Merge changes from topic "refactor_st_common" into integration
* changes:
refactor(st): move board info in common code
refactor(st): move GIC code to common directory
refactor(st): move boot backup register management
diff --git a/Makefile b/Makefile
index c4350dc..f4d623e 100644
--- a/Makefile
+++ b/Makefile
@@ -350,27 +350,53 @@
# General warnings
WARNINGS := -Wall -Wmissing-include-dirs -Wunused \
-Wdisabled-optimization -Wvla -Wshadow \
- -Wno-unused-parameter -Wredundant-decls
+ -Wredundant-decls
+# stricter warnings
+WARNINGS += -Wextra -Wno-trigraphs
+# too verbose for generic build
+WARNINGS += -Wno-missing-field-initializers \
+ -Wno-type-limits -Wno-sign-compare \
+# on clang this flag gets reset if -Wextra is set after it. No difference on gcc
+WARNINGS += -Wno-unused-parameter
# Additional warnings
-# Level 1
-WARNING1 := -Wextra
-WARNING1 += -Wmissing-format-attribute
-WARNING1 += -Wmissing-prototypes
-WARNING1 += -Wold-style-definition
+# Level 1 - infrequent warnings we should have none of
+# full -Wextra
+WARNING1 += -Wsign-compare
+WARNING1 += -Wtype-limits
+WARNING1 += -Wmissing-field-initializers
-# Level 2
-WARNING2 := -Waggregate-return
-WARNING2 += -Wcast-align
-WARNING2 += -Wnested-externs
+# Level 2 - problematic warnings that we want
+# zlib, compiler-rt, coreboot, and mbdedtls blow up with these
+# TODO: disable just for them and move into default build
+WARNING2 += -Wold-style-definition
+WARNING2 += -Wmissing-prototypes
+WARNING2 += -Wmissing-format-attribute
+# TF-A aims to comply with this eventually. Effort too large at present
+WARNING2 += -Wundef
+# currently very involved and many platforms set this off
+WARNING2 += -Wunused-const-variable=2
+# Level 3 - very pedantic, frequently ignored
WARNING3 := -Wbad-function-cast
+WARNING3 += -Waggregate-return
+WARNING3 += -Wnested-externs
+WARNING3 += -Wcast-align
WARNING3 += -Wcast-qual
WARNING3 += -Wconversion
WARNING3 += -Wpacked
WARNING3 += -Wpointer-arith
WARNING3 += -Wswitch-default
+# Setting W is quite verbose and most warnings will be pre-existing issues
+# outside of the contributor's control. Don't fail the build on them so warnings
+# can be seen and hopefully addressed
+ifdef W
+ifneq (${W},0)
+E ?= 0
+endif
+endif
+
ifeq (${W},1)
WARNINGS += $(WARNING1)
else ifeq (${W},2)
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index 614ea71..0c60859 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -10,6 +10,7 @@
#include <asm_macros.S>
#include <bl31/ea_handle.h>
#include <bl31/interrupt_mgmt.h>
+#include <bl31/sync_handle.h>
#include <common/runtime_svc.h>
#include <context.h>
#include <el3_common_macros.S>
@@ -82,31 +83,6 @@
1:
#else
/*
- * For SoCs which do not implement RAS, use DSB as a barrier to
- * synchronize pending external aborts.
- */
- dsb sy
-
- /* Unmask the SError interrupt */
- msr daifclr, #DAIF_ABT_BIT
-
- /* Use ISB for the above unmask operation to take effect immediately */
- isb
-
- /*
- * Refer Note 1. No need to restore X30 as both handle_sync_exception
- * and handle_interrupt_exception macro which follow this macro modify
- * X30 anyway.
- */
- str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
- mov x30, #1
- str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3]
- dmb sy
-#endif
- .endm
-
-#if !RAS_EXTENSION
- /*
* Note 1: The explicit DSB at the entry of various exception vectors
* for handling exceptions from lower ELs can inadvertently trigger an
* SError exception in EL3 due to pending asynchronous aborts in lower
@@ -120,13 +96,9 @@
* flag execute without causing further exceptions.
*/
- /* ---------------------------------------------------------------------
- * This macro handles Asynchronous External Aborts.
- * ---------------------------------------------------------------------
- */
- .macro handle_async_ea
/*
- * Use a barrier to synchronize pending external aborts.
+ * For SoCs which do not implement RAS, use DSB as a barrier to
+ * synchronize pending external aborts.
*/
dsb sy
@@ -136,33 +108,16 @@
/* Use ISB for the above unmask operation to take effect immediately */
isb
- /* Refer Note 1 */
+ /*
+ * Refer Note 1.
+ * No need to restore X30 as macros following this modify x30 anyway.
+ */
str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
mov x30, #1
str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3]
dmb sy
-
- b handle_lower_el_async_ea
- .endm
-
- /*
- * This macro checks if the exception was taken due to SError in EL3 or
- * because of pending asynchronous external aborts from lower EL that got
- * triggered due to explicit synchronization in EL3. Refer Note 1.
- */
- .macro check_if_serror_from_EL3
- /* Assumes SP_EL3 on entry */
- str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
- ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3]
- cbnz x30, exp_from_EL3
-
- /* Handle asynchronous external abort from lower EL */
- b handle_lower_el_async_ea
-
-exp_from_EL3:
- /* Jump to plat_handle_el3_ea which does not return */
- .endm
#endif
+ .endm
/* ---------------------------------------------------------------------
* This macro handles Synchronous exceptions.
@@ -191,7 +146,10 @@
b.eq smc_handler32
cmp x30, #EC_AARCH64_SMC
- b.eq smc_handler64
+ b.eq sync_handler64
+
+ cmp x30, #EC_AARCH64_SYS
+ b.eq sync_handler64
/* Synchronous exceptions other than the above are assumed to be EA */
ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
@@ -352,7 +310,19 @@
vector_entry serror_sp_elx
#if !RAS_EXTENSION
- check_if_serror_from_EL3
+ /*
+ * This will trigger if the exception was taken due to SError in EL3 or
+ * because of pending asynchronous external aborts from lower EL that got
+ * triggered due to explicit synchronization in EL3. Refer Note 1.
+ */
+ /* Assumes SP_EL3 on entry */
+ str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+ ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3]
+ cbnz x30, 1f
+
+ /* Handle asynchronous external abort from lower EL */
+ b handle_lower_el_async_ea
+1:
#endif
no_ret plat_handle_el3_ea
end_vector_entry serror_sp_elx
@@ -391,7 +361,8 @@
msr daifclr, #DAIF_ABT_BIT
b enter_lower_el_async_ea
#else
- handle_async_ea
+ check_and_unmask_ea
+ b handle_lower_el_async_ea
#endif
end_vector_entry serror_aarch64
@@ -429,7 +400,8 @@
msr daifclr, #DAIF_ABT_BIT
b enter_lower_el_async_ea
#else
- handle_async_ea
+ check_and_unmask_ea
+ b handle_lower_el_async_ea
#endif
end_vector_entry serror_aarch32
@@ -452,12 +424,12 @@
* Note that x30 has been explicitly saved and can be used here
* ---------------------------------------------------------------------
*/
-func smc_handler
+func sync_exception_handler
smc_handler32:
/* Check whether aarch32 issued an SMC64 */
tbnz x0, #FUNCID_CC_SHIFT, smc_prohibited
-smc_handler64:
+sync_handler64:
/* NOTE: The code below must preserve x0-x4 */
/*
@@ -504,6 +476,12 @@
/* Load SCR_EL3 */
mrs x18, scr_el3
+ /* check for system register traps */
+ mrs x16, esr_el3
+ ubfx x17, x16, #ESR_EC_SHIFT, #ESR_EC_LENGTH
+ cmp x17, #EC_AARCH64_SYS
+ b.eq sysreg_handler64
+
/* Clear flag register */
mov x7, xzr
@@ -569,6 +547,32 @@
b el3_exit
+sysreg_handler64:
+ mov x0, x16 /* ESR_EL3, containing syndrome information */
+ mov x1, x6 /* lower EL's context */
+ mov x19, x6 /* save context pointer for after the call */
+ mov sp, x12 /* EL3 runtime stack, as loaded above */
+
+ /* int handle_sysreg_trap(uint64_t esr_el3, cpu_context_t *ctx); */
+ bl handle_sysreg_trap
+ /*
+ * returns:
+ * -1: unhandled trap, panic
+ * 0: handled trap, return to the trapping instruction (repeating it)
+ * 1: handled trap, return to the next instruction
+ */
+
+ tst w0, w0
+ b.mi do_panic /* negative return value: panic */
+ b.eq 1f /* zero: do not change ELR_EL3 */
+
+ /* advance the PC to continue after the instruction */
+ ldr x1, [x19, #CTX_EL3STATE_OFFSET + CTX_ELR_EL3]
+ add x1, x1, #4
+ str x1, [x19, #CTX_EL3STATE_OFFSET + CTX_ELR_EL3]
+1:
+ b el3_exit
+
smc_unknown:
/*
* Unknown SMC call. Populate return value with SMC_UNK and call
@@ -593,7 +597,7 @@
msr spsel, #MODE_SP_ELX
no_ret report_unhandled_exception
#endif
-endfunc smc_handler
+endfunc sync_exception_handler
/* ---------------------------------------------------------------------
* The following code handles exceptions caused by BRK instructions.
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 4c93a55..ac15f9f 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -42,6 +42,7 @@
bl31/aarch64/ea_delegate.S \
bl31/aarch64/runtime_exceptions.S \
bl31/bl31_context_mgmt.c \
+ bl31/bl31_traps.c \
common/runtime_svc.c \
lib/cpus/aarch64/dsu_helpers.S \
plat/common/aarch64/platform_mp_stack.S \
diff --git a/bl31/bl31_traps.c b/bl31/bl31_traps.c
new file mode 100644
index 0000000..b12185d
--- /dev/null
+++ b/bl31/bl31_traps.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2022, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * Dispatch synchronous system register traps from lower ELs.
+ */
+
+#include <bl31/sync_handle.h>
+#include <context.h>
+
+int handle_sysreg_trap(uint64_t esr_el3, cpu_context_t *ctx)
+{
+ switch (esr_el3 & ISS_SYSREG_OPCODE_MASK) {
+#if ENABLE_FEAT_RNG_TRAP
+ case ISS_SYSREG_OPCODE_RNDR:
+ case ISS_SYSREG_OPCODE_RNDRRS:
+ return plat_handle_rng_trap(esr_el3, ctx);
+#endif
+ default:
+ return TRAP_RET_UNHANDLED;
+ }
+}
diff --git a/changelog.yaml b/changelog.yaml
index cfb2bb5..1e1f0a1 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2021-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -744,6 +744,9 @@
- title: mbedTLS
scope: mbedtls
+ - title: Console
+ scope: console
+
- title: Generic Clock
scope: clk
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index 9a2ae73..914c959 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -506,8 +506,10 @@
Arm Total Compute platform port
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Anders Dellien <anders.dellien@arm.com>
-:|G|: `andersdellien-arm`_
+:|M|: Vishnu Banavath <vishnu.banavath@arm.com>
+:|G|: `vishnu-banavath`_
+:|M|: Rupinderjit Singh <rupinderjit.singh@arm.com>
+:|G|: `rupsin01`_
:|F|: plat/arm/board/tc
HiSilicon HiKey and HiKey960 platform ports
@@ -956,5 +958,6 @@
.. _marcbonnici: https://github.com/marcbonnici
.. _jayanthchidanand-arm: https://github.com/jayanthchidanand-arm
.. _bytefire: https://github.com/bytefire
+.. _rupsin01: https://github.com/rupsin01
.. _Project Maintenance Process: https://developer.trustedfirmware.org/w/collaboration/project-maintenance-process/
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 9311420..8a8445d 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -511,8 +511,8 @@
of the CPU and is fixed in r2p1.
- ``ERRATA_A710_2282622``: This applies errata 2282622 workaround to
- Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0
- of the CPU and is fixed in r2p1.
+ Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and
+ r2p1 of the CPU and is still open.
- ``ERRATA_A710_2291219``: This applies errata 2291219 workaround to
Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0
@@ -591,29 +591,33 @@
- ``ERRATA_X2_2083908``: This applies errata 2083908 workaround to Cortex-X2
CPU. This needs to be enabled for revision r2p0 of the CPU, it is still open.
-- ``ERRATA_X2_2017096``: This applies errata 2017096 workaround to
- Cortex-X2 CPU. This needs to be enabled only for revisions r0p0, r1p0 and
- r2p0 of the CPU, it is fixed in r2p1.
+- ``ERRATA_X2_2017096``: This applies errata 2017096 workaround to Cortex-X2
+ CPU. This needs to be enabled only for revisions r0p0, r1p0 and r2p0 of the
+ CPU, it is fixed in r2p1.
-- ``ERRATA_X2_2081180``: This applies errata 2081180 workaround to
- Cortex-X2 CPU. This needs to be enabled only for revisions r0p0, r1p0 and
- r2p0 of the CPU, it is fixed in r2p1.
+- ``ERRATA_X2_2081180``: This applies errata 2081180 workaround to Cortex-X2
+ CPU. This needs to be enabled only for revisions r0p0, r1p0 and r2p0 of the
+ CPU, it is fixed in r2p1.
-- ``ERRATA_X2_2216384``: This applies errata 2216384 workaround to
- Cortex-X2 CPU. This needs to be enabled only for revisions r0p0, r1p0 and
- r2p0 of the CPU, it is fixed in r2p1.
+- ``ERRATA_X2_2216384``: This applies errata 2216384 workaround to Cortex-X2
+ CPU. This needs to be enabled only for revisions r0p0, r1p0 and r2p0 of the
+ CPU, it is fixed in r2p1.
-- ``ERRATA_X2_2147715``: This applies errata 2147715 workaround to
- Cortex-X2 CPU. This needs to be enabled only for revision r2p0 of the CPU,
- it is fixed in r2p1.
+- ``ERRATA_X2_2147715``: This applies errata 2147715 workaround to Cortex-X2
+ CPU. This needs to be enabled only for revision r2p0 of the CPU, it is fixed
+ in r2p1.
-- ``ERRATA_X2_2371105``: This applies errata 2371105 workaround to
- Cortex-X2 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0
- of the CPU and is fixed in r2p1.
+- ``ERRATA_X2_2282622``: This applies errata 2282622 workaround to Cortex-X2
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
+ CPU and is still open.
-- ``ERRATA_X2_2768515``: This applies errata 2768515 workaround to
- Cortex-X2 CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0
- and r2p1 of the CPU and is still open.
+- ``ERRATA_X2_2371105``: This applies errata 2371105 workaround to Cortex-X2
+ CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0 of the CPU
+ and is fixed in r2p1.
+
+- ``ERRATA_X2_2768515``: This applies errata 2768515 workaround to Cortex-X2
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
+ CPU and is still open.
For Cortex-X3, the following errata build flags are defined :
@@ -754,7 +758,7 @@
--------------
-*Copyright (c) 2014-2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.*
.. _CVE-2017-5715: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
.. _CVE-2018-3639: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index e54ff41..d5ded5e 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -213,6 +213,12 @@
- ``E``: Boolean option to make warnings into errors. Default is 1.
+ When specifying higher warnings levels (``W=1`` and higher), this option
+ defaults to 0. This is done to encourage contributors to use them, as they
+ are expected to produce warnings that would otherwise fail the build. New
+ contributions are still expected to build with ``W=0`` and ``E=1`` (the
+ default).
+
- ``EL3_PAYLOAD_BASE``: This option enables booting an EL3 payload instead of
the normal boot flow. It must specify the entry point address of the EL3
payload. Please refer to the "Booting an EL3 payload" section for more
@@ -954,6 +960,43 @@
regrouped and put in the root Makefile. This flag can take the values 0 to 3,
each level enabling more warning options. Default is 0.
+ This option is closely related to the ``E`` option, which enables
+ ``-Werror``.
+
+ - ``W=0`` (default)
+
+ Enables a wide assortment of warnings, most notably ``-Wall`` and
+ ``-Wextra``, as well as various bad practices and things that are likely to
+ result in errors. Includes some compiler specific flags. No warnings are
+ expected at this level for any build.
+
+ - ``W=1``
+
+ Enables warnings we want the generic build to include but are too time
+ consuming to fix at the moment. It re-enables warnings taken out for
+ ``W=0`` builds (a few of the ``-Wextra`` additions). This level is expected
+ to eventually be merged into ``W=0``. Some warnings are expected on some
+ builds, but new contributions should not introduce new ones.
+
+ - ``W=2`` (recommended)
+
+ Enables warnings we want the generic build to include but cannot be enabled
+ due to external libraries. This level is expected to eventually be merged
+ into ``W=0``. Lots of warnings are expected, primarily from external
+ libraries like zlib and compiler-rt, but new controbutions should not
+ introduce new ones.
+
+ - ``W=3``
+
+ Enables warnings that are informative but not necessary and generally too
+ verbose and frequently ignored. A very large number of warnings are
+ expected.
+
+ The exact set of warning flags depends on the compiler and TF-A warning
+ level, however they are all succinctly set in the top-level Makefile. Please
+ refer to the `GCC`_ or `Clang`_ documentation for more information on the
+ individual flags.
+
- ``WARMBOOT_ENABLE_DCACHE_EARLY`` : Boolean option to enable D-cache early on
the CPU after warm boot. This is applicable for platforms which do not
require interconnect programming to enable cache coherency (eg: single
@@ -1161,3 +1204,5 @@
.. _DEN0115: https://developer.arm.com/docs/den0115/latest
.. _PSA FW update specification: https://developer.arm.com/documentation/den0118/a/
.. _PSA DRTM specification: https://developer.arm.com/documentation/den0113/a
+.. _GCC: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
+.. _Clang: https://clang.llvm.org/docs/DiagnosticsReference.html
diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst
index aa57e1d..80b72e5 100644
--- a/docs/getting_started/porting-guide.rst
+++ b/docs/getting_started/porting-guide.rst
@@ -2135,7 +2135,7 @@
#. Providing runtime firmware services. Currently, BL31 only implements a
subset of the Power State Coordination Interface (PSCI) API as a runtime
- service. See Section 3.3 below for details of porting the PSCI
+ service. See :ref:`psci_in_bl31` below for details of porting the PSCI
implementation.
#. Optionally passing control to the BL32 image, pre-loaded at a platform-
@@ -2544,6 +2544,8 @@
This function writes entropy into storage provided by the caller. If no entropy
is available, it must return false and the storage must not be written.
+.. _psci_in_bl31:
+
Power State Coordination Interface (in BL31)
--------------------------------------------
@@ -3396,6 +3398,39 @@
The default implementation of this function calls
``report_unhandled_exception``.
+Function : plat_handle_rng_trap
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ Argument : uint64_t
+ Argument : cpu_context_t *
+ Return : int
+
+This function is invoked by BL31's exception handler when there is a synchronous
+system register trap caused by access to the RNDR or RNDRRS registers. It allows
+platforms implementing ``FEAT_RNG_TRAP`` and enabling ``ENABLE_FEAT_RNG_TRAP`` to
+emulate those system registers by returing back some entropy to the lower EL.
+
+The first parameter (``uint64_t esr_el3``) contains the content of the ESR_EL3
+syndrome register, which encodes the instruction that was trapped. The interesting
+information in there is the target register (``get_sysreg_iss_rt()``).
+
+The second parameter (``cpu_context_t *ctx``) represents the CPU state in the
+lower exception level, at the time when the execution of the ``mrs`` instruction
+was trapped. Its content can be changed, to put the entropy into the target
+register.
+
+The return value indicates how to proceed:
+
+- When returning ``TRAP_RET_UNHANDLED`` (-1), the machine will panic.
+- When returning ``TRAP_RET_REPEAT`` (0), the exception handler will return
+ to the same instruction, so its execution will be repeated.
+- When returning ``TRAP_RET_CONTINUE`` (1), the exception handler will return
+ to the next instruction.
+
+This function needs to be implemented by a platform if it enables FEAT_RNG_TRAP.
+
Build flags
-----------
diff --git a/docs/process/security-hardening.rst b/docs/process/security-hardening.rst
index 507046f..f9618db 100644
--- a/docs/process/security-hardening.rst
+++ b/docs/process/security-hardening.rst
@@ -131,38 +131,9 @@
overflows.
- The ``W`` build flag can be used to enable a number of compiler warning
- options to detect potentially incorrect code.
-
- - W=0 (default value)
-
- The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization``
- and ``Wvla`` flags are enabled.
-
- The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and
- ``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled.
-
- - W=1
-
- Adds ``Wextra``, ``Wmissing-format-attribute``, ``Wmissing-prototypes``,
- ``Wold-style-definition`` and ``Wunused-const-variable``.
-
- - W=2
-
- Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``,
- ``Wshadow``, ``Wlogical-op``.
-
- - W=3
-
- Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``,
- ``Wpointer-arith``, ``Wredundant-decls`` and
- ``Wswitch-default``.
-
- Refer to the GCC or Clang documentation for more information on the individual
- options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and
- https://clang.llvm.org/docs/DiagnosticsReference.html.
-
- NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by
- setting the ``E`` build flag to 0.
+ options to detect potentially incorrect code. TF-A is tested with ``W=0`` but
+ it is recommended to develop against ``W=2`` (which will eventually become the
+ default).
.. rubric:: References
diff --git a/docs/security_advisories/index.rst b/docs/security_advisories/index.rst
index b80ba34..c9b0f78 100644
--- a/docs/security_advisories/index.rst
+++ b/docs/security_advisories/index.rst
@@ -14,3 +14,4 @@
security-advisory-tfv-7.rst
security-advisory-tfv-8.rst
security-advisory-tfv-9.rst
+ security-advisory-tfv-10.rst
diff --git a/docs/security_advisories/security-advisory-tfv-10.rst b/docs/security_advisories/security-advisory-tfv-10.rst
new file mode 100644
index 0000000..91dba07
--- /dev/null
+++ b/docs/security_advisories/security-advisory-tfv-10.rst
@@ -0,0 +1,159 @@
+Advisory TFV-10 (CVE-2022-47630)
+================================
+
++----------------+-------------------------------------------------------------+
+| Title | Incorrect validation of X.509 certificate extensions can |
+| | result in an out-of-bounds read. |
++================+=============================================================+
+| CVE ID | `CVE-2022-47630`_ |
++----------------+-------------------------------------------------------------+
+| Date | Reported on 12 Dec 2022 |
++----------------+-------------------------------------------------------------+
+| Versions | v1.2 to v2.8 |
+| Affected | |
++----------------+-------------------------------------------------------------+
+| Configurations | BL1 and BL2 with Trusted Boot enabled with custom, |
+| Affected | downstream usages of ``get_ext()`` and/or ``auth_nvctr()`` |
+| | interfaces. Not exploitable in upstream TF-A code. |
++----------------+-------------------------------------------------------------+
+| Impact | Out-of-bounds read. |
++----------------+-------------------------------------------------------------+
+| Fix Version | - `fd37982a19a4a291`_ "fix(auth): forbid junk after |
+| | extensions" |
+| | |
+| | - `72460f50e2437a85`_ "fix(auth): require at least one |
+| | extension to be present" |
+| | |
+| | - `f5c51855d36e399e`_ "fix(auth): properly validate X.509 |
+| | extensions" |
+| | |
+| | - `abb8f936fd0ad085`_ "fix(auth): avoid out-of-bounds read |
+| | in auth_nvctr()" |
+| | |
+| | Note that `72460f50e2437a85`_ is not fixing any |
+| | vulnerability per se but it is required for |
+| | `f5c51855d36e399e`_ to apply cleanly. |
++----------------+-------------------------------------------------------------+
+| Credit | Demi Marie Obenour, Invisible Things Lab |
++----------------+-------------------------------------------------------------+
+
+This security advisory describes a vulnerability in the X.509 parser used to
+parse boot certificates in TF-A trusted boot: it is possible for a crafted
+certificate to cause an out-of-bounds memory read.
+
+Note that upstream platforms are **not** affected by this. Only downstream
+platforms may be, if (and only if) the interfaces described below are used in a
+different context than seen in upstream code. Details of such context is
+described in the rest of this document.
+
+To fully understand this security advisory, it is recommended to refer to the
+following standards documents:
+
+ - `RFC 5280`_, *Internet X.509 Public Key Infrastructure Certificate and
+ Certificate Revocation List (CRL) Profile*.
+
+ - `ITU-T X.690`_, *ASN.1 encoding rules: Specification of Basic Encoding Rules
+ (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules
+ (DER).*
+
+Bug 1: Insufficient certificate validation
+------------------------------------------
+
+The vulnerability lies in the following source file:
+``drivers/auth/mbedtls/mbedtls_x509_parser.c``. By design, ``get_ext()`` does
+not check the return value of the various ``mbedtls_*()`` functions, as
+``cert_parse()`` is assumed to have guaranteed that they will always succeed.
+However, it passes the end of an extension as the end pointer to these
+functions, whereas ``cert_parse()`` passes the end of the ``TBSCertificate``.
+Furthermore, ``cert_parse()`` does not check that the contents of the extension
+have the same length as the extension itself. It also does not check that the
+extension block extends to the end of the ``TBSCertificate``.
+
+This is a problem, as ``mbedtls_asn1_get_tag()`` leaves ``*p`` and ``*len``
+undefined on failure. In practice, this results in ``get_ext()`` continuing to
+parse at different offsets than were used (and validated) by ``cert_parse()``,
+which means that the in-bounds guarantee provided by ``cert_parse()`` no longer
+holds. The result is that it is possible for ``get_ext()`` to read memory past
+the end of the certificate. This could potentially access memory with dangerous
+read side effects, or leak microarchitectural state that could theoretically be
+retrieved through some side-channel attacks as part of a more complex attack.
+
+Bug 2: Missing bounds check in ``auth_nvctr()``
+-----------------------------------------------
+``auth_nvctr()`` does not check that the buffer provided is
+long enough to hold an ``ASN.1 INTEGER``. Since ``auth_nvctr()`` will only ever
+read 6 bytes, it is possible to read up to 6 bytes past the end of the buffer.
+
+Exploitability Analysis
+-----------------------
+
+Upstream TF-A Code
+~~~~~~~~~~~~~~~~~~
+
+In upstream TF-A code, the only caller of ``auth_nvctr()`` takes its input from
+``get_ext()``, which means that the second bug is exploitable, so is the first.
+Therefore, only the first bug need be considered.
+
+All standard chains of trust provided in TF-A source tree (that is, under
+``drivers/auth/``) require that the certificate's signature has already been
+validated prior to calling ``get_ext()``, or any function that calls ``get_ext()``.
+Platforms taking their chain of trust from a dynamic configuration file (such as
+``fdts/cot_descriptors.dtsi``) are also safe, as signature verification will
+always be done prior to any calls to ``get_ext()`` or ``auth_nvctr()`` in this
+case, no matter the order of the properties in the file. Therefore, it is not
+possible to exploit this vulnerability pre-authentication in upstream TF-A.
+
+Furthermore, the data read through ``get_ext()`` only
+ever gets used by the authentication framework (``drivers/auth/auth_mod.c``),
+which greatly reduces the range of inputs it will ever receive and thus the
+impact this has. Specifically, the authentication framework uses ``get_ext()``
+in three cases:
+
+ 1. Retrieving a hash from an X.509 certificate to check the integrity of a
+ child certificate (see ``auth_hash()``).
+
+ 2. Retrieving the signature details from an X.509 certificate to check its
+ authenticity and integrity (see ``auth_signature()``).
+
+ 3. Retrieving the security counter value from an X.509 certificate to protect
+ it from unauthorized rollback to a previous version (see ``auth_nvctr()``).
+
+None of these uses authentication framework write to the out-of-bounds memory,
+so no memory corruption is possible.
+
+In summary, there are 2 separate issues - one in ``get_ext()`` and another one
+in ``auth_nvctr()`` - but neither of these can be exploited in the context of
+TF-A upstream code.
+
+Only in the following 2 cases do we expect this vulnerability to be triggerable
+prior to authentication:
+
+ - The platform uses a custom chain of trust which uses the non-volatile counter
+ authentication method (``AUTH_METHOD_NV_CTR``) before the cryptographic
+ authentication method (``AUTH_METHOD_SIG``).
+
+ - The chain of trust uses a custom authentication method that calls
+ ``get_ext()`` before cryptographic authentication.
+
+Custom Image Parsers
+~~~~~~~~~~~~~~~~~~~~
+
+If the platform uses a custom image parser instead of the certificate parser,
+the bug in the certificate parser is obviously not relevant. The bug in
+``auth_nvctr()`` *may* be relevant, but only if the returned data is:
+
+- Taken from an untrusted source (meaning that it is read prior to
+ authentication).
+
+- Not already checked to be a primitively-encoded ASN.1 tag.
+
+In particular, if the custom image parser implementation wraps a 32-bit integer
+in an ASN.1 ``INTEGER``, it is not affected.
+
+.. _CVE-2022-47630: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47630
+.. _fd37982a19a4a291: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=fd37982a19a4a291
+.. _72460f50e2437a85: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=72460f50e2437a85
+.. _f5c51855d36e399e: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=f5c51855d36e399e
+.. _abb8f936fd0ad085: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=abb8f936fd0ad085
+.. _RFC 5280: https://www.ietf.org/rfc/rfc5280.txt
+.. _ITU-T X.690: https://www.itu.int/ITU-T/studygroups/com10/languages/X.690_1297.pdf
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index fa9509a..1bf03d4 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -243,7 +243,7 @@
unsigned int *cert_nv_ctr,
bool *need_nv_ctr_upgrade)
{
- char *p;
+ unsigned char *p;
void *data_ptr = NULL;
unsigned int data_len, len, i;
unsigned int plat_nv_ctr;
@@ -258,16 +258,24 @@
/* Parse the DER encoded integer */
assert(data_ptr);
- p = (char *)data_ptr;
- if (*p != ASN1_INTEGER) {
+ p = (unsigned char *)data_ptr;
+
+ /*
+ * Integers must be at least 3 bytes: 1 for tag, 1 for length, and 1
+ * for value. The first byte (tag) must be ASN1_INTEGER.
+ */
+ if ((data_len < 3) || (*p != ASN1_INTEGER)) {
/* Invalid ASN.1 integer */
return 1;
}
p++;
- /* NV-counters are unsigned integers up to 32-bit */
- len = (unsigned int)(*p & 0x7f);
- if ((*p & 0x80) || (len > 4)) {
+ /*
+ * NV-counters are unsigned integers up to 31 bits. Trailing
+ * padding is not allowed.
+ */
+ len = (unsigned int)*p;
+ if ((len > 4) || (data_len - 2 != len)) {
return 1;
}
p++;
diff --git a/drivers/auth/mbedtls/mbedtls_x509_parser.c b/drivers/auth/mbedtls/mbedtls_x509_parser.c
index 44b25ba..bef2f3d 100644
--- a/drivers/auth/mbedtls/mbedtls_x509_parser.c
+++ b/drivers/auth/mbedtls/mbedtls_x509_parser.c
@@ -355,33 +355,39 @@
* in the boot chain.
*/
do {
+ unsigned char *end_ext_data;
+
ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
if (ret != 0) {
return IMG_PARSER_ERR_FORMAT;
}
+ end_ext_data = p + len;
/* Get extension ID */
- ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID);
+ ret = mbedtls_asn1_get_tag(&p, end_ext_data, &len, MBEDTLS_ASN1_OID);
if (ret != 0) {
return IMG_PARSER_ERR_FORMAT;
}
p += len;
/* Get optional critical */
- ret = mbedtls_asn1_get_bool(&p, end, &is_critical);
+ ret = mbedtls_asn1_get_bool(&p, end_ext_data, &is_critical);
if ((ret != 0) && (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
return IMG_PARSER_ERR_FORMAT;
}
- /* Data should be octet string type */
- ret = mbedtls_asn1_get_tag(&p, end, &len,
+ /*
+ * Data should be octet string type and must use all bytes in
+ * the Extension.
+ */
+ ret = mbedtls_asn1_get_tag(&p, end_ext_data, &len,
MBEDTLS_ASN1_OCTET_STRING);
- if (ret != 0) {
+ if ((ret != 0) || ((p + len) != end_ext_data)) {
return IMG_PARSER_ERR_FORMAT;
}
- p += len;
+ p = end_ext_data;
} while (p < end);
if (p != end) {
diff --git a/drivers/brcm/emmc/emmc_csl_sdcard.c b/drivers/brcm/emmc/emmc_csl_sdcard.c
index 9e2c618..40bc4a0 100644
--- a/drivers/brcm/emmc/emmc_csl_sdcard.c
+++ b/drivers/brcm/emmc/emmc_csl_sdcard.c
@@ -479,10 +479,11 @@
handle->device->cfg.blockSize = 512;
}
- if (handle->device->ctrl.ocr & SD_CARD_HIGH_CAPACITY)
+ if (handle->device->ctrl.ocr & SD_CARD_HIGH_CAPACITY) {
EMMC_TRACE("Sector addressing\n");
- else
+ } else {
EMMC_TRACE("Byte addressing\n");
+ }
EMMC_TRACE("Ext_CSD_storage[162]: 0x%02X Ext_CSD_storage[179]: 0x%02X\n",
emmc_global_buf_ptr->u.Ext_CSD_storage[162],
diff --git a/drivers/brcm/emmc/emmc_pboot_hal_memory_drv.c b/drivers/brcm/emmc/emmc_pboot_hal_memory_drv.c
index 68f93e7..fcd499f 100644
--- a/drivers/brcm/emmc/emmc_pboot_hal_memory_drv.c
+++ b/drivers/brcm/emmc/emmc_pboot_hal_memory_drv.c
@@ -278,8 +278,9 @@
SDIO_base = EMMC_CTRL_REGS_BASE_ADDR;
- if (SDIO_base == SDIO0_EMMCSDXC_SYSADDR)
+ if (SDIO_base == SDIO0_EMMCSDXC_SYSADDR) {
EMMC_TRACE(" ---> for SDIO 0 Controller\n\n");
+ }
memset(p_sdhandle, 0, sizeof(struct sd_handle));
@@ -290,8 +291,9 @@
memset(p_sdhandle->card, 0, sizeof(struct sd_card_info));
if (chal_sd_start((CHAL_HANDLE *) p_sdhandle->device,
- SD_PIO_MODE, SDIO_base, SDIO_base) != SD_OK)
+ SD_PIO_MODE, SDIO_base, SDIO_base) != SD_OK) {
return NULL;
+ }
set_config(p_sdhandle, SD_NORMAL_SPEED, MAX_CMD_RETRY, SD_DMA_OFF,
SD_DMA_BOUNDARY_4K, EMMC_BLOCK_SIZE, EMMC_WFE_RETRY);
@@ -330,14 +332,16 @@
VERBOSE("EMMC READ: dst=0x%lx, src=0x%lx, size=0x%lx\n",
storage_addr, mem_addr, bytes_to_read);
- if (storage_size < bytes_to_read)
+ if (storage_size < bytes_to_read) {
/* Don't have sufficient storage to complete the operation */
return 0;
+ }
/* Range check non high capacity memory */
if ((p_sdhandle->device->ctrl.ocr & SD_CARD_HIGH_CAPACITY) == 0) {
- if (mem_addr > 0x80000000)
+ if (mem_addr > 0x80000000) {
return 0;
+ }
}
/* High capacity card use block address mode */
@@ -384,10 +388,11 @@
/* Update Physical address */
outputBuf += manual_copy_size;
- if (p_sdhandle->device->ctrl.ocr & SD_CARD_HIGH_CAPACITY)
+ if (p_sdhandle->device->ctrl.ocr & SD_CARD_HIGH_CAPACITY) {
blockAddr++;
- else
+ } else {
blockAddr += blockSize;
+ }
} else {
return 0;
}
@@ -395,10 +400,11 @@
while (remSize >= blockSize) {
- if (remSize >= SD_MAX_BLK_TRANSFER_LENGTH)
+ if (remSize >= SD_MAX_BLK_TRANSFER_LENGTH) {
readLen = SD_MAX_BLK_TRANSFER_LENGTH;
- else
+ } else {
readLen = (remSize / blockSize) * blockSize;
+ }
/* Check for overflow */
if ((rdCount + readLen) > storage_size ||
@@ -409,10 +415,11 @@
}
if (!read_block(p_sdhandle, outputBuf, blockAddr, readLen)) {
- if (p_sdhandle->device->ctrl.ocr & SD_CARD_HIGH_CAPACITY)
+ if (p_sdhandle->device->ctrl.ocr & SD_CARD_HIGH_CAPACITY) {
blockAddr += (readLen / blockSize);
- else
+ } else {
blockAddr += readLen;
+ }
remSize -= readLen;
rdCount += readLen;
@@ -463,8 +470,9 @@
/* range check non high capacity memory */
if ((p_sdhandle->device->ctrl.ocr & SD_CARD_HIGH_CAPACITY) == 0) {
- if (mem_addr > 0x80000000)
+ if (mem_addr > 0x80000000) {
return 0;
+ }
}
/* the high capacity card use block address mode */
@@ -491,11 +499,12 @@
blockAddr, p_sdhandle->device->cfg.blockSize)) {
if (remSize <
- (p_sdhandle->device->cfg.blockSize - offset))
+ (p_sdhandle->device->cfg.blockSize - offset)) {
manual_copy_size = remSize;
- else
+ } else {
manual_copy_size =
p_sdhandle->device->cfg.blockSize - offset;
+ }
memcpy((void *)((uintptr_t)
(emmc_global_buf_ptr->u.tempbuf + offset)),
@@ -530,11 +539,12 @@
inputBuf += manual_copy_size;
if (p_sdhandle->device->ctrl.ocr &
- SD_CARD_HIGH_CAPACITY)
+ SD_CARD_HIGH_CAPACITY) {
blockAddr++;
- else
+ } else {
blockAddr +=
p_sdhandle->device->cfg.blockSize;
+ }
} else
return 0;
} else {
diff --git a/drivers/imx/usdhc/imx_usdhc.c b/drivers/imx/usdhc/imx_usdhc.c
index 07f55b7..49dfc07 100644
--- a/drivers/imx/usdhc/imx_usdhc.c
+++ b/drivers/imx/usdhc/imx_usdhc.c
@@ -136,7 +136,8 @@
break;
case MMC_CMD(18):
multiple = 1;
- /* fall thru for read op */
+ /* for read op */
+ /* fallthrough */
case MMC_CMD(17):
case MMC_CMD(8):
mixctl |= MIXCTRL_DTDSEL;
@@ -144,7 +145,8 @@
break;
case MMC_CMD(25):
multiple = 1;
- /* fall thru for data op flag */
+ /* for data op flag */
+ /* fallthrough */
case MMC_CMD(24):
data = 1;
break;
diff --git a/drivers/nxp/ddr/nxp-ddr/ddr.c b/drivers/nxp/ddr/nxp-ddr/ddr.c
index c051b3b..faf20e9 100644
--- a/drivers/nxp/ddr/nxp-ddr/ddr.c
+++ b/drivers/nxp/ddr/nxp-ddr/ddr.c
@@ -269,7 +269,7 @@
unsigned int i;
const struct dynamic_odt *pdodt = NULL;
- const static struct dynamic_odt *table[2][5] = {
+ static const struct dynamic_odt *table[2][5] = {
{single_S, single_D, NULL, NULL},
{dual_SS, dual_DD, NULL, NULL},
};
diff --git a/drivers/nxp/ddr/phy-gen2/messages.h b/drivers/nxp/ddr/phy-gen2/messages.h
index 7dec7df..a2310f2 100644
--- a/drivers/nxp/ddr/phy-gen2/messages.h
+++ b/drivers/nxp/ddr/phy-gen2/messages.h
@@ -13,7 +13,7 @@
const char *msg;
};
-const static struct phy_msg messages_1d[] = {
+static const struct phy_msg messages_1d[] = {
{0x00000001,
"PMU1:prbsGenCtl:%x\n"
},
@@ -1239,7 +1239,7 @@
},
};
-const static struct phy_msg messages_2d[] = {
+static const struct phy_msg messages_2d[] = {
{0x00000001,
"PMU0: Converting %d into an MR\n"
},
diff --git a/drivers/renesas/common/emmc/emmc_cmd.c b/drivers/renesas/common/emmc/emmc_cmd.c
index d255bff..02fc26b 100644
--- a/drivers/renesas/common/emmc/emmc_cmd.c
+++ b/drivers/renesas/common/emmc/emmc_cmd.c
@@ -254,8 +254,7 @@
(SD_INFO2_ALL_ERR | SD_INFO2_CLEAR));
state = ESTATE_ISSUE_CMD;
- /* through */
-
+ /* fallthrough */
case ESTATE_ISSUE_CMD:
/* ARG */
SETR_32(SD_ARG, mmc_drv_obj.cmd_info.arg);
@@ -454,8 +453,8 @@
SETR_32(SD_STOP, 0x00000000U);
mmc_drv_obj.during_dma_transfer = FALSE;
}
- /* through */
+ /* fallthrough */
case ESTATE_ERROR:
if (err_not_care_flag == TRUE) {
mmc_drv_obj.during_cmd_processing = FALSE;
diff --git a/drivers/renesas/common/rom/rom_api.c b/drivers/renesas/common/rom/rom_api.c
index fda2815..4eede17 100644
--- a/drivers/renesas/common/rom/rom_api.c
+++ b/drivers/renesas/common/rom/rom_api.c
@@ -11,7 +11,7 @@
#include "rcar_def.h"
#include "rom_api.h"
-typedef uint32_t(*rom_secure_boot_api_f) (uint32_t *key, uint32_t *cert,
+typedef uint32_t(*rom_secure_boot_api_f) (uint32_t key, uint32_t cert,
rom_read_flash_f pFuncReadFlash);
typedef uint32_t(*rom_get_lcs_api_f) (uint32_t *lcs);
@@ -68,7 +68,7 @@
return index;
}
-uint32_t rcar_rom_secure_boot_api(uint32_t *key, uint32_t *cert,
+uint32_t rcar_rom_secure_boot_api(uint32_t key, uint32_t cert,
rom_read_flash_f read_flash)
{
static const uintptr_t rom_api_table[API_TABLE_MAX] = {
diff --git a/drivers/renesas/common/rom/rom_api.h b/drivers/renesas/common/rom/rom_api.h
index 1d5b03d..4b10080 100644
--- a/drivers/renesas/common/rom/rom_api.h
+++ b/drivers/renesas/common/rom/rom_api.h
@@ -24,7 +24,7 @@
#define LCS_FA (0x7U)
typedef uint32_t(*rom_read_flash_f) (uint64_t src, uint8_t *dst, uint32_t len);
-uint32_t rcar_rom_secure_boot_api(uint32_t *key, uint32_t *cert,
+uint32_t rcar_rom_secure_boot_api(uint32_t key, uint32_t cert,
rom_read_flash_f f);
uint32_t rcar_rom_get_lcs(uint32_t *lcs);
diff --git a/drivers/st/usb/stm32mp1_usb.c b/drivers/st/usb/stm32mp1_usb.c
index 9a49690..78890f5 100644
--- a/drivers/st/usb/stm32mp1_usb.c
+++ b/drivers/st/usb/stm32mp1_usb.c
@@ -4,6 +4,7 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <assert.h>
#include <stdint.h>
#include <arch_helpers.h>
@@ -794,7 +795,7 @@
uint32_t epint;
uint32_t epnum;
uint32_t temp;
- enum usb_status ret;
+ enum usb_status __unused ret;
if (usb_dwc2_get_mode(handle) != USB_OTG_MODE_DEVICE) {
return USB_NOTHING;
@@ -947,9 +948,7 @@
/* Setup EP0 to receive SETUP packets */
ret = usb_dwc2_ep0_out_start(handle);
- if (ret != USBD_OK) {
- return ret;
- }
+ assert(ret == USBD_OK);
mmio_write_32(usb_base_addr + OTG_GINTSTS, OTG_GINTSTS_USBRST);
@@ -959,9 +958,7 @@
/* Handle enumeration done interrupt */
if ((usb_dwc2_read_int(handle) & OTG_GINTSTS_ENUMDNE) != 0U) {
ret = usb_dwc2_activate_setup(handle);
- if (ret != USBD_OK) {
- return ret;
- }
+ assert(ret == USBD_OK);
mmio_clrbits_32(usb_base_addr + OTG_GUSBCFG, OTG_GUSBCFG_TRDT);
diff --git a/fdts/tc.dts b/fdts/tc.dts
index fdde015..192f407 100644
--- a/fdts/tc.dts
+++ b/fdts/tc.dts
@@ -213,9 +213,9 @@
linux,cma-default;
};
- optee@0xfce00000 {
+ optee@0xf8e00000 {
compatible = "restricted-dma-pool";
- reg = <0x00000000 0xfce00000 0 0x00200000>;
+ reg = <0x00000000 0xf8e00000 0 0x00200000>;
};
};
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index f63e923..9e13c3d 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -1282,6 +1282,12 @@
#define GCR_EL1 S3_0_C1_C0_6
/*******************************************************************************
+ * Armv8.5 - Random Number Generator Registers
+ ******************************************************************************/
+#define RNDR S3_3_C2_C4_0
+#define RNDRRS S3_3_C2_C4_1
+
+/*******************************************************************************
* FEAT_HCX - Extended Hypervisor Configuration Register
******************************************************************************/
#define HCRX_EL2 S3_4_C1_C2_2
diff --git a/include/arch/aarch64/arch_helpers.h b/include/arch/aarch64/arch_helpers.h
index 50a5ad4..fe9b5a5 100644
--- a/include/arch/aarch64/arch_helpers.h
+++ b/include/arch/aarch64/arch_helpers.h
@@ -546,8 +546,8 @@
DEFINE_RENAME_SYSREG_RW_FUNCS(gcr_el1, GCR_EL1)
/* Armv8.5 FEAT_RNG Registers */
-DEFINE_SYSREG_READ_FUNC(rndr)
-DEFINE_SYSREG_READ_FUNC(rndrrs)
+DEFINE_RENAME_SYSREG_READ_FUNC(rndr, RNDR)
+DEFINE_RENAME_SYSREG_READ_FUNC(rndrrs, RNDRRS)
/* FEAT_HCX Register */
DEFINE_RENAME_SYSREG_RW_FUNCS(hcrx_el2, HCRX_EL2)
diff --git a/include/bl31/sync_handle.h b/include/bl31/sync_handle.h
new file mode 100644
index 0000000..e211575
--- /dev/null
+++ b/include/bl31/sync_handle.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2022, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef TRAP_HANDLE_H
+#define TRAP_HANDLE_H
+
+#include <stdbool.h>
+#include <context.h>
+
+#define ISS_SYSREG_OPCODE_MASK 0x3ffc1eUL
+#define ISS_SYSREG_REG_MASK 0x0003e0UL
+#define ISS_SYSREG_REG_SHIFT 5U
+#define ISS_SYSREG_DIRECTION_MASK 0x000001UL
+
+#define ISS_SYSREG_OPCODE_RNDR 0x30c808U
+#define ISS_SYSREG_OPCODE_RNDRRS 0x32c808U
+
+#define TRAP_RET_UNHANDLED -1
+#define TRAP_RET_REPEAT 0
+#define TRAP_RET_CONTINUE 1
+
+#ifndef __ASSEMBLER__
+static inline unsigned int get_sysreg_iss_rt(uint64_t esr)
+{
+ return (esr & ISS_SYSREG_REG_MASK) >> ISS_SYSREG_REG_SHIFT;
+}
+
+static inline bool is_sysreg_iss_write(uint64_t esr)
+{
+ return !(esr & ISS_SYSREG_DIRECTION_MASK);
+}
+
+/**
+ * handle_sysreg_trap() - Handle AArch64 system register traps from lower ELs
+ * @esr_el3: The content of ESR_EL3, containing the trap syndrome information
+ * @ctx: Pointer to the lower EL context, containing saved registers
+ *
+ * Called by the exception handler when a synchronous trap identifies as a
+ * system register trap (EC=0x18). ESR contains the encoding of the op[x] and
+ * CRm/CRn fields, to identify the system register, and the target/source
+ * GPR plus the direction (MRS/MSR). The lower EL's context can be altered
+ * by the function, to inject back the result of the emulation.
+ *
+ * Return: indication how to proceed with the trap:
+ * TRAP_RET_UNHANDLED(-1): trap is unhandled, trigger panic
+ * TRAP_RET_REPEAT(0): trap was handled, return to the trapping instruction
+ * (repeating it)
+ * TRAP_RET_CONTINUE(1): trap was handled, return to the next instruction
+ * (continuing after it)
+ */
+int handle_sysreg_trap(uint64_t esr_el3, cpu_context_t *ctx);
+
+/* Prototypes for system register emulation handlers provided by platforms. */
+int plat_handle_rng_trap(uint64_t esr_el3, cpu_context_t *ctx);
+
+#endif /* __ASSEMBLER__ */
+
+#endif
diff --git a/include/lib/fconf/fconf.h b/include/lib/fconf/fconf.h
index 131c542..3762021 100644
--- a/include/lib/fconf/fconf.h
+++ b/include/lib/fconf/fconf.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, ARM Limited. All rights reserved.
+ * Copyright (c) 2019-2022, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,7 +21,7 @@
*/
#define FCONF_REGISTER_POPULATOR(config, name, callback) \
__attribute__((used, section(".fconf_populator"))) \
- const struct fconf_populator (name##__populator) = { \
+ static const struct fconf_populator (name##__populator) = { \
.config_type = (#config), \
.info = (#name), \
.populate = (callback) \
diff --git a/include/lib/libc/aarch32/limits_.h b/include/lib/libc/aarch32/limits_.h
index 26cec17..a67ec53 100644
--- a/include/lib/libc/aarch32/limits_.h
+++ b/include/lib/libc/aarch32/limits_.h
@@ -1,11 +1,11 @@
/*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#define SCHAR_MAX 0x7F
-#define SCHAR_MIN (-SCHAR_MIN - 1)
+#define SCHAR_MIN (-SCHAR_MAX - 1)
#define CHAR_MAX 0x7F
#define CHAR_MIN (-CHAR_MAX - 1)
#define UCHAR_MAX 0xFFU
diff --git a/include/lib/libc/aarch64/limits_.h b/include/lib/libc/aarch64/limits_.h
index e36cfe7..1bb0681 100644
--- a/include/lib/libc/aarch64/limits_.h
+++ b/include/lib/libc/aarch64/limits_.h
@@ -1,11 +1,11 @@
/*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#define SCHAR_MAX 0x7F
-#define SCHAR_MIN (-SCHAR_MIN - 1)
+#define SCHAR_MIN (-SCHAR_MAX - 1)
#define CHAR_MAX 0x7F
#define CHAR_MIN (-CHAR_MAX - 1)
#define UCHAR_MAX 0xFFU
diff --git a/lib/cpus/aarch64/cortex_a710.S b/lib/cpus/aarch64/cortex_a710.S
index 3ea55df..cebd6f0 100644
--- a/lib/cpus/aarch64/cortex_a710.S
+++ b/lib/cpus/aarch64/cortex_a710.S
@@ -355,22 +355,22 @@
/* ---------------------------------------------------------------
* Errata Workaround for Cortex-A710 Erratum 2282622.
- * This applies to revision r0p0, r1p0 and r2p0.
- * It is fixed in r2p1.
+ * This applies to revision r0p0, r1p0, r2p0 and r2p1.
+ * It is still open.
* Inputs:
* x0: variant[4:7] and revision[0:3] of current cpu.
* Shall clobber: x0, x1, x17
* ---------------------------------------------------------------
*/
func errata_a710_2282622_wa
- /* Compare x0 against revision r2p0 */
+ /* Compare x0 against revision r2p1 */
mov x17, x30
bl check_errata_2282622
cbz x0, 1f
/* Apply the workaround */
mrs x1, CORTEX_A710_CPUACTLR2_EL1
- orr x1, x1, BIT(0)
+ orr x1, x1, #BIT(0)
msr CORTEX_A710_CPUACTLR2_EL1, x1
1:
@@ -378,8 +378,8 @@
endfunc errata_a710_2282622_wa
func check_errata_2282622
- /* Applies to r0p0, r1p0 and r2p0 */
- mov x1, #0x20
+ /* Applies to r0p0, r1p0, r2p0 and r2p1 */
+ mov x1, #0x21
b cpu_rev_var_ls
endfunc check_errata_2282622
diff --git a/lib/cpus/aarch64/cortex_x2.S b/lib/cpus/aarch64/cortex_x2.S
index f56d50a..497bd52 100644
--- a/lib/cpus/aarch64/cortex_x2.S
+++ b/lib/cpus/aarch64/cortex_x2.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -267,13 +267,43 @@
b cpu_rev_var_range
endfunc check_errata_2147715
-/* -------------------------------------------------------
- * Errata Workaround for Cortex-X2 Erratum 2371105.
- * This applies to revisions <= r2p0 and is fixed in r2p1.
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * -------------------------------------------------------
- */
+ /* ---------------------------------------------------------------
+ * Errata Workaround for Cortex-X2 Erratum 2282622.
+ * This applies to revision r0p0, r1p0, r2p0 and r2p1.
+ * It is still open.
+ * Inputs:
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0, x1, x17
+ * ---------------------------------------------------------------
+ */
+func errata_x2_2282622_wa
+ /* Compare x0 against revision r2p1 */
+ mov x17, x30
+ bl check_errata_2282622
+ cbz x0, 1f
+
+ /* Apply the workaround */
+ mrs x1, CORTEX_X2_CPUACTLR2_EL1
+ orr x1, x1, #BIT(0)
+ msr CORTEX_X2_CPUACTLR2_EL1, x1
+
+1:
+ ret x17
+endfunc errata_x2_2282622_wa
+
+func check_errata_2282622
+ /* Applies to r0p0, r1p0, r2p0 and r2p1 */
+ mov x1, #0x21
+ b cpu_rev_var_ls
+endfunc check_errata_2282622
+
+ /* -------------------------------------------------------
+ * Errata Workaround for Cortex-X2 Erratum 2371105.
+ * This applies to revisions <= r2p0 and is fixed in r2p1.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * -------------------------------------------------------
+ */
func errata_x2_2371105_wa
/* Check workaround compatibility. */
mov x17, x30
@@ -295,13 +325,13 @@
b cpu_rev_var_ls
endfunc check_errata_2371105
-/* ----------------------------------------------------
- * Errata Workaround for Cortex-X2 Errata #2768515
- * This applies to revisions <= r2p1 and is still open.
- * x0: variant[4:7] and revision[0:3] of current cpu.
- * Shall clobber: x0-x17
- * ----------------------------------------------------
- */
+ /* ----------------------------------------------------
+ * Errata Workaround for Cortex-X2 Errata #2768515
+ * This applies to revisions <= r2p1 and is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * ----------------------------------------------------
+ */
func errata_x2_2768515_wa
mov x17, x30
bl check_errata_2768515
@@ -362,6 +392,7 @@
report_errata ERRATA_X2_2083908, cortex_x2, 2083908
report_errata ERRATA_X2_2147715, cortex_x2, 2147715
report_errata ERRATA_X2_2216384, cortex_x2, 2216384
+ report_errata ERRATA_X2_2282622, cortex_x2, 2282622
report_errata ERRATA_X2_2371105, cortex_x2, 2371105
report_errata ERRATA_X2_2768515, cortex_x2, 2768515
report_errata WORKAROUND_CVE_2022_23960, cortex_x2, cve_2022_23960
@@ -421,6 +452,11 @@
bl errata_x2_2147715_wa
#endif
+#if ERRATA_X2_2282622
+ mov x0, x18
+ bl errata_x2_2282622_wa
+#endif
+
#if ERRATA_X2_2371105
mov x0, x18
bl errata_x2_2371105_wa
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index b1f7d27..c9b4447 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2014-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
# Copyright (c) 2020-2022, NVIDIA Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
@@ -563,7 +563,8 @@
ERRATA_A710_2216384 ?=0
# Flag to apply erratum 2282622 workaround during reset. This erratum applies
-# to revision r0p0, r1p0 and r2p0 of the Cortex-A710 cpu and is fixed in r2p1.
+# to revision r0p0, r1p0, r2p0 and r2p1 of the Cortex-A710 cpu and is still
+# open.
ERRATA_A710_2282622 ?=0
# Flag to apply erratum 2291219 workaround during reset. This erratum applies
@@ -670,6 +671,11 @@
# only to revision r2p0 of the Cortex-X2 cpu, it is fixed in r2p1.
ERRATA_X2_2147715 ?=0
+# Flag to apply erratum 2282622 workaround during reset. This erratum applies
+# to revision r0p0, r1p0, r2p0 and r2p1 of the Cortex-X2 cpu and is still
+# open.
+ERRATA_X2_2282622 ?=0
+
# Flag to apply erratum 2371105 workaround during reset. This erratum applies
# to revision r0p0, r1p0 and r2p0 of the Cortex-X2 cpu and is fixed in r2p1.
ERRATA_X2_2371105 ?=0
@@ -1324,6 +1330,10 @@
$(eval $(call assert_boolean,ERRATA_X2_2147715))
$(eval $(call add_define,ERRATA_X2_2147715))
+# Process ERRATA_X2_2282622 flag
+$(eval $(call assert_boolean,ERRATA_X2_2282622))
+$(eval $(call add_define,ERRATA_X2_2282622))
+
# Process ERRATA_X2_2371105 flag
$(eval $(call assert_boolean,ERRATA_X2_2371105))
$(eval $(call add_define,ERRATA_X2_2371105))
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index 60501f6..aa0327b 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -285,7 +285,7 @@
mrs x12, MPAMVPMV_EL2
stp x11, x12, [x0, #CTX_MPAMVPM7_EL2]
ret
-endfunc func el2_sysregs_context_save_mpam
+endfunc el2_sysregs_context_save_mpam
func el2_sysregs_context_restore_mpam
ldr x10, [x0, #CTX_MPAM2_EL2]
diff --git a/lib/libc/snprintf.c b/lib/libc/snprintf.c
index 6a2f0ba..0e3256c 100644
--- a/lib/libc/snprintf.c
+++ b/lib/libc/snprintf.c
@@ -209,6 +209,7 @@
break;
case 'X':
capitalise = true;
+ /* fallthrough */
case 'x':
unum = get_unum_va_args(args, l_count);
unsigned_num_print(&s, n, &chars_printed,
diff --git a/plat/arm/board/fvp/fvp_sync_traps.c b/plat/arm/board/fvp/fvp_sync_traps.c
new file mode 100644
index 0000000..91240f7
--- /dev/null
+++ b/plat/arm/board/fvp/fvp_sync_traps.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2022, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * This file just contains demonstration code, to "handle" RNG traps.
+ */
+
+#include <stdbool.h>
+
+#include <arch.h>
+#include <arch_helpers.h>
+#include <bl31/sync_handle.h>
+#include <context.h>
+
+/*
+ * SCR_EL3.SCR_TRNDR_BIT also affects execution in EL3, so allow to disable
+ * the trap temporarily.
+ */
+static void enable_rng_trap(bool enable)
+{
+ uint64_t scr_el3 = read_scr_el3();
+
+ if (enable) {
+ scr_el3 |= SCR_TRNDR_BIT;
+ } else {
+ scr_el3 &= ~SCR_TRNDR_BIT;
+ }
+
+ write_scr_el3(scr_el3);
+ isb();
+}
+
+/*
+ * This emulation code here is not very meaningful: enabling the RNG
+ * trap typically happens for a reason, so just calling the actual
+ * hardware instructions might not be useful or even possible.
+ */
+int plat_handle_rng_trap(uint64_t esr_el3, cpu_context_t *ctx)
+{
+ /* extract the target register number from the exception syndrome */
+ unsigned int rt = get_sysreg_iss_rt(esr_el3);
+
+ /* ignore XZR accesses and writes to the register */
+ if (rt == 31 || is_sysreg_iss_write(esr_el3)) {
+ return TRAP_RET_CONTINUE;
+ }
+
+ enable_rng_trap(false);
+ if ((esr_el3 & ISS_SYSREG_OPCODE_MASK) == ISS_SYSREG_OPCODE_RNDR) {
+ ctx->gpregs_ctx.ctx_regs[rt] = read_rndr();
+ } else {
+ ctx->gpregs_ctx.ctx_regs[rt] = read_rndrrs();
+ }
+ enable_rng_trap(true);
+
+ /*
+ * We successfully handled the trap, continue with the next
+ * instruction.
+ */
+ return TRAP_RET_CONTINUE;
+}
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index 51ba035..f28a6ff 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -198,6 +198,10 @@
plat/arm/board/fvp/fvp_realm_attest_key.c
endif
+ifeq (${ENABLE_FEAT_RNG_TRAP},1)
+BL31_SOURCES += plat/arm/board/fvp/fvp_sync_traps.c
+endif
+
ifeq (${BL2_AT_EL3},1)
BL2_SOURCES += plat/arm/board/fvp/${ARCH}/fvp_helpers.S \
plat/arm/board/fvp/fvp_bl2_el3_setup.c \
diff --git a/plat/arm/board/rdn2/include/platform_def.h b/plat/arm/board/rdn2/include/platform_def.h
index 3474016..8e63de5 100644
--- a/plat/arm/board/rdn2/include/platform_def.h
+++ b/plat/arm/board/rdn2/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -92,6 +92,8 @@
#if (CSS_SGI_PLATFORM_VARIANT == 1)
#define PLAT_ARM_GICR_BASE UL(0x30100000)
+#elif (CSS_SGI_PLATFORM_VARIANT == 3)
+#define PLAT_ARM_GICR_BASE UL(0x30300000)
#else
#define PLAT_ARM_GICR_BASE UL(0x301C0000)
#endif
diff --git a/plat/arm/board/rdn2/platform.mk b/plat/arm/board/rdn2/platform.mk
index 7492fe5..b30e3fc 100644
--- a/plat/arm/board/rdn2/platform.mk
+++ b/plat/arm/board/rdn2/platform.mk
@@ -1,13 +1,13 @@
-# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-RD_N2_VARIANTS := 0 1 2
+RD_N2_VARIANTS := 0 1 2 3
ifneq ($(CSS_SGI_PLATFORM_VARIANT),\
$(filter $(CSS_SGI_PLATFORM_VARIANT),$(RD_N2_VARIANTS)))
- $(error "CSS_SGI_PLATFORM_VARIANT for RD-N2 should be 0, 1 or 2, currently set \
- to ${CSS_SGI_PLATFORM_VARIANT}.")
+ $(error "CSS_SGI_PLATFORM_VARIANT for RD-N2 should be 0, 1, 2 or 3, currently \
+ set to ${CSS_SGI_PLATFORM_VARIANT}.")
endif
$(eval $(call CREATE_SEQ,SEQ,4))
diff --git a/plat/arm/board/rdn2/rdn2_topology.c b/plat/arm/board/rdn2/rdn2_topology.c
index 89300f8..24acc4d 100644
--- a/plat/arm/board/rdn2/rdn2_topology.c
+++ b/plat/arm/board/rdn2/rdn2_topology.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -16,19 +16,22 @@
CSS_SGI_MAX_CPUS_PER_CLUSTER,
CSS_SGI_MAX_CPUS_PER_CLUSTER,
CSS_SGI_MAX_CPUS_PER_CLUSTER,
-#if (CSS_SGI_PLATFORM_VARIANT != 2 || (CSS_SGI_PLATFORM_VARIANT == 2 && CSS_SGI_CHIP_COUNT > 1))
+#if (PLAT_ARM_CLUSTER_COUNT > 4 || \
+ (CSS_SGI_PLATFORM_VARIANT == 2 && CSS_SGI_CHIP_COUNT > 1))
CSS_SGI_MAX_CPUS_PER_CLUSTER,
CSS_SGI_MAX_CPUS_PER_CLUSTER,
CSS_SGI_MAX_CPUS_PER_CLUSTER,
CSS_SGI_MAX_CPUS_PER_CLUSTER,
#endif
-#if (CSS_SGI_PLATFORM_VARIANT == 0 || (CSS_SGI_PLATFORM_VARIANT == 2 && CSS_SGI_CHIP_COUNT > 2))
+#if (PLAT_ARM_CLUSTER_COUNT > 8 || \
+ (CSS_SGI_PLATFORM_VARIANT == 2 && CSS_SGI_CHIP_COUNT > 2))
CSS_SGI_MAX_CPUS_PER_CLUSTER,
CSS_SGI_MAX_CPUS_PER_CLUSTER,
CSS_SGI_MAX_CPUS_PER_CLUSTER,
CSS_SGI_MAX_CPUS_PER_CLUSTER,
#endif
-#if (CSS_SGI_PLATFORM_VARIANT == 0 || (CSS_SGI_PLATFORM_VARIANT == 2 && CSS_SGI_CHIP_COUNT > 3))
+#if (PLAT_ARM_CLUSTER_COUNT > 8 || \
+ (CSS_SGI_PLATFORM_VARIANT == 2 && CSS_SGI_CHIP_COUNT > 3))
CSS_SGI_MAX_CPUS_PER_CLUSTER,
CSS_SGI_MAX_CPUS_PER_CLUSTER,
CSS_SGI_MAX_CPUS_PER_CLUSTER,
@@ -83,7 +86,7 @@
(SET_SCMI_CHANNEL_ID(0x0) | SET_SCMI_DOMAIN_ID(0x5)),
(SET_SCMI_CHANNEL_ID(0x0) | SET_SCMI_DOMAIN_ID(0x6)),
(SET_SCMI_CHANNEL_ID(0x0) | SET_SCMI_DOMAIN_ID(0x7)),
-#if (CSS_SGI_PLATFORM_VARIANT == 0)
+#if (PLAT_ARM_CLUSTER_COUNT > 8)
(SET_SCMI_CHANNEL_ID(0x0) | SET_SCMI_DOMAIN_ID(0x8)),
(SET_SCMI_CHANNEL_ID(0x0) | SET_SCMI_DOMAIN_ID(0x9)),
(SET_SCMI_CHANNEL_ID(0x0) | SET_SCMI_DOMAIN_ID(0xA)),
diff --git a/plat/arm/board/tc/include/platform_def.h b/plat/arm/board/tc/include/platform_def.h
index 0fe4a0a..a3b7839 100644
--- a/plat/arm/board/tc/include/platform_def.h
+++ b/plat/arm/board/tc/include/platform_def.h
@@ -25,13 +25,28 @@
* The top 16MB of ARM_DRAM1 is configured as secure access only using the TZC,
* its base is ARM_AP_TZC_DRAM1_BASE.
*
- * Reserve 32MB below ARM_AP_TZC_DRAM1_BASE for:
+ * Reserve 96 MB below ARM_AP_TZC_DRAM1_BASE for:
* - BL32_BASE when SPD_spmd is enabled
- * - Region to load Trusted OS
+ * - Region to load secure partitions
+ *
+ *
+ * 0xF900_0000 ------------------ TC_TZC_DRAM1_BASE
+ * | |
+ * | SPMC |
+ * | SP |
+ * | (96MB) |
+ * 0xFF00_0000 ------------------ ARM_AP_TZC_DRAM1_BASE
+ * | AP |
+ * | EL3 Monitor |
+ * | SCP |
+ * | (16MB) |
+ * 0xFFFF_FFFF ------------------
+ *
+ *
*/
#define TC_TZC_DRAM1_BASE (ARM_AP_TZC_DRAM1_BASE - \
TC_TZC_DRAM1_SIZE)
-#define TC_TZC_DRAM1_SIZE UL(0x02000000) /* 32 MB */
+#define TC_TZC_DRAM1_SIZE 96 * SZ_1M /* 96 MB */
#define TC_TZC_DRAM1_END (TC_TZC_DRAM1_BASE + \
TC_TZC_DRAM1_SIZE - 1)
@@ -68,7 +83,9 @@
* max size of BL32 image.
*/
#if defined(SPD_spmd)
-#define PLAT_ARM_SPMC_BASE TC_TZC_DRAM1_BASE
+#define TC_EL2SPMC_LOAD_ADDR (TC_TZC_DRAM1_BASE + 0x04000000)
+
+#define PLAT_ARM_SPMC_BASE TC_EL2SPMC_LOAD_ADDR
#define PLAT_ARM_SPMC_SIZE UL(0x200000) /* 2 MB */
#endif
@@ -276,8 +293,8 @@
(TZC_REGION_ACCESS_RDWR(TZC_NSAID_DEFAULT))
/*
- * The first region below, TC_TZC_DRAM1_BASE (0xfd000000) to
- * ARM_SCP_TZC_DRAM1_END (0xffffffff) will mark the last 48 MB of DRAM as
+ * The first region below, TC_TZC_DRAM1_BASE (0xf9000000) to
+ * ARM_SCP_TZC_DRAM1_END (0xffffffff) will mark the last 112 MB of DRAM as
* secure. The second and third regions gives non secure access to rest of DRAM.
*/
#define TC_TZC_REGIONS_DEF \
diff --git a/plat/arm/css/sgi/include/sgi_variant.h b/plat/arm/css/sgi/include/sgi_variant.h
index 223ac3e..8f9529a 100644
--- a/plat/arm/css/sgi/include/sgi_variant.h
+++ b/plat/arm/css/sgi/include/sgi_variant.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,6 +22,7 @@
/* SID Version values for RD-N2 variants */
#define RD_N2_CFG1_SID_VER_PART_NUM 0x07B6
+#define RD_N2_CFG3_SID_VER_PART_NUM 0x07F1
/* SID Version values for RD-V2 */
#define RD_V2_SID_VER_PART_NUM 0x07F2
diff --git a/plat/arm/css/sgi/sgi_bl31_setup.c b/plat/arm/css/sgi/sgi_bl31_setup.c
index 9adcb7c..df2ce38 100644
--- a/plat/arm/css/sgi/sgi_bl31_setup.c
+++ b/plat/arm/css/sgi/sgi_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -80,7 +80,8 @@
sgi_plat_info.platform_id == RD_V1_SID_VER_PART_NUM ||
sgi_plat_info.platform_id == RD_N2_SID_VER_PART_NUM ||
sgi_plat_info.platform_id == RD_V2_SID_VER_PART_NUM ||
- sgi_plat_info.platform_id == RD_N2_CFG1_SID_VER_PART_NUM) {
+ sgi_plat_info.platform_id == RD_N2_CFG1_SID_VER_PART_NUM ||
+ sgi_plat_info.platform_id == RD_N2_CFG3_SID_VER_PART_NUM) {
if (channel_id >= ARRAY_SIZE(plat_rd_scmi_info))
panic();
return &plat_rd_scmi_info[channel_id];
diff --git a/plat/imx/common/imx_sip_handler.c b/plat/imx/common/imx_sip_handler.c
index d4b3425..ec8631a 100644
--- a/plat/imx/common/imx_sip_handler.c
+++ b/plat/imx/common/imx_sip_handler.c
@@ -20,7 +20,7 @@
#if defined(PLAT_imx8qm) || defined(PLAT_imx8qx)
#ifdef PLAT_imx8qm
-const static int ap_cluster_index[PLATFORM_CLUSTER_COUNT] = {
+static const int ap_cluster_index[PLATFORM_CLUSTER_COUNT] = {
SC_R_A53, SC_R_A72,
};
#endif
diff --git a/plat/imx/imx8qm/imx8qm_bl31_setup.c b/plat/imx/imx8qm/imx8qm_bl31_setup.c
index 68eb534..bd7896a 100644
--- a/plat/imx/imx8qm/imx8qm_bl31_setup.c
+++ b/plat/imx/imx8qm/imx8qm_bl31_setup.c
@@ -62,7 +62,7 @@
#error "Provide proper UART number in IMX_DEBUG_UART"
#endif
-const static int imx8qm_cci_map[] = {
+static const int imx8qm_cci_map[] = {
CLUSTER0_CCI_SLVAE_IFACE,
CLUSTER1_CCI_SLVAE_IFACE
};
diff --git a/plat/imx/imx8qm/imx8qm_psci.c b/plat/imx/imx8qm/imx8qm_psci.c
index bdba37c..dcc502f 100644
--- a/plat/imx/imx8qm/imx8qm_psci.c
+++ b/plat/imx/imx8qm/imx8qm_psci.c
@@ -26,7 +26,7 @@
#define SYSTEM_PWR_STATE(state) \
((state)->pwr_domain_state[PLAT_MAX_PWR_LVL])
-const static int ap_core_index[PLATFORM_CORE_COUNT] = {
+static const int ap_core_index[PLATFORM_CORE_COUNT] = {
SC_R_A53_0, SC_R_A53_1, SC_R_A53_2,
SC_R_A53_3, SC_R_A72_0, SC_R_A72_1,
};
diff --git a/plat/imx/imx8qx/imx8qx_psci.c b/plat/imx/imx8qx/imx8qx_psci.c
index aab3a2d..5f05566 100644
--- a/plat/imx/imx8qx/imx8qx_psci.c
+++ b/plat/imx/imx8qx/imx8qx_psci.c
@@ -18,7 +18,7 @@
#include "../../common/sci/imx8_mu.h"
-const static int ap_core_index[PLATFORM_CORE_COUNT] = {
+static const int ap_core_index[PLATFORM_CORE_COUNT] = {
SC_R_A35_0, SC_R_A35_1, SC_R_A35_2, SC_R_A35_3
};
diff --git a/plat/mediatek/common/mtk_smc_handlers.c b/plat/mediatek/common/mtk_smc_handlers.c
index 51a960f..92b3873 100644
--- a/plat/mediatek/common/mtk_smc_handlers.c
+++ b/plat/mediatek/common/mtk_smc_handlers.c
@@ -51,6 +51,7 @@
x3 = x3 & MASK_32_BIT; \
x4 = x4 & MASK_32_BIT; \
} \
+ /* fallthrough */ \
case _smc_id##_AARCH64: \
{ \
if (_smc_id##_descriptor_index < 0) { \
diff --git a/plat/mediatek/drivers/iommu/mtk_iommu_smc.c b/plat/mediatek/drivers/iommu/mtk_iommu_smc.c
index 9762d0b..e998725 100644
--- a/plat/mediatek/drivers/iommu/mtk_iommu_smc.c
+++ b/plat/mediatek/drivers/iommu/mtk_iommu_smc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, MediaTek Inc. All rights reserved.
+ * Copyright (c) 2022-2023, MediaTek Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -75,25 +75,32 @@
return MTK_SIP_E_SUCCESS;
}
-static int mtk_infra_master_config_sec(uint32_t dev_id, uint32_t enable)
+static int mtk_infra_master_config_sec(uint32_t dev_id_msk, uint32_t enable)
{
const struct mtk_ifr_mst_config *ifr_cfg;
- uint32_t reg_addr;
+ uint32_t dev_id, reg_addr, reg_mask;
mtk_infra_iommu_enable_protect();
- if (dev_id >= MMU_DEV_NUM) {
- return MTK_SIP_E_NOT_SUPPORTED;
+ if (dev_id_msk >= BIT(MMU_DEV_NUM)) {
+ return MTK_SIP_E_INVALID_PARAM;
}
- ifr_cfg = &g_ifr_mst_cfg[dev_id];
- reg_addr = g_ifr_mst_cfg_base[(ifr_cfg->cfg_addr_idx)] +
- g_ifr_mst_cfg_offs[(ifr_cfg->cfg_addr_idx)];
+ for (dev_id = 0U; dev_id < MMU_DEV_NUM; dev_id++) {
+ if ((dev_id_msk & BIT(dev_id)) == 0U) {
+ continue;
+ }
- if (enable > 0U) {
- mmio_setbits_32(reg_addr, IFR_CFG_MMU_EN_MSK(ifr_cfg->r_mmu_en_bit));
- } else {
- mmio_clrbits_32(reg_addr, IFR_CFG_MMU_EN_MSK(ifr_cfg->r_mmu_en_bit));
+ ifr_cfg = &g_ifr_mst_cfg[dev_id];
+ reg_addr = g_ifr_mst_cfg_base[(ifr_cfg->cfg_addr_idx)] +
+ g_ifr_mst_cfg_offs[(ifr_cfg->cfg_addr_idx)];
+ reg_mask = IFR_CFG_MMU_EN_MSK(ifr_cfg->r_mmu_en_bit);
+
+ if (enable > 0U) {
+ mmio_setbits_32(reg_addr, reg_mask);
+ } else {
+ mmio_clrbits_32(reg_addr, reg_mask);
+ }
}
return MTK_SIP_E_SUCCESS;
diff --git a/plat/nvidia/tegra/soc/t186/plat_memctrl.c b/plat/nvidia/tegra/soc/t186/plat_memctrl.c
index 81de674..2533013 100644
--- a/plat/nvidia/tegra/soc/t186/plat_memctrl.c
+++ b/plat/nvidia/tegra/soc/t186/plat_memctrl.c
@@ -20,7 +20,7 @@
/*******************************************************************************
* Array to hold stream_id override config register offsets
******************************************************************************/
-const static uint32_t tegra186_streamid_override_regs[] = {
+static const uint32_t tegra186_streamid_override_regs[] = {
MC_STREAMID_OVERRIDE_CFG_SDMMCRA,
MC_STREAMID_OVERRIDE_CFG_SDMMCRAA,
MC_STREAMID_OVERRIDE_CFG_SDMMCR,
@@ -34,7 +34,7 @@
/*******************************************************************************
* Array to hold the security configs for stream IDs
******************************************************************************/
-const static mc_streamid_security_cfg_t tegra186_streamid_sec_cfgs[] = {
+static const mc_streamid_security_cfg_t tegra186_streamid_sec_cfgs[] = {
mc_make_sec_cfg(SCEW, NON_SECURE, NO_OVERRIDE, DISABLE),
mc_make_sec_cfg(AFIR, NON_SECURE, OVERRIDE, DISABLE),
mc_make_sec_cfg(AFIW, NON_SECURE, OVERRIDE, DISABLE),
@@ -112,7 +112,7 @@
/*******************************************************************************
* Array to hold the transaction override configs
******************************************************************************/
-const static mc_txn_override_cfg_t tegra186_txn_override_cfgs[] = {
+static const mc_txn_override_cfg_t tegra186_txn_override_cfgs[] = {
mc_make_txn_override_cfg(BPMPW, CGID_TAG_ADR),
mc_make_txn_override_cfg(EQOSW, CGID_TAG_ADR),
mc_make_txn_override_cfg(NVJPGSWR, CGID_TAG_ADR),
diff --git a/plat/nxp/common/psci/plat_psci.c b/plat/nxp/common/psci/plat_psci.c
index 9281e97..f6dd7b3 100644
--- a/plat/nxp/common/psci/plat_psci.c
+++ b/plat/nxp/common/psci/plat_psci.c
@@ -350,7 +350,7 @@
else if (SOC_SYSTEM_STANDBY)
state->pwr_domain_state[PLAT_MAX_LVL] =
PLAT_MAX_RET_STATE;
- /* intentional fall-thru condition */
+ /* fallthrough */
case PWR_STATE_LVL_SYS:
if (pwrdn && SOC_SYSTEM_PWR_DWN)
state->pwr_domain_state[PLAT_SYS_LVL] =
@@ -358,7 +358,7 @@
else if (SOC_SYSTEM_STANDBY)
state->pwr_domain_state[PLAT_SYS_LVL] =
PLAT_MAX_RET_STATE;
- /* intentional fall-thru condition */
+ /* fallthrough */
case PWR_STATE_LVL_CLSTR:
if (pwrdn && SOC_CLUSTER_PWR_DWN)
state->pwr_domain_state[PLAT_CLSTR_LVL] =
@@ -366,7 +366,7 @@
else if (SOC_CLUSTER_STANDBY)
state->pwr_domain_state[PLAT_CLSTR_LVL] =
PLAT_MAX_RET_STATE;
- /* intentional fall-thru condition */
+ /* fallthrough */
case PWR_STATE_LVL_CORE:
stat = PSCI_E_SUCCESS;
diff --git a/plat/xilinx/common/ipi.c b/plat/xilinx/common/ipi.c
index 6438896..8fa7bc5 100644
--- a/plat/xilinx/common/ipi.c
+++ b/plat/xilinx/common/ipi.c
@@ -39,7 +39,7 @@
#define IPI_BIT_MASK(I) (ipi_table[(I)].ipi_bit_mask)
/* IPI configuration table */
-const static struct ipi_config *ipi_table;
+static const struct ipi_config *ipi_table;
/* Total number of IPI */
static uint32_t ipi_total;
diff --git a/plat/xilinx/versal/bl31_versal_setup.c b/plat/xilinx/versal/bl31_versal_setup.c
index 9b36208..995c852 100644
--- a/plat/xilinx/versal/bl31_versal_setup.c
+++ b/plat/xilinx/versal/bl31_versal_setup.c
@@ -135,7 +135,7 @@
} else if (ret != FSBL_HANDOFF_SUCCESS) {
panic();
} else {
- INFO("BL31: fsbl-atf handover success %u\n", ret);
+ INFO("BL31: PLM to TF-A handover success %u\n", ret);
}
NOTICE("BL31: Secure code at 0x%lx\n", bl32_image_ep_info.pc);
diff --git a/plat/xilinx/versal/versal_ipi.c b/plat/xilinx/versal/versal_ipi.c
index f99af82..d821929 100644
--- a/plat/xilinx/versal/versal_ipi.c
+++ b/plat/xilinx/versal/versal_ipi.c
@@ -19,7 +19,7 @@
#include <lib/mmio.h>
/* versal ipi configuration table */
-const static struct ipi_config versal_ipi_table[] = {
+static const struct ipi_config versal_ipi_table[] = {
/* A72 IPI */
[IPI_ID_APU] = {
.ipi_bit_mask = IPI0_TRIG_BIT,
diff --git a/plat/xilinx/versal_net/include/versal_net_def.h b/plat/xilinx/versal_net/include/versal_net_def.h
index 8cb5bf3..14e63d5 100644
--- a/plat/xilinx/versal_net/include/versal_net_def.h
+++ b/plat/xilinx/versal_net/include/versal_net_def.h
@@ -53,9 +53,9 @@
#define PSX_CRF_RST_TIMESTAMP_OFFSET U(0x33C)
-#define APU_PCLI U(0xECB10000)
-#define APU_PCLI_CPU_STEP U(0x30)
-#define APU_PCLI_CLUSTER_CPU_STEP (4U * APU_PCLI_CPU_STEP)
+#define APU_PCLI (0xECB10000ULL)
+#define APU_PCLI_CPU_STEP (0x30ULL)
+#define APU_PCLI_CLUSTER_CPU_STEP (4ULL * APU_PCLI_CPU_STEP)
#define APU_PCLI_CLUSTER_OFFSET U(0x8000)
#define APU_PCLI_CLUSTER_STEP U(0x1000)
#define PCLI_PREQ_OFFSET U(0x4)
@@ -67,13 +67,29 @@
/* Firmware Image Package */
#define VERSAL_NET_PRIMARY_CPU U(0)
-#define CORE_0_IEN_POWER_OFFSET (0x00000018U)
+#define CORE_0_ISR_WAKE_OFFSET (0x00000020ULL)
+#define APU_PCIL_CORE_X_ISR_WAKE_REG(cpu_id) (APU_PCLI + (CORE_0_ISR_WAKE_OFFSET + \
+ (APU_PCLI_CPU_STEP * (cpu_id))))
+#define APU_PCIL_CORE_X_ISR_WAKE_MASK (0x00000001U)
+#define CORE_0_IEN_WAKE_OFFSET (0x00000028ULL)
+#define APU_PCIL_CORE_X_IEN_WAKE_REG(cpu_id) (APU_PCLI + (CORE_0_IEN_WAKE_OFFSET + \
+ (APU_PCLI_CPU_STEP * (cpu_id))))
+#define APU_PCIL_CORE_X_IEN_WAKE_MASK (0x00000001U)
+#define CORE_0_IDS_WAKE_OFFSET (0x0000002CULL)
+#define APU_PCIL_CORE_X_IDS_WAKE_REG(cpu_id) (APU_PCLI + (CORE_0_IDS_WAKE_OFFSET + \
+ (APU_PCLI_CPU_STEP * (cpu_id))))
+#define APU_PCIL_CORE_X_IDS_WAKE_MASK (0x00000001U)
+#define CORE_0_ISR_POWER_OFFSET (0x00000010ULL)
+#define APU_PCIL_CORE_X_ISR_POWER_REG(cpu_id) (APU_PCLI + (CORE_0_ISR_POWER_OFFSET + \
+ (APU_PCLI_CPU_STEP * (cpu_id))))
+#define APU_PCIL_CORE_X_ISR_POWER_MASK U(0x00000001)
+#define CORE_0_IEN_POWER_OFFSET (0x00000018ULL)
#define APU_PCIL_CORE_X_IEN_POWER_REG(cpu_id) (APU_PCLI + (CORE_0_IEN_POWER_OFFSET + \
- (0x30 * cpu_id)))
+ (APU_PCLI_CPU_STEP * (cpu_id))))
#define APU_PCIL_CORE_X_IEN_POWER_MASK (0x00000001U)
-#define CORE_0_IDS_POWER_OFFSET (0x0000001CU)
+#define CORE_0_IDS_POWER_OFFSET (0x0000001CULL)
#define APU_PCIL_CORE_X_IDS_POWER_REG(cpu_id) (APU_PCLI + (CORE_0_IDS_POWER_OFFSET + \
- (0x30 * cpu_id)))
+ (APU_PCLI_CPU_STEP * (cpu_id))))
#define APU_PCIL_CORE_X_IDS_POWER_MASK (0x00000001U)
#define CORE_PWRDN_EN_BIT_MASK (0x1U)
@@ -122,9 +138,17 @@
* UART related constants
******************************************************************************/
#define VERSAL_NET_UART0_BASE U(0xF1920000)
+#define VERSAL_NET_UART1_BASE U(0xF1930000)
+
#define VERSAL_NET_UART_BAUDRATE 115200
+#if VERSAL_NET_CONSOLE_IS(pl011) || VERSAL_NET_CONSOLE_IS(pl011_0)
#define VERSAL_NET_UART_BASE VERSAL_NET_UART0_BASE
+#elif VERSAL_NET_CONSOLE_IS(pl011_1)
+#define VERSAL_NET_UART_BASE VERSAL_NET_UART1_BASE
+#else
+# error "invalid VERSAL_NET_CONSOLE"
+#endif
#define PLAT_VERSAL_NET_CRASH_UART_BASE VERSAL_NET_UART_BASE
#define PLAT_VERSAL_NET_CRASH_UART_CLK_IN_HZ VERSAL_NET_UART_CLOCK
diff --git a/plat/xilinx/versal_net/plat_psci_pm.c b/plat/xilinx/versal_net/plat_psci_pm.c
index 8beaa9a..c713061 100644
--- a/plat/xilinx/versal_net/plat_psci_pm.c
+++ b/plat/xilinx/versal_net/plat_psci_pm.c
@@ -196,6 +196,7 @@
VERBOSE("%s: power_state: 0x%x\n", __func__, power_state);
int32_t pstate = psci_get_pstate_type(power_state);
+ uint64_t i;
assert(req_state);
@@ -203,7 +204,8 @@
if (pstate == PSTATE_TYPE_STANDBY) {
req_state->pwr_domain_state[MPIDR_AFFLVL0] = PLAT_MAX_RET_STATE;
} else {
- req_state->pwr_domain_state[MPIDR_AFFLVL0] = PLAT_MAX_OFF_STATE;
+ for (i = MPIDR_AFFLVL0; i <= PLAT_MAX_PWR_LVL; i++)
+ req_state->pwr_domain_state[i] = PLAT_MAX_OFF_STATE;
}
/* We expect the 'state id' to be zero */
@@ -221,8 +223,10 @@
*/
static void versal_net_get_sys_suspend_power_state(psci_power_state_t *req_state)
{
- req_state->pwr_domain_state[PSCI_CPU_PWR_LVL] = PLAT_MAX_OFF_STATE;
- req_state->pwr_domain_state[1] = PLAT_MAX_OFF_STATE;
+ uint64_t i;
+
+ for (i = MPIDR_AFFLVL0; i <= PLAT_MAX_PWR_LVL; i++)
+ req_state->pwr_domain_state[i] = PLAT_MAX_OFF_STATE;
}
static const struct plat_psci_ops versal_net_nopmc_psci_ops = {
diff --git a/plat/xilinx/versal_net/platform.mk b/plat/xilinx/versal_net/platform.mk
index b3d56bc..622ae98 100644
--- a/plat/xilinx/versal_net/platform.mk
+++ b/plat/xilinx/versal_net/platform.mk
@@ -53,6 +53,11 @@
HW_ASSISTED_COHERENCY := 1
VERSAL_NET_CONSOLE ?= pl011
+ifeq (${VERSAL_NET_CONSOLE}, $(filter ${VERSAL_NET_CONSOLE},pl011 pl011_0 pl011_1))
+else
+ $(error Please define VERSAL_NET_CONSOLE)
+endif
+
$(eval $(call add_define_val,VERSAL_NET_CONSOLE,VERSAL_NET_CONSOLE_ID_${VERSAL_NET_CONSOLE}))
PLAT_INCLUDES := -Iinclude/plat/arm/common/ \
diff --git a/plat/xilinx/versal_net/pm_service/pm_client.c b/plat/xilinx/versal_net/pm_service/pm_client.c
index 6487324..f543193 100644
--- a/plat/xilinx/versal_net/pm_service/pm_client.c
+++ b/plat/xilinx/versal_net/pm_service/pm_client.c
@@ -164,8 +164,18 @@
isb();
+ /* Clear power down interrupt status before enabling */
+ mmio_write_32(APU_PCIL_CORE_X_ISR_POWER_REG(cpu_id),
+ APU_PCIL_CORE_X_ISR_POWER_MASK);
+ /* Enable power down interrupt */
mmio_write_32(APU_PCIL_CORE_X_IEN_POWER_REG(cpu_id),
APU_PCIL_CORE_X_IEN_POWER_MASK);
+ /* Clear wakeup interrupt status before enabling */
+ mmio_write_32(APU_PCIL_CORE_X_ISR_WAKE_REG(cpu_id),
+ APU_PCIL_CORE_X_ISR_WAKE_MASK);
+ /* Enable wake interrupt */
+ mmio_write_32(APU_PCIL_CORE_X_IEN_WAKE_REG(cpu_id),
+ APU_PCIL_CORE_X_IEN_WAKE_MASK);
bakery_lock_release(&pm_client_secure_lock);
}
@@ -197,6 +207,7 @@
void pm_client_wakeup(const struct pm_proc *proc)
{
uint32_t cpuid = pm_get_cpuid(proc->node_id);
+ uintptr_t val;
if (cpuid == UNDEFINED_CPUID) {
return;
@@ -204,7 +215,22 @@
bakery_lock_get(&pm_client_secure_lock);
- /* TODO: clear powerdown bit for affected cpu */
+ /* Clear powerdown request */
+ val = read_cpu_pwrctrl_val();
+ val &= ~CORE_PWRDN_EN_BIT_MASK;
+ write_cpu_pwrctrl_val(val);
+
+ isb();
+
+ /* Disabled power down interrupt */
+ mmio_write_32(APU_PCIL_CORE_X_IDS_POWER_REG(cpuid),
+ APU_PCIL_CORE_X_IDS_POWER_MASK);
+ /* Clear wakeup interrupt status before disabling */
+ mmio_write_32(APU_PCIL_CORE_X_ISR_WAKE_REG(cpuid),
+ APU_PCIL_CORE_X_ISR_WAKE_MASK);
+ /* Disable wake interrupt */
+ mmio_write_32(APU_PCIL_CORE_X_IDS_WAKE_REG(cpuid),
+ APU_PCIL_CORE_X_IDS_WAKE_MASK);
bakery_lock_release(&pm_client_secure_lock);
}
diff --git a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
index 4adbef3..a3f0278 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
@@ -334,22 +334,18 @@
SMC_RET1(handle, (uint64_t)ret);
case PM_GET_API_VERSION:
- /* Check is PM API version already verified */
- if (pm_ctx.api_version >= PM_VERSION) {
- if (ipi_irq_flag == 0U) {
- /*
- * Enable IPI IRQ
- * assume the rich OS is OK to handle callback IRQs now.
- * Even if we were wrong, it would not enable the IRQ in
- * the GIC.
- */
- pm_ipi_irq_enable(primary_proc);
- ipi_irq_flag = 1U;
- }
- SMC_RET1(handle, (uint64_t)PM_RET_SUCCESS |
- ((uint64_t)pm_ctx.api_version << 32));
+ if (ipi_irq_flag == 0U) {
+ /*
+ * Enable IPI IRQ
+ * assume the rich OS is OK to handle callback IRQs now.
+ * Even if we were wrong, it would not enable the IRQ in
+ * the GIC.
+ */
+ pm_ipi_irq_enable(primary_proc);
+ ipi_irq_flag = 1U;
}
-
+ SMC_RET1(handle, (uint64_t)PM_RET_SUCCESS |
+ ((uint64_t)pm_ctx.api_version << 32));
case PM_FPGA_LOAD:
ret = pm_fpga_load(pm_arg[0], pm_arg[1], pm_arg[2], pm_arg[3]);
SMC_RET1(handle, (uint64_t)ret);
diff --git a/plat/xilinx/zynqmp/zynqmp_ipi.c b/plat/xilinx/zynqmp/zynqmp_ipi.c
index 4ea3c6a..acd31df 100644
--- a/plat/xilinx/zynqmp/zynqmp_ipi.c
+++ b/plat/xilinx/zynqmp/zynqmp_ipi.c
@@ -21,7 +21,7 @@
#include <plat_private.h>
/* Zynqmp ipi configuration table */
-const static struct ipi_config zynqmp_ipi_table[] = {
+static const struct ipi_config zynqmp_ipi_table[] = {
/* APU IPI */
{
.ipi_bit_mask = 0x1,
diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
index 7e6c89d..afd0f2e 100644
--- a/services/std_svc/spmd/spmd_main.c
+++ b/services/std_svc/spmd/spmd_main.c
@@ -868,7 +868,8 @@
FFA_ERROR_NOT_SUPPORTED);
}
- /* Fall through to forward the call to the other world */
+ /* Forward the call to the other world */
+ /* fallthrough */
case FFA_MSG_SEND:
case FFA_MSG_SEND_DIRECT_RESP_SMC64:
case FFA_MEM_DONATE_SMC32:
@@ -908,7 +909,8 @@
spmd_spm_core_sync_exit(0ULL);
}
- /* Fall through to forward the call to the other world */
+ /* Forward the call to the other world */
+ /* fallthrough */
case FFA_INTERRUPT:
case FFA_MSG_YIELD:
/* This interface must be invoked only by the Secure world */