Merge changes from topic "mp/ras_refactoring" into integration
* changes:
fix(debug): decouple "get_el_str()" from backtrace
fix(bl31): harden check in delegate_async_ea
diff --git a/Makefile b/Makefile
index a9abbc1..70d5338 100644
--- a/Makefile
+++ b/Makefile
@@ -1079,6 +1079,7 @@
ENABLE_MPMM_FCONF \
SIMICS_BUILD \
FEATURE_DETECTION \
+ TRNG_SUPPORT \
)))
$(eval $(call assert_numerics,\
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index bf5bd8d..0283553 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -512,7 +512,7 @@
/*
* Shift copied SCR_EL3.NSE bit by 5 to create space for
- * SCR_EL3.NS bit. Bit 5 of the flag correspondes to
+ * SCR_EL3.NS bit. Bit 5 of the flag corresponds to
* the SCR_EL3.NSE bit.
*/
lsl x7, x7, #5
@@ -521,6 +521,16 @@
/* Copy SCR_EL3.NS bit to the flag to indicate caller's security */
bfi x7, x18, #0, #1
+ /*
+ * Per SMCCCv1.3 a caller can set the SVE hint bit in the SMC FID
+ * passed through x0. Copy the SVE hint bit to flags and mask the
+ * bit in smc_fid passed to the standard service dispatcher.
+ * A service/dispatcher can retrieve the SVE hint bit state from
+ * flags using the appropriate helper.
+ */
+ bfi x7, x0, #FUNCID_SVE_HINT_SHIFT, #FUNCID_SVE_HINT_MASK
+ bic x0, x0, #(FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT)
+
mov sp, x12
/* Get the unique owning entity number */
diff --git a/changelog.yaml b/changelog.yaml
index 8fcb217..cfb2bb5 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -89,18 +89,42 @@
- title: Activity Monitors Extension (FEAT_AMU)
scope: amu
+ - title: Branch Record Buffer Extension (FEAT_BRBE)
+ scope: brbe
+
+ - title: Branch Target Identification Extension
+ scope: bti
+
- title: Confidential Compute Architecture (CCA)
scope: cca
+ - title: Extended Cache Index (FEAT_CCIDX)
+ scope: ccidx
+
- title: Support for the `HCRX_EL2` register (FEAT_HCX)
scope: hcx
- title: Memory Partitioning and Monitoring (MPAM) Extension (FEAT_MPAM)
scope: mpam
+ - title: Memory Tagging Extension
+ scope: mte
+
+ - title: Pointer Authentication Extension
+ scope: pauth
+
+ - title: Performance Monitors Extension (FEAT_PMUv3)
+ scope: pmu
+
+ - title: Trapping support for RNDR/RNDRRS (FEAT_RNG_TRAP)
+ scope: rng-trap
+
- title: Scalable Matrix Extension (FEAT_SME)
scope: sme
+ - title: Statistical profiling Extension (FEAT_SPE)
+ scope: spe
+
- title: Scalable Vector Extension (FEAT_SVE)
scope: sve
@@ -116,21 +140,6 @@
- title: Self-hosted Trace Extensions (FEAT_TRF)
scope: trf
- - title: Statistical profiling Extension (FEAT_SPE)
- scope: spe
-
- - title: Branch Record Buffer Extension (FEAT_BRBE)
- scope: brbe
-
- - title: Extended Cache Index (FEAT_CCIDX)
- scope: ccidx
-
- - title: Trapping support for RNDR/RNDRRS (FEAT_RNG_TRAP)
- scope: rng-trap
-
- - title: Performance Monitors Extension (FEAT_PMUv3)
- scope: pmu
-
- title: Platforms
subsections:
@@ -147,6 +156,12 @@
- plat/arm
subsections:
+ - title: CSS
+ scope: css
+
+ deprecated:
+ - plat/arm/css
+
- title: FPGA
scope: fpga
@@ -160,6 +175,7 @@
deprecated:
- plat/fvp
+ - fvp/tsp_manifest
- title: FVP-R
scope: fvp-r
@@ -167,6 +183,9 @@
deprecated:
- fvp_r
+ - title: FVP Versatile Express
+ scope: fvp_ve
+
- title: Juno
scope: juno
@@ -209,6 +228,16 @@
- title: Broadcom
scope: brcm
+ - title: HiSilicon
+ scope: hisilicon
+
+ subsections:
+ - title: HiKey
+ scope: hikey
+
+ - title: HiKey960
+ scope: hikey960
+
- title: Intel
scope: intel
@@ -256,6 +285,16 @@
deprecated:
- plat/mediatek/mt8183
+ - title: MT8186
+ scope: mt8186
+
+ deprecated:
+ - plat/mediatek/mt8186
+ - mt8186-emi-mpu
+
+ - title: MT8188
+ scope: mt8188
+
- title: MT8192
scope: mt8192
@@ -270,12 +309,6 @@
- plat/mediatek/mt8195
- plat/mdeiatek/mt8195
- - title: MT8186
- scope: mt8186
-
- deprecated:
- - plat/mediatek/mt8186
-
- title: NVIDIA
scope: nvidia
@@ -426,6 +459,9 @@
- title: QTI
scope: qti
+ deprecated:
+ - plat/qti
+
subsections:
- title: SC1780
scope: sc7180
@@ -446,6 +482,9 @@
scope: rpi
subsections:
+ - title: Raspberry Pi 3
+ scope: rpi3
+
- title: Raspberry Pi 4
scope: rpi4
@@ -514,6 +553,9 @@
- title: K3
scope: k3
+ deprecated:
+ - ti-k3
+
- title: Xilinx
scope: xilinx
@@ -529,6 +571,13 @@
- plat/xilinx/versal
- plat/versal
+ subsections:
+ - title: Versal NET
+ scope: versal-net
+
+ deprecated:
+ - versal_net
+
- title: ZynqMP
scope: zynqmp
@@ -572,6 +621,9 @@
- title: RME
scope: rme
+ deprecated:
+ - rme/fid
+
subsections:
- title: TRP
scope: trp
@@ -586,6 +638,9 @@
- title: EL3 SPMC
scope: el3-spmc
+ deprecated:
+ - spmc
+
- title: SPMD
scope: spmd
@@ -595,6 +650,9 @@
- title: DRTM
scope: drtm
+ - title: TRNG
+ scope: trng
+
- title: Libraries
subsections:
@@ -616,6 +674,9 @@
- title: Context Management
scope: cm
+ - title: RAS
+ scope: ras
+
- title: FCONF
scope: fconf
@@ -652,8 +713,14 @@
- title: PSA
scope: psa
+ deprecated:
+ - lib/psa
+
- title: Context Management
- scope: context mgmt
+ scope: context-mgmt
+
+ deprecated:
+ - context mgmt
- title: Semihosting
scope: semihosting
@@ -735,6 +802,7 @@
deprecated:
- scmi_common
- drivers/scmi-msg
+ - scmi-msg
- title: UFS
scope: ufs
@@ -756,7 +824,13 @@
- title: GICv3
scope: gicv3
+ deprecated:
+ - gicv3/multichip
+
subsections:
+ - title: GIC-600
+ scope: gic600
+
- title: GIC-600AE
scope: gic600ae
@@ -1171,6 +1245,9 @@
- title: Certificate Creation Tool
scope: cert-create
+ deprecated:
+ - cert_create
+
- title: Dependencies
scope: deps
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index a980ed9..bbb8b18 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -631,6 +631,8 @@
:|G|: `lachitp`_
:|M|: Sreevyshanavi Kare <skare@codeaurora.org>
:|G|: `sreekare`_
+:|M|: Muhammad Arsath K F <quic_mkf@quicinc.com>
+:|G|: `quic_mkf`_
:|M|: QTI TF Maintainers <qti.trustedfirmware.maintainers@codeaurora.org>
:|F|: docs/plat/qti.rst
:|F|: plat/qti/
@@ -878,6 +880,7 @@
.. _niej: https://github.com/niej
.. _npoushin: https://github.com/npoushin
.. _prabhakarlad: https://github.com/prabhakarlad
+.. _quic_mkf: https://github.com/quicmkf
.. _remi-triplefault: https://github.com/repk
.. _rockchip-linux: https://github.com/rockchip-linux
.. _sandrine-bailleux-arm: https://github.com/sandrine-bailleux-arm
diff --git a/docs/about/release-information.rst b/docs/about/release-information.rst
index e9eaa80..c0875b6 100644
--- a/docs/about/release-information.rst
+++ b/docs/about/release-information.rst
@@ -56,9 +56,9 @@
Removal of Deprecated Interfaces
--------------------------------
-As mentioned in the :ref:`Platform Compatibility Policy`, this is a live
-document cataloging all the deprecated interfaces in TF-A project and the
-Release version after which it will be removed.
+As mentioned in the :ref:`Platform Ports Policy`, this is a live document
+cataloging all the deprecated interfaces in TF-A project and the Release version
+after which it will be removed.
+--------------------------------+-------------+---------+---------------------------------------------------------+
| Interface | Deprecation | Removed | Comments |
@@ -70,4 +70,4 @@
--------------
-*Copyright (c) 2018-2021, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/components/realm-management-extension.rst b/docs/components/realm-management-extension.rst
index ea921fc..6fc0c2e 100644
--- a/docs/components/realm-management-extension.rst
+++ b/docs/components/realm-management-extension.rst
@@ -95,66 +95,218 @@
This section describes how you can build and run TF-A with RME enabled.
We assume you have all the :ref:`Prerequisites` to build TF-A.
-To enable RME, you need to set the ENABLE_RME build flag when building
-TF-A. Currently, this feature is only supported for the FVP platform.
-
The following instructions show you how to build and run TF-A with RME
-for two scenarios: TF-A with TF-A Tests, and four-world execution with
-Hafnium and TF-A Tests. The instructions assume you have already obtained
-TF-A. You can use the following command to clone TF-A.
+for two scenarios:
-.. code:: shell
+- Three-world execution: TF-A with TF-A Tests or Linux.
- git clone https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
+ - NS (TF-A Test or Linux),
+ - Root (TF-A)
+ - Realm (RMM or TRP)
+
+- Four-world execution: TF-A, Hafnium and TF-A Tests or Linux.
+
+ - NS (TF-A Test or Linux),
+ - Root (TF-A)
+ - Realm (RMM or TRP)
+ - SPM (Hafnium)
To run the tests, you need an FVP model. Please use the :ref:`latest version
<Arm Fixed Virtual Platforms (FVP)>` of *FVP_Base_RevC-2xAEMvA* model.
-.. note::
+Three World Testing with TF-A Tests
+*************************************
- ENABLE_RME build option is currently experimental.
+**1. Obtain and build TF-A Tests with Realm Payload**
-Building TF-A with TF-A Tests
-********************************************
+The full set of instructions to setup build host and build options for
+TF-A-Tests can be found in the `TFTF Getting Started`_.
+
Use the following instructions to build TF-A with `TF-A Tests`_ as the
non-secure payload (BL33).
-**1. Obtain and build TF-A Tests**
-
.. code:: shell
git clone https://git.trustedfirmware.org/TF-A/tf-a-tests.git
cd tf-a-tests
- make CROSS_COMPILE=aarch64-none-elf- PLAT=fvp DEBUG=1
+ make CROSS_COMPILE=aarch64-none-elf- PLAT=fvp DEBUG=1 all pack_realm
-This produces a TF-A Tests binary (*tftf.bin*) in the *build/fvp/debug* directory.
+This produces a TF-A Tests binary (**tftf.bin**) with Realm payload packaged
+and **sp_layout.json** in the **build/fvp/debug** directory.
-**2. Build TF-A**
+**2. Obtain and build RMM Image**
+
+Please refer to the `RMM Getting Started`_ on how to setup
+Host Environment and build RMM.
+
+The below command shows how to build RMM using the default build options for FVP.
.. code:: shell
+ git clone --recursive https://git.trustedfirmware.org/TF-RMM/tf-rmm.git
+ cd tf-rmm
+ cmake -DRMM_CONFIG=fvp_defcfg -S . -B build
+ cmake --build build
+
+This will generate **rmm.img** in **build** folder.
+
+**3. Build TF-A**
+
+The `TF-A Getting Started`_ has the necessary instructions to setup Host
+machine and build TF-A.
+
+To build for RME, set ``ENABLE_RME`` build option to 1 and provide the path to
+the RMM binary using the ``RMM`` build option.
+Currently, this feature is only supported for the FVP platform.
+
+.. note::
+
+ ENABLE_RME build option is currently experimental.
+
+If the ``RMM`` option is not used, then the Test Realm Payload (TRP) in TF-A
+will be built and used as the RMM.
+
+.. code:: shell
+
+ git clone https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
cd trusted-firmware-a
make CROSS_COMPILE=aarch64-none-elf- \
PLAT=fvp \
ENABLE_RME=1 \
+ RMM=<path/to/rmm.img> \
FVP_HW_CONFIG_DTS=fdts/fvp-base-gicv3-psci-1t.dts \
DEBUG=1 \
BL33=<path/to/tftf.bin> \
all fip
+This produces **bl1.bin** and **fip.bin** binaries in the **build/fvp/debug** directory.
+
+Running the tests for a 3 world FVP setup
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Use the following command to run the tests on FVP. TF-A Tests should boot
+and run the default tests including Realm world tests.
+
+.. code:: shell
+
+ FVP_Base_RevC-2xAEMvA \
+ -C bp.refcounter.non_arch_start_at_default=1 \
+ -C bp.secureflashloader.fname=<path/to/bl1.bin> \
+ -C bp.flashloader0.fname=<path/to/fip.bin> \
+ -C bp.refcounter.use_real_time=0 \
+ -C bp.ve_sysregs.exit_on_shutdown=1 \
+ -C cache_state_modelled=1 \
+ -C bp.dram_size=2 \
+ -C bp.secure_memory=1 \
+ -C pci.pci_smmuv3.mmu.SMMU_ROOT_IDR0=3 \
+ -C pci.pci_smmuv3.mmu.SMMU_ROOT_IIDR=0x43B \
+ -C pci.pci_smmuv3.mmu.root_register_page_offset=0x20000 \
+ -C cluster0.NUM_CORES=4 \
+ -C cluster0.PA_SIZE=48 \
+ -C cluster0.ecv_support_level=2 \
+ -C cluster0.gicv3.cpuintf-mmap-access-level=2 \
+ -C cluster0.gicv3.without-DS-support=1 \
+ -C cluster0.gicv4.mask-virtual-interrupt=1 \
+ -C cluster0.has_arm_v8-6=1 \
+ -C cluster0.has_amu=1 \
+ -C cluster0.has_branch_target_exception=1 \
+ -C cluster0.rme_support_level=2 \
+ -C cluster0.has_rndr=1 \
+ -C cluster0.has_v8_7_pmu_extension=2 \
+ -C cluster0.max_32bit_el=-1 \
+ -C cluster0.stage12_tlb_size=1024 \
+ -C cluster0.check_memory_attributes=0 \
+ -C cluster0.ish_is_osh=1 \
+ -C cluster0.restriction_on_speculative_execution=2 \
+ -C cluster0.restriction_on_speculative_execution_aarch32=2 \
+ -C cluster1.NUM_CORES=4 \
+ -C cluster1.PA_SIZE=48 \
+ -C cluster1.ecv_support_level=2 \
+ -C cluster1.gicv3.cpuintf-mmap-access-level=2 \
+ -C cluster1.gicv3.without-DS-support=1 \
+ -C cluster1.gicv4.mask-virtual-interrupt=1 \
+ -C cluster1.has_arm_v8-6=1 \
+ -C cluster1.has_amu=1 \
+ -C cluster1.has_branch_target_exception=1 \
+ -C cluster1.rme_support_level=2 \
+ -C cluster1.has_rndr=1 \
+ -C cluster1.has_v8_7_pmu_extension=2 \
+ -C cluster1.max_32bit_el=-1 \
+ -C cluster1.stage12_tlb_size=1024 \
+ -C cluster1.check_memory_attributes=0 \
+ -C cluster1.ish_is_osh=1 \
+ -C cluster1.restriction_on_speculative_execution=2 \
+ -C cluster1.restriction_on_speculative_execution_aarch32=2 \
+ -C pctl.startup=0.0.0.0 \
+ -C bp.smsc_91c111.enabled=1 \
+ -C bp.hostbridge.userNetworking=1
+
+The bottom of the output from *uart0* should look something like the following.
+
+.. code-block:: shell
+
+ ...
+
+ > Test suite 'FF-A Interrupt'
+ Passed
+ > Test suite 'SMMUv3 tests'
+ Passed
+ > Test suite 'PMU Leakage'
+ Passed
+ > Test suite 'DebugFS'
+ Passed
+ > Test suite 'RMI and SPM tests'
+ Passed
+ > Test suite 'Realm payload at EL1'
+ Passed
+ > Test suite 'Invalid memory access'
+ Passed
+ ...
+
+Building TF-A with RME enabled Linux Kernel
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If an RME enabled Linux kernel and filesystem is available for testing,
+and a suitable NS boot loader is not available, then this option can be used to
+launch kernel directly after BL31:
+
+.. code-block:: shell
+
+ cd trusted-firmware-a
+ make CROSS_COMPILE=aarch64-none-elf- \
+ PLAT=fvp \
+ ENABLE_RME=1 \
+ RMM=<path/to/rmm.img> \
+ FVP_HW_CONFIG_DTS=fdts/fvp-base-gicv3-psci-1t.dts \
+ DEBUG=1 \
+ ARM_LINUX_KERNEL_AS_BL33=1 \
+ PRELOADED_BL33_BASE=0x84000000 \
+ all fip
+
+Boot and run the RME enabled Linux Kernel
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Use the following additional arguments to boot the kernel on FVP.
+
+.. code-block:: shell
+
+ --data cluster0.cpu0=<path_to_kernel_Image>@0x84000000 \
+ -C bp.virtioblockdevice.image_path=<path_to_rootfs.ext4>
+
-This produces *bl1.bin* and *fip.bin* binaries in the *build/fvp/debug* directory.
-The above command also builds TRP. The TRP binary is packaged in *fip.bin*.
+.. tip::
+
+ Set the FVP option `cache_state_modelled=0` to run Linux based tests much faster.
Four-world execution with Hafnium and TF-A Tests
-****************************************************
-Four-world execution involves software components at each security state: root,
+*************************************************
+
+Four-world execution involves software components in each security state: root,
secure, realm and non-secure. This section describes how to build TF-A
-with four-world support. We use TF-A as the root firmware, `Hafnium`_ as the
-secure component, TRP as the realm-world firmware and TF-A Tests as the
-non-secure payload.
+with four-world support.
-Before building TF-A, you first need to build the other software components.
-You can find instructions on how to get and build TF-A Tests above.
+We use TF-A as the root firmware, `Hafnium SPM`_ is the reference Secure world component
+and the software components for the other 2 worlds (Realm and Non-Secure)
+are as described in the previous section.
**1. Obtain and build Hafnium**
@@ -164,6 +316,27 @@
cd hafnium
# Use the default prebuilt LLVM/clang toolchain
PATH=$PWD/prebuilts/linux-x64/clang/bin:$PWD/prebuilts/linux-x64/dtc:$PATH
+
+Feature MTE needs to be disabled in Hafnium build, apply following patch to
+project/reference submodule
+
+.. code:: diff
+
+ diff --git a/BUILD.gn b/BUILD.gn
+ index cc6a78f..234b20a 100644
+ --- a/BUILD.gn
+ +++ b/BUILD.gn
+ @@ -83,7 +83,6 @@ aarch64_toolchains("secure_aem_v8a_fvp") {
+ pl011_base_address = "0x1c090000"
+ smmu_base_address = "0x2b400000"
+ smmu_memory_size = "0x100000"
+ - enable_mte = "1"
+ plat_log_level = "LOG_LEVEL_INFO"
+ }
+ }
+
+.. code:: shell
+
make PROJECT=reference
The Hafnium binary should be located at
@@ -173,6 +346,8 @@
Build TF-A with RME as well as SPM enabled.
+Use sp_layout.json previously generated in tf-a-test build.
+
.. code:: shell
make CROSS_COMPILE=aarch64-none-elf- \
@@ -184,92 +359,33 @@
BRANCH_PROTECTION=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
DEBUG=1 \
- SP_LAYOUT_FILE=<path/to/tf-a-tests>/build/fvp/debug/sp_layout.json> \
+ SP_LAYOUT_FILE=<path/to/sp_layout.json> \
BL32=<path/to/hafnium.bin> \
BL33=<path/to/tftf.bin> \
+ RMM=<path/to/rmm.img> \
all fip
-Running the tests
-*********************
-Use the following command to run the tests on FVP. TF-A Tests should boot
-and run the default tests including RME tests.
+Running the tests for a 4 world FVP setup
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-.. code:: shell
-
- FVP_Base_RevC-2xAEMvA \
- -C bp.flashloader0.fname=<path/to/fip.bin> \
- -C bp.secureflashloader.fname=<path/to/bl1.bin> \
- -C bp.refcounter.non_arch_start_at_default=1 \
- -C bp.refcounter.use_real_time=0 \
- -C bp.ve_sysregs.exit_on_shutdown=1 \
- -C cache_state_modelled=1 \
- -C cluster0.NUM_CORES=4 \
- -C cluster0.PA_SIZE=48 \
- -C cluster0.ecv_support_level=2 \
- -C cluster0.gicv3.cpuintf-mmap-access-level=2 \
- -C cluster0.gicv3.without-DS-support=1 \
- -C cluster0.gicv4.mask-virtual-interrupt=1 \
- -C cluster0.has_arm_v8-6=1 \
- -C cluster0.has_branch_target_exception=1 \
- -C cluster0.has_rme=1 \
- -C cluster0.has_rndr=1 \
- -C cluster0.has_amu=1 \
- -C cluster0.has_v8_7_pmu_extension=2 \
- -C cluster0.max_32bit_el=-1 \
- -C cluster0.restriction_on_speculative_execution=2 \
- -C cluster0.restriction_on_speculative_execution_aarch32=2 \
- -C cluster1.NUM_CORES=4 \
- -C cluster1.PA_SIZE=48 \
- -C cluster1.ecv_support_level=2 \
- -C cluster1.gicv3.cpuintf-mmap-access-level=2 \
- -C cluster1.gicv3.without-DS-support=1 \
- -C cluster1.gicv4.mask-virtual-interrupt=1 \
- -C cluster1.has_arm_v8-6=1 \
- -C cluster1.has_branch_target_exception=1 \
- -C cluster1.has_rme=1 \
- -C cluster1.has_rndr=1 \
- -C cluster1.has_amu=1 \
- -C cluster1.has_v8_7_pmu_extension=2 \
- -C cluster1.max_32bit_el=-1 \
- -C cluster1.restriction_on_speculative_execution=2 \
- -C cluster1.restriction_on_speculative_execution_aarch32=2 \
- -C pci.pci_smmuv3.mmu.SMMU_AIDR=2 \
- -C pci.pci_smmuv3.mmu.SMMU_IDR0=0x0046123B \
- -C pci.pci_smmuv3.mmu.SMMU_IDR1=0x00600002 \
- -C pci.pci_smmuv3.mmu.SMMU_IDR3=0x1714 \
- -C pci.pci_smmuv3.mmu.SMMU_IDR5=0xFFFF0475 \
- -C pci.pci_smmuv3.mmu.SMMU_S_IDR1=0xA0000002 \
- -C pci.pci_smmuv3.mmu.SMMU_S_IDR2=0 \
- -C pci.pci_smmuv3.mmu.SMMU_S_IDR3=0 \
- -C bp.pl011_uart0.out_file=uart0.log \
- -C bp.pl011_uart1.out_file=uart1.log \
- -C bp.pl011_uart2.out_file=uart2.log \
- -C pctl.startup=0.0.0.0 \
- -Q 1000 \
- "$@"
+Use the following arguments in addition to
+`Running the tests for a 3 world FVP setup`_ to run tests for 4 world setup.
-The bottom of the output from *uart0* should look something like the following.
-
-.. code-block:: shell
-
- ...
-
- > Test suite 'FF-A Interrupt'
- Passed
- > Test suite 'SMMUv3 tests'
- Passed
- > Test suite 'PMU Leakage'
- Passed
- > Test suite 'DebugFS'
- Passed
- > Test suite 'Realm payload tests'
- Passed
- > Test suite 'Invalid memory access'
- Passed
- ...
+.. code:: shell
+ -C pci.pci_smmuv3.mmu.SMMU_AIDR=2 \
+ -C pci.pci_smmuv3.mmu.SMMU_IDR0=0x0046123B \
+ -C pci.pci_smmuv3.mmu.SMMU_IDR1=0x00600002 \
+ -C pci.pci_smmuv3.mmu.SMMU_IDR3=0x1714 \
+ -C pci.pci_smmuv3.mmu.SMMU_IDR5=0xFFFF0475 \
+ -C pci.pci_smmuv3.mmu.SMMU_S_IDR1=0xA0000002 \
+ -C pci.pci_smmuv3.mmu.SMMU_S_IDR2=0 \
+ -C pci.pci_smmuv3.mmu.SMMU_S_IDR3=0
.. _Arm Confidential Compute Architecture (Arm CCA): https://www.arm.com/why-arm/architecture/security-features/arm-confidential-compute-architecture
.. _Arm Architecture Models website: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms/arm-ecosystem-models
+.. _TF-A Getting Started: https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/index.html
.. _TF-A Tests: https://trustedfirmware-a-tests.readthedocs.io/en/latest
-.. _Hafnium: https://www.trustedfirmware.org/projects/hafnium
+.. _TFTF Getting Started: https://trustedfirmware-a-tests.readthedocs.io/en/latest/getting_started/index.html
+.. _Hafnium SPM: https://www.trustedfirmware.org/projects/hafnium
+.. _RMM Getting Started: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tree/docs/getting_started/index.rst
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 7ba79b9..03b3ee5 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -256,6 +256,10 @@
- ``ERRATA_A76_1946160``: This applies errata 1946160 workaround to Cortex-A76
CPU. This needs to be enabled only for revisions r3p0 - r4p1 of the CPU.
+- ``ERRATA_A76_2743102``: This applies errata 2743102 workaround to Cortex-A76
+ CPU. This needs to be enabled for all revisions <= r4p1 of the CPU and is
+ still open.
+
For Cortex-A77, the following errata build flags are defined :
- ``ERRATA_A77_1508412``: This applies errata 1508412 workaround to Cortex-A77
@@ -399,6 +403,10 @@
CPU. This needs to be enabled for revisions r3p0, r3p1, r4p0, and r4p1, for
revisions r0p0, r1p0, and r2p0 there is no workaround.
+- ``ERRATA_N1_2743102``: This applies errata 2743102 workaround to Neoverse-N1
+ CPU. This needs to be enabled for all revisions <= r4p1 of the CPU and is
+ still open.
+
For Neoverse V1, the following errata build flags are defined :
- ``ERRATA_V1_1618635``: This applies errata 1618635 workaround to Neoverse-V1
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index 71fdfcb..84bba18 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -990,9 +990,10 @@
directly, the others are saved into memory for retrieval (if needed) by the
handler. The handler is also provided with an opaque ``handle`` for use with the
supporting library for parameter retrieval, setting return values and context
-manipulation; and with ``flags`` indicating the security state of the caller. The
-framework finally sets up the execution stack for the handler, and invokes the
-services ``handle()`` function.
+manipulation. The ``flags`` parameter indicates the security state of the caller
+and the state of the SVE hint bit per the SMCCCv1.3. The framework finally sets
+up the execution stack for the handler, and invokes the services ``handle()``
+function.
On return from the handler the result registers are populated in X0-X7 as needed
before restoring the stack and CPU state and returning from the original SMC.
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 5980050..68ef4ce 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -851,6 +851,9 @@
hardware will limit the effective VL to the maximum physically supported
VL.
+- ``TRNG_SUPPORT``: Setting this to ``1`` enables support for True
+ Random Number Generator Interface to BL31 image. This defaults to ``0``.
+
- ``TRUSTED_BOARD_BOOT``: Boolean flag to include support for the Trusted Board
Boot feature. When set to '1', BL1 and BL2 images include support to load
and verify the certificates and images in a FIP, and BL1 includes support
diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst
index 6996c17..87b91d9 100644
--- a/docs/getting_started/porting-guide.rst
+++ b/docs/getting_started/porting-guide.rst
@@ -23,8 +23,8 @@
discusses these in detail. The subsequent sections discuss the remaining
modifications for each BL stage in detail.
-Please refer to the :ref:`Platform Compatibility Policy` for the policy
-regarding compatibility and deprecation of these porting interfaces.
+Please refer to the :ref:`Platform Ports Policy` for the policy regarding
+compatibility and deprecation of these porting interfaces.
Only Arm development platforms (such as FVP and Juno) may use the
functions/definitions in ``include/plat/arm/common/`` and the corresponding
@@ -2468,7 +2468,7 @@
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This value must be defined to the UUID of the TRNG backend that is specific to
-the hardware after ``plat_trng_setup`` function is called. This value must
+the hardware after ``plat_entropy_setup`` function is called. This value must
conform to the SMCCC calling convention; The most significant 32 bits of the
UUID must not equal ``0xffffffff`` or the signed integer ``-1`` as this value in
w0 indicates failure to get a TRNG source.
diff --git a/docs/getting_started/prerequisites.rst b/docs/getting_started/prerequisites.rst
index 65a66b6..9496576 100644
--- a/docs/getting_started/prerequisites.rst
+++ b/docs/getting_started/prerequisites.rst
@@ -104,14 +104,15 @@
sudo apt install device-tree-compiler
-Additionally, to install an up-to-date version of Node.js, you can use the `Node
-Version Manager`_ to install a version of your choosing (we recommend 16, but
-later LTS versions might offer a more stable experience):
+Additionally, to install a version of Node.js compatible with TF-A's repository
+scripts, you can use the `Node Version Manager`_. To install both NVM and an
+appropriate version of Node.js, run the following **from the root directory of
+the repository**:
.. code:: shell
- curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | "$SHELL"
- exec "$SHELL" -ic "nvm install 16; exec $SHELL"
+ curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
+ exec "$SHELL" -ic "nvm install; exec $SHELL"
.. _Node Version Manager: https://github.com/nvm-sh/nvm#install--update-script
diff --git a/docs/plat/deprecated.rst b/docs/plat/deprecated.rst
deleted file mode 100644
index 557454c..0000000
--- a/docs/plat/deprecated.rst
+++ /dev/null
@@ -1,24 +0,0 @@
-Deprecated platforms
-====================
-
-Process of deprecating a platform
----------------------------------
-
-Platform can be deprecated and its source can be kept in repository for a cooling
-off period before deleting it or it can be deleted straight away. For later types
-Deprecated/Deleted version would be same.
-
-List of deprecated platforms
-----------------------------
-
-+----------------+----------------+--------------------+--------------------+
-| Platform | Vendor | Deprecated version | Deleted version |
-+================+================+====================+====================+
-| sgm775 | Arm | 2.5 | 2.7 |
-+----------------+----------------+--------------------+--------------------+
-| mt6795 | MTK | 2.5 | 2.7 |
-+----------------+----------------+--------------------+--------------------+
-| sgi575 | Arm | 2.8 | 3.0 |
-+----------------+----------------+--------------------+--------------------+
-| rdn1edge | Arm | 2.8 | 3.0 |
-+----------------+----------------+--------------------+--------------------+
diff --git a/docs/plat/index.rst b/docs/plat/index.rst
index 28b1787..f1b97f8 100644
--- a/docs/plat/index.rst
+++ b/docs/plat/index.rst
@@ -9,7 +9,6 @@
allwinner
arm/index
- deprecated
meson-axg
meson-gxbb
meson-gxl
@@ -59,10 +58,24 @@
- Arm Neoverse N1 System Development Platform (N1SDP)
- Arm Neoverse Reference Design N1 Edge (RD-N1-Edge) FVP
- Arm Neoverse Reference Design E1 Edge (RD-E1-Edge) FVP
- - Arm SGI-575 and SGM-775
- - MediaTek MT6795 and MT8173 SoCs
- - Arm Morello Platform
+ - Arm SGI-575
+ - MediaTek MT8173 SoCs
+
+Deprecated platforms
+--------------------
+
++----------------+----------------+--------------------+--------------------+
+| Platform | Vendor | Deprecated version | Deleted version |
++================+================+====================+====================+
+| sgm775 | Arm | 2.5 | 2.7 |
++----------------+----------------+--------------------+--------------------+
+| mt6795 | MTK | 2.5 | 2.7 |
++----------------+----------------+--------------------+--------------------+
+| sgi575 | Arm | 2.8 | 3.0 |
++----------------+----------------+--------------------+--------------------+
+| rdn1edge | Arm | 2.8 | 3.0 |
++----------------+----------------+--------------------+--------------------+
--------------
-*Copyright (c) 2019-2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2022, Arm Limited. All rights reserved.*
diff --git a/docs/process/commit-style.rst b/docs/process/commit-style.rst
index de899ab..d7e937b 100644
--- a/docs/process/commit-style.rst
+++ b/docs/process/commit-style.rst
@@ -96,36 +96,25 @@
Adding Scopes
-------------
-Scopes that are either a) unblessed in the configuration file, or b) do not
-exist in the configuration file at all are considered to be deprecated. If you
-are adding a new component that does not yet have a designated scope, please
-feel free to add one.
+Scopes that are not present in the changelog configuration file are considered
+to be deprecated, and should be avoided. If you are adding a new component that
+does not yet have a designated scope, please add one.
For example, if you are adding or making modifications to `Foo`'s latest and
-greatest new platform `Bar`, you would add it to the `Platforms` changelog
-section, and the hierarchy should look something like this:
+greatest new platform `Bar` then you would add it to the `Platforms` changelog
+sub-section, and the hierarchy should look something like this:
-.. code:: json
+.. code:: yaml
- {
- "sections": [
- {
- "title": "Platforms",
- "sections": [
- {
- "title": "Foo",
- "scopes": ["foo"],
- "sections": [
- {
- "title": "Bar",
- "scopes": ["bar"]
- }
- ]
- }
- ]
- }
- ]
- }
+ - title: Platforms
+
+ subsections:
+ - title: Foo
+ scope: foo
+
+ subsections:
+ - title: Bar
+ scope: bar
When creating new scopes, try to keep them short and succinct, and use kebab
case (``this-is-kebab-case``). Components with a product name (i.e. most
@@ -138,7 +127,9 @@
Commits are expected to be signed off with the ``Signed-off-by:`` trailer using
your real name and email address. You can do this automatically by committing
-with Git's ``-s`` flag.
+with Git's ``-s`` flag. By adding this line the contributor certifies the
+contribution is made under the terms of the :download:`Developer Certificate of
+Origin <../../dco.txt>`.
There may be multiple ``Signed-off-by:`` lines depending on the history of the
patch, but one **must** be the committer. More details may be found in the
diff --git a/docs/process/index.rst b/docs/process/index.rst
index bba2b40..422ab28 100644
--- a/docs/process/index.rst
+++ b/docs/process/index.rst
@@ -7,7 +7,7 @@
:numbered:
security
- platform-compatibility-policy
+ platform-ports-policy
commit-style
coding-style
coding-guidelines
diff --git a/docs/process/platform-compatibility-policy.rst b/docs/process/platform-ports-policy.rst
similarity index 63%
rename from docs/process/platform-compatibility-policy.rst
rename to docs/process/platform-ports-policy.rst
index a10236c..7983749 100644
--- a/docs/process/platform-compatibility-policy.rst
+++ b/docs/process/platform-ports-policy.rst
@@ -1,11 +1,8 @@
-Platform Compatibility Policy
-=============================
+Platform Ports Policy
+=====================
-Introduction
-------------
-
-This document clarifies the project's policy around compatibility for upstream
-platforms.
+This document clarifies a couple of policy points around platform ports
+management.
Platform compatibility policy
-----------------------------
@@ -29,6 +26,24 @@
deprecated interfaces. Platforms are expected to migrate before the removal of
the deprecated interface.
+Platform deprecation policy
+---------------------------
+
+If a platform is no longer maintained, it is best to deprecate it to keep the
+projects' source tree clean and healthy. Deprecation can be a 1-stage or 2-stage
+process (up to the platform maintainers).
+
+ - *2-stage*: The platform's source code can be kept in the repository for a
+ cooling off period before deleting it (typically 2 release cycles). In this
+ case, we keep track ot the *Deprecated* version separately from the *Deleted*
+ version.
+
+ - *1-stage*: The platform's source code can be deleted straight away. In this
+ case, both versions are the same.
+
+The :ref:`Platform Ports` page provides a list of all deprecated/deleted
+platform ports (or soon to be) to this day.
+
--------------
*Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/security_advisories/security-advisory-tfv-9.rst b/docs/security_advisories/security-advisory-tfv-9.rst
index 08bfdc4..d73e74b 100644
--- a/docs/security_advisories/security-advisory-tfv-9.rst
+++ b/docs/security_advisories/security-advisory-tfv-9.rst
@@ -75,7 +75,7 @@
+----------------------+
| Cortex-A710 |
+----------------------+
-| Cortex-Makalu |
+| Cortex-A715 |
+----------------------+
| Cortex-Hunter |
+----------------------+
@@ -99,7 +99,9 @@
Convention specification`_ for more details.
`Gerrit topic #spectre_bhb`_ This patchset implements the Spectre-BHB loop
-workaround for CPUs mentioned in the above table. It also mitigates against
+workaround for CPUs mentioned in the above table. For CPUs supporting
+speculative barrier instruction, the loop workaround is optimised by using SB
+in place of the common DSB and ISB sequence. It also mitigates against
this vulnerability for Cortex-A72 CPU versions that support the CSV2 feature
(from r1p0). The patch stack also includes an implementation for a specified
`CVE-2022-23960`_ workaround SMC(``SMCCC_ARCH_WORKAROUND_3``) for use by normal
diff --git a/drivers/arm/rss/rss_comms.mk b/drivers/arm/rss/rss_comms.mk
index 8f19a0b..c1c994b 100644
--- a/drivers/arm/rss/rss_comms.mk
+++ b/drivers/arm/rss/rss_comms.mk
@@ -4,6 +4,8 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+$(warning "RSS driver is an experimental feature")
+
RSS_COMMS_SOURCES := $(addprefix drivers/arm/rss/, \
rss_comms.c \
rss_comms_protocol.c \
diff --git a/include/lib/smccc.h b/include/lib/smccc.h
index 9940ea9..cce91af 100644
--- a/include/lib/smccc.h
+++ b/include/lib/smccc.h
@@ -37,6 +37,10 @@
#define FUNCID_OEN_MASK U(0x3f)
#define FUNCID_OEN_WIDTH U(6)
+#define FUNCID_SVE_HINT_SHIFT U(16)
+#define FUNCID_SVE_HINT_MASK U(1)
+#define FUNCID_SVE_HINT_WIDTH U(1)
+
#define FUNCID_NUM_SHIFT U(0)
#define FUNCID_NUM_MASK U(0xffff)
#define FUNCID_NUM_WIDTH U(16)
@@ -122,6 +126,12 @@
* 0 0 SMC_FROM_SECURE
* 0 1 SMC_FROM_NON_SECURE
* 1 1 SMC_FROM_REALM
+ *
+ * Bit 16 of flags records the caller's SMC
+ * SVE hint bit according to SMCCCv1.3.
+ * It can be consumed by dispatchers using
+ * is_sve_hint_set macro.
+ *
*/
#define SMC_FROM_SECURE (U(0) << 0)
@@ -148,6 +158,9 @@
#define is_caller_secure(_f) (!is_caller_non_secure(_f))
#endif /* ENABLE_RME */
+#define is_sve_hint_set(_f) (((_f) & (FUNCID_SVE_HINT_MASK \
+ << FUNCID_SVE_HINT_SHIFT)) != U(0))
+
/* The macro below is used to identify a Standard Service SMC call */
#define is_std_svc_call(_fid) (GET_SMC_OEN(_fid) == OEN_STD_START)
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index c90441c..c7b7908 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -16,10 +16,10 @@
#if ENABLE_RME
#include <services/rmm_core_manifest.h>
#endif
+#include <drivers/fwu/fwu_metadata.h>
#if TRNG_SUPPORT
#include "plat_trng.h"
-#endif
-#include <drivers/fwu/fwu_metadata.h>
+#endif /* TRNG_SUPPORT */
#if DRTM_SUPPORT
#include "plat_drtm.h"
#endif /* DRTM_SUPPORT */
diff --git a/include/services/trng_svc.h b/include/services/trng_svc.h
index ed4d557..92417c2 100644
--- a/include/services/trng_svc.h
+++ b/include/services/trng_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, ARM Limited. All rights reserved.
+ * Copyright (c) 2021-2022, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -17,7 +17,7 @@
#define ARM_TRNG_FEATURES U(0x84000051)
#define ARM_TRNG_GET_UUID U(0x84000052)
#define ARM_TRNG_RND32 U(0x84000053)
-#define ARM_TRNG_RND64 U(0xc4000053)
+#define ARM_TRNG_RND64 U(0xC4000053)
/* TRNG version numbers */
#define TRNG_VERSION_MAJOR (0x1)
@@ -30,19 +30,17 @@
#define TRNG_E_NO_ENTROPY (-3)
#define TRNG_E_NOT_IMPLEMENTED (-4)
-#if TRNG_SUPPORT
+/* TRNG Entropy Bit Numbers */
+#define TRNG_RND32_ENTROPY_MAXBITS (96U)
+#define TRNG_RND64_ENTROPY_MAXBITS (192U)
+
+/* Public API to perform the initial TRNG entropy setup */
void trng_setup(void);
+
+/* Public API to verify function id is part of TRNG */
bool is_trng_fid(uint32_t smc_fid);
-#else
-static inline void trng_setup(void)
-{
-}
-static inline bool is_trng_fid(uint32_t smc_fid)
-{
- return false;
-}
-#endif
+/* Handler to be called to handle TRNG smc calls */
uintptr_t trng_smc_handler(
uint32_t smc_fid,
u_register_t x1,
diff --git a/lib/cpus/aarch64/cortex_a76.S b/lib/cpus/aarch64/cortex_a76.S
index 6d4017a..36507de 100644
--- a/lib/cpus/aarch64/cortex_a76.S
+++ b/lib/cpus/aarch64/cortex_a76.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -586,6 +586,30 @@
b cpu_rev_var_range
endfunc check_errata_1946160
+ /* ----------------------------------------------------
+ * Errata Workaround for Cortex-A76 Errata #2743102
+ * This applies to revisions <= r4p1 and is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * ----------------------------------------------------
+ */
+func errata_a76_2743102_wa
+ mov x17, x30
+ bl check_errata_2743102
+ cbz x0, 1f
+
+ /* dsb before isb of power down sequence */
+ dsb sy
+1:
+ ret x17
+endfunc errata_a76_2743102_wa
+
+func check_errata_2743102
+ /* Applies to all revisions <= r4p1 */
+ mov x1, #0x41
+ b cpu_rev_var_ls
+endfunc check_errata_2743102
+
func check_errata_cve_2018_3639
#if WORKAROUND_CVE_2018_3639
mov x0, #ERRATA_APPLIES
@@ -748,6 +772,12 @@
mrs x0, CORTEX_A76_CPUPWRCTLR_EL1
orr x0, x0, #CORTEX_A76_CORE_PWRDN_EN_MASK
msr CORTEX_A76_CPUPWRCTLR_EL1, x0
+#if ERRATA_A76_2743102
+ mov x15, x30
+ bl cpu_get_rev_var
+ bl errata_a76_2743102_wa
+ mov x30, x15
+#endif /* ERRATA_A76_2743102 */
isb
ret
endfunc cortex_a76_core_pwr_dwn
@@ -768,6 +798,7 @@
*/
report_errata ERRATA_A76_1073348, cortex_a76, 1073348
report_errata ERRATA_A76_1130799, cortex_a76, 1130799
+ report_errata ERRATA_A76_1165522, cortex_a76, 1165522
report_errata ERRATA_A76_1220197, cortex_a76, 1220197
report_errata ERRATA_A76_1257314, cortex_a76, 1257314
report_errata ERRATA_A76_1262606, cortex_a76, 1262606
@@ -775,9 +806,9 @@
report_errata ERRATA_A76_1275112, cortex_a76, 1275112
report_errata ERRATA_A76_1286807, cortex_a76, 1286807
report_errata ERRATA_A76_1791580, cortex_a76, 1791580
- report_errata ERRATA_A76_1165522, cortex_a76, 1165522
report_errata ERRATA_A76_1868343, cortex_a76, 1868343
report_errata ERRATA_A76_1946160, cortex_a76, 1946160
+ report_errata ERRATA_A76_2743102, cortex_a76, 2743102
report_errata WORKAROUND_CVE_2018_3639, cortex_a76, cve_2018_3639
report_errata ERRATA_DSU_798953, cortex_a76, dsu_798953
report_errata ERRATA_DSU_936184, cortex_a76, dsu_936184
diff --git a/lib/cpus/aarch64/neoverse_n1.S b/lib/cpus/aarch64/neoverse_n1.S
index b75b0c1..ec62519 100644
--- a/lib/cpus/aarch64/neoverse_n1.S
+++ b/lib/cpus/aarch64/neoverse_n1.S
@@ -468,6 +468,30 @@
b cpu_rev_var_range
endfunc check_errata_1946160
+ /* ----------------------------------------------------
+ * Errata Workaround for Neoverse N1 Errata #2743102
+ * This applies to revisions <= r4p1 and is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * ----------------------------------------------------
+ */
+func errata_n1_2743102_wa
+ mov x17, x30
+ bl check_errata_2743102
+ cbz x0, 1f
+
+ /* dsb before isb of power down sequence */
+ dsb sy
+1:
+ ret x17
+endfunc errata_n1_2743102_wa
+
+func check_errata_2743102
+ /* Applies to all revisions <= r4p1 */
+ mov x1, #0x41
+ b cpu_rev_var_ls
+endfunc check_errata_2743102
+
func check_errata_cve_2022_23960
#if WORKAROUND_CVE_2022_23960
mov x0, #ERRATA_APPLIES
@@ -613,6 +637,12 @@
mrs x0, NEOVERSE_N1_CPUPWRCTLR_EL1
orr x0, x0, #NEOVERSE_N1_CORE_PWRDN_EN_MASK
msr NEOVERSE_N1_CPUPWRCTLR_EL1, x0
+#if ERRATA_N1_2743102
+ mov x15, x30
+ bl cpu_get_rev_var
+ bl errata_n1_2743102_wa
+ mov x30, x15
+#endif /* ERRATA_N1_2743102 */
isb
ret
endfunc neoverse_n1_core_pwr_dwn
@@ -645,6 +675,7 @@
report_errata ERRATA_N1_1542419, neoverse_n1, 1542419
report_errata ERRATA_N1_1868343, neoverse_n1, 1868343
report_errata ERRATA_N1_1946160, neoverse_n1, 1946160
+ report_errata ERRATA_N1_2743102, neoverse_n1, 2743102
report_errata ERRATA_DSU_936184, neoverse_n1, dsu_936184
report_errata WORKAROUND_CVE_2022_23960, neoverse_n1, cve_2022_23960
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index b4421dd..eb6d20f 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -287,6 +287,10 @@
# only to revisions r3p0 - r4p1 of the Cortex A76 cpu.
ERRATA_A76_1946160 ?=0
+# Flag to apply erratum 2743102 workaround during powerdown. This erratum
+# applies to all revisions <= r4p1 of the Cortex A76 cpu and is still open.
+ERRATA_A76_2743102 ?=0
+
# Flag to apply erratum 1508412 workaround during reset. This erratum applies
# only to revision <= r1p0 of the Cortex A77 cpu.
ERRATA_A77_1508412 ?=0
@@ -450,6 +454,10 @@
# exists in revisions r0p0, r1p0, and r2p0 as well but there is no workaround.
ERRATA_N1_1946160 ?=0
+# Flag to apply erratum 2743102 workaround during powerdown. This erratum
+# applies to all revisions <= r4p1 of the Neoverse N1 cpu and is still open.
+ERRATA_N1_2743102 ?=0
+
# Flag to apply erratum 2002655 workaround during reset. This erratum applies
# to revisions r0p0 of the Neoverse-N2 cpu, it is still open.
ERRATA_N2_2002655 ?=0
@@ -912,6 +920,10 @@
$(eval $(call assert_boolean,ERRATA_A76_1946160))
$(eval $(call add_define,ERRATA_A76_1946160))
+# Process ERRATA_A76_2743102 flag
+$(eval $(call assert_boolean,ERRATA_A76_2743102))
+$(eval $(call add_define,ERRATA_A76_2743102))
+
# Process ERRATA_A77_1508412 flag
$(eval $(call assert_boolean,ERRATA_A77_1508412))
$(eval $(call add_define,ERRATA_A77_1508412))
@@ -1072,6 +1084,10 @@
$(eval $(call assert_boolean,ERRATA_N1_1946160))
$(eval $(call add_define,ERRATA_N1_1946160))
+# Process ERRATA_N1_2743102 flag
+$(eval $(call assert_boolean,ERRATA_N1_2743102))
+$(eval $(call add_define,ERRATA_N1_2743102))
+#
# Process ERRATA_N2_2002655 flag
$(eval $(call assert_boolean,ERRATA_N2_2002655))
$(eval $(call add_define,ERRATA_N2_2002655))
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 65ceb7f..772b28d 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -270,7 +270,7 @@
# Software Delegated Exception support
SDEI_SUPPORT := 0
-# True Random Number firmware Interface
+# True Random Number firmware Interface support
TRNG_SUPPORT := 0
# SMCCC PCI support
diff --git a/plat/arm/board/rdn2/platform.mk b/plat/arm/board/rdn2/platform.mk
index 9728a08..7492fe5 100644
--- a/plat/arm/board/rdn2/platform.mk
+++ b/plat/arm/board/rdn2/platform.mk
@@ -18,6 +18,7 @@
# RD-N2 platform uses GIC-700 which is based on GICv4.1
GIC_ENABLE_V4_EXTN := 1
+GIC_EXT_INTID := 1
#Enable GIC Multichip Extension only for Multichip Platforms
ifeq (${CSS_SGI_PLATFORM_VARIANT}, 2)
diff --git a/plat/arm/board/rdn2/rdn2_plat.c b/plat/arm/board/rdn2/rdn2_plat.c
index 8cf1929..2506f9d 100644
--- a/plat/arm/board/rdn2/rdn2_plat.c
+++ b/plat/arm/board/rdn2/rdn2_plat.c
@@ -47,15 +47,15 @@
#endif
},
.spi_ids = {
- {32, 479},
+ {32, 511},
#if CSS_SGI_CHIP_COUNT > 1
- {0, 0},
+ {512, 991},
#endif
#if CSS_SGI_CHIP_COUNT > 2
- {0, 0},
+ {4096, 4575},
#endif
#if CSS_SGI_CHIP_COUNT > 3
- {0, 0},
+ {4576, 5055},
#endif
}
};
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 682a278..7162ce9 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -195,8 +195,10 @@
# Enable CRC instructions via extension for ARMv8-A CPUs.
# For ARMv8.1-A, and onwards CRC instructions are default enabled.
# Enable HW computed CRC support unconditionally in BL2 component.
-ifeq (${ARM_ARCH_MINOR},0)
- BL2_CPPFLAGS += -march=armv8-a+crc
+ifeq (${ARM_ARCH_MAJOR},8)
+ ifeq (${ARM_ARCH_MINOR},0)
+ BL2_CPPFLAGS += -march=armv8-a+crc
+ endif
endif
ifeq ($(PSA_FWU_SUPPORT),1)
diff --git a/plat/xilinx/versal_net/bl31_versal_net_setup.c b/plat/xilinx/versal_net/bl31_versal_net_setup.c
index 97080e9..c9942d6 100644
--- a/plat/xilinx/versal_net/bl31_versal_net_setup.c
+++ b/plat/xilinx/versal_net/bl31_versal_net_setup.c
@@ -88,6 +88,9 @@
uart_clock = 25000000;
break;
case VERSAL_NET_SILICON:
+ cpu_clock = 100000000;
+ uart_clock = 100000000;
+ break;
default:
panic();
}
diff --git a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
index 1da2efc..89d7b31 100644
--- a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
+++ b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
@@ -72,13 +72,23 @@
{
struct spmc_shmem_obj *obj;
size_t free = state->data_size - state->allocated;
+ size_t obj_size;
if (state->data == NULL) {
ERROR("Missing shmem datastore!\n");
return NULL;
}
- if (spmc_shmem_obj_size(desc_size) > free) {
+ obj_size = spmc_shmem_obj_size(desc_size);
+
+ /* Ensure the obj size has not overflowed. */
+ if (obj_size < desc_size) {
+ WARN("%s(0x%zx) desc_size overflow\n",
+ __func__, desc_size);
+ return NULL;
+ }
+
+ if (obj_size > free) {
WARN("%s(0x%zx) failed, free 0x%zx\n",
__func__, desc_size, free);
return NULL;
@@ -88,7 +98,7 @@
obj->desc_size = desc_size;
obj->desc_filled = 0;
obj->in_use = 0;
- state->allocated += spmc_shmem_obj_size(desc_size);
+ state->allocated += obj_size;
return obj;
}
@@ -330,10 +340,9 @@
PAGE_SIZE_4KB;
region2_end = region2_start + region2_size;
- if ((region1_start >= region2_start &&
- region1_start < region2_end) ||
- (region1_end > region2_start
- && region1_end < region2_end)) {
+ /* Check if regions are not overlapping. */
+ if (!((region2_end <= region1_start) ||
+ (region1_end <= region2_start))) {
WARN("Overlapping mem regions 0x%lx-0x%lx & 0x%lx-0x%lx\n",
region1_start, region1_end,
region2_start, region2_end);
@@ -886,9 +895,6 @@
goto err_arg;
}
- memcpy((uint8_t *)&obj->desc + obj->desc_filled,
- (uint8_t *) mbox->tx_buffer, fragment_length);
-
if (fragment_length > obj->desc_size - obj->desc_filled) {
WARN("%s: bad fragment size %u > %zu remaining\n", __func__,
fragment_length, obj->desc_size - obj->desc_filled);
@@ -896,6 +902,9 @@
goto err_arg;
}
+ memcpy((uint8_t *)&obj->desc + obj->desc_filled,
+ (uint8_t *) mbox->tx_buffer, fragment_length);
+
/* Ensure that the sender ID resides in the normal world. */
if (ffa_is_secure_world_id(obj->desc.sender_id)) {
WARN("%s: Invalid sender ID 0x%x.\n",
@@ -1828,6 +1837,13 @@
goto err_unlock;
}
+ if (obj->desc_filled != obj->desc_size) {
+ WARN("%s: incomplete object desc filled %zu < size %zu\n",
+ __func__, obj->desc_filled, obj->desc_size);
+ ret = FFA_ERROR_INVALID_PARAMETER;
+ goto err_unlock;
+ }
+
/* Allow for platform specific operations to be performed. */
ret = plat_spmc_shmem_reclaim(&obj->desc);
if (ret != 0) {
diff --git a/services/std_svc/std_svc_setup.c b/services/std_svc/std_svc_setup.c
index 08d16e2..2884a3b 100644
--- a/services/std_svc/std_svc_setup.c
+++ b/services/std_svc/std_svc_setup.c
@@ -74,7 +74,10 @@
sdei_init();
#endif
+#if TRNG_SUPPORT
+ /* TRNG initialisation */
trng_setup();
+#endif /* TRNG_SUPPORT */
#if DRTM_SUPPORT
if (drtm_setup() != 0) {
@@ -172,7 +175,8 @@
return trng_smc_handler(smc_fid, x1, x2, x3, x4, cookie, handle,
flags);
}
-#endif
+#endif /* TRNG_SUPPORT */
+
#if ENABLE_RME
if (is_rmmd_el3_fid(smc_fid)) {
diff --git a/services/std_svc/trng/trng_entropy_pool.c b/services/std_svc/trng/trng_entropy_pool.c
index ac13b1d..30105b3 100644
--- a/services/std_svc/trng/trng_entropy_pool.c
+++ b/services/std_svc/trng/trng_entropy_pool.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, ARM Limited. All rights reserved.
+ * Copyright (c) 2021-2022, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -18,7 +18,7 @@
* 192 bits of entropy, we don't have to throw out the leftover 1-63 bits of
* entropy.
*/
-#define WORDS_IN_POOL (4)
+#define WORDS_IN_POOL (4)
static uint64_t entropy[WORDS_IN_POOL];
/* index in bits of the first bit of usable entropy */
static uint32_t entropy_bit_index;
@@ -27,14 +27,14 @@
static spinlock_t trng_pool_lock;
-#define BITS_PER_WORD (sizeof(entropy[0]) * 8)
-#define BITS_IN_POOL (WORDS_IN_POOL * BITS_PER_WORD)
-#define ENTROPY_MIN_WORD (entropy_bit_index / BITS_PER_WORD)
-#define ENTROPY_FREE_BIT (entropy_bit_size + entropy_bit_index)
-#define _ENTROPY_FREE_WORD (ENTROPY_FREE_BIT / BITS_PER_WORD)
-#define ENTROPY_FREE_INDEX (_ENTROPY_FREE_WORD % WORDS_IN_POOL)
+#define BITS_PER_WORD (sizeof(entropy[0]) * 8)
+#define BITS_IN_POOL (WORDS_IN_POOL * BITS_PER_WORD)
+#define ENTROPY_MIN_WORD (entropy_bit_index / BITS_PER_WORD)
+#define ENTROPY_FREE_BIT (entropy_bit_size + entropy_bit_index)
+#define _ENTROPY_FREE_WORD (ENTROPY_FREE_BIT / BITS_PER_WORD)
+#define ENTROPY_FREE_INDEX (_ENTROPY_FREE_WORD % WORDS_IN_POOL)
/* ENTROPY_WORD_INDEX(0) includes leftover bits in the lower bits */
-#define ENTROPY_WORD_INDEX(i) ((ENTROPY_MIN_WORD + i) % WORDS_IN_POOL)
+#define ENTROPY_WORD_INDEX(i) ((ENTROPY_MIN_WORD + i) % WORDS_IN_POOL)
/*
* Fill the entropy pool until we have at least as many bits as requested.
@@ -65,12 +65,12 @@
*/
bool trng_pack_entropy(uint32_t nbits, uint64_t *out)
{
- bool success = true;
+ bool ret = true;
spin_lock(&trng_pool_lock);
if (!trng_fill_entropy(nbits)) {
- success = false;
+ ret = false;
goto out;
}
@@ -82,9 +82,8 @@
for (word_i = 0; word_i < to_fill; word_i++) {
/*
* Repack the entropy from the pool into the passed in out
- * buffer. This takes the lower bits from the valid upper bits
- * of word_i and the upper bits from the lower bits of
- * (word_i + 1).
+ * buffer. This takes lesser bits from the valid upper bits
+ * of word_i and more bits from the lower bits of (word_i + 1).
*
* I found the following diagram useful. note: `e` represents
* valid entropy, ` ` represents invalid bits (not entropy) and
@@ -136,7 +135,7 @@
out:
spin_unlock(&trng_pool_lock);
- return success;
+ return ret;
}
void trng_entropy_pool_setup(void)
diff --git a/services/std_svc/trng/trng_main.c b/services/std_svc/trng/trng_main.c
index 38aa649..90098a8 100644
--- a/services/std_svc/trng/trng_main.c
+++ b/services/std_svc/trng/trng_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -23,9 +23,9 @@
static uintptr_t trng_rnd32(uint32_t nbits, void *handle)
{
uint32_t mask = ~0U;
- uint64_t ent[2];
+ uint64_t ent[2] = {0};
- if (nbits == 0U || nbits > 96U) {
+ if (nbits == 0U || nbits > TRNG_RND32_ENTROPY_MAXBITS) {
SMC_RET1(handle, TRNG_E_INVALID_PARAMS);
}
@@ -59,9 +59,9 @@
static uintptr_t trng_rnd64(uint32_t nbits, void *handle)
{
uint64_t mask = ~0ULL;
- uint64_t ent[3];
+ uint64_t ent[3] = {0};
- if (nbits == 0U || nbits > 192U) {
+ if (nbits == 0U || nbits > TRNG_RND64_ENTROPY_MAXBITS) {
SMC_RET1(handle, TRNG_E_INVALID_PARAMS);
}
@@ -117,9 +117,9 @@
switch (smc_fid) {
case ARM_TRNG_VERSION:
SMC_RET1(handle, MAKE_SMCCC_VERSION(
- TRNG_VERSION_MAJOR, TRNG_VERSION_MINOR
- ));
+ TRNG_VERSION_MAJOR, TRNG_VERSION_MINOR));
break; /* unreachable */
+
case ARM_TRNG_FEATURES:
if (is_trng_fid((uint32_t)x1)) {
SMC_RET1(handle, TRNG_E_SUCCESS);
@@ -127,16 +127,19 @@
SMC_RET1(handle, TRNG_E_NOT_SUPPORTED);
}
break; /* unreachable */
+
case ARM_TRNG_GET_UUID:
SMC_UUID_RET(handle, plat_trng_uuid);
break; /* unreachable */
+
case ARM_TRNG_RND32:
return trng_rnd32((uint32_t)x1, handle);
+
case ARM_TRNG_RND64:
return trng_rnd64((uint32_t)x1, handle);
+
default:
- WARN("Unimplemented TRNG Service Call: 0x%x\n",
- smc_fid);
+ WARN("Unimplemented TRNG Service Call: 0x%x\n", smc_fid);
SMC_RET1(handle, TRNG_E_NOT_IMPLEMENTED);
break; /* unreachable */
}