)
-#define BL2_LIMIT (0xffe1b000)
+#define BL2_LIMIT (0xffe2b000)
#define BL31_BASE (0x1000)
#define BL31_LIMIT (0x81000)
@@ -77,6 +77,11 @@
#define PLAT_UART1_BASE (0xFFC02100)
/*******************************************************************************
+ * WDT related constants
+ ******************************************************************************/
+#define WDT_BASE (0xFFD00200)
+
+/*******************************************************************************
* GIC related constants
******************************************************************************/
#define PLAT_GIC_BASE (0xFFFC0000)
diff --git a/plat/intel/soc/agilex5/bl2_plat_setup.c b/plat/intel/soc/agilex5/bl2_plat_setup.c
index a2fafd2..3912ba8 100644
--- a/plat/intel/soc/agilex5/bl2_plat_setup.c
+++ b/plat/intel/soc/agilex5/bl2_plat_setup.c
@@ -84,7 +84,8 @@
PLAT_BAUDRATE, &console);
/* Store magic number */
- mmio_write_32(L2_RESET_DONE_REG, PLAT_L2_RESET_REQ);
+ // TODO: Temp workaround to ungate testing
+ // mmio_write_32(L2_RESET_DONE_REG, PLAT_L2_RESET_REQ);
}
void bl2_el3_plat_arch_setup(void)
diff --git a/plat/intel/soc/agilex5/include/socfpga_plat_def.h b/plat/intel/soc/agilex5/include/socfpga_plat_def.h
index 8a49d61..597612f 100644
--- a/plat/intel/soc/agilex5/include/socfpga_plat_def.h
+++ b/plat/intel/soc/agilex5/include/socfpga_plat_def.h
@@ -23,9 +23,12 @@
#define PLAT_CPU_ID_MPIDR_AFF_SHIFT MPIDR_AFF1_SHIFT
#define PLAT_L2_RESET_REQ 0xB007C0DE
-/* System Counter */ /* TODO: Update back to 400MHz */
-#define PLAT_SYS_COUNTER_FREQ_IN_TICKS (80000000)
-#define PLAT_SYS_COUNTER_FREQ_IN_MHZ (80)
+/* System Counter */
+/* TODO: Update back to 400MHz.
+ * This shall be updated to read from L4 clock instead of hardcoded.
+ */
+#define PLAT_SYS_COUNTER_FREQ_IN_TICKS (400000000)
+#define PLAT_SYS_COUNTER_FREQ_IN_MHZ (400)
/* FPGA config helpers */
#define INTEL_SIP_SMC_FPGA_CONFIG_ADDR 0x400000
@@ -83,7 +86,7 @@
#define GIC_SIZE (0x00100000)
#define BL2_BASE (0x00000000)
-#define BL2_LIMIT (0x0001b000)
+#define BL2_LIMIT (0x0002b000)
#define BL31_BASE (0x80000000)
#define BL31_LIMIT (0x82000000)
@@ -95,6 +98,11 @@
#define PLAT_UART1_BASE (0x10C02100)
/*******************************************************************************
+ * WDT related constants
+ ******************************************************************************/
+#define WDT_BASE (0x10D00200)
+
+/*******************************************************************************
* GIC related constants
******************************************************************************/
#define PLAT_GIC_BASE (0x1D000000)
diff --git a/plat/intel/soc/common/drivers/ccu/ncore_ccu.c b/plat/intel/soc/common/drivers/ccu/ncore_ccu.c
index 684a625..2094c65 100644
--- a/plat/intel/soc/common/drivers/ccu/ncore_ccu.c
+++ b/plat/intel/soc/common/drivers/ccu/ncore_ccu.c
@@ -134,7 +134,7 @@
/* Enabled Stream ctrl register for Agilex5 */
mmio_write_32(SOCFPGA_SYSMGR(DMA_TBU_STREAM_CTRL_REG_0_DMA0), ENABLE_STREAMID);
mmio_write_32(SOCFPGA_SYSMGR(DMA_TBU_STREAM_CTRL_REG_0_DMA1), ENABLE_STREAMID);
- mmio_write_32(SOCFPGA_SYSMGR(SDM_TBU_STREAM_CTRL_REG_1_SDM), ENABLE_STREAMID_SECURE_TX);
+ mmio_write_32(SOCFPGA_SYSMGR(SDM_TBU_STREAM_CTRL_REG_1_SDM), ENABLE_STREAMID);
mmio_write_32(SOCFPGA_SYSMGR(IO_TBU_STREAM_CTRL_REG_2_USB2), ENABLE_STREAMID);
mmio_write_32(SOCFPGA_SYSMGR(IO_TBU_STREAM_CTRL_REG_2_USB3), ENABLE_STREAMID);
mmio_write_32(SOCFPGA_SYSMGR(IO_TBU_STREAM_CTRL_REG_2_SDMMC), ENABLE_STREAMID);
diff --git a/plat/intel/soc/common/drivers/qspi/cadence_qspi.c b/plat/intel/soc/common/drivers/qspi/cadence_qspi.c
index da8a8bd..6d8825f 100644
--- a/plat/intel/soc/common/drivers/qspi/cadence_qspi.c
+++ b/plat/intel/soc/common/drivers/qspi/cadence_qspi.c
@@ -634,8 +634,9 @@
int cad_qspi_read_bank(uint8_t *buffer, uint32_t offset, uint32_t size)
{
int status;
- uint32_t read_count = 0, *read_data;
+ uint32_t read_count = 0;
int level = 1, count = 0, i;
+ uint8_t *read_data;
status = cad_qspi_indirect_read_start_bank(offset, size);
@@ -647,11 +648,11 @@
level = CAD_QSPI_SRAMFILL_INDRDPART(
mmio_read_32(CAD_QSPI_OFFSET +
CAD_QSPI_SRAMFILL));
- read_data = (uint32_t *)(buffer + read_count);
+ read_data = (uint8_t *)(buffer + read_count);
for (i = 0; i < level; ++i)
- *read_data++ = mmio_read_32(CAD_QSPIDATA_OFST);
+ *read_data++ = mmio_read_8(CAD_QSPIDATA_OFST);
- read_count += level * sizeof(uint32_t);
+ read_count += level * sizeof(uint8_t);
count++;
} while (level > 0);
}
diff --git a/plat/intel/soc/common/drivers/wdt/watchdog.h b/plat/intel/soc/common/drivers/wdt/watchdog.h
index 4ee4cff..940ebf3 100644
--- a/plat/intel/soc/common/drivers/wdt/watchdog.h
+++ b/plat/intel/soc/common/drivers/wdt/watchdog.h
@@ -7,11 +7,8 @@
#ifndef CAD_WATCHDOG_H
#define CAD_WATCHDOG_H
-#if PLATFORM_MODEL == PLAT_SOCFPGA_AGILEX5
-#define WDT_BASE (0x10D00200)
-#else
-#define WDT_BASE (0xFFD00200)
-#endif
+#include "socfpga_plat_def.h"
+
#define WDT_REG_SIZE_OFFSET (0x4)
#define WDT_MIN_CYCLES (65536)
#define WDT_PERIOD (20)
diff --git a/plat/intel/soc/common/soc/socfpga_reset_manager.c b/plat/intel/soc/common/soc/socfpga_reset_manager.c
index 7db86c7..bd63e02 100644
--- a/plat/intel/soc/common/soc/socfpga_reset_manager.c
+++ b/plat/intel/soc/common/soc/socfpga_reset_manager.c
@@ -407,6 +407,7 @@
int socfpga_bridges_enable(uint32_t mask)
{
int ret = 0;
+ int ret_hps = 0;
uint32_t brg_mask = 0;
uint32_t noc_mask = 0;
uint32_t f2s_idlereq = 0;
@@ -505,9 +506,9 @@
mmio_clrbits_32(SOCFPGA_RSTMGR(BRGMODRST), brg_mask);
/* Wait until idle ack becomes 0 */
- ret = poll_idle_status(SOCFPGA_SYSMGR(NOC_IDLEACK),
+ ret_hps = poll_idle_status(SOCFPGA_SYSMGR(NOC_IDLEACK),
noc_mask, 0, 300);
- if (ret < 0) {
+ if (ret_hps < 0) {
ERROR("S2F bridge enable: Timeout idle ack\n");
}
}
@@ -711,6 +712,7 @@
udelay(5);
}
#endif
+ ret = ret | ret_hps;
return ret;
}
diff --git a/plat/intel/soc/common/socfpga_psci.c b/plat/intel/soc/common/socfpga_psci.c
index 5ffd512..c93e13f 100644
--- a/plat/intel/soc/common/socfpga_psci.c
+++ b/plat/intel/soc/common/socfpga_psci.c
@@ -62,7 +62,7 @@
#if PLATFORM_MODEL != PLAT_SOCFPGA_AGILEX5
if (cpu_id == 0x00) {
psci_boot = mmio_read_32(SOCFPGA_SYSMGR(BOOT_SCRATCH_COLD_8));
- psci_boot |= 0x20000; /* bit 17 */
+ psci_boot |= 0x80000; /* bit 19 */
mmio_write_32(SOCFPGA_SYSMGR(BOOT_SCRATCH_COLD_8), psci_boot);
}
diff --git a/plat/intel/soc/n5x/include/socfpga_plat_def.h b/plat/intel/soc/n5x/include/socfpga_plat_def.h
index a06bbc4..ae0229f 100644
--- a/plat/intel/soc/n5x/include/socfpga_plat_def.h
+++ b/plat/intel/soc/n5x/include/socfpga_plat_def.h
@@ -78,6 +78,11 @@
#define PLAT_UART1_BASE (0xFFC02100)
/*******************************************************************************
+ * WDT related constants
+ ******************************************************************************/
+#define WDT_BASE (0xFFD00200)
+
+/*******************************************************************************
* GIC related constants
******************************************************************************/
#define PLAT_GIC_BASE (0xFFFC0000)
diff --git a/plat/intel/soc/stratix10/include/socfpga_plat_def.h b/plat/intel/soc/stratix10/include/socfpga_plat_def.h
index 7c9f15a..112604f 100644
--- a/plat/intel/soc/stratix10/include/socfpga_plat_def.h
+++ b/plat/intel/soc/stratix10/include/socfpga_plat_def.h
@@ -64,7 +64,7 @@
#define DEVICE4_SIZE (0x0100000000)
#define BL2_BASE (0xffe00000)
-#define BL2_LIMIT (0xffe1b000)
+#define BL2_LIMIT (0xffe2b000)
#define BL31_BASE (0x1000)
#define BL31_LIMIT (0x81000)
@@ -76,6 +76,11 @@
#define PLAT_UART1_BASE (0xFFC02100)
/*******************************************************************************
+ * WDT related constants
+ ******************************************************************************/
+#define WDT_BASE (0xFFD00200)
+
+/*******************************************************************************
* GIC related constants
******************************************************************************/
#define PLAT_GIC_BASE (0xFFFC0000)
diff --git a/plat/mediatek/build_helpers/mtk_build_helpers.mk b/plat/mediatek/build_helpers/mtk_build_helpers.mk
index 83a4dd2..ac2cbad 100644
--- a/plat/mediatek/build_helpers/mtk_build_helpers.mk
+++ b/plat/mediatek/build_helpers/mtk_build_helpers.mk
@@ -103,12 +103,8 @@
MTK_OPTIONS := $(MTK_PLAT)/build_helpers/options.mk
MTK_COND_EVAL := $(MTK_PLAT)/build_helpers/conditional_eval_options.mk
-# Indicate which BL should be built in command line
-ifeq (${NEED_BL32},yes)
-MTK_BL := bl32
-else
MTK_BL := bl31
-endif
+
# Include common, platform, board level config
include $(MTK_COMMON_CFG)
include $(MTK_PLAT_CFG)
diff --git a/plat/mediatek/drivers/emi_mpu/mt8188/emi_mpu.c b/plat/mediatek/drivers/emi_mpu/mt8188/emi_mpu.c
index ae1b7ef..e8882f0 100644
--- a/plat/mediatek/drivers/emi_mpu/mt8188/emi_mpu.c
+++ b/plat/mediatek/drivers/emi_mpu/mt8188/emi_mpu.c
@@ -12,8 +12,51 @@
void set_emi_mpu_regions(void)
{
- /* TODO: set emi mpu region */
- INFO("%s, emi mpu is not setting currently\n", __func__);
+ struct emi_region_info_t region_info;
+
+ /* SCP core0 DRAM */
+ region_info.start = 0x50000000ULL;
+ region_info.end = 0x528FFFFFULL;
+ region_info.region = 2;
+ SET_ACCESS_PERMISSION(region_info.apc, 1,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, FORBIDDEN,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, NO_PROTECTION,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, FORBIDDEN,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, NO_PROTECTION);
+ emi_mpu_set_protection(®ion_info);
+
+ /* SCP core1 DRAM */
+ region_info.start = 0x70000000ULL;
+ region_info.end = 0x729FFFFFULL;
+ region_info.region = 3;
+ SET_ACCESS_PERMISSION(region_info.apc, 1,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, FORBIDDEN,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, NO_PROTECTION,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, FORBIDDEN,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, NO_PROTECTION);
+ emi_mpu_set_protection(®ion_info);
+
+ /* DSP protect address */
+ region_info.start = 0x60000000ULL;
+ region_info.end = 0x610FFFFFULL;
+ region_info.region = 4;
+ SET_ACCESS_PERMISSION(region_info.apc, 1,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, FORBIDDEN,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, FORBIDDEN,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, NO_PROTECTION,
+ FORBIDDEN, FORBIDDEN, FORBIDDEN, NO_PROTECTION);
+ emi_mpu_set_protection(®ion_info);
+
+ /* All default settings */
+ region_info.start = 0x40000000ULL;
+ region_info.end = 0x1FFFF0000ULL;
+ region_info.region = 31;
+ SET_ACCESS_PERMISSION(region_info.apc, 1,
+ FORBIDDEN, FORBIDDEN, NO_PROTECTION, NO_PROTECTION,
+ NO_PROTECTION, FORBIDDEN, NO_PROTECTION, NO_PROTECTION,
+ NO_PROTECTION, SEC_R_NSEC_RW, NO_PROTECTION, FORBIDDEN,
+ NO_PROTECTION, NO_PROTECTION, NO_PROTECTION, NO_PROTECTION);
+ emi_mpu_set_protection(®ion_info);
}
int set_apu_emi_mpu_region(void)
diff --git a/plat/mediatek/mt8195/include/platform_def.h b/plat/mediatek/mt8195/include/platform_def.h
index 2a2f559..8696f2a 100644
--- a/plat/mediatek/mt8195/include/platform_def.h
+++ b/plat/mediatek/mt8195/include/platform_def.h
@@ -133,7 +133,7 @@
* Platform memory map related constants
******************************************************************************/
#define TZRAM_BASE 0x54600000
-#define TZRAM_SIZE 0x00030000
+#define TZRAM_SIZE 0x00040000
/*******************************************************************************
* BL31 specific defines.
diff --git a/plat/nuvoton/npcm845x/platform.mk b/plat/nuvoton/npcm845x/platform.mk
index 5120cc6..92c7e2f 100644
--- a/plat/nuvoton/npcm845x/platform.mk
+++ b/plat/nuvoton/npcm845x/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
#
# Copyright (c) 2017-2023 Nuvoton Ltd.
#
@@ -140,25 +140,11 @@
endif
endif
-# Disable ARM Cryptocell by default
-ARM_CRYPTOCELL_INTEG := 0
-$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG))
-$(eval $(call add_define,ARM_CRYPTOCELL_INTEG))
-
# Enable PIE support for RESET_TO_BL31 case
ifeq (${RESET_TO_BL31},1)
ENABLE_PIE := 1
endif
-# CryptoCell integration relies on coherent buffers for passing data from
-# the AP CPU to the CryptoCell
-
-ifeq (${ARM_CRYPTOCELL_INTEG},1)
-ifeq (${USE_COHERENT_MEM},0)
-$(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.")
-endif
-endif
-
PLAT_INCLUDES := -Iinclude/plat/nuvoton/npcm845x \
-Iinclude/plat/nuvoton/common \
-Iinclude/drivers/nuvoton/npcm845x \
@@ -273,9 +259,11 @@
ifeq (${ARCH}, aarch64)
BL31_SOURCES += plat/arm/common/aarch64/execution_state_switch.c \
plat/arm/common/arm_sip_svc.c \
+ plat/arm/common/plat_arm_sip_svc.c \
lib/pmf/pmf_smc.c
else
BL32_SOURCES += plat/arm/common/arm_sip_svc.c \
+ plat/arm/common/plat_arm_sip_svc.c \
lib/pmf/pmf_smc.c
endif
endif
@@ -337,11 +325,7 @@
$(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_))
# We expect to locate the *.mk files under the directories specified below
-ifeq (${ARM_CRYPTOCELL_INTEG},0)
CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
-else
-CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
-endif
IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
diff --git a/plat/nvidia/tegra/include/tegra_private.h b/plat/nvidia/tegra/include/tegra_private.h
index f93585d..ad80596 100644
--- a/plat/nvidia/tegra/include/tegra_private.h
+++ b/plat/nvidia/tegra/include/tegra_private.h
@@ -154,7 +154,7 @@
void *handle,
uint64_t flags);
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
void tegra194_ras_enable(void);
void tegra194_ras_corrected_err_clear(uint64_t *cookie);
#endif
diff --git a/plat/nvidia/tegra/soc/t186/plat_setup.c b/plat/nvidia/tegra/soc/t186/plat_setup.c
index d6d090a..b21faa3 100644
--- a/plat/nvidia/tegra/soc/t186/plat_setup.c
+++ b/plat/nvidia/tegra/soc/t186/plat_setup.c
@@ -302,14 +302,14 @@
*/
if ((cluster_id >= (u_register_t)PLATFORM_CLUSTER_COUNT) ||
(cpu_id >= (u_register_t)PLATFORM_MAX_CPUS_PER_CLUSTER)) {
- ret = PSCI_E_NOT_PRESENT;
+ ret = -1;
} else {
/* calculate the core position */
pos = cpu_id + (cluster_id << 2U);
/* check for non-existent CPUs */
if ((pos == TEGRA186_CLUSTER0_CORE2) || (pos == TEGRA186_CLUSTER0_CORE3)) {
- ret = PSCI_E_NOT_PRESENT;
+ ret = -1;
} else {
ret = (int32_t)pos;
}
diff --git a/plat/nvidia/tegra/soc/t194/plat_ras.c b/plat/nvidia/tegra/soc/t194/plat_ras.c
index 2f438c3..841d70b 100644
--- a/plat/nvidia/tegra/soc/t194/plat_ras.c
+++ b/plat/nvidia/tegra/soc/t194/plat_ras.c
@@ -484,7 +484,7 @@
void plat_ea_handler(unsigned int ea_reason, uint64_t syndrome, void *cookie,
void *handle, uint64_t flags)
{
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
tegra194_ea_handler(ea_reason, syndrome, cookie, handle, flags);
#else
plat_default_ea_handler(ea_reason, syndrome, cookie, handle, flags);
diff --git a/plat/nvidia/tegra/soc/t194/plat_setup.c b/plat/nvidia/tegra/soc/t194/plat_setup.c
index d3d09d3..6850330 100644
--- a/plat/nvidia/tegra/soc/t194/plat_setup.c
+++ b/plat/nvidia/tegra/soc/t194/plat_setup.c
@@ -254,7 +254,7 @@
/* sanity check MCE firmware compatibility */
mce_verify_firmware_version();
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
/* Enable Uncorrectable RAS error */
tegra194_ras_enable();
#endif
diff --git a/plat/nvidia/tegra/soc/t194/plat_sip_calls.c b/plat/nvidia/tegra/soc/t194/plat_sip_calls.c
index f0704ed..6e42e64 100644
--- a/plat/nvidia/tegra/soc/t194/plat_sip_calls.c
+++ b/plat/nvidia/tegra/soc/t194/plat_sip_calls.c
@@ -71,7 +71,7 @@
break;
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
case TEGRA_SIP_CLEAR_RAS_CORRECTED_ERRORS:
{
/*
diff --git a/plat/nvidia/tegra/soc/t194/platform_t194.mk b/plat/nvidia/tegra/soc/t194/platform_t194.mk
index a183d0e..e6e0b5e 100644
--- a/plat/nvidia/tegra/soc/t194/platform_t194.mk
+++ b/plat/nvidia/tegra/soc/t194/platform_t194.mk
@@ -1,11 +1,14 @@
#
-# Copyright (c) 2019-2021, NVIDIA CORPORATION. All rights reserved.
+# Copyright (c) 2019-2023, NVIDIA CORPORATION. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
include common/fdt_wrappers.mk
+ARM_ARCH_MAJOR := 8
+ARM_ARCH_MINOR := 2
+
# platform configs
ENABLE_CONSOLE_SPE := 1
$(eval $(call add_define,ENABLE_CONSOLE_SPE))
@@ -35,7 +38,6 @@
# enable RAS handling
HANDLE_EA_EL3_FIRST_NS := 1
ENABLE_FEAT_RAS := 1
-RAS_FFH_SUPPORT := 1
# platform files
PLAT_INCLUDES += -Iplat/nvidia/tegra/include/t194 \
@@ -69,7 +71,7 @@
endif
# RAS sources
-ifeq (${RAS_FFH_SUPPORT},1)
+ifeq (${ENABLE_FEAT_RAS}-${HANDLE_EA_EL3_FIRST_NS},1-1)
BL31_SOURCES += lib/extensions/ras/std_err_record.c \
lib/extensions/ras/ras_common.c \
${SOC_DIR}/plat_ras.c
diff --git a/plat/qemu/common/common.mk b/plat/qemu/common/common.mk
index b23f7fd..2dcac69 100644
--- a/plat/qemu/common/common.mk
+++ b/plat/qemu/common/common.mk
@@ -29,18 +29,6 @@
lib/cpus/aarch64/qemu_max.S
PLAT_INCLUDES += -Iinclude/plat/arm/common/${ARCH}
-
-# Cpu core architecture level:
-# v8.0: a53, a57, a72
-# v8.2: a76, n1
-# v8.4: v1
-# v9.0: a710, n2
-#
-# let treat v9.0 as v8.5 as they share cpu features
-# https://developer.arm.com/documentation/102378/0201/Armv8-x-and-Armv9-x-extensions-and-features
-
-ARM_ARCH_MAJOR := 8
-ARM_ARCH_MINOR := 5
endif
PLAT_BL_COMMON_SOURCES := ${PLAT_QEMU_COMMON_PATH}/qemu_common.c \
@@ -91,7 +79,44 @@
# CPU flag enablement
ifeq (${ARCH},aarch64)
+# Cpu core architecture level:
+# v8.0: a53, a57, a72
+# v8.2: a55, a76, n1
+# v8.4: v1
+# v9.0: a710, n2
+#
+#
+# We go v8.0 by default and will enable all features we want
+
+ARM_ARCH_MAJOR := 8
+ARM_ARCH_MINOR := 0
+
+# 8.0
+ENABLE_FEAT_CSV2_2 := 2
+
+# 8.1
+ENABLE_FEAT_PAN := 2
+ENABLE_FEAT_VHE := 2
+
+# 8.2
+# TF-A currently does not permit dynamic detection of FEAT_RAS
+# so this is the only safe setting
+ENABLE_FEAT_RAS := 0
+
-# Later QEMU versions support SME and SVE.
+# 8.4
+ENABLE_FEAT_SEL2 := 2
+ENABLE_FEAT_DIT := 2
+
+# 8.5
+ENABLE_FEAT_RNG := 2
+ENABLE_FEAT_SB := 2
+
+# 8.6
+ENABLE_FEAT_FGT := 2
+
+# 8.7
+ENABLE_FEAT_HCX := 2
+
# SPM_MM is not compatible with ENABLE_SVE_FOR_NS (build breaks)
ifeq (${SPM_MM},1)
ENABLE_SVE_FOR_NS := 0
@@ -101,12 +126,6 @@
ENABLE_SME_FOR_NS := 2
endif
-# QEMU will use the RNDR instruction for the stack protector canary.
-ENABLE_FEAT_RNG := 2
-
-# QEMU 7.2+ has support for FGT and Linux needs it enabled to boot on max
-ENABLE_FEAT_FGT := 2
-
# Treating this as a memory-constrained port for now
USE_COHERENT_MEM := 0
diff --git a/plat/qemu/common/qemu_private.h b/plat/qemu/common/qemu_private.h
index c8912b2..25b14e2 100644
--- a/plat/qemu/common/qemu_private.h
+++ b/plat/qemu/common/qemu_private.h
@@ -9,7 +9,7 @@
#include <stdint.h>
-#include <lib/xlat_tables/xlat_tables_compat.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
void plat_qemu_io_setup(void);
int qemu_io_register_sp_pkg(const char *name, const char *uuid,
diff --git a/plat/qemu/common/qemu_spm.c b/plat/qemu/common/qemu_spm.c
index c66f47e..abedbe4 100644
--- a/plat/qemu/common/qemu_spm.c
+++ b/plat/qemu/common/qemu_spm.c
@@ -9,7 +9,7 @@
#include <common/debug.h>
#include <common/fdt_fixup.h>
#include <common/fdt_wrappers.h>
-#include <lib/xlat_tables/xlat_tables_compat.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
#include <services/spm_mm_partition.h>
#include <platform_def.h>
diff --git a/plat/qemu/common/sp_min/sp_min_setup.c b/plat/qemu/common/sp_min/sp_min_setup.c
index 7ec657b..d0c38e0 100644
--- a/plat/qemu/common/sp_min/sp_min_setup.c
+++ b/plat/qemu/common/sp_min/sp_min_setup.c
@@ -16,7 +16,7 @@
#include <drivers/arm/gicv2.h>
#include <drivers/console.h>
#include <lib/mmio.h>
-#include <lib/xlat_tables/xlat_tables.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
#include <plat/common/platform.h>
#include "../qemu_private.h"
diff --git a/plat/qemu/qemu_sbsa/platform.mk b/plat/qemu/qemu_sbsa/platform.mk
index 1b147ce..528e093 100644
--- a/plat/qemu/qemu_sbsa/platform.mk
+++ b/plat/qemu/qemu_sbsa/platform.mk
@@ -18,7 +18,6 @@
ifeq (${SPM_MM},1)
NEED_BL32 := yes
EL3_EXCEPTION_HANDLING := 1
-GICV2_G0_FOR_EL3 := 1
endif
include plat/qemu/common/common.mk
diff --git a/plat/renesas/common/include/registers/cpg_registers.h b/plat/renesas/common/include/registers/cpg_registers.h
index 5d2bb9e..277f11b 100644
--- a/plat/renesas/common/include/registers/cpg_registers.h
+++ b/plat/renesas/common/include/registers/cpg_registers.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -16,7 +16,7 @@
#define CPG_SRCR2 (CPG_BASE + 0x00B0U)
/* CPG module stop status 2 */
#define CPG_MSTPSR2 (CPG_BASE + 0x0040U)
-/* CPG module stop status 2 */
+/* CPG module stop status 3 */
#define CPG_MSTPSR3 (CPG_BASE + 0x0048U)
/* CPG write protect */
#define CPG_CPGWPR (CPG_BASE + 0x0900U)
diff --git a/plat/st/common/common_rules.mk b/plat/st/common/common_rules.mk
index fa48dfc..f39caab 100644
--- a/plat/st/common/common_rules.mk
+++ b/plat/st/common/common_rules.mk
@@ -57,7 +57,11 @@
tf-a-%.elf: $(PLAT)-%.o ${STM32_TF_LINKERFILE}
@echo " LDS $<"
+ifneq ($(findstring gcc,$(notdir $(LD))),)
+ ${Q}${LD} -o $@ $(subst --,-Wl$(comma)--,${STM32_TF_ELF_LDFLAGS}) -nostartfiles -Wl,-Map=$(@:.elf=.map) -Wl,-dT ${STM32_TF_LINKERFILE} $<
+else
${Q}${LD} -o $@ ${STM32_TF_ELF_LDFLAGS} -Map=$(@:.elf=.map) --script ${STM32_TF_LINKERFILE} $<
+endif
tf-a-%.bin: tf-a-%.elf
${Q}${OC} -O binary $< $@
@@ -68,7 +72,7 @@
tf-a-%.stm32: tf-a-%.bin ${STM32_DEPS}
@echo
@echo "Generate $@"
- $(eval LOADADDR = $(shell cat $(@:.stm32=.map) | grep RAM | awk '{print $$2}'))
+ $(eval LOADADDR = $(shell cat $(@:.stm32=.map) | grep '^RAM' | awk '{print $$2}'))
$(eval ENTRY = $(shell cat $(@:.stm32=.map) | grep "__BL2_IMAGE_START" | awk '{print $$1}'))
${Q}${STM32IMAGE} -s $< -d $@ \
-l $(LOADADDR) -e ${ENTRY} \
diff --git a/plat/st/stm32mp1/platform.mk b/plat/st/stm32mp1/platform.mk
index 194672e..ddc5289 100644
--- a/plat/st/stm32mp1/platform.mk
+++ b/plat/st/stm32mp1/platform.mk
@@ -62,7 +62,7 @@
STM32_HEADER_VERSION_MINOR:= 0
# Add OP-TEE reserved shared memory area in mapping
-STM32MP15_OPTEE_RSV_SHM := 1
+STM32MP15_OPTEE_RSV_SHM := 0
$(eval $(call add_defines,STM32MP15_OPTEE_RSV_SHM))
STM32MP_CRYPTO_ROM_LIB := 1
diff --git a/plat/st/stm32mp1/stm32mp1_def.h b/plat/st/stm32mp1/stm32mp1_def.h
index 0fa6c73..6530957 100644
--- a/plat/st/stm32mp1/stm32mp1_def.h
+++ b/plat/st/stm32mp1/stm32mp1_def.h
@@ -427,7 +427,7 @@
/* OTP labels */
#define CFG0_OTP "cfg0_otp"
-#define PART_NUMBER_OTP "part_number_otp"
+#define PART_NUMBER_OTP "part-number-otp"
#if STM32MP15
#define PACKAGE_OTP "package_otp"
#endif
diff --git a/plat/ti/k3/board/generic/include/board_def.h b/plat/ti/k3/board/generic/include/board_def.h
index edfa73f..ade6d7a 100644
--- a/plat/ti/k3/board/generic/include/board_def.h
+++ b/plat/ti/k3/board/generic/include/board_def.h
@@ -12,8 +12,8 @@
/* The ports must be in order and contiguous */
#define K3_CLUSTER0_CORE_COUNT U(2)
#define K3_CLUSTER1_CORE_COUNT U(2)
-#define K3_CLUSTER2_CORE_COUNT U(2)
-#define K3_CLUSTER3_CORE_COUNT U(2)
+#define K3_CLUSTER2_CORE_COUNT U(0)
+#define K3_CLUSTER3_CORE_COUNT U(0)
#define PLAT_PROC_START_ID U(32)
#define PLAT_PROC_DEVICE_START_ID U(202)
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
index 495f0c7..d04d805 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
@@ -155,14 +155,14 @@
ret = k3_sec_proxy_clear_rx_thread(SP_RESPONSE);
if (ret) {
ERROR("Could not clear response queue (%d)\n", ret);
- return ret;
+ goto unlock;
}
/* Send the message */
ret = k3_sec_proxy_send(SP_HIGH_PRIORITY, tx_msg);
if (ret) {
ERROR("Message sending failed (%d)\n", ret);
- return ret;
+ goto unlock;
}
/* Get the response if requested */
@@ -170,13 +170,14 @@
ret = ti_sci_get_response(rx_msg, SP_RESPONSE);
if (ret != 0U) {
ERROR("Failed to get response (%d)\n", ret);
- return ret;
+ goto unlock;
}
}
+unlock:
bakery_lock_release(&ti_sci_xfer_lock);
- return 0;
+ return ret;
}
/**
@@ -211,6 +212,42 @@
}
/**
+ * ti_sci_query_fw_caps() - Get the FW/SoC capabilities
+ * @handle: Pointer to TI SCI handle
+ * @fw_caps: Each bit in fw_caps indicating one FW/SOC capability
+ *
+ * Return: 0 if all went well, else returns appropriate error value.
+ */
+int ti_sci_query_fw_caps(uint64_t *fw_caps)
+{
+ struct ti_sci_msg_hdr req;
+ struct ti_sci_msg_resp_query_fw_caps resp;
+
+ struct ti_sci_xfer xfer;
+ int ret;
+
+ ret = ti_sci_setup_one_xfer(TI_SCI_MSG_QUERY_FW_CAPS, 0,
+ &req, sizeof(req),
+ &resp, sizeof(resp),
+ &xfer);
+ if (ret != 0U) {
+ ERROR("Message alloc failed (%d)\n", ret);
+ return ret;
+ }
+
+ ret = ti_sci_do_xfer(&xfer);
+ if (ret != 0U) {
+ ERROR("Transfer send failed (%d)\n", ret);
+ return ret;
+ }
+
+ if (fw_caps)
+ *fw_caps = resp.fw_caps;
+
+ return 0;
+}
+
+/**
* ti_sci_device_set_state() - Set device state
*
* @id: Device identifier
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci.h b/plat/ti/k3/common/drivers/ti_sci/ti_sci.h
index 06944a7..c702a71 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci.h
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci.h
@@ -141,10 +141,13 @@
* Core control operations
*
* - ti_sci_core_reboot() - Command to request system reset
+ * - ti_sci_query_fw_caps() - Get the FW/SoC capabilities
+ * @fw_caps: Each bit in fw_caps indicating one FW/SOC capability
*
* Return: 0 if all went well, else returns appropriate error value.
*/
int ti_sci_core_reboot(void);
+int ti_sci_query_fw_caps(uint64_t *fw_caps);
/**
* Processor control operations
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci_protocol.h b/plat/ti/k3/common/drivers/ti_sci/ti_sci_protocol.h
index 36909f5..7f1c368 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci_protocol.h
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci_protocol.h
@@ -22,6 +22,7 @@
#define TI_SCI_MSG_WAKE_REASON 0x0003
#define TI_SCI_MSG_GOODBYE 0x0004
#define TI_SCI_MSG_SYS_RESET 0x0005
+#define TI_SCI_MSG_QUERY_FW_CAPS 0x0022
/* Device requests */
#define TI_SCI_MSG_SET_DEVICE_STATE 0x0200
@@ -124,6 +125,30 @@
} __packed;
/**
+ * struct ti_sci_msg_resp_query_fw_caps - Response for query firmware caps
+ * @hdr: Generic header
+ * @fw_caps: Each bit in fw_caps indicating one FW/SOC capability
+ * MSG_FLAG_CAPS_GENERIC: Generic capability (LPM not supported)
+ * MSG_FLAG_CAPS_LPM_DEEP_SLEEP: Deep Sleep LPM
+ * MSG_FLAG_CAPS_LPM_MCU_ONLY: MCU only LPM
+ * MSG_FLAG_CAPS_LPM_STANDBY: Standby LPM
+ * MSG_FLAG_CAPS_LPM_PARTIAL_IO: Partial IO in LPM
+ *
+ * Response to a generic message with message type TI_SCI_MSG_QUERY_FW_CAPS
+ * providing currently available SOC/firmware capabilities. SoC that don't
+ * support low power modes return only MSG_FLAG_CAPS_GENERIC capability.
+ */
+struct ti_sci_msg_resp_query_fw_caps {
+ struct ti_sci_msg_hdr hdr;
+#define MSG_FLAG_CAPS_GENERIC TI_SCI_MSG_FLAG(0)
+#define MSG_FLAG_CAPS_LPM_DEEP_SLEEP TI_SCI_MSG_FLAG(1)
+#define MSG_FLAG_CAPS_LPM_MCU_ONLY TI_SCI_MSG_FLAG(2)
+#define MSG_FLAG_CAPS_LPM_STANDBY TI_SCI_MSG_FLAG(3)
+#define MSG_FLAG_CAPS_LPM_PARTIAL_IO TI_SCI_MSG_FLAG(4)
+ uint64_t fw_caps;
+} __packed;
+
+/**
* struct ti_sci_msg_req_set_device_state - Set the desired state of the device
* @hdr: Generic header
* @id: Indicates which device to modify
diff --git a/plat/ti/k3/common/k3_bl31_setup.c b/plat/ti/k3/common/k3_bl31_setup.c
index bbfb5bb..c5f60fe 100644
--- a/plat/ti/k3/common/k3_bl31_setup.c
+++ b/plat/ti/k3/common/k3_bl31_setup.c
@@ -20,14 +20,20 @@
#include <k3_gicv3.h>
#include <ti_sci.h>
+#define ADDR_DOWN(_adr) (_adr & XLAT_ADDR_MASK(2U))
+#define SIZE_UP(_adr, _sz) (round_up((_adr + _sz), XLAT_BLOCK_SIZE(2U)) - ADDR_DOWN(_adr))
+
+#define K3_MAP_REGION_FLAT(_adr, _sz, _attr) \
+ MAP_REGION_FLAT(ADDR_DOWN(_adr), SIZE_UP(_adr, _sz), _attr)
+
/* Table of regions to map using the MMU */
const mmap_region_t plat_k3_mmap[] = {
- MAP_REGION_FLAT(K3_USART_BASE, K3_USART_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
- MAP_REGION_FLAT(K3_GIC_BASE, K3_GIC_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
- MAP_REGION_FLAT(K3_GTC_BASE, K3_GTC_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
- MAP_REGION_FLAT(SEC_PROXY_RT_BASE, SEC_PROXY_RT_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
- MAP_REGION_FLAT(SEC_PROXY_SCFG_BASE, SEC_PROXY_SCFG_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
- MAP_REGION_FLAT(SEC_PROXY_DATA_BASE, SEC_PROXY_DATA_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
+ K3_MAP_REGION_FLAT(K3_USART_BASE, K3_USART_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
+ K3_MAP_REGION_FLAT(K3_GIC_BASE, K3_GIC_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
+ K3_MAP_REGION_FLAT(K3_GTC_BASE, K3_GTC_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
+ K3_MAP_REGION_FLAT(SEC_PROXY_RT_BASE, SEC_PROXY_RT_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
+ K3_MAP_REGION_FLAT(SEC_PROXY_SCFG_BASE, SEC_PROXY_SCFG_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
+ K3_MAP_REGION_FLAT(SEC_PROXY_DATA_BASE, SEC_PROXY_DATA_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
{ /* sentinel */ }
};
diff --git a/plat/ti/k3/common/k3_gicv3.c b/plat/ti/k3/common/k3_gicv3.c
index 0199822..eda9430 100644
--- a/plat/ti/k3/common/k3_gicv3.c
+++ b/plat/ti/k3/common/k3_gicv3.c
@@ -19,10 +19,8 @@
/* The GICv3 driver only needs to be initialized in EL3 */
uintptr_t rdistif_base_addrs[PLATFORM_CORE_COUNT];
-#if K3_PM_SYSTEM_SUSPEND
static gicv3_redist_ctx_t rdist_ctx[PLATFORM_CORE_COUNT];
static gicv3_dist_ctx_t dist_ctx;
-#endif
static const interrupt_prop_t k3_interrupt_props[] = {
PLAT_ARM_G1S_IRQ_PROPS(INTR_GROUP1S),
@@ -94,7 +92,6 @@
gicv3_rdistif_init(plat_my_core_pos());
}
-#if K3_PM_SYSTEM_SUSPEND
void k3_gic_save_context(void)
{
for (unsigned int i = 0U; i < PLATFORM_CORE_COUNT; i++) {
@@ -110,4 +107,3 @@
gicv3_rdistif_init_restore(i, &rdist_ctx[i]);
}
}
-#endif
diff --git a/plat/ti/k3/common/k3_psci.c b/plat/ti/k3/common/k3_psci.c
index d846495..e8d73db 100644
--- a/plat/ti/k3/common/k3_psci.c
+++ b/plat/ti/k3/common/k3_psci.c
@@ -234,7 +234,6 @@
return PSCI_E_SUCCESS;
}
-#if K3_PM_SYSTEM_SUSPEND
static void k3_pwr_domain_suspend(const psci_power_state_t *target_state)
{
unsigned int core, proc_id;
@@ -266,18 +265,15 @@
req_state->pwr_domain_state[i] = PLAT_MAX_OFF_STATE;
}
}
-#endif
-static const plat_psci_ops_t k3_plat_psci_ops = {
+static plat_psci_ops_t k3_plat_psci_ops = {
.cpu_standby = k3_cpu_standby,
.pwr_domain_on = k3_pwr_domain_on,
.pwr_domain_off = k3_pwr_domain_off,
.pwr_domain_on_finish = k3_pwr_domain_on_finish,
-#if K3_PM_SYSTEM_SUSPEND
.pwr_domain_suspend = k3_pwr_domain_suspend,
.pwr_domain_suspend_finish = k3_pwr_domain_suspend_finish,
.get_sys_suspend_power_state = k3_get_sys_suspend_power_state,
-#endif
.system_off = k3_system_off,
.system_reset = k3_system_reset,
.validate_power_state = k3_validate_power_state,
@@ -286,8 +282,27 @@
int plat_setup_psci_ops(uintptr_t sec_entrypoint,
const plat_psci_ops_t **psci_ops)
{
+ uint64_t fw_caps = 0;
+ int ret;
+
k3_sec_entrypoint = sec_entrypoint;
+ ret = ti_sci_query_fw_caps(&fw_caps);
+ if (ret) {
+ ERROR("Unable to query firmware capabilities (%d)\n", ret);
+ }
+
+ /* If firmware does not support any known suspend mode */
+ if (!(fw_caps & (MSG_FLAG_CAPS_LPM_DEEP_SLEEP |
+ MSG_FLAG_CAPS_LPM_MCU_ONLY |
+ MSG_FLAG_CAPS_LPM_STANDBY |
+ MSG_FLAG_CAPS_LPM_PARTIAL_IO))) {
+ /* Disable PSCI suspend support */
+ k3_plat_psci_ops.pwr_domain_suspend = NULL;
+ k3_plat_psci_ops.pwr_domain_suspend_finish = NULL;
+ k3_plat_psci_ops.get_sys_suspend_power_state = NULL;
+ }
+
*psci_ops = &k3_plat_psci_ops;
return 0;
diff --git a/plat/ti/k3/common/plat_common.mk b/plat/ti/k3/common/plat_common.mk
index fb633a8..23efa31 100644
--- a/plat/ti/k3/common/plat_common.mk
+++ b/plat/ti/k3/common/plat_common.mk
@@ -44,10 +44,6 @@
K3_USART_BAUD := 115200
$(eval $(call add_define,K3_USART_BAUD))
-# Enable system suspend modes
-K3_PM_SYSTEM_SUSPEND := 0
-$(eval $(call add_define,K3_PM_SYSTEM_SUSPEND))
-
# Libraries
include lib/xlat_tables_v2/xlat_tables.mk
diff --git a/plat/ti/k3/include/platform_def.h b/plat/ti/k3/include/platform_def.h
index ae3775a..a2cc62d 100644
--- a/plat/ti/k3/include/platform_def.h
+++ b/plat/ti/k3/include/platform_def.h
@@ -70,11 +70,7 @@
* used, choose the smallest value needed to map the required virtual addresses
* for each BL stage.
*/
-#if USE_COHERENT_MEM
-#define MAX_XLAT_TABLES 10
-#else
-#define MAX_XLAT_TABLES 9
-#endif
+#define MAX_XLAT_TABLES 4
/*
* Defines the maximum number of regions that are allocated by the translation
@@ -86,7 +82,11 @@
* runtime memory used, choose the smallest value needed to register the
* required regions for each BL stage.
*/
+#if USE_COHERENT_MEM
#define MAX_MMAP_REGIONS 11
+#else
+#define MAX_MMAP_REGIONS 10
+#endif
/*
* Defines the total size of the address space in bytes. For example, for a 32
diff --git a/plat/xilinx/common/include/plat_console.h b/plat/xilinx/common/include/plat_console.h
new file mode 100644
index 0000000..0f8320e
--- /dev/null
+++ b/plat/xilinx/common/include/plat_console.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2023, Advanced Micro Devices, Inc. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PLAT_DT_UART_H
+#define PLAT_DT_UART_H
+
+#define DT_UART_DCC_COMPAT "arm,dcc"
+
+#if defined(PLAT_zynqmp)
+#define DT_UART_COMPAT "xlnx,zynqmp-uart"
+#else
+#define DT_UART_COMPAT "arm,pl011"
+#endif
+
+typedef struct dt_uart_info_s {
+ char compatible[30];
+ uintptr_t base;
+ uint32_t baud_rate;
+ int32_t status;
+} dt_uart_info_t;
+
+void setup_console(void);
+
+#endif /* PLAT_DT_UART_H */
diff --git a/plat/xilinx/common/include/plat_fdt.h b/plat/xilinx/common/include/plat_fdt.h
index a1ee1e1..47a678c 100644
--- a/plat/xilinx/common/include/plat_fdt.h
+++ b/plat/xilinx/common/include/plat_fdt.h
@@ -9,4 +9,8 @@
void prepare_dtb(void);
+#if defined(XILINX_OF_BOARD_DTB_ADDR)
+int32_t is_valid_dtb(void *fdt);
+#endif
+
#endif /* PLAT_FDT_H */
diff --git a/plat/xilinx/common/include/pm_defs.h b/plat/xilinx/common/include/pm_defs.h
index 72ba107..9cdb0ba 100644
--- a/plat/xilinx/common/include/pm_defs.h
+++ b/plat/xilinx/common/include/pm_defs.h
@@ -68,7 +68,6 @@
IOCTL_RPU_BOOT_ADDR_CONFIG = 2,
IOCTL_TCM_COMB_CONFIG = 3,
IOCTL_SET_TAPDELAY_BYPASS = 4,
- IOCTL_SET_SGMII_MODE = 5,
IOCTL_SD_DLL_RESET = 6,
IOCTL_SET_SD_TAPDELAY = 7,
/* Ioctl for clock driver */
diff --git a/plat/xilinx/common/plat_console.c b/plat/xilinx/common/plat_console.c
new file mode 100644
index 0000000..b84912a
--- /dev/null
+++ b/plat/xilinx/common/plat_console.c
@@ -0,0 +1,343 @@
+/*
+ * Copyright (c) 2023, Advanced Micro Devices, Inc. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <common/debug.h>
+#include <common/fdt_fixup.h>
+#include <common/fdt_wrappers.h>
+#include <drivers/arm/dcc.h>
+#include <drivers/arm/pl011.h>
+#include <drivers/cadence/cdns_uart.h>
+#include <drivers/console.h>
+#include <libfdt.h>
+#include <plat_console.h>
+#include <plat_fdt.h>
+
+#include <platform_def.h>
+#include <plat_private.h>
+
+static console_t console;
+
+#if (defined(XILINX_OF_BOARD_DTB_ADDR) && !IS_TFA_IN_OCM(BL31_BASE))
+/**
+ * get_baudrate() - Get the baudrate form DTB.
+ * @dtb: Address of the Device Tree Blob (DTB).
+ *
+ * Return: On success returns the baudrate; on failure returns an error.
+ */
+static int32_t get_baudrate(void *dtb)
+{
+ int node;
+ int32_t ret = 0;
+ const char *prop, *path;
+ char *end;
+ int32_t baud_rate = 0;
+
+ node = fdt_path_offset(dtb, "/secure-chosen");
+ if (node < 0) {
+ node = fdt_path_offset(dtb, "/chosen");
+ if (node < 0) {
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+ }
+
+ prop = fdt_getprop(dtb, node, "stdout-path", NULL);
+ if (prop == NULL) {
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+
+ /* Parse string serial0:115200n8 */
+ path = strchr(prop, ':');
+ if (!path) {
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ } else {
+
+ baud_rate = strtoul(path + 1, &end, 10);
+ if (baud_rate == 0 && end == path) {
+ ERROR("Conversion error occurred: %d\n", baud_rate);
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+ ret = baud_rate;
+ }
+
+error:
+ return ret;
+}
+
+/**
+ * get_node_status() - Get the DTB node status.
+ * @dtb: Address of the Device Tree Blob (DTB).
+ * @node: Node address in the device tree.
+ *
+ * Return: On success, it returns 1; on failure, it returns an 0.
+ */
+static uint32_t get_node_status(void *dtb, int node)
+{
+ const char *status_cell;
+ uint32_t status = 0;
+
+ status_cell = fdt_getprop(dtb, node, "status", NULL);
+ if (!status_cell || strcmp(status_cell, "okay") == 0) {
+ status = 1;
+ } else {
+ status = 0;
+ }
+
+ return status;
+}
+
+/**
+ * fdt_add_uart_info() - Add DTB information to a UART structure.
+ * @info: Pointer to the UART information structure.
+ * @node: Node address in the device tree.
+ * @dtb: Address of the Device Tree Blob(DTB).
+ *
+ * Return: On success, it returns 1; on failure, it returns an 0.
+ */
+static uint32_t fdt_add_uart_info(dt_uart_info_t *info, int node, void *dtb)
+{
+ uintptr_t base_addr;
+ const char *com;
+ int32_t ret = 0;
+
+ com = fdt_getprop(dtb, node, "compatible", NULL);
+ if (com != NULL) {
+ strlcpy(info->compatible, com, sizeof(info->compatible));
+ } else {
+ ERROR("Compatible property not found in DTB node\n");
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+
+ ret = fdt_get_reg_props_by_index(dtb, node, 0, &base_addr, NULL);
+ if (ret >= 0) {
+ info->base = base_addr;
+ } else {
+ ERROR("Failed to retrieve base address. Error code: %d\n", ret);
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+
+ info->status = get_node_status(dtb, node);
+ info->baud_rate = get_baudrate(dtb);
+
+error:
+ return ret;
+}
+
+/**
+ * fdt_get_uart_info() - Get the uart information form DTB.
+ * @info: Pointer to the UART information structure.
+ *
+ * Return: On success, it returns 0; on failure, it returns an error+reason.
+ */
+static int fdt_get_uart_info(dt_uart_info_t *info)
+{
+ int node = 0, ret = 0;
+ void *dtb = (void *)XILINX_OF_BOARD_DTB_ADDR;
+
+ ret = is_valid_dtb(dtb);
+ if (ret < 0) {
+ ERROR("Invalid Device Tree at %p: error %d\n", dtb, ret);
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+
+ node = fdt_get_stdout_node_offset(dtb);
+ if (node < 0) {
+ ERROR("DT get stdout node failed : %d\n", node);
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+
+ ret = fdt_add_uart_info(info, node, dtb);
+ if (ret < 0) {
+ ERROR("Failed to add DT UART info: %d\n", ret);
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+
+error:
+ return ret;
+}
+
+/**
+ * check_fdt_uart_info() - Check early uart info with DTB uart info.
+ * @info: Pointer to the UART information structure.
+ *
+ * Return: On success, it returns 0; on failure, it returns an error+reason.
+ */
+static int32_t check_fdt_uart_info(dt_uart_info_t *info)
+{
+ int32_t ret = 0;
+
+ if (info->status == 0) {
+ ret = -ENODEV;
+ goto error;
+ }
+
+ if ((info->base == console.base) &&
+ (info->baud_rate == UART_BAUDRATE) && !CONSOLE_IS(dcc)) {
+ ret = -ENODEV;
+ goto error;
+ }
+
+error:
+ return ret;
+}
+
+/**
+ * console_boot_end() - Unregister the console_t instance form the console list.
+ * @boot_console: Pointer to the console information structure.
+ */
+static void console_boot_end(console_t *boot_console)
+{
+ if (CONSOLE_IS(dcc)) {
+ console_dcc_unregister();
+ } else {
+ console_flush();
+ (void)console_unregister(boot_console);
+ }
+}
+
+/**
+ * setup_runtime_console() - Registers the runtime uart with console list.
+ * @clock: UART clock.
+ * @info: Pointer to the UART information structure.
+ */
+static void setup_runtime_console(uint32_t clock, dt_uart_info_t *info)
+{
+ static console_t bl31_runtime_console;
+ int32_t rc;
+
+#if defined(PLAT_zynqmp)
+ rc = console_cdns_register(info->base,
+ clock,
+ info->baud_rate,
+ &bl31_runtime_console);
+#else
+ rc = console_pl011_register(info->base,
+ clock,
+ info->baud_rate,
+ &bl31_runtime_console);
+#endif
+ if (rc == 0) {
+ panic();
+ }
+
+ console_set_scope(&bl31_runtime_console,
+ CONSOLE_FLAG_BOOT | CONSOLE_FLAG_RUNTIME |
+ CONSOLE_FLAG_CRASH);
+}
+
+
+/**
+ * runtime_console_init() - Initializes the run time console information.
+ * @uart_info: Pointer to the UART information structure.
+ * @bl31_boot_console: Pointer to the console information structure.
+ * @clock: UART clock.
+ *
+ * Return: On success, it returns 0; on failure, it returns an error+reason;
+ */
+static int32_t runtime_console_init(dt_uart_info_t *uart_info,
+ console_t *bl31_boot_console,
+ uint32_t clock)
+{
+ int32_t rc = 0;
+
+ /* Parse UART information from Device Tree Blob (DTB) */
+ rc = fdt_get_uart_info(uart_info);
+ if (rc < 0) {
+ rc = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+
+ if (strncmp(uart_info->compatible, DT_UART_COMPAT,
+ strlen(DT_UART_COMPAT)) == 0) {
+
+ if (check_fdt_uart_info(uart_info) == 0) {
+ setup_runtime_console(clock, uart_info);
+ console_boot_end(bl31_boot_console);
+ INFO("Runtime console setup\n");
+ } else {
+ INFO("Early console and DTB console are same\n");
+ }
+ } else if (strncmp(uart_info->compatible, DT_UART_DCC_COMPAT,
+ strlen(DT_UART_DCC_COMPAT)) == 0) {
+ rc = console_dcc_register();
+ if (rc == 0) {
+ panic();
+ }
+ console_boot_end(bl31_boot_console);
+ } else {
+ WARN("BL31: No console device found in DT.\n");
+ }
+
+error:
+ return rc;
+}
+#endif
+
+void setup_console(void)
+{
+ int32_t rc;
+ uint32_t uart_clk = get_uart_clk();
+
+#if defined(PLAT_zynqmp)
+ if (CONSOLE_IS(cadence) || (CONSOLE_IS(cadence1))) {
+ rc = console_cdns_register(UART_BASE,
+ uart_clk,
+ UART_BAUDRATE,
+ &console);
+ if (rc == 0) {
+ panic();
+ }
+
+ console_set_scope(&console, CONSOLE_FLAG_BOOT |
+ CONSOLE_FLAG_RUNTIME | CONSOLE_FLAG_CRASH);
+ }
+#else
+ if (CONSOLE_IS(pl011) || (CONSOLE_IS(pl011_1))) {
+ /* Initialize the console to provide early debug support */
+ rc = console_pl011_register((uint32_t)UART_BASE,
+ uart_clk,
+ (uint32_t)UART_BAUDRATE,
+ &console);
+ if (rc == 0) {
+ panic();
+ }
+
+ console_set_scope(&console, CONSOLE_FLAG_BOOT |
+ CONSOLE_FLAG_RUNTIME | CONSOLE_FLAG_CRASH);
+ }
+#endif
+ if (CONSOLE_IS(dcc)) {
+ /* Initialize the dcc console for debug */
+ rc = console_dcc_register();
+ if (rc == 0) {
+ panic();
+ }
+ }
+ INFO("BL31: Early console setup\n");
+
+#if (defined(XILINX_OF_BOARD_DTB_ADDR) && !IS_TFA_IN_OCM(BL31_BASE))
+ static dt_uart_info_t uart_info = {0};
+
+ /* Initialize the runtime console using UART information from the DTB */
+ rc = runtime_console_init(&uart_info, &console, uart_clk);
+ if (rc < 0) {
+ ERROR("Failed to initialize runtime console: %d\n", rc);
+ }
+#endif
+}
diff --git a/plat/xilinx/common/plat_fdt.c b/plat/xilinx/common/plat_fdt.c
index de5d1a1..ebcc31b 100644
--- a/plat/xilinx/common/plat_fdt.c
+++ b/plat/xilinx/common/plat_fdt.c
@@ -13,6 +13,79 @@
#include <plat_fdt.h>
#include <platform_def.h>
+#if defined(XILINX_OF_BOARD_DTB_ADDR)
+
+#define FIT_CONFS_PATH "/configurations"
+
+static uint8_t is_fit_image(void *dtb)
+{
+ int64_t confs_noffset;
+ uint8_t status = 0;
+
+ confs_noffset = fdt_path_offset(dtb, FIT_CONFS_PATH);
+ /*confs_noffset is only present on FIT image */
+ if (confs_noffset < 0) {
+ status = 0;
+ } else {
+ status = 1;
+ }
+
+ return status;
+}
+
+int32_t is_valid_dtb(void *fdt)
+{
+ int32_t ret = 0;
+
+ if (fdt_check_header(fdt) != 0) {
+ ERROR("Can't read DT at %p\n", fdt);
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+
+ ret = fdt_open_into(fdt, fdt, XILINX_OF_BOARD_DTB_MAX_SIZE);
+ if (ret < 0) {
+ ERROR("Invalid Device Tree at %p: error %d\n", fdt, ret);
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+
+ if (is_fit_image(fdt) != 0U) {
+ WARN("FIT image detected, TF-A will not update DTB for DDR address space\n");
+ ret = -FDT_ERR_NOTFOUND;
+ }
+error:
+ return ret;
+}
+
+static int add_mmap_dynamic_region(unsigned long long base_pa, uintptr_t base_va,
+ size_t size, unsigned int attr)
+{
+ int ret = 0;
+#if defined(PLAT_XLAT_TABLES_DYNAMIC)
+ ret = mmap_add_dynamic_region(base_pa, base_va, size, attr);
+ if (ret != 0) {
+ WARN("Failed to add dynamic region for dtb: error %d\n",
+ ret);
+ }
+#endif
+ return ret;
+}
+
+static int remove_mmap_dynamic_region(uintptr_t base_va, size_t size)
+{
+ int ret = 0;
+#if defined(PLAT_XLAT_TABLES_DYNAMIC)
+ ret = mmap_remove_dynamic_region(base_va, size);
+ if (ret != 0) {
+ WARN("Failed to remove dynamic region for dtb:error %d\n",
+ ret);
+ }
+#endif
+ return ret;
+}
+#endif
+
void prepare_dtb(void)
{
#if defined(XILINX_OF_BOARD_DTB_ADDR)
@@ -24,75 +97,44 @@
if (!IS_TFA_IN_OCM(BL31_BASE)) {
-#if defined(PLAT_XLAT_TABLES_DYNAMIC)
- map_ret = mmap_add_dynamic_region((unsigned long long)dtb,
- (uintptr_t)dtb,
- XILINX_OF_BOARD_DTB_MAX_SIZE,
- MT_MEMORY | MT_RW | MT_NS);
- if (map_ret != 0) {
- WARN("Failed to add dynamic region for dtb: error %d\n",
- map_ret);
- }
-#endif
-
- if (!map_ret) {
+ map_ret = add_mmap_dynamic_region((unsigned long long)dtb,
+ (uintptr_t)dtb,
+ XILINX_OF_BOARD_DTB_MAX_SIZE,
+ MT_MEMORY | MT_RW | MT_NS);
+ if (map_ret == 0) {
/* Return if no device tree is detected */
- if (fdt_check_header(dtb) != 0) {
- NOTICE("Can't read DT at %p\n", dtb);
- } else {
- ret = fdt_open_into(dtb, dtb, XILINX_OF_BOARD_DTB_MAX_SIZE);
-
- if (ret < 0) {
- ERROR("Invalid Device Tree at %p: error %d\n",
- dtb, ret);
- } else {
-
- if (dt_add_psci_node(dtb)) {
- WARN("Failed to add PSCI Device Tree node\n");
- }
-
- if (dt_add_psci_cpu_enable_methods(dtb)) {
- WARN("Failed to add PSCI cpu enable methods in DT\n");
- }
-
- /* Reserve memory used by Trusted Firmware. */
- ret = fdt_add_reserved_memory(dtb,
- "tf-a",
- BL31_BASE,
- BL31_LIMIT
- -
- BL31_BASE);
- if (ret < 0) {
- WARN("Failed to add reserved memory nodes for BL31 to DT.\n");
- }
-
- ret = fdt_pack(dtb);
- if (ret < 0) {
- WARN("Failed to pack dtb at %p: error %d\n",
- dtb, ret);
- }
- flush_dcache_range((uintptr_t)dtb,
- fdt_blob_size(dtb));
+ if (is_valid_dtb(dtb) == 0) {
+ if (dt_add_psci_node(dtb)) {
+ WARN("Failed to add PSCI Device Tree node\n");
+ }
- INFO("Changed device tree to advertise PSCI and reserved memories.\n");
+ if (dt_add_psci_cpu_enable_methods(dtb)) {
+ WARN("Failed to add PSCI cpu enable methods in DT\n");
+ }
+ /* Reserve memory used by Trusted Firmware. */
+ ret = fdt_add_reserved_memory(dtb, "tf-a",
+ BL31_BASE,
+ BL31_LIMIT - BL31_BASE);
+ if (ret < 0) {
+ WARN("Failed to add reserved memory nodes for BL31 to DT.\n");
}
- }
- }
+ ret = fdt_pack(dtb);
+ if (ret < 0) {
+ WARN("Failed to pack dtb at %p: error %d\n", dtb, ret);
+ }
+ flush_dcache_range((uintptr_t)dtb, fdt_blob_size(dtb));
+ INFO("Changed device tree to advertise PSCI and reserved memories.\n");
+ }
-#if defined(PLAT_XLAT_TABLES_DYNAMIC)
- if (!map_ret) {
- ret = mmap_remove_dynamic_region((uintptr_t)dtb,
- XILINX_OF_BOARD_DTB_MAX_SIZE);
+ ret = remove_mmap_dynamic_region((uintptr_t)dtb,
+ XILINX_OF_BOARD_DTB_MAX_SIZE);
if (ret != 0) {
- WARN("Failed to remove dynamic region for dtb:error %d\n",
- ret);
+ WARN("Failed to remove mmap dynamic regions.\n");
}
}
-#endif
}
-
#endif
}
diff --git a/plat/xilinx/common/tsp/tsp.mk b/plat/xilinx/common/tsp/tsp.mk
new file mode 100644
index 0000000..b80f531
--- /dev/null
+++ b/plat/xilinx/common/tsp/tsp.mk
@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2023, Advanced Micro Devices, Inc. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+# TSP source files for AMD-Xilinx platforms
+BL32_SOURCES += plat/common/aarch64/platform_mp_stack.S \
+ plat/xilinx/common/tsp/tsp_plat_setup.c
diff --git a/plat/xilinx/zynqmp/tsp/tsp_plat_setup.c b/plat/xilinx/common/tsp/tsp_plat_setup.c
similarity index 67%
rename from plat/xilinx/zynqmp/tsp/tsp_plat_setup.c
rename to plat/xilinx/common/tsp/tsp_plat_setup.c
index a9f2dbd..21c29c3 100644
--- a/plat/xilinx/zynqmp/tsp/tsp_plat_setup.c
+++ b/plat/xilinx/common/tsp/tsp_plat_setup.c
@@ -1,11 +1,13 @@
/*
* Copyright (c) 2014-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2023, Advanced Micro Devices. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <common/bl_common.h>
#include <common/debug.h>
+#include <drivers/arm/pl011.h>
#include <drivers/console.h>
#include <plat/arm/common/plat_arm.h>
#include <platform_tsp.h>
@@ -22,10 +24,24 @@
* messages from TSP
*/
static console_t tsp_boot_console;
- (void)console_cdns_register(UART_BASE,
- get_uart_clk(),
- UART_BAUDRATE,
- &tsp_boot_console);
+ int32_t rc;
+
+#if defined(PLAT_zynqmp)
+ rc = console_cdns_register((uintptr_t)UART_BASE,
+ (uint32_t)get_uart_clk(),
+ (uint32_t)UART_BAUDRATE,
+ &tsp_boot_console);
+#else
+ rc = console_pl011_register((uintptr_t)UART_BASE,
+ (uint32_t)get_uart_clk(),
+ (uint32_t)UART_BAUDRATE,
+ &tsp_boot_console);
+#endif
+
+ if (rc == 0) {
+ panic();
+ }
+
console_set_scope(&tsp_boot_console,
CONSOLE_FLAG_RUNTIME | CONSOLE_FLAG_BOOT);
}
@@ -35,8 +51,16 @@
******************************************************************************/
void tsp_platform_setup(void)
{
+/*
+ * For ZynqMP, the GICv2 driver needs to be initialized in S-EL1,
+ * and for other platforms, the GICv3 driver is initialized in EL3.
+ * This is because S-EL1 can use GIC system registers to manage
+ * interrupts and does not need to be initialized again in SEL1.
+ */
+#if defined(PLAT_zynqmp)
plat_arm_gic_driver_init();
plat_arm_gic_init();
+#endif
}
/*******************************************************************************
@@ -52,12 +76,14 @@
MT_CODE | MT_SECURE),
MAP_REGION_FLAT(BL_RO_DATA_BASE, BL_RO_DATA_END - BL_RO_DATA_BASE,
MT_RO_DATA | MT_SECURE),
+#if defined(PLAT_zynqmp) || defined(PLAT_versal)
MAP_REGION_FLAT(BL_COHERENT_RAM_BASE,
BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE,
MT_DEVICE | MT_RW | MT_SECURE),
+#endif
{0}
};
- setup_page_tables(bl_regions, plat_arm_get_mmap());
+ setup_page_tables(bl_regions, plat_get_mmap());
enable_mmu_el1(0);
}
diff --git a/plat/xilinx/versal/aarch64/versal_common.c b/plat/xilinx/versal/aarch64/versal_common.c
index 93deedc..aba190d 100644
--- a/plat/xilinx/versal/aarch64/versal_common.c
+++ b/plat/xilinx/versal/aarch64/versal_common.c
@@ -33,7 +33,7 @@
{ 0 }
};
-const mmap_region_t *plat_versal_get_mmap(void)
+const mmap_region_t *plat_get_mmap(void)
{
return plat_versal_mmap;
}
@@ -73,3 +73,8 @@
platform_id = FIELD_GET(PLATFORM_MASK, plat_info[1]);
platform_version = FIELD_GET(PLATFORM_VERSION_MASK, plat_info[1]);
}
+
+uint32_t get_uart_clk(void)
+{
+ return UART_CLOCK;
+}
diff --git a/plat/xilinx/versal/bl31_versal_setup.c b/plat/xilinx/versal/bl31_versal_setup.c
index 566415f..cd105c6 100644
--- a/plat/xilinx/versal/bl31_versal_setup.c
+++ b/plat/xilinx/versal/bl31_versal_setup.c
@@ -12,13 +12,11 @@
#include <bl31/bl31.h>
#include <common/bl_common.h>
#include <common/debug.h>
-#include <drivers/arm/dcc.h>
-#include <drivers/arm/pl011.h>
-#include <drivers/console.h>
#include <lib/mmio.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
#include <plat/common/platform.h>
#include <plat_arm.h>
+#include <plat_console.h>
#include <plat_fdt.h>
#include <plat_private.h>
@@ -74,28 +72,7 @@
enum pm_ret_status ret_status;
uint64_t addr[HANDOFF_PARAMS_MAX_SIZE];
- if (CONSOLE_IS(pl011) || (CONSOLE_IS(pl011_1))) {
- static console_t versal_runtime_console;
- /* Initialize the console to provide early debug support */
- int32_t rc = console_pl011_register((uintptr_t)UART_BASE,
- (uint32_t)UART_CLOCK,
- (uint32_t)UART_BAUDRATE,
- &versal_runtime_console);
- if (rc == 0) {
- panic();
- }
-
- console_set_scope(&versal_runtime_console, (uint32_t)(CONSOLE_FLAG_BOOT |
- CONSOLE_FLAG_RUNTIME | CONSOLE_FLAG_CRASH));
- } else if (CONSOLE_IS(dcc)) {
- /* Initialize the dcc console for debug */
- int32_t rc = console_dcc_register();
- if (rc == 0) {
- panic();
- }
- } else {
- /* No console device found. */
- }
+ setup_console();
/* Initialize the platform config for future decision making */
versal_config_setup();
@@ -138,6 +115,19 @@
panic();
} else {
INFO("BL31: PLM to TF-A handover success %u\n", ret);
+
+ /*
+ * The BL32 load address is indicated as 0x0 in the handoff
+ * parameters, which is different from the default/user-provided
+ * load address of 0x60000000 but the flags are correctly
+ * configured. Consequently, in this scenario, set the PC
+ * to the requested BL32_BASE address.
+ */
+
+ /* TODO: Remove the following check once this is fixed from PLM */
+ if (bl32_image_ep_info.pc == 0 && bl32_image_ep_info.spsr != 0) {
+ bl32_image_ep_info.pc = (uintptr_t)BL32_BASE;
+ }
}
NOTICE("BL31: Secure code at 0x%lx\n", bl32_image_ep_info.pc);
@@ -213,6 +203,8 @@
if (rc != 0) {
panic();
}
+
+ console_switch_state(CONSOLE_FLAG_RUNTIME);
}
/*
@@ -241,6 +233,6 @@
{0}
};
- setup_page_tables(bl_regions, plat_versal_get_mmap());
+ setup_page_tables(bl_regions, plat_get_mmap());
enable_mmu(0);
}
diff --git a/plat/xilinx/versal/include/plat_private.h b/plat/xilinx/versal/include/plat_private.h
index 48f64ea..a4210cd 100644
--- a/plat/xilinx/versal/include/plat_private.h
+++ b/plat/xilinx/versal/include/plat_private.h
@@ -17,9 +17,10 @@
interrupt_type_handler_t handler;
} versal_intr_info_type_el3_t;
+uint32_t get_uart_clk(void);
void versal_config_setup(void);
-const mmap_region_t *plat_versal_get_mmap(void);
+const mmap_region_t *plat_get_mmap(void);
extern uint32_t platform_id, platform_version;
diff --git a/plat/xilinx/versal/include/platform_def.h b/plat/xilinx/versal/include/platform_def.h
index 4c02402..286a706 100644
--- a/plat/xilinx/versal/include/platform_def.h
+++ b/plat/xilinx/versal/include/platform_def.h
@@ -35,10 +35,10 @@
# define BL31_BASE U(0xfffe0000)
# define BL31_LIMIT U(0x100000000)
#else
-# define BL31_BASE (VERSAL_ATF_MEM_BASE)
-# define BL31_LIMIT (VERSAL_ATF_MEM_BASE + VERSAL_ATF_MEM_SIZE)
+# define BL31_BASE U(VERSAL_ATF_MEM_BASE)
+# define BL31_LIMIT U(VERSAL_ATF_MEM_BASE + VERSAL_ATF_MEM_SIZE)
# ifdef VERSAL_ATF_MEM_PROGBITS_SIZE
-# define BL31_PROGBITS_LIMIT (VERSAL_ATF_MEM_BASE + VERSAL_ATF_MEM_PROGBITS_SIZE)
+# define BL31_PROGBITS_LIMIT U(VERSAL_ATF_MEM_BASE + VERSAL_ATF_MEM_PROGBITS_SIZE)
# endif
#endif
@@ -49,8 +49,8 @@
# define BL32_BASE U(0x60000000)
# define BL32_LIMIT U(0x80000000)
#else
-# define BL32_BASE (VERSAL_BL32_MEM_BASE)
-# define BL32_LIMIT (VERSAL_BL32_MEM_BASE + VERSAL_BL32_MEM_SIZE)
+# define BL32_BASE U(VERSAL_BL32_MEM_BASE)
+# define BL32_LIMIT U(VERSAL_BL32_MEM_BASE + VERSAL_BL32_MEM_SIZE)
#endif
/*******************************************************************************
@@ -59,7 +59,7 @@
#ifndef PRELOADED_BL33_BASE
# define PLAT_ARM_NS_IMAGE_BASE U(0x8000000)
#else
-# define PLAT_ARM_NS_IMAGE_BASE PRELOADED_BL33_BASE
+# define PLAT_ARM_NS_IMAGE_BASE U(PRELOADED_BL33_BASE)
#endif
/*******************************************************************************
diff --git a/plat/xilinx/versal/include/versal_def.h b/plat/xilinx/versal/include/versal_def.h
index 0ac76b5..92c0ba6 100644
--- a/plat/xilinx/versal/include/versal_def.h
+++ b/plat/xilinx/versal/include/versal_def.h
@@ -48,6 +48,7 @@
* IRQ constants
******************************************************************************/
#define VERSAL_IRQ_SEC_PHY_TIMER U(29)
+#define ARM_IRQ_SEC_PHY_TIMER 29
/*******************************************************************************
* CCI-400 related constants
diff --git a/plat/xilinx/versal/platform.mk b/plat/xilinx/versal/platform.mk
index a052713..7c53daa 100644
--- a/plat/xilinx/versal/platform.mk
+++ b/plat/xilinx/versal/platform.mk
@@ -54,6 +54,9 @@
$(eval $(call add_define,PLAT_XLAT_TABLES_DYNAMIC))
endif
+# enable assert() for release/debug builds
+ENABLE_ASSERTIONS := 1
+
PLAT_INCLUDES := -Iinclude/plat/arm/common/ \
-Iplat/xilinx/common/include/ \
-Iplat/xilinx/common/ipi_mailbox_service/ \
@@ -88,9 +91,11 @@
BL31_SOURCES += drivers/arm/cci/cci.c \
lib/cpus/aarch64/cortex_a72.S \
+ common/fdt_wrappers.c \
plat/common/plat_psci_common.c \
plat/xilinx/common/ipi.c \
plat/xilinx/common/plat_fdt.c \
+ plat/xilinx/common/plat_console.c \
plat/xilinx/common/plat_startup.c \
plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c \
plat/xilinx/common/pm_service/pm_ipi.c \
diff --git a/plat/xilinx/versal/tsp/tsp-versal.mk b/plat/xilinx/versal/tsp/tsp-versal.mk
new file mode 100644
index 0000000..bf32de3
--- /dev/null
+++ b/plat/xilinx/versal/tsp/tsp-versal.mk
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2023, Advanced Micro Devices, Inc. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+# TSP source files specific to Versal platform
+
+PLAT_XILINX_COMMON := plat/xilinx/common/
+
+include ${PLAT_XILINX_COMMON}/tsp/tsp.mk
diff --git a/plat/xilinx/versal_net/aarch64/versal_net_common.c b/plat/xilinx/versal_net/aarch64/versal_net_common.c
index b2de411..69c5c87 100644
--- a/plat/xilinx/versal_net/aarch64/versal_net_common.c
+++ b/plat/xilinx/versal_net/aarch64/versal_net_common.c
@@ -34,7 +34,7 @@
{ 0 }
};
-const mmap_region_t *plat_versal_net_get_mmap(void)
+const mmap_region_t *plat_get_mmap(void)
{
return plat_versal_net_mmap;
}
@@ -88,6 +88,30 @@
platform_version / 10U, platform_version % 10U);
}
+uint32_t get_uart_clk(void)
+{
+ uint32_t uart_clock;
+
+ switch (platform_id) {
+ case VERSAL_NET_SPP:
+ uart_clock = 1000000;
+ break;
+ case VERSAL_NET_EMU:
+ uart_clock = 25000000;
+ break;
+ case VERSAL_NET_QEMU:
+ uart_clock = 25000000;
+ break;
+ case VERSAL_NET_SILICON:
+ uart_clock = 100000000;
+ break;
+ default:
+ panic();
+ }
+
+ return uart_clock;
+}
+
void versal_net_config_setup(void)
{
uint32_t val;
diff --git a/plat/xilinx/versal_net/bl31_versal_net_setup.c b/plat/xilinx/versal_net/bl31_versal_net_setup.c
index a70095d..56ef27b 100644
--- a/plat/xilinx/versal_net/bl31_versal_net_setup.c
+++ b/plat/xilinx/versal_net/bl31_versal_net_setup.c
@@ -12,13 +12,11 @@
#include <bl31/bl31.h>
#include <common/bl_common.h>
#include <common/debug.h>
-#include <drivers/arm/dcc.h>
-#include <drivers/arm/pl011.h>
-#include <drivers/console.h>
#include <lib/mmio.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
#include <plat/common/platform.h>
#include <plat_arm.h>
+#include <plat_console.h>
#include <plat_fdt.h>
#include <plat_private.h>
@@ -69,8 +67,6 @@
void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
u_register_t arg2, u_register_t arg3)
{
- uint32_t uart_clock;
- int32_t rc;
#if !(TFA_NO_PM)
uint64_t tfa_handoff_addr, buff[HANDOFF_PARAMS_MAX_SIZE] = {0};
uint32_t payload[PAYLOAD_ARG_CNT], max_size = HANDOFF_PARAMS_MAX_SIZE;
@@ -82,49 +78,22 @@
switch (platform_id) {
case VERSAL_NET_SPP:
cpu_clock = 1000000;
- uart_clock = 1000000;
break;
case VERSAL_NET_EMU:
cpu_clock = 3660000;
- uart_clock = 25000000;
break;
case VERSAL_NET_QEMU:
/* Random values now */
cpu_clock = 100000000;
- uart_clock = 25000000;
break;
case VERSAL_NET_SILICON:
cpu_clock = 100000000;
- uart_clock = 100000000;
break;
default:
panic();
}
- if (CONSOLE_IS(pl011_0) || CONSOLE_IS(pl011_1)) {
- static console_t versal_net_runtime_console;
-
- /* Initialize the console to provide early debug support */
- rc = console_pl011_register(UART_BASE, uart_clock,
- UART_BAUDRATE,
- &versal_net_runtime_console);
- if (rc == 0) {
- panic();
- }
-
- console_set_scope(&versal_net_runtime_console, CONSOLE_FLAG_BOOT |
- CONSOLE_FLAG_RUNTIME | CONSOLE_FLAG_CRASH);
- } else if (CONSOLE_IS(dcc)) {
- /* Initialize the dcc console for debug.
- * dcc is over jtag and does not configures uart0 or uart1.
- */
- rc = console_dcc_register();
- if (rc == 0) {
- panic();
- }
- } else {
- /* No console device found. */
- }
+ setup_console();
NOTICE("TF-A running on %s %d.%d\n", board_name_decode(),
platform_version / 10U, platform_version % 10U);
@@ -162,6 +131,19 @@
}
INFO("BL31: PLM to TF-A handover success\n");
+
+ /*
+ * The BL32 load address is indicated as 0x0 in the handoff
+ * parameters, which is different from the default/user-provided
+ * load address of 0x60000000 but the flags are correctly
+ * configured. Consequently, in this scenario, set the PC
+ * to the requested BL32_BASE address.
+ */
+
+ /* TODO: Remove the following check once this is fixed from PLM */
+ if (bl32_image_ep_info.pc == 0 && bl32_image_ep_info.spsr != 0) {
+ bl32_image_ep_info.pc = (uintptr_t)BL32_BASE;
+ }
} else {
INFO("BL31: setting up default configs\n");
@@ -244,6 +226,8 @@
if (rc != 0) {
panic();
}
+
+ console_switch_state(CONSOLE_FLAG_RUNTIME);
}
/*
@@ -265,6 +249,6 @@
{0}
};
- setup_page_tables(bl_regions, plat_versal_net_get_mmap());
+ setup_page_tables(bl_regions, plat_get_mmap());
enable_mmu(0);
}
diff --git a/plat/xilinx/versal_net/include/plat_private.h b/plat/xilinx/versal_net/include/plat_private.h
index be75bfd..9cd8636 100644
--- a/plat/xilinx/versal_net/include/plat_private.h
+++ b/plat/xilinx/versal_net/include/plat_private.h
@@ -18,8 +18,9 @@
} versal_intr_info_type_el3_t;
void versal_net_config_setup(void);
+uint32_t get_uart_clk(void);
-const mmap_region_t *plat_versal_net_get_mmap(void);
+const mmap_region_t *plat_get_mmap(void);
void plat_versal_net_gic_driver_init(void);
void plat_versal_net_gic_init(void);
diff --git a/plat/xilinx/versal_net/include/versal_net_def.h b/plat/xilinx/versal_net/include/versal_net_def.h
index a53cad9..dd20faa 100644
--- a/plat/xilinx/versal_net/include/versal_net_def.h
+++ b/plat/xilinx/versal_net/include/versal_net_def.h
@@ -128,6 +128,7 @@
* IRQ constants
******************************************************************************/
#define VERSAL_NET_IRQ_SEC_PHY_TIMER U(29)
+#define ARM_IRQ_SEC_PHY_TIMER 29
/*******************************************************************************
* UART related constants
diff --git a/plat/xilinx/versal_net/platform.mk b/plat/xilinx/versal_net/platform.mk
index 9fa16fd..f299189 100644
--- a/plat/xilinx/versal_net/platform.mk
+++ b/plat/xilinx/versal_net/platform.mk
@@ -69,6 +69,9 @@
$(eval $(call add_define,XILINX_OF_BOARD_DTB_ADDR))
endif
+# enable assert() for release/debug builds
+ENABLE_ASSERTIONS := 1
+
PLAT_INCLUDES := -Iinclude/plat/arm/common/ \
-Iplat/xilinx/common/include/ \
-Iplat/xilinx/common/ipi_mailbox_service/ \
@@ -108,12 +111,14 @@
endif
BL31_SOURCES += plat/xilinx/common/plat_fdt.c \
plat/xilinx/common/plat_startup.c \
+ plat/xilinx/common/plat_console.c \
plat/xilinx/common/ipi.c \
plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c \
plat/xilinx/common/versal.c \
${PLAT_PATH}/bl31_versal_net_setup.c \
${PLAT_PATH}/plat_topology.c \
common/fdt_fixup.c \
+ common/fdt_wrappers.c \
${LIBFDT_SRCS} \
${PLAT_PATH}/sip_svc_setup.c \
${PLAT_PATH}/versal_net_gicv3.c \
diff --git a/plat/xilinx/versal_net/tsp/tsp-versal_net.mk b/plat/xilinx/versal_net/tsp/tsp-versal_net.mk
new file mode 100644
index 0000000..87638ab
--- /dev/null
+++ b/plat/xilinx/versal_net/tsp/tsp-versal_net.mk
@@ -0,0 +1,13 @@
+#
+# Copyright (c) 2023, Advanced Micro Devices, Inc. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+# TSP source files specific to Versal NET platform
+
+PLAT_XILINX_COMMON := plat/xilinx/common/
+
+include ${PLAT_XILINX_COMMON}/tsp/tsp.mk
+
+BL32_SOURCES += plat/xilinx/versal_net/plat_topology.c \
+ ${XLAT_TABLES_LIB_SRCS}
diff --git a/plat/xilinx/zynqmp/aarch64/zynqmp_common.c b/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
index e1c8ee8..dba1734 100644
--- a/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
+++ b/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
@@ -27,13 +27,18 @@
* This doesn't include TZRAM as the 'mem_layout' argument passed to
* configure_mmu_elx() will give the available subset of that,
*/
-const mmap_region_t plat_arm_mmap[] = {
+const mmap_region_t plat_zynqmp_mmap[] = {
{ DEVICE0_BASE, DEVICE0_BASE, DEVICE0_SIZE, MT_DEVICE | MT_RW | MT_SECURE },
{ DEVICE1_BASE, DEVICE1_BASE, DEVICE1_SIZE, MT_DEVICE | MT_RW | MT_SECURE },
{ CRF_APB_BASE, CRF_APB_BASE, CRF_APB_SIZE, MT_DEVICE | MT_RW | MT_SECURE },
{0}
};
+const mmap_region_t *plat_get_mmap(void)
+{
+ return plat_zynqmp_mmap;
+}
+
static uint32_t zynqmp_get_silicon_ver(void)
{
static unsigned int ver;
diff --git a/plat/xilinx/zynqmp/bl31_zynqmp_setup.c b/plat/xilinx/zynqmp/bl31_zynqmp_setup.c
index 32bb982..baf6717 100644
--- a/plat/xilinx/zynqmp/bl31_zynqmp_setup.c
+++ b/plat/xilinx/zynqmp/bl31_zynqmp_setup.c
@@ -13,12 +13,11 @@
#include <common/debug.h>
#include <common/fdt_fixup.h>
#include <common/fdt_wrappers.h>
-#include <drivers/arm/dcc.h>
-#include <drivers/console.h>
#include <lib/mmio.h>
#include <libfdt.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
+#include <plat_console.h>
#include <custom_svc.h>
#include <plat_fdt.h>
@@ -74,25 +73,8 @@
{
uint64_t tfa_handoff_addr;
- if (CONSOLE_IS(cadence) || (CONSOLE_IS(cadence1))) {
- /* Register the console to provide early debug support */
- static console_t bl31_boot_console;
- (void)console_cdns_register(UART_BASE,
- get_uart_clk(),
- UART_BAUDRATE,
- &bl31_boot_console);
- console_set_scope(&bl31_boot_console,
- CONSOLE_FLAG_RUNTIME | CONSOLE_FLAG_BOOT |
- CONSOLE_FLAG_CRASH);
- } else if (CONSOLE_IS(dcc)) {
- /* Initialize the dcc console for debug */
- int32_t rc = console_dcc_register();
- if (rc == 0) {
- panic();
- }
- } else {
- /* No console device found. */
- }
+ setup_console();
+
/* Initialize the platform config for future decision making */
zynqmp_config_setup();
@@ -208,6 +190,8 @@
#endif
custom_runtime_setup();
+
+ console_switch_state(CONSOLE_FLAG_RUNTIME);
}
/*
@@ -237,6 +221,6 @@
custom_mmap_add();
- setup_page_tables(bl_regions, plat_arm_get_mmap());
+ setup_page_tables(bl_regions, plat_get_mmap());
enable_mmu_el3(0);
}
diff --git a/plat/xilinx/zynqmp/include/plat_private.h b/plat/xilinx/zynqmp/include/plat_private.h
index dda005a..afa102d 100644
--- a/plat/xilinx/zynqmp/include/plat_private.h
+++ b/plat/xilinx/zynqmp/include/plat_private.h
@@ -13,9 +13,12 @@
#include <bl31/interrupt_mgmt.h>
#include <common/bl_common.h>
#include <drivers/cadence/cdns_uart.h>
+#include <lib/xlat_tables/xlat_tables.h>
void zynqmp_config_setup(void);
+const mmap_region_t *plat_get_mmap(void);
+
uint32_t zynqmp_calc_core_pos(u_register_t mpidr);
/* ZynqMP specific functions */
diff --git a/plat/xilinx/zynqmp/include/zynqmp_def.h b/plat/xilinx/zynqmp/include/zynqmp_def.h
index 38f2d9b..d715ce2 100644
--- a/plat/xilinx/zynqmp/include/zynqmp_def.h
+++ b/plat/xilinx/zynqmp/include/zynqmp_def.h
@@ -221,20 +221,6 @@
#define IOU_TAPDLY_BYPASS U(0XFF180390)
#define TAP_DELAY_MASK U(0x7)
-/* SGMII mode */
-#define IOU_GEM_CTRL U(0xFF180360)
-#define IOU_GEM_CLK_CTRL U(0xFF180308)
-#define SGMII_SD_MASK U(0x3)
-#define SGMII_SD_OFFSET U(2)
-#define SGMII_PCS_SD_0 U(0x0)
-#define SGMII_PCS_SD_1 U(0x1)
-#define SGMII_PCS_SD_PHY U(0x2)
-#define GEM_SGMII_MASK U(0x4)
-#define GEM_CLK_CTRL_MASK U(0xF)
-#define GEM_CLK_CTRL_OFFSET U(5)
-#define GEM_RX_SRC_SEL_GTR U(0x1)
-#define GEM_SGMII_MODE U(0x4)
-
/* SD DLL reset */
#define ZYNQMP_SD_DLL_CTRL U(0xFF180358)
#define ZYNQMP_SD0_DLL_RST_MASK U(0x00000004)
diff --git a/plat/xilinx/zynqmp/platform.mk b/plat/xilinx/zynqmp/platform.mk
index e20cb22..e266615 100644
--- a/plat/xilinx/zynqmp/platform.mk
+++ b/plat/xilinx/zynqmp/platform.mk
@@ -49,6 +49,10 @@
ifdef ZYNQMP_ATF_MEM_PROGBITS_SIZE
$(eval $(call add_define,ZYNQMP_ATF_MEM_PROGBITS_SIZE))
endif
+
+ # enable assert() when TF-A runs from DDR memory.
+ ENABLE_ASSERTIONS := 1
+
endif
ifdef ZYNQMP_BL32_MEM_BASE
@@ -124,9 +128,11 @@
lib/cpus/aarch64/cortex_a53.S \
plat/common/plat_psci_common.c \
common/fdt_fixup.c \
+ common/fdt_wrappers.c \
${LIBFDT_SRCS} \
plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c \
plat/xilinx/common/plat_startup.c \
+ plat/xilinx/common/plat_console.c \
plat/xilinx/common/plat_fdt.c \
plat/xilinx/zynqmp/bl31_zynqmp_setup.c \
plat/xilinx/zynqmp/plat_psci.c \
diff --git a/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c b/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c
index e812ad6..dd21499 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c
@@ -174,67 +174,6 @@
}
/**
- * pm_ioctl_set_sgmii_mode() - Set SGMII mode for the GEM device.
- * @nid: Node ID of the device.
- * @value: Enable/Disable.
- *
- * This function enable/disable SGMII mode for the GEM device.
- * While enabling SGMII mode, it also ties the GEM PCS Signal
- * Detect to 1 and selects EMIO for RX clock generation.
- *
- * Return: Returns status, either success or error+reason.
- *
- */
-static enum pm_ret_status pm_ioctl_set_sgmii_mode(enum pm_node_id nid,
- uint32_t value)
-{
- uint32_t val, mask, shift;
- enum pm_ret_status ret;
-
- if (value != PM_SGMII_DISABLE && value != PM_SGMII_ENABLE) {
- return PM_RET_ERROR_ARGS;
- }
-
- switch (nid) {
- case NODE_ETH_0:
- shift = 0;
- break;
- case NODE_ETH_1:
- shift = 1;
- break;
- case NODE_ETH_2:
- shift = 2;
- break;
- case NODE_ETH_3:
- shift = 3;
- break;
- default:
- return PM_RET_ERROR_ARGS;
- }
-
- if (value == PM_SGMII_DISABLE) {
- mask = GEM_SGMII_MASK << GEM_CLK_CTRL_OFFSET * shift;
- ret = pm_mmio_write(IOU_GEM_CLK_CTRL, mask, 0U);
- } else {
- /* Tie the GEM PCS Signal Detect to 1 */
- mask = SGMII_SD_MASK << SGMII_SD_OFFSET * shift;
- val = SGMII_PCS_SD_1 << SGMII_SD_OFFSET * shift;
- ret = pm_mmio_write(IOU_GEM_CTRL, mask, val);
- if (ret != PM_RET_SUCCESS) {
- return ret;
- }
-
- /* Set the GEM to SGMII mode */
- mask = GEM_CLK_CTRL_MASK << GEM_CLK_CTRL_OFFSET * shift;
- val = GEM_RX_SRC_SEL_GTR | GEM_SGMII_MODE;
- val <<= GEM_CLK_CTRL_OFFSET * shift;
- ret = pm_mmio_write(IOU_GEM_CLK_CTRL, mask, val);
- }
-
- return ret;
-}
-
-/**
* pm_ioctl_sd_dll_reset() - Reset DLL logic.
* @nid: Node ID of the device.
* @type: Reset type.
@@ -684,9 +623,6 @@
case IOCTL_SET_TAPDELAY_BYPASS:
ret = pm_ioctl_set_tapdelay_bypass(arg1, arg2);
break;
- case IOCTL_SET_SGMII_MODE:
- ret = pm_ioctl_set_sgmii_mode(nid, arg1);
- break;
case IOCTL_SD_DLL_RESET:
ret = pm_ioctl_sd_dll_reset(nid, arg1);
break;
@@ -752,7 +688,6 @@
IOCTL_RPU_BOOT_ADDR_CONFIG,
IOCTL_TCM_COMB_CONFIG,
IOCTL_SET_TAPDELAY_BYPASS,
- IOCTL_SET_SGMII_MODE,
IOCTL_SD_DLL_RESET,
IOCTL_SET_SD_TAPDELAY,
IOCTL_SET_PLL_FRAC_MODE,
diff --git a/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.h b/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.h
index 6b094db..bf94b7c 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.h
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.h
@@ -36,10 +36,6 @@
#define PM_TAPDELAY_BYPASS_DISABLE 0U
#define PM_TAPDELAY_BYPASS_ENABLE 1U
-//sgmii mode
-#define PM_SGMII_DISABLE 0U
-#define PM_SGMII_ENABLE 1U
-
enum tap_delay_type {
PM_TAPDELAY_INPUT,
PM_TAPDELAY_OUTPUT,
diff --git a/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c b/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c
index 0199597..6b42055 100644
--- a/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c
+++ b/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c
@@ -163,10 +163,6 @@
.api_id = PM_MMIO_WRITE,
},
{
- .id = IOCTL_SET_SGMII_MODE,
- .api_id = PM_MMIO_WRITE,
- },
- {
.id = IOCTL_SD_DLL_RESET,
.api_id = PM_MMIO_WRITE,
},
diff --git a/plat/xilinx/zynqmp/tsp/tsp-zynqmp.mk b/plat/xilinx/zynqmp/tsp/tsp-zynqmp.mk
index f91a04c..1d6366f 100644
--- a/plat/xilinx/zynqmp/tsp/tsp-zynqmp.mk
+++ b/plat/xilinx/zynqmp/tsp/tsp-zynqmp.mk
@@ -4,5 +4,7 @@
# SPDX-License-Identifier: BSD-3-Clause
# TSP source files specific to ZynqMP platform
-BL32_SOURCES += plat/common/aarch64/platform_mp_stack.S \
- plat/xilinx/zynqmp/tsp/tsp_plat_setup.c
+
+PLAT_XILINX_COMMON := plat/xilinx/common/
+
+include ${PLAT_XILINX_COMMON}/tsp/tsp.mk
diff --git a/pyproject.toml b/pyproject.toml
index 19ba4d8..0fe2383 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
[tool.poetry]
name = "trusted-firmware-a"
-version = "2.9.0"
+version = "2.10.0"
description = "Trusted Firmware-A (TF-A) Python dependencies."
authors = ["Arm Ltd."]
license = "BSD-3-Clause"
diff --git a/services/std_svc/errata_abi/errata_abi_main.c b/services/std_svc/errata_abi/errata_abi_main.c
index c0a089b..cf2e653 100644
--- a/services/std_svc/errata_abi/errata_abi_main.c
+++ b/services/std_svc/errata_abi/errata_abi_main.c
@@ -163,10 +163,12 @@
[5] = {1262606, 0x00, 0x30, ERRATA_A76_1262606},
[6] = {1262888, 0x00, 0x30, ERRATA_A76_1262888},
[7] = {1275112, 0x00, 0x30, ERRATA_A76_1275112},
- [8] = {1791580, 0x00, 0x40, ERRATA_A76_1791580},
- [9] = {1868343, 0x00, 0x40, ERRATA_A76_1868343},
- [10] = {1946160, 0x30, 0x41, ERRATA_A76_1946160},
- [11 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [8] = {1286807, 0x00, 0x30, ERRATA_A76_1286807},
+ [9] = {1791580, 0x00, 0x40, ERRATA_A76_1791580},
+ [10] = {1868343, 0x00, 0x40, ERRATA_A76_1868343},
+ [11] = {1946160, 0x30, 0x41, ERRATA_A76_1946160},
+ [12] = {2743102, 0x00, 0x41, ERRATA_A76_2743102},
+ [13 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A76_H_INC */
@@ -216,7 +218,7 @@
.cpu_errata_list = {
[0] = {1941500, 0x00, 0x01, ERRATA_A78_AE_1941500},
[1] = {1951502, 0x00, 0x01, ERRATA_A78_AE_1951502},
- [2] = {2376748, 0x00, 0x01, ERRATA_A78_AE_2376748},
+ [2] = {2376748, 0x00, 0x02, ERRATA_A78_AE_2376748},
[3] = {2395408, 0x00, 0x01, ERRATA_A78_AE_2395408},
[4] = {2712574, 0x00, 0x02, ERRATA_A78_AE_2712574, \
ERRATA_NON_ARM_INTERCONNECT},
@@ -229,15 +231,18 @@
{
.cpu_partnumber = CORTEX_A78C_MIDR,
.cpu_errata_list = {
- [0] = {2132064, 0x01, 0x02, ERRATA_A78C_2132064},
- [1] = {2242638, 0x01, 0x02, ERRATA_A78C_2242638},
- [2] = {2376749, 0x01, 0x02, ERRATA_A78C_2376749},
- [3] = {2395411, 0x01, 0x02, ERRATA_A78C_2395411},
- [4] = {2712575, 0x01, 0x02, ERRATA_A78C_2712575, \
+ [0] = {1827430, 0x00, 0x00, ERRATA_A78C_1827430},
+ [1] = {1827440, 0x00, 0x00, ERRATA_A78C_1827440},
+ [2] = {2132064, 0x01, 0x02, ERRATA_A78C_2132064},
+ [3] = {2242638, 0x01, 0x02, ERRATA_A78C_2242638},
+ [4] = {2376749, 0x01, 0x02, ERRATA_A78C_2376749},
+ [5] = {2395411, 0x01, 0x02, ERRATA_A78C_2395411},
+ [6] = {2712575, 0x01, 0x02, ERRATA_A78C_2712575, \
ERRATA_NON_ARM_INTERCONNECT},
- [5] = {2772121, 0x00, 0x02, ERRATA_A78C_2772121},
- [6] = {2779484, 0x01, 0x02, ERRATA_A78C_2779484},
- [7 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [7] = {2743232, 0x01, 0x02, ERRATA_A78C_2743232},
+ [8] = {2772121, 0x00, 0x02, ERRATA_A78C_2772121},
+ [9] = {2779484, 0x01, 0x02, ERRATA_A78C_2779484},
+ [10 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A78C_H_INC */
@@ -258,21 +263,22 @@
{
.cpu_partnumber = NEOVERSE_N1_MIDR,
.cpu_errata_list = {
- [0] = {1073348, 0x00, 0x10, ERRATA_N1_1073348},
- [1] = {1130799, 0x00, 0x20, ERRATA_N1_1130799},
- [2] = {1165347, 0x00, 0x20, ERRATA_N1_1165347},
- [3] = {1207823, 0x00, 0x20, ERRATA_N1_1207823},
- [4] = {1220197, 0x00, 0x20, ERRATA_N1_1220197},
- [5] = {1257314, 0x00, 0x30, ERRATA_N1_1257314},
- [6] = {1262606, 0x00, 0x30, ERRATA_N1_1262606},
- [7] = {1262888, 0x00, 0x30, ERRATA_N1_1262888},
- [8] = {1275112, 0x00, 0x30, ERRATA_N1_1275112},
- [9] = {1315703, 0x00, 0x30, ERRATA_N1_1315703},
- [10] = {1542419, 0x30, 0x40, ERRATA_N1_1542419},
- [11] = {1868343, 0x00, 0x40, ERRATA_N1_1868343},
- [12] = {1946160, 0x30, 0x41, ERRATA_N1_1946160},
- [13] = {2743102, 0x00, 0x41, ERRATA_N1_2743102},
- [14 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [0] = {1043202, 0x00, 0x10, ERRATA_N1_1043202},
+ [1] = {1073348, 0x00, 0x10, ERRATA_N1_1073348},
+ [2] = {1130799, 0x00, 0x20, ERRATA_N1_1130799},
+ [3] = {1165347, 0x00, 0x20, ERRATA_N1_1165347},
+ [4] = {1207823, 0x00, 0x20, ERRATA_N1_1207823},
+ [5] = {1220197, 0x00, 0x20, ERRATA_N1_1220197},
+ [6] = {1257314, 0x00, 0x30, ERRATA_N1_1257314},
+ [7] = {1262606, 0x00, 0x30, ERRATA_N1_1262606},
+ [8] = {1262888, 0x00, 0x30, ERRATA_N1_1262888},
+ [9] = {1275112, 0x00, 0x30, ERRATA_N1_1275112},
+ [10] = {1315703, 0x00, 0x30, ERRATA_N1_1315703},
+ [11] = {1542419, 0x30, 0x40, ERRATA_N1_1542419},
+ [12] = {1868343, 0x00, 0x40, ERRATA_N1_1868343},
+ [13] = {1946160, 0x30, 0x41, ERRATA_N1_1946160},
+ [14] = {2743102, 0x00, 0x41, ERRATA_N1_2743102},
+ [15 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* NEOVERSE_N1_H_INC */
@@ -281,23 +287,25 @@
{
.cpu_partnumber = NEOVERSE_V1_MIDR,
.cpu_errata_list = {
- [0] = {1618635, 0x00, 0x0F, ERRATA_V1_1618635},
+ [0] = {1618635, 0x00, 0x00, ERRATA_V1_1618635},
[1] = {1774420, 0x00, 0x10, ERRATA_V1_1774420},
[2] = {1791573, 0x00, 0x10, ERRATA_V1_1791573},
[3] = {1852267, 0x00, 0x10, ERRATA_V1_1852267},
[4] = {1925756, 0x00, 0x11, ERRATA_V1_1925756},
[5] = {1940577, 0x10, 0x11, ERRATA_V1_1940577},
[6] = {1966096, 0x10, 0x11, ERRATA_V1_1966096},
- [7] = {2108267, 0x00, 0x11, ERRATA_V1_2108267},
+ [7] = {2108267, 0x00, 0x12, ERRATA_V1_2108267},
[8] = {2139242, 0x00, 0x11, ERRATA_V1_2139242},
[9] = {2216392, 0x10, 0x11, ERRATA_V1_2216392},
- [10] = {2294912, 0x00, 0x11, ERRATA_V1_2294912},
- [11] = {2372203, 0x00, 0x11, ERRATA_V1_2372203},
- [12] = {2701953, 0x00, 0x11, ERRATA_V1_2701953, \
+ [10] = {2294912, 0x00, 0x12, ERRATA_V1_2294912},
+ [11] = {2348377, 0x00, 0x11, ERRATA_V1_2348377},
+ [12] = {2372203, 0x00, 0x11, ERRATA_V1_2372203},
+ [13] = {2701953, 0x00, 0x11, ERRATA_V1_2701953, \
ERRATA_NON_ARM_INTERCONNECT},
- [13] = {2743093, 0x00, 0x12, ERRATA_V1_2743093},
- [14] = {2779461, 0x00, 0x12, ERRATA_V1_2779461},
- [15 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [14] = {2743093, 0x00, 0x12, ERRATA_V1_2743093},
+ [15] = {2743233, 0x00, 0x12, ERRATA_V1_2743233},
+ [16] = {2779461, 0x00, 0x12, ERRATA_V1_2779461},
+ [17 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* NEOVERSE_V1_H_INC */
@@ -310,7 +318,7 @@
[1] = {2008768, 0x00, 0x20, ERRATA_A710_2008768},
[2] = {2017096, 0x00, 0x20, ERRATA_A710_2017096},
[3] = {2055002, 0x10, 0x20, ERRATA_A710_2055002},
- [4] = {2058056, 0x00, 0x20, ERRATA_A710_2058056},
+ [4] = {2058056, 0x00, 0x21, ERRATA_A710_2058056},
[5] = {2081180, 0x00, 0x20, ERRATA_A710_2081180},
[6] = {2083908, 0x20, 0x20, ERRATA_A710_2083908},
[7] = {2136059, 0x00, 0x20, ERRATA_A710_2136059},
@@ -322,8 +330,9 @@
[13] = {2371105, 0x00, 0x20, ERRATA_A710_2371105},
[14] = {2701952, 0x00, 0x21, ERRATA_A710_2701952, \
ERRATA_NON_ARM_INTERCONNECT},
- [15] = {2768515, 0x00, 0x21, ERRATA_A710_2768515},
- [16 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [15] = {2742423, 0x00, 0x21, ERRATA_A710_2742423},
+ [16] = {2768515, 0x00, 0x21, ERRATA_A710_2768515},
+ [17 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A710_H_INC */
@@ -336,7 +345,7 @@
[1] = {2009478, 0x00, 0x00, ERRATA_N2_2009478},
[2] = {2025414, 0x00, 0x00, ERRATA_N2_2025414},
[3] = {2067956, 0x00, 0x00, ERRATA_N2_2067956},
- [4] = {2138953, 0x00, 0x00, ERRATA_N2_2138953},
+ [4] = {2138953, 0x00, 0x03, ERRATA_N2_2138953},
[5] = {2138956, 0x00, 0x00, ERRATA_N2_2138956},
[6] = {2138958, 0x00, 0x00, ERRATA_N2_2138958},
[7] = {2189731, 0x00, 0x00, ERRATA_N2_2189731},
@@ -344,14 +353,16 @@
[9] = {2242415, 0x00, 0x00, ERRATA_N2_2242415},
[10] = {2280757, 0x00, 0x00, ERRATA_N2_2280757},
[11] = {2326639, 0x00, 0x00, ERRATA_N2_2326639},
- [12] = {2376738, 0x00, 0x00, ERRATA_N2_2376738},
- [13] = {2388450, 0x00, 0x00, ERRATA_N2_2388450},
- [14] = {2728475, 0x00, 0x02, ERRATA_N2_2728475, \
+ [12] = {2340933, 0x00, 0x00, ERRATA_N2_2340933},
+ [13] = {2346952, 0x00, 0x02, ERRATA_N2_2346952},
+ [14] = {2376738, 0x00, 0x00, ERRATA_N2_2376738},
+ [15] = {2388450, 0x00, 0x00, ERRATA_N2_2388450},
+ [16] = {2728475, 0x00, 0x02, ERRATA_N2_2728475, \
ERRATA_NON_ARM_INTERCONNECT},
- [15] = {2743014, 0x00, 0x02, ERRATA_N2_2743014},
- [16] = {2743089, 0x00, 0x02, ERRATA_N2_2743089},
- [17] = {2779511, 0x00, 0x02, ERRATA_N2_2779511},
- [18 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [17] = {2743014, 0x00, 0x02, ERRATA_N2_2743014},
+ [18] = {2743089, 0x00, 0x02, ERRATA_N2_2743089},
+ [19] = {2779511, 0x00, 0x02, ERRATA_N2_2779511},
+ [20 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* NEOVERSE_N2_H_INC */
@@ -362,17 +373,18 @@
.cpu_errata_list = {
[0] = {2002765, 0x00, 0x20, ERRATA_X2_2002765},
[1] = {2017096, 0x00, 0x20, ERRATA_X2_2017096},
- [2] = {2058056, 0x00, 0x20, ERRATA_X2_2058056},
+ [2] = {2058056, 0x00, 0x21, ERRATA_X2_2058056},
[3] = {2081180, 0x00, 0x20, ERRATA_X2_2081180},
- [4] = {2083908, 0x00, 0x20, ERRATA_X2_2083908},
+ [4] = {2083908, 0x20, 0x20, ERRATA_X2_2083908},
[5] = {2147715, 0x20, 0x20, ERRATA_X2_2147715},
[6] = {2216384, 0x00, 0x20, ERRATA_X2_2216384},
[7] = {2282622, 0x00, 0x21, ERRATA_X2_2282622},
- [8] = {2371105, 0x00, 0x21, ERRATA_X2_2371105},
+ [8] = {2371105, 0x00, 0x20, ERRATA_X2_2371105},
[9] = {2701952, 0x00, 0x21, ERRATA_X2_2701952, \
ERRATA_NON_ARM_INTERCONNECT},
- [10] = {2768515, 0x00, 0x21, ERRATA_X2_2768515},
- [11 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [10] = {2742423, 0x00, 0x21, ERRATA_X2_2742423},
+ [11] = {2768515, 0x00, 0x21, ERRATA_X2_2768515},
+ [12 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_X2_H_INC */
@@ -384,15 +396,16 @@
[0] = {1922240, 0x00, 0x00, ERRATA_A510_1922240},
[1] = {2041909, 0x02, 0x02, ERRATA_A510_2041909},
[2] = {2042739, 0x00, 0x02, ERRATA_A510_2042739},
- [3] = {2172148, 0x00, 0x10, ERRATA_A510_2172148},
- [4] = {2218950, 0x00, 0x10, ERRATA_A510_2218950},
- [5] = {2250311, 0x00, 0x10, ERRATA_A510_2250311},
- [6] = {2288014, 0x00, 0x10, ERRATA_A510_2288014},
- [7] = {2347730, 0x00, 0x11, ERRATA_A510_2347730},
- [8] = {2371937, 0x00, 0x11, ERRATA_A510_2371937},
- [9] = {2666669, 0x00, 0x11, ERRATA_A510_2666669},
- [10] = {2684597, 0x00, 0x12, ERRATA_A510_2684597},
- [11 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [3] = {2080326, 0x02, 0x02, ERRATA_A510_2080326},
+ [4] = {2172148, 0x00, 0x10, ERRATA_A510_2172148},
+ [5] = {2218950, 0x00, 0x10, ERRATA_A510_2218950},
+ [6] = {2250311, 0x00, 0x10, ERRATA_A510_2250311},
+ [7] = {2288014, 0x00, 0x10, ERRATA_A510_2288014},
+ [8] = {2347730, 0x00, 0x11, ERRATA_A510_2347730},
+ [9] = {2371937, 0x00, 0x11, ERRATA_A510_2371937},
+ [10] = {2666669, 0x00, 0x11, ERRATA_A510_2666669},
+ [11] = {2684597, 0x00, 0x12, ERRATA_A510_2684597},
+ [12 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A510_H_INC */
@@ -432,7 +445,8 @@
[1] = {2313909, 0x00, 0x10, ERRATA_X3_2313909},
[2] = {2615812, 0x00, 0x11, ERRATA_X3_2615812},
[3] = {2742421, 0x00, 0x11, ERRATA_X3_2742421},
- [4 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [4] = {2779509, 0x00, 0x11, ERRATA_X3_2779509},
+ [5 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_X3_H_INC */
diff --git a/services/std_svc/rmmd/rmmd_main.c b/services/std_svc/rmmd/rmmd_main.c
index fa24a91..8b78b13 100644
--- a/services/std_svc/rmmd/rmmd_main.c
+++ b/services/std_svc/rmmd/rmmd_main.c
@@ -17,6 +17,7 @@
#include <common/runtime_svc.h>
#include <context.h>
#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/el3_runtime/cpu_data.h>
#include <lib/el3_runtime/pubsub.h>
#include <lib/extensions/pmuv3.h>
#include <lib/extensions/sys_reg_trace.h>
@@ -118,32 +119,42 @@
/*******************************************************************************
* Enable architecture extensions on first entry to Realm world.
******************************************************************************/
+
static void manage_extensions_realm(cpu_context_t *ctx)
{
+ pmuv3_enable(ctx);
+
+ /*
+ * Enable access to TPIDR2_EL0 if SME/SME2 is enabled for Non Secure world.
+ */
+ if (is_feat_sme_supported()) {
+ sme_enable(ctx);
+ }
+}
+
+static void manage_extensions_realm_per_world(void)
+{
if (is_feat_sve_supported()) {
/*
* Enable SVE and FPU in realm context when it is enabled for NS.
* Realm manager must ensure that the SVE and FPU register
* contexts are properly managed.
*/
- sve_enable(ctx);
+ sve_enable_per_world(&per_world_context[CPU_CONTEXT_REALM]);
}
/* NS can access this but Realm shouldn't */
if (is_feat_sys_reg_trace_supported()) {
- sys_reg_trace_disable(ctx);
+ sys_reg_trace_disable_per_world(&per_world_context[CPU_CONTEXT_REALM]);
}
- pmuv3_enable(ctx);
-
/*
- * If SME/SME2 is supported and enabled for NS world, then enables SME
- * for Realm world. RMM will save/restore required registers that are
- * shared with SVE/FPU so that Realm can use FPU or SVE.
+ * If SME/SME2 is supported and enabled for NS world, then disable trapping
+ * of SME instructions for Realm world. RMM will save/restore required
+ * registers that are shared with SVE/FPU so that Realm can use FPU or SVE.
*/
if (is_feat_sme_supported()) {
- /* sme_enable() also enables SME2 if supported by hardware */
- sme_enable(ctx);
+ sme_enable_per_world(&per_world_context[CPU_CONTEXT_REALM]);
}
}
@@ -160,6 +171,8 @@
/* Enable architecture extensions */
manage_extensions_realm(&ctx->cpu_ctx);
+ manage_extensions_realm_per_world();
+
/* Initialize RMM EL2 context. */
rmm_el2_context_init(&ctx->cpu_ctx.el2_sysregs_ctx);
diff --git a/services/std_svc/rmmd/trp/trp_main.c b/services/std_svc/rmmd/trp/trp_main.c
index 4eb3e12..33f2fb0 100644
--- a/services/std_svc/rmmd/trp/trp_main.c
+++ b/services/std_svc/rmmd/trp/trp_main.c
@@ -106,11 +106,18 @@
/*******************************************************************************
* Returning RMI version back to Normal World
******************************************************************************/
-static void trp_ret_rmi_version(struct trp_smc_result *smc_ret)
+static void trp_ret_rmi_version(unsigned long long rmi_version,
+ struct trp_smc_result *smc_ret)
{
+ if (rmi_version != RMI_ABI_VERSION) {
+ smc_ret->x[0] = RMI_ERROR_INPUT;
+ } else {
+ smc_ret->x[0] = RMI_SUCCESS;
+ }
VERBOSE("RMM version is %u.%u\n", RMI_ABI_VERSION_MAJOR,
RMI_ABI_VERSION_MINOR);
- smc_ret->x[0] = RMI_ABI_VERSION;
+ smc_ret->x[1] = RMI_ABI_VERSION;
+ smc_ret->x[2] = RMI_ABI_VERSION;
}
/*******************************************************************************
@@ -163,7 +170,7 @@
switch (fid) {
case RMI_RMM_REQ_VERSION:
- trp_ret_rmi_version(smc_ret);
+ trp_ret_rmi_version(x1, smc_ret);
break;
case RMI_RMM_GRANULE_DELEGATE:
trp_asc_mark_realm(x1, smc_ret);
diff --git a/services/std_svc/sdei/sdei_main.c b/services/std_svc/sdei/sdei_main.c
index 44178ed..59a1673 100644
--- a/services/std_svc/sdei/sdei_main.c
+++ b/services/std_svc/sdei/sdei_main.c
@@ -35,8 +35,6 @@
#define LOWEST_INTR_PRIORITY 0xff
-#define is_valid_affinity(_mpidr) (plat_core_pos_by_mpidr(_mpidr) >= 0)
-
CASSERT(PLAT_SDEI_CRITICAL_PRI < PLAT_SDEI_NORMAL_PRI,
sdei_critical_must_have_higher_priority);
@@ -262,7 +260,7 @@
/* Validate flags */
switch (flags) {
case SDEI_REGF_RM_PE:
- if (!is_valid_affinity(mpidr))
+ if (!is_valid_mpidr(mpidr))
return SDEI_EINVAL;
break;
case SDEI_REGF_RM_ANY:
@@ -710,8 +708,8 @@
sdei_ev_map_t *map;
bool retry = true, shared_mapping;
- /* SGIs are not allowed to be bound */
- if (plat_ic_is_sgi(intr_num) != 0)
+ /* Interrupt must be either PPI or SPI */
+ if (!(plat_ic_is_ppi(intr_num) || plat_ic_is_spi(intr_num)))
return SDEI_EINVAL;
shared_mapping = (plat_ic_is_spi(intr_num) != 0);
@@ -926,7 +924,7 @@
return SDEI_EINVAL;
/* Validate target */
- if (plat_core_pos_by_mpidr(target_pe) < 0)
+ if (!is_valid_mpidr(target_pe))
return SDEI_EINVAL;
/* Raise SGI. Platform will validate target_pe */
diff --git a/services/std_svc/spmd/spmd.mk b/services/std_svc/spmd/spmd.mk
index 72376f7..e567b53 100644
--- a/services/std_svc/spmd/spmd.mk
+++ b/services/std_svc/spmd/spmd.mk
@@ -4,14 +4,6 @@
# SPDX-License-Identifier: BSD-3-Clause
#
-ifneq (${ARCH},aarch64)
- $(error "Error: SPMD is only supported on aarch64.")
-endif
-
-ifneq (${ENABLE_SME_FOR_NS},0)
- $(error "Error: SPMD is not compatible with ENABLE_SME_FOR_NS")
-endif
-
SPMD_SOURCES += $(addprefix services/std_svc/spmd/, \
${ARCH}/spmd_helpers.S \
spmd_pm.c \
diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
index d830403..066571e 100644
--- a/services/std_svc/spmd/spmd_main.c
+++ b/services/std_svc/spmd/spmd_main.c
@@ -110,6 +110,12 @@
spmd_spmc_id_get());
write_ctx_reg(gpregs, CTX_GPREG_X2, BIT(31) | target_func);
write_ctx_reg(gpregs, CTX_GPREG_X3, message);
+
+ /* Zero out x4-x7 for the direct request emitted towards the SPMC. */
+ write_ctx_reg(gpregs, CTX_GPREG_X4, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X5, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X6, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X7, 0);
}
@@ -945,6 +951,21 @@
SPMD_FWK_MSG_FFA_VERSION_REQ,
input_version);
+ /*
+ * Ensure x8-x17 NS GP register values are untouched when returning
+ * from the SPMC.
+ */
+ write_ctx_reg(gpregs, CTX_GPREG_X8, SMC_GET_GP(handle, CTX_GPREG_X8));
+ write_ctx_reg(gpregs, CTX_GPREG_X9, SMC_GET_GP(handle, CTX_GPREG_X9));
+ write_ctx_reg(gpregs, CTX_GPREG_X10, SMC_GET_GP(handle, CTX_GPREG_X10));
+ write_ctx_reg(gpregs, CTX_GPREG_X11, SMC_GET_GP(handle, CTX_GPREG_X11));
+ write_ctx_reg(gpregs, CTX_GPREG_X12, SMC_GET_GP(handle, CTX_GPREG_X12));
+ write_ctx_reg(gpregs, CTX_GPREG_X13, SMC_GET_GP(handle, CTX_GPREG_X13));
+ write_ctx_reg(gpregs, CTX_GPREG_X14, SMC_GET_GP(handle, CTX_GPREG_X14));
+ write_ctx_reg(gpregs, CTX_GPREG_X15, SMC_GET_GP(handle, CTX_GPREG_X15));
+ write_ctx_reg(gpregs, CTX_GPREG_X16, SMC_GET_GP(handle, CTX_GPREG_X16));
+ write_ctx_reg(gpregs, CTX_GPREG_X17, SMC_GET_GP(handle, CTX_GPREG_X17));
+
rc = spmd_spm_core_sync_entry(ctx);
if ((rc != 0ULL) ||
@@ -960,6 +981,14 @@
}
/*
+ * x0-x4 are updated by spmd_smc_forward below.
+ * Zero out x5-x7 in the FFA_VERSION response.
+ */
+ write_ctx_reg(gpregs, CTX_GPREG_X5, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X6, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X7, 0);
+
+ /*
* Return here after SPMC has handled FFA_VERSION.
* The returned SPMC version is held in X3.
* Forward this version in X0 to the non-secure caller.
diff --git a/services/std_svc/spmd/spmd_pm.c b/services/std_svc/spmd/spmd_pm.c
index a2704dd..fd89c81 100644
--- a/services/std_svc/spmd/spmd_pm.c
+++ b/services/std_svc/spmd/spmd_pm.c
@@ -122,8 +122,20 @@
assert(ctx->state != SPMC_STATE_OFF);
/* Build an SPMD to SPMC direct message request. */
- spmd_build_spmc_message(get_gpregs_ctx(&ctx->cpu_ctx),
- FFA_FWK_MSG_PSCI, PSCI_CPU_OFF);
+ gp_regs_t *gpregs = get_gpregs_ctx(&ctx->cpu_ctx);
+ spmd_build_spmc_message(gpregs, FFA_FWK_MSG_PSCI, PSCI_CPU_OFF);
+
+ /* Clear remaining x8 - x17 at EL3/SEL2 or EL3/SEL1 boundary. */
+ write_ctx_reg(gpregs, CTX_GPREG_X8, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X9, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X10, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X11, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X12, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X13, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X14, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X15, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X16, 0);
+ write_ctx_reg(gpregs, CTX_GPREG_X17, 0);
rc = spmd_spm_core_sync_entry(ctx);
if (rc != 0ULL) {
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index 56f1c21..e0ecdae 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -74,7 +74,7 @@
int key_new(key_t *key);
#endif
int key_create(key_t *key, int type, int key_bits);
-int key_load(key_t *key, unsigned int *err_code);
+unsigned int key_load(key_t *key);
int key_store(key_t *key);
void key_cleanup(void);
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 14c8e18..04214aa 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -239,38 +239,34 @@
}
-int key_load(key_t *key, unsigned int *err_code)
+unsigned int key_load(key_t *key)
{
- FILE *fp;
+ if (key->fn == NULL) {
+ VERBOSE("Key not specified\n");
+ return KEY_ERR_FILENAME;
+ }
- if (key->fn) {
- if (!strncmp(key->fn, "pkcs11:", 7)) {
- /* Load key through pkcs11 */
- key->key = key_load_pkcs11(key->fn);
- } else {
- /* Load key from file */
- fp = fopen(key->fn, "r");
- if (fp) {
- key->key = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
- fclose(fp);
- } else {
- WARN("Cannot open file %s\n", key->fn);
- *err_code = KEY_ERR_OPEN;
- }
- }
- if (key->key) {
- *err_code = KEY_ERR_NONE;
- return 1;
- } else {
- ERROR("Cannot load key from %s\n", key->fn);
- *err_code = KEY_ERR_LOAD;
- }
+ if (strncmp(key->fn, "pkcs11:", 7) == 0) {
+ /* Load key through pkcs11 */
+ key->key = key_load_pkcs11(key->fn);
} else {
- VERBOSE("Key not specified\n");
- *err_code = KEY_ERR_FILENAME;
+ /* Load key from file */
+ FILE *fp = fopen(key->fn, "r");
+ if (fp == NULL) {
+ WARN("Cannot open file %s\n", key->fn);
+ return KEY_ERR_OPEN;
+ }
+
+ key->key = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
+ fclose(fp);
+ }
+
+ if (key->key == NULL) {
+ ERROR("Cannot load key from %s\n", key->fn);
+ return KEY_ERR_LOAD;
}
- return 0;
+ return KEY_ERR_NONE;
}
int key_store(key_t *key)
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index 2ab6bcf..f10a768 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -441,7 +441,8 @@
#endif
/* First try to load the key from disk */
- if (key_load(&keys[i], &err_code)) {
+ err_code = key_load(&keys[i]);
+ if (err_code == KEY_ERR_NONE) {
/* Key loaded successfully */
continue;
}
diff --git a/tools/conventional-changelog-tf-a/package.json b/tools/conventional-changelog-tf-a/package.json
index 116b28b..d0efab8 100644
--- a/tools/conventional-changelog-tf-a/package.json
+++ b/tools/conventional-changelog-tf-a/package.json
@@ -1,6 +1,6 @@
{
"name": "conventional-changelog-tf-a",
- "version": "2.9.0",
+ "version": "2.10.0",
"license": "BSD-3-Clause",
"private": true,
"main": "index.js",
