Merge "refactor(security): add OpenSSL 1.x compatibility" into integration
diff --git a/Makefile b/Makefile
index b8076f1..c1c709d 100644
--- a/Makefile
+++ b/Makefile
@@ -715,8 +715,8 @@
# For RAS_EXTENSION, require that EAs are handled in EL3 first
ifeq ($(RAS_EXTENSION),1)
- ifneq ($(HANDLE_EA_EL3_FIRST),1)
- $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST must also be 1)
+ ifneq ($(HANDLE_EA_EL3_FIRST_NS),1)
+ $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST_NS must also be 1)
endif
endif
@@ -1033,7 +1033,7 @@
FAULT_INJECTION_SUPPORT \
GENERATE_COT \
GICV2_G0_FOR_EL3 \
- HANDLE_EA_EL3_FIRST \
+ HANDLE_EA_EL3_FIRST_NS \
HW_ASSISTED_COHERENCY \
INVERTED_MEMMAP \
MEASURED_BOOT \
@@ -1079,6 +1079,8 @@
ENABLE_MPMM_FCONF \
SIMICS_BUILD \
FEATURE_DETECTION \
+ TRNG_SUPPORT \
+ CONDITIONAL_CMO \
)))
$(eval $(call assert_numerics,\
@@ -1172,7 +1174,7 @@
ERROR_DEPRECATED \
FAULT_INJECTION_SUPPORT \
GICV2_G0_FOR_EL3 \
- HANDLE_EA_EL3_FIRST \
+ HANDLE_EA_EL3_FIRST_NS \
HW_ASSISTED_COHERENCY \
LOG_LEVEL \
MEASURED_BOOT \
@@ -1240,6 +1242,7 @@
FEATURE_DETECTION \
TWED_DELAY \
ENABLE_FEAT_TWED \
+ CONDITIONAL_CMO \
)))
ifeq (${SANITIZE_UB},trap)
diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S
index 5e53ab4..dbb3234 100644
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@@ -195,23 +195,30 @@
*/
func delegate_async_ea
#if RAS_EXTENSION
+ /* Check Exception Class to ensure SError, as this function should
+ * only be invoked for SError. If that is not the case, which implies
+ * either an HW error or programming error, panic.
+ */
+ ubfx x2, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH
+ cmp x2, EC_SERROR
+ b.ne do_panic
/*
* Check for Implementation Defined Syndrome. If so, skip checking
* Uncontainable error type from the syndrome as the format is unknown.
*/
tbnz x1, #SERROR_IDS_BIT, 1f
+ /* AET only valid when DFSC is 0x11 */
+ ubfx x2, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH
+ cmp x2, #DFSC_SERROR
+ b.ne 1f
+
/*
* Check for Uncontainable error type. If so, route to the platform
* fatal error handler rather than the generic EA one.
*/
- ubfx x2, x1, #EABORT_AET_SHIFT, #EABORT_AET_WIDTH
- cmp x2, #ERROR_STATUS_UET_UC
- b.ne 1f
-
- /* Check DFSC for SError type */
- ubfx x3, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH
- cmp x3, #DFSC_SERROR
+ ubfx x3, x1, #EABORT_AET_SHIFT, #EABORT_AET_WIDTH
+ cmp x3, #ERROR_STATUS_UET_UC
b.ne 1f
no_ret plat_handle_uncontainable_ea
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index bf5bd8d..0283553 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -512,7 +512,7 @@
/*
* Shift copied SCR_EL3.NSE bit by 5 to create space for
- * SCR_EL3.NS bit. Bit 5 of the flag correspondes to
+ * SCR_EL3.NS bit. Bit 5 of the flag corresponds to
* the SCR_EL3.NSE bit.
*/
lsl x7, x7, #5
@@ -521,6 +521,16 @@
/* Copy SCR_EL3.NS bit to the flag to indicate caller's security */
bfi x7, x18, #0, #1
+ /*
+ * Per SMCCCv1.3 a caller can set the SVE hint bit in the SMC FID
+ * passed through x0. Copy the SVE hint bit to flags and mask the
+ * bit in smc_fid passed to the standard service dispatcher.
+ * A service/dispatcher can retrieve the SVE hint bit state from
+ * flags using the appropriate helper.
+ */
+ bfi x7, x0, #FUNCID_SVE_HINT_SHIFT, #FUNCID_SVE_HINT_MASK
+ bic x0, x0, #(FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT)
+
mov sp, x12
/* Get the unique owning entity number */
diff --git a/changelog.yaml b/changelog.yaml
index 8fcb217..cfb2bb5 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -89,18 +89,42 @@
- title: Activity Monitors Extension (FEAT_AMU)
scope: amu
+ - title: Branch Record Buffer Extension (FEAT_BRBE)
+ scope: brbe
+
+ - title: Branch Target Identification Extension
+ scope: bti
+
- title: Confidential Compute Architecture (CCA)
scope: cca
+ - title: Extended Cache Index (FEAT_CCIDX)
+ scope: ccidx
+
- title: Support for the `HCRX_EL2` register (FEAT_HCX)
scope: hcx
- title: Memory Partitioning and Monitoring (MPAM) Extension (FEAT_MPAM)
scope: mpam
+ - title: Memory Tagging Extension
+ scope: mte
+
+ - title: Pointer Authentication Extension
+ scope: pauth
+
+ - title: Performance Monitors Extension (FEAT_PMUv3)
+ scope: pmu
+
+ - title: Trapping support for RNDR/RNDRRS (FEAT_RNG_TRAP)
+ scope: rng-trap
+
- title: Scalable Matrix Extension (FEAT_SME)
scope: sme
+ - title: Statistical profiling Extension (FEAT_SPE)
+ scope: spe
+
- title: Scalable Vector Extension (FEAT_SVE)
scope: sve
@@ -116,21 +140,6 @@
- title: Self-hosted Trace Extensions (FEAT_TRF)
scope: trf
- - title: Statistical profiling Extension (FEAT_SPE)
- scope: spe
-
- - title: Branch Record Buffer Extension (FEAT_BRBE)
- scope: brbe
-
- - title: Extended Cache Index (FEAT_CCIDX)
- scope: ccidx
-
- - title: Trapping support for RNDR/RNDRRS (FEAT_RNG_TRAP)
- scope: rng-trap
-
- - title: Performance Monitors Extension (FEAT_PMUv3)
- scope: pmu
-
- title: Platforms
subsections:
@@ -147,6 +156,12 @@
- plat/arm
subsections:
+ - title: CSS
+ scope: css
+
+ deprecated:
+ - plat/arm/css
+
- title: FPGA
scope: fpga
@@ -160,6 +175,7 @@
deprecated:
- plat/fvp
+ - fvp/tsp_manifest
- title: FVP-R
scope: fvp-r
@@ -167,6 +183,9 @@
deprecated:
- fvp_r
+ - title: FVP Versatile Express
+ scope: fvp_ve
+
- title: Juno
scope: juno
@@ -209,6 +228,16 @@
- title: Broadcom
scope: brcm
+ - title: HiSilicon
+ scope: hisilicon
+
+ subsections:
+ - title: HiKey
+ scope: hikey
+
+ - title: HiKey960
+ scope: hikey960
+
- title: Intel
scope: intel
@@ -256,6 +285,16 @@
deprecated:
- plat/mediatek/mt8183
+ - title: MT8186
+ scope: mt8186
+
+ deprecated:
+ - plat/mediatek/mt8186
+ - mt8186-emi-mpu
+
+ - title: MT8188
+ scope: mt8188
+
- title: MT8192
scope: mt8192
@@ -270,12 +309,6 @@
- plat/mediatek/mt8195
- plat/mdeiatek/mt8195
- - title: MT8186
- scope: mt8186
-
- deprecated:
- - plat/mediatek/mt8186
-
- title: NVIDIA
scope: nvidia
@@ -426,6 +459,9 @@
- title: QTI
scope: qti
+ deprecated:
+ - plat/qti
+
subsections:
- title: SC1780
scope: sc7180
@@ -446,6 +482,9 @@
scope: rpi
subsections:
+ - title: Raspberry Pi 3
+ scope: rpi3
+
- title: Raspberry Pi 4
scope: rpi4
@@ -514,6 +553,9 @@
- title: K3
scope: k3
+ deprecated:
+ - ti-k3
+
- title: Xilinx
scope: xilinx
@@ -529,6 +571,13 @@
- plat/xilinx/versal
- plat/versal
+ subsections:
+ - title: Versal NET
+ scope: versal-net
+
+ deprecated:
+ - versal_net
+
- title: ZynqMP
scope: zynqmp
@@ -572,6 +621,9 @@
- title: RME
scope: rme
+ deprecated:
+ - rme/fid
+
subsections:
- title: TRP
scope: trp
@@ -586,6 +638,9 @@
- title: EL3 SPMC
scope: el3-spmc
+ deprecated:
+ - spmc
+
- title: SPMD
scope: spmd
@@ -595,6 +650,9 @@
- title: DRTM
scope: drtm
+ - title: TRNG
+ scope: trng
+
- title: Libraries
subsections:
@@ -616,6 +674,9 @@
- title: Context Management
scope: cm
+ - title: RAS
+ scope: ras
+
- title: FCONF
scope: fconf
@@ -652,8 +713,14 @@
- title: PSA
scope: psa
+ deprecated:
+ - lib/psa
+
- title: Context Management
- scope: context mgmt
+ scope: context-mgmt
+
+ deprecated:
+ - context mgmt
- title: Semihosting
scope: semihosting
@@ -735,6 +802,7 @@
deprecated:
- scmi_common
- drivers/scmi-msg
+ - scmi-msg
- title: UFS
scope: ufs
@@ -756,7 +824,13 @@
- title: GICv3
scope: gicv3
+ deprecated:
+ - gicv3/multichip
+
subsections:
+ - title: GIC-600
+ scope: gic600
+
- title: GIC-600AE
scope: gic600ae
@@ -1171,6 +1245,9 @@
- title: Certificate Creation Tool
scope: cert-create
+ deprecated:
+ - cert_create
+
- title: Dependencies
scope: deps
diff --git a/common/aarch64/debug.S b/common/aarch64/debug.S
index d105d08..742e022 100644
--- a/common/aarch64/debug.S
+++ b/common/aarch64/debug.S
@@ -168,7 +168,7 @@
mrs x0, currentel
ubfx x0, x0, #MODE_EL_SHIFT, #MODE_EL_WIDTH
cmp x0, #MODE_EL3
-#if !HANDLE_EA_EL3_FIRST
+#if !HANDLE_EA_EL3_FIRST_NS
ldr x0, [sp], #0x10
b.eq el3_panic
#else
@@ -184,7 +184,7 @@
to_panic_common:
ldr x0, [sp], #0x10
-#endif /* HANDLE_EA_EL3_FIRST */
+#endif /* HANDLE_EA_EL3_FIRST_NS */
#endif /* CRASH_REPORTING */
panic_common:
diff --git a/common/backtrace/backtrace.c b/common/backtrace/backtrace.c
index 89380b3..f994ae5 100644
--- a/common/backtrace/backtrace.c
+++ b/common/backtrace/backtrace.c
@@ -54,17 +54,6 @@
return ret;
}
-const char *get_el_str(unsigned int el)
-{
- if (el == 3U) {
- return "EL3";
- } else if (el == 2U) {
- return "EL2";
- } else {
- return "S-EL1";
- }
-}
-
/*
* Returns true if the address points to a virtual address that can be read at
* the current EL, false otherwise.
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index a980ed9..9a2ae73 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -51,6 +51,17 @@
:|M|: Manish Badarkhe <manish.badarkhe@arm.com>
:|G|: `ManishVB-Arm`_
+LTS Maintainers
+---------------
+
+:|M|: Bipin Ravi <bipin.ravi@arm.com>
+:|G|: `bipinravi-arm`_
+:|M|: Joanna Farley <joanna.farley@arm.com>
+:|G|: `joannafarley-arm`_
+:|M|: Okash Khawaja <okash@google.com>
+:|G|: `bytefire`_
+:|M|: Varun Wadekar <vwadekar@nvidia.com>
+:|G|: `vwadekar`_
.. _code owners:
@@ -67,26 +78,26 @@
Build Definitions for CMake Build System
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Javier Almansa Sobrino <Javier.AlmansaSobrino@arm.com>
-:|G|: `javieralso-arm`_
:|M|: Chris Kay <chris.kay@arm.com>
:|G|: `CJKay`_
:|F|: /
Software Delegated Exception Interface (SDEI)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Mark Dykes <mark.dykes@arm.com>
-:|G|: `mardyk01`_
+:|M|: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
+:|G|: `jayanthchidanand-arm`_
+:|M|: Manish Pandey <manish.pandey2@arm.com>
+:|G|: `manish-pandey-arm`_
:|F|: services/std_svc/sdei/
Trusted Boot
^^^^^^^^^^^^
:|M|: Sandrine Bailleux <sandrine.bailleux@arm.com>
:|G|: `sandrine-bailleux-arm`_
-:|M|: Manish Pandey <manish.pandey2@arm.com>
-:|G|: `manish-pandey-arm`_
:|M|: Manish Badarkhe <manish.badarkhe@arm.com>
:|G|: `ManishVB-Arm`_
+:|M|: Lauren Wehrmeister <Lauren.Wehrmeister@arm.com>
+:|G|: `laurenw-arm`_
:|F|: drivers/auth/
Secure Partition Manager Core (EL3 FF-A SPMC)
@@ -99,36 +110,34 @@
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:|M|: Olivier Deprez <olivier.deprez@arm.com>
:|G|: `odeprez`_
-:|M|: Manish Pandey <manish.pandey2@arm.com>
-:|G|: `manish-pandey-arm`_
-:|M|: Maksims Svecovs <maksims.svecovs@arm.com>
-:|G|: `max-shvetsov`_
:|M|: Joao Alves <Joao.Alves@arm.com>
:|G|: `J-Alves`_
:|F|: services/std_svc/spmd/\*
Exception Handling Framework (EHF)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Manish Badarkhe <manish.badarkhe@arm.com>
-:|G|: `ManishVB-Arm`_
+:|M|: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
+:|G|: `jayanthchidanand-arm`_
+:|M|: Manish Pandey <manish.pandey2@arm.com>
+:|G|: `manish-pandey-arm`_
:|F|: bl31/ehf.c
Realm Management Monitor Dispatcher (RMMD)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:|M|: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
:|G|: `javieralso-arm`_
+:|M|: Alexei Fedorov <Alexei.Fedorov@arm.com>
+:|G|: `AlexeiFedorov`_
:|F|: services/std_svc/rmmd/\*
:|F|: include/services/rmmd_svc.h
:|F|: include/services/rmm_core_manifest.h
Realm Management Extension (RME)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Bipin Ravi <bipin.ravi@arm.com>
-:|G|: `bipinravi-arm`_
-:|M|: Mark Dykes <mark.dykes@arm.com>
-:|G|: `mardyk01`_
:|M|: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
:|G|: `javieralso-arm`_
+:|M|: Alexei Fedorov <Alexei.Fedorov@arm.com>
+:|G|: `AlexeiFedorov`_
Drivers, Libraries and Framework Code
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -185,14 +194,12 @@
Power State Coordination Interface (PSCI)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Javier Almansa Sobrino <Javier.AlmansaSobrino@arm.com>
-:|G|: `javieralso-arm`_
+:|M|: Manish Pandey <manish.pandey2@arm.com>
+:|G|: `manish-pandey-arm`_
:|M|: Madhukar Pappireddy <Madhukar.Pappireddy@arm.com>
:|G|: `madhukar-Arm`_
:|M|: Lauren Wehrmeister <Lauren.Wehrmeister@arm.com>
:|G|: `laurenw-arm`_
-:|M|: Zelalem Aweke <Zelalem.Aweke@arm.com>
-:|G|: `zelalem-aweke`_
:|F|: lib/psci/
DebugFS
@@ -217,18 +224,27 @@
:|G|: `J-Alves`_
:|F|: lib/pmf/
+Errata Management
+^^^^^^^^^^^^^^^^^
+:|M|: Bipin Ravi <bipin.ravi@arm.com>
+:|G|: `bipinravi-arm`_
+:|M|: Lauren Wehrmeister <Lauren.Wehrmeister@arm.com>
+:|G|: `laurenw-arm`_
+
Arm CPU libraries
^^^^^^^^^^^^^^^^^
+:|M|: Bipin Ravi <bipin.ravi@arm.com>
+:|G|: `bipinravi-arm`_
:|M|: Lauren Wehrmeister <Lauren.Wehrmeister@arm.com>
:|G|: `laurenw-arm`_
:|F|: lib/cpus/
Reliability Availability Serviceabilty (RAS) framework
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Olivier Deprez <olivier.deprez@arm.com>
-:|G|: `odeprez`_
:|M|: Manish Pandey <manish.pandey2@arm.com>
:|G|: `manish-pandey-arm`_
+:|M|: Olivier Deprez <olivier.deprez@arm.com>
+:|G|: `odeprez`_
:|F|: lib/extensions/ras/
Activity Monitors Unit (AMU) extensions
@@ -241,28 +257,28 @@
Memory Partitioning And Monitoring (MPAM) extensions
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Zelalem Aweke <Zelalem.Aweke@arm.com>
-:|G|: `zelalem-aweke`_
+:|M|: Manish Pandey <manish.pandey2@arm.com>
+:|G|: `manish-pandey-arm`_
:|F|: lib/extensions/mpam/
Pointer Authentication (PAuth) and Branch Target Identification (BTI) extensions
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:|M|: Alexei Fedorov <Alexei.Fedorov@arm.com>
:|G|: `AlexeiFedorov`_
-:|M|: Zelalem Aweke <Zelalem.Aweke@arm.com>
-:|G|: `zelalem-aweke`_
:|F|: lib/extensions/pauth/
Statistical Profiling Extension (SPE)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Zelalem Aweke <Zelalem.Aweke@arm.com>
-:|G|: `zelalem-aweke`_
+:|M|: Manish Pandey <manish.pandey2@arm.com>
+:|G|: `manish-pandey-arm`_
:|F|: lib/extensions/spe/
Standard C library
^^^^^^^^^^^^^^^^^^
-:|M|: Alexei Fedorov <Alexei.Fedorov@arm.com>
-:|G|: `AlexeiFedorov`_
+:|M|: Chris Kay <chris.kay@arm.com>
+:|G|: `CJKay`_
+:|M|: Madhukar Pappireddy <Madhukar.Pappireddy@arm.com>
+:|G|: `madhukar-Arm`_
:|F|: lib/libc/
Library At ROM (ROMlib)
@@ -273,8 +289,8 @@
Translation tables (``xlat_tables``) library
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Javier Almansa Sobrino <Javier.AlmansaSobrino@arm.com>
-:|G|: `javieralso-arm`_
+:|M|: Manish Badarkhe <manish.badarkhe@arm.com>
+:|G|: `ManishVB-Arm`_
:|M|: Joao Alves <Joao.Alves@arm.com>
:|G|: `J-Alves`_
:|F|: lib/xlat\_tables_\*/
@@ -331,17 +347,23 @@
Measured Boot
^^^^^^^^^^^^^
-:|M|: Alexei Fedorov <Alexei.Fedorov@arm.com>
-:|G|: `AlexeiFedorov`_
-:|M|: Javier Almansa Sobrino <Javier.AlmansaSobrino@arm.com>
-:|G|: `javieralso-arm`_
:|M|: Sandrine Bailleux <sandrine.bailleux@arm.com>
:|G|: `sandrine-bailleux-arm`_
+:|M|: Manish Badarkhe <manish.badarkhe@arm.com>
+:|G|: `ManishVB-Arm`_
:|F|: drivers/measured_boot
:|F|: include/drivers/measured_boot
:|F|: docs/components/measured_boot
:|F|: plat/arm/board/fvp/fvp\*_measured_boot.c
+DRTM
+^^^^
+:|M|: Manish Badarkhe <manish.badarkhe@arm.com>
+:|G|: `ManishVB-Arm`_
+:|M|: Manish Pandey <manish.pandey2@arm.com>
+:|G|: `manish-pandey-arm`_
+:|F|: services/std_svc/drtm
+
PSA Firmware Update
^^^^^^^^^^^^^^^^^^^
:|M|: Manish Badarkhe <manish.badarkhe@arm.com>
@@ -376,8 +398,10 @@
Granule Protection Tables Library (GPT-RME)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Mark Dykes <mark.dykes@arm.com>
-:|G|: `mardyk01`_
+:|M|: Soby Mathew <soby.mathew@arm.com>
+:|G|: `soby-mathew`_
+:|M|: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
+:|G|: `javieralso-arm`_
:|F|: lib/gpt_rme
:|F|: include/lib/gpt_rme
@@ -631,6 +655,8 @@
:|G|: `lachitp`_
:|M|: Sreevyshanavi Kare <skare@codeaurora.org>
:|G|: `sreekare`_
+:|M|: Muhammad Arsath K F <quic_mkf@quicinc.com>
+:|G|: `quic_mkf`_
:|M|: QTI TF Maintainers <qti.trustedfirmware.maintainers@codeaurora.org>
:|F|: docs/plat/qti.rst
:|F|: plat/qti/
@@ -794,6 +820,8 @@
Fiptool
^^^^^^^
+:|M|: Manish Badarkhe <manish.badarkhe@arm.com>
+:|G|: `ManishVB-Arm`_
:|M|: Joao Alves <Joao.Alves@arm.com>
:|G|: `J-Alves`_
:|F|: tools/fiptool/
@@ -802,6 +830,10 @@
^^^^^^^^^^^^^^^^
:|M|: Sandrine Bailleux <sandrine.bailleux@arm.com>
:|G|: `sandrine-bailleux-arm`_
+:|M|: Manish Badarkhe <manish.badarkhe@arm.com>
+:|G|: `ManishVB-Arm`_
+:|M|: Lauren Wehrmeister <Lauren.Wehrmeister@arm.com>
+:|G|: `laurenw-arm`_
:|F|: tools/cert_create/
Encrypt_fw tool
@@ -820,6 +852,8 @@
Build system
^^^^^^^^^^^^
+:|M|: Chris Kay <chris.kay@arm.com>
+:|G|: `CJKay`_
:|M|: Manish Pandey <manish.pandey2@arm.com>
:|G|: `manish-pandey-arm`_
:|F|: Makefile
@@ -827,8 +861,6 @@
Threat Model
~~~~~~~~~~~~~
-:|M|: Zelalem Aweke <Zelalem.Aweke@arm.com>
-:|G|: `zelalem-aweke`_
:|M|: Sandrine Bailleux <sandrine.bailleux@arm.com>
:|G|: `sandrine-bailleux-arm`_
:|M|: Joanna Farley <joanna.farley@arm.com>
@@ -878,6 +910,7 @@
.. _niej: https://github.com/niej
.. _npoushin: https://github.com/npoushin
.. _prabhakarlad: https://github.com/prabhakarlad
+.. _quic_mkf: https://github.com/quicmkf
.. _remi-triplefault: https://github.com/repk
.. _rockchip-linux: https://github.com/rockchip-linux
.. _sandrine-bailleux-arm: https://github.com/sandrine-bailleux-arm
@@ -904,7 +937,6 @@
.. _max-shvetsov: https://github.com/max-shvetsov
.. _javieralso-arm: https://github.com/javieralso-arm
.. _laurenw-arm: https://github.com/laurenw-arm
-.. _zelalem-aweke: https://github.com/zelalem-aweke
.. _J-Alves: https://github.com/J-Alves
.. _madhukar-Arm: https://github.com/madhukar-Arm
.. _raghuncstate: https://github.com/raghuncstate
@@ -922,5 +954,7 @@
.. _arve-android: https://github.com/arve-android
.. _marcone: https://github.com/marcone
.. _marcbonnici: https://github.com/marcbonnici
+.. _jayanthchidanand-arm: https://github.com/jayanthchidanand-arm
+.. _bytefire: https://github.com/bytefire
.. _Project Maintenance Process: https://developer.trustedfirmware.org/w/collaboration/project-maintenance-process/
diff --git a/docs/about/release-information.rst b/docs/about/release-information.rst
index e9eaa80..c0875b6 100644
--- a/docs/about/release-information.rst
+++ b/docs/about/release-information.rst
@@ -56,9 +56,9 @@
Removal of Deprecated Interfaces
--------------------------------
-As mentioned in the :ref:`Platform Compatibility Policy`, this is a live
-document cataloging all the deprecated interfaces in TF-A project and the
-Release version after which it will be removed.
+As mentioned in the :ref:`Platform Ports Policy`, this is a live document
+cataloging all the deprecated interfaces in TF-A project and the Release version
+after which it will be removed.
+--------------------------------+-------------+---------+---------------------------------------------------------+
| Interface | Deprecation | Removed | Comments |
@@ -70,4 +70,4 @@
--------------
-*Copyright (c) 2018-2021, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/components/ras.rst b/docs/components/ras.rst
index b435349..871be2d 100644
--- a/docs/components/ras.rst
+++ b/docs/components/ras.rst
@@ -6,10 +6,11 @@
later CPUs, and also an optional extension to the base Armv8.0 architecture.
In conjunction with the |EHF|, support for RAS extension enables firmware-first
-paradigm for handling platform errors: exceptions resulting from errors are
-routed to and handled in EL3. Said errors are Synchronous External Abort (SEA),
-Asynchronous External Abort (signalled as SErrors), Fault Handling and Error
-Recovery interrupts. The |EHF| document mentions various :ref:`error handling
+paradigm for handling platform errors: exceptions resulting from errors in
+Non-secure world are routed to and handled in EL3.
+Said errors are Synchronous External Abort (SEA), Asynchronous External Abort
+(signalled as SErrors), Fault Handling and Error Recovery interrupts.
+The |EHF| document mentions various :ref:`error handling
use-cases <delegation-use-cases>` .
For the description of Arm RAS extensions, Standard Error Records, and the
@@ -29,7 +30,7 @@
.. __: `Standard Error Record helpers`_
The build option ``RAS_EXTENSION`` when set to ``1`` includes the RAS in run
-time firmware; ``EL3_EXCEPTION_HANDLING`` and ``HANDLE_EA_EL3_FIRST`` must also
+time firmware; ``EL3_EXCEPTION_HANDLING`` and ``HANDLE_EA_EL3_FIRST_NS`` must also
be set ``1``. ``RAS_TRAP_NS_ERR_REC_ACCESS`` controls the access to the RAS
error record registers from Non-secure.
@@ -198,8 +199,8 @@
- ``EL3_EXCEPTION_HANDLING=1`` enables handling of exceptions at EL3. See
`Interaction with Exception Handling Framework`_;
-- ``HANDLE_EA_EL3_FIRST=1`` enables routing of External Aborts and SErrors to
- EL3.
+- ``HANDLE_EA_EL3_FIRST_NS=1`` enables routing of External Aborts and SErrors,
+ resulting from errors in NS world, to EL3.
The RAS support in |TF-A| introduces a default implementation of
``plat_ea_handler``, the External Abort handler in EL3. When ``RAS_EXTENSION``
diff --git a/docs/components/realm-management-extension.rst b/docs/components/realm-management-extension.rst
index ea921fc..6fc0c2e 100644
--- a/docs/components/realm-management-extension.rst
+++ b/docs/components/realm-management-extension.rst
@@ -95,66 +95,218 @@
This section describes how you can build and run TF-A with RME enabled.
We assume you have all the :ref:`Prerequisites` to build TF-A.
-To enable RME, you need to set the ENABLE_RME build flag when building
-TF-A. Currently, this feature is only supported for the FVP platform.
-
The following instructions show you how to build and run TF-A with RME
-for two scenarios: TF-A with TF-A Tests, and four-world execution with
-Hafnium and TF-A Tests. The instructions assume you have already obtained
-TF-A. You can use the following command to clone TF-A.
+for two scenarios:
-.. code:: shell
+- Three-world execution: TF-A with TF-A Tests or Linux.
- git clone https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
+ - NS (TF-A Test or Linux),
+ - Root (TF-A)
+ - Realm (RMM or TRP)
+
+- Four-world execution: TF-A, Hafnium and TF-A Tests or Linux.
+
+ - NS (TF-A Test or Linux),
+ - Root (TF-A)
+ - Realm (RMM or TRP)
+ - SPM (Hafnium)
To run the tests, you need an FVP model. Please use the :ref:`latest version
<Arm Fixed Virtual Platforms (FVP)>` of *FVP_Base_RevC-2xAEMvA* model.
-.. note::
+Three World Testing with TF-A Tests
+*************************************
- ENABLE_RME build option is currently experimental.
+**1. Obtain and build TF-A Tests with Realm Payload**
-Building TF-A with TF-A Tests
-********************************************
+The full set of instructions to setup build host and build options for
+TF-A-Tests can be found in the `TFTF Getting Started`_.
+
Use the following instructions to build TF-A with `TF-A Tests`_ as the
non-secure payload (BL33).
-**1. Obtain and build TF-A Tests**
-
.. code:: shell
git clone https://git.trustedfirmware.org/TF-A/tf-a-tests.git
cd tf-a-tests
- make CROSS_COMPILE=aarch64-none-elf- PLAT=fvp DEBUG=1
+ make CROSS_COMPILE=aarch64-none-elf- PLAT=fvp DEBUG=1 all pack_realm
-This produces a TF-A Tests binary (*tftf.bin*) in the *build/fvp/debug* directory.
+This produces a TF-A Tests binary (**tftf.bin**) with Realm payload packaged
+and **sp_layout.json** in the **build/fvp/debug** directory.
-**2. Build TF-A**
+**2. Obtain and build RMM Image**
+
+Please refer to the `RMM Getting Started`_ on how to setup
+Host Environment and build RMM.
+
+The below command shows how to build RMM using the default build options for FVP.
.. code:: shell
+ git clone --recursive https://git.trustedfirmware.org/TF-RMM/tf-rmm.git
+ cd tf-rmm
+ cmake -DRMM_CONFIG=fvp_defcfg -S . -B build
+ cmake --build build
+
+This will generate **rmm.img** in **build** folder.
+
+**3. Build TF-A**
+
+The `TF-A Getting Started`_ has the necessary instructions to setup Host
+machine and build TF-A.
+
+To build for RME, set ``ENABLE_RME`` build option to 1 and provide the path to
+the RMM binary using the ``RMM`` build option.
+Currently, this feature is only supported for the FVP platform.
+
+.. note::
+
+ ENABLE_RME build option is currently experimental.
+
+If the ``RMM`` option is not used, then the Test Realm Payload (TRP) in TF-A
+will be built and used as the RMM.
+
+.. code:: shell
+
+ git clone https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
cd trusted-firmware-a
make CROSS_COMPILE=aarch64-none-elf- \
PLAT=fvp \
ENABLE_RME=1 \
+ RMM=<path/to/rmm.img> \
FVP_HW_CONFIG_DTS=fdts/fvp-base-gicv3-psci-1t.dts \
DEBUG=1 \
BL33=<path/to/tftf.bin> \
all fip
+This produces **bl1.bin** and **fip.bin** binaries in the **build/fvp/debug** directory.
+
+Running the tests for a 3 world FVP setup
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Use the following command to run the tests on FVP. TF-A Tests should boot
+and run the default tests including Realm world tests.
+
+.. code:: shell
+
+ FVP_Base_RevC-2xAEMvA \
+ -C bp.refcounter.non_arch_start_at_default=1 \
+ -C bp.secureflashloader.fname=<path/to/bl1.bin> \
+ -C bp.flashloader0.fname=<path/to/fip.bin> \
+ -C bp.refcounter.use_real_time=0 \
+ -C bp.ve_sysregs.exit_on_shutdown=1 \
+ -C cache_state_modelled=1 \
+ -C bp.dram_size=2 \
+ -C bp.secure_memory=1 \
+ -C pci.pci_smmuv3.mmu.SMMU_ROOT_IDR0=3 \
+ -C pci.pci_smmuv3.mmu.SMMU_ROOT_IIDR=0x43B \
+ -C pci.pci_smmuv3.mmu.root_register_page_offset=0x20000 \
+ -C cluster0.NUM_CORES=4 \
+ -C cluster0.PA_SIZE=48 \
+ -C cluster0.ecv_support_level=2 \
+ -C cluster0.gicv3.cpuintf-mmap-access-level=2 \
+ -C cluster0.gicv3.without-DS-support=1 \
+ -C cluster0.gicv4.mask-virtual-interrupt=1 \
+ -C cluster0.has_arm_v8-6=1 \
+ -C cluster0.has_amu=1 \
+ -C cluster0.has_branch_target_exception=1 \
+ -C cluster0.rme_support_level=2 \
+ -C cluster0.has_rndr=1 \
+ -C cluster0.has_v8_7_pmu_extension=2 \
+ -C cluster0.max_32bit_el=-1 \
+ -C cluster0.stage12_tlb_size=1024 \
+ -C cluster0.check_memory_attributes=0 \
+ -C cluster0.ish_is_osh=1 \
+ -C cluster0.restriction_on_speculative_execution=2 \
+ -C cluster0.restriction_on_speculative_execution_aarch32=2 \
+ -C cluster1.NUM_CORES=4 \
+ -C cluster1.PA_SIZE=48 \
+ -C cluster1.ecv_support_level=2 \
+ -C cluster1.gicv3.cpuintf-mmap-access-level=2 \
+ -C cluster1.gicv3.without-DS-support=1 \
+ -C cluster1.gicv4.mask-virtual-interrupt=1 \
+ -C cluster1.has_arm_v8-6=1 \
+ -C cluster1.has_amu=1 \
+ -C cluster1.has_branch_target_exception=1 \
+ -C cluster1.rme_support_level=2 \
+ -C cluster1.has_rndr=1 \
+ -C cluster1.has_v8_7_pmu_extension=2 \
+ -C cluster1.max_32bit_el=-1 \
+ -C cluster1.stage12_tlb_size=1024 \
+ -C cluster1.check_memory_attributes=0 \
+ -C cluster1.ish_is_osh=1 \
+ -C cluster1.restriction_on_speculative_execution=2 \
+ -C cluster1.restriction_on_speculative_execution_aarch32=2 \
+ -C pctl.startup=0.0.0.0 \
+ -C bp.smsc_91c111.enabled=1 \
+ -C bp.hostbridge.userNetworking=1
+
+The bottom of the output from *uart0* should look something like the following.
+
+.. code-block:: shell
+
+ ...
+
+ > Test suite 'FF-A Interrupt'
+ Passed
+ > Test suite 'SMMUv3 tests'
+ Passed
+ > Test suite 'PMU Leakage'
+ Passed
+ > Test suite 'DebugFS'
+ Passed
+ > Test suite 'RMI and SPM tests'
+ Passed
+ > Test suite 'Realm payload at EL1'
+ Passed
+ > Test suite 'Invalid memory access'
+ Passed
+ ...
+
+Building TF-A with RME enabled Linux Kernel
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If an RME enabled Linux kernel and filesystem is available for testing,
+and a suitable NS boot loader is not available, then this option can be used to
+launch kernel directly after BL31:
+
+.. code-block:: shell
+
+ cd trusted-firmware-a
+ make CROSS_COMPILE=aarch64-none-elf- \
+ PLAT=fvp \
+ ENABLE_RME=1 \
+ RMM=<path/to/rmm.img> \
+ FVP_HW_CONFIG_DTS=fdts/fvp-base-gicv3-psci-1t.dts \
+ DEBUG=1 \
+ ARM_LINUX_KERNEL_AS_BL33=1 \
+ PRELOADED_BL33_BASE=0x84000000 \
+ all fip
+
+Boot and run the RME enabled Linux Kernel
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Use the following additional arguments to boot the kernel on FVP.
+
+.. code-block:: shell
+
+ --data cluster0.cpu0=<path_to_kernel_Image>@0x84000000 \
+ -C bp.virtioblockdevice.image_path=<path_to_rootfs.ext4>
+
-This produces *bl1.bin* and *fip.bin* binaries in the *build/fvp/debug* directory.
-The above command also builds TRP. The TRP binary is packaged in *fip.bin*.
+.. tip::
+
+ Set the FVP option `cache_state_modelled=0` to run Linux based tests much faster.
Four-world execution with Hafnium and TF-A Tests
-****************************************************
-Four-world execution involves software components at each security state: root,
+*************************************************
+
+Four-world execution involves software components in each security state: root,
secure, realm and non-secure. This section describes how to build TF-A
-with four-world support. We use TF-A as the root firmware, `Hafnium`_ as the
-secure component, TRP as the realm-world firmware and TF-A Tests as the
-non-secure payload.
+with four-world support.
-Before building TF-A, you first need to build the other software components.
-You can find instructions on how to get and build TF-A Tests above.
+We use TF-A as the root firmware, `Hafnium SPM`_ is the reference Secure world component
+and the software components for the other 2 worlds (Realm and Non-Secure)
+are as described in the previous section.
**1. Obtain and build Hafnium**
@@ -164,6 +316,27 @@
cd hafnium
# Use the default prebuilt LLVM/clang toolchain
PATH=$PWD/prebuilts/linux-x64/clang/bin:$PWD/prebuilts/linux-x64/dtc:$PATH
+
+Feature MTE needs to be disabled in Hafnium build, apply following patch to
+project/reference submodule
+
+.. code:: diff
+
+ diff --git a/BUILD.gn b/BUILD.gn
+ index cc6a78f..234b20a 100644
+ --- a/BUILD.gn
+ +++ b/BUILD.gn
+ @@ -83,7 +83,6 @@ aarch64_toolchains("secure_aem_v8a_fvp") {
+ pl011_base_address = "0x1c090000"
+ smmu_base_address = "0x2b400000"
+ smmu_memory_size = "0x100000"
+ - enable_mte = "1"
+ plat_log_level = "LOG_LEVEL_INFO"
+ }
+ }
+
+.. code:: shell
+
make PROJECT=reference
The Hafnium binary should be located at
@@ -173,6 +346,8 @@
Build TF-A with RME as well as SPM enabled.
+Use sp_layout.json previously generated in tf-a-test build.
+
.. code:: shell
make CROSS_COMPILE=aarch64-none-elf- \
@@ -184,92 +359,33 @@
BRANCH_PROTECTION=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
DEBUG=1 \
- SP_LAYOUT_FILE=<path/to/tf-a-tests>/build/fvp/debug/sp_layout.json> \
+ SP_LAYOUT_FILE=<path/to/sp_layout.json> \
BL32=<path/to/hafnium.bin> \
BL33=<path/to/tftf.bin> \
+ RMM=<path/to/rmm.img> \
all fip
-Running the tests
-*********************
-Use the following command to run the tests on FVP. TF-A Tests should boot
-and run the default tests including RME tests.
+Running the tests for a 4 world FVP setup
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-.. code:: shell
-
- FVP_Base_RevC-2xAEMvA \
- -C bp.flashloader0.fname=<path/to/fip.bin> \
- -C bp.secureflashloader.fname=<path/to/bl1.bin> \
- -C bp.refcounter.non_arch_start_at_default=1 \
- -C bp.refcounter.use_real_time=0 \
- -C bp.ve_sysregs.exit_on_shutdown=1 \
- -C cache_state_modelled=1 \
- -C cluster0.NUM_CORES=4 \
- -C cluster0.PA_SIZE=48 \
- -C cluster0.ecv_support_level=2 \
- -C cluster0.gicv3.cpuintf-mmap-access-level=2 \
- -C cluster0.gicv3.without-DS-support=1 \
- -C cluster0.gicv4.mask-virtual-interrupt=1 \
- -C cluster0.has_arm_v8-6=1 \
- -C cluster0.has_branch_target_exception=1 \
- -C cluster0.has_rme=1 \
- -C cluster0.has_rndr=1 \
- -C cluster0.has_amu=1 \
- -C cluster0.has_v8_7_pmu_extension=2 \
- -C cluster0.max_32bit_el=-1 \
- -C cluster0.restriction_on_speculative_execution=2 \
- -C cluster0.restriction_on_speculative_execution_aarch32=2 \
- -C cluster1.NUM_CORES=4 \
- -C cluster1.PA_SIZE=48 \
- -C cluster1.ecv_support_level=2 \
- -C cluster1.gicv3.cpuintf-mmap-access-level=2 \
- -C cluster1.gicv3.without-DS-support=1 \
- -C cluster1.gicv4.mask-virtual-interrupt=1 \
- -C cluster1.has_arm_v8-6=1 \
- -C cluster1.has_branch_target_exception=1 \
- -C cluster1.has_rme=1 \
- -C cluster1.has_rndr=1 \
- -C cluster1.has_amu=1 \
- -C cluster1.has_v8_7_pmu_extension=2 \
- -C cluster1.max_32bit_el=-1 \
- -C cluster1.restriction_on_speculative_execution=2 \
- -C cluster1.restriction_on_speculative_execution_aarch32=2 \
- -C pci.pci_smmuv3.mmu.SMMU_AIDR=2 \
- -C pci.pci_smmuv3.mmu.SMMU_IDR0=0x0046123B \
- -C pci.pci_smmuv3.mmu.SMMU_IDR1=0x00600002 \
- -C pci.pci_smmuv3.mmu.SMMU_IDR3=0x1714 \
- -C pci.pci_smmuv3.mmu.SMMU_IDR5=0xFFFF0475 \
- -C pci.pci_smmuv3.mmu.SMMU_S_IDR1=0xA0000002 \
- -C pci.pci_smmuv3.mmu.SMMU_S_IDR2=0 \
- -C pci.pci_smmuv3.mmu.SMMU_S_IDR3=0 \
- -C bp.pl011_uart0.out_file=uart0.log \
- -C bp.pl011_uart1.out_file=uart1.log \
- -C bp.pl011_uart2.out_file=uart2.log \
- -C pctl.startup=0.0.0.0 \
- -Q 1000 \
- "$@"
+Use the following arguments in addition to
+`Running the tests for a 3 world FVP setup`_ to run tests for 4 world setup.
-The bottom of the output from *uart0* should look something like the following.
-
-.. code-block:: shell
-
- ...
-
- > Test suite 'FF-A Interrupt'
- Passed
- > Test suite 'SMMUv3 tests'
- Passed
- > Test suite 'PMU Leakage'
- Passed
- > Test suite 'DebugFS'
- Passed
- > Test suite 'Realm payload tests'
- Passed
- > Test suite 'Invalid memory access'
- Passed
- ...
+.. code:: shell
+ -C pci.pci_smmuv3.mmu.SMMU_AIDR=2 \
+ -C pci.pci_smmuv3.mmu.SMMU_IDR0=0x0046123B \
+ -C pci.pci_smmuv3.mmu.SMMU_IDR1=0x00600002 \
+ -C pci.pci_smmuv3.mmu.SMMU_IDR3=0x1714 \
+ -C pci.pci_smmuv3.mmu.SMMU_IDR5=0xFFFF0475 \
+ -C pci.pci_smmuv3.mmu.SMMU_S_IDR1=0xA0000002 \
+ -C pci.pci_smmuv3.mmu.SMMU_S_IDR2=0 \
+ -C pci.pci_smmuv3.mmu.SMMU_S_IDR3=0
.. _Arm Confidential Compute Architecture (Arm CCA): https://www.arm.com/why-arm/architecture/security-features/arm-confidential-compute-architecture
.. _Arm Architecture Models website: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms/arm-ecosystem-models
+.. _TF-A Getting Started: https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/index.html
.. _TF-A Tests: https://trustedfirmware-a-tests.readthedocs.io/en/latest
-.. _Hafnium: https://www.trustedfirmware.org/projects/hafnium
+.. _TFTF Getting Started: https://trustedfirmware-a-tests.readthedocs.io/en/latest/getting_started/index.html
+.. _Hafnium SPM: https://www.trustedfirmware.org/projects/hafnium
+.. _RMM Getting Started: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tree/docs/getting_started/index.rst
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 7ba79b9..55e265c 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -256,6 +256,10 @@
- ``ERRATA_A76_1946160``: This applies errata 1946160 workaround to Cortex-A76
CPU. This needs to be enabled only for revisions r3p0 - r4p1 of the CPU.
+- ``ERRATA_A76_2743102``: This applies errata 2743102 workaround to Cortex-A76
+ CPU. This needs to be enabled for all revisions <= r4p1 of the CPU and is
+ still open.
+
For Cortex-A77, the following errata build flags are defined :
- ``ERRATA_A77_1508412``: This applies errata 1508412 workaround to Cortex-A77
@@ -276,6 +280,9 @@
- ``ERRATA_A77_1800714``: This applies errata 1800714 workaround to Cortex-A77
CPU. This needs to be enabled for revisions <= r1p1 of the CPU.
+ - ``ERRATA_A77_2743100``: This applies errata 2743100 workaround to Cortex-A77
+ CPU. This needs to be enabled for r0p0, r1p0, and r1p1, it is still open.
+
For Cortex-A78, the following errata build flags are defined :
- ``ERRATA_A78_1688305``: This applies errata 1688305 workaround to Cortex-A78
@@ -399,6 +406,10 @@
CPU. This needs to be enabled for revisions r3p0, r3p1, r4p0, and r4p1, for
revisions r0p0, r1p0, and r2p0 there is no workaround.
+- ``ERRATA_N1_2743102``: This applies errata 2743102 workaround to Neoverse-N1
+ CPU. This needs to be enabled for all revisions <= r4p1 of the CPU and is
+ still open.
+
For Neoverse V1, the following errata build flags are defined :
- ``ERRATA_V1_1618635``: This applies errata 1618635 workaround to Neoverse-V1
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index 71fdfcb..84bba18 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -990,9 +990,10 @@
directly, the others are saved into memory for retrieval (if needed) by the
handler. The handler is also provided with an opaque ``handle`` for use with the
supporting library for parameter retrieval, setting return values and context
-manipulation; and with ``flags`` indicating the security state of the caller. The
-framework finally sets up the execution stack for the handler, and invokes the
-services ``handle()`` function.
+manipulation. The ``flags`` parameter indicates the security state of the caller
+and the state of the SVE hint bit per the SMCCCv1.3. The framework finally sets
+up the execution stack for the handler, and invokes the services ``handle()``
+function.
On return from the handler the result registers are populated in X0-X7 as needed
before restoring the stack and CPU state and returning from the original SMC.
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 5980050..0b42a79 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -569,10 +569,11 @@
EL1 for handling. The default value of this option is ``0``, which means the
Group 0 interrupts are assumed to be handled by Secure EL1.
-- ``HANDLE_EA_EL3_FIRST``: When set to ``1``, External Aborts and SError
- Interrupts will be always trapped in EL3 i.e. in BL31 at runtime. When set to
- ``0`` (default), these exceptions will be trapped in the current exception
- level (or in EL1 if the current exception level is EL0).
+- ``HANDLE_EA_EL3_FIRST_NS``: When set to ``1``, External Aborts and SError
+ Interrupts, resulting from errors in NS world, will be always trapped in
+ EL3 i.e. in BL31 at runtime. When set to ``0`` (default), these exceptions
+ will be trapped in the current exception level (or in EL1 if the current
+ exception level is EL0).
- ``HW_ASSISTED_COHERENCY``: On most Arm systems to-date, platform-specific
software operations are required for CPUs to enter and exit coherency.
@@ -725,7 +726,7 @@
or later CPUs. This flag can take the values 0 to 2, to align with the
``FEATURE_DETECTION`` mechanism.
- When ``RAS_EXTENSION`` is set to ``1``, ``HANDLE_EA_EL3_FIRST`` must also be
+ When ``RAS_EXTENSION`` is set to ``1``, ``HANDLE_EA_EL3_FIRST_NS`` must also be
set to ``1``.
This option is disabled by default.
@@ -851,6 +852,9 @@
hardware will limit the effective VL to the maximum physically supported
VL.
+- ``TRNG_SUPPORT``: Setting this to ``1`` enables support for True
+ Random Number Generator Interface to BL31 image. This defaults to ``0``.
+
- ``TRUSTED_BOARD_BOOT``: Boolean flag to include support for the Trusted Board
Boot feature. When set to '1', BL1 and BL2 images include support to load
and verify the certificates and images in a FIP, and BL1 includes support
@@ -1028,6 +1032,12 @@
functionalities). When enabled (``1``), a mocked version of the APIs are used.
The default value is 0.
+- ``CONDITIONAL_CMO``: Boolean option to enable call to platform-defined routine
+ ``plat_can_cmo`` which will return zero if cache management operations should
+ be skipped and non-zero otherwise. By default, this option is disabled which
+ means platform hook won't be checked and CMOs will always be performed when
+ related functions are called.
+
GICv3 driver options
--------------------
diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst
index 6996c17..9019e83 100644
--- a/docs/getting_started/porting-guide.rst
+++ b/docs/getting_started/porting-guide.rst
@@ -23,8 +23,8 @@
discusses these in detail. The subsequent sections discuss the remaining
modifications for each BL stage in detail.
-Please refer to the :ref:`Platform Compatibility Policy` for the policy
-regarding compatibility and deprecation of these porting interfaces.
+Please refer to the :ref:`Platform Ports Policy` for the policy regarding
+compatibility and deprecation of these porting interfaces.
Only Arm development platforms (such as FVP and Juno) may use the
functions/definitions in ``include/plat/arm/common/`` and the corresponding
@@ -1461,6 +1461,22 @@
When the MEASURED_BOOT flag is disabled, this function doesn't do anything.
+Function : plat_can_cmo()
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ Argument : void
+ Return : uint64_t
+
+When CONDITIONAL_CMO flag is enabled:
+
+- This function indicates whether cache management operations should be
+ performed. It returns 0 if CMOs should be skipped and non-zero
+ otherwise.
+- The function must not clobber x2 and x3. It's also not safe to rely on stack.
+ Otherwise obey AAPCS.
+
Modifications specific to a Boot Loader stage
---------------------------------------------
@@ -2468,7 +2484,7 @@
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This value must be defined to the UUID of the TRNG backend that is specific to
-the hardware after ``plat_trng_setup`` function is called. This value must
+the hardware after ``plat_entropy_setup`` function is called. This value must
conform to the SMCCC calling convention; The most significant 32 bits of the
UUID must not equal ``0xffffffff`` or the signed integer ``-1`` as this value in
w0 indicates failure to get a TRNG source.
@@ -3156,6 +3172,34 @@
(``GICD_IGRPMODRn``) is read to figure out whether the interrupt is configured
as Group 0 secure interrupt, Group 1 secure interrupt or Group 1 NS interrupt.
+Common helper functions
+-----------------------
+
+Function : do_panic()
+~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ Argument : void
+ Return : void
+
+This API is called from assembly files when encountering a critical failure that
+cannot be recovered from. It also invokes elx_panic() which allows to report a
+crash from lower exception level. This function assumes that it is invoked from
+a C runtime environment i.e. valid stack exists. This call **must not** return.
+
+Function : panic()
+~~~~~~~~~~~~~~~~~~
+
+::
+
+ Argument : void
+ Return : void
+
+This API called from C files when encountering a critical failure that cannot
+be recovered from. This function in turn prints backtrace (if enabled) and calls
+do_panic(). This call **must not** return.
+
Crash Reporting mechanism (in BL31)
-----------------------------------
diff --git a/docs/getting_started/prerequisites.rst b/docs/getting_started/prerequisites.rst
index 1e8fe41..62ef826 100644
--- a/docs/getting_started/prerequisites.rst
+++ b/docs/getting_started/prerequisites.rst
@@ -104,14 +104,15 @@
sudo apt install device-tree-compiler
-Additionally, to install an up-to-date version of Node.js, you can use the `Node
-Version Manager`_ to install a version of your choosing (we recommend 16, but
-later LTS versions might offer a more stable experience):
+Additionally, to install a version of Node.js compatible with TF-A's repository
+scripts, you can use the `Node Version Manager`_. To install both NVM and an
+appropriate version of Node.js, run the following **from the root directory of
+the repository**:
.. code:: shell
- curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | "$SHELL"
- exec "$SHELL" -ic "nvm install 16; exec $SHELL"
+ curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
+ exec "$SHELL" -ic "nvm install; exec $SHELL"
.. _Node Version Manager: https://github.com/nvm-sh/nvm#install--update-script
diff --git a/docs/getting_started/psci-lib-integration-guide.rst b/docs/getting_started/psci-lib-integration-guide.rst
index 3735265..4d690a9 100644
--- a/docs/getting_started/psci-lib-integration-guide.rst
+++ b/docs/getting_started/psci-lib-integration-guide.rst
@@ -337,16 +337,6 @@
This function invalidates (flushes) the data cache for memory at address
``addr`` (first argument) address and of size ``size`` (second argument).
-**Function : do_panic()**
-
-::
-
- Argument : void
- Return : void
-
-This function will be called by the PSCI library on encountering a critical
-failure that cannot be recovered from. This function **must not** return.
-
CPU Context management API
~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/plat/deprecated.rst b/docs/plat/deprecated.rst
deleted file mode 100644
index 557454c..0000000
--- a/docs/plat/deprecated.rst
+++ /dev/null
@@ -1,24 +0,0 @@
-Deprecated platforms
-====================
-
-Process of deprecating a platform
----------------------------------
-
-Platform can be deprecated and its source can be kept in repository for a cooling
-off period before deleting it or it can be deleted straight away. For later types
-Deprecated/Deleted version would be same.
-
-List of deprecated platforms
-----------------------------
-
-+----------------+----------------+--------------------+--------------------+
-| Platform | Vendor | Deprecated version | Deleted version |
-+================+================+====================+====================+
-| sgm775 | Arm | 2.5 | 2.7 |
-+----------------+----------------+--------------------+--------------------+
-| mt6795 | MTK | 2.5 | 2.7 |
-+----------------+----------------+--------------------+--------------------+
-| sgi575 | Arm | 2.8 | 3.0 |
-+----------------+----------------+--------------------+--------------------+
-| rdn1edge | Arm | 2.8 | 3.0 |
-+----------------+----------------+--------------------+--------------------+
diff --git a/docs/plat/index.rst b/docs/plat/index.rst
index 28b1787..3eac6f7 100644
--- a/docs/plat/index.rst
+++ b/docs/plat/index.rst
@@ -9,7 +9,6 @@
allwinner
arm/index
- deprecated
meson-axg
meson-gxbb
meson-gxl
@@ -59,10 +58,26 @@
- Arm Neoverse N1 System Development Platform (N1SDP)
- Arm Neoverse Reference Design N1 Edge (RD-N1-Edge) FVP
- Arm Neoverse Reference Design E1 Edge (RD-E1-Edge) FVP
- - Arm SGI-575 and SGM-775
- - MediaTek MT6795 and MT8173 SoCs
- - Arm Morello Platform
+ - Arm SGI-575
+ - MediaTek MT8173 SoCs
+
+Deprecated platforms
+--------------------
+
++----------------+----------------+--------------------+--------------------+
+| Platform | Vendor | Deprecated version | Deleted version |
++================+================+====================+====================+
+| sgm775 | Arm | 2.5 | 2.7 |
++----------------+----------------+--------------------+--------------------+
+| mt6795 | MTK | 2.5 | 2.7 |
++----------------+----------------+--------------------+--------------------+
+| sgi575 | Arm | 2.8 | 3.0 |
++----------------+----------------+--------------------+--------------------+
+| rdn1edge | Arm | 2.8 | 3.0 |
++----------------+----------------+--------------------+--------------------+
+| tc0 | Arm | 2.8 | 3.0 |
++----------------+----------------+--------------------+--------------------+
--------------
-*Copyright (c) 2019-2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2022, Arm Limited. All rights reserved.*
diff --git a/docs/plat/marvell/armada/build.rst b/docs/plat/marvell/armada/build.rst
index adb9603..ff7b573 100644
--- a/docs/plat/marvell/armada/build.rst
+++ b/docs/plat/marvell/armada/build.rst
@@ -165,14 +165,14 @@
Armada37x0 specific build options:
-- HANDLE_EA_EL3_FIRST
+- HANDLE_EA_EL3_FIRST_NS
- When ``HANDLE_EA_EL3_FIRST=1``, External Aborts and SError Interrupts will be always trapped
- in TF-A. TF-A in this case enables dirty hack / workaround for a bug found in U-Boot and
- Linux kernel PCIe controller driver pci-aardvark.c, traps and then masks SError interrupt
- caused by AXI SLVERR on external access (syndrome 0xbf000002).
+ When ``HANDLE_EA_EL3_FIRST_NS=1``, External Aborts and SError Interrupts, resulting from errors
+ in NS world, will be always trapped in TF-A. TF-A in this case enables dirty hack / workaround for
+ a bug found in U-Boot and Linux kernel PCIe controller driver pci-aardvark.c, traps and then masks
+ SError interrupt caused by AXI SLVERR on external access (syndrome 0xbf000002).
- Otherwise when ``HANDLE_EA_EL3_FIRST=0``, these exceptions will be trapped in the current
+ Otherwise when ``HANDLE_EA_EL3_FIRST_NS=0``, these exceptions will be trapped in the current
exception level (or in EL1 if the current exception level is EL0). So exceptions caused by
U-Boot will be trapped in U-Boot, exceptions caused by Linux kernel (or user applications)
will be trapped in Linux kernel.
@@ -185,8 +185,8 @@
recommended to not enable this workaround as it disallows propagating of all External Aborts
to running Linux kernel and makes correctable errors as fatal aborts.
- This option is now disabled by default. In past this option was enabled by default in
- TF-A versions v2.2, v2.3, v2.4 and v2.5.
+ This option is now disabled by default. In past this option has different name "HANDLE_EA_EL3_FIRST" and
+ was enabled by default in TF-A versions v2.2, v2.3, v2.4 and v2.5.
- CM3_SYSTEM_RESET
diff --git a/docs/process/coding-guidelines.rst b/docs/process/coding-guidelines.rst
index ef319e4..26c272d 100644
--- a/docs/process/coding-guidelines.rst
+++ b/docs/process/coding-guidelines.rst
@@ -463,11 +463,11 @@
--------------
-*Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2020, 2022, Arm Limited and Contributors. All rights reserved.*
.. _`Linux master tree`: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/
-.. _`Procedure Call Standard for the Arm Architecture`: https://developer.arm.com/docs/ihi0042/latest/
-.. _`Procedure Call Standard for the Arm 64-bit Architecture`: https://developer.arm.com/docs/ihi0055/latest/
+.. _`Procedure Call Standard for the Arm Architecture`: https://github.com/ARM-software/abi-aa/blob/main/aapcs32/aapcs32.rst
+.. _`Procedure Call Standard for the Arm 64-bit Architecture`: https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst
.. _`EditorConfig`: http://editorconfig.org/
.. _`Why the “volatile” type class should not be used`: https://www.kernel.org/doc/html/latest/process/volatile-considered-harmful.html
.. _`MISRA C:2012 Guidelines`: https://www.misra.org.uk/Activities/MISRAC/tabid/160/Default.aspx
diff --git a/docs/process/commit-style.rst b/docs/process/commit-style.rst
index de899ab..d7e937b 100644
--- a/docs/process/commit-style.rst
+++ b/docs/process/commit-style.rst
@@ -96,36 +96,25 @@
Adding Scopes
-------------
-Scopes that are either a) unblessed in the configuration file, or b) do not
-exist in the configuration file at all are considered to be deprecated. If you
-are adding a new component that does not yet have a designated scope, please
-feel free to add one.
+Scopes that are not present in the changelog configuration file are considered
+to be deprecated, and should be avoided. If you are adding a new component that
+does not yet have a designated scope, please add one.
For example, if you are adding or making modifications to `Foo`'s latest and
-greatest new platform `Bar`, you would add it to the `Platforms` changelog
-section, and the hierarchy should look something like this:
+greatest new platform `Bar` then you would add it to the `Platforms` changelog
+sub-section, and the hierarchy should look something like this:
-.. code:: json
+.. code:: yaml
- {
- "sections": [
- {
- "title": "Platforms",
- "sections": [
- {
- "title": "Foo",
- "scopes": ["foo"],
- "sections": [
- {
- "title": "Bar",
- "scopes": ["bar"]
- }
- ]
- }
- ]
- }
- ]
- }
+ - title: Platforms
+
+ subsections:
+ - title: Foo
+ scope: foo
+
+ subsections:
+ - title: Bar
+ scope: bar
When creating new scopes, try to keep them short and succinct, and use kebab
case (``this-is-kebab-case``). Components with a product name (i.e. most
@@ -138,7 +127,9 @@
Commits are expected to be signed off with the ``Signed-off-by:`` trailer using
your real name and email address. You can do this automatically by committing
-with Git's ``-s`` flag.
+with Git's ``-s`` flag. By adding this line the contributor certifies the
+contribution is made under the terms of the :download:`Developer Certificate of
+Origin <../../dco.txt>`.
There may be multiple ``Signed-off-by:`` lines depending on the history of the
patch, but one **must** be the committer. More details may be found in the
diff --git a/docs/process/index.rst b/docs/process/index.rst
index bba2b40..422ab28 100644
--- a/docs/process/index.rst
+++ b/docs/process/index.rst
@@ -7,7 +7,7 @@
:numbered:
security
- platform-compatibility-policy
+ platform-ports-policy
commit-style
coding-style
coding-guidelines
diff --git a/docs/process/platform-compatibility-policy.rst b/docs/process/platform-ports-policy.rst
similarity index 63%
rename from docs/process/platform-compatibility-policy.rst
rename to docs/process/platform-ports-policy.rst
index a10236c..7983749 100644
--- a/docs/process/platform-compatibility-policy.rst
+++ b/docs/process/platform-ports-policy.rst
@@ -1,11 +1,8 @@
-Platform Compatibility Policy
-=============================
+Platform Ports Policy
+=====================
-Introduction
-------------
-
-This document clarifies the project's policy around compatibility for upstream
-platforms.
+This document clarifies a couple of policy points around platform ports
+management.
Platform compatibility policy
-----------------------------
@@ -29,6 +26,24 @@
deprecated interfaces. Platforms are expected to migrate before the removal of
the deprecated interface.
+Platform deprecation policy
+---------------------------
+
+If a platform is no longer maintained, it is best to deprecate it to keep the
+projects' source tree clean and healthy. Deprecation can be a 1-stage or 2-stage
+process (up to the platform maintainers).
+
+ - *2-stage*: The platform's source code can be kept in the repository for a
+ cooling off period before deleting it (typically 2 release cycles). In this
+ case, we keep track ot the *Deprecated* version separately from the *Deleted*
+ version.
+
+ - *1-stage*: The platform's source code can be deleted straight away. In this
+ case, both versions are the same.
+
+The :ref:`Platform Ports` page provides a list of all deprecated/deleted
+platform ports (or soon to be) to this day.
+
--------------
*Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/security_advisories/security-advisory-tfv-9.rst b/docs/security_advisories/security-advisory-tfv-9.rst
index 08bfdc4..d73e74b 100644
--- a/docs/security_advisories/security-advisory-tfv-9.rst
+++ b/docs/security_advisories/security-advisory-tfv-9.rst
@@ -75,7 +75,7 @@
+----------------------+
| Cortex-A710 |
+----------------------+
-| Cortex-Makalu |
+| Cortex-A715 |
+----------------------+
| Cortex-Hunter |
+----------------------+
@@ -99,7 +99,9 @@
Convention specification`_ for more details.
`Gerrit topic #spectre_bhb`_ This patchset implements the Spectre-BHB loop
-workaround for CPUs mentioned in the above table. It also mitigates against
+workaround for CPUs mentioned in the above table. For CPUs supporting
+speculative barrier instruction, the loop workaround is optimised by using SB
+in place of the common DSB and ISB sequence. It also mitigates against
this vulnerability for Cortex-A72 CPU versions that support the CSV2 feature
(from r1p0). The patch stack also includes an implementation for a specified
`CVE-2022-23960`_ workaround SMC(``SMCCC_ARCH_WORKAROUND_3``) for use by normal
diff --git a/drivers/arm/rss/rss_comms.mk b/drivers/arm/rss/rss_comms.mk
index 8f19a0b..c1c994b 100644
--- a/drivers/arm/rss/rss_comms.mk
+++ b/drivers/arm/rss/rss_comms.mk
@@ -4,6 +4,8 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+$(warning "RSS driver is an experimental feature")
+
RSS_COMMS_SOURCES := $(addprefix drivers/arm/rss/, \
rss_comms.c \
rss_comms_protocol.c \
diff --git a/include/common/debug.h b/include/common/debug.h
index a7ca0d7..af47999 100644
--- a/include/common/debug.h
+++ b/include/common/debug.h
@@ -91,9 +91,10 @@
# define VERBOSE(...) no_tf_log(LOG_MARKER_VERBOSE __VA_ARGS__)
#endif
+const char *get_el_str(unsigned int el);
+
#if ENABLE_BACKTRACE
void backtrace(const char *cookie);
-const char *get_el_str(unsigned int el);
#else
#define backtrace(x)
#endif
diff --git a/include/lib/smccc.h b/include/lib/smccc.h
index 9940ea9..cce91af 100644
--- a/include/lib/smccc.h
+++ b/include/lib/smccc.h
@@ -37,6 +37,10 @@
#define FUNCID_OEN_MASK U(0x3f)
#define FUNCID_OEN_WIDTH U(6)
+#define FUNCID_SVE_HINT_SHIFT U(16)
+#define FUNCID_SVE_HINT_MASK U(1)
+#define FUNCID_SVE_HINT_WIDTH U(1)
+
#define FUNCID_NUM_SHIFT U(0)
#define FUNCID_NUM_MASK U(0xffff)
#define FUNCID_NUM_WIDTH U(16)
@@ -122,6 +126,12 @@
* 0 0 SMC_FROM_SECURE
* 0 1 SMC_FROM_NON_SECURE
* 1 1 SMC_FROM_REALM
+ *
+ * Bit 16 of flags records the caller's SMC
+ * SVE hint bit according to SMCCCv1.3.
+ * It can be consumed by dispatchers using
+ * is_sve_hint_set macro.
+ *
*/
#define SMC_FROM_SECURE (U(0) << 0)
@@ -148,6 +158,9 @@
#define is_caller_secure(_f) (!is_caller_non_secure(_f))
#endif /* ENABLE_RME */
+#define is_sve_hint_set(_f) (((_f) & (FUNCID_SVE_HINT_MASK \
+ << FUNCID_SVE_HINT_SHIFT)) != U(0))
+
/* The macro below is used to identify a Standard Service SMC call */
#define is_std_svc_call(_fid) (GET_SMC_OEN(_fid) == OEN_STD_START)
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index c90441c..c7b7908 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -16,10 +16,10 @@
#if ENABLE_RME
#include <services/rmm_core_manifest.h>
#endif
+#include <drivers/fwu/fwu_metadata.h>
#if TRNG_SUPPORT
#include "plat_trng.h"
-#endif
-#include <drivers/fwu/fwu_metadata.h>
+#endif /* TRNG_SUPPORT */
#if DRTM_SUPPORT
#include "plat_drtm.h"
#endif /* DRTM_SUPPORT */
diff --git a/include/services/trng_svc.h b/include/services/trng_svc.h
index ed4d557..92417c2 100644
--- a/include/services/trng_svc.h
+++ b/include/services/trng_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, ARM Limited. All rights reserved.
+ * Copyright (c) 2021-2022, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -17,7 +17,7 @@
#define ARM_TRNG_FEATURES U(0x84000051)
#define ARM_TRNG_GET_UUID U(0x84000052)
#define ARM_TRNG_RND32 U(0x84000053)
-#define ARM_TRNG_RND64 U(0xc4000053)
+#define ARM_TRNG_RND64 U(0xC4000053)
/* TRNG version numbers */
#define TRNG_VERSION_MAJOR (0x1)
@@ -30,19 +30,17 @@
#define TRNG_E_NO_ENTROPY (-3)
#define TRNG_E_NOT_IMPLEMENTED (-4)
-#if TRNG_SUPPORT
+/* TRNG Entropy Bit Numbers */
+#define TRNG_RND32_ENTROPY_MAXBITS (96U)
+#define TRNG_RND64_ENTROPY_MAXBITS (192U)
+
+/* Public API to perform the initial TRNG entropy setup */
void trng_setup(void);
+
+/* Public API to verify function id is part of TRNG */
bool is_trng_fid(uint32_t smc_fid);
-#else
-static inline void trng_setup(void)
-{
-}
-static inline bool is_trng_fid(uint32_t smc_fid)
-{
- return false;
-}
-#endif
+/* Handler to be called to handle TRNG smc calls */
uintptr_t trng_smc_handler(
uint32_t smc_fid,
u_register_t x1,
diff --git a/lib/aarch32/cache_helpers.S b/lib/aarch32/cache_helpers.S
index 13d1872..fd9b33f 100644
--- a/lib/aarch32/cache_helpers.S
+++ b/lib/aarch32/cache_helpers.S
@@ -37,12 +37,27 @@
bx lr
.endm
+.macro check_plat_can_cmo
+#if CONDITIONAL_CMO
+ mov r3, lr
+ mov r2, r0
+ bl plat_can_cmo
+ mov lr, r3
+ cmp r0, #0
+ bne 1f
+ bx lr
+1:
+ mov r0, r2
+#endif
+.endm
+
/* ------------------------------------------
* Clean+Invalidate from base address till
* size. 'r0' = addr, 'r1' = size
* ------------------------------------------
*/
func flush_dcache_range
+ check_plat_can_cmo
do_dcache_maintenance_by_mva cimvac, DCCIMVAC
endfunc flush_dcache_range
@@ -52,6 +67,7 @@
* ------------------------------------------
*/
func clean_dcache_range
+ check_plat_can_cmo
do_dcache_maintenance_by_mva cmvac, DCCMVAC
endfunc clean_dcache_range
@@ -61,6 +77,7 @@
* ------------------------------------------
*/
func inv_dcache_range
+ check_plat_can_cmo
do_dcache_maintenance_by_mva imvac, DCIMVAC
endfunc inv_dcache_range
@@ -168,6 +185,7 @@
* ---------------------------------------------------------------
*/
func dcsw_op_louis
+ check_plat_can_cmo
dcsw_op #LOUIS_SHIFT, #CLIDR_FIELD_WIDTH, #LEVEL_SHIFT
endfunc dcsw_op_louis
@@ -180,6 +198,7 @@
* ---------------------------------------------------------------
*/
func dcsw_op_all
+ check_plat_can_cmo
dcsw_op #LOC_SHIFT, #CLIDR_FIELD_WIDTH, #LEVEL_SHIFT
endfunc dcsw_op_all
@@ -205,6 +224,7 @@
* ---------------------------------------------------------------
*/
func dcsw_op_level1
+ check_plat_can_cmo
dcsw_op_level #(1 << LEVEL_SHIFT)
endfunc dcsw_op_level1
@@ -217,6 +237,7 @@
* ---------------------------------------------------------------
*/
func dcsw_op_level2
+ check_plat_can_cmo
dcsw_op_level #(2 << LEVEL_SHIFT)
endfunc dcsw_op_level2
@@ -229,5 +250,6 @@
* ---------------------------------------------------------------
*/
func dcsw_op_level3
+ check_plat_can_cmo
dcsw_op_level #(3 << LEVEL_SHIFT)
endfunc dcsw_op_level3
diff --git a/lib/aarch64/cache_helpers.S b/lib/aarch64/cache_helpers.S
index 6faf545..67fafb1 100644
--- a/lib/aarch64/cache_helpers.S
+++ b/lib/aarch64/cache_helpers.S
@@ -36,12 +36,26 @@
exit_loop_\op:
ret
.endm
+
+.macro check_plat_can_cmo
+#if CONDITIONAL_CMO
+ mov x3, x30
+ mov x2, x0
+ bl plat_can_cmo
+ mov x30, x3
+ cbnz x0, 1f
+ ret
+1:
+ mov x0, x2
+#endif
+.endm
/* ------------------------------------------
* Clean+Invalidate from base address till
* size. 'x0' = addr, 'x1' = size
* ------------------------------------------
*/
func flush_dcache_range
+ check_plat_can_cmo
do_dcache_maintenance_by_mva civac
endfunc flush_dcache_range
@@ -51,6 +65,7 @@
* ------------------------------------------
*/
func clean_dcache_range
+ check_plat_can_cmo
do_dcache_maintenance_by_mva cvac
endfunc clean_dcache_range
@@ -60,6 +75,7 @@
* ------------------------------------------
*/
func inv_dcache_range
+ check_plat_can_cmo
do_dcache_maintenance_by_mva ivac
endfunc inv_dcache_range
@@ -79,6 +95,7 @@
func flush_dcache_to_popa_range
/* Exit early if size is zero */
cbz x1, exit_loop_dc_cipapa
+ check_plat_can_cmo
dcache_line_size x2, x3
sub x3, x2, #1
bic x0, x0, x3
@@ -205,6 +222,7 @@
func dcsw_op_all
+ check_plat_can_cmo
dcsw_op #LOC_SHIFT, #CLIDR_FIELD_WIDTH, #LEVEL_SHIFT
endfunc dcsw_op_all
@@ -228,6 +246,7 @@
* ---------------------------------------------------------------
*/
func dcsw_op_level1
+ check_plat_can_cmo
dcsw_op_level #(1 << LEVEL_SHIFT)
endfunc dcsw_op_level1
@@ -239,6 +258,7 @@
* ---------------------------------------------------------------
*/
func dcsw_op_level2
+ check_plat_can_cmo
dcsw_op_level #(2 << LEVEL_SHIFT)
endfunc dcsw_op_level2
@@ -250,5 +270,6 @@
* ---------------------------------------------------------------
*/
func dcsw_op_level3
+ check_plat_can_cmo
dcsw_op_level #(3 << LEVEL_SHIFT)
endfunc dcsw_op_level3
diff --git a/lib/cpus/aarch64/cortex_a76.S b/lib/cpus/aarch64/cortex_a76.S
index 6d4017a..36507de 100644
--- a/lib/cpus/aarch64/cortex_a76.S
+++ b/lib/cpus/aarch64/cortex_a76.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -586,6 +586,30 @@
b cpu_rev_var_range
endfunc check_errata_1946160
+ /* ----------------------------------------------------
+ * Errata Workaround for Cortex-A76 Errata #2743102
+ * This applies to revisions <= r4p1 and is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * ----------------------------------------------------
+ */
+func errata_a76_2743102_wa
+ mov x17, x30
+ bl check_errata_2743102
+ cbz x0, 1f
+
+ /* dsb before isb of power down sequence */
+ dsb sy
+1:
+ ret x17
+endfunc errata_a76_2743102_wa
+
+func check_errata_2743102
+ /* Applies to all revisions <= r4p1 */
+ mov x1, #0x41
+ b cpu_rev_var_ls
+endfunc check_errata_2743102
+
func check_errata_cve_2018_3639
#if WORKAROUND_CVE_2018_3639
mov x0, #ERRATA_APPLIES
@@ -748,6 +772,12 @@
mrs x0, CORTEX_A76_CPUPWRCTLR_EL1
orr x0, x0, #CORTEX_A76_CORE_PWRDN_EN_MASK
msr CORTEX_A76_CPUPWRCTLR_EL1, x0
+#if ERRATA_A76_2743102
+ mov x15, x30
+ bl cpu_get_rev_var
+ bl errata_a76_2743102_wa
+ mov x30, x15
+#endif /* ERRATA_A76_2743102 */
isb
ret
endfunc cortex_a76_core_pwr_dwn
@@ -768,6 +798,7 @@
*/
report_errata ERRATA_A76_1073348, cortex_a76, 1073348
report_errata ERRATA_A76_1130799, cortex_a76, 1130799
+ report_errata ERRATA_A76_1165522, cortex_a76, 1165522
report_errata ERRATA_A76_1220197, cortex_a76, 1220197
report_errata ERRATA_A76_1257314, cortex_a76, 1257314
report_errata ERRATA_A76_1262606, cortex_a76, 1262606
@@ -775,9 +806,9 @@
report_errata ERRATA_A76_1275112, cortex_a76, 1275112
report_errata ERRATA_A76_1286807, cortex_a76, 1286807
report_errata ERRATA_A76_1791580, cortex_a76, 1791580
- report_errata ERRATA_A76_1165522, cortex_a76, 1165522
report_errata ERRATA_A76_1868343, cortex_a76, 1868343
report_errata ERRATA_A76_1946160, cortex_a76, 1946160
+ report_errata ERRATA_A76_2743102, cortex_a76, 2743102
report_errata WORKAROUND_CVE_2018_3639, cortex_a76, cve_2018_3639
report_errata ERRATA_DSU_798953, cortex_a76, dsu_798953
report_errata ERRATA_DSU_936184, cortex_a76, dsu_936184
diff --git a/lib/cpus/aarch64/cortex_a77.S b/lib/cpus/aarch64/cortex_a77.S
index 8cafe4a..2882df7 100644
--- a/lib/cpus/aarch64/cortex_a77.S
+++ b/lib/cpus/aarch64/cortex_a77.S
@@ -227,6 +227,30 @@
b cpu_rev_var_ls
endfunc check_errata_2356587
+ /* -----------------------------------------------------------------
+ * Errata Workaround for Cortex A77 Errata #2743100
+ * This applies to revisions r0p0, r1p0, and r1p1 and is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * -----------------------------------------------------------------
+ */
+func errata_a77_2743100_wa
+ mov x17, x30
+ bl check_errata_2743100
+ cbz x0, 1f
+
+ /* dsb before isb of power down sequence */
+ dsb sy
+1:
+ ret x17
+endfunc errata_a77_2743100_wa
+
+func check_errata_2743100
+ /* Applies to r0p0, r1p0, and r1p1 right now */
+ mov x1, #0x11
+ b cpu_rev_var_ls
+endfunc check_errata_2743100
+
func check_errata_cve_2022_23960
#if WORKAROUND_CVE_2022_23960
mov x0, #ERRATA_APPLIES
@@ -330,6 +354,12 @@
mrs x0, CORTEX_A77_CPUPWRCTLR_EL1
orr x0, x0, #CORTEX_A77_CPUPWRCTLR_EL1_CORE_PWRDN_BIT
msr CORTEX_A77_CPUPWRCTLR_EL1, x0
+#if ERRATA_A77_2743100
+ mov x15, x30
+ bl cpu_get_rev_var
+ bl errata_a77_2743100_wa
+ mov x30, x15
+#endif /* ERRATA_A77_2743100 */
isb
ret
endfunc cortex_a77_core_pwr_dwn
@@ -354,6 +384,7 @@
report_errata ERRATA_A77_1925769, cortex_a77, 1925769
report_errata ERRATA_A77_1946167, cortex_a77, 1946167
report_errata ERRATA_A77_2356587, cortex_a77, 2356587
+ report_errata ERRATA_A77_2743100, cortex_a77, 2743100
report_errata WORKAROUND_CVE_2022_23960, cortex_a77, cve_2022_23960
ldp x8, x30, [sp], #16
diff --git a/lib/cpus/aarch64/neoverse_n1.S b/lib/cpus/aarch64/neoverse_n1.S
index b75b0c1..ec62519 100644
--- a/lib/cpus/aarch64/neoverse_n1.S
+++ b/lib/cpus/aarch64/neoverse_n1.S
@@ -468,6 +468,30 @@
b cpu_rev_var_range
endfunc check_errata_1946160
+ /* ----------------------------------------------------
+ * Errata Workaround for Neoverse N1 Errata #2743102
+ * This applies to revisions <= r4p1 and is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * ----------------------------------------------------
+ */
+func errata_n1_2743102_wa
+ mov x17, x30
+ bl check_errata_2743102
+ cbz x0, 1f
+
+ /* dsb before isb of power down sequence */
+ dsb sy
+1:
+ ret x17
+endfunc errata_n1_2743102_wa
+
+func check_errata_2743102
+ /* Applies to all revisions <= r4p1 */
+ mov x1, #0x41
+ b cpu_rev_var_ls
+endfunc check_errata_2743102
+
func check_errata_cve_2022_23960
#if WORKAROUND_CVE_2022_23960
mov x0, #ERRATA_APPLIES
@@ -613,6 +637,12 @@
mrs x0, NEOVERSE_N1_CPUPWRCTLR_EL1
orr x0, x0, #NEOVERSE_N1_CORE_PWRDN_EN_MASK
msr NEOVERSE_N1_CPUPWRCTLR_EL1, x0
+#if ERRATA_N1_2743102
+ mov x15, x30
+ bl cpu_get_rev_var
+ bl errata_n1_2743102_wa
+ mov x30, x15
+#endif /* ERRATA_N1_2743102 */
isb
ret
endfunc neoverse_n1_core_pwr_dwn
@@ -645,6 +675,7 @@
report_errata ERRATA_N1_1542419, neoverse_n1, 1542419
report_errata ERRATA_N1_1868343, neoverse_n1, 1868343
report_errata ERRATA_N1_1946160, neoverse_n1, 1946160
+ report_errata ERRATA_N1_2743102, neoverse_n1, 2743102
report_errata ERRATA_DSU_936184, neoverse_n1, dsu_936184
report_errata WORKAROUND_CVE_2022_23960, neoverse_n1, cve_2022_23960
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index b4421dd..f19c16e 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -287,6 +287,10 @@
# only to revisions r3p0 - r4p1 of the Cortex A76 cpu.
ERRATA_A76_1946160 ?=0
+# Flag to apply erratum 2743102 workaround during powerdown. This erratum
+# applies to all revisions <= r4p1 of the Cortex A76 cpu and is still open.
+ERRATA_A76_2743102 ?=0
+
# Flag to apply erratum 1508412 workaround during reset. This erratum applies
# only to revision <= r1p0 of the Cortex A77 cpu.
ERRATA_A77_1508412 ?=0
@@ -311,6 +315,10 @@
# to revisions <= r1p1 of the Cortex A77 cpu.
ERRATA_A77_1800714 ?=0
+# Flag to apply erratum 2743100 workaround during power down. This erratum
+# applies to revisions r0p0, r1p0, and r1p1, it is still open.
+ERRATA_A77_2743100 ?=0
+
# Flag to apply erratum 1688305 workaround during reset. This erratum applies
# to revisions r0p0 - r1p0 of the A78 cpu.
ERRATA_A78_1688305 ?=0
@@ -450,6 +458,10 @@
# exists in revisions r0p0, r1p0, and r2p0 as well but there is no workaround.
ERRATA_N1_1946160 ?=0
+# Flag to apply erratum 2743102 workaround during powerdown. This erratum
+# applies to all revisions <= r4p1 of the Neoverse N1 cpu and is still open.
+ERRATA_N1_2743102 ?=0
+
# Flag to apply erratum 2002655 workaround during reset. This erratum applies
# to revisions r0p0 of the Neoverse-N2 cpu, it is still open.
ERRATA_N2_2002655 ?=0
@@ -912,6 +924,10 @@
$(eval $(call assert_boolean,ERRATA_A76_1946160))
$(eval $(call add_define,ERRATA_A76_1946160))
+# Process ERRATA_A76_2743102 flag
+$(eval $(call assert_boolean,ERRATA_A76_2743102))
+$(eval $(call add_define,ERRATA_A76_2743102))
+
# Process ERRATA_A77_1508412 flag
$(eval $(call assert_boolean,ERRATA_A77_1508412))
$(eval $(call add_define,ERRATA_A77_1508412))
@@ -936,6 +952,10 @@
$(eval $(call assert_boolean,ERRATA_A77_1800714))
$(eval $(call add_define,ERRATA_A77_1800714))
+# Process ERRATA_A77_2743100 flag
+$(eval $(call assert_boolean,ERRATA_A77_2743100))
+$(eval $(call add_define,ERRATA_A77_2743100))
+
# Process ERRATA_A78_1688305 flag
$(eval $(call assert_boolean,ERRATA_A78_1688305))
$(eval $(call add_define,ERRATA_A78_1688305))
@@ -1072,6 +1092,10 @@
$(eval $(call assert_boolean,ERRATA_N1_1946160))
$(eval $(call add_define,ERRATA_N1_1946160))
+# Process ERRATA_N1_2743102 flag
+$(eval $(call assert_boolean,ERRATA_N1_2743102))
+$(eval $(call add_define,ERRATA_N1_2743102))
+#
# Process ERRATA_N2_2002655 flag
$(eval $(call assert_boolean,ERRATA_N2_2002655))
$(eval $(call add_define,ERRATA_N2_2002655))
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 8213cbe..866ac41 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -206,6 +206,11 @@
/* Allow access to Allocation Tags when MTE is implemented. */
scr_el3 |= SCR_ATA_BIT;
+#if HANDLE_EA_EL3_FIRST_NS
+ /* SCR_EL3.EA: Route External Abort and SError Interrupt to EL3. */
+ scr_el3 |= SCR_EA_BIT;
+#endif
+
#if RAS_TRAP_NS_ERR_REC_ACCESS
/*
* SCR_EL3.TERR: Trap Error record accesses. Accesses to the RAS ERR
@@ -249,6 +254,16 @@
ICC_SRE_EN_BIT | ICC_SRE_SRE_BIT;
write_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_ICC_SRE_EL2,
icc_sre_el2);
+
+ /*
+ * Initialize MDCR_EL2.HPMN to its hardware reset value so we don't
+ * throw anyone off who expects this to be sensible.
+ * TODO: A similar thing happens in cm_prepare_el3_exit. They should be
+ * unified with the proper PMU implementation
+ */
+ u_register_t mdcr_el2 = ((read_pmcr_el0() >> PMCR_EL0_N_SHIFT) &
+ PMCR_EL0_N_MASK);
+ write_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_MDCR_EL2, mdcr_el2);
#endif /* CTX_INCLUDE_EL2_REGS */
}
@@ -279,7 +294,7 @@
* Security state and entrypoint attributes of the next EL.
*/
scr_el3 = read_scr();
- scr_el3 &= ~(SCR_NS_BIT | SCR_RW_BIT | SCR_FIQ_BIT | SCR_IRQ_BIT |
+ scr_el3 &= ~(SCR_NS_BIT | SCR_RW_BIT | SCR_EA_BIT | SCR_FIQ_BIT | SCR_IRQ_BIT |
SCR_ST_BIT | SCR_HCE_BIT | SCR_NSE_BIT);
/*
@@ -317,15 +332,6 @@
scr_el3 |= SCR_TRNDR_BIT;
#endif
-#if !HANDLE_EA_EL3_FIRST
- /*
- * SCR_EL3.EA: Do not route External Abort and SError Interrupt External
- * to EL3 when executing at a lower EL. When executing at EL3, External
- * Aborts are taken to EL3.
- */
- scr_el3 &= ~SCR_EA_BIT;
-#endif
-
#if FAULT_INJECTION_SUPPORT
/* Enable fault injection from lower ELs */
scr_el3 |= SCR_FIEN_BIT;
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 496032f..683d7ac 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -216,9 +216,9 @@
# default, they are for Secure EL1.
GICV2_G0_FOR_EL3 := 0
-# Route External Aborts to EL3. Disabled by default; External Aborts are handled
+# Route NS External Aborts to EL3. Disabled by default; External Aborts are handled
# by lower ELs.
-HANDLE_EA_EL3_FIRST := 0
+HANDLE_EA_EL3_FIRST_NS := 0
# Secure hash algorithm flag, accepts 3 values: sha256, sha384 and sha512.
# The default value is sha256.
@@ -270,7 +270,7 @@
# Software Delegated Exception support
SDEI_SUPPORT := 0
-# True Random Number firmware Interface
+# True Random Number firmware Interface support
TRNG_SUPPORT := 0
# SMCCC PCI support
@@ -480,3 +480,7 @@
# Dynamic Root of Trust for Measurement support
DRTM_SUPPORT := 0
+
+# Check platform if cache management operations should be performed.
+# Disabled by default.
+CONDITIONAL_CMO := 0
diff --git a/plat/arm/board/rdn2/platform.mk b/plat/arm/board/rdn2/platform.mk
index 9728a08..7492fe5 100644
--- a/plat/arm/board/rdn2/platform.mk
+++ b/plat/arm/board/rdn2/platform.mk
@@ -18,6 +18,7 @@
# RD-N2 platform uses GIC-700 which is based on GICv4.1
GIC_ENABLE_V4_EXTN := 1
+GIC_EXT_INTID := 1
#Enable GIC Multichip Extension only for Multichip Platforms
ifeq (${CSS_SGI_PLATFORM_VARIANT}, 2)
diff --git a/plat/arm/board/rdn2/rdn2_plat.c b/plat/arm/board/rdn2/rdn2_plat.c
index 8cf1929..2506f9d 100644
--- a/plat/arm/board/rdn2/rdn2_plat.c
+++ b/plat/arm/board/rdn2/rdn2_plat.c
@@ -47,15 +47,15 @@
#endif
},
.spi_ids = {
- {32, 479},
+ {32, 511},
#if CSS_SGI_CHIP_COUNT > 1
- {0, 0},
+ {512, 991},
#endif
#if CSS_SGI_CHIP_COUNT > 2
- {0, 0},
+ {4096, 4575},
#endif
#if CSS_SGI_CHIP_COUNT > 3
- {0, 0},
+ {4576, 5055},
#endif
}
};
diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk
index a9b031d..37ba229 100644
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@@ -5,6 +5,11 @@
include common/fdt_wrappers.mk
+ifeq ($(TARGET_PLATFORM), 0)
+$(warning Platform ${PLAT}$(TARGET_PLATFORM) is deprecated. \
+Some of the features might not work as expected)
+endif
+
ifeq ($(shell expr $(TARGET_PLATFORM) \<= 2), 0)
$(error TARGET_PLATFORM must be less than or equal to 2)
endif
@@ -21,7 +26,7 @@
EL3_EXCEPTION_HANDLING := 0
-HANDLE_EA_EL3_FIRST := 0
+HANDLE_EA_EL3_FIRST_NS := 0
# System coherency is managed in hardware
HW_ASSISTED_COHERENCY := 1
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 682a278..7162ce9 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -195,8 +195,10 @@
# Enable CRC instructions via extension for ARMv8-A CPUs.
# For ARMv8.1-A, and onwards CRC instructions are default enabled.
# Enable HW computed CRC support unconditionally in BL2 component.
-ifeq (${ARM_ARCH_MINOR},0)
- BL2_CPPFLAGS += -march=armv8-a+crc
+ifeq (${ARM_ARCH_MAJOR},8)
+ ifeq (${ARM_ARCH_MINOR},0)
+ BL2_CPPFLAGS += -march=armv8-a+crc
+ endif
endif
ifeq ($(PSA_FWU_SUPPORT),1)
diff --git a/plat/arm/css/sgi/sgi-common.mk b/plat/arm/css/sgi/sgi-common.mk
index 6c1a2dd..282a5f0 100644
--- a/plat/arm/css/sgi/sgi-common.mk
+++ b/plat/arm/css/sgi/sgi-common.mk
@@ -14,7 +14,7 @@
EL3_EXCEPTION_HANDLING := 0
-HANDLE_EA_EL3_FIRST := 0
+HANDLE_EA_EL3_FIRST_NS := 0
CSS_SGI_CHIP_COUNT := 1
diff --git a/plat/common/aarch64/plat_common.c b/plat/common/aarch64/plat_common.c
index 8f998af..8ce1d6c 100644
--- a/plat/common/aarch64/plat_common.c
+++ b/plat/common/aarch64/plat_common.c
@@ -67,17 +67,15 @@
}
#endif
-#if !ENABLE_BACKTRACE
-static const char *get_el_str(unsigned int el)
+const char *get_el_str(unsigned int el)
{
if (el == MODE_EL3) {
return "EL3";
} else if (el == MODE_EL2) {
return "EL2";
}
- return "S-EL1";
+ return "EL1";
}
-#endif /* !ENABLE_BACKTRACE */
/* RAS functions common to AArch64 ARM platforms */
void plat_default_ea_handler(unsigned int ea_reason, uint64_t syndrome, void *cookie,
@@ -95,7 +93,7 @@
ERROR("Unhandled External Abort received on 0x%lx from %s\n",
read_mpidr_el1(), get_el_str(level));
ERROR("exception reason=%u syndrome=0x%" PRIx64 "\n", ea_reason, syndrome);
-#if HANDLE_EA_EL3_FIRST
+#if HANDLE_EA_EL3_FIRST_NS
/* Skip backtrace for lower EL */
if (level != MODE_EL3) {
console_flush();
diff --git a/plat/marvell/armada/a3k/common/a3700_common.mk b/plat/marvell/armada/a3k/common/a3700_common.mk
index 5547201..b9c28de 100644
--- a/plat/marvell/armada/a3k/common/a3700_common.mk
+++ b/plat/marvell/armada/a3k/common/a3700_common.mk
@@ -62,7 +62,7 @@
$(PLAT_COMMON_BASE)/a3700_sip_svc.c \
$(MARVELL_DRV)
-ifeq ($(HANDLE_EA_EL3_FIRST),1)
+ifeq ($(HANDLE_EA_EL3_FIRST_NS),1)
BL31_SOURCES += $(PLAT_COMMON_BASE)/a3700_ea.c
endif
diff --git a/plat/marvell/armada/a3k/common/a3700_ea.c b/plat/marvell/armada/a3k/common/a3700_ea.c
index bc12845..5696b5c 100644
--- a/plat/marvell/armada/a3k/common/a3700_ea.c
+++ b/plat/marvell/armada/a3k/common/a3700_ea.c
@@ -16,21 +16,9 @@
#define A53_SERR_INT_AXI_SLVERR_ON_EXTERNAL_ACCESS 0xbf000002
-#if !ENABLE_BACKTRACE
-static const char *get_el_str(unsigned int el)
-{
- if (el == MODE_EL3) {
- return "EL3";
- } else if (el == MODE_EL2) {
- return "EL2";
- }
- return "S-EL1";
-}
-#endif /* !ENABLE_BACKTRACE */
-
/*
* This source file with custom plat_ea_handler function is compiled only when
- * building TF-A with compile option HANDLE_EA_EL3_FIRST=1
+ * building TF-A with compile option HANDLE_EA_EL3_FIRST_NS=1
*/
void plat_ea_handler(unsigned int ea_reason, uint64_t syndrome, void *cookie,
void *handle, uint64_t flags)
diff --git a/plat/nvidia/tegra/soc/t194/platform_t194.mk b/plat/nvidia/tegra/soc/t194/platform_t194.mk
index 7583833..631c926 100644
--- a/plat/nvidia/tegra/soc/t194/platform_t194.mk
+++ b/plat/nvidia/tegra/soc/t194/platform_t194.mk
@@ -33,7 +33,7 @@
$(eval $(call add_define,MAX_MMAP_REGIONS))
# enable RAS handling
-HANDLE_EA_EL3_FIRST := 1
+HANDLE_EA_EL3_FIRST_NS := 1
RAS_EXTENSION := 1
# platform files
diff --git a/plat/renesas/common/common.mk b/plat/renesas/common/common.mk
index 26a5798..ca61f0e 100644
--- a/plat/renesas/common/common.mk
+++ b/plat/renesas/common/common.mk
@@ -15,7 +15,7 @@
MULTI_CONSOLE_API := 1
CRASH_REPORTING := 1
-HANDLE_EA_EL3_FIRST := 1
+HANDLE_EA_EL3_FIRST_NS := 1
# This option gets enabled automatically if the TRUSTED_BOARD_BOOT
# is set via root Makefile, but Renesas support Trusted-Boot without
diff --git a/plat/ti/k3/common/plat_common.mk b/plat/ti/k3/common/plat_common.mk
index e299c30..026d6a3 100644
--- a/plat/ti/k3/common/plat_common.mk
+++ b/plat/ti/k3/common/plat_common.mk
@@ -27,7 +27,7 @@
ERRATA_A72_1319367 := 1
CRASH_REPORTING := 1
-HANDLE_EA_EL3_FIRST := 1
+HANDLE_EA_EL3_FIRST_NS := 1
# Split out RO data into a non-executable section
SEPARATE_CODE_AND_RODATA := 1
diff --git a/plat/xilinx/versal_net/bl31_versal_net_setup.c b/plat/xilinx/versal_net/bl31_versal_net_setup.c
index 97080e9..c9942d6 100644
--- a/plat/xilinx/versal_net/bl31_versal_net_setup.c
+++ b/plat/xilinx/versal_net/bl31_versal_net_setup.c
@@ -88,6 +88,9 @@
uart_clock = 25000000;
break;
case VERSAL_NET_SILICON:
+ cpu_clock = 100000000;
+ uart_clock = 100000000;
+ break;
default:
panic();
}
diff --git a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
index 1da2efc..89d7b31 100644
--- a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
+++ b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
@@ -72,13 +72,23 @@
{
struct spmc_shmem_obj *obj;
size_t free = state->data_size - state->allocated;
+ size_t obj_size;
if (state->data == NULL) {
ERROR("Missing shmem datastore!\n");
return NULL;
}
- if (spmc_shmem_obj_size(desc_size) > free) {
+ obj_size = spmc_shmem_obj_size(desc_size);
+
+ /* Ensure the obj size has not overflowed. */
+ if (obj_size < desc_size) {
+ WARN("%s(0x%zx) desc_size overflow\n",
+ __func__, desc_size);
+ return NULL;
+ }
+
+ if (obj_size > free) {
WARN("%s(0x%zx) failed, free 0x%zx\n",
__func__, desc_size, free);
return NULL;
@@ -88,7 +98,7 @@
obj->desc_size = desc_size;
obj->desc_filled = 0;
obj->in_use = 0;
- state->allocated += spmc_shmem_obj_size(desc_size);
+ state->allocated += obj_size;
return obj;
}
@@ -330,10 +340,9 @@
PAGE_SIZE_4KB;
region2_end = region2_start + region2_size;
- if ((region1_start >= region2_start &&
- region1_start < region2_end) ||
- (region1_end > region2_start
- && region1_end < region2_end)) {
+ /* Check if regions are not overlapping. */
+ if (!((region2_end <= region1_start) ||
+ (region1_end <= region2_start))) {
WARN("Overlapping mem regions 0x%lx-0x%lx & 0x%lx-0x%lx\n",
region1_start, region1_end,
region2_start, region2_end);
@@ -886,9 +895,6 @@
goto err_arg;
}
- memcpy((uint8_t *)&obj->desc + obj->desc_filled,
- (uint8_t *) mbox->tx_buffer, fragment_length);
-
if (fragment_length > obj->desc_size - obj->desc_filled) {
WARN("%s: bad fragment size %u > %zu remaining\n", __func__,
fragment_length, obj->desc_size - obj->desc_filled);
@@ -896,6 +902,9 @@
goto err_arg;
}
+ memcpy((uint8_t *)&obj->desc + obj->desc_filled,
+ (uint8_t *) mbox->tx_buffer, fragment_length);
+
/* Ensure that the sender ID resides in the normal world. */
if (ffa_is_secure_world_id(obj->desc.sender_id)) {
WARN("%s: Invalid sender ID 0x%x.\n",
@@ -1828,6 +1837,13 @@
goto err_unlock;
}
+ if (obj->desc_filled != obj->desc_size) {
+ WARN("%s: incomplete object desc filled %zu < size %zu\n",
+ __func__, obj->desc_filled, obj->desc_size);
+ ret = FFA_ERROR_INVALID_PARAMETER;
+ goto err_unlock;
+ }
+
/* Allow for platform specific operations to be performed. */
ret = plat_spmc_shmem_reclaim(&obj->desc);
if (ret != 0) {
diff --git a/services/std_svc/std_svc_setup.c b/services/std_svc/std_svc_setup.c
index 08d16e2..2884a3b 100644
--- a/services/std_svc/std_svc_setup.c
+++ b/services/std_svc/std_svc_setup.c
@@ -74,7 +74,10 @@
sdei_init();
#endif
+#if TRNG_SUPPORT
+ /* TRNG initialisation */
trng_setup();
+#endif /* TRNG_SUPPORT */
#if DRTM_SUPPORT
if (drtm_setup() != 0) {
@@ -172,7 +175,8 @@
return trng_smc_handler(smc_fid, x1, x2, x3, x4, cookie, handle,
flags);
}
-#endif
+#endif /* TRNG_SUPPORT */
+
#if ENABLE_RME
if (is_rmmd_el3_fid(smc_fid)) {
diff --git a/services/std_svc/trng/trng_entropy_pool.c b/services/std_svc/trng/trng_entropy_pool.c
index ac13b1d..30105b3 100644
--- a/services/std_svc/trng/trng_entropy_pool.c
+++ b/services/std_svc/trng/trng_entropy_pool.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, ARM Limited. All rights reserved.
+ * Copyright (c) 2021-2022, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -18,7 +18,7 @@
* 192 bits of entropy, we don't have to throw out the leftover 1-63 bits of
* entropy.
*/
-#define WORDS_IN_POOL (4)
+#define WORDS_IN_POOL (4)
static uint64_t entropy[WORDS_IN_POOL];
/* index in bits of the first bit of usable entropy */
static uint32_t entropy_bit_index;
@@ -27,14 +27,14 @@
static spinlock_t trng_pool_lock;
-#define BITS_PER_WORD (sizeof(entropy[0]) * 8)
-#define BITS_IN_POOL (WORDS_IN_POOL * BITS_PER_WORD)
-#define ENTROPY_MIN_WORD (entropy_bit_index / BITS_PER_WORD)
-#define ENTROPY_FREE_BIT (entropy_bit_size + entropy_bit_index)
-#define _ENTROPY_FREE_WORD (ENTROPY_FREE_BIT / BITS_PER_WORD)
-#define ENTROPY_FREE_INDEX (_ENTROPY_FREE_WORD % WORDS_IN_POOL)
+#define BITS_PER_WORD (sizeof(entropy[0]) * 8)
+#define BITS_IN_POOL (WORDS_IN_POOL * BITS_PER_WORD)
+#define ENTROPY_MIN_WORD (entropy_bit_index / BITS_PER_WORD)
+#define ENTROPY_FREE_BIT (entropy_bit_size + entropy_bit_index)
+#define _ENTROPY_FREE_WORD (ENTROPY_FREE_BIT / BITS_PER_WORD)
+#define ENTROPY_FREE_INDEX (_ENTROPY_FREE_WORD % WORDS_IN_POOL)
/* ENTROPY_WORD_INDEX(0) includes leftover bits in the lower bits */
-#define ENTROPY_WORD_INDEX(i) ((ENTROPY_MIN_WORD + i) % WORDS_IN_POOL)
+#define ENTROPY_WORD_INDEX(i) ((ENTROPY_MIN_WORD + i) % WORDS_IN_POOL)
/*
* Fill the entropy pool until we have at least as many bits as requested.
@@ -65,12 +65,12 @@
*/
bool trng_pack_entropy(uint32_t nbits, uint64_t *out)
{
- bool success = true;
+ bool ret = true;
spin_lock(&trng_pool_lock);
if (!trng_fill_entropy(nbits)) {
- success = false;
+ ret = false;
goto out;
}
@@ -82,9 +82,8 @@
for (word_i = 0; word_i < to_fill; word_i++) {
/*
* Repack the entropy from the pool into the passed in out
- * buffer. This takes the lower bits from the valid upper bits
- * of word_i and the upper bits from the lower bits of
- * (word_i + 1).
+ * buffer. This takes lesser bits from the valid upper bits
+ * of word_i and more bits from the lower bits of (word_i + 1).
*
* I found the following diagram useful. note: `e` represents
* valid entropy, ` ` represents invalid bits (not entropy) and
@@ -136,7 +135,7 @@
out:
spin_unlock(&trng_pool_lock);
- return success;
+ return ret;
}
void trng_entropy_pool_setup(void)
diff --git a/services/std_svc/trng/trng_main.c b/services/std_svc/trng/trng_main.c
index 38aa649..90098a8 100644
--- a/services/std_svc/trng/trng_main.c
+++ b/services/std_svc/trng/trng_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -23,9 +23,9 @@
static uintptr_t trng_rnd32(uint32_t nbits, void *handle)
{
uint32_t mask = ~0U;
- uint64_t ent[2];
+ uint64_t ent[2] = {0};
- if (nbits == 0U || nbits > 96U) {
+ if (nbits == 0U || nbits > TRNG_RND32_ENTROPY_MAXBITS) {
SMC_RET1(handle, TRNG_E_INVALID_PARAMS);
}
@@ -59,9 +59,9 @@
static uintptr_t trng_rnd64(uint32_t nbits, void *handle)
{
uint64_t mask = ~0ULL;
- uint64_t ent[3];
+ uint64_t ent[3] = {0};
- if (nbits == 0U || nbits > 192U) {
+ if (nbits == 0U || nbits > TRNG_RND64_ENTROPY_MAXBITS) {
SMC_RET1(handle, TRNG_E_INVALID_PARAMS);
}
@@ -117,9 +117,9 @@
switch (smc_fid) {
case ARM_TRNG_VERSION:
SMC_RET1(handle, MAKE_SMCCC_VERSION(
- TRNG_VERSION_MAJOR, TRNG_VERSION_MINOR
- ));
+ TRNG_VERSION_MAJOR, TRNG_VERSION_MINOR));
break; /* unreachable */
+
case ARM_TRNG_FEATURES:
if (is_trng_fid((uint32_t)x1)) {
SMC_RET1(handle, TRNG_E_SUCCESS);
@@ -127,16 +127,19 @@
SMC_RET1(handle, TRNG_E_NOT_SUPPORTED);
}
break; /* unreachable */
+
case ARM_TRNG_GET_UUID:
SMC_UUID_RET(handle, plat_trng_uuid);
break; /* unreachable */
+
case ARM_TRNG_RND32:
return trng_rnd32((uint32_t)x1, handle);
+
case ARM_TRNG_RND64:
return trng_rnd64((uint32_t)x1, handle);
+
default:
- WARN("Unimplemented TRNG Service Call: 0x%x\n",
- smc_fid);
+ WARN("Unimplemented TRNG Service Call: 0x%x\n", smc_fid);
SMC_RET1(handle, TRNG_E_NOT_IMPLEMENTED);
break; /* unreachable */
}