Merge "refactor(build): allow mandatory feats disabling" into integration
diff --git a/Makefile b/Makefile
index 87ff22e..ac73816 100644
--- a/Makefile
+++ b/Makefile
@@ -1256,6 +1256,7 @@
ENABLE_FEAT_AMU \
ENABLE_FEAT_AMUv1p1 \
ENABLE_FEAT_CSV2_2 \
+ ENABLE_FEAT_CSV2_3 \
ENABLE_FEAT_DIT \
ENABLE_FEAT_ECV \
ENABLE_FEAT_FGT \
@@ -1411,6 +1412,7 @@
ENABLE_FEAT_SEL2 \
ENABLE_FEAT_VHE \
ENABLE_FEAT_CSV2_2 \
+ ENABLE_FEAT_CSV2_3 \
ENABLE_FEAT_PAN \
ENABLE_FEAT_TCR2 \
ENABLE_FEAT_S2PIE \
@@ -1583,8 +1585,8 @@
# Add Secure Partition packages
ifeq (${NEED_SP_PKG},yes)
-$(BUILD_PLAT)/sp_gen.mk : ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT}
- ${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} ${SP_DTS_LIST_FRAGMENT}
+$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT}
+ @${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} ${SP_DTS_LIST_FRAGMENT}
sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS)
@${ECHO_BLANK_LINE}
@echo "Built SP Images successfully"
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 40e3df8..9959a3e 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -161,6 +161,10 @@
${MBEDTLS_SOURCES}
endif
+ifeq ($(CROS_WIDEVINE_SMC),1)
+BL31_SOURCES += services/oem/chromeos/widevine_smc_handlers.c
+endif
+
BL31_DEFAULT_LINKER_SCRIPT_SOURCE := bl31/bl31.ld.S
ifneq ($(findstring gcc,$(notdir $(LD))),)
diff --git a/bl31/ehf.c b/bl31/ehf.c
index 6f3d941..5b78ebb 100644
--- a/bl31/ehf.c
+++ b/bl31/ehf.c
@@ -478,13 +478,10 @@
/* Route EL3 interrupts when in Non-secure. */
set_interrupt_rm_flag(flags, NON_SECURE);
- /*
- * Route EL3 interrupts when in secure, only when SPMC is not present
- * in S-EL2.
- */
-#if !(defined(SPD_spmd) && (SPMD_SPM_AT_SEL2 == 1))
+ /* Route EL3 interrupts only when SPM_MM present in secure. */
+#if SPM_MM
set_interrupt_rm_flag(flags, SECURE);
-#endif /* !(defined(SPD_spmd) && (SPMD_SPM_AT_SEL2 == 1)) */
+#endif
/* Register handler for EL3 interrupts */
ret = register_interrupt_type_handler(INTR_TYPE_EL3,
diff --git a/common/feat_detect.c b/common/feat_detect.c
index 49b5360..57d6ae0 100644
--- a/common/feat_detect.c
+++ b/common/feat_detect.c
@@ -204,6 +204,8 @@
"S1POE", 1, 1);
check_feature(ENABLE_FEAT_MTE_PERM, read_feat_mte_perm_id_field(),
"MTE_PERM", 1, 1);
+ check_feature(ENABLE_FEAT_CSV2_3, read_feat_csv2_id_field(),
+ "CSV2_3", 3, 3);
/* v9.0 features */
check_feature(ENABLE_BRBE_FOR_NS, read_feat_brbe_id_field(),
diff --git a/docs/about/contact.rst b/docs/about/contact.rst
index 4f482bd..bb73dfe 100644
--- a/docs/about/contact.rst
+++ b/docs/about/contact.rst
@@ -36,9 +36,8 @@
Issue Tracker
^^^^^^^^^^^^^
-Bug reports may be filed on the `issue tracker`_ on the TrustedFirmware.org
-website. Using this tracker gives everyone visibility of the known issues in
-TF-A.
+Bug reports may be filed on the `issue tracker`_ on Github. Using this tracker
+gives everyone visibility of the known issues in TF-A.
Arm Licensees
^^^^^^^^^^^^^
@@ -46,7 +45,7 @@
Arm licensees have an additional support conduit - they may contact Arm directly
via their partner managers.
-.. _`issue tracker`: https://developer.trustedfirmware.org
+.. _`issue tracker`: https://github.com/TrustedFirmware-A/trusted-firmware-a/issues
.. _`TF-A development`: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
.. _`TF-A-Tests development`: https://lists.trustedfirmware.org/mailman3/lists/tf-a-tests.lists.trustedfirmware.org/
.. _`summary of all the lists`: https://lists.trustedfirmware.org/mailman3/lists/
diff --git a/docs/components/granule-protection-tables-design.rst b/docs/components/granule-protection-tables-design.rst
index 07637dd..9d85bef 100644
--- a/docs/components/granule-protection-tables-design.rst
+++ b/docs/components/granule-protection-tables-design.rst
@@ -80,8 +80,8 @@
below.
In the reference implementation for FVP models, you can find an example of PAS
-region definitions in the file ``include/plat/arm/common/arm_pas_def.h``. Table
-creation API calls can be found in ``plat/arm/common/arm_bl2_setup.c`` and
+region definitions in the file ``plat/arm/board/fvp/include/fvp_pas_def.h``.
+Table creation API calls can be found in ``plat/arm/common/arm_common.c`` and
runtime initialization API calls can be seen in
``plat/arm/common/arm_bl31_setup.c``.
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 3485dc9..652c142 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -791,6 +791,10 @@
CPU. This needs to be enabled only for revisions r0p0, r1p0 and r1p1 of the
CPU, it is still open.
+- ``ERRATA_X3_2641945``: This applies errata 2641945 workaround to Cortex-X3
+ CPU. This needs to be enabled only for revisions r0p0 and r1p0 of the CPU.
+ It is fixed in r1p1.
+
- ``ERRATA_X3_2742421``: This applies errata 2742421 workaround to
Cortex-X3 CPU. This needs to be enabled only for revisions r0p0, r1p0 and
r1p1. It is fixed in r1p2.
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 077f598..cc20261 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -306,6 +306,13 @@
0 to 2, to align with the ``ENABLE_FEAT`` mechanism.
Default value is ``0``.
+- ``ENABLE_FEAT_CSV2_3``: Numeric value to enable support for ``FEAT_CSV2_3``
+ extension. This feature is supported in AArch64 state only and is an optional
+ feature available in Arm v8.0 implementations.
+ ``FEAT_CSV2_3`` implies the implementation of ``FEAT_CSV2_2``.
+ The flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
+ mechanism. Default value is ``0``.
+
- ``ENABLE_FEAT_DIT``: Numeric value to enable ``FEAT_DIT`` (Data Independent
Timing) extension. It allows setting the ``DIT`` bit of PSTATE in EL3.
``FEAT_DIT`` is a mandatory architectural feature and is enabled from v8.4
diff --git a/docs/process/coding-guidelines.rst b/docs/process/coding-guidelines.rst
index 9730390..0f207a6 100644
--- a/docs/process/coding-guidelines.rst
+++ b/docs/process/coding-guidelines.rst
@@ -520,5 +520,3 @@
.. _`Procedure Call Standard for the Arm 64-bit Architecture`: https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst
.. _`EditorConfig`: http://editorconfig.org/
.. _`Why the “volatile” type class should not be used`: https://www.kernel.org/doc/html/latest/process/volatile-considered-harmful.html
-.. _`MISRA C:2012 Guidelines`: https://www.misra.org.uk/Activities/MISRAC/tabid/160/Default.aspx
-.. _`a spreadsheet`: https://developer.trustedfirmware.org/file/download/lamajxif3w7c4mpjeoo5/PHID-FILE-fp7c7acszn6vliqomyhn/MISRA-and-TF-Analysis-v1.3.ods
diff --git a/docs/process/coding-style.rst b/docs/process/coding-style.rst
index 483780b..4f1976f 100644
--- a/docs/process/coding-style.rst
+++ b/docs/process/coding-style.rst
@@ -47,13 +47,13 @@
MISRA Compliance
----------------
-TF-A attempts to comply with the `MISRA C:2012 Guidelines`_. Coverity
-Static Analysis is used to regularly generate a report of current MISRA defects
-and to prevent the addition of new ones.
+TF-A attempts to comply with the `MISRA C:2012 Guidelines`_. `ECLAIR` static
+analysis is used to regularly generate a report of current MISRA defects and to
+prevent the addition of new ones.
-It is not possible for the project to follow all MISRA guidelines. We maintain
-`a spreadsheet`_ that lists all rules and directives and whether we aim to
-comply with them or not. A rationale is given for each deviation.
+It is not possible for the project to follow all MISRA guidelines. Table 1
+below lists all rules and directives and whether we aim to comply with them or
+not. A rationale is given for each deviation.
.. note::
Enforcing a rule does not mean that the codebase is free of defects
@@ -63,6 +63,9 @@
Third-party libraries are not considered in our MISRA analysis and we do not
intend to modify them to make them MISRA compliant.
+.. csv-table:: Table 1: MISRA compliance in TF-A code base
+ :file: misra-compliance.csv
+
Indentation
-----------
@@ -487,5 +490,4 @@
*Copyright (c) 2020-2023, Arm Limited. All rights reserved.*
.. _`Linux kernel coding style`: https://www.kernel.org/doc/html/latest/process/coding-style.html
-.. _`MISRA C:2012 Guidelines`: https://www.misra.org.uk/Activities/MISRAC/tabid/160/Default.aspx
-.. _`a spreadsheet`: https://developer.trustedfirmware.org/file/download/lamajxif3w7c4mpjeoo5/PHID-FILE-fp7c7acszn6vliqomyhn/MISRA-and-TF-Analysis-v1.3.ods
+.. _`MISRA C:2012 Guidelines`: https://en.wikipedia.org/wiki/MISRA_C#MISRA_C:2012
diff --git a/docs/process/commit-style.rst b/docs/process/commit-style.rst
index d7e937b..c287599 100644
--- a/docs/process/commit-style.rst
+++ b/docs/process/commit-style.rst
@@ -149,5 +149,5 @@
.. _Conventional Commits: https://www.conventionalcommits.org/en/v1.0.0
.. _Gerrit Change-Ids documentation: https://review.trustedfirmware.org/Documentation/user-changeid.html
.. _Gerrit Signed-off-by Lines guidelines: https://review.trustedfirmware.org/Documentation/user-signedoffby.html
-.. _issue: https://developer.trustedfirmware.org/project/board/1/
+.. _issue: https://github.com/TrustedFirmware-A/trusted-firmware-a/issues
.. _quick summary: https://www.conventionalcommits.org/en/v1.0.0/#summary
diff --git a/docs/process/contributing.rst b/docs/process/contributing.rst
index ef9ebd3..33b3533 100644
--- a/docs/process/contributing.rst
+++ b/docs/process/contributing.rst
@@ -7,8 +7,12 @@
- Make sure you have a Github account and you are logged on both
`developer.trustedfirmware.org`_ and `review.trustedfirmware.org`_.
+ Also make sure that you have registered your full name and email address in
+ your `review.trustedfirmware.org`_ profile. Otherwise, the Gerrit server
+ might reject patches you attempt to post for review.
+
- If you plan to contribute a major piece of work, it is usually a good idea to
- start a discussion around it on the mailing list. This gives everyone
+ start a discussion around it on the `TF-A mailing list`_. This gives everyone
visibility of what is coming up, you might learn that somebody else is
already working on something similar or the community might be able to
provide some early input to help shaping the design of the feature.
@@ -17,16 +21,16 @@
it explicitly in the email thread and ensure that the changes that include
Third Party IP are made in a separate patch (or patch series).
-- Clone `Trusted Firmware-A`_ on your own machine as described in
+- Clone the Trusted Firmware-A source code on your own machine as described in
:ref:`prerequisites_get_source`.
-- Create a local topic branch based on the `Trusted Firmware-A`_ ``master``
+- Create a local topic branch based on the Trusted Firmware-A ``master``
branch.
Making Changes
==============
-- Ensure commits adhere to the the project's :ref:`Commit Style`.
+- Ensure commits adhere to the project's :ref:`Commit Style`.
- Make commits of logical units. See these general `Git guidelines`_ for
contributing to a project.
@@ -93,13 +97,21 @@
Submitting Changes
==================
+.. note::
+ Please follow the `How to Contribute Code`_ section of the OpenCI
+ documentation for general instructions on setting up Gerrit and posting
+ patches there. The rest of this section provides details about patch
+ submission rules specifically for the TF-A project.
+
-- Submit your changes for review at https://review.trustedfirmware.org
- targeting the ``integration`` branch.
+- Submit your changes for review using the ``git review`` command.
-- Add reviewers for your patch:
+ This will automatically rebase them onto the upstream ``integration`` branch,
+ as required by TF-A's patch submission process.
- - At least one code owner for each module modified by the patch. See the list
- of modules and their :ref:`code owners`.
+- From the Gerrit web UI, add reviewers for your patch:
+
+ - At least one code owner for each module modified by the patch. See the
+ list of modules and their :ref:`code owners`.
- At least one maintainer. See the list of :ref:`maintainers`.
@@ -167,26 +179,54 @@
Add CI Configurations
=====================
-- TF-A uses Jenkins tool for Continuous Integration and testing activities.
- Various CI Jobs are deployed which run tests on every patch before being
- merged. So each of your patches go through a series of checks before they
- get merged on to the master branch. Kindly ensure, that everytime you add
- new files under your platform, they are covered under the following two sections:
+TF-A uses Jenkins for Continuous Integration and testing activities. Various CI
+jobs are deployed to run tests on every patch before being merged. Each of your
+patches go through a series of checks before they get merged on to the master
+branch. Kindly ensure that every time you add new files under your platform,
+they are covered by the following two sections.
Coverity Scan
-------------
+The TF-A project makes use of `Coverity Scan` for static analysis, a service
+offered by Synopsys for open-source projects. This tool is able to find defects
+and vulnerabilities in a code base, such as dereferences of NULL pointers, use
+of uninitialized data, control flow issues and many other things.
+
-- ``Coverity Scan analysis`` is one of the tests we perform on our source code
- at regular intervals. We maintain a build script ``tf-cov-make`` which contains the
- build configurations of various platforms in order to cover the entire source
- code being analysed by Coverity.
+The TF-A source code is submitted daily to this service for analysis. Results of
+the latest and previous scans, as well as the complete list of defects it
+detected, are accessible online from
+https://scan.coverity.com/projects/arm-software-arm-trusted-firmware.
-- When you submit your patches for review containing new source files, please
- ensure to include them for the ``Coverity Scan analysis`` by adding the
- respective build configurations in the ``tf-cov-make`` build script.
+The `tf-a-ci-scripts repository`_ contains scripts to run the Coverity Scan
+tools on the integration branch of the TF-A code base and make them available on
+https://scan.coverity.com. These scripts get executed daily by the
+`tf-a-coverity Jenkins job`_.
-- In this section you find the details on how to append your new build
- configurations for Coverity scan analysis illustrated with examples:
+In order to maintain a high level of coverage, including on newly introduced
+code, it is important to maintain the appropriate TF-A CI scripts. Details of
+when to update these scripts and how to do so follow.
+
+We maintain a build script - ``tf-cov-make`` - which contains the build
+configurations of various platforms in order to cover the entire source code
+being analysed by Coverity.
+
+When you submit your patches for review, and if they contain new source files,
+`TF-A CI static checks job`_ might report that these files are not covered. In
+this case, the job's console output will show the following error message::
+
+ ****** Newly added files detection check for Coverity Scan analysis on patch(es) ******
+
+ Result : FAILURE
+
+ New source files have been identified in your patch..
+ some/dir/file.c
+
+ please ensure to include them for the ``Coverity Scan analysis`` by adding
+ the respective build configurations in the ``tf-cov-make`` build script.
+
+In this section you find the details on how to append your new build
+configurations for Coverity scan analysis illustrated with examples:
#. We maintain a separate repository named `tf-a-ci-scripts repository`_
for placing all the test scripts which will be executed by the CI Jobs.
@@ -194,9 +234,9 @@
#. In this repository, ``tf-cov-make`` script is located at
``tf-a-ci-scripts/script/tf-coverity/tf-cov-make``
-#. Edit `tf-cov-make`_ script by appending all the possible build configurations with
- the specific ``build-flags`` relevant to your platform, so that newly added
- source files get built and analysed by Coverity.
+#. Edit the `tf-cov-make`_ script by appending all the possible build
+ configurations with the specific build flags relevant to your platform, so
+ that newly added source files get built and analysed by Coverity.
#. For better understanding follow the below specified examples listed in the
``tf-cov-make`` script.
@@ -220,45 +260,44 @@
make PLAT=hikey960 $(common_flags) ${TBB_OPTIONS} all
make PLAT=poplar $(common_flags) all
-- In this case for ``Hikey`` boards additional ``build-flags`` has been included
- along with the ``commom_flags`` to cover most of the files relevant to it.
+- In this case for ``Hikey`` boards additional build flags have been included
+ along with the ``common_flags`` to cover most of the files relevant to it.
- Similar to this you can still find many other different build configurations
of various other platforms listed in the ``tf-cov-make`` script. Kindly refer
them and append your build configurations respectively.
-Test Build Configuration (``tf-l1-build-plat``)
------------------------------------------------
+Test Build Configurations
+-------------------------
-- Coverity Scan analysis, runs on a daily basis and will not be triggered for
- every individual trusted-firmware patch.
+We have CI jobs which run a set of test configurations on every TF-A patch
+before they get merged upstream.
-- Considering this, we have other distinguished CI jobs which run a set of test
- configurations on every patch, before they are being passed to ``Coverity scan analysis``.
+At the bare minimum, TF-A code should build without any errors for every
+supported platform - and every feature of this platform. To make sure this is
+the case, we maintain a set of build tests. ``tf-l1-build-plat`` is the test
+group which holds all build tests for all platforms. So be kind enough to
+verify that your newly added files are covered by such a build test.
-- ``tf-l1-build-plat`` is the test group, which holds the test configurations
- to build all the platforms. So be kind enough to verify that your newly added
- files are built as part of one of the existing platform configurations present
- in ``tf-l1-build-plat`` test group.
+If this is not the case, please follow the instructions below to add the
+appropriate files. We will illustrate this with an example for the ``Hikey``
+platform.
-- In this section you find the details on how to add the appropriate files,
- needed to build your newly introduced platform as part of ``tf-l1-build-plat``
- test group, illustrated with an example:
-
-- Lets consider ``Hikey`` platform:
- In the `tf-a-ci-scripts repository`_ we need to add a build configuration file ``hikey-default``
- under tf_config folder, ``tf_config/hikey-default`` listing all the build parameters
- relevant to it.
+- In the `tf-a-ci-scripts repository`_ we need to add a build configuration file
+ ``hikey-default`` under ``tf_config/`` folder. ``tf_config/hikey-default``
+ must list all the build parameters relevant to it.
.. code:: shell
- #Hikey Build Parameters
+ # Hikey Build Parameters
CROSS_COMPILE=aarch64-none-elf-
PLAT=hikey
-- Further a test-configuration file ``hikey-default:nil`` need to be added under the
- test group, ``tf-l1-build-plat`` located at ``tf-a-ci-scripts/group/tf-l1-build-plat``,
- to allow the platform to be built as part of this group.
+- Further another file, ``hikey-default:nil``, needs to be added under
+ ``group/tf-l1-build-plat/`` folder to allow the platform to be built as part
+ of this test group. ``group/tf-l1-build-plat/hikey-default:nil`` file just
+ needs to exist but does not contain anything meaningful, apart from a
+ mandatory copyright notice:
.. code:: shell
@@ -268,7 +307,11 @@
# SPDX-License-Identifier: BSD-3-Clause
#
-- As illustrated above, you need to add the similar files supporting your platform.
+- As illustrated above, you need to add similar files supporting your platform.
+
+For a more elaborate explanation of the TF-A CI scripts internals, including how
+to add more complex tests beyond a simple build test, please refer to the `TF-A
+CI scripts overview`_ section of the OpenCI documentation.
Binary Components
=================
@@ -289,11 +332,10 @@
--------------
-*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.*
.. _developer.trustedfirmware.org: https://developer.trustedfirmware.org
.. _review.trustedfirmware.org: https://review.trustedfirmware.org
-.. _Trusted Firmware-A: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
.. _Git guidelines: http://git-scm.com/book/ch5-2.html
.. _Gerrit Uploading Changes documentation: https://review.trustedfirmware.org/Documentation/user-upload.html
.. _TF-A Tests: https://trustedfirmware-a-tests.readthedocs.io
@@ -302,3 +344,7 @@
.. _TF-A mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
.. _tf-a-ci-scripts repository: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/
.. _tf-cov-make: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/tree/script/tf-coverity/tf-cov-make
+.. _How to Contribute Code: https://tf-ci-users-guide.readthedocs.io/en/latest/#how-to-contribute-code
+.. _TF-A CI scripts overview: https://tf-ci-users-guide.readthedocs.io/en/latest/#tf-a-ci-scripts-overview
+.. _tf-a-coverity Jenkins job: https://ci.trustedfirmware.org/job/tf-a-coverity/
+.. _TF-A CI static checks job: https://ci.trustedfirmware.org/job/tf-a-static-checks/
diff --git a/docs/process/misra-compliance.csv b/docs/process/misra-compliance.csv
new file mode 100644
index 0000000..7b02930
--- /dev/null
+++ b/docs/process/misra-compliance.csv
@@ -0,0 +1,174 @@
+Seq,Dir / Rule,Number,Source,Category,Checker Enabled,Enforced,Comments
+1,D,1.1,MISRA C 2012,Required,N/A,Yes,
+2,D,2.1,MISRA C 2012,Required,N/A,Yes,
+3,D,3.1,MISRA C 2012,Required,N/A,No,It can’t be done retroactively.
+4,D,4.1,MISRA C 2012,Required,N/A,Yes,
+5,D,4.2,MISRA C 2012,Advisory,N/A,Yes,
+6,D,4.3,MISRA C 2012,Required,Yes,Yes,
+7,D,4.4,MISRA C 2012,Advisory,Yes,Yes,
+8,D,4.5,MISRA C 2012,Advisory,Yes,Yes,
+9,D,4.6,MISRA C 2012,Advisory,No,No,We use a mix of both. It would be too disruptive for the project to change.
+10,D,4.7,MISRA C 2012,Required,Yes,Yes,
+11,D,4.8,MISRA C 2012,Advisory,No,No,Fixing all instances would involve invasive changes to the codebase for no good reason.
+12,D,4.9,MISRA C 2012,Advisory,No,No,"We mustn’t introduce new macros unless strictly needed, but this affects assert(), INFO(), etc. It creates too much noise in the report for little gain."
+13,D,4.10,MISRA C 2012,Required,Yes,Yes,
+14,D,4.11,MISRA C 2012,Required,Yes,Yes,
+15,D,4.12,MISRA C 2012,Required,Yes,Yes,
+16,D,4.13,MISRA C 2012,Advisory,Yes,Yes,
+17,D,4.14,MISRA C 2012 AMD-1,Required,Yes,Yes,
+18,R,1.1,MISRA C 2012,Required,Yes,Yes,
+19,R,1.2,MISRA C 2012,Advisory,Yes,Optional,It bans __attribute__(()) and similar helpers.
+20,R,1.3,MISRA C 2012,Required,N/A,Yes,
+21,R,2.1,MISRA C 2012,Required,Yes,Yes,
+22,R,2.2,MISRA C 2012,Required,Yes,Yes,
+23,R,2.3,MISRA C 2012,Advisory,Yes,Optional,It prevents the usage of CASSERT().
+24,R,2.4,MISRA C 2012,Advisory,No,No,Header files may use enumerations instead of defines to group sets of values.
+25,R,2.5,MISRA C 2012,Advisory,No,No,We define many headers with macros that are unused in the project but may be used by non-upstream code or may be desirable for completeness.
+26,R,2.6,MISRA C 2012,Advisory,Yes,Yes,
+27,R,2.7,MISRA C 2012,Advisory,No,No,Doesn't allow for simple implementations of porting functions that don't require all parameters.
+28,R,3.1,MISRA C 2012,Required,Yes,Yes,
+29,R,3.2,MISRA C 2012,Required,Yes,Yes,
+30,R,4.1,MISRA C 2012,Required,Yes,Yes,
+31,R,4.2,MISRA C 2012,Advisory,Yes,Yes,
+32,R,5.1,MISRA C 2012,Required,No,No,We use weak symbols that prevent us from complying with this rule.
+33,R,5.2,MISRA C 2012,Required,Yes,Yes,
+34,R,5.3,MISRA C 2012,Required,Yes,Yes,
+35,R,5.4,MISRA C 2012,Required,Yes,Yes,
+36,R,5.5,MISRA C 2012,Required,Yes,Yes,
+37,R,5.6,MISRA C 2012,Required,Yes,Yes,
+38,R,5.7,MISRA C 2012,Required,Yes,Optional,Fixing all existing defects is problematic because of compatibility issues.
+39,R,5.8,MISRA C 2012,Required,No,No,We use weak symbols that prevent us from complying with this rule.
+40,R,5.9,MISRA C 2012,Advisory,Yes,Yes,
+41,R,6.1,MISRA C 2012,Required,Yes,Yes,
+42,R,6.2,MISRA C 2012,Required,Yes,Yes,
+43,R,7.1,MISRA C 2012,Required,Yes,Yes,
+44,R,7.2,MISRA C 2012,Required,Yes,Yes,
+45,R,7.3,MISRA C 2012,Required,Yes,Yes,
+46,R,7.4,MISRA C 2012,Required,Yes,Yes,
+47,R,8.1,MISRA C 2012,Required,Yes,Yes,
+48,R,8.2,MISRA C 2012,Required,Yes,Yes,
+49,R,8.3,MISRA C 2012,Required,Yes,Yes,
+50,R,8.4,MISRA C 2012,Required,Yes,Yes,
+51,R,8.5,MISRA C 2012,Required,Yes,Yes,
+52,R,8.6,MISRA C 2012,Required,No,No,We use weak symbols that prevent us from complying with this rule.
+53,R,8.7,MISRA C 2012,Advisory,No,No,"Bans pattern of declaring funcs in private header that are used/defined in separate translation units, which seems over the top."
+54,R,8.8,MISRA C 2012,Required,Yes,Yes,
+55,R,8.9,MISRA C 2012,Advisory,Yes,Yes,
+56,R,8.10,MISRA C 2012,Required,Yes,Yes,
+57,R,8.11,MISRA C 2012,Advisory,Yes,Optional,This may not be possible in some interfaces.
+58,R,8.12,MISRA C 2012,Required,Yes,Yes,
+59,R,8.13,MISRA C 2012,Advisory,Yes,Optional,The benefits of fixing existing code aren’t worth the effort.
+60,R,8.14,MISRA C 2012,Required,Yes,Yes,
+61,R,9.1,MISRA C 2012,Mandatory,Yes,Yes,
+62,R,9.2,MISRA C 2012,Required,Yes,Yes,
+63,R,9.3,MISRA C 2012,Required,Yes,Yes,
+64,R,9.4,MISRA C 2012,Required,Yes,Yes,
+65,R,9.5,MISRA C 2012,Required,Yes,Yes,
+66,R,10.1,MISRA C 2012,Required,Yes,Optional,Fixing existing code may be counter-productive and introduce bugs.
+67,R,10.2,MISRA C 2012,Required,Yes,Yes,
+68,R,10.3,MISRA C 2012,Required,Yes,Optional,Fixing existing code may be counter-productive and introduce bugs.
+69,R,10.4,MISRA C 2012,Required,Yes,Optional,Fixing existing code may be counter-productive and introduce bugs.
+70,R,10.5,MISRA C 2012,Advisory,Yes,Yes,
+71,R,10.6,MISRA C 2012,Required,Yes,Yes,
+72,R,10.7,MISRA C 2012,Required,Yes,Yes,
+73,R,10.8,MISRA C 2012,Required,Yes,Yes,
+74,R,11.1,MISRA C 2012,Required,Yes,Yes,
+75,R,11.2,MISRA C 2012,Required,Yes,Yes,
+76,R,11.3,MISRA C 2012,Required,Yes,Yes,
+77,R,11.4,MISRA C 2012,Advisory,No,No,This would be invasive for TF (e.g. in exported linker script macros). Also bans conversion from uintptr_t.
+78,R,11.5,MISRA C 2012,Advisory,No,No,"This seems to preclude the pattern of using void * in interfaces to hide the real object, which we use extensively."
+79,R,11.6,MISRA C 2012,Required,Yes,Optional,This is needed in several cases.
+80,R,11.7,MISRA C 2012,Required,Yes,Yes,
+81,R,11.8,MISRA C 2012,Required,Yes,Yes,
+82,R,11.9,MISRA C 2012,Required,Yes,Yes,
+83,R,12.1,MISRA C 2012,Advisory,Yes,Yes,
+84,R,12.2,MISRA C 2012,Required,Yes,Yes,"This rule is fine, but there are lots of false positives in Coverity."
+85,R,12.3,MISRA C 2012,Advisory,Yes,Yes,
+86,R,12.4,MISRA C 2012,Advisory,Yes,Yes,
+87,R,12.5,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+88,R,13.1,MISRA C 2012,Required,Yes,Yes,
+89,R,13.2,MISRA C 2012,Required,Yes,Yes,
+90,R,13.3,MISRA C 2012,Advisory,Yes,Yes,
+91,R,13.4,MISRA C 2012,Advisory,Yes,Yes,
+92,R,13.5,MISRA C 2012,Required,Yes,Yes,
+93,R,13.6,MISRA C 2012,Mandatory,Yes,Yes,
+94,R,14.1,MISRA C 2012,Required,Yes,Yes,
+95,R,14.2,MISRA C 2012,Required,Yes,Yes,
+96,R,14.3,MISRA C 2012,Required,Yes,Yes,
+97,R,14.4,MISRA C 2012,Required,Yes,Yes,
+98,R,15.1,MISRA C 2012,Advisory,No,No,In some cases goto may be useful for readability.
+99,R,15.2,MISRA C 2012,Required,Yes,Yes,
+100,R,15.3,MISRA C 2012,Required,Yes,Yes,
+101,R,15.4,MISRA C 2012,Advisory,Yes,Yes,
+102,R,15.5,MISRA C 2012,Advisory,No,No,This has no real value. It may make code less understandable than before.
+103,R,15.6,MISRA C 2012,Required,No,No,This directly contradicts the Linux style guidelines and would require many changes. We would have to remove that rule from checkpatch.
+104,R,15.7,MISRA C 2012,Required,Yes,Yes,
+105,R,16.1,MISRA C 2012,Required,No,No,Cannot comply with this unless we comply with 16.3
+106,R,16.2,MISRA C 2012,Required,Yes,Yes,
+107,R,16.3,MISRA C 2012,Required,No,No,Returns within switch statements and fall-throughs can improve readability.
+108,R,16.4,MISRA C 2012,Required,Yes,Yes,
+109,R,16.5,MISRA C 2012,Required,Yes,Yes,
+110,R,16.6,MISRA C 2012,Required,Yes,Yes,
+111,R,16.7,MISRA C 2012,Required,Yes,Yes,
+112,R,17.1,MISRA C 2012,Required,No,No,This is needed for printf.
+113,R,17.2,MISRA C 2012,Required,Yes,Yes,Bans recursion. We consider it acceptable if the max depth is known.
+114,R,17.3,MISRA C 2012,Mandatory,Yes,Yes,
+115,R,17.4,MISRA C 2012,Mandatory,Yes,Yes,
+116,R,17.5,MISRA C 2012,Advisory,Yes,Yes,
+117,R,17.6,MISRA C 2012,Mandatory,Yes,Yes,
+118,R,17.7,MISRA C 2012,Required,Yes,Optional,In some cases it doesn’t add any value to the code (like with memset() or printf()).
+119,R,17.8,MISRA C 2012,Advisory,Yes,Optional,It would make some one-line functions grow in size for no reason.
+120,R,18.1,MISRA C 2012,Required,Yes,Yes,
+121,R,18.2,MISRA C 2012,Required,Yes,Yes,
+122,R,18.3,MISRA C 2012,Required,Yes,Yes,
+123,R,18.4,MISRA C 2012,Advisory,Yes,Yes,
+124,R,18.5,MISRA C 2012,Advisory,Yes,Yes,
+125,R,18.6,MISRA C 2012,Required,Yes,Yes,
+126,R,18.7,MISRA C 2012,Required,Yes,Yes,
+127,R,18.8,MISRA C 2012,Required,Yes,Yes,
+128,R,19.1,MISRA C 2012,Mandatory,Yes,Yes,
+129,R,19.2,MISRA C 2012,Advisory,Yes,Optional,"Unions can be useful. We almost don’t use them, so it’s ok."
+130,R,20.1,MISRA C 2012,Advisory,Yes,Optional,In some files we have assembly-compatible includes followed by assembly-compatible definitions followed by C includes and C declarations. This is done to not have #ifdef in the include list.
+131,R,20.2,MISRA C 2012,Required,Yes,Yes,
+132,R,20.3,MISRA C 2012,Required,Yes,Yes,
+133,R,20.4,MISRA C 2012,Required,Yes,Yes,
+134,R,20.5,MISRA C 2012,Advisory,Yes,Yes,
+135,R,20.6,MISRA C 2012,Required,Yes,Yes,
+136,R,20.7,MISRA C 2012,Required,Yes,Yes,
+137,R,20.8,MISRA C 2012,Required,Yes,Optional,We need a new configuration system to fix all defects.
+138,R,20.9,MISRA C 2012,Required,Yes,Optional,"We use a mix of #if and #ifdef for boolean macros, which may raise some failures here. We should consistently use one or the other"
+139,R,20.10,MISRA C 2012,Advisory,Yes,Optional,"It’s good to avoid them, but they are sometimes needed."
+140,R,20.11,MISRA C 2012,Required,Yes,Yes,
+141,R,20.12,MISRA C 2012,Required,Yes,Yes,
+142,R,20.13,MISRA C 2012,Required,Yes,Yes,
+143,R,20.14,MISRA C 2012,Required,Yes,Yes,
+144,R,21.1,MISRA C 2012,Required,Yes,Yes,
+145,R,21.2,MISRA C 2012,Required,Yes,Yes,
+146,R,21.3,MISRA C 2012,Required,Yes,Yes,
+147,R,21.4,MISRA C 2012,Required,Yes,Yes,
+148,R,21.5,MISRA C 2012,Required,Yes,Yes,
+149,R,21.6,MISRA C 2012,Required,No,No,This bans printf.
+150,R,21.7,MISRA C 2012,Required,Yes,Yes,
+151,R,21.8,MISRA C 2012,Required,Yes,Yes,
+152,R,21.9,MISRA C 2012,Required,Yes,Yes,
+153,R,21.10,MISRA C 2012,Required,Yes,Yes,
+154,R,21.11,MISRA C 2012,Required,Yes,Yes,
+155,R,21.12,MISRA C 2012,Advisory,Yes,Yes,
+156,R,21.13,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+157,R,21.14,MISRA C 2012 AMD-1,Required,Yes,Yes,
+158,R,21.15,MISRA C 2012 AMD-1,Required,Yes,Yes,
+159,R,21.16,MISRA C 2012 AMD-1,Required,Yes,Yes,
+160,R,21.17,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+161,R,21.18,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+162,R,21.19,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+163,R,21.20,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+164,R,22.1,MISRA C 2012,Required,Yes,Yes,
+165,R,22.2,MISRA C 2012,Mandatory,Yes,Yes,
+166,R,22.3,MISRA C 2012,Required,Yes,Yes,
+167,R,22.4,MISRA C 2012,Mandatory,Yes,Yes,
+168,R,22.5,MISRA C 2012,Mandatory,Yes,Yes,
+169,R,22.6,MISRA C 2012,Mandatory,Yes,Yes,
+170,R,22.7,MISRA C 2012 AMD-1,Required,Yes,Yes,
+171,R,22.8,MISRA C 2012 AMD-1,Required,Yes,Yes,
+172,R,22.9,MISRA C 2012 AMD-1,Required,Yes,Yes,
+173,R,22.10,MISRA C 2012 AMD-1,Required,Yes,Yes,
diff --git a/docs/process/security.rst b/docs/process/security.rst
index c49ca6e..1e7ac2e 100644
--- a/docs/process/security.rst
+++ b/docs/process/security.rst
@@ -76,7 +76,7 @@
| |TFV-11| | A Malformed SDEI SMC can cause out of bound memory read |
+-----------+------------------------------------------------------------------+
-.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
+.. _issue tracker: https://github.com/TrustedFirmware-A/trusted-firmware-a/issues
.. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)`
diff --git a/drivers/st/bsec/bsec3.c b/drivers/st/bsec/bsec3.c
new file mode 100644
index 0000000..a803a3a
--- /dev/null
+++ b/drivers/st/bsec/bsec3.c
@@ -0,0 +1,533 @@
+/*
+ * Copyright (c) 2024, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <limits.h>
+
+#include <arch_helpers.h>
+#include <common/debug.h>
+#include <drivers/st/bsec.h>
+#include <drivers/st/bsec3_reg.h>
+#include <drivers/st/stm32mp_reset.h>
+#include <lib/mmio.h>
+#include <lib/spinlock.h>
+#include <libfdt.h>
+
+#include <platform_def.h>
+
+#define BSEC_IP_VERSION_1_0 U(0x10)
+#define BSEC_IP_ID_3 U(0x100033)
+
+#define MAX_NB_TRIES U(3)
+
+/*
+ * IP configuration
+ */
+#define BSEC_OTP_MASK GENMASK_32(4, 0)
+#define BSEC_OTP_BANK_SHIFT U(5)
+#define BSEC_TIMEOUT_VALUE U(0x800000) /* ~7sec @1.2GHz */
+
+/* Magic use to indicated valid SHADOW = 'B' 'S' 'E' 'C' */
+#define BSEC_MAGIC U(0x42534543)
+
+#define OTP_MAX_SIZE (STM32MP2_OTP_MAX_ID + U(1))
+
+struct bsec_shadow {
+ uint32_t magic;
+ uint32_t state;
+ uint32_t value[OTP_MAX_SIZE];
+ uint32_t status[OTP_MAX_SIZE];
+};
+
+static uint32_t otp_bank(uint32_t otp)
+{
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return (otp & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT;
+}
+
+static uint32_t otp_bit_mask(uint32_t otp)
+{
+ return BIT(otp & BSEC_OTP_MASK);
+}
+
+/*
+ * bsec_get_status: return status register value.
+ */
+static uint32_t bsec_get_status(void)
+{
+ return mmio_read_32(BSEC_BASE + BSEC_OTPSR);
+}
+
+/*
+ * bsec_get_version: return BSEC version.
+ */
+static uint32_t bsec_get_version(void)
+{
+ return mmio_read_32(BSEC_BASE + BSEC_VERR) & BSEC_VERR_MASK;
+}
+
+/*
+ * bsec_get_id: return BSEC ID.
+ */
+static uint32_t bsec_get_id(void)
+{
+ return mmio_read_32(BSEC_BASE + BSEC_IPIDR);
+}
+
+static bool is_fuse_shadowed(uint32_t otp)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+ uint32_t bank_value;
+
+ bank_value = mmio_read_32(BSEC_BASE + BSEC_SFSR(bank));
+
+ if ((bank_value & otp_mask) != 0U) {
+ return true;
+ }
+
+ return false;
+}
+
+static void poll_otp_status_busy(void)
+{
+ uint32_t timeout = BSEC_TIMEOUT_VALUE;
+
+ while (((bsec_get_status() & BSEC_OTPSR_BUSY) != 0U) && (timeout != 0U)) {
+ timeout--;
+ }
+
+ if ((bsec_get_status() & BSEC_OTPSR_BUSY) != 0U) {
+ ERROR("BSEC timeout\n");
+ panic();
+ }
+}
+
+static uint32_t check_read_error(uint32_t otp)
+{
+ uint32_t status = bsec_get_status();
+
+ if ((status & BSEC_OTPSR_SECF) != 0U) {
+ VERBOSE("BSEC read %u single error correction detected\n", otp);
+ }
+
+ if ((status & BSEC_OTPSR_PPLF) != 0U) {
+ VERBOSE("BSEC read %u permanent programming lock detected.\n", otp);
+ }
+
+ if ((status & BSEC_OTPSR_PPLMF) != 0U) {
+ ERROR("BSEC read %u error 0x%x\n", otp, status);
+ return BSEC_ERROR;
+ }
+
+ if ((status & (BSEC_OTPSR_DISTURBF | BSEC_OTPSR_DEDF | BSEC_OTPSR_AMEF)) != 0U) {
+ ERROR("BSEC read %u error 0x%x with invalid FVR\n", otp, status);
+ return BSEC_RETRY;
+ }
+
+ return BSEC_OK;
+}
+
+static uint32_t check_program_error(uint32_t otp)
+{
+ uint32_t status = bsec_get_status();
+
+ if ((status & BSEC_OTPSR_PROGFAIL) != 0U) {
+ ERROR("BSEC program %u error 0x%x\n", otp, status);
+ return BSEC_RETRY;
+ }
+
+ return BSEC_OK;
+}
+
+static void check_reset_error(void)
+{
+ uint32_t status = bsec_get_status();
+
+ /* check initial status reporting */
+ if ((status & BSEC_OTPSR_BUSY) != 0U) {
+ VERBOSE("BSEC reset and busy when OTPSR read\n");
+ }
+ if ((status & BSEC_OTPSR_HIDEUP) != 0U) {
+ VERBOSE("BSEC upper fuse are not accessible (HIDEUP)\n");
+ }
+ if ((status & BSEC_OTPSR_OTPSEC) != 0U) {
+ VERBOSE("BSEC reset single error correction detected\n");
+ }
+ if ((status & BSEC_OTPSR_OTPNVIR) == 0U) {
+ VERBOSE("BSEC reset first fuse word 0 is detected zero\n");
+ }
+ if ((status & BSEC_OTPSR_OTPERR) != 0U) {
+ ERROR("BSEC reset critical error 0x%x\n", status);
+ panic();
+ }
+ if ((status & BSEC_OTPSR_FUSEOK) != BSEC_OTPSR_FUSEOK) {
+ ERROR("BSEC reset critical error 0x%x\n", status);
+ panic();
+ }
+}
+
+static bool is_bsec_write_locked(void)
+{
+ return (mmio_read_32(BSEC_BASE + BSEC_LOCKR) & BSEC_LOCKR_GWLOCK_MASK) != 0U;
+}
+
+/*
+ * bsec_probe: initialize BSEC driver.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_probe(void)
+{
+ uint32_t version = bsec_get_version();
+ uint32_t id = bsec_get_id();
+
+ if ((version != BSEC_IP_VERSION_1_0) || (id != BSEC_IP_ID_3)) {
+ ERROR("%s: version = 0x%x, id = 0x%x\n", __func__, version, id);
+ panic();
+ }
+
+ check_reset_error();
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_shadow_register: copy SAFMEM OTP to BSEC data.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+static uint32_t bsec_shadow_register(uint32_t otp)
+{
+ uint32_t result;
+ uint32_t i;
+ bool value;
+
+ result = bsec_read_sr_lock(otp, &value);
+ if (result != BSEC_OK) {
+ WARN("BSEC: %u Sticky-read bit read Error %u\n", otp, result);
+ } else if (value) {
+ VERBOSE("BSEC: OTP %u is locked and will not be refreshed\n", otp);
+ }
+
+ for (i = 0U; i < MAX_NB_TRIES; i++) {
+ mmio_write_32(BSEC_BASE + BSEC_OTPCR, otp);
+
+ poll_otp_status_busy();
+
+ result = check_read_error(otp);
+ if (result != BSEC_RETRY) {
+ break;
+ }
+ }
+
+ return result;
+}
+
+/*
+ * bsec_write_otp: write a value in shadow OTP.
+ * val: value to program.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_write_otp(uint32_t val, uint32_t otp)
+{
+ bool state;
+ uint32_t result;
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ if (!is_fuse_shadowed(otp)) {
+ return BSEC_ERROR;
+ }
+
+ if (is_bsec_write_locked()) {
+ return BSEC_WRITE_LOCKED;
+ }
+
+ result = bsec_read_sw_lock(otp, &state);
+ if (result != BSEC_OK) {
+ WARN("Shadow register is SW locked\n");
+ return result;
+ }
+
+ mmio_write_32(BSEC_BASE + BSEC_FVR(otp), val);
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_program_otp: program a bit in SAFMEM after the prog.
+ * The OTP data is not refreshed.
+ * val: value to program.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_program_otp(uint32_t val, uint32_t otp)
+{
+ uint32_t result;
+ uint32_t i;
+ bool value;
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ if (is_bsec_write_locked() == true) {
+ return BSEC_WRITE_LOCKED;
+ }
+
+ result = bsec_read_sp_lock(otp, &value);
+ if (result != BSEC_OK) {
+ WARN("BSEC: %u Sticky-prog bit read Error %u\n", otp, result);
+ } else if (value) {
+ WARN("BSEC: OTP locked, prog will be ignored\n");
+ return BSEC_WRITE_LOCKED;
+ }
+
+ mmio_write_32(BSEC_BASE + BSEC_WDR, val);
+
+ for (i = 0U; i < MAX_NB_TRIES; i++) {
+ mmio_write_32(BSEC_BASE + BSEC_OTPCR, otp | BSEC_OTPCR_PROG);
+
+ poll_otp_status_busy();
+
+ result = check_program_error(otp);
+ if (result != BSEC_RETRY) {
+ break;
+ }
+ }
+
+ return result;
+}
+
+/*
+ * bsec_read_debug_conf: read debug configuration.
+ */
+uint32_t bsec_read_debug_conf(void)
+{
+ return mmio_read_32(BSEC_BASE + BSEC_DENR);
+}
+
+static uint32_t bsec_lock_register_set(uint32_t offset, uint32_t mask)
+{
+ uint32_t value = mmio_read_32(BSEC_BASE + offset);
+
+ /* The lock is already set */
+ if ((value & mask) != 0U) {
+ return BSEC_OK;
+ }
+
+ if (is_bsec_write_locked()) {
+ return BSEC_WRITE_LOCKED;
+ }
+
+ value |= mask;
+
+ mmio_write_32(BSEC_BASE + offset, value);
+
+ return BSEC_OK;
+}
+
+static bool bsec_lock_register_get(uint32_t offset, uint32_t mask)
+{
+ uint32_t value = mmio_read_32(BSEC_BASE + offset);
+
+ return (value & mask) != 0U;
+}
+
+/*
+ * bsec_set_sr_lock: set shadow-read lock.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_set_sr_lock(uint32_t otp)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return bsec_lock_register_set(BSEC_SRLOCK(bank), otp_mask);
+}
+
+/*
+ * bsec_read_sr_lock: read shadow-read lock.
+ * otp: OTP number.
+ * value: read value (true or false).
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_read_sr_lock(uint32_t otp, bool *value)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ assert(value != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ *value = bsec_lock_register_get(BSEC_SRLOCK(bank), otp_mask);
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_set_sw_lock: set shadow-write lock.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_set_sw_lock(uint32_t otp)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return bsec_lock_register_set(BSEC_SWLOCK(bank), otp_mask);
+}
+
+/*
+ * bsec_read_sw_lock: read shadow-write lock.
+ * otp: OTP number.
+ * value: read value (true or false).
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_read_sw_lock(uint32_t otp, bool *value)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ assert(value != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ *value = bsec_lock_register_get(BSEC_SWLOCK(bank), otp_mask);
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_set_sp_lock: set shadow-program lock.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_set_sp_lock(uint32_t otp)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return bsec_lock_register_set(BSEC_SPLOCK(bank), otp_mask);
+}
+
+/*
+ * bsec_read_sp_lock: read shadow-program lock.
+ * otp: OTP number.
+ * value: read value (true or false).
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_read_sp_lock(uint32_t otp, bool *value)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ assert(value != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ *value = bsec_lock_register_get(BSEC_SPLOCK(bank), otp_mask);
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_get_secure_state: read state in BSEC status register.
+ * return: secure state
+ */
+uint32_t bsec_get_secure_state(void)
+{
+ uint32_t state = BSEC_STATE_INVALID;
+ uint32_t status = bsec_get_status();
+ uint32_t bsec_sr = mmio_read_32(BSEC_BASE + BSEC_SR);
+
+ if ((status & BSEC_OTPSR_FUSEOK) == BSEC_OTPSR_FUSEOK) {
+ /* NVSTATE is only valid if FUSEOK */
+ uint32_t nvstates = (bsec_sr & BSEC_SR_NVSTATE_MASK) >> BSEC_SR_NVSTATE_SHIFT;
+
+ if (nvstates == BSEC_SR_NVSTATE_OPEN) {
+ state = BSEC_STATE_SEC_OPEN;
+ } else if (nvstates == BSEC_SR_NVSTATE_CLOSED) {
+ state = BSEC_STATE_SEC_CLOSED;
+ } else {
+ VERBOSE("%s nvstates = %u\n", __func__, nvstates);
+ }
+ }
+
+ return state;
+}
+
+/*
+ * bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value
+ * val: read value.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_shadow_read_otp(uint32_t *val, uint32_t otp)
+{
+ assert(val != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ *val = 0U;
+
+ if (is_bsec_write_locked()) {
+ return BSEC_WRITE_LOCKED;
+ }
+
+ if (!is_fuse_shadowed(otp)) {
+ uint32_t result = bsec_shadow_register(otp);
+
+ if (result != BSEC_OK) {
+ ERROR("BSEC: %u Shadowing Error %u\n", otp, result);
+ return result;
+ }
+ }
+
+ *val = mmio_read_32(BSEC_BASE + BSEC_FVR(otp));
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_read_otp: read an OTP data value.
+ * val: read value.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_read_otp(uint32_t *val, uint32_t otp)
+{
+ assert(val != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return bsec_shadow_read_otp(val, otp);
+}
diff --git a/include/arch/aarch32/arch_features.h b/include/arch/aarch32/arch_features.h
index acc1751..a2063f1 100644
--- a/include/arch/aarch32/arch_features.h
+++ b/include/arch/aarch32/arch_features.h
@@ -137,6 +137,7 @@
static inline bool is_feat_ecv_supported(void) { return false; }
static inline bool is_feat_ecv_v2_supported(void) { return false; }
static inline bool is_feat_csv2_2_supported(void) { return false; }
+static inline bool is_feat_csv2_3_supported(void) { return false; }
static inline bool is_feat_ras_supported(void) { return false; }
/* The following features are supported in AArch64 only. */
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index e9d22b6..b88d6c6 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -197,6 +197,7 @@
#define ID_AA64PFR0_CSV2_MASK ULL(0xf)
#define ID_AA64PFR0_CSV2_LENGTH U(4)
#define ID_AA64PFR0_CSV2_2_SUPPORTED ULL(0x2)
+#define ID_AA64PFR0_CSV2_3_SUPPORTED ULL(0x3)
#define ID_AA64PFR0_FEAT_RME_SHIFT U(52)
#define ID_AA64PFR0_FEAT_RME_MASK ULL(0xf)
diff --git a/include/arch/aarch64/arch_features.h b/include/arch/aarch64/arch_features.h
index deea6d4..c053c4d 100644
--- a/include/arch/aarch64/arch_features.h
+++ b/include/arch/aarch64/arch_features.h
@@ -187,10 +187,28 @@
return ISOLATE_FIELD(read_id_aa64isar1_el1(), ID_AA64ISAR1_SB_SHIFT);
}
-/* FEAT_CSV2_2: Cache Speculation Variant 2 */
-CREATE_FEATURE_FUNCS(feat_csv2, id_aa64pfr0_el1, ID_AA64PFR0_CSV2_SHIFT, 0)
+/*
+ * FEAT_CSV2: Cache Speculation Variant 2. This checks bit fields[56-59]
+ * of id_aa64pfr0_el1 register and can be used to check for below features:
+ * FEAT_CSV2_2: Cache Speculation Variant CSV2_2.
+ * FEAT_CSV2_3: Cache Speculation Variant CSV2_3.
+ * 0b0000 - Feature FEAT_CSV2 is not implemented.
+ * 0b0001 - Feature FEAT_CSV2 is implemented, but FEAT_CSV2_2 and FEAT_CSV2_3
+ * are not implemented.
+ * 0b0010 - Feature FEAT_CSV2_2 is implemented but FEAT_CSV2_3 is not
+ * implemented.
+ * 0b0011 - Feature FEAT_CSV2_3 is implemented.
+ */
+static inline unsigned int read_feat_csv2_id_field(void)
+{
+ return (unsigned int)(read_id_aa64pfr0_el1() >>
+ ID_AA64PFR0_CSV2_SHIFT) & ID_AA64PFR0_CSV2_MASK;
+}
+
CREATE_FEATURE_FUNCS_VER(feat_csv2_2, read_feat_csv2_id_field,
ID_AA64PFR0_CSV2_2_SUPPORTED, ENABLE_FEAT_CSV2_2)
+CREATE_FEATURE_FUNCS_VER(feat_csv2_3, read_feat_csv2_id_field,
+ ID_AA64PFR0_CSV2_3_SUPPORTED, ENABLE_FEAT_CSV2_3)
/* FEAT_SPE: Statistical Profiling Extension */
CREATE_FEATURE_FUNCS(feat_spe, id_aa64dfr0_el1, ID_AA64DFR0_PMS_SHIFT,
diff --git a/include/bl31/interrupt_mgmt.h b/include/bl31/interrupt_mgmt.h
index 21af112..8b9dfb6 100644
--- a/include/bl31/interrupt_mgmt.h
+++ b/include/bl31/interrupt_mgmt.h
@@ -107,10 +107,10 @@
static inline int32_t validate_el3_interrupt_rm(uint32_t x)
{
-#if EL3_EXCEPTION_HANDLING && !(defined(SPD_spmd) && (SPMD_SPM_AT_SEL2 == 1))
+#if EL3_EXCEPTION_HANDLING && SPM_MM
/*
* With EL3 exception handling, EL3 interrupts are always routed to EL3
- * from both Secure and Non-secure, when the SPMC does not live in S-EL2.
+ * from Non-secure and from secure only if SPM_MM is present.
* Therefore INTR_EL3_VALID_RM1 is the only valid routing model.
*/
if (x == INTR_EL3_VALID_RM1)
diff --git a/include/drivers/st/bsec3_reg.h b/include/drivers/st/bsec3_reg.h
new file mode 100644
index 0000000..177e30b
--- /dev/null
+++ b/include/drivers/st/bsec3_reg.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2024, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef BSEC3_REG_H
+#define BSEC3_REG_H
+
+#include <lib/utils_def.h>
+
+/* BSEC REGISTER OFFSET (base relative) */
+#define BSEC_FVR(x) (U(0x000) + 4U * (x))
+#define BSEC_SPLOCK(x) (U(0x800) + 4U * (x))
+#define BSEC_SWLOCK(x) (U(0x840) + 4U * (x))
+#define BSEC_SRLOCK(x) (U(0x880) + 4U * (x))
+#define BSEC_OTPVLDR(x) (U(0x8C0) + 4U * (x))
+#define BSEC_SFSR(x) (U(0x940) + 4U * (x))
+#define BSEC_OTPCR U(0xC04)
+#define BSEC_WDR U(0xC08)
+#define BSEC_SCRATCHR0 U(0xE00)
+#define BSEC_SCRATCHR1 U(0xE04)
+#define BSEC_SCRATCHR2 U(0xE08)
+#define BSEC_SCRATCHR3 U(0xE0C)
+#define BSEC_LOCKR U(0xE10)
+#define BSEC_JTAGINR U(0xE14)
+#define BSEC_JTAGOUTR U(0xE18)
+#define BSEC_DENR U(0xE20)
+#define BSEC_UNMAPR U(0xE24)
+#define BSEC_SR U(0xE40)
+#define BSEC_OTPSR U(0xE44)
+#define BSEC_WRCR U(0xF00)
+#define BSEC_HWCFGR U(0xFF0)
+#define BSEC_VERR U(0xFF4)
+#define BSEC_IPIDR U(0xFF8)
+#define BSEC_SIDR U(0xFFC)
+
+/* BSEC_OTPCR register fields */
+#define BSEC_OTPCR_ADDR_MASK GENMASK_32(8, 0)
+#define BSEC_OTPCR_ADDR_SHIFT U(0)
+#define BSEC_OTPCR_PROG BIT_32(13)
+#define BSEC_OTPCR_PPLOCK BIT_32(14)
+#define BSEC_OTPCR_LASTCID_MASK GENMASK_32(21, 19)
+#define BSEC_OTPCR_LASTCID_SHIFT U(19)
+
+/* BSEC_LOCKR register fields */
+#define BSEC_LOCKR_GWLOCK_MASK BIT_32(0)
+#define BSEC_LOCKR_GWLOCK_SHIFT U(0)
+#define BSEC_LOCKR_DENLOCK_MASK BIT_32(1)
+#define BSEC_LOCKR_DENLOCK_SHIFT U(1)
+#define BSEC_LOCKR_HKLOCK_MASK BIT_32(2)
+#define BSEC_LOCKR_HKLOCK_SHIFT U(2)
+
+/* BSEC_DENR register fields */
+#define BSEC_DENR_LPDBGEN BIT_32(0)
+#define BSEC_DENR_DBGENA BIT_32(1)
+#define BSEC_DENR_NIDENA BIT_32(2)
+#define BSEC_DENR_DEVICEEN BIT_32(3)
+#define BSEC_DENR_HDPEN BIT_32(4)
+#define BSEC_DENR_SPIDENA BIT_32(5)
+#define BSEC_DENR_SPNIDENA BIT_32(6)
+#define BSEC_DENR_DBGSWEN BIT_32(7)
+#define BSEC_DENR_DBGENM BIT_32(8)
+#define BSEC_DENR_NIDENM BIT_32(9)
+#define BSEC_DENR_SPIDENM BIT_32(10)
+#define BSEC_DENR_SPNIDENM BIT_32(11)
+#define BSEC_DENR_CFGSDIS BIT_32(12)
+#define BSEC_DENR_CP15SDIS_MASK GENMASK_32(14, 13)
+#define BSEC_DENR_CP15SDIS_SHIFT U(13)
+#define BSEC_DENR_LPDBGDIS BIT_32(15)
+#define BSEC_DENR_ALL_MSK GENMASK_32(15, 0)
+
+/* BSEC_SR register fields */
+#define BSEC_SR_BUSY BIT_32(0)
+#define BSEC_SR_HVALID BIT_32(1)
+#define BSEC_SR_RNGERR BIT_32(2)
+#define BSEC_SR_HKWW_MASK GENMASK_32(15, 8)
+#define BSEC_SR_HKWW_SHIFT U(8)
+#define BSEC_SR_NVSTATE_MASK GENMASK_32(31, 26)
+#define BSEC_SR_NVSTATE_SHIFT U(26)
+#define BSEC_SR_NVSTATE_OPEN U(0x16)
+#define BSEC_SR_NVSTATE_CLOSED U(0x0D)
+#define BSEC_SR_NVSTATE_OTP_LOCKED U(0x23)
+
+/* BSEC_OTPSR register fields */
+#define BSEC_OTPSR_BUSY BIT_32(0)
+#define BSEC_OTPSR_FUSEOK BIT_32(1)
+#define BSEC_OTPSR_HIDEUP BIT_32(2)
+#define BSEC_OTPSR_OTPNVIR BIT_32(4)
+#define BSEC_OTPSR_OTPERR BIT_32(5)
+#define BSEC_OTPSR_OTPSEC BIT_32(6)
+#define BSEC_OTPSR_PROGFAIL BIT_32(16)
+#define BSEC_OTPSR_DISTURBF BIT_32(17)
+#define BSEC_OTPSR_DEDF BIT_32(18)
+#define BSEC_OTPSR_SECF BIT_32(19)
+#define BSEC_OTPSR_PPLF BIT_32(20)
+#define BSEC_OTPSR_PPLMF BIT_32(21)
+#define BSEC_OTPSR_AMEF BIT_32(22)
+
+/* BSEC_VERR register fields */
+#define BSEC_VERR_MASK GENMASK_32(7, 0)
+
+#endif /* BSEC3_REG_H */
diff --git a/include/lib/cpus/aarch64/cortex_a35.h b/include/lib/cpus/aarch64/cortex_a35.h
index cef2960..c82b4eb 100644
--- a/include/lib/cpus/aarch64/cortex_a35.h
+++ b/include/lib/cpus/aarch64/cortex_a35.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,9 @@
/* Cortex-A35 Main ID register for revision 0 */
#define CORTEX_A35_MIDR U(0x410FD040)
+/* L2 Extended Control Register */
+#define CORTEX_A35_L2ECTLR_EL1 S3_1_C11_C0_3
+
/*******************************************************************************
* CPU Extended Control register specific definitions.
* CPUECTLR_EL1 is an implementation-specific register.
diff --git a/include/lib/cpus/aarch64/cortex_x3.h b/include/lib/cpus/aarch64/cortex_x3.h
index 5429078..c5f820c 100644
--- a/include/lib/cpus/aarch64/cortex_x3.h
+++ b/include/lib/cpus/aarch64/cortex_x3.h
@@ -44,6 +44,11 @@
#define CORTEX_X3_CPUACTLR5_EL1_BIT_56 (ULL(1) << 56)
/*******************************************************************************
+ * CPU Auxiliary Control register 6 specific definitions.
+ ******************************************************************************/
+#define CORTEX_X3_CPUACTLR6_EL1 S3_0_C15_C8_1
+
+/*******************************************************************************
* CPU Extended Control register 2 specific definitions.
******************************************************************************/
#define CORTEX_X3_CPUECTLR2_EL1 S3_0_C15_C1_5
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index 54b184d..c3a88e7 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -150,10 +150,10 @@
#endif /* (SPD_tspd || SPD_opteed || SPD_spmd) && MEASURED_BOOT */
#if ENABLE_RME
-#define ARM_L1_GPT_ADDR_BASE (ARM_DRAM1_BASE + \
+#define ARM_L1_GPT_BASE (ARM_DRAM1_BASE + \
ARM_DRAM1_SIZE - \
ARM_L1_GPT_SIZE)
-#define ARM_L1_GPT_END (ARM_L1_GPT_ADDR_BASE + \
+#define ARM_L1_GPT_END (ARM_L1_GPT_BASE + \
ARM_L1_GPT_SIZE - 1U)
#define ARM_REALM_BASE (ARM_EL3_RMM_SHARED_BASE - \
@@ -343,7 +343,7 @@
#define ARM_MAP_GPT_L1_DRAM MAP_REGION_FLAT( \
- ARM_L1_GPT_ADDR_BASE, \
+ ARM_L1_GPT_BASE, \
ARM_L1_GPT_SIZE, \
MT_MEMORY | MT_RW | EL3_PAS)
@@ -422,7 +422,7 @@
* Map L0_GPT with read and write permissions
*/
#if ENABLE_RME
-#define ARM_MAP_L0_GPT_REGION MAP_REGION_FLAT(ARM_L0_GPT_ADDR_BASE, \
+#define ARM_MAP_L0_GPT_REGION MAP_REGION_FLAT(ARM_L0_GPT_BASE, \
ARM_L0_GPT_SIZE, \
MT_MEMORY | MT_RW | MT_ROOT)
#endif
@@ -533,8 +533,8 @@
* configuration memory, 4KB aligned.
*/
#define ARM_L0_GPT_SIZE (PAGE_SIZE)
-#define ARM_L0_GPT_ADDR_BASE (ARM_FW_CONFIGS_LIMIT)
-#define ARM_L0_GPT_LIMIT (ARM_L0_GPT_ADDR_BASE + ARM_L0_GPT_SIZE)
+#define ARM_L0_GPT_BASE (ARM_FW_CONFIGS_LIMIT)
+#define ARM_L0_GPT_LIMIT (ARM_L0_GPT_BASE + ARM_L0_GPT_SIZE)
#else
#define ARM_L0_GPT_SIZE U(0)
#endif
diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h
index 0fb06a6..4c425a7 100644
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,7 @@
#include <lib/bakery_lock.h>
#include <lib/cassert.h>
#include <lib/el3_runtime/cpu_data.h>
+#include <lib/gpt_rme/gpt_rme.h>
#include <lib/spinlock.h>
#include <lib/utils_def.h>
#include <lib/xlat_tables/xlat_tables_compat.h>
@@ -31,6 +32,17 @@
unsigned int nsaid_permissions;
} arm_tzc_regions_info_t;
+typedef struct arm_gpt_info {
+ pas_region_t *pas_region_base;
+ unsigned int pas_region_count;
+ uintptr_t l0_base;
+ uintptr_t l1_base;
+ size_t l0_size;
+ size_t l1_size;
+ gpccr_pps_e pps;
+ gpccr_pgs_e pgs;
+} arm_gpt_info_t;
+
/*******************************************************************************
* Default mapping definition of the TrustZone Controller for ARM standard
* platforms.
@@ -362,6 +374,9 @@
unsigned int plat_arm_calc_core_pos(u_register_t mpidr);
const mmap_region_t *plat_arm_get_mmap(void);
+const arm_gpt_info_t *plat_arm_get_gpt_info(void);
+void arm_gpt_setup(void);
+
/* Allow platform to override psci_pm_ops during runtime */
const plat_psci_ops_t *plat_arm_psci_override_pm_ops(plat_psci_ops_t *ops);
diff --git a/include/services/oem/chromeos/widevine_smc_handlers.h b/include/services/oem/chromeos/widevine_smc_handlers.h
new file mode 100644
index 0000000..a5251d7
--- /dev/null
+++ b/include/services/oem/chromeos/widevine_smc_handlers.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2024, The ChromiumOS Authors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CROS_WIDEVINE_SMC_HANDLERS_H
+#define CROS_WIDEVINE_SMC_HANDLERS_H
+
+#include <lib/smccc.h>
+
+/*******************************************************************************
+ * Defines for CrOS OEM Service queries
+ ******************************************************************************/
+
+/* 0xC300C050 - 0xC300C05F are CrOS OEM service calls */
+#define CROS_OEM_SMC_ID 0xC050
+#define CROS_OEM_SMC_CALL_ID(func_num) \
+ ((SMC_TYPE_FAST << FUNCID_TYPE_SHIFT) | \
+ ((SMC_64) << FUNCID_CC_SHIFT) | (OEN_OEM_START << FUNCID_OEN_SHIFT) | \
+ (CROS_OEM_SMC_ID) | ((func_num) & FUNCID_NUM_MASK))
+
+enum cros_drm_set {
+ CROS_DRM_SET_TPM_AUTH_PUB = 0U,
+ CROS_DRM_SET_HARDWARE_UNIQUE_KEY = 1U,
+ CROS_DRM_SET_ROOT_OF_TRUST = 2U,
+};
+
+/*******************************************************************************
+ * Defines for runtime services func ids
+ ******************************************************************************/
+
+/* Sets the TPM auth public key. The maximum size is 128 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_TPM_AUTH_PUB_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_TPM_AUTH_PUB)
+
+/* Sets the hardware unique key. The maximum size is 32 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_HARDWARE_UNIQUE_KEY_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_HARDWARE_UNIQUE_KEY)
+
+/* Sets the widevine root of trust. The maximum size is 32 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_ROOT_OF_TRUST_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_ROOT_OF_TRUST)
+
+#define is_cros_oem_smc(_call_id) (((_call_id) & 0xFFF0U) == CROS_OEM_SMC_ID)
+
+struct cros_oem_data {
+ uint8_t *buffer;
+ const uint32_t max_length;
+ uint32_t length;
+};
+
+extern struct cros_oem_data cros_oem_tpm_auth_pk;
+
+extern struct cros_oem_data cros_oem_huk;
+
+extern struct cros_oem_data cros_oem_rot;
+
+#endif /* CROS_WIDEVINE_SMC_HANDLERS_H */
diff --git a/lib/cpus/aarch64/cortex_x3.S b/lib/cpus/aarch64/cortex_x3.S
index ea89267..e5a05fc 100644
--- a/lib/cpus/aarch64/cortex_x3.S
+++ b/lib/cpus/aarch64/cortex_x3.S
@@ -61,6 +61,12 @@
check_erratum_ls cortex_x3, ERRATUM(2615812), CPU_REV(1, 1)
+workaround_runtime_start cortex_x3, ERRATUM(2641945), ERRATA_X3_2641945
+ sysreg_bit_set CORTEX_X3_CPUACTLR6_EL1, BIT(41)
+workaround_runtime_end cortex_x3, ERRATUM(2641945), NO_ISB
+
+check_erratum_ls cortex_x3, ERRATUM(2641945), CPU_REV(1, 0)
+
workaround_reset_start cortex_x3, ERRATUM(2742421), ERRATA_X3_2742421
/* Set CPUACTLR5_EL1[56:55] to 2'b01 */
sysreg_bit_set CORTEX_X3_CPUACTLR5_EL1, CORTEX_X3_CPUACTLR5_EL1_BIT_55
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index a99c082..31430ae 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -794,6 +794,10 @@
# to revisions r0p0, r1p0, r1p1 of the Cortex-X3 cpu, it is still open.
CPU_FLAG_LIST += ERRATA_X3_2615812
+# Flag to apply erratum 2641945 workaround on reset. This erratum applies
+# to revisions r0p0 and r1p0 of the Cortex-X3 cpu, it is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_X3_2641945
+
# Flag to apply erratum 2742421 workaround on reset. This erratum applies
# to revisions r0p0, r1p0 and r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_X3_2742421
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index da53194..00c6008 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -168,6 +168,7 @@
scr_el3 |= SCR_NS_BIT | SCR_NSE_BIT;
+ /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
/* Enable access to the SCXTNUM_ELx registers. */
scr_el3 |= SCR_EnSCXT_BIT;
@@ -236,6 +237,7 @@
scr_el3 |= SCR_TERR_BIT;
#endif
+ /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
/* Enable access to the SCXTNUM_ELx registers. */
scr_el3 |= SCR_EnSCXT_BIT;
@@ -1293,6 +1295,7 @@
write_ctx_reg(el2_sysregs_ctx, CTX_TRFCR_EL2, read_trfcr_el2());
}
+ /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
write_ctx_reg(el2_sysregs_ctx, CTX_SCXTNUM_EL2, read_scxtnum_el2());
}
@@ -1370,6 +1373,7 @@
write_trfcr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TRFCR_EL2));
}
+ /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
write_scxtnum_el2(read_ctx_reg(el2_sysregs_ctx, CTX_SCXTNUM_EL2));
}
diff --git a/lib/libc/libc.mk b/lib/libc/libc.mk
index 95da68c..03e1fb3 100644
--- a/lib/libc/libc.mk
+++ b/lib/libc/libc.mk
@@ -1,42 +1,11 @@
#
-# Copyright (c) 2016-2021, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-
-LIBC_SRCS := $(addprefix lib/libc/, \
- abort.c \
- assert.c \
- exit.c \
- memchr.c \
- memcmp.c \
- memcpy.c \
- memcpy_s.c \
- memmove.c \
- memrchr.c \
- memset.c \
- printf.c \
- putchar.c \
- puts.c \
- snprintf.c \
- strchr.c \
- strcmp.c \
- strlcat.c \
- strlcpy.c \
- strlen.c \
- strncmp.c \
- strnlen.c \
- strrchr.c \
- strtok.c \
- strtoul.c \
- strtoll.c \
- strtoull.c \
- strtol.c)
+#
-ifeq (${ARCH},aarch64)
-LIBC_SRCS += $(addprefix lib/libc/aarch64/, \
- setjmp.S)
-endif
+include lib/libc/libc_common.mk
-INCLUDES += -Iinclude/lib/libc \
- -Iinclude/lib/libc/$(ARCH) \
+LIBC_SRCS += $(addprefix lib/libc/, \
+ memset.c)
diff --git a/lib/libc/libc_asm.mk b/lib/libc/libc_asm.mk
index 2f27265..6d9bb9d 100644
--- a/lib/libc/libc_asm.mk
+++ b/lib/libc/libc_asm.mk
@@ -1,44 +1,15 @@
#
-# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-LIBC_SRCS := $(addprefix lib/libc/, \
- abort.c \
- assert.c \
- exit.c \
- memchr.c \
- memcmp.c \
- memcpy.c \
- memmove.c \
- memrchr.c \
- printf.c \
- putchar.c \
- puts.c \
- snprintf.c \
- strchr.c \
- strcmp.c \
- strlcat.c \
- strlcpy.c \
- strlen.c \
- strncmp.c \
- strnlen.c \
- strrchr.c \
- strtok.c \
- strtoul.c \
- strtoll.c \
- strtoull.c \
- strtol.c)
+include lib/libc/libc_common.mk
ifeq (${ARCH},aarch64)
LIBC_SRCS += $(addprefix lib/libc/aarch64/, \
- memset.S \
- setjmp.S)
+ memset.S)
else
LIBC_SRCS += $(addprefix lib/libc/aarch32/, \
memset.S)
endif
-
-INCLUDES += -Iinclude/lib/libc \
- -Iinclude/lib/libc/$(ARCH) \
diff --git a/lib/libc/libc_common.mk b/lib/libc/libc_common.mk
new file mode 100644
index 0000000..4879818
--- /dev/null
+++ b/lib/libc/libc_common.mk
@@ -0,0 +1,42 @@
+#
+# Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+LIBC_SRCS := $(addprefix lib/libc/, \
+ abort.c \
+ assert.c \
+ exit.c \
+ memchr.c \
+ memcmp.c \
+ memcpy.c \
+ memcpy_s.c \
+ memmove.c \
+ memrchr.c \
+ printf.c \
+ putchar.c \
+ puts.c \
+ snprintf.c \
+ strchr.c \
+ strcmp.c \
+ strlcat.c \
+ strlcpy.c \
+ strlen.c \
+ strncmp.c \
+ strnlen.c \
+ strrchr.c \
+ strtok.c \
+ strtoul.c \
+ strtoll.c \
+ strtoull.c \
+ strtol.c)
+
+ifeq (${ARCH},aarch64)
+LIBC_SRCS += $(addprefix lib/libc/aarch64/, \
+ setjmp.S)
+endif
+
+INCLUDES += -Iinclude/lib/libc \
+ -Iinclude/lib/libc/$(ARCH) \
+
diff --git a/make_helpers/arch_features.mk b/make_helpers/arch_features.mk
index 30b02ba..5d538cc 100644
--- a/make_helpers/arch_features.mk
+++ b/make_helpers/arch_features.mk
@@ -169,6 +169,10 @@
# Flag to enable CSV2_2 extension.
ENABLE_FEAT_CSV2_2 ?= 0
+# Flag to enable CSV2_3 extension. FEAT_CSV2_3 enables access to the
+# SCXTNUM_ELx register.
+ENABLE_FEAT_CSV2_3 ?= 0
+
# By default, disable access of trace system registers from NS lower
# ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused if
# system register trace is implemented. This feature is available if
diff --git a/plat/arm/board/fvp/fvp_bl2_setup.c b/plat/arm/board/fvp/fvp_bl2_setup.c
index ebd5266..97d000e 100644
--- a/plat/arm/board/fvp/fvp_bl2_setup.c
+++ b/plat/arm/board/fvp/fvp_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,6 +9,7 @@
#include <common/debug.h>
#include <common/desc_image_load.h>
#include <drivers/arm/sp804_delay_timer.h>
+#include <fvp_pas_def.h>
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
#include <lib/transfer_list.h>
@@ -21,6 +22,32 @@
static struct transfer_list_header *ns_tl __unused;
+#if ENABLE_RME
+/*
+ * The GPT library might modify the gpt regions structure to optimize
+ * the layout, so the array cannot be constant.
+ */
+static pas_region_t pas_regions[] = {
+ ARM_PAS_KERNEL,
+ ARM_PAS_SECURE,
+ ARM_PAS_REALM,
+ ARM_PAS_EL3_DRAM,
+ ARM_PAS_GPTS,
+ ARM_PAS_KERNEL_1
+};
+
+static const arm_gpt_info_t arm_gpt_info = {
+ .pas_region_base = pas_regions,
+ .pas_region_count = (unsigned int)ARRAY_SIZE(pas_regions),
+ .l0_base = (uintptr_t)ARM_L0_GPT_BASE,
+ .l1_base = (uintptr_t)ARM_L1_GPT_BASE,
+ .l0_size = (size_t)ARM_L0_GPT_SIZE,
+ .l1_size = (size_t)ARM_L1_GPT_SIZE,
+ .pps = GPCCR_PPS_64GB,
+ .pgs = GPCCR_PGS_4K
+};
+#endif
+
void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3)
{
arm_bl2_early_platform_setup((uintptr_t)arg0, (meminfo_t *)arg1);
@@ -41,6 +68,13 @@
fvp_timer_init();
}
+#if ENABLE_RME
+const arm_gpt_info_t *plat_arm_get_gpt_info(void)
+{
+ return &arm_gpt_info;
+}
+#endif /* ENABLE_RME */
+
/*******************************************************************************
* This function returns the list of executable images
******************************************************************************/
diff --git a/plat/arm/board/fvp/fvp_common.c b/plat/arm/board/fvp/fvp_common.c
index c40a3ce..beae242 100644
--- a/plat/arm/board/fvp/fvp_common.c
+++ b/plat/arm/board/fvp/fvp_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -24,7 +24,6 @@
#endif
#include <plat/arm/common/arm_config.h>
-#include <plat/arm/common/arm_pas_def.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
diff --git a/include/plat/arm/common/arm_pas_def.h b/plat/arm/board/fvp/include/fvp_pas_def.h
similarity index 94%
rename from include/plat/arm/common/arm_pas_def.h
rename to plat/arm/board/fvp/include/fvp_pas_def.h
index fba8d2c..4684387 100644
--- a/include/plat/arm/common/arm_pas_def.h
+++ b/plat/arm/board/fvp/include/fvp_pas_def.h
@@ -1,13 +1,13 @@
/*
- * Copyright (c) 2021-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
-#ifndef ARM_PAS_DEF_H
-#define ARM_PAS_DEF_H
+#ifndef FVP_PAS_DEF_H
+#define FVP_PAS_DEF_H
#include <lib/gpt_rme/gpt_rme.h>
-#include <plat/arm/common/arm_def.h>
+#include <platform_def.h>
/*****************************************************************************
* PAS regions used to initialize the Granule Protection Table (GPT)
@@ -107,11 +107,11 @@
ARM_EL3_TZC_DRAM1_SIZE, \
GPT_GPI_ROOT)
-#define ARM_PAS_GPTS GPT_MAP_REGION_GRANULE(ARM_L1_GPT_ADDR_BASE, \
+#define ARM_PAS_GPTS GPT_MAP_REGION_GRANULE(ARM_L1_GPT_BASE, \
ARM_L1_GPT_SIZE, \
GPT_GPI_ROOT)
/* GPT Configuration options */
#define PLATFORM_L0GPTSZ GPCCR_L0GPTSZ_30BITS
-#endif /* ARM_PAS_DEF_H */
+#endif /* FVP_PAS_DEF_H */
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index df26dd7..eef06d4 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -75,6 +75,7 @@
endif
ENABLE_SYS_REG_TRACE_FOR_NS := 2
ENABLE_FEAT_CSV2_2 := 2
+ENABLE_FEAT_CSV2_3 := 2
ENABLE_FEAT_DIT := 2
ENABLE_FEAT_PAN := 2
ENABLE_FEAT_MTE_PERM := 2
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index 3e8109e..30d0647 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -23,9 +23,6 @@
#include <lib/optee_utils.h>
#endif
#include <lib/utils.h>
-#if ENABLE_RME
-#include <plat/arm/common/arm_pas_def.h>
-#endif
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
@@ -134,48 +131,6 @@
arm_bl2_platform_setup();
}
-#if ENABLE_RME
-static void arm_bl2_plat_gpt_setup(void)
-{
- /*
- * The GPT library might modify the gpt regions structure to optimize
- * the layout, so the array cannot be constant.
- */
- pas_region_t pas_regions[] = {
- ARM_PAS_KERNEL,
- ARM_PAS_SECURE,
- ARM_PAS_REALM,
- ARM_PAS_EL3_DRAM,
- ARM_PAS_GPTS,
- ARM_PAS_KERNEL_1
- };
-
- /* Initialize entire protected space to GPT_GPI_ANY. */
- if (gpt_init_l0_tables(GPCCR_PPS_64GB, ARM_L0_GPT_ADDR_BASE,
- ARM_L0_GPT_SIZE) < 0) {
- ERROR("gpt_init_l0_tables() failed!\n");
- panic();
- }
-
- /* Carve out defined PAS ranges. */
- if (gpt_init_pas_l1_tables(GPCCR_PGS_4K,
- ARM_L1_GPT_ADDR_BASE,
- ARM_L1_GPT_SIZE,
- pas_regions,
- (unsigned int)(sizeof(pas_regions) /
- sizeof(pas_region_t))) < 0) {
- ERROR("gpt_init_pas_l1_tables() failed!\n");
- panic();
- }
-
- INFO("Enabling Granule Protection Checks\n");
- if (gpt_enable() < 0) {
- ERROR("gpt_enable() failed!\n");
- panic();
- }
-}
-#endif /* ENABLE_RME */
-
/*******************************************************************************
* Perform the very early platform specific architectural setup here.
* When RME is enabled the secure environment is initialised before
@@ -216,7 +171,7 @@
enable_mmu_el3(0);
/* Initialise and enable granule protection after MMU. */
- arm_bl2_plat_gpt_setup();
+ arm_gpt_setup();
#else
enable_mmu_el1(0);
#endif
diff --git a/plat/arm/common/arm_common.c b/plat/arm/common/arm_common.c
index fc68114..21cc39c 100644
--- a/plat/arm/common/arm_common.c
+++ b/plat/arm/common/arm_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -241,3 +241,43 @@
{
return plat_arm_mmap;
}
+
+#if ENABLE_RME
+void arm_gpt_setup(void)
+{
+ /*
+ * It is to be noted that any Arm platform that reuses arm_gpt_setup
+ * must implement plat_arm_get_gpt_info within its platform code
+ */
+ const arm_gpt_info_t *arm_gpt_info =
+ plat_arm_get_gpt_info();
+
+ if (arm_gpt_info == NULL) {
+ ERROR("arm_gpt_info not initialized!!\n");
+ panic();
+ }
+
+ /* Initialize entire protected space to GPT_GPI_ANY. */
+ if (gpt_init_l0_tables(arm_gpt_info->pps, arm_gpt_info->l0_base,
+ arm_gpt_info->l0_size) < 0) {
+ ERROR("gpt_init_l0_tables() failed!\n");
+ panic();
+ }
+
+ /* Carve out defined PAS ranges. */
+ if (gpt_init_pas_l1_tables(arm_gpt_info->pgs,
+ arm_gpt_info->l1_base,
+ arm_gpt_info->l1_size,
+ arm_gpt_info->pas_region_base,
+ arm_gpt_info->pas_region_count) < 0) {
+ ERROR("gpt_init_pas_l1_tables() failed!\n");
+ panic();
+ }
+
+ INFO("Enabling Granule Protection Checks\n");
+ if (gpt_enable() < 0) {
+ ERROR("gpt_enable() failed!\n");
+ panic();
+ }
+}
+#endif /* ENABLE_RME */
diff --git a/plat/arm/common/fconf/arm_fconf_sp.c b/plat/arm/common/fconf/arm_fconf_sp.c
index 18c83c7..8655156 100644
--- a/plat/arm/common/fconf/arm_fconf_sp.c
+++ b/plat/arm/common/fconf/arm_fconf_sp.c
@@ -1,10 +1,11 @@
/*
- * Copyright (c) 2020-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
+#include <string.h>
#include <common/debug.h>
#include <common/desc_image_load.h>
@@ -27,7 +28,7 @@
int fconf_populate_arm_sp(uintptr_t config)
{
int sp_node, node, err;
- union uuid_helper_t uuid_helper;
+ struct uuid uuid;
unsigned int index = 0;
uint32_t val32;
const unsigned int sip_start = SP_PKG1_ID;
@@ -68,13 +69,14 @@
/* Read UUID */
err = fdtw_read_uuid(dtb, sp_node, "uuid", 16,
- (uint8_t *)&uuid_helper);
+ (uint8_t *)&uuid);
if (err < 0) {
ERROR("FCONF: cannot read SP uuid\n");
return -1;
}
- arm_sp.uuids[index] = uuid_helper;
+ memcpy_s(&arm_sp.uuids[index].uuid_struct, sizeof(struct uuid),
+ &uuid, sizeof(struct uuid));
/* Read Load address */
err = fdt_read_uint32(dtb, sp_node, "load-address", &val32);
@@ -88,16 +90,16 @@
" %02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x"
" load_addr=%lx\n",
__func__,
- uuid_helper.uuid_struct.time_low[0], uuid_helper.uuid_struct.time_low[1],
- uuid_helper.uuid_struct.time_low[2], uuid_helper.uuid_struct.time_low[3],
- uuid_helper.uuid_struct.time_mid[0], uuid_helper.uuid_struct.time_mid[1],
- uuid_helper.uuid_struct.time_hi_and_version[0],
- uuid_helper.uuid_struct.time_hi_and_version[1],
- uuid_helper.uuid_struct.clock_seq_hi_and_reserved,
- uuid_helper.uuid_struct.clock_seq_low,
- uuid_helper.uuid_struct.node[0], uuid_helper.uuid_struct.node[1],
- uuid_helper.uuid_struct.node[2], uuid_helper.uuid_struct.node[3],
- uuid_helper.uuid_struct.node[4], uuid_helper.uuid_struct.node[5],
+ uuid.time_low[0], uuid.time_low[1],
+ uuid.time_low[2], uuid.time_low[3],
+ uuid.time_mid[0], uuid.time_mid[1],
+ uuid.time_hi_and_version[0],
+ uuid.time_hi_and_version[1],
+ uuid.clock_seq_hi_and_reserved,
+ uuid.clock_seq_low,
+ uuid.node[0], uuid.node[1],
+ uuid.node[2], uuid.node[3],
+ uuid.node[4], uuid.node[5],
arm_sp.load_addr[index]);
/* Read owner field only for dualroot CoT */
diff --git a/plat/imx/common/imx_sip_handler.c b/plat/imx/common/imx_sip_handler.c
index ec8631a..f830b64 100644
--- a/plat/imx/common/imx_sip_handler.c
+++ b/plat/imx/common/imx_sip_handler.c
@@ -17,6 +17,15 @@
#include <lib/mmio.h>
#include <sci/sci.h>
+#if defined(PLAT_imx8mn) || defined(PLAT_imx8mp)
+/*
+ * Defined in
+ * table 11. ROM event log buffer address location
+ * AN12853 "i.MX ROMs Log Events"
+ */
+#define ROM_LOG_BUFFER_ADDR 0x9E0
+#endif
+
#if defined(PLAT_imx8qm) || defined(PLAT_imx8qx)
#ifdef PLAT_imx8qm
@@ -177,6 +186,76 @@
}
#endif /* defined(PLAT_imx8mm) || defined(PLAT_imx8mq) */
+#if defined(PLAT_imx8mn) || defined(PLAT_imx8mp)
+static bool is_secondary_boot(void)
+{
+ uint32_t *rom_log_addr = (uint32_t *)ROM_LOG_BUFFER_ADDR;
+ bool is_secondary = false;
+ uint32_t *rom_log;
+ uint8_t event_id;
+
+ /* If the ROM event log pointer is not valid. */
+ if (*rom_log_addr < 0x900000 || *rom_log_addr >= 0xB00000 ||
+ *rom_log_addr & 0x3) {
+ return false;
+ }
+
+ /* Parse the ROM event ID version 2 log */
+ rom_log = (uint32_t *)(uintptr_t)(*rom_log_addr);
+ for (size_t i = 0; i < 128; i++) {
+ event_id = rom_log[i] >> 24;
+ switch (event_id) {
+ case 0x00: /* End of list */
+ return is_secondary;
+ /* Log entries with 1 parameter, skip 1 */
+ case 0x80: /* Perform the device initialization */
+ case 0x81: /* The boot device initialization completes */
+ case 0x82: /* Execute boot device driver pre-config */
+ case 0x8F: /* The boot device initialization fails */
+ case 0x90: /* Start to read data from boot device */
+ case 0x91: /* Reading data from boot device completes */
+ case 0x9F: /* Reading data from boot device fails */
+ i += 1;
+ continue;
+ /* Log entries with 2 parameters, skip 2 */
+ case 0xA0: /* Image authentication result */
+ case 0xC0: /* Jump to the boot image soon */
+ i += 2;
+ continue;
+ /* Booted the primary boot image */
+ case 0x50:
+ is_secondary = false;
+ continue;
+ /* Booted the secondary boot image */
+ case 0x51:
+ is_secondary = true;
+ continue;
+ }
+ }
+
+ return is_secondary;
+}
+
+int imx_src_handler(uint32_t smc_fid,
+ u_register_t x1,
+ u_register_t x2,
+ u_register_t x3,
+ void *handle)
+{
+ switch (x1) {
+ case IMX_SIP_SRC_SET_SECONDARY_BOOT:
+ /* we do support that on these SoCs */
+ break;
+ case IMX_SIP_SRC_IS_SECONDARY_BOOT:
+ return is_secondary_boot();
+ default:
+ return SMC_UNK;
+ };
+
+ return 0;
+}
+#endif /* defined(PLAT_imx8mn) || defined(PLAT_imx8mp) */
+
static uint64_t imx_get_commit_hash(u_register_t x2,
u_register_t x3,
u_register_t x4)
diff --git a/plat/imx/common/imx_sip_svc.c b/plat/imx/common/imx_sip_svc.c
index 6d6633c..69d4f05 100644
--- a/plat/imx/common/imx_sip_svc.c
+++ b/plat/imx/common/imx_sip_svc.c
@@ -60,7 +60,8 @@
case IMX_SIP_MISC_SET_TEMP:
SMC_RET1(handle, imx_misc_set_temp_handler(smc_fid, x1, x2, x3, x4));
#endif
-#if defined(PLAT_imx8mm) || defined(PLAT_imx8mq)
+#if defined(PLAT_imx8mm) || defined(PLAT_imx8mq) || defined(PLAT_imx8mn) || \
+ defined(PLAT_imx8mp)
case IMX_SIP_SRC:
SMC_RET1(handle, imx_src_handler(smc_fid, x1, x2, x3, handle));
break;
diff --git a/plat/imx/common/include/imx_sip_svc.h b/plat/imx/common/include/imx_sip_svc.h
index 0e91c71..35a9f47 100644
--- a/plat/imx/common/include/imx_sip_svc.h
+++ b/plat/imx/common/include/imx_sip_svc.h
@@ -68,7 +68,9 @@
u_register_t x2, u_register_t x3);
#endif
-#if defined(PLAT_imx8mm) || defined(PLAT_imx8mq)
+#if defined(PLAT_imx8mm) || defined(PLAT_imx8mq) || defined(PLAT_imx8mn) || \
+ defined(PLAT_imx8mp)
+
int imx_src_handler(uint32_t smc_fid, u_register_t x1,
u_register_t x2, u_register_t x3, void *handle);
#endif
diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c
index 321b8c5..fd86020 100644
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -367,7 +367,9 @@
print_reset_reason();
#if STM32MP15
- update_monotonic_counter();
+ if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) {
+ update_monotonic_counter();
+ }
#endif
stm32mp1_syscfg_enable_io_compensation_finish();
diff --git a/plat/st/stm32mp2/bl2_plat_setup.c b/plat/st/stm32mp2/bl2_plat_setup.c
index 5f05f63..a7cce62 100644
--- a/plat/st/stm32mp2/bl2_plat_setup.c
+++ b/plat/st/stm32mp2/bl2_plat_setup.c
@@ -7,8 +7,10 @@
#include <cdefs.h>
#include <stdint.h>
+#include <common/debug.h>
#include <plat/common/platform.h>
+#include <platform_def.h>
#include <stm32mp_common.h>
void bl2_el3_early_platform_setup(u_register_t arg0 __unused,
@@ -25,4 +27,8 @@
void bl2_el3_plat_arch_setup(void)
{
+ if (stm32_otp_probe() != 0U) {
+ ERROR("OTP probe failed\n");
+ panic();
+ }
}
diff --git a/plat/st/stm32mp2/platform.mk b/plat/st/stm32mp2/platform.mk
index 6ea4638..0519b16 100644
--- a/plat/st/stm32mp2/platform.mk
+++ b/plat/st/stm32mp2/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023, STMicroelectronics - All Rights Reserved
+# Copyright (c) 2023-2024, STMicroelectronics - All Rights Reserved
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -46,6 +46,8 @@
PLAT_BL_COMMON_SOURCES += drivers/st/uart/${ARCH}/stm32_console.S
PLAT_BL_COMMON_SOURCES += plat/st/stm32mp2/${ARCH}/stm32mp2_helper.S
+PLAT_BL_COMMON_SOURCES += drivers/st/bsec/bsec3.c
+
BL2_SOURCES += plat/st/stm32mp2/plat_bl2_mem_params_desc.c
BL2_SOURCES += plat/st/stm32mp2/bl2_plat_setup.c
diff --git a/plat/st/stm32mp2/stm32mp2_def.h b/plat/st/stm32mp2/stm32mp2_def.h
index ee105de..56c62e1 100644
--- a/plat/st/stm32mp2/stm32mp2_def.h
+++ b/plat/st/stm32mp2/stm32mp2_def.h
@@ -158,6 +158,96 @@
#define STM32MP_SDMMC3_BASE U(0x48240000)
/*******************************************************************************
+ * STM32MP2 BSEC / OTP
+ ******************************************************************************/
+/*
+ * 367 available OTPs, the other are masked
+ * - ECIES key: 368 to 375 (only readable by bootrom)
+ * - HWKEY: 376 to 383 (never reloadable or readable)
+ */
+#define STM32MP2_OTP_MAX_ID U(0x16F)
+#define STM32MP2_MID_OTP_START U(0x80)
+#define STM32MP2_UPPER_OTP_START U(0x100)
+
+/* OTP labels */
+#define PART_NUMBER_OTP "part-number-otp"
+#define PACKAGE_OTP "package-otp"
+#define HCONF1_OTP "otp124"
+#define NAND_OTP "otp16"
+#define NAND2_OTP "otp20"
+#define BOARD_ID_OTP "board-id"
+#define UID_OTP "uid-otp"
+#define LIFECYCLE2_OTP "otp18"
+#define PKH_OTP "otp144"
+#define ENCKEY_OTP "otp260"
+
+/* OTP mask */
+/* PACKAGE */
+#define PACKAGE_OTP_PKG_MASK GENMASK_32(2, 0)
+#define PACKAGE_OTP_PKG_SHIFT U(0)
+
+/* IWDG OTP */
+#define HCONF1_OTP_IWDG_HW_POS U(0)
+#define HCONF1_OTP_IWDG_FZ_STOP_POS U(1)
+#define HCONF1_OTP_IWDG_FZ_STANDBY_POS U(2)
+
+/* NAND OTP */
+/* NAND parameter storage flag */
+#define NAND_PARAM_STORED_IN_OTP BIT_32(31)
+
+/* NAND page size in bytes */
+#define NAND_PAGE_SIZE_MASK GENMASK_32(30, 29)
+#define NAND_PAGE_SIZE_SHIFT U(29)
+#define NAND_PAGE_SIZE_2K U(0)
+#define NAND_PAGE_SIZE_4K U(1)
+#define NAND_PAGE_SIZE_8K U(2)
+
+/* NAND block size in pages */
+#define NAND_BLOCK_SIZE_MASK GENMASK_32(28, 27)
+#define NAND_BLOCK_SIZE_SHIFT U(27)
+#define NAND_BLOCK_SIZE_64_PAGES U(0)
+#define NAND_BLOCK_SIZE_128_PAGES U(1)
+#define NAND_BLOCK_SIZE_256_PAGES U(2)
+
+/* NAND number of block (in unit of 256 blocks) */
+#define NAND_BLOCK_NB_MASK GENMASK_32(26, 19)
+#define NAND_BLOCK_NB_SHIFT U(19)
+#define NAND_BLOCK_NB_UNIT U(256)
+
+/* NAND bus width in bits */
+#define NAND_WIDTH_MASK BIT_32(18)
+#define NAND_WIDTH_SHIFT U(18)
+
+/* NAND number of ECC bits per 512 bytes */
+#define NAND_ECC_BIT_NB_MASK GENMASK_32(17, 15)
+#define NAND_ECC_BIT_NB_SHIFT U(15)
+#define NAND_ECC_BIT_NB_UNSET U(0)
+#define NAND_ECC_BIT_NB_1_BITS U(1)
+#define NAND_ECC_BIT_NB_4_BITS U(2)
+#define NAND_ECC_BIT_NB_8_BITS U(3)
+#define NAND_ECC_ON_DIE U(4)
+
+/* NAND number of planes */
+#define NAND_PLANE_BIT_NB_MASK BIT_32(14)
+
+/* NAND2 OTP */
+#define NAND2_PAGE_SIZE_SHIFT U(16)
+
+/* NAND2 config distribution */
+#define NAND2_CONFIG_DISTRIB BIT_32(0)
+#define NAND2_PNAND_NAND2_SNAND_NAND1 U(0)
+#define NAND2_PNAND_NAND1_SNAND_NAND2 U(1)
+
+/* MONOTONIC OTP */
+#define MAX_MONOTONIC_VALUE U(32)
+
+/* UID OTP */
+#define UID_WORD_NB U(3)
+
+/* Lifecycle OTP */
+#define SECURE_BOOT_CLOSED_SECURE GENMASK_32(3, 0)
+
+/*******************************************************************************
* STM32MP2 TAMP
******************************************************************************/
#define PLAT_MAX_TAMP_INT U(5)
diff --git a/services/oem/chromeos/widevine_smc_handlers.c b/services/oem/chromeos/widevine_smc_handlers.c
new file mode 100644
index 0000000..83c6ccc
--- /dev/null
+++ b/services/oem/chromeos/widevine_smc_handlers.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2024, The ChromiumOS Authors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <common/debug.h>
+#include <common/runtime_svc.h>
+#include <lib/psci/psci.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
+#include <services/oem/chromeos/widevine_smc_handlers.h>
+#include <tools_share/uuid.h>
+
+#define CROS_OEM_TPM_AUTH_PK_MAX_LEN 128
+#define CROS_OEM_HUK_LEN 32
+#define CROS_OEM_ROT_LEN 32
+
+static uint8_t cros_oem_tpm_auth_pk_buffer[CROS_OEM_TPM_AUTH_PK_MAX_LEN];
+static uint8_t cros_oem_huk_buffer[CROS_OEM_HUK_LEN];
+static uint8_t cros_oem_rot_len_buffer[CROS_OEM_ROT_LEN];
+
+struct cros_oem_data cros_oem_tpm_auth_pk = {
+ .buffer = cros_oem_tpm_auth_pk_buffer,
+ .max_length = sizeof(cros_oem_tpm_auth_pk_buffer),
+};
+
+struct cros_oem_data cros_oem_huk = {
+ .buffer = cros_oem_huk_buffer,
+ .max_length = sizeof(cros_oem_huk_buffer),
+};
+
+struct cros_oem_data cros_oem_rot = {
+ .buffer = cros_oem_rot_len_buffer,
+ .max_length = sizeof(cros_oem_rot_len_buffer),
+};
+
+static uintptr_t cros_write_data(struct cros_oem_data *data,
+ u_register_t length, u_register_t address,
+ void *handle)
+{
+ uintptr_t aligned_address;
+ uintptr_t aligned_size;
+ int32_t rc;
+
+ if (data->length) {
+ SMC_RET1(handle, PSCI_E_ALREADY_ON);
+ }
+
+ if (length > data->max_length) {
+ SMC_RET1(handle, PSCI_E_INVALID_PARAMS);
+ }
+
+ aligned_address = page_align(address, DOWN);
+ aligned_size = page_align(length + (address - aligned_address), UP);
+
+ /*
+ * We do not validate the passed in address because we are trusting the
+ * non-secure world at this point still.
+ */
+ rc = mmap_add_dynamic_region(aligned_address, aligned_address,
+ aligned_size, MT_MEMORY | MT_RO | MT_NS);
+ if (rc != 0) {
+ SMC_RET1(handle, PSCI_E_INVALID_ADDRESS);
+ }
+
+ memcpy(data->buffer, (void *)address, length);
+ data->length = length;
+
+ mmap_remove_dynamic_region(aligned_address, aligned_size);
+ SMC_RET1(handle, SMC_OK);
+}
+
+/* Handler for servicing specific SMC calls. */
+static uintptr_t cros_oem_svc_smc_handler(uint32_t smc_fid, u_register_t x1,
+ u_register_t x2, u_register_t x3,
+ u_register_t x4, void *cookie,
+ void *handle, u_register_t flags)
+{
+ switch (smc_fid) {
+ case CROS_OEM_SMC_DRM_SET_TPM_AUTH_PUB_FUNC_ID:
+ return cros_write_data(&cros_oem_tpm_auth_pk, x1, x2, handle);
+ case CROS_OEM_SMC_DRM_SET_HARDWARE_UNIQUE_KEY_FUNC_ID:
+ return cros_write_data(&cros_oem_huk, x1, x2, handle);
+ case CROS_OEM_SMC_DRM_SET_ROOT_OF_TRUST_FUNC_ID:
+ return cros_write_data(&cros_oem_rot, x1, x2, handle);
+ default:
+ WARN("Unimplemented OEM Call: 0x%x\n", smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+ }
+}
+
+/* Register OEM Service Calls as runtime service */
+DECLARE_RT_SVC(cros_oem_svc_smc_handler, OEN_OEM_START, OEN_OEM_END,
+ SMC_TYPE_FAST, NULL, cros_oem_svc_smc_handler);
diff --git a/services/spd/opteed/opteed.mk b/services/spd/opteed/opteed.mk
index f394744..289b3e7 100644
--- a/services/spd/opteed/opteed.mk
+++ b/services/spd/opteed/opteed.mk
@@ -33,3 +33,11 @@
$(eval $(call add_define,OPTEE_ALLOW_SMC_LOAD))
include lib/libfdt/libfdt.mk
endif
+
+CROS_WIDEVINE_SMC := 0
+ifeq ($(CROS_WIDEVINE_SMC),1)
+ifeq ($(OPTEE_ALLOW_SMC_LOAD),0)
+$(error When CROS_WIDEVINE_SMC=1, OPTEE_ALLOW_SMC_LOAD must also be 1)
+endif
+$(eval $(call add_define,CROS_WIDEVINE_SMC))
+endif
diff --git a/services/spd/opteed/opteed_main.c b/services/spd/opteed/opteed_main.c
index ab9896e..83b001a 100644
--- a/services/spd/opteed/opteed_main.c
+++ b/services/spd/opteed/opteed_main.c
@@ -33,6 +33,7 @@
#include <libfdt.h>
#endif /* OPTEE_ALLOW_SMC_LOAD */
#include <plat/common/platform.h>
+#include <services/oem/chromeos/widevine_smc_handlers.h>
#include <tools_share/uuid.h>
#include "opteed_private.h"
@@ -61,7 +62,7 @@
0xb1eafba3, 0x5d31, 0x4612, 0xb9, 0x06,
0xc4, 0xc7, 0xa4, 0xbe, 0x3c, 0xc0);
-#define OPTEED_FDT_SIZE 256
+#define OPTEED_FDT_SIZE 1024
static uint8_t fdt_buf[OPTEED_FDT_SIZE] __aligned(CACHE_WRITEBACK_GRANULE);
#else
@@ -299,6 +300,62 @@
}
#endif /* COREBOOT */
+#if CROS_WIDEVINE_SMC
+/*
+ * Adds a options/widevine node with the widevine table information to a device
+ * tree. Returns zero on success or if there is no widevine table information;
+ * failure code otherwise.
+ */
+static int add_options_widevine_node(void *fdt)
+{
+ int ret;
+
+ ret = fdt_begin_node(fdt, "options");
+ if (ret)
+ return ret;
+
+ ret = fdt_begin_node(fdt, "op-tee");
+ if (ret)
+ return ret;
+
+ ret = fdt_begin_node(fdt, "widevine");
+ if (ret)
+ return ret;
+
+ if (cros_oem_tpm_auth_pk.length) {
+ ret = fdt_property(fdt, "tcg,tpm-auth-public-key",
+ cros_oem_tpm_auth_pk.buffer,
+ cros_oem_tpm_auth_pk.length);
+ if (ret)
+ return ret;
+ }
+
+ if (cros_oem_huk.length) {
+ ret = fdt_property(fdt, "op-tee,hardware-unique-key",
+ cros_oem_huk.buffer, cros_oem_huk.length);
+ if (ret)
+ return ret;
+ }
+
+ if (cros_oem_rot.length) {
+ ret = fdt_property(fdt, "google,widevine-root-of-trust-ecc-p256",
+ cros_oem_rot.buffer, cros_oem_rot.length);
+ if (ret)
+ return ret;
+ }
+
+ ret = fdt_end_node(fdt);
+ if (ret)
+ return ret;
+
+ ret = fdt_end_node(fdt);
+ if (ret)
+ return ret;
+
+ return fdt_end_node(fdt);
+}
+#endif /* CROS_WIDEVINE_SMC */
+
/*
* Creates a device tree for passing into OP-TEE. Currently is populated with
* the coreboot table address.
@@ -326,6 +383,12 @@
return ret;
#endif /* COREBOOT */
+#if CROS_WIDEVINE_SMC
+ ret = add_options_widevine_node(fdt_buf);
+ if (ret)
+ return ret;
+#endif /* CROS_WIDEVINE_SMC */
+
ret = fdt_end_node(fdt_buf);
if (ret)
return ret;
diff --git a/services/std_svc/errata_abi/errata_abi_main.c b/services/std_svc/errata_abi/errata_abi_main.c
index f1342ad..a2669d2 100644
--- a/services/std_svc/errata_abi/errata_abi_main.c
+++ b/services/std_svc/errata_abi/errata_abi_main.c
@@ -451,10 +451,11 @@
[2] = {2302506, 0x00, 0x11, ERRATA_X3_2302506},
[3] = {2313909, 0x00, 0x10, ERRATA_X3_2313909},
[4] = {2615812, 0x00, 0x11, ERRATA_X3_2615812},
- [5] = {2742421, 0x00, 0x11, ERRATA_X3_2742421},
- [6] = {2743088, 0x00, 0x11, ERRATA_X3_2743088},
- [7] = {2779509, 0x00, 0x11, ERRATA_X3_2779509},
- [8 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [5] = {2641945, 0x00, 0x10, ERRATA_X3_2641945},
+ [6] = {2742421, 0x00, 0x11, ERRATA_X3_2742421},
+ [7] = {2743088, 0x00, 0x11, ERRATA_X3_2743088},
+ [8] = {2779509, 0x00, 0x11, ERRATA_X3_2779509},
+ [9 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_X3_H_INC */