Merge "feat(intel): support SDM mailbox safe inject seu error for Linux" into integration
diff --git a/Makefile b/Makefile
index 640060b..a9c9c4f 100644
--- a/Makefile
+++ b/Makefile
@@ -8,8 +8,8 @@
# Trusted Firmware Version
#
VERSION_MAJOR := 2
-VERSION_MINOR := 9
-VERSION_PATCH := 0
+VERSION_MINOR := 10
+VERSION_PATCH := 0 # Only used for LTS releases
VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}
# Default goal is build all images
@@ -41,10 +41,6 @@
CHECKCODE_ARGS := --no-patch
# Do not check the coding style on imported library files or documentation files
-INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \
- include/drivers/arm/cryptocell, \
- $(wildcard include/drivers/arm/*)))
-INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h
INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \
include/drivers/arm, \
$(wildcard include/drivers/*)))
@@ -312,6 +308,10 @@
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105523
TF_CFLAGS += $(call cc_option, --param=min-pagesize=0)
+ifeq ($(HARDEN_SLS), 1)
+ TF_CFLAGS_aarch64 += $(call cc_option, -mharden-sls=all)
+endif
+
else
# using clang
WARNINGS += -Wshift-overflow -Wshift-sign-overflow \
@@ -361,6 +361,7 @@
TF_LDFLAGS += -Wl,-z,common-page-size=4096 #Configure page size constants
TF_LDFLAGS += -Wl,-z,max-page-size=4096
+ TF_LDFLAGS += -Wl,--build-id=none
ifeq ($(ENABLE_LTO),1)
ifeq (${ARCH},aarch64)
@@ -388,6 +389,7 @@
TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants
TF_LDFLAGS += -z max-page-size=4096
+ TF_LDFLAGS += --build-id=none
# ld.lld doesn't recognize the errata flags,
# therefore don't add those in that case.
@@ -399,10 +401,6 @@
endif #(LD = armlink)
-DTC_FLAGS += -I dts -O dtb
-DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \
- -x assembler-with-cpp $(DEFINES)
-
################################################################################
# Setup ARCH_MAJOR/MINOR before parsing arch_features.
################################################################################
@@ -444,6 +442,10 @@
${PLAT_INCLUDES} \
${SPD_INCLUDES}
+DTC_FLAGS += -I dts -O dtb
+DTC_CPPFLAGS += -P -nostdinc $(INCLUDES) -Ifdts -undef \
+ -x assembler-with-cpp $(DEFINES)
+
include common/backtrace/backtrace.mk
################################################################################
@@ -1189,13 +1191,13 @@
GENERATE_COT \
GICV2_G0_FOR_EL3 \
HANDLE_EA_EL3_FIRST_NS \
+ HARDEN_SLS \
HW_ASSISTED_COHERENCY \
MEASURED_BOOT \
DRTM_SUPPORT \
NS_TIMER_SWITCH \
OVERRIDE_LIBC \
PL011_GENERIC_UART \
- PLAT_RSS_NOT_SUPPORTED \
PROGRAMMABLE_RESET_ADDRESS \
PSCI_EXTENDED_STATE_ID \
PSCI_OS_INIT_MODE \
@@ -1240,6 +1242,7 @@
CONDITIONAL_CMO \
PSA_CRYPTO \
ENABLE_CONSOLE_GETC \
+ INIT_UNUSED_NS_EL2 \
)))
# Numeric_Flags
@@ -1357,7 +1360,6 @@
NS_TIMER_SWITCH \
PL011_GENERIC_UART \
PLAT_${PLAT} \
- PLAT_RSS_NOT_SUPPORTED \
PROGRAMMABLE_RESET_ADDRESS \
PSCI_EXTENDED_STATE_ID \
PSCI_OS_INIT_MODE \
@@ -1432,6 +1434,7 @@
ENABLE_SPMD_LP \
PSA_CRYPTO \
ENABLE_CONSOLE_GETC \
+ INIT_UNUSED_NS_EL2 \
)))
ifeq (${SANITIZE_UB},trap)
diff --git a/bl1/bl1.ld.S b/bl1/bl1.ld.S
index 49dda85..d25ec63 100644
--- a/bl1/bl1.ld.S
+++ b/bl1/bl1.ld.S
@@ -36,6 +36,9 @@
#if SEPARATE_CODE_AND_RODATA
.text . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".text address is not aligned on a page boundary.");
+
__TEXT_START__ = .;
*bl1_entrypoint.o(.text*)
@@ -80,6 +83,9 @@
} >ROM
#else /* SEPARATE_CODE_AND_RODATA */
.ro . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".ro address is not aligned on a page boundary.");
+
__RO_START__ = .;
*bl1_entrypoint.o(.text*)
diff --git a/bl2/bl2.ld.S b/bl2/bl2.ld.S
index db83a0c..310e6fe 100644
--- a/bl2/bl2.ld.S
+++ b/bl2/bl2.ld.S
@@ -25,6 +25,9 @@
#if SEPARATE_CODE_AND_RODATA
.text . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".text address is not aligned on a page boundary.");
+
__TEXT_START__ = .;
#if ENABLE_RME
@@ -65,6 +68,9 @@
} >RAM
#else /* SEPARATE_CODE_AND_RODATA */
.ro . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".ro address is not aligned on a page boundary.");
+
__RO_START__ = .;
*bl2_entrypoint.o(.text*)
diff --git a/bl2/bl2_el3.ld.S b/bl2/bl2_el3.ld.S
index 4aa5cb0..811f41e 100644
--- a/bl2/bl2_el3.ld.S
+++ b/bl2/bl2_el3.ld.S
@@ -55,6 +55,9 @@
#if SEPARATE_CODE_AND_RODATA
.text . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".text address is not aligned on a page boundary.");
+
__TEXT_START__ = .;
__TEXT_RESIDENT_START__ = .;
@@ -89,6 +92,9 @@
"Resident part of BL2 has exceeded its limit.")
#else /* SEPARATE_CODE_AND_RODATA */
.ro . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".ro address is not aligned on a page boundary.");
+
__RO_START__ = .;
__TEXT_RESIDENT_START__ = .;
diff --git a/bl2u/bl2u.ld.S b/bl2u/bl2u.ld.S
index 7b1a101..ee6a020 100644
--- a/bl2u/bl2u.ld.S
+++ b/bl2u/bl2u.ld.S
@@ -27,6 +27,9 @@
#if SEPARATE_CODE_AND_RODATA
.text . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".text address is not aligned on a page boundary.");
+
__TEXT_START__ = .;
*bl2u_entrypoint.o(.text*)
@@ -60,6 +63,9 @@
} >RAM
#else /* SEPARATE_CODE_AND_RODATA */
.ro . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".ro address is not aligned on a page boundary.");
+
__RO_START__ = .;
*bl2u_entrypoint.o(.text*)
diff --git a/bl31/bl31.ld.S b/bl31/bl31.ld.S
index 773b41d..8698dff 100644
--- a/bl31/bl31.ld.S
+++ b/bl31/bl31.ld.S
@@ -37,6 +37,9 @@
#if SEPARATE_CODE_AND_RODATA
.text . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".text is not aligned on a page boundary.");
+
__TEXT_START__ = .;
*bl31_entrypoint.o(.text*)
@@ -71,6 +74,9 @@
} >RAM
#else /* SEPARATE_CODE_AND_RODATA */
.ro . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".ro is not aligned on a page boundary.");
+
__RO_START__ = .;
*bl31_entrypoint.o(.text*)
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 3359526..f0776c4 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -27,7 +27,6 @@
include lib/mpmm/mpmm.mk
ifeq (${SPMC_AT_EL3},1)
- $(warning "EL3 SPMC is an experimental feature")
$(info Including EL3 SPMC makefile)
include services/std_svc/spm/common/spm.mk
include services/std_svc/spm/el3_spmc/spmc.mk
diff --git a/bl32/sp_min/sp_min.ld.S b/bl32/sp_min/sp_min.ld.S
index dd81973..a2d9b7b 100644
--- a/bl32/sp_min/sp_min.ld.S
+++ b/bl32/sp_min/sp_min.ld.S
@@ -29,6 +29,9 @@
#if SEPARATE_CODE_AND_RODATA
.text . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".text address is not aligned on a page boundary.");
+
__TEXT_START__ = .;
*entrypoint.o(.text*)
@@ -67,6 +70,9 @@
} >RAM
#else /* SEPARATE_CODE_AND_RODATA */
.ro . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".ro address is not aligned on a page boundary.");
+
__RO_START__ = .;
*entrypoint.o(.text*)
diff --git a/bl32/tsp/tsp.ld.S b/bl32/tsp/tsp.ld.S
index 22bf11d..5116b20 100644
--- a/bl32/tsp/tsp.ld.S
+++ b/bl32/tsp/tsp.ld.S
@@ -25,6 +25,9 @@
#if SEPARATE_CODE_AND_RODATA
.text . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".text address is not aligned on a page boundary.");
+
__TEXT_START__ = .;
*tsp_entrypoint.o(.text*)
@@ -51,6 +54,9 @@
} >RAM
#else /* SEPARATE_CODE_AND_RODATA */
.ro . : {
+ ASSERT(. == ALIGN(PAGE_SIZE),
+ ".ro address is not aligned on a page boundary.");
+
__RO_START__ = .;
*tsp_entrypoint.o(.text*)
diff --git a/changelog.yaml b/changelog.yaml
index 33e5e8c..c5e157d 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -150,6 +150,10 @@
scope: trf
- title: Platforms
+ scope: platforms
+
+ deprecated:
+ - plat/common
subsections:
- title: Allwinner
@@ -180,8 +184,8 @@
deprecated:
- arm_fgpa
- - arm_fpga
- plat/arm_fpga
+ - arm/fpga
- title: FVP
scope: fvp
@@ -254,6 +258,9 @@
- title: Broadcom
scope: brcm
+ - title: Cadence
+ scope: cadence
+
- title: HiSilicon
scope: hisilicon
@@ -499,6 +506,9 @@
- title: SBSA
scope: qemu-sbsa
+ deprecated:
+ - qemu_sbsa
+
- title: QTI
scope: qti
@@ -559,6 +569,9 @@
- rockchip/rk3399
- rk3399/suspend
+ - title: RK3328
+ scope: rk3328
+
- title: Socionext
scope: socionext
@@ -694,6 +707,9 @@
scope: spm
subsections:
+ - title: EL3 SPM
+ scope: el3-spm
+
- title: EL3 SPMC
scope: el3-spmc
@@ -719,6 +735,7 @@
- errata_abi
- title: Libraries
+ scope: lib
subsections:
- title: CPU Support
diff --git a/docs/about/features.rst b/docs/about/features.rst
index 4a2c77e..c12509d 100644
--- a/docs/about/features.rst
+++ b/docs/about/features.rst
@@ -108,6 +108,28 @@
- Position-Independent Executable (PIE) support.
+Experimental features
+---------------------
+
+A feature is considered experimental when still in development or isn't known
+to the TF-A team as widely deployed or proven on end products. It is generally
+advised such options aren't pulled into real deployments, or done with the
+appropriate level of supplementary integration testing.
+
+A feature is no longer considered experimental when it is generally agreed
+the said feature has reached a level of maturity and quality comparable to
+other features that have been integrated into products.
+
+Experimental build options are found in following section
+:ref:`build_options_experimental`. Their use through the build emits a warning
+message.
+
+Additionally the following libraries are marked experimental when included
+in a platform:
+
+- MPU translation library ``lib/xlat_mpu``
+- RSS comms driver ``drivers/arm/rss``
+
Still to come
-------------
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index aca5ec0..4531a03 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -67,6 +67,8 @@
:|G|: `bytefire`_
:|M|: Varun Wadekar <vwadekar@nvidia.com>
:|G|: `vwadekar`_
+:|M|: Yann Gautier <yann.gautier@st.com>
+:|G|: `Yann-lms`_
.. _code owners:
diff --git a/docs/about/release-information.rst b/docs/about/release-information.rst
index 3d2783d..654d65f 100644
--- a/docs/about/release-information.rst
+++ b/docs/about/release-information.rst
@@ -25,6 +25,18 @@
code freeze ver w.x code freeze ver y.z
+Version numbering
+~~~~~~~~~~~~~~~~~
+TF-A version is given in Makefile, through several macros:
+
+- VERSION_MAJOR
+- VERSION_MINOR
+- VERSION_PATCH
+
+For example, TF-A v2.10 has VERSION_MAJOR=2, VERSION_MINOR=10 and VERSION_PATCH=0.
+
+This VERSION_PATCH macro is only increased for LTS releases.
+
Upcoming Releases
~~~~~~~~~~~~~~~~~
@@ -69,6 +81,8 @@
| | Date | after | |
| | | Release | |
+================================+=============+=========+=========================================================+
+| Mbedtls-2.x | 2.10 | 2.10 | Support for TF-A builds with Mbedtls-2.x will be removed|
++--------------------------------+-------------+---------+---------------------------------------------------------+
| STM32MP15_OPTEE_RSV_SHM | 2.10 | 3.0 | OP-TEE manages its own memory on STM32MP15 |
+--------------------------------+-------------+---------+---------------------------------------------------------+
@@ -84,9 +98,7 @@
| | Date | after | |
| | | Release | |
+================================+=============+=========+=========================================================+
-| CryptoCell-712 | 2.9 | 2.10 | No longer maintained. |
-+--------------------------------+-------------+---------+---------------------------------------------------------+
-| CryptoCell-713 | 2.9 | 2.10 | No longer maintained. |
+| None at this time. | | | |
+--------------------------------+-------------+---------+---------------------------------------------------------+
--------------
diff --git a/docs/change-log.md b/docs/change-log.md
index b660c73..cfc8c56 100644
--- a/docs/change-log.md
+++ b/docs/change-log.md
@@ -3,6 +3,985 @@
This document contains a summary of the new features, changes, fixes and known
issues in each release of Trusted Firmware-A.
+## [2.10.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.9.0..refs/tags/v2.10.0) (2023-11-21)
+
+### ⚠ BREAKING CHANGES
+
+- **Architecture**
+
+ - **Performance Monitors Extension (FEAT_PMUv3)**
+
+ - This patch explicitly breaks the EL2 entry path. It is
+ currently unsupported.
+
+ **See:** convert FEAT_MTPMU to C and move to persistent register init ([83a4dae](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/83a4dae1af916b938659b39b7d0884359c638185))
+
+- **Libraries**
+
+ - **EL3 Runtime**
+
+ - **Context Management**
+
+ - Initialisation code for handoff from EL3 to NS-EL1
+ disabled by default. Platforms which do that need to enable this macro
+ going forward
+
+ **See:** introduce INIT_UNUSED_NS_EL2 macro ([183329a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/183329a5847df2bc6164ac8e9dbe7de4ca92836d))
+
+- **Drivers**
+
+ - **Authentication**
+
+ - remove CryptoCell-712/713 support
+
+ **See:** remove CryptoCell-712/713 support ([b65dfe4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b65dfe40aef550ee9ef7e869749013cb7f3c4cce))
+
+### New Features
+
+- **Architecture**
+
+ - **CPU feature / ID register handling in general**
+
+ - add AArch32 PAN detection support ([d156c52](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d156c5220adb35971aafa0b0de922992e4b8aa66))
+ - add memory retention bit define for CLUSTERPWRDN ([278beb8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/278beb894aeda23278a01c3c6aff1f40b8ce0a34))
+ - deny AArch64-only features when building for AArch32 ([733d112](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/733d112f05ecb29f7d8fce12c66a9721031970df))
+ - initialize HFG*_EL2 registers ([4a530b4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4a530b4c6556c87deb22c027dfaf2c5d6c9997a3))
+
+ - **Memory Tagging Extension**
+
+ - adds feature detection for MTE_PERM ([4d0b663](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4d0b66323b242323ff738431c523aeb6d18dd3d5))
+
+ - **Performance Monitors Extension (FEAT_PMUv3)**
+
+ - introduce pmuv3 lib/extensions folder ([c73686a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c73686a11cea8f9d22d7df3c5480f8824cfeec09))
+
+- **Platforms**
+
+ - **Allwinner**
+
+ - use reset through scpi for warm/soft reset ([0cf5f08](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0cf5f08a205e4877c9daef5d90e1086643590226))
+
+ - **Arm**
+
+ - add IO policy to use backup gpt header ([3e6d245](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3e6d245772ccb4b43f1ba6cd9d1bb8abe86a516c))
+ - ecdsa p384/p256 full key support ([b8ae689](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b8ae68908de5560436c565ac22d59c0cbfc9a7df))
+ - enable FHI PPI interrupt to report CPU errors ([f1e4a28](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1e4a28d3f9e4c5e7905f44d41c13de63d735864))
+ - reuse SPM_MM specific defines for SPMC_AT_EL3 ([5df1dcc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5df1dccd0be06cc45e82a57dc01be5b6b5d1a21b))
+ - save BL32 image base and size in entry point info ([821b01f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/821b01fa7521c0d6a0f16d02929fac3c44d14f86))
+ - add memory map entry for CPER memory region ([4dc91ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4dc91ac9069271325ffd3552a6a146256f5d0da3))
+ - firmware first error handling support for base RAMs ([5b77a0e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5b77a0e6759733d8a7de86e4492bd9b8628282d5))
+ - update common platform RAS implementation ([7f15131](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7f15131df42a42fef86cc594a56b6e7998dd2ba4))
+
+ - **FVP**
+
+ - add mbedtls_asn1_get_len symbol in ROMlib ([0605060](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/06050601d2a0ff06f92ca30ab988cbaf4e9929a1))
+ - add public key-OID information in RSS metadata structure ([bfbb1cb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bfbb1cbaac3e74da37d906c9ce1d39993dce8b66))
+ - add spmd logical partition ([5cf311f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5cf311f3a41fc114289265305a6254a8fb412c0e))
+ - allow configurable FVP Trusted SRAM size ([41e56f4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/41e56f422df47b8bc1a7699ff258999f900a6290))
+ - capture timestamps in bl stages ([ed8f06d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ed8f06ddda52bc0333f79e9ff798419e67771ae5))
+ - implement platform function to measure and publish Public Key ([db55d23](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/db55d23d34b687cf6ce79c0723fedf10ef7227be))
+ - increase BL1 RW area for PSA_CRYPTO implementation ([ce18938](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ce189383dc816cf1a48c1a94329c00f44d8acdc3))
+ - mock support for CCA NV ctr ([02552d4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02552d45e526766e000f3e3ae91ef381d402dab1))
+ - new SiP call to set an interrupt pending ([2032401](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/20324013b17706751ecdd68f57c0ab95c522ca7e))
+ - spmd logical partition smc handler ([a1a9a95](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a1a9a950713468a734ef3d8da210baf97f7c1071))
+
+ - **Juno**
+
+ - add mbedtls_asn1_get_len symbol in ROMlib ([ec8ba97](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ec8ba97e4ffde486670cb5a22ec4aac01409d92e))
+
+ - **Morello**
+
+ - add cpuidle support ([4f7330d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4f7330dc78ee620b8564a4bbc1ca2f2ae4cd1d9e))
+ - add support for I2S audio ([6bcbe43](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6bcbe437909d3779111e19774f911c625e98f1b3))
+ - add TF-A version string to NT_FW_CONFIG ([f4e64d1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f4e64d1f5e8277013c35dbd8e056b8071942f759))
+ - fdts: add CoreSight DeviceTree bindings ([3e6cfa7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3e6cfa7bd05521935c7753401dad823d044bfa23))
+ - set NT_FW_CONFIG properties for MCC, PCC and SCP version ([10fd85d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/10fd85d8f4a8f338942616ed403a1e02a388a16f))
+
+ - **RD**
+
+ - **RD-N2**
+
+ - enable base element RAM RAS support on RD-N2 platform ([0288632](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02886326659db3e4f46c0abd10be91a2de82cc90))
+ - add defines needed for spmc-el3 ([b4bed4b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b4bed4b769e907c8431b07f698da24660dfe0059))
+ - add plat hook for memory transaction ([f99dcba](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f99dcbace7015169ac5d230b8007686d144962fb))
+ - enable Neoverse N2 CPU error handling support ([e802748](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e80274880bf694fd0b0e869a6ceb67e95e547544))
+ - introduce accessor function to obtain datastore ([f458934](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f45893426546703d9e21970889e6333ca30c0dd7))
+ - introduce platform handler for Group0 interrupt ([c47d049](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c47d0491ed078cfa8ca400e182fd4a44acd8041a))
+
+ - **SGI**
+
+ - remove RAS setup call from common code ([0f5e8eb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0f5e8eb4536e27f5fd99b1367b18710927b014b9))
+ - firmware first error handling for Neoverse N2 CPU ([31d1e4f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/31d1e4ff8dd70dc0094ff44df0c1844d27430e77))
+ - increase sp memmap size ([7c33bca](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7c33bcab5973fb73b8278c674677663f5109948e))
+
+ - **TC**
+
+ - define memory ranges for tc platform ([9be6b16](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9be6b168fb482835a13ad39e7567721f74d513f9))
+ - implement platform function to measure and publish Public Key ([eee9fb0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eee9fb02f7b2c29befa27a0f2f0b6cb966f6d7c5))
+ - deprecate Arm TC1 FVP platform ([6a2b11c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6a2b11c29da50eed969834f6c6ee97cdb90cb51e))
+
+ - **Aspeed**
+
+ - **AST2700**
+
+ - add Aspeed AST2700 platform support ([85f199b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85f199b774476706b21f793503b36d861cab0a14))
+
+ - **Intel**
+
+ - add intel_rsu_update() to sip_svc_v2 ([e3c3a48](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e3c3a48c85dd1478e311e2e773a22fecfda69ec5))
+ - ccu driver for Agilex5 SoC FPGA ([02df499](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02df49900006ed44b4a0c239299dd45ca8509c17))
+ - clock manager support for Agilex5 SoC FPGA ([1b1a3eb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1b1a3eb1edff99b49bb40ad4172073d04a230938))
+ - cold/warm reset and smp support for Agilex5 SoC FPGA ([79626f4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/79626f460f115cc32b0dbeb48e72828d2dbf662a))
+ - ddr driver for Agilex5 SoC FPGA ([29461e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/29461e4c880235532385c01f202e638fb5ba11de))
+ - mailbox and SMC support for Agilex5 SoC FPGA ([8e59b9f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8e59b9f42374aaa641409b6469c8fe9245a33107))
+ - memory controller support for Agilex5 SoC FPGA ([18adb4e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/18adb4efa42946252b489d02f06cccb61ad0c867))
+ - mmc support for Agilex5 SoC FPGA ([4a577da](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4a577da6612ef6584695311e687ca00c57d68d53))
+ - pinmux, peripheral and Handoff support for Agilex5 SoC FPGA ([fcbb5cf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fcbb5cf7eadb8b048149941b08f09d04a860fee0))
+ - platform enablement for Agilex5 SoC FPGA ([7931d33](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7931d3322dc137447981d261e900f5a62d2181ee))
+ - power manager for Agilex5 SoC FPGA ([a8bf898](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a8bf898f02185ed838d8039949800843146ab245))
+ - reset manager support for Agilex5 SoC FPGA ([9b8d813](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9b8d813cc96173ce8ab7634dea17fb7f89b21626))
+ - restructure sys mgr for Agilex ([6197dc9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6197dc98feba98c3e123256424d2d33d5de997b8))
+ - restructure sys mgr for S10/N5X ([b653f3c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b653f3caf0f5e624604564c8c89ac8f4b450ba20))
+ - sdmmc/nand/combo-phy/qspi driver for Agilex5 SoC FPGA ([ddaf02d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ddaf02d17142187d9f17acd4900aafa598666317))
+ - setup SEU ERR read interface for FP8 ([91239f2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/91239f2c05c5df041e4a570a9d29c0ccbc34269a))
+ - system manager support for Agilex5 SoC FPGA ([7618403](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7618403110dad81c84822332225a7a687dc7f684))
+ - uart support for Agilex5 SoC FPGA ([34971f8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/34971f816a777df5afb6672990b9eceda60e84b7))
+ - vab support for Agilex5 SoC FPGA ([4754925](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4754925057b27d5992d4c913276602666d303b01))
+
+ - **MediaTek**
+
+ - add APU bootup control smc call ([94a9e62](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/94a9e6243e3978b42017639dad93481267bcf6e4))
+ - add APU watchdog timeout control ([baa0d45](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/baa0d45ced6b058681ade9213e30ab0e91f4f4fb))
+
+ - **MT8188**
+
+ - add apusys ao devapc setting ([777e3b7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/777e3b71bb0a37f98b4105af657d97c2afc2d0bc))
+ - add backup/restore function when power on/off ([233d604](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/233d604f500b5693b0caa6bcfdf0e2f766fd4cbd))
+ - add devapc setting of apusys rcx ([5986ae5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5986ae57aa4468b392d0f5fcb8b5bc04388fa3e2))
+ - add DSB before udelay ([b254b98](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b254b9815ee25c90264a2305940bc575910f55e4))
+ - add emi mpu protection for APU secure memory ([176846a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/176846a50b73267ff787432f74a1d9607b57ed20))
+ - add EMI MPU support for SCP and DSP ([013006f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/013006f1f889f5869502147af464e38619459463))
+ - add support for SMC from OP-TEE ([34d9d61](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/34d9d619f1c58549736b63aa5c5cddd7f171762e))
+ - enable apusys domain remap ([b5900c9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b5900c92a1579371ea6f40199c70673beb08b1ac))
+ - enable apusys mailbox mpu protect ([ad7673a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ad7673adef9bc5eaeef333ecaca8e85e82abe342))
+ - increase TZRAM_SIZE from 192KB to 256KB ([aa1cb27](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aa1cb279b62d82e3d6e7b6ec17b9eb71d598497e))
+ - modify APU DAPC permission ([d06edab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d06edabfd14e0d196139fb1c780017f34366ae0d))
+ - update return value in mtk_emi_mpu_sip_handler ([d07eee2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d07eee245b3fcc6b276969df34dc63ded1d4c8a2))
+
+ - **MT8195**
+
+ - increase TZRAM ([4f79b67](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4f79b67250641f67327c3e351d2f8339e8fd2d26))
+
+ - **NXP**
+
+ - **i.MX**
+
+ - add dummy 'plat_mboot_measure_key' function ([b9bceef](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b9bceef8eebf5c0f7f213921cca885a3f3c64ec1))
+
+ - **i.MX 8M**
+
+ - add more dram pll setting ([8947404](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/89474044a59d74cc088eb09292e99a3ca623fe33))
+ - detect console base address during runtime ([df730d9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/df730d94cb5850683371dd695e242a0c3817f070))
+ - enable snvs privileged registers access ([8d150c9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8d150c9524b1459b61c9d881100e20da827c1bd0))
+ - move the gpc reg & macro to a separate header file ([2a6ffa9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2a6ffa99afb6091110231381d1263407e9d88c3f))
+
+ - **i.MX 8M Nano**
+
+ - add workaround for errata ERR050362 ([8562564](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85625646692597ba8a1829efaadf56163450efaf))
+
+ - **i.MX 9**
+
+ - **i.MX93**
+
+ - add cpuidle and basic suspend support ([422d30c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/422d30c626beef689967b56d26a68f029e7b7cf9))
+ - add OPTEE support ([27a0be7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/27a0be77a064cbc87aaefecbf45fe0a2b133b188))
+ - add reset & poweroff support ([cf7ef4c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cf7ef4c762ddb573ffb6f1f434c04fdc52f6c2cf))
+ - add the basic support ([2368d7b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2368d7b157c169b84bc46d3d8a57d080507e81bd))
+ - add the trdc driver ([2935291](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2935291009c2933714a027b7b5cd1c8e41f70aff))
+ - allow SoC masters access to system TCM ([3d3b769](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3d3b769a7c112bff9468dbb21e36ce44125a72c0))
+ - protect OPTEE memory to secure access only ([f560f84](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f560f843bdc0e33ef47918a6c10676fa6aff95ac))
+ - update the ocram trdc config for did10 ([eb76a24](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eb76a2416a9bd5239db7b55d846bd2a16eec417a))
+
+ - **QEMU**
+
+ - add sdei support for QEMU ([cef76a7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cef76a7c5df7056cb73667e4e0b83d022e1b50fa))
+ - add "cortex-a710" cpu support ([4734a62](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4734a62d2c22f5b6a1e2b0369248d42fb9eddd1b))
+ - add "neoverse-n2" cpu support ([408f9cb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/408f9cb485796a73c5b87da70644665a13c685e4))
+ - add "neoverse-v1" cpu support ([6d8d7d2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6d8d7d2380d5120b3235c6f00eddcab126c3d648))
+ - add "neoverse-v1" cpu support ([214de62](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/214de62c92b2fc4b7edda9d9d637b7a4c0ba1fa5))
+ - add A55 cpu support for virt ([409c20c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/409c20c84dcfa61de68754152f331a7277609fb2))
+ - add dummy plat_mboot_measure_key() BL1 function ([8e2fd6a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8e2fd6a84b17fde92cef48ecaccdc3b666ef0588))
+ - add dummy plat_mboot_measure_key() function ([f0f11ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f0f11acd86650da04a41298acbf4ae38b7e25894))
+ - implement firmware handoff on qemu ([322af23](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/322af23445fe7a86eaad335b8a0f2ed523f5c1df))
+
+ - **SBSA**
+
+ - handle platform version ([c681d02](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c681d02c6ce2652307a4fcef16bd5626135dfad9))
+ - handle GIC base ([1e67b1b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1e67b1b17a1692dd653d31016ccd8fa18b5f8f67))
+ - handle GIC ITS address ([4171e98](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4171e981d13e6aa764c2520a2b513beafe449818))
+
+ - **QTI**
+
+ - **MSM8916**
+
+ - add port for MDM9607 ([78aac78](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/78aac78ad246ac8a04e1946bb9cd41b5734ba909))
+ - add port for MSM8909 ([cf0a75f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cf0a75f04df8e90c7958304e6e0499a7d2e2519c))
+ - add port for MSM8939 ([c28e96c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c28e96cd52f8fbdbbfd0bbc8bacef353ac65bfd6))
+ - add SP_MIN port for AArch32 ([45b2bd0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/45b2bd0acbf4678eb59d36eb0db7746f5286a868))
+ - add Test Secure Payload (TSP) port ([6b8f9e1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6b8f9e16a7849852abaf190f96130462f70eae17))
+ - allow selecting which UART to use ([aad23f1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aad23f1a2c109fb853e498c17fa1e97fbdb6522c))
+ - clear CACHE_LOCK for MMU-500 r2p0+ ([d9b0442](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d9b04423cfbf18cb510fb8e65ad02e7a1f4fe873))
+ - initialize CCI-400 for multiple clusters ([1240dc7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1240dc7ef11e850bdf7a4e66de3d858e26555842))
+ - power on L2 caches for secondary clusters ([c822d26](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c822d26506a589d4fa017246eeb83627f2efb554))
+
+ - **ST**
+
+ - add RCC registers list ([4cfbb84](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4cfbb84aeb361d8e4d72f0b0652d02918168b55e))
+ - allow AARCH64 compilation for common code ([dad7181](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dad718169815f7cec09144b770fc66c6d9c58d17))
+ - introduce new platform STM32MP2 ([35527fb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/35527fb41829102083b488a5150c0c707c5ede15))
+ - support gcc as linker ([7762531](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7762531216a599d98dcf88aef8f8e980e0db90ed))
+ - update STM32MP DT files ([4c8e8ea](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4c8e8ea772905c1420720a900dd3e7d94eefbc7e))
+
+ - **STM32MP1**
+
+ - add FWU with boot from NOR-SPI ([dfbadfd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dfbadfd96b6f3d383e8f1c3c8b0c91ca2110ea2e))
+
+ - **STM32MP15**
+
+ - disable OP-TEE shared memory ([fb1d3bd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fb1d3bd9330ce70f735a344dd4223faffb261118))
+
+ - **STM32MP2**
+
+ - add console configuration ([87a940e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/87a940e027dd11d0ec03ec605f205374b18361ba))
+ - generate stm32 file ([e5839ed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e5839ed79e34b8aa8c7c94da8c79e8ee8a7467df))
+
+ - **Texas Instruments**
+
+ - add TI-SCI query firmware capabilities command support ([7ab7828](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7ab782801f8c78ae6a8293d25cad687c86a4ac4e))
+ - query firmware for suspend capability ([ce1008f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ce1008fef1ace613bc36886fd1627164edfef245))
+ - remove extra core counts in cluster 2 and 3 ([e986845](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e9868458e6de2ffb3c08e2fafa444a812b895337))
+
+ - **Xilinx**
+
+ - add support to get chipid ([0563601](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0563601f03f0404bbc57464d3458c07614f920ca))
+ - clean macro names ([bfd0626](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bfd0626554374dd94a0105a5633df0afeae731b1))
+ - fix IPI calculation for Versal/NET ([69a5bee](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/69a5bee4c3633fd963d97f90f3a98e95a640d2da))
+ - move IPI related macros to plat_ipi.h ([b2258ce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b2258ce30cf720d71b1022c9cbee135c879027c5))
+ - remove crash console unused macros ([473ada6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/473ada6be65af7fdad85845336f42ed481eea11b))
+ - setup local/remote id in header ([068b0bc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/068b0bc6e39f1fc18f9450619942c711f860a7e2))
+ - switch boot console to runtime ([9c1c8f0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9c1c8f010143e179dee76381f3796f3801e6d220))
+ - sync macro names ([04a4833](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/04a483359fef61353d95619e84ec6b495b27adfb))
+ - used console also as crash console ([3e6b96e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3e6b96e869238f21c8887b835c3bfed487dbe653))
+
+ - **Versal**
+
+ - add support for SMCC ARCH SOC ID ([079c6e2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/079c6e2403fd07db2b41f7c6e7e8c568467a2c6b))
+ - add tsp support ([7ff4d4f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7ff4d4fbe58273541da86fa72786d4bd4604be9a))
+ - ddr address reservation in dtb at runtime ([56d1857](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56d1857efc21cff5e75aa65bba21e333a8552d04))
+ - enable assertion ([0375188](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0375188a3e114edf62a732e80ea0f08dde3bf0b0))
+ - retrieval of console information from dtb ([7c36fbc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7c36fbcc13793899390a01a9b4a623ff2fbf7ee1))
+
+ - **Versal NET**
+
+ - add cluster check in handoff parameters ([01c8c6a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/01c8c6a5542fbf09fa91bbdbc95b735bbc9f02d7))
+ - add support for SMCC ARCH SOC ID ([1873e7f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1873e7f7d879c3d0aba54c3785df534b9a7037b7))
+ - add the IPI CRC checksum macro support ([ba56b01](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ba56b012c8ba8e5c4e6f77ab8a921e494d040a44))
+ - add tsp support ([639b367](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/639b3676cc30dcf3e3e4d478906e7f7f37a7f1e4))
+ - ddr address reservation in dtb at runtime ([46a08aa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/46a08aab4c56ad9e3f57b127a02fead1e6b8cf38))
+ - enable assertion ([80cb4b1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/80cb4b14049c01df9a57cad9d1b94b10f904462f))
+ - get the handoff params using IPI ([a36ac40](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a36ac40c4e93e56380374301f558f508ad2cbf96))
+ - remove empty crash console setup ([6a14246](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6a14246ad469664b56f1fdb111433515ffcccaf6))
+ - retrieval of console information from dtb ([a467e81](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a467e813a362fae69484e70ecb26fd8b14489d38))
+
+ - **ZynqMP**
+
+ - enable assertion ([2243ba3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2243ba3c38ae5bab894709a4e98f188815398ef1))
+ - remove pm_ioctl_set_sgmii_mode api ([7414aaa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7414aaa1a1e31df66866f0e1c97ba7c9add2427f))
+ - retrieval of console information from dtb ([3923462](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3923462239c9e54088bd5b01fd5df469b2758582))
+
+ - **Nuvoton**
+
+ - added support for npcm845x chip ([edcece1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/edcece15c76423832fc1ffdb255528bf4c719516))
+
+- **Bootloader Images**
+
+ - **BL2**
+
+ - add gpt support ([6ed98c4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6ed98c45db01023d52a47eb4ede0ffb44de85f00))
+
+ - **BL31**
+
+ - reuse SPM_MM specific defines for SPMC_AT_EL3 ([f5e1bed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f5e1bed2669cce46a1d7c6b8d3f8f884b4d589b3))
+
+ - **BL32**
+
+ - print entry point before exiting SP_MIN ([94e1be2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/94e1be2b2918d8e70ac33cc8551e913d75e86398))
+
+- **Services**
+
+ - **RME**
+
+ - save PAuth context when RME is enabled ([13cc1aa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/13cc1aa70a666bc8f768569e5481b3daf499b7d1))
+
+ - **RMMD**
+
+ - enable SME for RMM ([f92eb7e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f92eb7e261bdaea54c10ad34451a7667a6eb4084))
+ - pass SMCCCv1.3 SVE hint bit to RMM ([6788963](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/678896301b807cb1130ca27fa53acc66d57b855e))
+
+ - **RMM**
+
+ - update RMI VERSION command as per EAC5 ([ade6000](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ade6000ff0b3aa41d581d5738ce42f5ea4d3b77d))
+
+ - **SPM**
+
+ - separate StMM SP specifics to add support for a S-EL0 SP ([549bc04](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/549bc04f148f3b42ea0808b9ab0794a48d67007d))
+
+ - **EL3 SPMC**
+
+ - add a flag to enable support to load SEL0 SP ([801cd3c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/801cd3c84a7bb8a66c5a40de25e611ec6448239c))
+
+ - **SPMD**
+
+ - add partition info get regs ([0b850e9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0b850e9e7c89667f9a12d49492a60baf44750dd9))
+ - add spmd logical partitions ([890b508](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/890b5088203e990d683a9c837e976be62c6501aa))
+ - el3 direct message API ([66bdfd6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/66bdfd6e4e6d8e086a30397be6055dbb04846895))
+ - get logical partitions info ([95f7f6d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/95f7f6d86a6aadc9d235684fd1aa57ddc4c56ea9))
+
+ - **ERRATA ABI**
+
+ - add support for Cortex-X3 ([9c16521](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9c16521606b1269ef13a69ec450b8d14ef92bde9))
+
+- **Libraries**
+
+ - **CPU Support**
+
+ - add a concise way to implement AArch64 errata ([3f4c1e1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3f4c1e1e7b976e6950cbcc4ddf8c32e989d837ac))
+ - add a way to automatically report errata ([4f748cc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4f748cc44cb12160dfca86d94a1075f38f7c99e4))
+ - add errata framework helpers ([445f7b5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/445f7b5191992c760e1089f566b94473a0432a1e))
+ - add more errata framework helpers ([94a75ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/94a75ad456a8bda75ca1e4343f00be249a201a69))
+ - add support for Gelas CPU ([02586e0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02586e0e28e590fbc5e8461cfdc03db08485c14f))
+ - add support for hermes cpu ([a00e907](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a00e907696dd7dcae9ec221ea4ee49d4179a8e2a))
+ - add support for Nevis CPU ([5497958](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/549795895cae55b11c1a7ce522aa6740de863fb4))
+ - add support for Travis CPU ([a0594ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a0594add2e2661a1b1e1f392bf015687004197bb))
+ - conform DSU errata to errata framework PCS ([ee6d04d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ee6d04d449d7a23840bab00f3d3ffd88c6c7bca6))
+ - make revision procedure call optional ([4d22b0e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4d22b0e5ba01b423f9f5200e4702750102635145))
+ - wrappers to propagate AArch32 errata info ([34c51f3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/34c51f327d47653637cf3604b4cd20819e795f25))
+
+ - **EL3 Runtime**
+
+ - modify vector entry paths ([d04c04a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d04c04a4e8d968f9f82de810a3c763474e3faeb7))
+
+ - **RAS**
+
+ - reuse SPM_MM specific defines for SPMC_AT_EL3 ([6e92a82](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6e92a82c81d2b0e49df730f68c8312beec1d3b48))
+ - use FEAT_IESB for error synchronization ([6597fcf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6597fcf169fa548d40f1e63391d12d207c491266))
+
+ - **Translation Tables**
+
+ - detect 4KB and 16KB page support when FEAT_LPA2 is present ([bff074d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bff074dd941d4fb51d6abade5db4b636f977d6f7))
+
+ - **C Standard Library**
+
+ - add %X to printf/snprintf ([483edc2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/483edc207a533a5eaf07fa1e2c47f29f1dc64e4a))
+ - implement memcpy_s in lib ([f328bff](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f328bff667c12099e82de6e94f3775a124ee78c7))
+
+ - **PSA**
+
+ - interface with RSS for retrieving ROTPK ([50316e2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/50316e226fbbe30b5eb4121225958a9b63e58bb1))
+
+ - **Firmware Handoff**
+
+ - introduce firmware handoff library ([3ba2c15](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3ba2c15147cc0c86342a443cd0cbfab3d2931c06))
+ - port BL31-BL33 interface to fw handoff framework ([94c90ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/94c90ac8168f4e257b67e138a53a2dbc612e4194))
+
+- **Drivers**
+
+ - **Authentication**
+
+ - add CCA NV ctr to CCA CoT ([e3b1cc0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e3b1cc0c51c7b0bae6abd81e15e4c2a00442c5db))
+ - add explicit entries for key OIDs ([0cffcdd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0cffcdd617986f0750b384620f5b960059d91fc9))
+ - create a zero-OID for Subject Public Key ([9505d03](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9505d03e368d8e620c4defeb53dad846d5bc7e62))
+ - ecdsa p384 key support ([557f7d8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/557f7d806a62a460404f8d1bec84c9400585930b))
+ - measure and publicise the Public Key ([9eaa5a0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9eaa5a09ed5805ec6423bc751b4254fba19090c1))
+
+ - **mbedTLS**
+
+ - update to 3.4.1 ([e686cdb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e686cdb450bbf01d42850457f83e45208a2655f8))
+ - add deprecation notice ([267c106](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/267c106f02e6996071985adbe695406a4978e97f))
+
+ - **mbedTLS-PSA**
+
+ - initialise mbedtls psa crypto ([4eaaaa1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4eaaaa19299040cfee0585d7daa744dee716d398))
+ - introduce PSA_CRYPTO build option ([5782b89](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5782b890d29646924d8bd3f46acdc73a6e02feb2))
+ - mbedTLS PSA Crypto with ECDSA ([255ce97](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/255ce97d609a93ab5528a653735abc46c2627e8f))
+ - register an ad-hoc PSA crypto driver ([38f8936](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/38f893692ad9b8edb5413f4b2b9cd15a9b485685))
+ - use PSA crypto API during hash calculation ([484b586](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/484b58696d627c68869d86e2c401a9088392659e))
+ - use PSA crypto API during signature verification ([eaa62e8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eaa62e825e31fb22a6245d9a5ab9cf5c9f8c0e46))
+ - use PSA crypto API for hash verification ([2ed061c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2ed061c43525b8a9cd82b38d31277a8df594edd5))
+
+ - **Measured Boot**
+
+ - introduce platform function to measure and publish Public Key ([2971bad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2971bad8d48c6f0ddb7436efd16375bd72ade6bd))
+
+ - **GUID Partition Tables Support**
+
+ - add interface to init gpt ([f08460d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f08460dc085283f25fd6b5df792f263ccdf22421))
+ - add support to use backup GPT header ([ad2dd65](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ad2dd65871b4411c735271f98a4fa5102abb2a00))
+
+ - **Arm**
+
+ - **Ethos-N**
+
+ - update npu error handling ([4796d2d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4796d2d9bb4a1c0ccaffa4f6b49dbb0f0304d1d1))
+
+ - **RSS**
+
+ - set the signer-ID in the RSS metadata ([60861a0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/60861a04e06d98ba6a9ae984cc5565f064fac9d1))
+
+ - **ST**
+
+ - **Clock**
+
+ - allow aarch64 compilation of STGEN functions ([b1718c6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b1718c6382cff096c46dd216b5c99586eb303d29))
+ - stub fdt_get_rcc_secure_state ([19c3808](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/19c38081d3cbb4062d8894e6c3ec3c4e1d01a767))
+
+ - **UART**
+
+ - add AARCH64 stm32_console driver ([c6d070c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c6d070cdba2c9a37b2253354f4cc3ba7e127e35d))
+
+- **Miscellaneous**
+
+ - **AArch64**
+
+ - add stack debug information to assembly routines ([f832885](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f8328853031ab6dfc57059ff181138babc7779a0))
+
+ - **DT Bindings**
+
+ - add the STM32MP2 clock and reset bindings ([3ccb708](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3ccb708ecede0858c3c8633942dd9ceec1511fa5))
+
+ - **FDTs**
+
+ - **Morello**
+
+ - add thermal framework ([0b22160](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0b221603e909cd493feeaab96d9c6f5458c628a8))
+
+ - **STM32MP2**
+
+ - add stm32mp257f-ev1 board ([9aa5371](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9aa5371f2fde18ed9ef466f3ee08e599bcdca2dd))
+ - introduce stm32mp25 pinctrl files ([2c62cc4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2c62cc4a879b3ca5414227a2ddcd965814f3d112))
+ - introduce stm32mp25 SoCs family ([0dc283d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0dc283d29e4d962553046ea7ba30e90ea64f6d3d))
+
+ - **TBBR**
+
+ - add image id for backup GPT ([1051606](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1051606c3df3b5a0ebd4e4dad1e5e4a57e2f4d69))
+ - update PK_DER_LEN for ECDSA P-384 keys ([c1ec23d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c1ec23dd60954582a9b5dd49e85b092e9ece0680))
+
+- **Documentation**
+
+ - introduce STM32MP2 doc ([ee5076f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ee5076f9716591333f1f5aa73b02c130c57917db))
+ - save BL32 image base and size in entry point info ([31dcf23](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/31dcf2345172de50b098d7a080c65ee6faa87df8))
+ - add a threat model for TF-A with Arm CCA ([4463541](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/446354122cea54255630d250064f5f889045acb0))
+ - cover threats inherent to receiving data over UART ([348446a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/348446ad2a836f7fa0ab05cdf6142342a1c4a4b3))
+ - add a section for experimental build options ([4885600](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/48856003bfaf8c8d0ce7b29e2e1262f7f1dfbb5d))
+
+- **Build System**
+
+ - include plat header in fdt build ([e03dcc8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e03dcc8f5ee2c2c48732745c5c364951eb36ceec))
+ - manage patch version in Makefile ([055ebec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/055ebeca1b642ae69885a95e3c102f95d567a11e))
+ - march option selection ([7794d6c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7794d6c8f8c44acc14fbdc5ada5965310056be1e))
+ - pass CCA NV ctr option to cert_create ([0f19b7a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0f19b7aada428e0ca69d27ab016928b8fbc64a79))
+ - .gitignore to include memory tools ([82257de](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/82257de06df2f744b12907079d5224bd56704de1))
+ - allow gcc linker on Aarch32 platforms ([cfe6767](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cfe6767f7dd483f1bd76b2ba88a75809e013c5bd))
+ - bump certifi to version 2023.7.22 ([6cbf432](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6cbf43204f3ca7cc6db621652da182743748af3f))
+ - convert tabs and ifdef comparisons ([72f027c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/72f027c335a9e20e479e0d684132401546685616))
+ - convert tabs to spaces ([1ca73b4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1ca73b4f4a0f6929a6649b4eb12e4ce45644a892))
+ - disable ENABLE_FEAT_MPAM for Aarch32 ([a07b459](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a07b4590dd06c9e27ec6d403003bcf55afa9dc27))
+ - include Cortex-A78AE cpu file for FVP ([b996db1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b996db168dcdac89245bb2cb60212e3e1b3ad061))
+ - pass parameters through response files ([430be43](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/430be4396bbf779c9d2cac0ed8fefd07c7b8fde2))
+ - remove duplicated include order ([c189adb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c189adbd5559a31078749fd3ddd483337ad609f6))
+ - remove handling of mandatory options ([1ca902a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1ca902a537d622b9f7f53f872586120ae75e2603))
+
+- **Tools**
+
+ - **Firmware Image Package Tool**
+
+ - add ability to build statically ([4d4fec2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4d4fec281861066ab2249bc3db7c2decdd176f34))
+
+ - **Secure Partition Tool**
+
+ - generate `ARM_BL2_SP_LIST_DTS` file from `sp_layout.json` ([20629b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/20629b3153bccdda32116ed5c4861e61fa1fba95))
+
+ - **Certificate Creation Tool**
+
+ - add new option for CCA NV ctr ([60753a6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/60753a63290e255d6c4d34d0145ac00e8d69c9cf))
+ - add pkcs11 engine support ([616b3ce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/616b3ce27d9a8a83a189a16ff6a05698bc6df3c8))
+ - ecdsa p384 key support ([c512c89](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c512c89cde91f10e1b283522ac956fa4da85a797))
+
+ - **Memory Mapping Tool**
+
+ - add tabular memory use data ([d9d5eb1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d9d5eb138ded8d4abeaf0cd1341ddf451aa299b8))
+ - add topological memory view ([cc60aba](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cc60aba227e74a171c924146a0b745450af72f3d))
+
+### Resolved Issues
+
+- **Architecture**
+
+ - **CPU feature / ID register handling in general**
+
+ - move nested virtualization support to optionals ([8b2048c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8b2048c1c019d799d1806926724c2fbbc399c4c1))
+
+ - **Memory Partitioning and Monitoring (MPAM) Extension (FEAT_MPAM)**
+
+ - refine MPAM initialization and enablement process ([edebefb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/edebefbcbc01f4ab67a7838e0191736fd9ee0192))
+
+ - **Performance Monitors Extension (FEAT_PMUv3)**
+
+ - make MDCR_EL3.MTPME=1 out of reset ([33815eb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/33815eb7194e662169676b2ce88ee4785aac9ccd))
+
+- **Platforms**
+
+ - register PLAT_SP_PRI only if not already registered ([bf01999](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bf01999aba3949e810b7c66d3a164c4e3a964bf8))
+
+ - **Arm**
+
+ - add Event Log area behind Trustzone Controller ([d836df7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d836df71ea50e0863f7858f71b06653058e64140))
+ - correct the SPMC_AT_EL3 condition ([a0ef1c0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a0ef1c0ef030e8fee8ad8f8a5f4a0fa911403a7c))
+ - fix GIC macros for GICv4.1 support ([f1df8f1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1df8f10c6906519c54483f1f7a67f5cc507ec31))
+ - add RAS_FFH_SUPPORT check for RAS EHF priority ([1c01284](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1c012840cab6529edbbc1bc7e3bcba11477a6955))
+ - do not program DSU CLUSTERPWRDN register ([3209b35](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3209b35d2a372e71b96f3efbd7631d32518dc9b7))
+
+ - **FPGA**
+
+ - enable CPU features required for ARMv9.2 cores ([b321c24](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b321c243423b9341bc04e839a795ff31247eacd5))
+
+ - **FVP**
+
+ - adjust BL2 maximum size as per total SRAM size ([965aace](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/965aacea919525baa03308a5a08205e506be0bf4))
+ - adjust BL31 maximum size as per total SRAM size ([24e224b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/24e224b41cc6fda4b507861cf8e409d8e4a3f7cd))
+ - conditionally increase XLAT and MMAP table entries ([03cf4e9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/03cf4e9aad2774ce221ccfe6f345ffcc8aabee4a))
+ - extract core id from mpidr for pwrc operations ([70bc744](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/70bc74441b9901ee91ebb32be1def1e645374488))
+ - increase maximum MMAP and XLAT entries count ([12fe591](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/12fe591b3e05255c167c5a9e21eaac2a9946f55c))
+ - increase the maximum size of Event Log ([f1dfaa4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1dfaa42cf1a93523501ce694260d88acee7c0c0))
+ - resolve broken workaround reference ([bcb3ea9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bcb3ea92f8626e48340bd65c7c3007953e0ee8f4))
+ - update pwr_domain_suspend ([f51d277](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f51d277de3e5f84eafafb32596ca0b154d11c4d5))
+ - update system suspend in OS-initiated mode ([e0ef05b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e0ef05bb2c260e0441186dd8647dea531bb1daf3))
+
+ - **Morello**
+
+ - configure platform specific secure SPIs ([80f8769](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/80f8769b26efcbce842d0ed62950603dfd83ef9b))
+
+ - **N1SDP**
+
+ - configure platform specific secure SPIs ([7b0c95a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7b0c95abc8e399a4a676647f4cffffa7ed21b3e6))
+ - fix spi_ids range for n1sdp multichip boot ([31f60a9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/31f60a968347497562b0129134928d7ac4767710))
+
+ - **SGI**
+
+ - update PLAT_SP_PRI macro definition ([6f689a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6f689a51a577f740b341744e62c667733a79df94))
+
+ - **TC**
+
+ - Correct return type ([b0542b5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b0542b58ca77b922cf879dfb7d38356b32399c56))
+ - rename macro to match PSA spec ([1fc20d7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1fc20d7f523e5c4bafb23584b1309ca432307ea4))
+
+ - **Corstone-1000**
+
+ - add cpu_helpers.S to platform.mk ([cb27274](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cb27274c9964deab3b613a48c1f293c122126ee5))
+ - modify boot device dependencies ([3ff5fc2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3ff5fc2b35638afea2fad3cd0c76dcadc1adb8c2))
+ - removing the signature area ([5856a91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5856a91a641a4cd7403143bb90b098855a77ac16))
+
+ - **Aspeed**
+
+ - **AST2700**
+
+ - add device mapping for coherent memory ([cef2e92](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cef2e92568045da4e1d26a9ebfb38b0176b4ec33))
+
+ - **Broadcom**
+
+ - fix misspelled header inclusion guard ([a9779c1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a9779c11daa251abb9c523b4e01e6ef26c7d46fc))
+
+ - **Cadence**
+
+ - update console flush uart driver ([e27bebb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e27bebb0fe84bf58eed1fb61a65da9280309f24e))
+
+ - **Intel**
+
+ - fix ncore ccu snoop dvm enable bug ([106aa54](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/106aa54d922c8d0980c527530cbb417141fe3f83))
+ - resolved coverity checking ([1af7bf7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1af7bf71c042add4f473c056f850a8a4792b6bbd))
+ - update boot scratch cold register to use cold 8 ([655af4f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/655af4f49278476ebac6bb865e325eca865684f2))
+ - update checking for memcpy and memset ([c418064](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c418064eb5ae2f223457e4a25a91f379e8cf5223))
+
+ - **MediaTek**
+
+ - support saving/restoring GICR registers ([f73466e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f73466e9a2fe35fc31a7a58a2e24308a9db341d7))
+
+ - **NVIDIA**
+
+ - **Tegra**
+
+ - return correct error code for plat_core_pos_by_mpidr ([6bd79b1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6bd79b13f8a8566d047ff25da9110a887b4e36e7))
+
+ - **NXP**
+
+ - **i.MX**
+
+ - **i.MX 8M**
+
+ - make IMX_BOOT_UART_BASE autodetection option more obvious ([101f070](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/101f07022a0337b074c03e60078b94789bc766f6))
+ - map BL32 memory only if SPD_opteed or SPD_trusty is enabled ([4827613](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4827613c9a8db6238e9411b508ef20bda3113146))
+
+ - **QEMU**
+
+ - fix 32-bit builds with stack protector ([e57ca89](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e57ca899efe414bd685e89e335a21d15a25b04f8))
+
+ - **SBSA**
+
+ - align FIP base to BL1 size ([408cde8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/408cde8a59080ac2caa11c4d99474b2ef09f90df))
+
+ - **QTI**
+
+ - **SC7280**
+
+ - update pwr_domain_suspend ([a43be0f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a43be0f61003df1d8cf01bd706d5af305428c022))
+ - update system suspend in OS-initiated mode ([0a9270a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0a9270abe82b396bf6fa15c7eb39c3499452686a))
+
+ - **Renesas**
+
+ - **R-Car**
+
+ - add mandatory fields in 'reserved-memory' node ([f945498](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f945498faab3bd44f0f957931809de2f59517814))
+
+ - **R-Car 3**
+
+ - fix CPG register code comment ([69c371b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/69c371bc16533eb97a1d9bc408f9f17da87ba641))
+ - update Draak and Eagle board IDs ([281edfe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/281edfee02bc72d81aa4972d60216647f932f3df))
+
+ - **ST**
+
+ - allow crypto lib compilation in aarch64 ([76e4fab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/76e4fab000825c4361b4b9843c6e0c2f4f6eb1fd))
+ - enable RTC clock before accessing nv counter ([77ce6a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/77ce6a561eae769419559632afa4d807a4fc33b6))
+ - flush UART at the end of uart_read() ([a9cb7d0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a9cb7d002df4f09dce779b5b56640c2fdd77ba3b))
+ - properly check LOADADDR ([9f72f5e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9f72f5eac81c23fe39415b2346b112f64fba8610))
+ - reduce MMC block_buffer ([a2500ab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a2500ab7aba27ed5d613718f5f15371bbe895ca6))
+ - setting default KEY_SIZE ([6f3ca8a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6f3ca8ada60addc601f685fa51619d2101d7406a))
+ - update comment on encryption key ([5c506c7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5c506c73751cc3f51df88826b89b5f729d8955c5))
+ - update dt_get_ddr_size() type ([2a4abe0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2a4abe0b37f8d1987019c3de30e3301d8f8958d7))
+
+ - **STM32MP1**
+
+ - add void entry in plat_def_toc_entries ([8214ecd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8214ecdab22a72877dfff539eee31cfb92f36423))
+ - properly check PSCI functions return ([241f874](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/241f8745459ae413ca22fcc0f1081da8de48796f))
+ - use the BSEC nodes compatible for stm32mp13 ([2171bd9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2171bd9511258e7aebaa3ce2f9498093d3a3c63e))
+
+ - **Texas Instruments**
+
+ - align static device region addresses to reduce MMU table count ([53a868f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/53a868f676d9ad6ec37d69155241883b8e7bf0bf))
+ - fix TISCI API changes during refactor ([d7a7135](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d7a7135d32a8c7da004c0c19b75bd4e2813f9759))
+ - release lock in all TI-SCI xfer return paths ([e92375e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e92375e07cf54c2fbac6616e58116c98507ac177))
+ - remove check for zero value in BL31 boot args ([44edd3b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/44edd3bd7cfe1d5fb1599ab5eee9b81efea984e0))
+
+ - **Xilinx**
+
+ - add headers to resolve compile time issue ([744d60a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/744d60aab4e0173e21564fde092884c10267a6cc))
+ - dcache flush for dtb region ([93ed138](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/93ed138006dc09e5b09222cabae8952dd5363ad2))
+ - don't reserve 1 more byte ([c3b69bf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c3b69bf17bc0231b0dae613dc9e1e01e41f32236))
+ - dynamic mmap region for dtb ([7ca7fb1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7ca7fb1bf0873824531a6eee2da1214b61496b02))
+ - remove clock_setrate and clock_getrate api ([e5955d7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e5955d7c63291a736efe75fb93effbc3fefb19fb))
+ - remove console error message ([f9820f2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f9820f21b8317fb3a08598452b252f7a6a2a4ad7))
+ - update dtb when dtb address and tf-a ddr flow is used ([fdf8f92](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fdf8f929df078943c24154e25d9d7661139826b3))
+
+ - **DCC (Debug Communication Channel)**
+
+ - add dcc console unregister function ([0936abe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0936abe9b235dd996e9466288415bb994acbbe8f))
+ - enable DCC also for crash console ([c6d9186](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c6d9186f60a08b4a44b1ecf38071eacdc9553ef6))
+
+ - **Versal**
+
+ - add missing irq mapping for wakeup src ([06b9c4c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/06b9c4c87df0b2a052e4f3330b86cc572c7bf885))
+ - fix BLXX memory limits for user defined values ([f123b91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f123b91fddfcc882577590bbf4a54e1497ef9a64))
+ - make pmc ipi channel as secure ([96eaafa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/96eaafa3f855ea9e0b6ce13a44f37fa9f1026207))
+ - type cast addresses to fix integer overflow ([bfe82cf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bfe82cff6f6ab8e557e7ad7db8eae573f1fb02f3))
+ - use correct macro name for ocm base address ([56afab7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56afab73a852fd3e10e607d2d86dedc3bae3ff2d))
+
+ - **Versal NET**
+
+ - add redundant call to avoid glitches ([cebb7cc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cebb7cc110e02281060ec854a28a3bee382d8efa))
+ - change flag to increase security ([e8efb65](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e8efb65afb996c9832384c96b36aee3092b56a4b))
+ - correct device node indexes ([66b5620](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/66b5620c873ef656f779a4c2d844b187ba474d9d))
+ - don't clear pending interrupts ([fb73ea6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fb73ea6cc3f9f4f51195b416a0f803a72d81eff6))
+ - fix BLXX memory limits for user defined values ([a80da38](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a80da3899a5eea6bc022c37101ac0b7d970846f7))
+ - make pmc ipi channel as secure ([2c65b79](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2c65b79e256ea5ead117efeaa5d39c3e53c83bdc))
+ - use correct macro name for uart baudrate ([e2ef1df](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e2ef1dfcdbef7e448e9dd96852ffb8489c187d34))
+
+ - **ZynqMP**
+
+ - do not export apu_ipi ([237c5a7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/237c5a74a295d6306529be024aaa3d6af4b32898))
+ - fix BLXX memory limits for user defined values ([8ce2fbf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8ce2fbffe37ddcab5071601f1b311ee82a56b7cc))
+ - fix prepare_dtb() memory description ([3efee73](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3efee73d528578162b8eb046dce540f0c5f0041a))
+ - fix sdei arm_validate_ns_entrypoint() ([3b3c70a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3b3c70a418522176f3a55d8e266e3968f7d4f832))
+ - handling of type el3 interrrupts ([e8d61f7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e8d61f7d91901f577030f6a45a71cf389b96d9dc))
+ - make zynqmp_devices structure smaller ([7e3e799](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e3e79995a3c02871211dd0e983fb6e886a9c518))
+ - remove unused headers ([6288636](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/62886363a16f0dcef3b6acdff0a96880cf9940ce))
+ - resolve runtime error in TSP ([81ad3b1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/81ad3b14b95e019eaa8d89d444680c14ede4d8ab))
+ - type cast addresses to fix overflow issue ([9129163](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/91291633a1c99736803f39edb21cad95a3517ee8))
+ - validate clock_id to avoid OOB variable access ([abc79c2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/abc79c275be764d76bd983837ffc487664182dac))
+
+ - **Nuvoton**
+
+ - fix typo in platform.mk ([c7efb78](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c7efb78f8edc8fa66bbe2f9bad390d29f6a43fb0))
+
+- **Bootloader Images**
+
+ - **BL2**
+
+ - bl2 start address for RESET_TO_BL2+ENABLE_PIE ([d478ac1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d478ac16c9002114da1c4708a0efb083c494ce2f))
+
+ - **BL31**
+
+ - resolve runtime console garbage in next stage ([889e3d1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/889e3d1c68e37dc9f75ae432703fa8ffc7259546))
+
+ - **BL32**
+
+ - always include arm_arch_svc in SP_MIN ([cd0786c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cd0786c73e536a1d2507d77ce49e2ae2b8ee71a1))
+ - avoid clearing argument registers in RESET_TO_SP_MIN case ([56055e8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56055e87b0a756d4756a22ed26b855fbe7afe93c))
+
+ - **TSP**
+
+ - fix destination ID in direct request ([ed23d27](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ed23d274fae0b2787421a1b2558d7c1e9ebb07ab))
+ - flush uart console ([ae074b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ae074b369a25747acf98a23389e9d67b39738c71))
+
+- **Services**
+
+ - **RME**
+
+ - **RMMD**
+
+ - enable sme using sme_enable_per_world ([c0e16d3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c0e16d30ab70c51737f7a01a6b365d27c1a94f3b))
+
+ - **SPM**
+
+ - **EL3 SPM**
+
+ - fix LSP direct message response ([c040621](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c040621dba5f4c097441e67c9fd99b9df174ba4e))
+ - improve direct messaging validation ([48fe24c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/48fe24c50cd4990a76f88e89b77e71b9a90aec6c))
+
+ - **EL3 SPMC**
+
+ - avoid descriptor size calc overflow ([27c0242](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/27c02425089548786a18d355b15acccd51880676))
+ - correctly account for emad_offset ([0c2583c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0c2583c6fbfd03e70915554d4093e5f9148f3792))
+ - fix incorrect CASSERT ([1dd79f9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1dd79f9e2316e5a7a78b0ad5a34ec50288338e6f))
+ - only call spmc_shm_check_obj() on complete objects ([d781959](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d781959f81923bc3a59e77abd44df2fcc61f044e))
+ - prevent total_page_count overflow ([2d4da8e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2d4da8e265660ce7580219b51d5e79fd99ce1458))
+ - remove experimental flag ([630a06c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/630a06c4c64f3a6804dd633081190241b1e78484))
+ - use uint64_t for 64-bit type ([43318e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/43318e4a4dcc79935150de75fe5dccbb615f4719))
+ - use version-dependent minimum descriptor length ([52d8d50](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/52d8d506e715dbbeba0938cecd30ac6624d1dcfc))
+ - validate descriptor headers ([56c052d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56c052d31126c93b3c6782ea8e0c3348b5299b75))
+ - validate memory address alignment ([327b5b8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/327b5b8b74faedefc45e861c797197cf6fbd6def))
+ - validate shmem descriptor alignment ([dd94372](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dd94372d77ff107726a7be53318b5694f3309ddb))
+
+ - **SPMD**
+
+ - coverity scan issues ([b04343f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b04343f3c912c8abc1a37b0ebe461ab574959ecd))
+ - fix FFA_VERSION forwarding ([76d53ee](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/76d53ee1aafca7ba908c7439670509107377b309))
+ - perform G0 interrupt acknowledge and deactivation ([6c91fc4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6c91fc44580415aaca4cbd774d4373475f33deb2))
+ - relax use of EHF with SPMC at S-EL2 ([bb6d0a1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bb6d0a174f76240728cd911130703e712520ce16))
+
+ - **ERRATA ABI**
+
+ - added Neoverse N2 to Errata ABI list ([7e030b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e030b376329a0466ffe7676be215770bb46d10f))
+ - fix the rev-var for Cortex-A710 ([5c8fcc0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5c8fcc0ca7f5e6dc3aea947800e146fe0ffe9b84))
+ - update the Cortex-A76 errata ABI struct ([92d5b50](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/92d5b501d4ba7e00e2ddfd546dc90b786966a352))
+ - update the Cortex-A78C errata ABI struct ([7f2caec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7f2caecdbc64d1fbd34942285e1194e85c5e8614))
+ - update the neoverse-N1 errata ABI struct ([56747a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56747a5caa50eedeb627795f1c37e0a14953c2bf))
+ - update the Neoverse-N2 errata ABI struct ([80af87e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/80af87e476ec3dd1ad26d7a906da82268a29e2b5))
+
+- **Libraries**
+
+ - **CPU Support**
+
+ - assert invalid cpu_ops obtained ([3f721c6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3f721c6edd20cef11c241a3ef84d94c06f5bebb4))
+ - check for SME presence in Gelas ([0bbd432](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0bbd4329bf73b0da1ed69578c385dd36358e261e))
+ - fix minor issue seen with a9 cpu ([af70470](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/af704705c135f85b8b1eeda938e3dcdba3f6e561))
+ - fix the rev-var for Cortex-A710 ([2bf7939](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2bf7939a7b313352deb6c6b77ee1316eff142a7c))
+ - fix the rev-var of Cortex-X2 ([8ae66d6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8ae66d624e2f7cae9577ff8f99e0a45e21fb353d))
+ - fix the rev-var of Neoverse-V1 ([ab2b56d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ab2b56df266f73aa53ca348d7945b119e1ef71c7))
+ - flush L2 cache for Cortex-A7/12/15/17 ([c5c160c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c5c160cdddd1c365a447c1fcd148fabb9014cce0))
+ - integer suffix macro definition ([1a56ed4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1a56ed4b357e9023637c74c39c6885c558a737d2))
+ - reduce generic_errata_report()'s size ([f43e09a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f43e09a12e4f4f32185d3e2accceb65895d1f16b))
+ - revert erroneous use of override_vector_table macro in Cortex-A73 ([9a0c812](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9a0c81257ff116b2ca33f5b6737e0a000fb7e551))
+ - update the fix for Cortex-A78AE erratum 1941500 ([67a2ad1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/67a2ad171d1fb604d4cba8fa7f92ccb66d1ef3f9))
+ - update the rev-var for Cortex-A78AE ([c814619](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c814619a364aea3bd55b5ea238541864c0de7dab))
+ - workaround for Cortex-A510 erratum 2080326 ([6e86475](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6e86475d55fa2981bc342a0eb78b86be233d7718))
+ - workaround for Cortex-A710 erratum 2742423 ([d7bc2cb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d7bc2cb4303088873a715bcaa2ac3e0096b9d7f2))
+ - workaround for Cortex-X2 erratum 2742423 ([fe06e11](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fe06e118ab0837ff173f6b7e576dcc34b2d26bb1))
+ - workaround for Cortex-X3 erratum 2070301 ([2454316](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2454316c2ae4411d0071d88c3db3c95598f12498))
+ - workaround for Cortex-X3 erratum 2742421 ([5b0e443](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5b0e4438d0e604e80ffff17d02e37cae0f4b2a8f))
+ - workaround for Neoverse N2 erratum 2009478 ([74bfe31](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/74bfe31fd2c992d8e1e13bf396a9d5c136967ca5))
+ - workaround for Neoverse N2 erratum 2340933 ([68085ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/68085ad4827ac7daa39767d479d0565daa32cb47))
+ - workaround for Neoverse N2 erratum 2346952 ([6cb8be1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6cb8be17a53f4e11880ba13b78fca15895281cfe))
+ - workaround for Neoverse N2 erratum 2743014 ([eb44035](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eb44035cdec5d47d7eb3c904c8e5d8443b9dfcba))
+ - workaround for Neoverse N2 erratum 2779511 ([12d2806](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/12d28067c9e76a78b148ed6fb94faf96de5e8502))
+ - workaround for Neoverse V2 erratum 2331132 ([8852fb5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8852fb5b7d94229475446c81cfa58851bc2204ff))
+ - workaround for Neoverse V2 erratum 2719105 ([b011402](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b01140256b5c0620cbde8e98c0df0e95343a3c71))
+ - workaround for Neoverse V2 erratum 2743011 ([58dd153](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/58dd153cc88e832a6b019f1d4c2e6d64986ea69d))
+ - workaround for Neoverse V2 erratum 2779510 ([ff34264](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ff342643bcfaf20d61148b90a068694fa1c44dca))
+ - workaround for Neoverse V2 erratum 2801372 ([40c81ed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/40c81ed5335191fbe32466e56aa4fb6db1da466c))
+
+ - **EL3 Runtime**
+
+ - leverage generic interrupt controller helpers ([07f867b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/07f867b12251235b8582bec38e9cf39a95703e77))
+ - restrict lower el EA handlers in FFH mode ([6d22b08](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6d22b089ffb1793d581fde4de76245397ad7d4ee))
+
+ - **Context Management**
+
+ - make ICC_SRE_EL2 fixup generic to all worlds ([5e8cc72](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5e8cc7278659820bcd64c243cbd89c131462314c))
+ - set MDCR_EL3.{NSPBE, STE} explicitly ([99506fa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/99506face112410ae37cf617b6efa809b4eee0ee))
+
+ - **RAS**
+
+ - remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT ([f87e54f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f87e54f73cfee5042df526af6185ac6d9653a8f5))
+ - restrict ENABLE_FEAT_RAS to have only two states ([970a4a8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/970a4a8d8c0d6894fe2fd483d06b6392639e8760))
+
+ - **PSCI**
+
+ - add optional pwr_domain_validate_suspend to plat_psci_ops_t ([d348861](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d34886140c74c0afc48ab20e63523505fcfb4b7d))
+
+ - **SMCCC**
+
+ - ensure that mpidr passed through SMC is valid ([e60c184](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e60c18471fc7488cc0bf1dc7eae3b43be77045a4))
+ - pass SMCCCv1.3 SVE hint to internal flags ([b2d8517](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b2d851785f6c03cae4feb015fe69091582e18f5e))
+
+ - **Translation Tables**
+
+ - fix defects on the xlat library reported by coverity scan ([2974ad8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2974ad87b8561706176e113e2ec4457c919cb99a))
+ - set MAX_PHYS_ADDR to total mapped physical region ([1a38aaf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1a38aafbff93e478aa6f9e19af1ed76024062a73))
+
+- **Drivers**
+
+ - **Authentication**
+
+ - allow hashes of different lengths ([22a5354](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/22a53545aa37c06a1ffd0f3c15e870b256a41cb7))
+ - don't overwrite pk with converted pk when rotpk is hash ([1046b41](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1046b41808b23b4079f04cad370646e05207ded5))
+
+ - **Measured Boot**
+
+ - don't strip last non-0 char ([b85bcb8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b85bcb8ec92126c238572ed7d242115125e411e1))
+
+ - **MMC**
+
+ - initialises response buffer with zeros ([b1a2c51](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b1a2c51a0820fce803431e6ee5bd078bb1a65b0d))
+
+ - **MTD**
+
+ - **NAND**
+
+ - reset the SLC NAND ([f4d765a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f4d765a12815e3f4bd9c4dff5fd88661b3615114))
+
+ - **SPI NAND**
+
+ - add Quad Enable management ([da7a33c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/da7a33cf2f27545d9d290ff0c2ee1ec333b061bb))
+
+ - **SCMI**
+
+ - add parameter for plat_scmi_clock_rates_array ([ca9d6ed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ca9d6edc892165c38f1b2710b537c10d4a57062d))
+
+ - **UFS**
+
+ - performs unsigned shift for doorbell ([e47d8a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e47d8a58b0d5745c943c36fad2ec8a98af709bea))
+ - set data segment length ([9d6786c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9d6786cacee7c0eff33d1cec42c09c7002dd83d2))
+
+ - **Arm**
+
+ - **GIC**
+
+ - **GICv3**
+
+ - map generic interrupt type to GICv3 group ([632e5ff](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/632e5ffeb8f50a98090065b63d9d071b72acd23c))
+ - move invocation of gicv3_get_multichip_base function ([36704d0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/36704d09c6b26045fe2d18530a020ed23d74593d))
+
+ - **GIC-600**
+
+ - fix gic600 maximum SPI ID ([69ed7dc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/69ed7dc2e964c66eb8ff926a63a47b701ae1f3c6))
+
+ - **Renesas**
+
+ - **R-Car3**
+
+ - update DDR setting ([138ddcb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/138ddcbf4d330d13a11576d973513014055f98c1))
+
+ - **ST**
+
+ - **Clock**
+
+ - disabling CKPER clock is not functional on stm32mp13 ([1bbcb58](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1bbcb58a69c4ee2ee13e9d5de4499438ca08b149))
+
+ - **Crypto**
+
+ - do not read RNG data if it's not ready ([53092a7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/53092a7780fa3d1b926aae8666f1c5a19cb039f1))
+ - use GENMASK_32 to define PKA registers masks ([379d77b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/379d77b3705b0f3a88332663bba956289cad5797))
+
+ - **DDR**
+
+ - express memory size with size_t type ([b4e1e8f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b4e1e8fbf0dde5679d6b3717b8579f7a3343fdf8))
+
+ - **UART**
+
+ - allow 64 bit compilation ([6fef0f6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6fef0f67e47b3b42fc9b5dbc55bdef00a970765d))
+ - correctly check UART enabled in flush fonction ([a527380](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a5273808aa1a4514f7849ca91b7859e15bf82bff))
+ - skip console flush if UART is disabled ([b156d7b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b156d7b1cca1542f0c1c6f5d4354c43e048dc4a0))
+
+- **Miscellaneous**
+
+ - **AArch32**
+
+ - disable workaround discovery on aarch32 for now ([d1f2748](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d1f2748ed25748237e894c68c5a163326a8c33b9))
+
+ - **FDTs**
+
+ - **STM32MP1**
+
+ - move /omit-if-no-ref/ to overlay files ([f351f91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f351f9110f29a33923780c40d0896832fdb0ac81))
+
+ - **STM32MP13**
+
+ - correct the BSEC nodes compatible ([85c2ea8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85c2ea8fd325797a44e814b575611aafae9e7613))
+ - cosmetic fixes in PLL nodes ([8b82663](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8b826636a39e0f20cc2c0557288b1eeab46fb923))
+
+ - **SDEI**
+
+ - ensure that interrupt ID is valid ([a7eff34](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a7eff3477dcf3624c74f5217419b1a27b7ebd2aa))
+
+ - **TBBR**
+
+ - guard defines under MBEDTLS_CONFIG_FILE ([81c2e15](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/81c2e1566dc4484c23d293961744489a9a6ea3f0))
+ - unrecognised 'tos-fw-key-cert' option ([f1cb5bd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1cb5bd19034407f2de7cad23f2cc52ca924e561))
+
+- **Documentation**
+
+ - match boot-order size to implementation ([fd1479d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fd1479d9194d3f3ec98d235e077c9d6e24276fa2))
+ - add missing line in the fiptool command for stm32mp1 ([d526d00](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d526d00a13f86bbd2c073c065b6e9aff339e1b41))
+ - fix build errors for latexpdf ([443d6ea](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/443d6ea69992986f56246bcee44e537ab8dec069))
+ - remove out-dated information about CI review comments ([74306b2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/74306b2ac8971693d148b34d02c556d94b3e4926))
+ - replace deprecated urls under tfa/docs ([5fdf198](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5fdf198c117a4b6dbcf5242f5136f7224ceff6ff))
+ - update maintainers list ([9766f41](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9766f41d3c4cae4cd515c2f9266bb7adb4725349))
+ - updated certain Neoverse N2 erratum status in docs ([d6d34b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d6d34b39132425dfa8c75352711c463d2989a216))
+ - use rsvg-convert as the conversion backend ([c365476](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c3654760033c08e7ffa9337e05c48336032eacb9))
+
+- **Tools**
+
+ - **Firmware Image Package Tool**
+
+ - move juno plat_fiptool.mk ([570a230](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/570a23099c32cafcb63ecb6cc0516d76ea099daf))
+
+ - **Certificate Creation Tool**
+
+ - fix key loading logic ([bb3b0c0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bb3b0c0b09ff1d969ddd49b99642740ce2a07064))
+ - key: Avoid having a temporary value for pkey in key_load ([ea6f845](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ea6f8452f6eb561a0fa96a712da93fcdba40cd9c))
+
+ - **Memory Mapping Tool**
+
+ - reintroduce support for GNU map files ([d0e3053](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d0e3053c4f5b9d2bc70daf4db3c71f99c6da216d))
+
## [2.9.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.8.0..refs/tags/v2.9.0) (2023-05-16)
### ⚠ BREAKING CHANGES
diff --git a/docs/components/rmm-el3-comms-spec.rst b/docs/components/rmm-el3-comms-spec.rst
index 009ac28..5f0b5ab 100644
--- a/docs/components/rmm-el3-comms-spec.rst
+++ b/docs/components/rmm-el3-comms-spec.rst
@@ -159,8 +159,8 @@
``E_RMM_BOOT_SUCCESS``,Boot successful,0
``E_RMM_BOOT_ERR_UNKNOWN``,Unknown error,-1
``E_RMM_BOOT_VERSION_NOT_VALID``,Boot Interface version reported by EL3 is not supported by RMM,-2
- ``E_RMM_BOOT_CPUS_OUT_OF_RAGE``,Number of CPUs reported by EL3 larger than maximum supported by RMM,-3
- ``E_RMM_BOOT_CPU_ID_OUT_OF_RAGE``,Current CPU Id is higher or equal than the number of CPUs supported by RMM,-4
+ ``E_RMM_BOOT_CPUS_OUT_OF_RANGE``,Number of CPUs reported by EL3 larger than maximum supported by RMM,-3
+ ``E_RMM_BOOT_CPU_ID_OUT_OF_RANGE``,Current CPU Id is higher or equal than the number of CPUs supported by RMM,-4
``E_RMM_BOOT_INVALID_SHARED_BUFFER``,Invalid pointer to shared memory area,-5
``E_RMM_BOOT_MANIFEST_VERSION_NOT_SUPPORTED``,Version reported by the Boot Manifest not supported by RMM,-6
``E_RMM_BOOT_MANIFEST_DATA_ERROR``,Error parsing core Boot Manifest,-7
diff --git a/docs/components/secure-partition-manager-mm.rst b/docs/components/secure-partition-manager-mm.rst
index 4cdb96c..d9b2b1b 100644
--- a/docs/components/secure-partition-manager-mm.rst
+++ b/docs/components/secure-partition-manager-mm.rst
@@ -4,17 +4,10 @@
Foreword
========
-Two implementations of a Secure Partition Manager co-exist in the TF-A codebase:
-
-- SPM based on the FF-A specification (:ref:`Secure Partition Manager`).
-- SPM based on the MM interface.
-
-Both implementations differ in their architectures and only one can be selected
-at build time.
-
-This document describes the latter implementation where the Secure Partition Manager
-resides at EL3 and management services run from isolated Secure Partitions at S-EL0.
-The communication protocol is established through the Management Mode (MM) interface.
+This document describes the implementation where the Secure Partition Manager
+resides at EL3 and management services run from isolated Secure Partitions at
+S-EL0. The communication protocol is established through the Management Mode
+(MM) interface.
Background
==========
diff --git a/docs/conf.py b/docs/conf.py
index 9e7a5f8..d4e5423 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -14,8 +14,8 @@
project = "Trusted Firmware-A"
author = "Trusted Firmware-A contributors"
-version = "2.9.0"
-release = "2.9.0"
+version = "2.10.0"
+release = "2.10.0"
# -- General configuration ---------------------------------------------------
diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst
index 597f955..281f35f 100644
--- a/docs/design/auth-framework.rst
+++ b/docs/design/auth-framework.rst
@@ -254,8 +254,8 @@
REGISTER_CRYPTO_LIB(_name,
_init,
_verify_signature,
- _calc_hash,
_verify_hash,
+ _calc_hash,
_auth_decrypt,
_convert_pk);
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 146026b..b29c752 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -389,6 +389,10 @@
an ARM interconnect IP. This needs to be enabled for revisions r0p1 and r0p2
and is still open.
+- ``ERRATA_A78C_2743232`` : This applies erratum 2743232 workaround to
+ Cortex-A78C CPU. This needs to be enabled for revisions r0p1 and r0p2.
+ This erratum is still open.
+
- ``ERRATA_A78C_2772121`` : This applies errata 2772121 workaround to
Cortex-A78C CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2.
This erratum is still open.
@@ -501,6 +505,10 @@
CPU. This needs to be enabled for revisions r0p0, r1p0, and r1p1 and r1p2 of
the CPU.
+- ``ERRATA_V1_2348377``: This applies errata 2348377 workaroud to Neoverse-V1
+ CPU. This needs to be enabled for revisions r0p0, r1p0 and r1p1 of the CPU.
+ It has been fixed in r1p2.
+
- ``ERRATA_V1_2372203``: This applies errata 2372203 workaround to Neoverse-V1
CPU. This needs to be enabled for revisions r0p0, r1p0 and r1p1 of the CPU.
It is still open.
@@ -528,6 +536,14 @@
CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2. It is still
open.
+- ``ERRATA_V2_2618597``: This applies errata 2618597 workaround to Neoverse-V2
+ CPU. This needs to be enabled for revisions r0p0 and r0p1. It is fixed in
+ r0p2.
+
+- ``ERRATA_V2_2662553``: This applies errata 2662553 workaround to Neoverse-V2
+ CPU. This needs to be enabled for revisions r0p0 and r0p1. It is fixed in
+ r0p2.
+
- ``ERRATA_V2_2719103``: This applies errata 2719103 workaround to Neoverse-V2
CPU, this affects system configurations that do not use and ARM interconnect
IP. This needs to be enabled for revisions r0p0 and r0p1. It has been fixed
@@ -612,10 +628,18 @@
interconnect IP. This needs to be enabled for r0p0, r1p0, r2p0 and r2p1 and
is still open.
+- ``ERRATA_A710_2742423``: This applies errata 2742423 workaround to
+ Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and
+ r2p1 of the CPU and is still open.
+
- ``ERRATA_A710_2768515``: This applies errata 2768515 workaround to
Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and
r2p1 of the CPU and is still open.
+- ``ERRATA_A710_2778471``: This applies errata 2778471 workaround to Cortex-A710
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
+ CPU and is still open.
+
For Neoverse N2, the following errata build flags are defined :
- ``ERRATA_N2_2002655``: This applies errata 2002655 workaround to Neoverse-N2
@@ -655,6 +679,14 @@
CPU. This needs to be enabled for revision r0p0 of the CPU, it is fixed in
r0p1.
+- ``ERRATA_N2_2340933``: This applies errata 2340933 workaround to Neoverse-N2
+ CPU. This needs to be enabled for revision r0p0 of the CPU, it is fixed in
+ r0p1.
+
+- ``ERRATA_N2_2346952``: This applies errata 2346952 workaround to Neoverse-N2
+ CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2 of the CPU,
+ it is fixed in r0p3.
+
- ``ERRATA_N2_2376738``: This applies errata 2376738 workaround to Neoverse-N2
CPU. This needs to be enabled for revision r0p0, r0p1, r0p2, r0p3 and is still open.
@@ -721,10 +753,18 @@
This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 and is
still open.
+- ``ERRATA_X2_2742423``: This applies errata 2742423 workaround to Cortex-X2
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
+ CPU and is still open.
+
- ``ERRATA_X2_2768515``: This applies errata 2768515 workaround to Cortex-X2
CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
CPU and is still open.
+- ``ERRATA_X2_2778471``: This applies errata 2778471 workaround to Cortex-X2
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
+ CPU and it is still open.
+
For Cortex-X3, the following errata build flags are defined :
- ``ERRATA_X3_2070301``: This applies errata 2070301 workaround to the Cortex-X3
@@ -743,6 +783,10 @@
Cortex-X3 CPU. This needs to be enabled only for revisions r0p0, r1p0 and
r1p1. It is fixed in r1p2.
+- ``ERRATA_X3_2779509``: This applies errata 2779509 workaround to Cortex-X3
+ CPU. This needs to be enabled only for revisions r0p0, r1p0 and r1p1 of the
+ CPU. It is fixed in r1p2.
+
For Cortex-A510, the following errata build flags are defined :
- ``ERRATA_A510_1922240``: This applies errata 1922240 workaround to
@@ -796,6 +840,12 @@
Cortex-A510 CPU. This needs to be applied to revision r0p0, r0p1, r0p2,
r0p3, r1p0, r1p1 and r1p2. It is fixed in r1p3.
+For Cortex-A520, the following errata build flags are defined :
+
+- ``ERRATA_A520_2630792``: This applies errata 2630792 workaround to
+ Cortex-A520 CPU. This needs to applied for revisions r0p0, r0p1 of the
+ CPU and is still open.
+
For Cortex-A715, the following errata build flags are defined :
- ``ERRATA_A715_2701951``: This applies erratum 2701951 workaround to Cortex-A715
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index ff69b43..3fce393 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -130,6 +130,12 @@
- For other BL3x images, if the firmware configuration file is loaded by
BL2, then its address is passed in ``arg0`` and if HW_CONFIG is loaded
then its address is passed in ``arg1``.
+ - In case SPMC_AT_EL3 is enabled, populate the BL32 image base, size and max
+ limit in the entry point information, since there is no platform function
+ to retrieve these in generic code. We choose ``arg2``, ``arg3`` and
+ ``arg4`` since the generic code uses ``arg1`` for stashing the SP manifest
+ size. The SPMC setup uses these arguments to update SP manifest with
+ actual SP's base address and it size.
- In case of the Arm FVP platform, FW_CONFIG address passed in ``arg1`` to
BL31/SP_MIN, and the SOC_FW_CONFIG and HW_CONFIG details are retrieved
from FW_CONFIG device tree.
diff --git a/docs/design_documents/measured_boot.rst b/docs/design_documents/measured_boot.rst
index c4e5213..8a2ab2d 100644
--- a/docs/design_documents/measured_boot.rst
+++ b/docs/design_documents/measured_boot.rst
@@ -222,7 +222,7 @@
- Public key data size is passed as the third argument to this function.
- This function must return 0 on success, a signed integer error code
otherwise.
- - In FVP platform, this function is used to calculate the hash of the given
+ - In TC2 platform, this function is used to calculate the hash of the given
key and forward this hash to RSS alongside the measurement of the image
which the key signs.
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 43b13d6..7ca0300 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -436,40 +436,12 @@
be enabled. If ``ENABLE_PMF`` is set, the residency statistics are tracked in
software.
-- ``ENABLE_RME``: Numeric value to enable support for the ARMv9 Realm
- Management Extension. This flag can take the values 0 to 2, to align with
- the ``FEATURE_DETECTION`` mechanism. Default value is 0. This is currently
- an experimental feature.
-
- ``ENABLE_RUNTIME_INSTRUMENTATION``: Boolean option to enable runtime
instrumentation which injects timestamp collection points into TF-A to
allow runtime performance to be measured. Currently, only PSCI is
instrumented. Enabling this option enables the ``ENABLE_PMF`` build option
as well. Default is 0.
-- ``ENABLE_SME_FOR_NS``: Numeric value to enable Scalable Matrix Extension
- (SME), SVE, and FPU/SIMD for the non-secure world only. These features share
- registers so are enabled together. Using this option without
- ENABLE_SME_FOR_SWD=1 will cause SME, SVE, and FPU/SIMD instructions in secure
- world to trap to EL3. Requires ``ENABLE_SVE_FOR_NS`` to be set as SME is a
- superset of SVE. SME is an optional architectural feature for AArch64
- and TF-A support is experimental. At this time, this build option cannot be
- used on systems that have SPD=spmd/SPM_MM and atempting to build with this
- option will fail. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. Default is 0.
-
-- ``ENABLE_SME2_FOR_NS``: Numeric value to enable Scalable Matrix Extension
- version 2 (SME2) for the non-secure world only. SME2 is an optional
- architectural feature for AArch64 and TF-A support is experimental.
- This should be set along with ENABLE_SME_FOR_NS=1, if not, the default SME
- accesses will still be trapped. This flag can take the values 0 to 2, to
- align with the ``FEATURE_DETECTION`` mechanism. Default is 0.
-
-- ``ENABLE_SME_FOR_SWD``: Boolean option to enable the Scalable Matrix
- Extension for secure world. Used along with SVE and FPU/SIMD.
- ENABLE_SME_FOR_NS and ENABLE_SVE_FOR_SWD must also be set to use this.
- This is experimental. Default is 0.
-
- ``ENABLE_SPE_FOR_NS`` : Numeric value to enable Statistical Profiling
extensions. This is an optional architectural feature for AArch64.
This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
@@ -555,44 +527,6 @@
This feature is intended for testing purposes only, and is advisable to keep
disabled for production images.
-- ``FEATURE_DETECTION``: Boolean option to enable the architectural features
- detection mechanism. It detects whether the Architectural features enabled
- through feature specific build flags are supported by the PE or not by
- validating them either at boot phase or at runtime based on the value
- possessed by the feature flag (0 to 2) and report error messages at an early
- stage. This flag will also enable errata ordering checking for ``DEBUG``
- builds.
-
- This prevents and benefits us from EL3 runtime exceptions during context save
- and restore routines guarded by these build flags. Henceforth validating them
- before their usage provides more control on the actions taken under them.
-
- The mechanism permits the build flags to take values 0, 1 or 2 and
- evaluates them accordingly.
-
- Lets consider ``ENABLE_FEAT_HCX``, build flag for ``FEAT_HCX`` as an example:
-
- ::
-
- ENABLE_FEAT_HCX = 0: Feature disabled statically at compile time.
- ENABLE_FEAT_HCX = 1: Feature Enabled and the flag is validated at boottime.
- ENABLE_FEAT_HCX = 2: Feature Enabled and the flag is validated at runtime.
-
- In the above example, if the feature build flag, ``ENABLE_FEAT_HCX`` set to
- 0, feature is disabled statically during compilation. If it is defined as 1,
- feature is validated, wherein FEAT_HCX is detected at boot time. In case not
- implemented by the PE, a hard panic is generated. Finally, if the flag is set
- to 2, feature is validated at runtime.
-
- Note that the entire implementation is divided into two phases, wherein as
- as part of phase-1 we are supporting the values 0,1. Value 2 is currently not
- supported and is planned to be handled explicilty in phase-2 implementation.
-
- FEATURE_DETECTION macro is disabled by default, and is currently an
- experimental procedure. Platforms can explicitly make use of this by
- mechanism, by enabling it to validate whether they have set their build flags
- properly at an early phase.
-
- ``FIP_NAME``: This is an optional build option which specifies the FIP
filename for the ``fip`` target. Default is ``fip.bin``.
@@ -692,7 +626,7 @@
+---------------------------+------------------------------------+
| KEY_ALG | Possible key sizes |
+===========================+====================================+
- | rsa | 1024 , 2048 (default), 3072, 4096* |
+ | rsa | 1024 , 2048 (default), 3072, 4096 |
+---------------------------+------------------------------------+
| ecdsa | 256 (default), 384 |
+---------------------------+------------------------------------+
@@ -701,10 +635,6 @@
| ecdsa-brainpool-twisted | unavailable |
+---------------------------+------------------------------------+
-
- * Only 2048 bits size is available with CryptoCell 712 SBROM release 1.
- Only 3072 bits size is available with CryptoCell 712 SBROM release 2.
-
- ``HASH_ALG``: This build flag enables the user to select the secure hash
algorithm. It accepts 3 values: ``sha256``, ``sha384`` and ``sha512``.
The default value of this flag is ``sha256``.
@@ -734,15 +664,6 @@
This option defaults to 0.
-- ``DRTM_SUPPORT``: Boolean flag to enable support for Dynamic Root of Trust
- for Measurement (DRTM). This feature has trust dependency on BL31 for taking
- the measurements and recording them as per `PSA DRTM specification`_. For
- platforms which use BL2 to load/authenticate BL31 ``TRUSTED_BOARD_BOOT`` can
- be used and for the platforms which use ``RESET_TO_BL31`` platform owners
- should have mechanism to authenticate BL31. This is an experimental feature.
-
- This option defaults to 0.
-
- ``MARCH_DIRECTIVE``: used to pass a -march option from the platform build
options to the compiler. An example usage:
@@ -750,6 +671,19 @@
MARCH_DIRECTIVE := -march=armv8.5-a
+- ``HARDEN_SLS``: used to pass -mharden-sls=all from the TF-A build
+ options to the compiler currently supporting only of the options.
+ GCC documentation:
+ https://gcc.gnu.org/onlinedocs/gcc/AArch64-Options.html#index-mharden-sls
+
+ An example usage:
+
+ .. code:: make
+
+ HARDEN_SLS := 1
+
+ This option defaults to 0.
+
- ``NON_TRUSTED_WORLD_KEY``: This option is used when ``GENERATE_COT=1``. It
specifies a file that contains the Non-Trusted World private key in PEM
format or a PKCS11 URI. If ``SAVE_KEYS=1``, only a file is accepted and it
@@ -898,7 +832,7 @@
Dispatcher option (``SPD=spmd``). When enabled (1) it indicates the SPMC
component runs at the EL3 exception level. The default value is ``0`` (
disabled). This configuration supports pre-Armv8.4 platforms (aka not
- implementing the ``FEAT_SEL2`` extension). This is an experimental feature.
+ implementing the ``FEAT_SEL2`` extension).
- ``SPMC_AT_EL3_SEL0_SP`` : Boolean option to enable SEL0 SP load support when
``SPMC_AT_EL3`` is enabled. The default value if ``0`` (disabled). This
@@ -918,12 +852,6 @@
support pre-Armv8.4 platforms (aka not implementing the ``FEAT_SEL2``
extension).
-- ``ENABLE_SPMD_LP`` : This boolean option is used jointly with the SPM
- Dispatcher option (``SPD=spmd``). When enabled (1) it indicates support
- for logical partitions in EL3, managed by the SPMD as defined in the FF-A
- 1.2 specification. This flag is disabled by default. This flag must not be
- used if ``SPMC_AT_EL3`` is enabled. This is an experimental feature.
-
- ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure
Partition Manager (SPM) implementation. The default value is ``0``
(disabled). This option cannot be enabled (``1``) when SPM Dispatcher is
@@ -949,11 +877,6 @@
hardware will limit the effective VL to the maximum physically supported
VL.
-- ``TRANSFER_LIST``: Setting this to ``1`` enables support for Firmware
- Handoff using Transfer List defined in `Firmware Handoff specification`_.
- This defaults to ``0``. Please note that this is an experimental feature
- based on Firmware Handoff specification v0.9.
-
- ``TRNG_SUPPORT``: Setting this to ``1`` enables support for True
Random Number Generator Interface to BL31 image. This defaults to ``0``.
@@ -1012,10 +935,6 @@
(Coherent memory region is included) or 0 (Coherent memory region is
excluded). Default is 1.
-- ``USE_DEBUGFS``: When set to 1 this option activates an EXPERIMENTAL feature
- exposing a virtual filesystem interface through BL31 as a SiP SMC function.
- Default is 0.
-
- ``ARM_IO_IN_DTB``: This flag determines whether to use IO based on the
firmware configuration framework. This will move the io_policies into a
configuration device tree, instead of static structure in the code base.
@@ -1171,11 +1090,6 @@
if FEAT_TRF is implemented. This flag can take the values 0 to 2, to align
with the ``FEATURE_DETECTION`` mechanism. This flag is disabled by default.
-- ``PLAT_RSS_NOT_SUPPORTED``: Boolean option to enable the usage of the PSA
- APIs on platforms that doesn't support RSS (providing Arm CCA HES
- functionalities). When enabled (``1``), a mocked version of the APIs are used.
- The default value is 0.
-
- ``CONDITIONAL_CMO``: Boolean option to enable call to platform-defined routine
``plat_can_cmo`` which will return zero if cache management operations should
be skipped and non-zero otherwise. By default, this option is disabled which
@@ -1189,13 +1103,6 @@
errata mitigation for platforms with a non-arm interconnect using the errata
ABI. By default its disabled (``0``).
-- ``PSA_CRYPTO``: Boolean option for enabling MbedTLS PSA crypto APIs support.
- The platform will use PSA compliant Crypto APIs during authentication and
- image measurement process by enabling this option. It uses APIs defined as
- per the `PSA Crypto API specification`_. This feature is only supported if
- using MbedTLS 3.x version. By default it is disabled (``0``), and this is an
- experimental feature.
-
- ``ENABLE_CONSOLE_GETC``: Boolean option to enable `getc()` feature in console
driver(s). By default it is disabled (``0``) because it constitutes an attack
vector into TF-A by potentially allowing an attacker to inject arbitrary data.
@@ -1292,8 +1199,118 @@
# Resume execution
continue
+.. _build_options_experimental:
+
+Experimental build options
+---------------------------
+
+Common build options
+~~~~~~~~~~~~~~~~~~~~
+
+- ``DRTM_SUPPORT``: Boolean flag to enable support for Dynamic Root of Trust
+ for Measurement (DRTM). This feature has trust dependency on BL31 for taking
+ the measurements and recording them as per `PSA DRTM specification`_. For
+ platforms which use BL2 to load/authenticate BL31 ``TRUSTED_BOARD_BOOT`` can
+ be used and for the platforms which use ``RESET_TO_BL31`` platform owners
+ should have mechanism to authenticate BL31. This option defaults to 0.
+
+- ``ENABLE_RME``: Numeric value to enable support for the ARMv9 Realm
+ Management Extension. This flag can take the values 0 to 2, to align with
+ the ``FEATURE_DETECTION`` mechanism. Default value is 0.
+
+- ``ENABLE_SME_FOR_NS``: Numeric value to enable Scalable Matrix Extension
+ (SME), SVE, and FPU/SIMD for the non-secure world only. These features share
+ registers so are enabled together. Using this option without
+ ENABLE_SME_FOR_SWD=1 will cause SME, SVE, and FPU/SIMD instructions in secure
+ world to trap to EL3. Requires ``ENABLE_SVE_FOR_NS`` to be set as SME is a
+ superset of SVE. SME is an optional architectural feature for AArch64.
+ At this time, this build option cannot be used on systems that have
+ SPD=spmd/SPM_MM and atempting to build with this option will fail.
+ This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ mechanism. Default is 0.
+
+- ``ENABLE_SME2_FOR_NS``: Numeric value to enable Scalable Matrix Extension
+ version 2 (SME2) for the non-secure world only. SME2 is an optional
+ architectural feature for AArch64.
+ This should be set along with ENABLE_SME_FOR_NS=1, if not, the default SME
+ accesses will still be trapped. This flag can take the values 0 to 2, to
+ align with the ``FEATURE_DETECTION`` mechanism. Default is 0.
+
+- ``ENABLE_SME_FOR_SWD``: Boolean option to enable the Scalable Matrix
+ Extension for secure world. Used along with SVE and FPU/SIMD.
+ ENABLE_SME_FOR_NS and ENABLE_SVE_FOR_SWD must also be set to use this.
+ Default is 0.
+
+- ``ENABLE_SPMD_LP`` : This boolean option is used jointly with the SPM
+ Dispatcher option (``SPD=spmd``). When enabled (1) it indicates support
+ for logical partitions in EL3, managed by the SPMD as defined in the
+ FF-A v1.2 specification. This flag is disabled by default. This flag
+ must not be used if ``SPMC_AT_EL3`` is enabled.
+
+- ``FEATURE_DETECTION``: Boolean option to enable the architectural features
+ detection mechanism. It detects whether the Architectural features enabled
+ through feature specific build flags are supported by the PE or not by
+ validating them either at boot phase or at runtime based on the value
+ possessed by the feature flag (0 to 2) and report error messages at an early
+ stage. This flag will also enable errata ordering checking for ``DEBUG``
+ builds.
+
+ This prevents and benefits us from EL3 runtime exceptions during context save
+ and restore routines guarded by these build flags. Henceforth validating them
+ before their usage provides more control on the actions taken under them.
+
+ The mechanism permits the build flags to take values 0, 1 or 2 and
+ evaluates them accordingly.
+
+ Lets consider ``ENABLE_FEAT_HCX``, build flag for ``FEAT_HCX`` as an example:
+
+ ::
+
+ ENABLE_FEAT_HCX = 0: Feature disabled statically at compile time.
+ ENABLE_FEAT_HCX = 1: Feature Enabled and the flag is validated at boottime.
+ ENABLE_FEAT_HCX = 2: Feature Enabled and the flag is validated at runtime.
+
+ In the above example, if the feature build flag, ``ENABLE_FEAT_HCX`` set to
+ 0, feature is disabled statically during compilation. If it is defined as 1,
+ feature is validated, wherein FEAT_HCX is detected at boot time. In case not
+ implemented by the PE, a hard panic is generated. Finally, if the flag is set
+ to 2, feature is validated at runtime.
+
+ Note that the entire implementation is divided into two phases, wherein as
+ as part of phase-1 we are supporting the values 0,1. Value 2 is currently not
+ supported and is planned to be handled explicilty in phase-2 implementation.
+
+ ``FEATURE_DETECTION`` macro is disabled by default. Platforms can explicitly
+ make use of this by mechanism, by enabling it to validate whether they have
+ set their build flags properly at an early phase.
+
+- ``PSA_CRYPTO``: Boolean option for enabling MbedTLS PSA crypto APIs support.
+ The platform will use PSA compliant Crypto APIs during authentication and
+ image measurement process by enabling this option. It uses APIs defined as
+ per the `PSA Crypto API specification`_. This feature is only supported if
+ using MbedTLS 3.x version. It is disabled (``0``) by default.
+
+- ``TRANSFER_LIST``: Setting this to ``1`` enables support for Firmware
+ Handoff using Transfer List defined in `Firmware Handoff specification`_.
+ This defaults to ``0``. Current implementation follows the Firmware Handoff
+ specification v0.9.
+
+- ``USE_DEBUGFS``: When set to 1 this option exposes a virtual filesystem
+ interface through BL31 as a SiP SMC function.
+ Default is disabled (0).
+
Firmware update options
------------------------
+~~~~~~~~~~~~~~~~~~~~~~~
+
+- ``PSA_FWU_SUPPORT``: Enable the firmware update mechanism as per the
+ `PSA FW update specification`_. The default value is 0.
+ PSA firmware update implementation has few limitations, such as:
+
+ - BL2 is not part of the protocol-updatable images. If BL2 needs to
+ be updated, then it should be done through another platform-defined
+ mechanism.
+
+ - It assumes the platform's hardware supports CRC32 instructions.
- ``NR_OF_FW_BANKS``: Define the number of firmware banks. This flag is used
in defining the firmware update metadata structure. This flag is by default
@@ -1305,14 +1322,6 @@
This flag is used in defining the firmware update metadata structure. This
flag is by default set to '1'.
-- ``PSA_FWU_SUPPORT``: Enable the firmware update mechanism as per the
- `PSA FW update specification`_. The default value is 0, and this is an
- experimental feature.
- PSA firmware update implementation has some limitations, such as BL2 is
- not part of the protocol-updatable images, if BL2 needs to be updated, then
- it should be done through another platform-defined mechanism, and it assumes
- that the platform's hardware supports CRC32 instructions.
-
--------------
*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
diff --git a/docs/perf/psci-performance-juno.rst b/docs/perf/psci-performance-juno.rst
index d458d86..bab1086 100644
--- a/docs/perf/psci-performance-juno.rst
+++ b/docs/perf/psci-performance-juno.rst
@@ -73,83 +73,157 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
- parallel
+ parallel (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 243.76 | 239.92 | 6.32 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 663.5 | 30.32 | 167.82 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 105.12 | 22.84 | 5.88 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 384.16 | 19.06 | 4.7 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 523.98 | 270.46 | 4.74 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 950.54 | 220.9 | 89.2 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 104.58 | 241.20 | 5.26 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 384.24 | 22.50 | 138.76 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 244.56 | 22.18 | 5.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 670.56 | 18.58 | 4.44 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 809.36 | 269.28 | 4.44 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 984.96 | 219.70 | 79.62 |
+ +---------+------+-----------+--------+-------------+
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
- serial
+ parallel (v2.10)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 266.96 | 31.74 | 167.92 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 266.9 | 31.52 | 167.82 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 279.86 | 23.42 | 87.52 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 101.38 | 18.8 | 4.64 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 101.18 | 19.28 | 4.64 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 101.32 | 19.02 | 4.62 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-------------------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-------------------+--------+-------------+
+ | 0 | 0 | 242.66 (+132.03%) | 245.1 | 5.4 |
+ +---------+------+-------------------+--------+-------------+
+ | 0 | 1 | 522.08 (+35.87%) | 26.24 | 138.32 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 0 | 104.36 (-57.33%) | 27.1 | 5.32 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 1 | 382.56 (-42.95%) | 23.34 | 4.42 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 2 | 807.74 | 271.54 | 4.64 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 3 | 981.36 | 221.8 | 79.48 |
+ +---------+------+-------------------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
+ serial (v2.9)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 236.56 | 23.24 | 138.18 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 236.86 | 23.28 | 138.10 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 281.04 | 22.80 | 77.24 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 100.28 | 18.52 | 4.54 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 100.12 | 18.78 | 4.50 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 100.36 | 18.94 | 4.44 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
+ serial (v2.10)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 236.84 | 27.1 | 138.36 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 236.96 | 27.1 | 138.32 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 280.06 | 26.94 | 77.5 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 100.76 | 23.42 | 4.36 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 100.02 | 23.42 | 4.44 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 100.08 | 23.2 | 4.4 |
+ +---------+------+-----------+--------+-------------+
``CPU_SUSPEND`` to power level 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
- parallel
+ parallel (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- +---------+------+-----------+---------+-------------+
- | 0 | 0 | 661.94 | 22.88 | 9.66 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 801.64 | 23.38 | 9.62 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 105.56 | 16.02 | 8.12 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 245.42 | 16.26 | 7.78 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 384.42 | 16.1 | 7.84 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 523.74 | 15.4 | 8.02 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 662.34 | 15.22 | 8.08 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 802.00 | 15.50 | 8.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 385.22 | 15.74 | 7.88 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 106.16 | 16.06 | 7.44 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 524.38 | 15.64 | 7.34 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 246.00 | 15.78 | 7.72 |
+ +---------+------+-----------+--------+-------------+
-.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
+ parallel (v2.10)
+
+ +---------+------+-------------------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-------------------+--------+-------------+
+ | 0 | 0 | 801.04 | 18.66 | 8.22 |
+ +---------+------+-------------------+--------+-------------+
+ | 0 | 1 | 661.28 | 19.08 | 7.88 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 0 | 105.9 (-72.51%) | 20.3 | 7.58 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 1 | 383.58 (+261.32%) | 20.4 | 7.42 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 2 | 523.52 | 20.1 | 7.74 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 3 | 244.5 | 20.16 | 7.56 |
+ +---------+------+-------------------+--------+-------------+
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 102.16 | 23.64 | 6.7 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 101.66 | 23.78 | 6.6 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 277.74 | 15.96 | 4.66 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 98.0 | 15.88 | 4.64 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 97.66 | 15.88 | 4.62 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 97.76 | 15.38 | 4.64 |
- +---------+------+-----------+---------+-------------+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial (v2.9)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 99.80 | 15.94 | 5.42 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 99.76 | 15.80 | 5.24 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 278.26 | 16.16 | 4.58 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 96.88 | 16.00 | 4.52 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 96.80 | 16.12 | 4.54 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 96.88 | 16.12 | 4.54 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial (v2.10)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 99.84 | 18.86 | 5.54 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 100.2 | 18.82 | 5.66 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 278.12 | 20.56 | 4.48 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 96.68 | 20.62 | 4.3 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 96.94 | 20.14 | 4.42 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 96.68 | 20.46 | 4.32 |
+ +---------+------+-----------+--------+-------------+
``CPU_OFF`` on all non-lead CPUs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -157,44 +231,82 @@
``CPU_OFF`` on all non-lead CPUs in sequence then, ``CPU_SUSPEND`` on the lead
core to the deepest power level.
-.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs
+.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 265.38 | 34.12 | 167.36 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 265.72 | 33.98 | 167.48 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 185.3 | 23.18 | 87.42 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 101.58 | 23.46 | 4.48 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 101.66 | 22.02 | 4.72 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 101.48 | 22.22 | 4.52 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 235.76 | 26.14 | 137.80 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 235.40 | 25.72 | 137.62 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 174.70 | 22.40 | 77.26 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 100.92 | 24.04 | 4.52 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 100.68 | 22.44 | 4.36 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 101.36 | 22.70 | 4.52 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs (v2.10)
+
+ +---------------------------------------------------+
+ | test_rt_instr_cpu_off_serial (latest) |
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 236.04 | 30.02 | 137.9 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 235.38 | 29.7 | 137.72 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 175.18 | 26.96 | 77.26 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 100.56 | 28.34 | 4.32 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 100.38 | 26.82 | 4.3 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 100.86 | 26.98 | 4.42 |
+ +---------+------+-----------+--------+-------------+
``CPU_VERSION`` in parallel
~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores (2.9)
+
-.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores
+ +-------------+--------+-------------+
+ | Cluster | Core | Latency |
+ +-------------+--------+-------------+
+ | 0 | 0 | 1.48 |
+ +-------------+--------+-------------+
+ | 0 | 1 | 1.04 |
+ +-------------+--------+-------------+
+ | 1 | 0 | 0.56 |
+ +-------------+--------+-------------+
+ | 1 | 1 | 0.92 |
+ +-------------+--------+-------------+
+ | 1 | 2 | 0.96 |
+ +-------------+--------+-------------+
+ | 1 | 3 | 0.96 |
+ +-------------+--------+-------------+
+
+.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores (2.10)
- +-------------+--------+--------------+
- | Cluster | Core | Latency |
- +=============+========+==============+
- | 0 | 0 | 1.22 |
- +-------------+--------+--------------+
- | 0 | 1 | 1.2 |
- +-------------+--------+--------------+
- | 1 | 0 | 0.6 |
- +-------------+--------+--------------+
- | 1 | 1 | 1.08 |
- +-------------+--------+--------------+
- | 1 | 2 | 1.04 |
- +-------------+--------+--------------+
- | 1 | 3 | 1.04 |
- +-------------+--------+--------------+
+ +-------------+--------+----------------------+
+ | Cluster | Core | Latency |
+ +-------------+--------+----------------------+
+ | 0 | 0 | 1.1 (-25.68%) |
+ +-------------+--------+----------------------+
+ | 0 | 1 | 1.06 |
+ +-------------+--------+----------------------+
+ | 1 | 0 | 0.58 |
+ +-------------+--------+----------------------+
+ | 1 | 1 | 0.88 |
+ +-------------+--------+----------------------+
+ | 1 | 2 | 0.92 |
+ +-------------+--------+----------------------+
+ | 1 | 3 | 0.9 |
+ +-------------+--------+----------------------+
Annotated Historic Results
--------------------------
diff --git a/docs/perf/psci-performance-n1sdp.rst b/docs/perf/psci-performance-n1sdp.rst
index ae1b89b..fd3c9c9 100644
--- a/docs/perf/psci-performance-n1sdp.rst
+++ b/docs/perf/psci-performance-n1sdp.rst
@@ -93,66 +93,129 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
- parallel
+ parallel (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 3.44 | 10.04 | 0.4 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 4.98 | 12.72 | 0.16 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 3.58 | 15.42 | 0.2 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 5.24 | 17.78 | 0.18 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 2.80 | 10.08 | 0.80 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 4.14 | 15.92 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 3.68 | 12.96 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 3.36 | 18.58 | 0.18 |
+ +---------+------+-----------+--------+-------------+
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
- serial
+ parallel (v2.10)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 1.82 | 9.98 | 0.32 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 1.96 | 9.96 | 0.18 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 2.0 | 10.5 | 0.16 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 2.22 | 10.56 | 0.16 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+----------------+------------------+-----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+----------------+------------------+-----------------+
+ | 0 | 0 | 2.12 | 23.94 (+137.50%) | 0.42 (-47.50%) |
+ +---------+------+----------------+------------------+-----------------+
+ | 0 | 0 | 3.52 | 42.08 (+164.32%) | 0.26 (+62.50%) |
+ +---------+------+----------------+------------------+-----------------+
+ | 1 | 0 | 2.76 (-25.00%) | 38.3 (+195.52%) | 0.26 (+62.50%) |
+ +---------+------+----------------+------------------+-----------------+
+ | 1 | 0 | 2.64 | 44.56 (+139.83%) | 0.36 (+100.00%) |
+ +---------+------+----------------+------------------+-----------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
+ serial (v2.9)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 1.86 | 9.92 | 0.32 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 2.70 | 10.48 | 0.36 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.78 | 9.72 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.94 | 10.44 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
+ serial (v2.10)
+
+ +---------+------+-----------+------------------+----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+------------------+----------------+
+ | 0 | 0 | 1.74 | 23.7 (+138.91%) | 0.3 |
+ +---------+------+-----------+------------------+----------------+
+ | 0 | 0 | 2.08 | 23.96 (+128.63%) | 0.26 (-27.78%) |
+ +---------+------+-----------+------------------+----------------+
+ | 1 | 0 | 1.9 | 23.62 (+143.00%) | 0.28 (+75.00%) |
+ +---------+------+-----------+------------------+----------------+
+ | 1 | 0 | 2.06 | 23.92 (+129.12%) | 0.26 (+62.50%) |
+ +---------+------+-----------+------------------+----------------+
``CPU_SUSPEND`` to power level 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
- parallel
+ parallel (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 1.52 | 11.84 | 0.34 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 1.1 | 13.66 | 0.14 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 2.18 | 9.48 | 0.18 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 2.06 | 14.4 | 0.16 |
- +---------+------+-----------+---------+-------------+
+ +---------------------------------------------------+
+ | test_rt_instr_cpu_susp_parallel |
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 0.88 | 12.32 | 0.26 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 2.12 | 14.62 | 0.26 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.86 | 14.14 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.92 | 9.44 | 0.18 |
+ +---------+------+-----------+--------+-------------+
-.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
+ parallel (v2.10)
+
+ +---------+------+---------------+------------------+----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+---------------+------------------+----------------+
+ | 0 | 0 | 1.5 (+70.45%) | 35.02 (+184.25%) | 0.24 |
+ +---------+------+---------------+------------------+----------------+
+ | 0 | 0 | 1.92 | 38.12 (+160.74%) | 0.28 |
+ +---------+------+---------------+------------------+----------------+
+ | 1 | 0 | 1.88 | 38.1 (+169.45%) | 0.26 (+62.50%) |
+ +---------+------+---------------+------------------+----------------+
+ | 1 | 0 | 2.04 | 23.1 (+144.70%) | 0.24 |
+ +---------+------+---------------+------------------+----------------+
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 1.54 | 9.34 | 0.3 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 1.88 | 9.5 | 0.16 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 1.86 | 9.86 | 0.2 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 2.02 | 9.64 | 0.18 |
- +---------+------+-----------+---------+-------------+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial (v2.9)
+
+ +---------------------------------------------------+
+ | test_rt_instr_cpu_susp_serial |
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 1.52 | 9.40 | 0.30 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 1.92 | 9.80 | 0.18 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 2.20 | 9.60 | 0.14 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.82 | 9.78 | 0.18 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial (v2.10)
+
+ +---------+------+-----------+------------------+-----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+------------------+-----------------+
+ | 0 | 0 | 1.52 | 23.08 (+145.53%) | 0.3 |
+ +---------+------+-----------+------------------+-----------------+
+ | 0 | 0 | 1.98 | 23.68 (+141.63%) | 0.28 (+55.56%) |
+ +---------+------+-----------+------------------+-----------------+
+ | 1 | 0 | 1.84 | 23.86 (+148.54%) | 0.28 (+100.00%) |
+ +---------+------+-----------+------------------+-----------------+
+ | 1 | 0 | 1.98 | 23.68 (+142.13%) | 0.28 (+55.56%) |
+ +---------+------+-----------+------------------+-----------------+
``CPU_OFF`` on all non-lead CPUs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -160,36 +223,68 @@
``CPU_OFF`` on all non-lead CPUs in sequence then, ``CPU_SUSPEND`` on the lead
core to the deepest power level.
-.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs
+.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 1.86 | 9.88 | 0.32 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 21.1 | 12.44 | 0.42 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 21.22 | 13.2 | 0.32 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 21.56 | 13.18 | 0.54 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 1.84 | 9.94 | 0.32 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 14.20 | 13.10 | 0.50 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 13.88 | 12.36 | 0.42 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 14.40 | 13.26 | 0.52 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs (v2.10)
+
+ +---------+------+-----------+------------------+----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+------------------+----------------+
+ | 0 | 0 | 1.78 | 23.7 (+138.43%) | 0.3 |
+ +---------+------+-----------+------------------+----------------+
+ | 0 | 0 | 13.96 | 31.16 (+137.86%) | 0.34 (-32.00%) |
+ +---------+------+-----------+------------------+----------------+
+ | 1 | 0 | 13.54 | 30.24 (+144.66%) | 0.26 (-38.10%) |
+ +---------+------+-----------+------------------+----------------+
+ | 1 | 0 | 14.46 | 31.12 (+134.69%) | 0.7 (+34.62%) |
+ +---------+------+-----------+------------------+----------------+
``CPU_VERSION`` in parallel
~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores (v2.9)
+
-.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores
+ +------------------------------------+
+ | test_rt_instr_psci_version_parallel|
+ +-------------+--------+-------------+
+ | Cluster | Core | Latency |
+ +-------------+--------+-------------+
+ | 0 | 0 | 0.08 |
+ +-------------+--------+-------------+
+ | 0 | 0 | 0.26 |
+ +-------------+--------+-------------+
+ | 1 | 0 | 0.20 |
+ +-------------+--------+-------------+
+ | 1 | 0 | 0.26 |
+ +-------------+--------+-------------+
+
+.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores (v2.10)
- +-------------+--------+--------------+
- | Cluster | Core | Latency |
- +=============+========+==============+
- | 0 | 0 | 0.08 |
- +-------------+--------+--------------+
- | 0 | 1 | 0.22 |
- +-------------+--------+--------------+
- | 1 | 0 | 0.28 |
- +-------------+--------+--------------+
- | 1 | 1 | 0.26 |
- +-------------+--------+--------------+
+ +----------------------------------------------+
+ | test_rt_instr_psci_version_parallel (latest) |
+ +-------------+--------+-----------------------+
+ | Cluster | Core | Latency |
+ +-------------+--------+-----------------------+
+ | 0 | 0 | 0.14 (+75.00%) |
+ +-------------+--------+-----------------------+
+ | 0 | 0 | 0.22 |
+ +-------------+--------+-----------------------+
+ | 1 | 0 | 0.2 |
+ +-------------+--------+-----------------------+
+ | 1 | 0 | 0.26 |
+ +-------------+--------+-----------------------+
--------------
diff --git a/docs/plat/arm/arm-build-options.rst b/docs/plat/arm/arm-build-options.rst
index e81052b..3301067 100644
--- a/docs/plat/arm/arm-build-options.rst
+++ b/docs/plat/arm/arm-build-options.rst
@@ -90,11 +90,6 @@
of the translation tables library instead of version 2. It is set to 0 by
default, which selects version 2.
-- ``ARM_CRYPTOCELL_INTEG`` : bool option to enable TF-A to invoke Arm®
- TrustZone® CryptoCell functionality for Trusted Board Boot on capable Arm
- platforms. If this option is specified, then the path to the CryptoCell
- SBROM library must be specified via ``CCSBROM_LIB_PATH`` flag.
-
- ``ARM_GPT_SUPPORT``: Enable GPT parser to get the entry address and length of
the various partitions present in the GPT image. This support is available
only for the BL2 component, and it is disabled by default.
diff --git a/docs/plat/arm/fvp/index.rst b/docs/plat/arm/fvp/index.rst
index fcfa04a..700020f 100644
--- a/docs/plat/arm/fvp/index.rst
+++ b/docs/plat/arm/fvp/index.rst
@@ -12,7 +12,7 @@
(64-bit host machine only).
.. note::
- The FVP models used are Version 11.19 Build 14, unless otherwise stated.
+ The FVP models used are Version 11.22 Build 14, unless otherwise stated.
- ``Foundation_Platform``
- ``FVP_Base_AEMv8A-AEMv8A-AEMv8A-AEMv8A-CCN502`` (Version 11.17/21)
@@ -41,18 +41,18 @@
- ``FVP_Base_Cortex-A76AE``
- ``FVP_Base_Cortex-A77``
- ``FVP_Base_Cortex-A78``
+- ``FVP_Base_Cortex-A78AE``
- ``FVP_Base_Cortex-A78C``
- ``FVP_Base_Cortex-X2x4`` (Version 11.17/21)
- ``FVP_Base_Neoverse-E1``
- ``FVP_Base_Neoverse-N1``
-- ``FVP_Base_Neoverse-N2x4`` (Version 11.16/16)
- ``FVP_Base_Neoverse-V1``
- ``FVP_Base_RevC-2xAEMvA``
-- ``FVP_Morello`` (Version 0.11/33)
-- ``FVP_RD_E1_edge`` (Version 11.17/29)
-- ``FVP_RD_V1`` (Version 11.17/29)
-- ``FVP_TC1`` (Version 11.17/33)
-- ``FVP_TC2`` (Version 11.18/28)
+- ``FVP_BaseR_AEMv8R``
+- ``FVP_Morello`` (Version 0.11/33)
+- ``FVP_RD_V1``
+- ``FVP_TC1``
+- ``FVP_TC2`` (Version 11.20/24)
The latest version of the AArch32 build of TF-A has been tested on the
following Arm FVPs without shifted affinities, and that do not support threaded
diff --git a/docs/plat/arm/tc/index.rst b/docs/plat/arm/tc/index.rst
index c5058f5..9469e9a 100644
--- a/docs/plat/arm/tc/index.rst
+++ b/docs/plat/arm/tc/index.rst
@@ -18,7 +18,7 @@
is the CPUs supported as below:
- TC0 has support for Cortex A510, Cortex A710 and Cortex X2. (Note TC0 is now deprecated)
-- TC1 has support for Cortex A510, Cortex A715 and Cortex X3.
+- TC1 has support for Cortex A510, Cortex A715 and Cortex X3. (Note TC1 is now deprecated)
- TC2 has support for Cortex A520, Cortex A720 and Cortex x4.
Boot Sequence
diff --git a/docs/plat/index.rst b/docs/plat/index.rst
index f135ca2..b1ccaa5 100644
--- a/docs/plat/index.rst
+++ b/docs/plat/index.rst
@@ -79,6 +79,8 @@
+----------------+----------------+--------------------+--------------------+
| tc0 | Arm | 2.8 | 2.10 |
+----------------+----------------+--------------------+--------------------+
+| tc1 | Arm | 2.10 | TBD |
++----------------+----------------+--------------------+--------------------+
| rde1edge | Arm | 2.9 | 3.0 |
+----------------+----------------+--------------------+--------------------+
diff --git a/docs/plat/xilinx-versal-net.rst b/docs/plat/xilinx-versal-net.rst
index 5d04639..1db7695 100644
--- a/docs/plat/xilinx-versal-net.rst
+++ b/docs/plat/xilinx-versal-net.rst
@@ -14,6 +14,11 @@
make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal_net bl31
```
+To build bl32 TSP you have to rebuild bl31 too
+```bash
+make CROSS_COMPILE=aarch64-none-elf- PLAT=versal_net SPD=tspd RESET_TO_BL31=1 bl31 bl32
+```
+
To build TF-A for JTAG DCC console:
```bash
make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal_net VERSAL_NET_CONSOLE=dcc bl31
diff --git a/docs/plat/xilinx-versal.rst b/docs/plat/xilinx-versal.rst
index 09a6ee2..b71776d 100644
--- a/docs/plat/xilinx-versal.rst
+++ b/docs/plat/xilinx-versal.rst
@@ -19,6 +19,11 @@
make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal VERSAL_PLATFORM=versal_virt bl31
```
+To build bl32 TSP you have to rebuild bl31 too
+```bash
+make CROSS_COMPILE=aarch64-none-elf- PLAT=versal SPD=tspd RESET_TO_BL31=1 bl31 bl32
+```
+
To build TF-A for JTAG DCC console
```bash
make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal bl31 VERSAL_CONSOLE=dcc
diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst
index 082497c..7c66d11 100644
--- a/docs/porting-guide.rst
+++ b/docs/porting-guide.rst
@@ -319,13 +319,6 @@
Firmware Update (FWU) certificate identifier, used by NS_BL1U to load the
FWU content certificate.
-- **#define : PLAT_CRYPTOCELL_BASE**
-
- This defines the base address of Arm® TrustZone® CryptoCell and must be
- defined if CryptoCell crypto driver is used for Trusted Board Boot. For
- capable Arm platforms, this driver is used if ``ARM_CRYPTOCELL_INTEG`` is
- set.
-
If the AP Firmware Updater Configuration image, BL2U is used, the following
must also be defined:
diff --git a/docs/resources/diagrams/ffa-ns-interrupt-handling-managed-exit.png b/docs/resources/diagrams/ffa-ns-interrupt-handling-managed-exit.png
deleted file mode 100644
index 0619cf2..0000000
--- a/docs/resources/diagrams/ffa-ns-interrupt-handling-managed-exit.png
+++ /dev/null
Binary files differ
diff --git a/docs/resources/diagrams/ffa-ns-interrupt-handling-sp-preemption.png b/docs/resources/diagrams/ffa-ns-interrupt-handling-sp-preemption.png
deleted file mode 100644
index f110028..0000000
--- a/docs/resources/diagrams/ffa-ns-interrupt-handling-sp-preemption.png
+++ /dev/null
Binary files differ
diff --git a/docs/resources/diagrams/plantuml/tfa_arm_cca_dfd.puml b/docs/resources/diagrams/plantuml/tfa_arm_cca_dfd.puml
new file mode 100644
index 0000000..493f078
--- /dev/null
+++ b/docs/resources/diagrams/plantuml/tfa_arm_cca_dfd.puml
@@ -0,0 +1,82 @@
+/'
+ ' Copyright (c) 2023, Arm Limited. All rights reserved.
+ '
+ ' SPDX-License-Identifier: BSD-3-Clause
+ '/
+
+/'
+TF-A with Arm CCA Data Flow Diagram
+'/
+
+@startuml
+digraph tfa_dfd {
+
+ # Arrange nodes from left to right
+ rankdir="LR"
+
+ # Allow arrows to end on cluster boundaries
+ compound=true
+
+ # Default settings for edges and nodes
+ edge [minlen=2 color="#8c1b07"]
+ node [fillcolor="#ffb866" style=filled shape=box fixedsize=true width=1.6 height=0.7]
+
+ # Nodes outside of the trust boundary
+ realm [label="Realm\nClients"]
+ nsec [label="Non-secure\nClients"]
+ sec [label="Secure\nClients"]
+ dbg [label="Debug & Trace"]
+ uart [label="UART"]
+ nvm [label="Non-volatile\nMemory"]
+
+ # Trust boundary cluster
+ subgraph cluster_trusted{
+ graph [style=dashed color="#f22430"]
+
+ # HW IPs cluster
+ subgraph cluster_ip{
+ label ="Hardware IPs";
+ graph [style=filled color="#000000" fillcolor="#ffd29e"]
+
+ rank="same"
+ gic [label="GIC" width=1.2 height=0.5]
+ mmu [label="MMU" width=1.2 height=0.5]
+ etc [label="..." shape=none style=none height=0.5]
+ }
+
+ # TF-A cluster
+ subgraph cluster_tfa{
+ label ="TF-A";
+ graph [style=filled color="#000000" fillcolor="#faf9cd"]
+
+ bl1 [label="Boot ROM\n(BL1)" fillcolor="#ddffb3"];
+ bl2 [label="Trusted Boot\nFirmware\n(BL2)" fillcolor="#ddffb3" height=1]
+ bl31 [label="TF-A Runtime\n(BL31)" fillcolor="#ddffb3"]
+ }
+
+ # HES cluster
+ subgraph cluster_hes{
+ label ="Arm CCA HES";
+ graph [style=filled color="#000000" fillcolor="#ffd29e"]
+
+ hes [label="Hardware\nEnforced Security"]
+ }
+ }
+
+ # Interactions between nodes
+
+ # -- The following lines are copied from tfa_dfd.puml and must not be
+ # changed, at the risk of invalidating DF* references.
+ nvm -> bl31 [lhead=cluster_tfa label="DF1"]
+ uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
+ dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
+ sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
+ nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
+ bl2 -> mmu [dir="both" ltail=cluster_tfa lhead=cluster_ip label="DF6"]
+
+ # -- The following lines are new for Arm CCA DFD.
+ bl2 -> hes [dir="both" ltail=cluster_tfa lhead=cluster_hes label="DF7"]
+ realm -> bl2 [dir="both" lhead=cluster_tfa label="DF8"]
+}
+
+@enduml
diff --git a/docs/resources/diagrams/plantuml/tfa_dfd.puml b/docs/resources/diagrams/plantuml/tfa_dfd.puml
index 0007911..9d3dcba 100644
--- a/docs/resources/diagrams/plantuml/tfa_dfd.puml
+++ b/docs/resources/diagrams/plantuml/tfa_dfd.puml
@@ -25,7 +25,7 @@
nsec [label="Non-secure\nClients"]
sec [label="Secure\nClients"]
dbg [label="Debug & Trace"]
- logs [label="Logs\n(UART)"]
+ uart [label="UART"]
nvm [label="Non-volatile\nMemory"]
# Trust boundary cluster
@@ -56,7 +56,7 @@
# Interactions between nodes
nvm -> bl31 [lhead=cluster_tfa label="DF1"]
- logs -> bl31 [dir="back" lhead=cluster_tfa label="DF2"]
+ uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
diff --git a/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml b/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
index 23f5b17..a7e0ce5 100644
--- a/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
+++ b/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
@@ -25,7 +25,7 @@
nsec [label="Non-secure\nClients"]
sec [label="Secure\nClients"]
dbg [label="Debug & Trace"]
- logs [label="Logs\n(UART)"]
+ uart [label="UART"]
nvm [label="Non-volatile\nMemory"]
@@ -65,7 +65,7 @@
# Interactions between nodes
nvm -> bl31 [lhead=cluster_tfa label="DF1"]
- logs -> bl31 [dir="back" lhead=cluster_tfa label="DF2"]
+ uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
diff --git a/docs/threat_model/index.rst b/docs/threat_model/index.rst
index b22fb18..e22378b 100644
--- a/docs/threat_model/index.rst
+++ b/docs/threat_model/index.rst
@@ -31,10 +31,10 @@
:caption: Contents
threat_model
- threat_model_spm
threat_model_el3_spm
threat_model_fvp_r
threat_model_rss_interface
+ threat_model_arm_cca
--------------
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 57a5e1b..0da2558 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -36,6 +36,9 @@
- There are no Root and Realm worlds. These are introduced by :ref:`Realm
Management Extension (RME)`.
+ The :ref:`Threat Model for TF-A with Arm CCA support` covers these types of
+ configurations.
+
- No experimental features are enabled. We do not consider threats that may come
from them.
@@ -63,8 +66,10 @@
| | images include TF-A BL2 and BL31 images, as well as |
| | other secure and non-secure images. |
+-----------------+--------------------------------------------------------+
- | DF2 | | TF-A log system framework outputs debug messages |
- | | over a UART interface. |
+ | DF2 | | TF-A log system framework outputs debug or |
+ | | informative messages over a UART interface. |
+ | | |
+ | | | Also, characters can be read from a UART interface. |
+-----------------+--------------------------------------------------------+
| DF3 | | Debug and trace IP on a platform can allow access |
| | to registers and memory of TF-A. |
@@ -272,6 +277,8 @@
them. To help developers implement mitigations in the right place, threats below
are categorized based on the firmware image that should mitigate them.
+.. _General Threats:
+
General Threats for All Firmware Images
---------------------------------------
@@ -552,9 +559,62 @@
| | soon as they are not needed anymore. |
+------------------------+-----------------------------------------------------+
| Mitigations | | Yes / Platform specific |
+| implemented? | |
+------------------------+-----------------------------------------------------+
++------------------------+-----------------------------------------------------+
+| ID | 15 |
++========================+=====================================================+
+| Threat | | **Improper handling of input data received over |
+| | a UART interface may allow an attacker to tamper |
+| | with TF-A execution environment.** |
+| | |
+| | | The consequences of the attack depend on the |
+| | the exact usage of input data received over UART. |
+| | Examples are injection of arbitrary data, |
+| | sensitive data tampering, influencing the |
+| | execution path, denial of service (if using |
+| | blocking I/O). This list may not be exhaustive. |
++------------------------+-----------------------------------------------------+
+| Diagram Elements | DF2, DF4, DF5 |
++------------------------+-----------------------------------------------------+
+| Affected TF-A | BL1, BL2, BL31 |
+| Components | |
++------------------------+-----------------------------------------------------+
+| Assets | Sensitive Data, Code Execution, Availability |
++------------------------+-----------------------------------------------------+
+| Threat Agent | NSCode, SecCode |
++------------------------+-----------------------------------------------------+
+| Threat Type | Tampering, Information Disclosure, Denial of |
+| | service, Elevation of privilege. |
++------------------------+-------------------+----------------+----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-------------------+----------------+----------------+
+| Impact | Critical (5) | Critical (5) | Critical (5) |
++------------------------+-------------------+----------------+----------------+
+| Likelihood | Critical (5) | Critical (5) | Critical (5) |
++------------------------+-------------------+----------------+----------------+
+| Total Risk Rating | Critical (25) | Critical (25) | Critical (25) |
++------------------------+-------------------+----------------+----------------+
+| Mitigations | | By default, the code to read input data from UART |
+| | interfaces is disabled (see `ENABLE_CONSOLE_GETC` |
+| | build option). It should only be enabled on a |
+| | need basis. |
+| | |
+| | | Data received over UART interfaces should be |
+| | treated as untrusted data. As such, it should be |
+| | properly sanitized and handled with caution. |
++------------------------+-----------------------------------------------------+
+| Mitigations | | Platform specific. |
+| implemented? | |
+| | | Generic code does not read any input data from |
+| | UART interface(s). |
++------------------------+-----------------------------------------------------+
+
+
+.. _Boot Firmware Threats:
+
Threats to be Mitigated by the Boot Firmware
--------------------------------------------
@@ -789,6 +849,8 @@
since the |SRTM| includes all secure world components.
+.. _Runtime Firmware Threats:
+
Threats to be Mitigated by the Runtime EL3 Firmware
---------------------------------------------------
diff --git a/docs/threat_model/threat_model_arm_cca.rst b/docs/threat_model/threat_model_arm_cca.rst
new file mode 100644
index 0000000..fbf3327
--- /dev/null
+++ b/docs/threat_model/threat_model_arm_cca.rst
@@ -0,0 +1,225 @@
+Threat Model for TF-A with Arm CCA support
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Introduction
+************
+
+This document provides a threat model of TF-A firmware for platforms with Arm
+Realm Management Extension (RME) support which implement Arm Confidential
+Compute Architecture (Arm CCA).
+
+Although it is a separate document, it references the :ref:`Generic Threat
+Model` in a number of places, as some of the contents is commonly applicable to
+TF-A with or without Arm CCA support.
+
+Target of Evaluation
+********************
+
+In this threat model, the target of evaluation is the Trusted Firmware for
+A-class Processors (TF-A) with RME support and Arm CCA support. This includes
+the boot ROM (BL1), the trusted boot firmware (BL2) and the runtime EL3 firmware
+(BL31).
+
+Assumptions
+===========
+
+We make the following assumptions:
+
+- :ref:`Realm Management Extension (RME)` is enabled on the platform.
+
+- Arm CCA Hardware Enforced Security (HES) is available on the platform, as
+ recommended by `Arm CCA security model`_:
+
+ *[R0004] Arm strongly recommends that all implementations of CCA utilize*
+ *hardware enforced security (CCA HES).*
+
+- All TF-A images run from on-chip memory. Data used by these images also live
+ in on-chip memory. This means TF-A is not vulnerable to an attacker that can
+ probe or tamper with off-chip memory.
+
+ These are requirements of the `Arm CCA security model`_:
+
+ *[R0147] Monitor code executes entirely from on-chip memory.*
+
+ *[R0149] Any monitor data that may affect the CCA security guarantee, other*
+ *than GPT, is either held in on-chip memory, or in external memory but with*
+ *additional integrity protection.*
+
+ Note that this threat model hardens *[R0149]* requirement by forbidding to
+ hold data in external memory, even if it is integrity-protected - except for
+ GPT data.
+
+- TF-A BL1 image is immutable and thus implicitly trusted. It runs from
+ read-only memory or write-protected memory. This could be on-chip ROM, on-chip
+ OTP, locked on-chip flash, or write-protected on-chip RAM for example.
+
+ This is a requirement of the `Arm CCA security model`_:
+
+ *[R0158] Arm recommends that all initial boot code is immutable on a*
+ *secured system.*
+
+ *[R0050] If all or part of initial boot code is instantiated in on-chip*
+ *memory then other trusted subsystems or application PE cannot modify that*
+ *code before it has been executed.*
+
+- Trusted boot and measured boot are enabled. This means an attacker can't boot
+ arbitrary images that are not approved by platform providers.
+
+ These are requirements of the `Arm CCA security model`_:
+
+ *[R0048] A secured system can only load authorized CCA firmware.*
+
+ *[R0079] All Monitor firmware loaded by PE initial boot is measured and*
+ *verified as outlined in Verified boot.*
+
+- No experimental features are enabled. These are typically incomplete features,
+ which need more time to stabilize. Thus, we do not consider threats that may
+ come from them. It is not recommended to use these features in production
+ builds.
+
+Data Flow Diagram
+=================
+
+Figure 1 shows a high-level data flow diagram for TF-A. The diagram shows a
+model of the different components of a TF-A-based system and their interactions
+with TF-A. A description of each diagram element is given on Table 1. On the
+diagram, the red broken lines indicate trust boundaries. Components outside of
+the broken lines are considered untrusted by TF-A.
+
+.. uml:: ../resources/diagrams/plantuml/tfa_arm_cca_dfd.puml
+ :caption: Figure 1: Data Flow Diagram
+
+.. table:: Table 1: Data Flow Diagram Description
+
+ +-----------------+--------------------------------------------------------+
+ | Diagram Element | Description |
+ +=================+========================================================+
+ | DF1 | | Refer to DF1 description in the |
+ | | :ref:`Generic Threat Model`. Additionally TF-A |
+ | | loads realm images. |
+ +-----------------+--------------------------------------------------------+
+ | DF2-DF6 | | Refer to DF2-DF6 descriptions in the |
+ | | :ref:`Generic Threat Model`. |
+ +-----------------+--------------------------------------------------------+
+ | DF7 | | Boot images interact with Arm CCA HES to record boot |
+ | | measurements and retrieve data used for AP images |
+ | | authentication. |
+ | | |
+ | | | The runtime firmware interacts with Arm CCA HES to |
+ | | obtain sensitive attestation data for the realm |
+ | | world. |
+ +-----------------+--------------------------------------------------------+
+ | DF8 | | Realm world software (e.g. TF-RMM) interact with |
+ | | TF-A through SMC call interface and/or shared |
+ | | memory. |
+ +-----------------+--------------------------------------------------------+
+
+Threat Analysis
+***************
+
+In this threat model, we use the same method to analyse threats as in the
+:ref:`Generic Threat Model`. This section only points out differences where
+applicable.
+
+- There is an additional threat agent: *RealmCode*. It takes the form of
+ malicious or faulty code running in the realm world, including R-EL2, R-EL1
+ and R-EL0 levels.
+
+- At this time we only consider the ``Server`` target environment. New threats
+ identified in this threat model will only be given a risk rating for this
+ environment. Other environments may be added in a future revision
+
+Threat Assessment
+=================
+
+General Threats for All Firmware Images
+---------------------------------------
+
+The following table analyses the :ref:`General Threats` in the context of this
+threat model. Only deltas are pointed out.
+
+ +----+-------------+-------------------------------------------------------+
+ | ID | Applicable? | Comments |
+ +====+=============+=======================================================+
+ | 05 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+ | 06 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+ | 08 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 11 | Yes | | Misconfiguration of the Memory Management Unit |
+ | | | (MMU) may allow a **normal/secure/realm** world |
+ | | | software to access sensitive data, execute arbitrary|
+ | | | code or access otherwise restricted HW interface. |
+ | | | |
+ | | | | **Note that on RME systems, MMU configuration also |
+ | | | includes Granule Protection Tables (GPT) setup.** |
+ | | | |
+ | | | | Additional diagram elements: DF4, DF7, DF8. |
+ | | | |
+ | | | | Additional threat agents: SecCode, RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 13 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 15 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+
+Threats to be Mitigated by the Boot Firmware
+--------------------------------------------
+
+The following table analyses the :ref:`Boot Firmware Threats` in the context of
+this threat model. Only deltas are pointed out.
+
+ +----+-------------+-------------------------------------------------------+
+ | ID | Applicable? | Comments |
+ +====+=============+=======================================================+
+ | 01 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 02 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 03 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+ | 04 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+
+Threats to be Mitigated by the Runtime EL3 Firmware
+---------------------------------------------------
+
+The following table analyses the :ref:`Runtime Firmware Threats` in the context
+of this threat model. Only deltas are pointed out.
+
+ +----+-------------+-------------------------------------------------------+
+ | ID | Applicable? | Comments |
+ +====+=============+=======================================================+
+ | 07 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 09 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 10 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 12 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 14 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+
+*Copyright (c) 2023, Arm Limited. All rights reserved.*
+
+.. _Arm CCA Security Model: https://developer.arm.com/documentation/DEN0096/A_a
diff --git a/docs/threat_model/threat_model_fvp_r.rst b/docs/threat_model/threat_model_fvp_r.rst
index c1462bb..725eeed 100644
--- a/docs/threat_model/threat_model_fvp_r.rst
+++ b/docs/threat_model/threat_model_fvp_r.rst
@@ -90,8 +90,10 @@
and since the MPU configuration is equivalent with that for the fvp
platform and others, this is not expected to be a concern.
+ - ID 15: Improper handling of input data received over a UART interface may
+ allow an attacker to tamper with TF-A execution environment.
--------------
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
diff --git a/docs/threat_model/threat_model_spm.rst b/docs/threat_model/threat_model_spm.rst
deleted file mode 100644
index 24a115b..0000000
--- a/docs/threat_model/threat_model_spm.rst
+++ /dev/null
@@ -1,1340 +0,0 @@
-SPMC Threat Model
-*****************
-
-************************
-Introduction
-************************
-This document provides a threat model for the TF-A :ref:`Secure Partition Manager`
-(SPM) implementation or more generally the S-EL2 reference firmware running on
-systems implementing the FEAT_SEL2 (formerly Armv8.4 Secure EL2) architecture
-extension. The SPM implementation is based on the `Arm Firmware Framework for
-Arm A-profile`_ specification.
-
-In brief, the broad FF-A specification and S-EL2 firmware implementation
-provide:
-
-- Isolation of mutually mistrusting SW components, or endpoints in the FF-A
- terminology.
-- Distinct sandboxes in the secure world called secure partitions. This permits
- isolation of services from multiple vendors.
-- A standard protocol for communication and memory sharing between FF-A
- endpoints.
-- Mutual isolation of the normal world and the secure world (e.g. a Trusted OS
- is prevented to map an arbitrary NS physical memory region such as the kernel
- or the Hypervisor).
-
-************************
-Target of Evaluation
-************************
-In this threat model, the target of evaluation is the S-EL2 firmware or the
-``Secure Partition Manager Core`` component (SPMC).
-The monitor and SPMD at EL3 are covered by the :ref:`Generic TF-A threat model
-<threat_analysis>`.
-
-The scope for this threat model is:
-
-- The TF-A implementation for the S-EL2 SPMC based on the Hafnium hypervisor
- running in the secure world of TrustZone (at S-EL2 exception level).
- The threat model is not related to the normal world Hypervisor or VMs.
- The S-EL1 and EL3 SPMC solutions are not covered.
-- The implementation complies with the FF-A v1.0 specification, and a few
- features of FF-A v1.1 specification.
-- Secure partitions are statically provisioned at boot time.
-- Focus on the run-time part of the life-cycle (no specific emphasis on boot
- time, factory firmware provisioning, firmware udpate etc.)
-- Not covering advanced or invasive physical attacks such as decapsulation,
- FIB etc.
-- Assumes secure boot or in particular TF-A trusted boot (TBBR or dual CoT) is
- enabled. An attacker cannot boot arbitrary images that are not approved by the
- SiP or platform providers.
-
-Data Flow Diagram
-======================
-Figure 1 shows a high-level data flow diagram for the SPM split into an SPMD
-component at EL3 and an SPMC component at S-EL2. The SPMD mostly acts as a
-relayer/pass-through between the normal world and the secure world. It is
-assumed to expose small attack surface.
-
-A description of each diagram element is given in Table 1. In the diagram, the
-red broken lines indicate trust boundaries.
-
-Components outside of the broken lines are considered untrusted.
-
-.. uml:: ../resources/diagrams/plantuml/spm_dfd.puml
- :caption: Figure 1: SPMC Data Flow Diagram
-
-.. table:: Table 1: SPMC Data Flow Diagram Description
-
- +---------------------+--------------------------------------------------------+
- | Diagram Element | Description |
- +=====================+========================================================+
- | ``DF1`` | SP to SPMC communication. FF-A function invocation or |
- | | implementation-defined Hypervisor call. |
- +---------------------+--------------------------------------------------------+
- | ``DF2`` | SPMC to SPMD FF-A call. |
- +---------------------+--------------------------------------------------------+
- | ``DF3`` | SPMD to NS forwarding. |
- +---------------------+--------------------------------------------------------+
- | ``DF4`` | SP to SP FF-A direct message request/response. |
- | | Note as a matter of simplifying the diagram |
- | | the SP to SP communication happens through the SPMC |
- | | (SP1 performs a direct message request to the |
- | | SPMC targeting SP2 as destination. And similarly for |
- | | the direct message response from SP2 to SP1). |
- +---------------------+--------------------------------------------------------+
- | ``DF5`` | HW control. |
- +---------------------+--------------------------------------------------------+
- | ``DF6`` | Bootloader image loading. |
- +---------------------+--------------------------------------------------------+
- | ``DF7`` | External memory access. |
- +---------------------+--------------------------------------------------------+
-
-*********************
-Threat Analysis
-*********************
-
-This threat model follows a similar methodology to the :ref:`Generic TF-A threat model
-<threat_analysis>`.
-The following sections define:
-
-- Trust boundaries
-- Assets
-- Theat agents
-- Threat types
-
-Trust boundaries
-============================
-
-- Normal world is untrusted.
-- Secure world and normal world are separate trust boundaries.
-- EL3 monitor, SPMD and SPMC are trusted.
-- Bootloaders (in particular BL1/BL2 if using TF-A) and run-time BL31 are
- implicitely trusted by the usage of secure boot.
-- EL3 monitor, SPMD, SPMC do not trust SPs.
-
-.. figure:: ../resources/diagrams/spm-threat-model-trust-boundaries.png
-
- Figure 2: Trust boundaries
-
-Assets
-============================
-
-The following assets are identified:
-
-- SPMC state.
-- SP state.
-- Information exchange between endpoints (partition messages).
-- SPMC secrets (e.g. pointer authentication key when enabled)
-- SP secrets (e.g. application keys).
-- Scheduling cycles.
-- Shared memory.
-
-Threat Agents
-============================
-
-The following threat agents are identified:
-
-- NS-Endpoint identifies a non-secure endpoint: normal world client at NS-EL2
- (Hypervisor) or NS-EL1 (VM or OS kernel).
-- S-Endpoint identifies a secure endpoint typically a secure partition.
-- Hardware attacks (non-invasive) requiring a physical access to the device,
- such as bus probing or DRAM stress.
-
-Threat types
-============================
-
-The following threat categories as exposed in the :ref:`Generic TF-A threat model
-<threat_analysis>`
-are re-used:
-
-- Spoofing
-- Tampering
-- Repudiation
-- Information disclosure
-- Denial of service
-- Elevation of privileges
-
-Similarly this threat model re-uses the same threat risk ratings. The risk
-analysis is evaluated based on the environment being ``Server`` or ``Mobile``.
-
-Threat Assessment
-============================
-
-The following threats are identified by applying STRIDE analysis on each diagram
-element of the data flow diagram.
-
-+------------------------+----------------------------------------------------+
-| ID | 01 |
-+========================+====================================================+
-| ``Threat`` | **An endpoint impersonates the sender or receiver |
-| | FF-A ID in a direct request/response invocation.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMD, SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------++----------------+---------------+
-| ``Impact`` | Critical(5) | Critical(5) | |
-+------------------------+------------------++----------------+---------------+
-| ``Likelihood`` | Critical(5) | Critical(5) | |
-+------------------------+------------------++----------------+---------------+
-| ``Total Risk Rating`` | Critical(25) | Critical(25) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
-| | The guidance below is left for a system integrator |
-| | to implemented as necessary. |
-| | The SPMC must enforce checks in the direct message |
-| | request/response interfaces such an endpoint cannot|
-| | spoof the origin and destination worlds (e.g. a NWd|
-| | originated message directed to the SWd cannot use a|
-| | SWd ID as the sender ID). |
-| | Additionally a software component residing in the |
-| | SPMC can be added for the purpose of direct |
-| | request/response filtering. |
-| | It can be configured with the list of known IDs |
-| | and about which interaction can occur between one |
-| | and another endpoint (e.g. which NWd endpoint ID |
-| | sends a direct request to which SWd endpoint ID). |
-| | This component checks the sender/receiver fields |
-| | for a legitimate communication between endpoints. |
-| | A similar component can exist in the OS kernel |
-| | driver, or Hypervisor although it remains untrusted|
-| | by the SPMD/SPMC. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 02 |
-+========================+====================================================+
-| ``Threat`` | **Tampering with memory shared between an endpoint |
-| | and the SPMC.** |
-| | A malicious endpoint may attempt tampering with its|
-| | RX/TX buffer contents while the SPMC is processing |
-| | it (TOCTOU). |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF3, DF4, DF7 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | Shared memory, Information exchange |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | High (4) | High (4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (16) | High (16) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | In context of FF-A v1.0 and v1.1 this is the case |
-| | of sharing the RX/TX buffer pair and usage in the |
-| | PARTITION_INFO_GET or mem sharing primitives. |
-| | The SPMC must copy the contents of the TX buffer |
-| | to an internal temporary buffer before processing |
-| | its contents. The SPMC must implement hardened |
-| | input validation on data transmitted through the TX|
-| | buffer by an untrusted endpoint. |
-| | The TF-A SPMC mitigates this threat by enforcing |
-| | checks on data transmitted through RX/TX buffers. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 03 |
-+========================+====================================================+
-| ``Threat`` | **An endpoint may tamper with its own state or the |
-| | state of another endpoint.** |
-| | A malicious endpoint may attempt violating: |
-| | - its own or another SP state by using an unusual |
-| | combination (or out-of-order) FF-A function |
-| | invocations. |
-| | This can also be an endpoint emitting |
-| | FF-A function invocations to another endpoint while|
-| | the latter is not in a state to receive it (e.g. a |
-| | SP sends a direct request to the normal world early|
-| | while the normal world is not booted yet). |
-| | - the SPMC state itself by employing unexpected |
-| | transitions in FF-A memory sharing, direct requests|
-| | and responses, or handling of interrupts. |
-| | This can be led by random stimuli injection or |
-| | fuzzing. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMD, SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state, SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (12) | High (12) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC provides mitigation against such |
-| | threat by following the guidance for partition |
-| | runtime models as described in FF-A v1.1 EAC0 spec.|
-| | The SPMC performs numerous checks in runtime to |
-| | prevent illegal state transitions by adhering to |
-| | the partition runtime model. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 04 |
-+========================+====================================================+
-| ``Threat`` | *An attacker may attempt injecting errors by the |
-| | use of external DRAM stress techniques.** |
-| | A malicious agent may attempt toggling an SP |
-| | Stage-2 MMU descriptor bit within the page tables |
-| | that the SPMC manages. This can happen in Rowhammer|
-| | types of attack. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF7 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP or SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | Hardware attack |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | Low (2) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | Medium (8) | High (12) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | The TF-A SPMC does not provide mitigations to this |
-| | type of attack. It can be addressed by the use of |
-| | dedicated HW circuity or hardening at the chipset |
-| | or platform level left to the integrator. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 05 |
-+========================+====================================================+
-| ``Threat`` | **Protection of the SPMC from a DMA capable device |
-| | upstream to an SMMU.** |
-| | A device may attempt to tamper with the internal |
-| | SPMC code/data sections. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC or SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Elevation of privileges |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | High (12) | High (12) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | A platform may prefer assigning boot time, |
-| | statically alocated memory regions through the SMMU|
-| | configuration and page tables. The FF-A v1.1 |
-| | specification provisions this capability through |
-| | static DMA isolation. |
-| | The TF-A SPMC does not mitigate this threat. |
-| | It will adopt the static DMA isolation approach in |
-| | a future release. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 06 |
-+========================+====================================================+
-| ``Threat`` | **Replay fragments of past communication between |
-| | endpoints.** |
-| | A malicious endpoint may replay a message exchange |
-| | that occured between two legitimate endpoint as |
-| | a matter of triggering a malfunction or extracting |
-| | secrets from the receiving endpoint. In particular |
-| | the memory sharing operation with fragmented |
-| | messages between an endpoint and the SPMC may be |
-| | replayed by a malicious agent as a matter of |
-| | getting access or gaining permissions to a memory |
-| | region which does not belong to this agent. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | Information exchange |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Repdudiation |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | High (4) | High (4) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | High (12) | High (12) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 07 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may attempt to extract data |
-| | or state information by the use of invalid or |
-| | incorrect input arguments.** |
-| | Lack of input parameter validation or side effects |
-| | of maliciously forged input parameters might affect|
-| | the SPMC. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMD, SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP secrets, SPMC secrets, SP state, SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information discolure |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | High (12) | High (12) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | Secure Partitions must follow security standards |
-| | and best practises as a way to mitigate the risk |
-| | of common vulnerabilities to be exploited. |
-| | The use of software (canaries) or hardware |
-| | hardening techniques (XN, WXN, BTI, pointer |
-| | authentication, MTE) helps detecting and stopping |
-| | an exploitation early. |
-| | The TF-A SPMC mitigates this threat by implementing|
-| | stack protector, pointer authentication, BTI, XN, |
-| | WXN, security hardening techniques. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 08 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may forge a direct message |
-| | request such that it reveals the internal state of |
-| | another endpoint through the direct message |
-| | response.** |
-| | The secure partition or SPMC replies to a partition|
-| | message by a direct message response with |
-| | information which may reveal its internal state |
-| | (.e.g. partition message response outside of |
-| | allowed bounds). |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC or SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information discolure |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | Low (2) | Low (2) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | Medium (6) | Medium (6) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | For the specific case of direct requests targeting |
-| | the SPMC, the latter is hardened to prevent |
-| | its internal state or the state of an SP to be |
-| | revealed through a direct message response. |
-| | Further, SPMC performs numerous checks in runtime |
-| | on the basis of the rules established by partition |
-| | runtime models to stop any malicious attempts by |
-| | an endpoint to extract internal state of another |
-| | endpoint. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 09 |
-+========================+====================================================+
-| ``Threat`` | **Probing the FF-A communication between |
-| | endpoints.** |
-| | SPMC and SPs are typically loaded to external |
-| | memory (protected by a TrustZone memory |
-| | controller). A malicious agent may use non invasive|
-| | methods to probe the external memory bus and |
-| | extract the traffic between an SP and the SPMC or |
-| | among SPs when shared buffers are held in external |
-| | memory. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF7 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP/SPMC state, SP/SPMC secrets |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | Hardware attack |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information disclosure |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low (2) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (6) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | It is expected the platform or chipset provides |
-| | guarantees in protecting the DRAM contents. |
-| | The TF-A SPMC does not mitigate this class of |
-| | attack and this is left to the integrator. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 10 |
-+========================+====================================================+
-| ``Threat`` | **A malicious agent may attempt revealing the SPMC |
-| | state or secrets by the use of software-based cache|
-| | side-channel attack techniques.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF7 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP or SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information disclosure |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low (2) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (6) | Medium (6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | From an integration perspective it is assumed |
-| | platforms consuming the SPMC component at S-EL2 |
-| | (hence implementing the Armv8.4 FEAT_SEL2 |
-| | architecture extension) implement mitigations to |
-| | Spectre, Meltdown or other cache timing |
-| | side-channel type of attacks. |
-| | The TF-A SPMC implements one mitigation (barrier |
-| | preventing speculation past exeception returns). |
-| | The SPMC may be hardened further with SW |
-| | mitigations (e.g. speculation barriers) for the |
-| | cases not covered in HW. Usage of hardened |
-| | compilers and appropriate options, code inspection |
-| | are recommended ways to mitigate Spectre types of |
-| | attacks. For non-hardened cores, the usage of |
-| | techniques such a kernel page table isolation can |
-| | help mitigating Meltdown type of attacks. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 11 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may attempt flooding the |
-| | SPMC with requests targeting a service within an |
-| | endpoint such that it denies another endpoint to |
-| | access this service.** |
-| | Similarly, the malicious endpoint may target a |
-| | a service within an endpoint such that the latter |
-| | is unable to request services from another |
-| | endpoint. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
-| | Bounding the time for operations to complete can |
-| | be achieved by the usage of a trusted watchdog. |
-| | Other quality of service monitoring can be achieved|
-| | in the SPMC such as counting a number of operations|
-| | in a limited timeframe. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 12 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may attempt to allocate |
-| | notifications bitmaps in the SPMC, through the |
-| | FFA_NOTIFICATION_BITMAP_CREATE.** |
-| | This might be an attempt to exhaust SPMC's memory, |
-| | or to allocate a bitmap for a VM that was not |
-| | intended to receive notifications from SPs. Thus |
-| | creating the possibility for a channel that was not|
-| | meant to exist. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of service, Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium(9) | Medium(9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this threat by defining a |
-| | a fixed size pool for bitmap allocation. |
-| | It also limits the designated FF-A calls to be used|
-| | from NWd endpoints. |
-| | In the NWd the hypervisor is supposed to limit the |
-| | access to the designated FF-A call. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 13 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may attempt to destroy the |
-| | notifications bitmaps in the SPMC, through the |
-| | FFA_NOTIFICATION_BITMAP_DESTROY.** |
-| | This might be an attempt to tamper with the SPMC |
-| | state such that a partition isn't able to receive |
-| | notifications. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Low(4) | Low(4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this issue by limiting the |
-| | designated FF-A call to be issued by the NWd. |
-| | Also, the notifications bitmap can't be destroyed |
-| | if there are pending notifications. |
-| | In the NWd, the hypervisor must restrict the |
-| | NS-endpoints that can issue the designated call. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 14 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint might attempt to give |
-| | permissions to an unintended sender to set |
-| | notifications targeting another receiver using the |
-| | FF-A call FFA_NOTIFICATION_BIND.** |
-| | This might be an attempt to tamper with the SPMC |
-| | state such that an unintended, and possibly |
-| | malicious, communication channel is established. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium(6) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this by restricting |
-| | designated FFA_NOTIFICATION_BIND call to be issued |
-| | by the receiver only. The receiver is responsible |
-| | for allocating the notifications IDs to one |
-| | specific partition. |
-| | Also, receivers that are not meant to receive |
-| | notifications, must have notifications receipt |
-| | disabled in the respective partition's manifest. |
-| | As for calls coming from NWd, if the NWd VM has had|
-| | its bitmap allocated at initialization, the TF-A |
-| | SPMC can't guarantee this threat won't happen. |
-| | The Hypervisor must mitigate in the NWd, similarly |
-| | to SPMC for calls in SWd. Though, if the Hypervisor|
-| | has been compromised, the SPMC won't be able to |
-| | mitigate it for calls forwarded from NWd. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 15 |
-+========================+====================================================+
-| ``Threat`` | **A malicious partition endpoint might attempt to |
-| | set notifications that are not bound to it.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Low(4) | Low(4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this by checking the |
-| | sender's ID provided in the input to the call |
-| | FFA_NOTIFICATION_SET. The SPMC keeps track of which|
-| | notifications are bound to which sender, for a |
-| | given receiver. If the sender is an SP, the |
-| | provided sender ID must match the ID of the |
-| | currently running partition. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 16 |
-+========================+====================================================+
-| ``Threat`` | **A malicious partition endpoint might attempt to |
-| | get notifications that are not targeted to it.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Informational(1) | Informational(1)| |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this by checking the |
-| | receiver's ID provided in the input to the call |
-| | FFA_NOTIFICATION_GET. The SPMC keeps track of which|
-| | notifications are pending for each receiver. |
-| | The provided receiver ID must match the ID of the |
-| | currently running partition, if it is an SP. |
-| | For calls forwarded from NWd, the SPMC will return |
-| | the pending notifications if the receiver had its |
-| | bitmap created, and has pending notifications. |
-| | If Hypervisor or OS kernel are compromised, the |
-| | SPMC won't be able to mitigate calls from rogue NWd|
-| | endpoints. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 17 |
-+========================+====================================================+
-| ``Threat`` | **A malicious partition endpoint might attempt to |
-| | get the information about pending notifications, |
-| | through the FFA_NOTIFICATION_INFO_GET call.** |
-| | This call is meant to be used by the NWd FF-A |
-| | driver. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information disclosure |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium(6) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this by returning error to |
-| | calls made by SPs to FFA_NOTIFICATION_INFO_GET. |
-| | If Hypervisor or OS kernel are compromised, the |
-| | SPMC won't be able mitigate calls from rogue NWd |
-| | endpoints. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 18 |
-+========================+====================================================+
-| ``Threat`` | **A malicious partition endpoint might attempt to |
-| | flood another partition endpoint with notifications|
-| | hindering its operation.** |
-| | The intent of the malicious endpoint could be to |
-| | interfere with both the receiver's and/or primary |
-| | endpoint execution, as they can both be preempted |
-| | by the NPI and SRI, respectively. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, CPU cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | DoS |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium(6) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
-| | However, the impact is limited due to the |
-| | architecture: |
-| | - Notifications are not queued, one that has been |
-| | signaled needs to be retrieved by the receiver, |
-| | until it can be sent again. |
-| | - Both SRI and NPI can't be pended until handled |
-| | which limits the amount of spurious interrupts. |
-| | - A given receiver could only bind a maximum number|
-| | of notifications to a given sender, within a given |
-| | execution context. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 19 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may abuse FFA_RUN call to |
-| | resume or turn on other endpoint execution |
-| | contexts, attempting to alter the internal state of|
-| | SPMC and SPs, potentially leading to illegal state |
-| | transitions and deadlocks.** |
-| | An endpoint can call into another endpoint |
-| | execution context using FFA_MSG_SEND_DIRECT_REQ |
-| | ABI to create a call chain. A malicious endpoint |
-| | could abuse this to form loops in a call chain that|
-| | could lead to potential deadlocks. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC provides mitigation against such |
-| | threats by following the guidance for partition |
-| | runtime models as described in FF-A v1.1 EAC0 spec.|
-| | The SPMC performs numerous checks in runtime to |
-| | prevent illegal state transitions by adhering to |
-| | the partition runtime model. Further, if the |
-| | receiver endpoint is a predecessor of current |
-| | endpoint in the present call chain, the SPMC denies|
-| | any attempts to form loops by returning FFA_DENIED |
-| | error code. Only the primary scheduler is allowed |
-| | to turn on execution contexts of other partitions |
-| | though SPMC does not have the ability to |
-| | scrutinize its identity. Secure partitions have |
-| | limited ability to resume execution contexts of |
-| | other partitions based on the runtime model. Such |
-| | attempts cannot compromise the integrity of the |
-| | SPMC. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 20 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint can perform a |
-| | denial-of-service attack by using FFA_INTERRUPT |
-| | call that could attempt to cause the system to |
-| | crash or enter into an unknown state as no physical|
-| | interrupt could be pending for it to be handled in |
-| | the SPMC.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC provides mitigation against such |
-| | attack by detecting invocations from partitions |
-| | and simply returning FFA_ERROR status interface. |
-| | SPMC only allows SPMD to use FFA_INTERRUPT ABI to |
-| | communicate a pending secure interrupt triggered |
-| | while execution was in normal world. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 21 |
-+========================+====================================================+
-| ``Threat`` | **A malicious secure endpoint might deactivate a |
-| | (virtual) secure interrupt that was not originally |
-| | signaled by SPMC, thereby attempting to alter the |
-| | state of the SPMC and potentially lead to system |
-| | crash.** |
-| | SPMC maps the virtual interrupt ids to the physical|
-| | interrupt ids to keep the implementation of virtual|
-| | interrupt driver simple. |
-| | Similarly, a malicious secure endpoint might invoke|
-| | the deactivation ABI more than once for a secure |
-| | interrupt. Moreover, a malicious secure endpoint |
-| | might attempt to deactivate a (virtual) secure |
-| | interrupt that was signaled to another endpoint |
-| | execution context by the SPMC even before secure |
-| | interrupt was handled. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | At initialization, the TF-A SPMC parses the |
-| | partition manifests to find the target execution |
-| | context responsible for handling the various |
-| | secure physical interrupts. The TF-A SPMC provides |
-| | mitigation against above mentioned threats by: |
-| | |
-| | - Keeping track of each pending virtual interrupt |
-| | signaled to an execution context of a secure |
-| | secure partition. |
-| | - Denying any deactivation call from SP if there is|
-| | no pending physical interrupt mapped to the |
-| | given virtual interrupt. |
-| | - Denying any deactivation call from SP if the |
-| | virtual interrupt has not been signaled to the |
-| | current execution context. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 22 |
-+========================+====================================================+
-| ``Threat`` | **A malicious secure endpoint might not deactivate |
-| | a virtual interrupt signaled to it by the SPMC but |
-| | perform secure interrupt signal completion. This |
-| | attempt to corrupt the internal state of the SPMC |
-| | could lead to an unknown state and further lead to |
-| | system crash.** |
-| | Similarly, a malicious secure endpoint could |
-| | deliberately not perform either interrupt |
-| | deactivation or interrupt completion signal. Since,|
-| | the SPMC can only process one secure interrupt at a|
-| | time, this could choke the system where all |
-| | interrupts are indefinitely masked which could |
-| | potentially lead to system crash or reboot. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not provide mitigation against |
-| | such threat. This is a limitation of the current |
-| | SPMC implementation and needs to be handled in the |
-| | future releases. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 23 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint could leverage non-secure |
-| | interrupts to preempt a secure endpoint, thereby |
-| | attempting to render it unable to handle a secure |
-| | virtual interrupt targetted for it. This could lead|
-| | to priority inversion as secure virtual interrupts |
-| | are kept pending while non-secure interrupts are |
-| | handled by normal world VMs.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC alone does not provide mitigation |
-| | against such threats. System integrators must take |
-| | necessary high level design decisions that takes |
-| | care of interrupt prioritization. The SPMC performs|
-| | its role of enabling SPs to specify appropriate |
-| | action towards non-secure interrupt with the help |
-| | of partition manifest based on the guidance in the |
-| | FF-A v1.1 EAC0 specification. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 24 |
-+========================+====================================================+
-| ``Threat`` | **A secure endpoint depends on primary scheduler |
-| | for CPU cycles. A malicious endpoint could delay |
-| | the secure endpoint from being scheduled. Secure |
-| | interrupts, if not handled timely, could compromise|
-| | the state of SP and SPMC, thereby rendering the |
-| | system unresponsive.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not provide full mitigation |
-| | against such threats. However, based on the |
-| | guidance provided in the FF-A v1.1 EAC0 spec, SPMC |
-| | provisions CPU cycles to run a secure endpoint |
-| | execution context in SPMC schedule mode which |
-| | cannot be preempted by a non-secure interrupt. |
-| | This reduces the dependency on primary scheduler |
-| | for cycle allocation. Moreover, all further |
-| | interrupts are masked until pending secure virtual |
-| | interrupt on current CPU is handled. This allows SP|
-| | execution context to make progress even upon being |
-| | interrupted. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 25 |
-+========================+====================================================+
-| ``Threat`` | **A rogue FF-A endpoint can use memory sharing |
-| | calls to exhaust SPMC resources.** |
-| | For each on-going operation that involves an SP, |
-| | the SPMC allocates resources to track its state. |
-| | If the operation is never concluded, the resources |
-| | are never freed. |
-| | In the worst scenario, multiple operations that |
-| | never conclude may exhaust the SPMC resources to a |
-| | point in which renders memory sharing operations |
-| | impossible. This could affect other, non-harmful |
-| | FF-A endpoints, from legitimately using memory |
-| | share functionality. The intent might even be |
-| | to cause the SPMC to consume excessive CPU cycles, |
-| | attempting to make it deny its service to the NWd. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | High (4) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (16) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC uses a statically allocated pool of |
-| | memory to keep track of on-going memory sharing |
-| | operations. After a possible attack, this could |
-| | fail due to insufficient memory, and return an |
-| | error to the caller. At this point, any other |
-| | endpoint that requires use of memory sharing for |
-| | its operation could get itself in an unusable |
-| | state. |
-| | Regarding CPU cycles starving threat, the SPMC |
-| | doesn't provide any mitigation for this, as any |
-| | FF-A endpoint, at the virtual FF-A instance is |
-| | allowed to invoke memory share/lend/donate. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 26 |
-+========================+====================================================+
-| ``Threat`` | **A borrower may interfere with lender's |
-| | operation, if it terminates due to a fatal error |
-| | condition without releasing the memory |
-| | shared/lent.** |
-| | Such scenario may render the lender inoperable. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (12) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not provide mitigation for such |
-| | scenario. The FF-A endpoints must attempt to |
-| | relinquish memory shared/lent themselves in |
-| | case of failure. The memory used to track the |
-| | operation in the SPMC will also remain usuable. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 27 |
-+========================+====================================================+
-| ``Threat`` | **A rogue FF-A endpoint may attempt to tamper with |
-| | the content of the memory shared/lent, whilst |
-| | being accessed by other FF-A endpoints.** |
-| | It might attempt to do so: using one of the clear |
-| | flags, when either retrieving or relinquishing |
-| | access to the memory via the respective FF-A |
-| | calls; or directly accessing memory without |
-| | respecting the synchronization protocol between |
-| | all involved endpoints. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, FF-A endpoint |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service, Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low (2) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (6) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The first case defined in the threat, the TF-A |
-| | SPMC mitigates it, by ensuring a memory is cleared |
-| | only when all borrowers have relinquished access |
-| | to the memory, in a scenario involving multiple |
-| | borrowers. Also, if the receiver is granted RO, |
-| | permissions, the SPMC will reject any request |
-| | to clear memory on behalf of the borrower, by |
-| | returning an error to the respective FF-A call. |
-| | The second case defined in the threat can't be |
-| | mitigated by the SPMC. It is up to the NS/S FF-A |
-| | endpoints to establish a robust protocol for using |
-| | the shared memory. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 28 |
-+========================+====================================================+
-| ``Threat`` | **A rogue FF-A endpoint may attempt to share |
-| | memory that is not in its translation regime, or |
-| | attempt to specify attributes more permissive than |
-| | those it possesses at a given time.** |
-| | Both ways could be an attempt for escalating its |
-| | privileges. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, FF-A endpoint |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service, Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (12) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this threat by performing |
-| | sanity checks to the provided memory region |
-| | descriptor. |
-| | For operations at the virtual FF-A instance, and |
-| | once the full memory descriptor is provided, |
-| | the SPMC validates that the memory is part of the |
-| | caller's translation regime. The SPMC also checks |
-| | that the memory attributes provided are within |
-| | those the owner possesses, in terms of |
-| | permissiveness. If more permissive attributes are |
-| | specified, the SPMC returns an error |
-| | FFA_INVALID_PARAMETERS. The permissiveness rules |
-| | are enforced in any call to share/lend or donate |
-| | the memory, and in retrieve requests. |
-+------------------------+----------------------------------------------------+
-
---------------
-
-*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
-
-.. _Arm Firmware Framework for Arm A-profile: https://developer.arm.com/docs/den0077/latest
-.. _FF-A ACS: https://github.com/ARM-software/ff-a-acs/releases
-
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index 14c3172..608866c 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -25,13 +25,6 @@
/* ASN.1 tags */
#define ASN1_INTEGER 0x02
-#define return_if_error(rc) \
- do { \
- if (rc != 0) { \
- return rc; \
- } \
- } while (0)
-
#pragma weak plat_set_nv_ctr2
static int cmp_auth_param_type_desc(const auth_param_type_desc_t *a,
@@ -99,24 +92,37 @@
{
void *data_ptr, *hash_der_ptr;
unsigned int data_len, hash_der_len;
- int rc = 0;
+ int rc;
/* Get the hash from the parent image. This hash will be DER encoded
* and contain the hash algorithm */
rc = auth_get_param(param->hash, img_desc->parent,
&hash_der_ptr, &hash_der_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Get the data to be hashed from the current image */
rc = img_parser_get_auth_param(img_desc->img_type, param->data,
img, img_len, &data_ptr, &data_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Ask the crypto module to verify this hash */
rc = crypto_mod_verify_hash(data_ptr, data_len,
hash_der_ptr, hash_der_len);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
- return rc;
+ return 0;
}
/*
@@ -153,22 +159,34 @@
void *data_ptr, *pk_ptr, *cnv_pk_ptr, *pk_plat_ptr, *sig_ptr, *sig_alg_ptr, *pk_oid;
unsigned int data_len, pk_len, cnv_pk_len, pk_plat_len, sig_len, sig_alg_len;
unsigned int flags = 0;
- int rc = 0;
+ int rc;
/* Get the data to be signed from current image */
rc = img_parser_get_auth_param(img_desc->img_type, param->data,
img, img_len, &data_ptr, &data_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Get the signature from current image */
rc = img_parser_get_auth_param(img_desc->img_type, param->sig,
img, img_len, &sig_ptr, &sig_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Get the signature algorithm from current image */
rc = img_parser_get_auth_param(img_desc->img_type, param->alg,
img, img_len, &sig_alg_ptr, &sig_alg_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Get the public key from the parent. If there is no parent (NULL),
* the certificate has been signed with the ROTPK, so we have to get
@@ -176,7 +194,11 @@
if (img_desc->parent != NULL) {
rc = auth_get_param(param->pk, img_desc->parent,
&pk_ptr, &pk_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
} else {
/*
* Root certificates are signed with the ROTPK, so we have to
@@ -184,7 +206,11 @@
*/
rc = plat_get_rotpk_info(param->pk->cookie, &pk_plat_ptr,
&pk_plat_len, &flags);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
assert(is_rotpk_flags_valid(flags));
@@ -192,7 +218,11 @@
rc = img_parser_get_auth_param(img_desc->img_type,
param->pk, img, img_len,
&pk_ptr, &pk_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/*
* Validate the certificate's key against the platform ROTPK.
@@ -211,7 +241,11 @@
* suffixed or modified pk
*/
rc = crypto_mod_convert_pk(pk_ptr, pk_len, &cnv_pk_ptr, &cnv_pk_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/*
* The hash of the certificate's public key must match
@@ -219,7 +253,11 @@
*/
rc = crypto_mod_verify_hash(cnv_pk_ptr, cnv_pk_len,
pk_plat_ptr, pk_plat_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
} else {
/* Platform supports full ROTPK */
if ((pk_len != pk_plat_len) ||
@@ -245,7 +283,8 @@
*/
rc = plat_mboot_measure_key(pk_oid, pk_ptr, pk_len);
if (rc != 0) {
- WARN("Public Key measurement failure = %d\n", rc);
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
}
}
@@ -254,8 +293,13 @@
sig_ptr, sig_len,
sig_alg_ptr, sig_alg_len,
pk_ptr, pk_len);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
- return rc;
+ return 0;
}
/*
@@ -283,14 +327,18 @@
void *data_ptr = NULL;
unsigned int data_len, len, i;
unsigned int plat_nv_ctr;
- int rc = 0;
+ int rc;
bool is_trial_run = false;
/* Get the counter value from current image. The AM expects the IPM
* to return the counter value as a DER encoded integer */
rc = img_parser_get_auth_param(img_desc->img_type, param->cert_nv_ctr,
img, img_len, &data_ptr, &data_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Parse the DER encoded integer */
assert(data_ptr);
@@ -329,7 +377,11 @@
/* Get the counter from the platform */
rc = plat_get_nv_ctr(param->plat_nv_ctr->cookie, &plat_nv_ctr);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
if (*cert_nv_ctr < plat_nv_ctr) {
/* Invalid NV-counter */
@@ -417,7 +469,11 @@
/* Ask the parser to check the image integrity */
rc = img_parser_check_integrity(img_desc->img_type, img_ptr, img_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Authenticate the image using the methods indicated in the image
* descriptor. */
@@ -449,7 +505,11 @@
rc = 1;
break;
}
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
- return_if_error(rc);
}
/*
@@ -459,7 +519,11 @@
if (need_nv_ctr_upgrade && sig_auth_done) {
rc = plat_set_nv_ctr2(nv_ctr_param->plat_nv_ctr->cookie,
img_desc, cert_nv_ctr);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
}
/* Extract the parameters indicated in the image descriptor to
@@ -474,7 +538,11 @@
rc = img_parser_get_auth_param(img_desc->img_type,
img_desc->authenticated_data[i].type_desc,
img_ptr, img_len, ¶m_ptr, ¶m_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Check parameter size */
if (param_len > img_desc->authenticated_data[i].data.len) {
@@ -495,8 +563,8 @@
param_ptr,
param_len);
if (rc != 0) {
- WARN("Public Key measurement "
- "failure = %d\n", rc);
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
}
}
}
diff --git a/drivers/auth/cryptocell/712/cryptocell_crypto.c b/drivers/auth/cryptocell/712/cryptocell_crypto.c
deleted file mode 100644
index bba13f8..0000000
--- a/drivers/auth/cryptocell/712/cryptocell_crypto.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/*
- * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <stddef.h>
-#include <string.h>
-
-#include <mbedtls/oid.h>
-#include <mbedtls/x509.h>
-
-#include <arch_helpers.h>
-#include <common/debug.h>
-#include <drivers/arm/cryptocell/712/crypto_driver.h>
-#include <drivers/arm/cryptocell/712/rsa.h>
-#include <drivers/arm/cryptocell/712/sbrom_bsv_api.h>
-#include <drivers/arm/cryptocell/712/secureboot_base_func.h>
-#include <drivers/arm/cryptocell/712/secureboot_gen_defs.h>
-#include <drivers/arm/cryptocell/712/util.h>
-#include <drivers/auth/crypto_mod.h>
-#include <drivers/auth/mbedtls/mbedtls_common.h>
-#include <lib/utils.h>
-
-#include <platform_def.h>
-
-#define LIB_NAME "CryptoCell 712 SBROM"
-#define RSA_SALT_LEN 32
-#define RSA_EXPONENT 65537
-
-/*
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL
- * }
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING
- * }
- *
- * DigestInfo ::= SEQUENCE {
- * digestAlgorithm AlgorithmIdentifier,
- * digest OCTET STRING
- * }
- *
- * RSASSA-PSS-params ::= SEQUENCE {
- * hashAlgorithm [0] HashAlgorithm,
- * maskGenAlgorithm [1] MaskGenAlgorithm,
- * saltLength [2] INTEGER,
- * trailerField [3] TrailerField DEFAULT trailerFieldBC
- * }
- */
-
-/*
- * Initialize the library and export the descriptor
- */
-static void init(void)
-{
- CCError_t ret;
- uint32_t lcs;
-
- /* Initialize CC SBROM */
- ret = CC_BsvSbromInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvSbromInit() error %x\n", ret);
- panic();
- }
-
- /* Initialize lifecycle state */
- ret = CC_BsvLcsGetAndInit((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvLcsGetAndInit() error %x\n", ret);
- panic();
- }
-
- /* If the lifecyclestate is `SD`, then stop further execution */
- if (lcs == CC_BSV_SECURITY_DISABLED_LCS) {
- ERROR("CryptoCell LCS is security-disabled\n");
- panic();
- }
-}
-
-/*
- * Verify a signature.
- *
- * Parameters are passed using the DER encoding format following the ASN.1
- * structures detailed above.
- */
-static int verify_signature(void *data_ptr, unsigned int data_len,
- void *sig_ptr, unsigned int sig_len,
- void *sig_alg, unsigned int sig_alg_len,
- void *pk_ptr, unsigned int pk_len)
-{
- CCError_t error;
- CCSbNParams_t pk;
- CCSbSignature_t signature;
- int rc, exp, expected_salt_len;
- mbedtls_asn1_buf sig_oid, alg_oid, params;
- mbedtls_md_type_t md_alg, mgf1_hash_id;
- mbedtls_pk_type_t pk_alg;
- size_t len;
- uint8_t *p, *end;
- /* Temp buf to store the public key modulo (N) in LE format */
- uint32_t RevN[SB_RSA_MOD_SIZE_IN_WORDS];
-
- /* Verify the signature algorithm */
- /* Get pointers to signature OID and parameters */
- p = sig_alg;
- end = p + sig_alg_len;
- rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, ¶ms);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Get the actual signature algorithm (MD + PK) */
- rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* The CryptoCell only supports RSASSA-PSS signature */
- if ((pk_alg != MBEDTLS_PK_RSASSA_PSS) || (md_alg != MBEDTLS_MD_NONE)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Verify the RSASSA-PSS params */
- /* The trailer field is verified to be 0xBC internally by this API */
- rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg,
- &mgf1_hash_id,
- &expected_salt_len);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* The CryptoCell only supports SHA256 as hash algorithm */
- if ((md_alg != MBEDTLS_MD_SHA256) || (mgf1_hash_id != MBEDTLS_MD_SHA256)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (expected_salt_len != RSA_SALT_LEN) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Parse the public key */
- p = pk_ptr;
- end = p + pk_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- end = p + len;
- rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (pk_alg != MBEDTLS_PK_RSA) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (*p == 0) {
- p++; len--;
- }
-
- if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /*
- * The CCSbVerifySignature() API expects N and Np in BE format and
- * the signature in LE format. Copy N from certificate.
- */
- memcpy(pk.N, p, RSA_MOD_SIZE_IN_BYTES);
-
- /* Verify the RSA exponent */
- p += len;
- rc = mbedtls_asn1_get_int(&p, end, &exp);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (exp != RSA_EXPONENT) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /*
- * Calculate the Np (Barrett n' value). The RSA_CalcNp() API expects
- * N in LE format. Hence reverse N into a temporary buffer `RevN`.
- */
- UTIL_ReverseMemCopy((uint8_t *)RevN, (uint8_t *)pk.N, sizeof(RevN));
-
- RSA_CalcNp((uintptr_t)PLAT_CRYPTOCELL_BASE, RevN, pk.Np);
-
- /* Np is in LE format. Reverse it to BE */
- UTIL_ReverseBuff((uint8_t *)pk.Np, sizeof(pk.Np));
-
- /* Get the signature (bitstring) */
- p = sig_ptr;
- end = p + sig_len;
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /*
- * The signature is BE format. Convert it to LE before calling
- * CCSbVerifySignature().
- */
- UTIL_ReverseMemCopy((uint8_t *)signature.sig, p, RSA_MOD_SIZE_IN_BYTES);
-
- /*
- * CryptoCell utilises DMA internally to transfer data. Flush the data
- * from caches.
- */
- flush_dcache_range((uintptr_t)data_ptr, data_len);
-
- /* Verify the signature */
- error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
- (uint32_t *)data_ptr, &pk, &signature,
- data_len, RSA_PSS);
- if (error != CC_OK) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Signature verification success */
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Match a hash
- *
- * Digest info is passed in DER format following the ASN.1 structure detailed
- * above.
- */
-static int verify_hash(void *data_ptr, unsigned int data_len,
- void *digest_info_ptr, unsigned int digest_info_len)
-{
- mbedtls_asn1_buf hash_oid, params;
- mbedtls_md_type_t md_alg;
- uint8_t *p, *end, *hash;
- CCHashResult_t pubKeyHash;
- size_t len;
- int rc;
- CCError_t error;
-
- /* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
- p = digest_info_ptr;
- end = p + digest_info_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Get the hash algorithm */
- rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, ¶ms);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Verify that hash algorithm is SHA256 */
- if (md_alg != MBEDTLS_MD_SHA256) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Hash should be octet string type */
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Length of hash must match the algorithm's size */
- if (len != HASH_RESULT_SIZE_IN_BYTES) {
- return CRYPTO_ERR_HASH;
- }
-
- /*
- * CryptoCell utilises DMA internally to transfer data. Flush the data
- * from caches.
- */
- flush_dcache_range((uintptr_t)data_ptr, data_len);
-
- hash = p;
- error = SBROM_CryptoHash((uintptr_t)PLAT_CRYPTOCELL_BASE,
- (uintptr_t)data_ptr, data_len, pubKeyHash);
- if (error != CC_OK) {
- return CRYPTO_ERR_HASH;
- }
-
- rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Register crypto library descriptor
- */
-REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL, NULL);
-
diff --git a/drivers/auth/cryptocell/712/cryptocell_plat_helpers.c b/drivers/auth/cryptocell/712/cryptocell_plat_helpers.c
deleted file mode 100644
index 53d77db..0000000
--- a/drivers/auth/cryptocell/712/cryptocell_plat_helpers.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <assert.h>
-#include <stddef.h>
-#include <string.h>
-
-#include <platform_def.h>
-
-#include <plat/common/platform.h>
-#include <tools_share/tbbr_oid.h>
-
-#include <common/debug.h>
-#include <drivers/arm/cryptocell/712/sbrom_bsv_api.h>
-#include <drivers/arm/cryptocell/712/nvm.h>
-#include <drivers/arm/cryptocell/712/nvm_otp.h>
-
-/*
- * Return the ROTPK hash
- *
- * dst: buffer into which the ROTPK hash will be copied into
- * len: length of the provided buffer, which must be at least enough for a
- * SHA256 hash
- * flags: a pointer to integer that will be set to indicate the ROTPK status
- *
- * Return: 0 = success, Otherwise = error
- */
-int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
-{
- CCError_t error;
- uint32_t lcs;
-
- assert(dst != NULL);
- assert(len >= HASH_RESULT_SIZE_IN_WORDS);
- assert(flags != NULL);
-
- error = NVM_GetLCS(PLAT_CRYPTOCELL_BASE, &lcs);
- if (error != CC_OK)
- return 1;
-
- /* If the lifecycle state is `SD`, return failure */
- if (lcs == CC_BSV_SECURITY_DISABLED_LCS)
- return 1;
-
- /*
- * If the lifecycle state is `CM` or `DM`, ROTPK shouldn't be verified.
- * Return success after setting ROTPK_NOT_DEPLOYED flag
- */
- if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) ||
- (lcs == CC_BSV_DEVICE_MANUFACTURE_LCS)) {
- *flags = ROTPK_NOT_DEPLOYED;
- return 0;
- }
-
- /* Copy the DER header */
- error = NVM_ReadHASHPubKey(PLAT_CRYPTOCELL_BASE,
- CC_SB_HASH_BOOT_KEY_256B,
- (uint32_t *)dst, HASH_RESULT_SIZE_IN_WORDS);
- if (error != CC_OK)
- return 1;
-
- *flags = ROTPK_IS_HASH;
- return 0;
-}
-
-/*
- * Return the non-volatile counter value stored in the platform. The cookie
- * specifies the OID of the counter in the certificate.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER1, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER2, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
-/*
- * Store a new non-volatile counter value in the counter specified by the OID
- * in the cookie. This function is not expected to be called if the Lifecycle
- * state is RMA as the values in the certificate are expected to always match
- * the nvcounter values. But if called when the LCS is RMA, the underlying
- * helper functions will return success but without updating the counter.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER1, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER2, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
diff --git a/drivers/auth/cryptocell/713/cryptocell_crypto.c b/drivers/auth/cryptocell/713/cryptocell_crypto.c
deleted file mode 100644
index 6601b3a..0000000
--- a/drivers/auth/cryptocell/713/cryptocell_crypto.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- * Copyright (c) 2017-2023 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <assert.h>
-#include <stddef.h>
-#include <string.h>
-
-#include <mbedtls/oid.h>
-#include <mbedtls/x509.h>
-
-#include <drivers/arm/cryptocell/713/bsv_api.h>
-#include <drivers/arm/cryptocell/713/bsv_crypto_asym_api.h>
-#include <drivers/auth/crypto_mod.h>
-
-#include <platform_def.h>
-
-#define LIB_NAME "CryptoCell 713 SBROM"
-#define RSA_SALT_LEN 32
-#define RSA_EXPONENT 65537
-
-/*
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL
- * }
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING
- * }
- *
- * DigestInfo ::= SEQUENCE {
- * digestAlgorithm AlgorithmIdentifier,
- * digest OCTET STRING
- * }
- *
- * RSASSA-PSS-params ::= SEQUENCE {
- * hashAlgorithm [0] HashAlgorithm,
- * maskGenAlgorithm [1] MaskGenAlgorithm,
- * saltLength [2] INTEGER,
- * trailerField [3] TrailerField DEFAULT trailerFieldBC
- * }
- */
-
-/*
- * Initialize the library and export the descriptor
- */
-static void init(void)
-{
- CCError_t ret;
- uint32_t lcs;
-
- /* Initialize CC SBROM */
- ret = CC_BsvInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvInit() error %x\n", ret);
- panic();
- }
-
- /* Initialize lifecycle state */
- ret = CC_BsvGetAndInitLcs((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvGetAndInitLcs() error %x\n", ret);
- panic();
- }
-}
-
-/*
- * Verify a signature.
- *
- * Parameters are passed using the DER encoding format following the ASN.1
- * structures detailed above.
- */
-static int verify_signature(void *data_ptr, unsigned int data_len,
- void *sig_ptr, unsigned int sig_len,
- void *sig_alg, unsigned int sig_alg_len,
- void *pk_ptr, unsigned int pk_len)
-{
- CCError_t error;
- CCBsvNBuff_t NBuff;
- CCBsvSignature_t signature;
- int rc, exp, expected_salt_len;
- mbedtls_asn1_buf sig_oid, alg_oid, params;
- mbedtls_md_type_t md_alg, mgf1_hash_id;
- mbedtls_pk_type_t pk_alg;
-
- size_t len;
- uint8_t *p, *end;
- CCHashResult_t digest;
- CCBool_t is_verified;
- /* This is a rather large array, we don't want it on stack */
- static uint32_t workspace[BSV_RSA_WORKSPACE_MIN_SIZE];
-
- /* Verify the signature algorithm */
- /* Get pointers to signature OID and parameters */
- p = sig_alg;
- end = p + sig_alg_len;
- rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, ¶ms);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Get the actual signature algorithm (MD + PK) */
- rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* The CryptoCell only supports RSASSA-PSS signature */
- if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Verify the RSASSA-PSS params */
- /* The trailer field is verified to be 0xBC internally by this API */
- rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg,
- &mgf1_hash_id,
- &expected_salt_len);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* The CryptoCell only supports SHA256 as hash algorithm */
- if (md_alg != MBEDTLS_MD_SHA256 ||
- mgf1_hash_id != MBEDTLS_MD_SHA256) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (expected_salt_len != RSA_SALT_LEN) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Parse the public key */
- p = pk_ptr;
- end = p + pk_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- end = p + len;
- rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (pk_alg != MBEDTLS_PK_RSA) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (*p == 0) {
- p++; len--;
- }
- if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /*
- * Copy N from certificate.
- */
- memcpy(NBuff, p, BSV_CERT_RSA_KEY_SIZE_IN_BYTES);
-
- /* Verify the RSA exponent */
- p += len;
- rc = mbedtls_asn1_get_int(&p, end, &exp);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (exp != RSA_EXPONENT) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Get the signature (bitstring) */
- p = sig_ptr;
- end = p + sig_len;
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /*
- * Copy the signature (in BE format)
- */
- memcpy((uint8_t *)signature, p, BSV_CERT_RSA_KEY_SIZE_IN_BYTES);
-
- error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE,
- data_ptr, data_len, digest);
- if (error != CC_OK) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Verify the signature */
- error = CC_BsvRsaPssVerify((uintptr_t)PLAT_CRYPTOCELL_BASE, NBuff,
- NULL, signature, digest, workspace,
- BSV_RSA_WORKSPACE_MIN_SIZE, &is_verified);
- if ((error != CC_OK) || (is_verified != CC_TRUE)) {
- return CRYPTO_ERR_SIGNATURE;
- }
-
- /* Signature verification success */
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Match a hash
- *
- * Digest info is passed in DER format following the ASN.1 structure detailed
- * above.
- */
-static int verify_hash(void *data_ptr, unsigned int data_len,
- void *digest_info_ptr, unsigned int digest_info_len)
-{
- mbedtls_asn1_buf hash_oid, params;
- mbedtls_md_type_t md_alg;
- uint8_t *p, *end, *hash;
- CCHashResult_t pubKeyHash;
- size_t len;
- int rc;
- CCError_t error;
-
- /* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
- p = digest_info_ptr;
- end = p + digest_info_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Get the hash algorithm */
- rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, ¶ms);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Verify that hash algorithm is SHA256 */
- if (md_alg != MBEDTLS_MD_SHA256) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Hash should be octet string type */
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- /* Length of hash must match the algorithm's size */
- if (len != HASH_RESULT_SIZE_IN_BYTES) {
- return CRYPTO_ERR_HASH;
- }
-
- hash = p;
- error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE, data_ptr,
- data_len, pubKeyHash);
- if (error != CC_OK) {
- return CRYPTO_ERR_HASH;
- }
-
- rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
- if (rc != 0) {
- return CRYPTO_ERR_HASH;
- }
-
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Register crypto library descriptor
- */
-REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL, NULL);
diff --git a/drivers/auth/cryptocell/713/cryptocell_plat_helpers.c b/drivers/auth/cryptocell/713/cryptocell_plat_helpers.c
deleted file mode 100644
index 17e1280..0000000
--- a/drivers/auth/cryptocell/713/cryptocell_plat_helpers.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <assert.h>
-#include <stddef.h>
-#include <string.h>
-
-#include <plat/common/platform.h>
-#include <tools_share/tbbr_oid.h>
-
-#include <lib/libc/endian.h>
-#include <drivers/arm/cryptocell/713/bsv_api.h>
-#include <drivers/arm/cryptocell/713/bsv_error.h>
-
-/*
- * Return the ROTPK hash
- *
- * Return: 0 = success, Otherwise = error
- */
-int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
-{
- CCError_t error;
- uint32_t lcs;
- int i;
- uint32_t *key = (uint32_t *)dst;
-
- assert(dst != NULL);
- assert(len >= HASH_RESULT_SIZE_IN_WORDS);
- assert(flags != NULL);
-
- error = CC_BsvLcsGet(PLAT_CRYPTOCELL_BASE, &lcs);
- if (error != CC_OK)
- return 1;
-
- if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) || (lcs == CC_BSV_RMA_LCS)) {
- *flags = ROTPK_NOT_DEPLOYED;
- return 0;
- }
-
- error = CC_BsvPubKeyHashGet(PLAT_CRYPTOCELL_BASE,
- CC_SB_HASH_BOOT_KEY_256B,
- key, HASH_RESULT_SIZE_IN_WORDS);
-
- if (error == CC_BSV_HASH_NOT_PROGRAMMED_ERR) {
- *flags = ROTPK_NOT_DEPLOYED;
- return 0;
- }
-
- if (error == CC_OK) {
-
- /* Keys are stored in OTP in little-endian format */
- for (i = 0; i < HASH_RESULT_SIZE_IN_WORDS; i++)
- key[i] = le32toh(key[i]);
-
- *flags = ROTPK_IS_HASH;
- return 0;
- }
-
- return 1;
-}
-
-/*
- * Return the non-volatile counter value stored in the platform. The cookie
- * specifies the OID of the counter in the certificate.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_TRUSTED, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_NON_TRUSTED, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
-/*
- * Store a new non-volatile counter value in the counter specified by the OID
- * in the cookie. This function is not expected to be called if the Lifecycle
- * state is RMA as the values in the certificate are expected to always match
- * the nvcounter values. But if called when the LCS is RMA, the underlying
- * helper functions will return success but without updating the counter.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_TRUSTED, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_NON_TRUSTED, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
diff --git a/drivers/auth/cryptocell/cryptocell_crypto.mk b/drivers/auth/cryptocell/cryptocell_crypto.mk
deleted file mode 100644
index db39047..0000000
--- a/drivers/auth/cryptocell/cryptocell_crypto.mk
+++ /dev/null
@@ -1,40 +0,0 @@
-#
-# Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
-#
-# SPDX-License-Identifier: BSD-3-Clause
-#
-
-include drivers/auth/mbedtls/mbedtls_common.mk
-
-# The algorithm is RSA when using Cryptocell crypto driver
-TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA
-
-# Needs to be set to drive mbed TLS configuration correctly
-$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
-
-$(eval $(call add_define,KEY_SIZE))
-
-# CCSBROM_LIB_PATH must be set to the Cryptocell SBROM library path
-ifeq (${CCSBROM_LIB_PATH},)
- $(error Error: CCSBROM_LIB_PATH not set)
-endif
-
-CRYPTOCELL_VERSION ?= 712
-ifeq (${CRYPTOCELL_VERSION},712)
- CCSBROM_LIB_FILENAME := cc_712sbromx509
-else ifeq (${CRYPTOCELL_VERSION},713)
- CCSBROM_LIB_FILENAME := cc_713bsv
-else
- $(error Error: CRYPTOCELL_VERSION set to invalid version)
-endif
-
-CRYPTOCELL_SRC_DIR := drivers/auth/cryptocell/${CRYPTOCELL_VERSION}/
-
-CRYPTOCELL_SOURCES := ${CRYPTOCELL_SRC_DIR}/cryptocell_crypto.c \
- ${CRYPTOCELL_SRC_DIR}/cryptocell_plat_helpers.c
-
-TF_LDFLAGS += -L$(CCSBROM_LIB_PATH)
-LDLIBS += -l$(CCSBROM_LIB_FILENAME)
-
-BL1_SOURCES += ${CRYPTOCELL_SOURCES}
-BL2_SOURCES += ${CRYPTOCELL_SOURCES}
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index e380c86..a2c6430 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -21,7 +21,8 @@
# Specify mbed TLS configuration file
ifeq (${MBEDTLS_MAJOR}, 2)
- MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-2.h>"
+ $(info Deprecation Notice: Please migrate to Mbedtls version 3.x (refer to TF-A documentation for the exact version number))
+ MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-2.h>"
else ifeq (${MBEDTLS_MAJOR}, 3)
ifeq (${PSA_CRYPTO},1)
MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
diff --git a/drivers/renesas/common/io/io_rcar.c b/drivers/renesas/common/io/io_rcar.c
index 45ef386..66662c1 100644
--- a/drivers/renesas/common/io/io_rcar.c
+++ b/drivers/renesas/common/io/io_rcar.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -84,6 +84,29 @@
#define RCAR_COUNT_LOAD_BL33 (2U)
#define RCAR_COUNT_LOAD_BL33X (3U)
+#define CHECK_IMAGE_AREA_CNT (7U)
+#define BOOT_BL2_ADDR (0xE6304000U)
+#define BOOT_BL2_LENGTH (0x19000U)
+
+typedef struct {
+ uintptr_t dest;
+ uintptr_t length;
+} addr_loaded_t;
+
+static addr_loaded_t addr_loaded[CHECK_IMAGE_AREA_CNT] = {
+ [0] = {BOOT_BL2_ADDR, BOOT_BL2_LENGTH},
+ [1] = {BL31_BASE, RCAR_TRUSTED_SRAM_SIZE},
+#ifndef SPD_NONE
+ [2] = {BL32_BASE, BL32_SIZE}
+#endif
+};
+
+#ifndef SPD_NONE
+static uint32_t addr_loaded_cnt = 3;
+#else
+static uint32_t addr_loaded_cnt = 2;
+#endif
+
static const plat_rcar_name_offset_t name_offset[] = {
{BL31_IMAGE_ID, 0U, RCAR_ATTR_SET_ALL(0, 0, 0)},
@@ -244,8 +267,16 @@
dstl = cert + RCAR_CERT_INFO_DST_OFFSET;
break;
}
+ val = mmio_read_32(size);
+ if (val > (UINT32_MAX / 4)) {
+ ERROR("BL2: %s[%d] uint32 overflow!\n",
+ __func__, __LINE__);
+ *dst = 0;
+ *len = 0;
+ return;
+ }
- *len = mmio_read_32(size) * 4U;
+ *len = val * 4U;
dsth = dstl + 4U;
*dst = ((uintptr_t) mmio_read_32(dsth) << 32) +
((uintptr_t) mmio_read_32(dstl));
@@ -253,7 +284,14 @@
}
size = cert + RCAR_CERT_INFO_SIZE_OFFSET;
- *len = mmio_read_32(size) * 4U;
+ val = mmio_read_32(size);
+ if (val > (UINT32_MAX / 4)) {
+ ERROR("BL2: %s[%d] uint32 overflow!\n", __func__, __LINE__);
+ *dst = 0;
+ *len = 0;
+ return;
+ }
+ *len = val * 4U;
dstl = cert + RCAR_CERT_INFO_DST_OFFSET;
dsth = dstl + 4U;
*dst = ((uintptr_t) mmio_read_32(dsth) << 32) +
@@ -266,17 +304,18 @@
uintptr_t dram_start, dram_end;
uintptr_t prot_start, prot_end;
int32_t result = IO_SUCCESS;
+ int n;
- dram_start = legacy ? DRAM1_BASE : DRAM_40BIT_BASE;
+ dram_start = legacy ? DRAM1_NS_BASE : DRAM_40BIT_BASE;
- dram_end = legacy ? DRAM1_BASE + DRAM1_SIZE :
+ dram_end = legacy ? DRAM1_NS_BASE + DRAM1_NS_SIZE :
DRAM_40BIT_BASE + DRAM_40BIT_SIZE;
prot_start = legacy ? DRAM_PROTECTED_BASE : DRAM_40BIT_PROTECTED_BASE;
prot_end = prot_start + DRAM_PROTECTED_SIZE;
- if (dst < dram_start || dst > dram_end - len) {
+ if (dst < dram_start || len > dram_end || dst > dram_end - len) {
ERROR("BL2: dst address is on the protected area.\n");
result = IO_FAIL;
goto done;
@@ -286,12 +325,54 @@
if (dst >= prot_start && dst < prot_end) {
ERROR("BL2: dst address is on the protected area.\n");
result = IO_FAIL;
+ goto done;
+ }
+
+ if (len > prot_start || (dst < prot_start && dst > prot_start - len)) {
+ ERROR("BL2: %s[%d] loaded data is on the protected area.\n",
+ __func__, __LINE__);
+ result = IO_FAIL;
+ goto done;
}
- if (dst < prot_start && dst > prot_start - len) {
- ERROR("BL2: loaded data is on the protected area.\n");
+ if (addr_loaded_cnt >= CHECK_IMAGE_AREA_CNT) {
+ ERROR("BL2: max loadable non secure images reached\n");
result = IO_FAIL;
+ goto done;
+ }
+
+ addr_loaded[addr_loaded_cnt].dest = dst;
+ addr_loaded[addr_loaded_cnt].length = len;
+ for (n = 0; n < addr_loaded_cnt; n++) {
+ /*
+ * Check if next image invades a previous loaded image
+ *
+ * IMAGE n: area from previous image: dest| IMAGE n |length
+ * IMAGE n+1: area from next image: dst | IMAGE n |len
+ *
+ * 1. check:
+ * | IMAGE n |
+ * | IMAGE n+1 |
+ * 2. check:
+ * | IMAGE n |
+ * | IMAGE n+1 |
+ * 3. check:
+ * | IMAGE n |
+ * | IMAGE n+1 |
+ */
+ if (((dst >= addr_loaded[n].dest) &&
+ (dst <= addr_loaded[n].dest + addr_loaded[n].length)) ||
+ ((dst + len >= addr_loaded[n].dest) &&
+ (dst + len <= addr_loaded[n].dest + addr_loaded[n].length)) ||
+ ((dst <= addr_loaded[n].dest) &&
+ (dst + len >= addr_loaded[n].dest + addr_loaded[n].length))) {
+ ERROR("BL2: next image overlap a previous image area.\n");
+ result = IO_FAIL;
+ goto done;
+ }
}
+ addr_loaded_cnt++;
+
done:
if (result == IO_FAIL) {
ERROR("BL2: Out of range : dst=0x%lx len=0x%lx\n", dst, len);
@@ -435,17 +516,17 @@
#endif
rcar_image_number = header[0];
- for (i = 0; i < rcar_image_number + 2; i++) {
- rcar_image_header[i] = header[i * 2 + 1];
- rcar_image_header_prttn[i] = header[i * 2 + 2];
- }
-
if (rcar_image_number == 0 || rcar_image_number > RCAR_MAX_BL3X_IMAGE) {
WARN("Firmware Image Package header check failed.\n");
rc = IO_FAIL;
goto error;
}
+ for (i = 0; i < rcar_image_number + 2; i++) {
+ rcar_image_header[i] = header[i * 2 + 1];
+ rcar_image_header_prttn[i] = header[i * 2 + 2];
+ }
+
rc = io_seek(handle, IO_SEEK_SET, offset + RCAR_SECTOR6_CERT_OFFSET);
if (rc != IO_SUCCESS) {
WARN("Firmware Image Package header failed to seek cert\n");
@@ -517,13 +598,6 @@
rcar_read_certificate((uint64_t) cert, &len, &dst);
- /* Baylibre: HACK */
- if (spec->offset == BL31_IMAGE_ID && len < RCAR_TRUSTED_SRAM_SIZE) {
- WARN("%s,%s\n", "r-car ignoring the BL31 size from certificate",
- "using RCAR_TRUSTED_SRAM_SIZE instead");
- len = RCAR_TRUSTED_SRAM_SIZE;
- }
-
current_file.partition = partition;
current_file.no_load = noload;
current_file.offset = offset;
diff --git a/fdts/fvp-base-psci-common.dtsi b/fdts/fvp-base-psci-common.dtsi
index 79cf37d..583bba7 100644
--- a/fdts/fvp-base-psci-common.dtsi
+++ b/fdts/fvp-base-psci-common.dtsi
@@ -27,11 +27,12 @@
#address-cells = <2>;
#size-cells = <2>;
+ chosen {
+ stdout-path = "serial0:115200n8";
#if (ENABLE_RME == 1)
- chosen { bootargs = "console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=on";};
-#else
- chosen {};
+ bootargs = "console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=on";
#endif
+ };
aliases {
serial0 = &v2m_serial0;
@@ -243,6 +244,9 @@
<0 0 39 &gic 0 GIC_SPI 39 IRQ_TYPE_LEVEL_HIGH>,
<0 0 40 &gic 0 GIC_SPI 40 IRQ_TYPE_LEVEL_HIGH>,
<0 0 41 &gic 0 GIC_SPI 41 IRQ_TYPE_LEVEL_HIGH>,
- <0 0 42 &gic 0 GIC_SPI 42 IRQ_TYPE_LEVEL_HIGH>;
+ <0 0 42 &gic 0 GIC_SPI 42 IRQ_TYPE_LEVEL_HIGH>,
+ <0 0 43 &gic 0 GIC_SPI 43 IRQ_TYPE_LEVEL_HIGH>,
+ <0 0 44 &gic 0 GIC_SPI 44 IRQ_TYPE_LEVEL_HIGH>,
+ <0 0 46 &gic 0 GIC_SPI 46 IRQ_TYPE_LEVEL_HIGH>;
};
};
diff --git a/fdts/rtsm_ve-motherboard.dtsi b/fdts/rtsm_ve-motherboard.dtsi
index 0a824b3..5a34aae 100644
--- a/fdts/rtsm_ve-motherboard.dtsi
+++ b/fdts/rtsm_ve-motherboard.dtsi
@@ -230,6 +230,25 @@
interrupts = <42>;
};
+ virtio@140000 {
+ compatible = "virtio,mmio";
+ reg = <0x140000 0x200>;
+ interrupts = <43>;
+ };
+
+ virtio@150000 {
+ compatible = "virtio,mmio";
+ reg = <0x150000 0x200>;
+ interrupts = <44>;
+ };
+
+ virtio@200000 {
+ compatible = "virtio,mmio";
+ reg = <0x200000 0x200>;
+ interrupts = <46>;
+ status = "disabled";
+ };
+
rtc@170000 {
compatible = "arm,pl031", "arm,primecell";
reg = <0x170000 0x1000>;
diff --git a/include/drivers/arm/cryptocell/712/cc_crypto_boot_defs.h b/include/drivers/arm/cryptocell/712/cc_crypto_boot_defs.h
deleted file mode 100644
index 2cb8938..0000000
--- a/include/drivers/arm/cryptocell/712/cc_crypto_boot_defs.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_CRYPTO_BOOT_DEFS_H
-#define _CC_CRYPTO_BOOT_DEFS_H
-
-/*! @file
-@brief This file contains SBROM definitions
-*/
-
-/*! Version counters value. */
-typedef enum {
-
- CC_SW_VERSION_COUNTER1 = 1, /*!< Counter 1 - trusted version. */
- CC_SW_VERSION_COUNTER2, /*!< Counter 2 - non trusted version. */
-
- CC_SW_VERSION_MAX = 0x7FFFFFFF
-
-} CCSbSwVersionId_t;
-
-/* HASH boot key definition */
-typedef enum {
- CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< 128-bit truncated SHA256 digest of public key 0. */
- CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< 128-bit truncated SHA256 digest of public key 1. */
- CC_SB_HASH_BOOT_KEY_256B = 2, /*!< 256-bit SHA256 digest of public key. */
- CC_SB_HASH_BOOT_NOT_USED = 0xFF,
- CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!\internal use external 128-bit truncated SHA256 digest */
-} CCSbPubKeyIndexType_t;
-
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/cc_pal_sb_plat.h b/include/drivers/arm/cryptocell/712/cc_pal_sb_plat.h
deleted file mode 100644
index 212a710..0000000
--- a/include/drivers/arm/cryptocell/712/cc_pal_sb_plat.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/*!
-@file
-@brief This file contains the platform-dependent definitions that are used in the SBROM code.
-*/
-
-#ifndef _CC_PAL_SB_PLAT_H
-#define _CC_PAL_SB_PLAT_H
-
-#include "cc_pal_types.h"
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
-typedef uint64_t CCDmaAddr_t;
-/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
-typedef uintptr_t CCAddr_t;
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/cc_pal_types.h b/include/drivers/arm/cryptocell/712/cc_pal_types.h
deleted file mode 100644
index 8c09b23..0000000
--- a/include/drivers/arm/cryptocell/712/cc_pal_types.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef CC_PAL_TYPES_H
-#define CC_PAL_TYPES_H
-
-/*!
-@file
-@brief This file contains platform-dependent definitions and types.
-*/
-
-#include "cc_pal_types_plat.h"
-
-typedef enum {
- CC_FALSE = 0,
- CC_TRUE = 1
-} CCBool;
-
-#define CC_SUCCESS 0UL
-#define CC_FAIL 1UL
-
-#define CC_1K_SIZE_IN_BYTES 1024
-#define CC_BITS_IN_BYTE 8
-#define CC_BITS_IN_32BIT_WORD 32
-#define CC_32BIT_WORD_SIZE (sizeof(uint32_t))
-
-#define CC_OK CC_SUCCESS
-
-#define CC_UNUSED_PARAM(prm) ((void)prm)
-
-#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
-
-#define CALC_FULL_BYTES(numBits) (((numBits) + (CC_BITS_IN_BYTE - 1))/CC_BITS_IN_BYTE)
-#define CALC_FULL_32BIT_WORDS(numBits) (((numBits) + (CC_BITS_IN_32BIT_WORD - 1))/CC_BITS_IN_32BIT_WRD)
-#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) (((sizeBytes) + CC_32BIT_WORD_SIZE - 1)/CC_32BIT_WORD_SIZE)
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/cc_pal_types_plat.h b/include/drivers/arm/cryptocell/712/cc_pal_types_plat.h
deleted file mode 100644
index f6d41d7..0000000
--- a/include/drivers/arm/cryptocell/712/cc_pal_types_plat.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/*! @file
-@brief This file contains basic type definitions that are platform-dependent.
-*/
-#ifndef _CC_PAL_TYPES_PLAT_H
-#define _CC_PAL_TYPES_PLAT_H
-/* Host specific types for standard (ISO-C99) compliant platforms */
-
-#include <stddef.h>
-#include <stdint.h>
-
-typedef uint32_t CCStatus;
-
-#define CCError_t CCStatus
-#define CC_INFINITE 0xFFFFFFFF
-
-#define CEXPORT_C
-#define CIMPORT_C
-
-#endif /*_CC_PAL_TYPES_PLAT_H*/
diff --git a/include/drivers/arm/cryptocell/712/cc_sec_defs.h b/include/drivers/arm/cryptocell/712/cc_sec_defs.h
deleted file mode 100644
index d419218..0000000
--- a/include/drivers/arm/cryptocell/712/cc_sec_defs.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_SEC_DEFS_H
-#define _CC_SEC_DEFS_H
-
-/*!
-@file
-@brief This file contains general hash definitions and types.
-*/
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! The hashblock size in words. */
-#define HASH_BLOCK_SIZE_IN_WORDS 16
-/*! The hash - SHA2 results in words. */
-#define HASH_RESULT_SIZE_IN_WORDS 8
-#define HASH_RESULT_SIZE_IN_BYTES 32
-
-/*! Definition for hash result array. */
-typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/crypto_driver.h b/include/drivers/arm/cryptocell/712/crypto_driver.h
deleted file mode 100644
index 18104dd..0000000
--- a/include/drivers/arm/cryptocell/712/crypto_driver.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CRYPTO_DRIVER_H
-#define _CRYPTO_DRIVER_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_sb_plat.h"
-#include "cc_sec_defs.h"
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-/*!
- * @brief This function gives the functionality of integrated hash
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- * @param[out] hashResult - the HASH result.
- *
- */
-CCError_t SBROM_CryptoHash(unsigned long hwBaseAddress, CCDmaAddr_t inputDataAddr, uint32_t BlockSize,
- CCHashResult_t hashResult);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/nvm.h b/include/drivers/arm/cryptocell/712/nvm.h
deleted file mode 100644
index a70289f..0000000
--- a/include/drivers/arm/cryptocell/712/nvm.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _NVM__H
-#define _NVM__H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_crypto_boot_defs.h"
-#include "cc_pal_types.h"
-#include "cc_sec_defs.h"
-
-/*------------------------------------
- DEFINES
--------------------------------------*/
-
-/**
- * @brief This function reads the LCS from the SRAM/NVM
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in/out] lcs_ptr - pointer to memory to store the LCS
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-CCError_t NVM_GetLCS(unsigned long hwBaseAddress, uint32_t *lcs_ptr);
-
-/**
- * @brief The NVM_ReadHASHPubKey function is a NVM interface function -
- * The function retrieves the HASH of the device Public key from the SRAM/NVM
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in] pubKeyIndex - Index of HASH in the OTP
- *
- * @param[out] PubKeyHASH - the public key HASH.
- *
- * @param[in] hashSizeInWords - hash size (valid values: 4W, 8W)
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-
-CCError_t NVM_ReadHASHPubKey(unsigned long hwBaseAddress, CCSbPubKeyIndexType_t pubKeyIndex, CCHashResult_t PubKeyHASH, uint32_t hashSizeInWords);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/nvm_otp.h b/include/drivers/arm/cryptocell/712/nvm_otp.h
deleted file mode 100644
index 390d62b..0000000
--- a/include/drivers/arm/cryptocell/712/nvm_otp.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _NVM_OTP_H
-#define _NVM_OTP_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_crypto_boot_defs.h"
-#include "cc_pal_types.h"
-
-/*------------------------------------
- DEFINES
--------------------------------------*/
-
-
-
-/**
- * @brief The NVM_GetSwVersion function is a NVM interface function -
- * The function retrieves the SW version from the SRAM/NVM.
- * In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in] counterId - relevant only for OTP (valid values: 1,2)
- *
- * @param[out] swVersion - the minimum SW version
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-CCError_t NVM_GetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t *swVersion);
-
-
-/**
- * @brief The NVM_SetSwVersion function is a NVM interface function -
- * The function writes the SW version into the SRAM/NVM.
- * In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in] counterId - relevant only for OTP (valid values: 1,2)
- *
- * @param[in] swVersion - the minimum SW version
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-CCError_t NVM_SetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t swVersion);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/rsa.h b/include/drivers/arm/cryptocell/712/rsa.h
deleted file mode 100644
index 825214d..0000000
--- a/include/drivers/arm/cryptocell/712/rsa.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef RSA_H
-#define RSA_H
-
-/*
- * All the includes that are needed for code using this module to
- * compile correctly should be #included here.
- */
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-
-/************************ Defines ******************************/
-
-/* the modulus size in bits */
-#if (KEY_SIZE == 2048)
-#define RSA_MOD_SIZE_IN_BITS 2048UL
-#elif (KEY_SIZE == 3072)
-#define RSA_MOD_SIZE_IN_BITS 3072UL
-#else
-#error Unsupported CryptoCell key size requested
-#endif
-
-#define RSA_MOD_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_MOD_SIZE_IN_BITS))
-#define RSA_MOD_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_MOD_SIZE_IN_BITS))
-#define RSA_MOD_SIZE_IN_256BITS (RSA_MOD_SIZE_IN_WORDS/8)
-#define RSA_EXP_SIZE_IN_BITS 17UL
-#define RSA_EXP_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_EXP_SIZE_IN_BITS))
-
-/*
- * @brief The RSA_CalcNp calculates Np value and saves it into Np_ptr:
- *
- *
-
- * @param[in] hwBaseAddress - HW base address. Relevant for HW
- * implementation, for SW it is ignored.
- * @N_ptr[in] - The pointer to the modulus buffer.
- * @Np_ptr[out] - pointer to Np vector buffer. Its size must be >= 160.
- */
-void RSA_CalcNp(unsigned long hwBaseAddress,
- uint32_t *N_ptr,
- uint32_t *Np_ptr);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/sbrom_bsv_api.h b/include/drivers/arm/cryptocell/712/sbrom_bsv_api.h
deleted file mode 100644
index de83546..0000000
--- a/include/drivers/arm/cryptocell/712/sbrom_bsv_api.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _SBROM_BSV_API_H
-#define _SBROM_BSV_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! @file
-@brief This file contains all SBROM library APIs and definitions.
-*/
-#include "cc_pal_types.h"
-
-/* Life cycle state definitions */
-#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< CM lifecycle value. */
-#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< DM lifecycle value. */
-#define CC_BSV_SECURITY_DISABLED_LCS 0x3 /*!< SD lifecycle value. */
-#define CC_BSV_SECURE_LCS 0x5 /*!< Secure lifecycle value. */
-#define CC_BSV_RMA_LCS 0x7 /*!< RMA lifecycle value. */
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/*!
-@brief This function should be the first ARM TrustZone CryptoCell TEE SBROM library API called.
-It verifies the HW product and version numbers.
-
-@return CC_OK On success.
-@return A non-zero value from sbrom_bsv_error.h on failure.
-*/
-CCError_t CC_BsvSbromInit(
- unsigned long hwBaseAddress /*!< [in] HW registers base address. */
- );
-
-
-/*!
-@brief This function can be used for checking the LCS value, after CC_BsvLcsGetAndInit was called by the Boot ROM.
-
-@return CC_OK On success.
-@return A non-zero value from sbrom_bsv_error.h on failure.
-*/
-CCError_t CC_BsvLcsGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- uint32_t *pLcs /*!< [out] Returned lifecycle state. */
- );
-
-/*!
-@brief This function retrieves the HW security lifecycle state, performs validity checks,
-and additional initializations in case the LCS is RMA (sets the Kce to fixed value).
-\note Invalid LCS results in an error returned.
-In this case, the customer's code must completely disable the device.
-
-@return CC_OK On success.
-@return A non-zero value from sbrom_bsv_error.h on failure.
-*/
-CCError_t CC_BsvLcsGetAndInit(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- uint32_t *pLcs /*!< [out] Returned lifecycle state. */
- );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/secureboot_base_func.h b/include/drivers/arm/cryptocell/712/secureboot_base_func.h
deleted file mode 100644
index 6db596e..0000000
--- a/include/drivers/arm/cryptocell/712/secureboot_base_func.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _SECURE_BOOT_BASE_FUNC_H
-#define _SECURE_BOOT_BASE_FUNC_H
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-#include "secureboot_gen_defs.h"
-
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/**
- * @brief This function calculates the HASH over the given data and than verify
- * RSA signature on that hashed data
- *
- * @param[in] hwBaseAddr - CryptoCell base address
- * @param[in] pData - pointer to the data to be verified
- * @param[in] pNParams - a pointer to the public key parameters
- * @param[in] pSignature - a pointer to the signature structure
- * @param[in] sizeOfData - size of the data to calculate the HASH on (in bytes)
- * @param[in] RSAAlg - RSA algorithm to use
- *
- * @return CCError_t - On success the value CC_OK is returned,
- * on failure - a value from BootImagesVerifier_error.h
- */
-CCError_t CCSbVerifySignature(unsigned long hwBaseAddress,
- uint32_t *pData,
- CCSbNParams_t *pNParams,
- CCSbSignature_t *pSignature,
- uint32_t sizeOfData,
- CCSbRsaAlg_t RSAAlg);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h b/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h
deleted file mode 100644
index ed1f283..0000000
--- a/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _SECURE_BOOT_GEN_DEFS_H
-#define _SECURE_BOOT_GEN_DEFS_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! @file
-@brief This file contains all of the definitions and structures that are used for the secure boot.
-*/
-
-#include "cc_pal_sb_plat.h"
-#include "cc_sec_defs.h"
-
-
-/* General definitions */
-/***********************/
-
-/*RSA definitions*/
-#if (KEY_SIZE == 2048)
-#define SB_RSA_MOD_SIZE_IN_WORDS 64
-#elif (KEY_SIZE == 3072)
-#define SB_RSA_MOD_SIZE_IN_WORDS 96
-#else
-#error Unsupported CryptoCell key size requested
-#endif
-
-#define SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS 5
-
-
-/*! Public key data structure. */
-typedef struct {
- uint32_t N[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< N public key, big endian representation. */
- uint32_t Np[SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS]; /*!< Np (Barrett n' value). */
-} CCSbNParams_t;
-
-/*! Signature structure. */
-typedef struct {
- uint32_t sig[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< RSA PSS signature. */
-} CCSbSignature_t;
-
-
-/********* Supported algorithms definitions ***********/
-
-/*! RSA supported algorithms */
-/* Note: this applies to either 2k or 3k based on CryptoCell SBROM library
- * version - it means 2k in version 1 and 3k in version 2 (yes, really).
- */
-typedef enum {
- RSA_PSS = 0x01, /*!< RSA PSS after hash SHA 256 */
- RSA_PKCS15 = 0x02, /*!< RSA PKX15 */
- RSA_Last = 0x7FFFFFFF
-} CCSbRsaAlg_t;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/util.h b/include/drivers/arm/cryptocell/712/util.h
deleted file mode 100644
index 18fb599..0000000
--- a/include/drivers/arm/cryptocell/712/util.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef UTIL_H
-#define UTIL_H
-
-/*
- * All the includes that are needed for code using this module to
- * compile correctly should be #included here.
- */
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/************************ Defines ******************************/
-
-/* invers the bytes on a word- used for output from HASH */
-#ifdef BIG__ENDIAN
-#define UTIL_INVERSE_UINT32_BYTES(val) (val)
-#else
-#define UTIL_INVERSE_UINT32_BYTES(val) \
- (((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
-#endif
-
-/* invers the bytes on a word - used for input data for HASH */
-#ifdef BIG__ENDIAN
-#define UTIL_REVERT_UINT32_BYTES(val) \
- (((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
-#else
-#define UTIL_REVERT_UINT32_BYTES(val) (val)
-#endif
-
- /* ------------------------------------------------------------
- **
- * @brief This function executes a reverse bytes copying from one buffer to another buffer.
- *
- * @param[in] dst_ptr - The pointer to destination buffer.
- * @param[in] src_ptr - The pointer to source buffer.
- * @param[in] size - The size in bytes.
- *
- */
-
-void UTIL_ReverseMemCopy(uint8_t *dst_ptr, uint8_t *src_ptr, uint32_t size);
-
-
- /* ------------------------------------------------------------
- **
- * @brief This function executes a reversed byte copy on a specified buffer.
- *
- * on a 6 byte byffer:
- *
- * buff[5] <---> buff[0]
- * buff[4] <---> buff[1]
- * buff[3] <---> buff[2]
- *
- * @param[in] dst_ptr - The counter buffer.
- * @param[in] src_ptr - The counter size in bytes.
- *
- */
-void UTIL_ReverseBuff(uint8_t *buff_ptr, uint32_t size);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/713/bsv_api.h b/include/drivers/arm/cryptocell/713/bsv_api.h
deleted file mode 100644
index dc49473..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_api.h
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_API_H
-#define _BSV_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file contains the Boot Services APIs and definitions.
-
-@defgroup cc_bsv_api CryptoCell Boot Services APIs and definitions
-@{
-@ingroup cc_bsv
-*/
-
-#include "cc_pal_types.h"
-#include "cc_sec_defs.h"
-#include "cc_boot_defs.h"
-
-/* Life cycle state definitions. */
-#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< The CM life-cycle state (LCS) value. */
-#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< The DM life-cycle state (LCS) value. */
-#define CC_BSV_SECURE_LCS 0x5 /*!< The Secure life-cycle state (LCS) value. */
-#define CC_BSV_RMA_LCS 0x7 /*!< The RMA life-cycle state (LCS) value. */
-#define CC_BSV_INVALID_LCS 0xff /*!< The invalid life-cycle state (LCS) value. */
-
-/*----------------------------
- TYPES
------------------------------------*/
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-
-/*!
-@brief This function verifies the product and version numbers of the HW, and initializes it.
-
-\warning This function must be the first CryptoCell-7xx SBROM library API called.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvInit(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-
-/*!
-@brief This function retrieves the HW LCS and performs validity checks.
-
-If the LCS is RMA, it also sets the OTP secret keys to a fixed value.
-
-@note An error is returned if there is an invalid LCS. If this happens, your code must
-completely disable the device.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvGetAndInitLcs(
- unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- uint32_t *pLcs /*!< [out] The value of the current LCS. */
- );
-
-/*!
-@brief This function retrieves the LCS from the NVM manager.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvLcsGet(
- unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- uint32_t *pLcs /*!< [out] The value of the current LCS. */
- );
-
-/*!
-@brief This function reads software revocation counter from OTP memory, according to the provided sw version index.
-SW version is stored in NVM counter and represented by ones. Meaning seVersion=5 would be stored as binary 0b11111;
-hence:
- the maximal of trusted is 32
- the maximal of non-trusted is 224
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSwVersionGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCSbSwVersionId_t id, /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
- uint32_t *swVersion /*!< [out] The value of the requested counter as read from OTP memory. */
- );
-
-/*!
-@brief This function sets the NVM counter according to swVersionID (trusted/non-trusted).
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSwVersionSet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCSbSwVersionId_t id, /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
- uint32_t swVersion /*!< [in] New value of the counter to be programmed in OTP memory. */
- );
-
-/*!
-@brief This function sets the "fatal error" flag in the NVM manager, to disable the use of
-any HW keys or security services.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvFatalErrorSet(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-
-/*!
-@brief This function retrieves the public key hash from OTP memory, according to the provided index.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvPubKeyHashGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCSbPubKeyIndexType_t keyIndex, /*!< [in] Enumeration defining the key hash to retrieve: 128-bit HBK0, 128-bit HBK1, or 256-bit HBK. */
- uint32_t *hashedPubKey, /*!< [out] A buffer to contain the public key HASH. */
- uint32_t hashResultSizeWords /*!< [in] The size of the hash in 32-bit words:
- - Must be 4 for 128-bit hash.
- - Must be 8 for 256bit hash. */
- );
-
-/*!
-@brief This function permanently sets the RMA LCS for the ICV and the OEM.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvRMAModeEnable(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-
-/*!
-@brief This function is called by the ICV code, to disable the OEM code from changing the ICV RMA bit flag.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvICVRMAFlagBitLock(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-
-/*!
-@brief This function locks the defined ICV class keys from further usage.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvICVKeyLock(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCBool_t isICVProvisioningKeyLock, /*!< [in] Should the provisioning key be locked. */
- CCBool_t isICVCodeEncKeyLock /*!< [in] Should the encryption key be locked. */
- );
-
-
-/*!
-@brief This function retrieves the value of "secure disable" bit.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSecureDisableGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCBool_t *isSDEnabled /*!< [out] The value of the SD Enable bit. */
- );
-
-
-/*!
-@brief This function derives the platform key (Kplt) from the Kpicv, and then decrypts the customer key (Kcst)
-from the EKcst (burned in the OTP). The decryption is done only in Secure and RMA LCS mode using AES-ECB.
-The customer ROM should invoke this function during early boot, prior to running any non-ROM code, only if Kcst exists.
-The resulting Kcst is saved in a HW register.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvCustomerKeyDecrypt(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-#ifdef __cplusplus
-}
-#endif
-
-/*!
-@brief This function derives the unique SoC_ID for the device, as hashed (Hbk || AES_CMAC (HUK)).
-
-@note SoC_ID is required to create debug certificates.
-
-The OEM or ICV must provide a method for a developer to discover the SoC_ID of a target
-device without having to first enable debugging.
-One suggested implementation is to have the device ROM code compute the SoC_ID and place
-it in a specific location in the flash memory, from where it can be accessed by the developer.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSocIDCompute(
- unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- CCHashResult_t hashResult /*!< [out] The derived SoC_ID. */
- );
-
-#endif /* _BSV_API_H */
-
-/**
-@}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/bsv_crypto_api.h b/include/drivers/arm/cryptocell/713/bsv_crypto_api.h
deleted file mode 100644
index 1e60579..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_crypto_api.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_CRYPTO_API_H
-#define _BSV_CRYPTO_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file contains the cryptographic ROM APIs of the Boot Services.
-
-@defgroup cc_bsv_crypto_api CryptoCell Boot Services cryptographic ROM APIs
-@{
-@ingroup cc_bsv
-*/
-
-#include "cc_pal_types.h"
-#include "cc_sec_defs.h"
-#include "cc_address_defs.h"
-#include "bsv_crypto_defs.h"
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/*!
-@brief This function calculates the SHA-256 digest over contiguous memory
-in an integrated operation.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSha256(
- unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- uint8_t *pDataIn, /*!< [in] A pointer to the input buffer to be hashed. The buffer must be contiguous. */
- size_t dataSize, /*!< [in] The size of the data to be hashed, in bytes. */
- CCHashResult_t hashBuff /*!< [out] A pointer to a word-aligned 32-byte buffer. */
- );
-
-
-/*!
-@brief This function allows you to calculate SHA256 digest of an image with decryption base on AES-CTR,
-with HW or user key.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure. (in this case, hashBuff will be returned clean, while the output data should be cleaned by the user).
-*/
-CCError_t CC_BsvCryptoImageDecrypt( unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- CCBsvflowMode_t flow, /*!< [in] The supported operations are: HASH, AES to HASH, AES and HASH. */
- CCBsvKeyType_t keyType, /*!< [in] The key type to use: Kce, Kceicv, or user key. */
- uint8_t *pUserKey, /*!< [in] A pointer to the user key buffer in case keyType is CC_BSV_USER_KEY. */
- size_t userKeySize, /*!< [in] The user key size in bytes (128bits) in case keyType is CC_BSV_USER_KEY. */
- uint8_t *pIvBuf, /*!< [in] A pointer to the IV / counter buffer. */
- uint8_t *pInputData, /*!< [in] A pointer to the input data. */
- uint8_t *pOutputData, /*!< [out] A pointer to the output buffer. (optional – should be null in case of hash only). */
- size_t dataSize, /*!< [in] The size of the input data in bytes. MUST be multiple of AES block size. */
- CCHashResult_t hashBuff /*!< [out] A pointer to a word-aligned 32-byte digest output buffer. */
- );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h b/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h
deleted file mode 100644
index 406e1ef..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_CRYPTO_ASYM_API_H
-#define _BSV_CRYPTO_ASYM_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file contains the cryptographic Asymmetric ROM APIs of the Boot Services.
-
-@defgroup cc_bsv_crypto_asym_api CryptoCell Boot Services cryptographic Asymmetric ROM APIs
-@{
-@ingroup cc_bsv
-*/
-
-#include "cc_pal_types.h"
-#include "cc_pka_hw_plat_defs.h"
-#include "cc_sec_defs.h"
-#include "bsv_crypto_api.h"
-
-/*! Defines the workspace size in bytes needed for internal Asymmetric operations. */
-#define BSV_RSA_WORKSPACE_MIN_SIZE (4*BSV_CERT_RSA_KEY_SIZE_IN_BYTES +\
- 2*RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES)
-
-/*! Definition for the RSA public modulus array. */
-typedef uint32_t CCBsvNBuff_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
-
-/*! Definition for the RSA Barrett mod tag array. */
-typedef uint32_t CCBsvNpBuff_t[RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES];
-
-/*! Definition for the RSA signature array. */
-typedef uint32_t CCBsvSignature_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
-
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/*!
-@brief This function performs the primitive operation of RSA, meaning exponent and modulus.
- outBuff = (pInBuff ^ Exp) mod NBuff. ( Exp = 0x10001 )
-
- The function supports 2k and 3K bit size of modulus, based on compile time define.
- There are no restriction on pInBuff location, however its size must be equal to BSV_RSA_KEY_SIZE_IN_BYTES and its
- value must be smaller than the modulus.
-
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvRsaPrimVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- CCBsvNBuff_t NBuff, /*!< [in] The modulus buffer big endian format. */
- CCBsvNpBuff_t NpBuff, /*!< [in] The barret tag buffer big endian format - optional. */
- uint32_t *pInBuff, /*!< [in] The DataIn buffer to be encrypted. */
- size_t inBuffSize, /*!< [in] The DataIn buffer size in bytes, must be BSV_RSA_KEY_SIZE_IN_BYTES. */
- CCBsvSignature_t pOutBuff, /*!< [out] The encrypted buffer in big endian format. */
- uint32_t *pWorkSpace, /*!< [in] The pointer to user allocated buffer for internal use. */
- size_t workBufferSize /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
-);
-
-
-/*!
-@brief This function performs RSA PSS verify.
-
- The function should support 2k and 3K bit size of modulus, based on compile time define.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvRsaPssVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- CCBsvNBuff_t NBuff, /*!< [in] The modulus buffer big endian format. */
- CCBsvNpBuff_t NpBuff, /*!< [in] The barret tag buffer big endian format - optional. */
- CCBsvSignature_t signature, /*!< [in] The signature buffer to verify - big endian format. */
- CCHashResult_t hashedData, /*!< [in] The data-in buffer to be verified as sha256 digest. */
- uint32_t *pWorkSpace, /*!< [in] The pointer to user allocated buffer for internal use. */
- size_t workBufferSize, /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
- CCBool_t *pIsVerified /*!< [out] The flag indicates whether the signature is verified or not.
- If verified value will be CC_TRUE, otherwise CC_FALSE */
-);
-
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h b/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h
deleted file mode 100644
index 9ea354d..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_CRYPTO_DEFS_H
-#define _BSV_CRYPTO_DEFS_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file contains the definitions of the cryptographic ROM APIs.
-
-@defgroup cc_bsv_crypto_defs CryptoCell Boot Services cryptographic ROM API definitions
-@{
-@ingroup cc_bsv
-*/
-
-/*! AES supported HW key code table. */
-typedef enum {
-
- CC_BSV_USER_KEY = 0, /*!< Definition for a user key. */
- CC_BSV_HUK_KEY = 1, /*!< Definition for the HW unique key. */
- CC_BSV_RTL_KEY = 2, /*!< Definition for the RTL key. */
- CC_BSV_SESSION_KEY = 3, /*!< Definition for the Session key. */
- CC_BSV_CE_KEY = 4, /*!< Definition for the Kce. */
- CC_BSV_PLT_KEY = 5, /*!< Definition for the Platform key. */
- CC_BSV_KCST_KEY = 6, /*!< Definition for Kcst. */
- CC_BSV_ICV_PROV_KEY = 0xd, /*!< Definition for the Kpicv. */
- CC_BSV_ICV_CE_KEY = 0xe, /*!< Definition for the Kceicv. */
- CC_BSV_PROV_KEY = 0xf, /*!< Definition for the Kcp. */
- CC_BSV_END_OF_KEY_TYPE = INT32_MAX, /*!< Reserved. */
-}CCBsvKeyType_t;
-
-/*! AES directions. */
-typedef enum bsvAesDirection {
- BSV_AES_DIRECTION_ENCRYPT = 0, /*!< Encrypt.*/
- BSV_AES_DIRECTION_DECRYPT = 1, /*!< Decrypt.*/
- BSV_AES_NUM_OF_ENCRYPT_MODES, /*!< The maximal number of operations. */
- BSV_AES_DIRECTION_RESERVE32B = INT32_MAX /*!< Reserved.*/
-}bsvAesDirection_t;
-
-/*! Definitions of the cryptographic flow supported as part of the Secure Boot. */
-typedef enum {
- CC_BSV_CRYPTO_HASH_MODE = 0, /*!< Hash mode only. */
- CC_BSV_CRYPTO_AES_CTR_AND_HASH_MODE = 1, /*!< Data goes into the AES and Hash engines. */
- CC_BSV_CRYPTO_AES_CTR_TO_HASH_MODE = 2 /*!< Data goes into the AES and from the AES to the Hash engine. */
-}CCBsvflowMode_t;
-
-/*! CryptoImage HW completion sequence mode */
-typedef enum
-{
- BSV_CRYPTO_COMPLETION_NO_WAIT = 0, /*!< The driver waits only before reading the output. */
- BSV_CRYPTO_COMPLETION_WAIT_UPON_END = 1 /*!< The driver waits after each chunk of data. */
-}bsvCryptoCompletionMode_t;
-
-
-/*! AES-CMAC result size, in words. */
-#define CC_BSV_CMAC_RESULT_SIZE_IN_WORDS 4 /* 128b */
-/*! AES-CMAC result size, in bytes. */
-#define CC_BSV_CMAC_RESULT_SIZE_IN_BYTES 16 /* 128b */
-/*! AES-CCM 128bit key size, in bytes. */
-#define CC_BSV_CCM_KEY_SIZE_BYTES 16
-/*! AES-CCM 128bit key size, in words. */
-#define CC_BSV_CCM_KEY_SIZE_WORDS 4
-/*! AES-CCM NONCE size, in bytes. */
-#define CC_BSV_CCM_NONCE_SIZE_BYTES 12
-
-
-/*! AES-CMAC result buffer. */
-typedef uint32_t CCBsvCmacResult_t[CC_BSV_CMAC_RESULT_SIZE_IN_WORDS];
-/*! AES-CCM key buffer.*/
-typedef uint32_t CCBsvCcmKey_t[CC_BSV_CCM_KEY_SIZE_WORDS];
-/*! AES-CCM nonce buffer.*/
-typedef uint8_t CCBsvCcmNonce_t[CC_BSV_CCM_NONCE_SIZE_BYTES];
-/*! AES-CCM MAC buffer.*/
-typedef uint8_t CCBsvCcmMacRes_t[CC_BSV_CMAC_RESULT_SIZE_IN_BYTES];
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/bsv_error.h b/include/drivers/arm/cryptocell/713/bsv_error.h
deleted file mode 100644
index 4d72e60..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_error.h
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_ERROR_H
-#define _BSV_ERROR_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file defines the error code types that are returned from the Boot Services APIs.
-
-@defgroup cc_bsv_error CryptoCell Boot Services error codes
-@{
-@ingroup cc_bsv
-*/
-
-/*! Defines the base address for Boot Services errors. */
-#define CC_BSV_BASE_ERROR 0x0B000000
-/*! Defines the base address for Boot Services cryptographic errors. */
-#define CC_BSV_CRYPTO_ERROR 0x0C000000
-
-/*! Illegal input parameter. */
-#define CC_BSV_ILLEGAL_INPUT_PARAM_ERR (CC_BSV_BASE_ERROR + 0x00000001)
-/*! Illegal HUK value. */
-#define CC_BSV_ILLEGAL_HUK_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000002)
-/*! Illegal Kcp value. */
-#define CC_BSV_ILLEGAL_KCP_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000003)
-/*! Illegal Kce value. */
-#define CC_BSV_ILLEGAL_KCE_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000004)
-/*! Illegal Kpicv value. */
-#define CC_BSV_ILLEGAL_KPICV_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000005)
-/*! Illegal Kceicv value. */
-#define CC_BSV_ILLEGAL_KCEICV_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000006)
-/*! Illegal EKcst value. */
-#define CC_BSV_ILLEGAL_EKCST_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000007)
-/*! Hash boot key not programmed in the OTP. */
-#define CC_BSV_HASH_NOT_PROGRAMMED_ERR (CC_BSV_BASE_ERROR + 0x00000008)
-/*! Illegal Hash boot key zero count in the OTP. */
-#define CC_BSV_HBK_ZERO_COUNT_ERR (CC_BSV_BASE_ERROR + 0x00000009)
-/*! Illegal LCS. */
-#define CC_BSV_ILLEGAL_LCS_ERR (CC_BSV_BASE_ERROR + 0x0000000A)
-/*! OTP write compare failure. */
-#define CC_BSV_OTP_WRITE_CMP_FAIL_ERR (CC_BSV_BASE_ERROR + 0x0000000B)
-/*! OTP access error */
-#define CC_BSV_OTP_ACCESS_ERR (CC_BSV_BASE_ERROR + 0x0000000C)
-/*! Erase key in OTP failed. */
-#define CC_BSV_ERASE_KEY_FAILED_ERR (CC_BSV_BASE_ERROR + 0x0000000D)
-/*! Illegal PIDR. */
-#define CC_BSV_ILLEGAL_PIDR_ERR (CC_BSV_BASE_ERROR + 0x0000000E)
-/*! Illegal CIDR. */
-#define CC_BSV_ILLEGAL_CIDR_ERR (CC_BSV_BASE_ERROR + 0x0000000F)
-/*! Device failed to move to fatal error state. */
-#define CC_BSV_FAILED_TO_SET_FATAL_ERR (CC_BSV_BASE_ERROR + 0x00000010)
-/*! Failed to set RMA LCS. */
-#define CC_BSV_FAILED_TO_SET_RMA_ERR (CC_BSV_BASE_ERROR + 0x00000011)
-/*! Illegal RMA indication. */
-#define CC_BSV_ILLEGAL_RMA_INDICATION_ERR (CC_BSV_BASE_ERROR + 0x00000012)
-/*! Boot Services version is not initialized. */
-#define CC_BSV_VER_IS_NOT_INITIALIZED_ERR (CC_BSV_BASE_ERROR + 0x00000013)
-/*! APB secure mode is locked. */
-#define CC_BSV_APB_SECURE_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000014)
-/*! APB privilege mode is locked. */
-#define CC_BSV_APB_PRIVILEG_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000015)
-/*! Illegal operation. */
-#define CC_BSV_ILLEGAL_OPERATION_ERR (CC_BSV_BASE_ERROR + 0x00000016)
-/*! Illegal asset size. */
-#define CC_BSV_ILLEGAL_ASSET_SIZE_ERR (CC_BSV_BASE_ERROR + 0x00000017)
-/*! Illegal asset value. */
-#define CC_BSV_ILLEGAL_ASSET_VAL_ERR (CC_BSV_BASE_ERROR + 0x00000018)
-/*! Kpicv is locked. */
-#define CC_BSV_KPICV_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000019)
-/*! Illegal SW version. */
-#define CC_BSV_ILLEGAL_SW_VERSION_ERR (CC_BSV_BASE_ERROR + 0x0000001A)
-/*! AO write operation. */
-#define CC_BSV_AO_WRITE_FAILED_ERR (CC_BSV_BASE_ERROR + 0x0000001B)
-/*! Chip state is already initialized. */
-#define CC_BSV_CHIP_INITIALIZED_ERR (CC_BSV_BASE_ERROR + 0x0000001C)
-/*! SP is not enabled. */
-#define CC_BSV_SP_NOT_ENABLED_ERR (CC_BSV_BASE_ERROR + 0x0000001D)
-/*! Production secure provisioning - header fields. */
-#define CC_BSV_PROD_PKG_HEADER_ERR (CC_BSV_BASE_ERROR + 0x0000001E)
-/*! Production secure provisioning - header MAC. */
-#define CC_BSV_PROD_PKG_HEADER_MAC_ERR (CC_BSV_BASE_ERROR + 0x0000001F)
-/*! Overrun buffer or size. */
-#define CC_BSV_OVERRUN_ERR (CC_BSV_BASE_ERROR + 0x00000020)
-/*! Kceicv is locked. */
-#define CC_BSV_KCEICV_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000021)
-/*! Chip indication is CHIP_STATE_ERROR. */
-#define CC_BSV_CHIP_INDICATION_ERR (CC_BSV_BASE_ERROR + 0x00000022)
-/*! Device is locked in fatal error state. */
-#define CC_BSV_FATAL_ERR_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000023)
-/*! Device has security disable feature enabled. */
-#define CC_BSV_SECURE_DISABLE_ERROR (CC_BSV_BASE_ERROR + 0x00000024)
-/*! Device has Kcst in disabled state */
-#define CC_BSV_KCST_DISABLE_ERROR (CC_BSV_BASE_ERROR + 0x00000025)
-
-
-/*! Illegal data-in pointer. */
-#define CC_BSV_CRYPTO_INVALID_DATA_IN_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000001)
-/*! Illegal data-out pointer. */
-#define CC_BSV_CRYPTO_INVALID_DATA_OUT_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000002)
-/*! Illegal data size. */
-#define CC_BSV_CRYPTO_INVALID_DATA_SIZE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000003)
-/*! Illegal key type. */
-#define CC_BSV_CRYPTO_INVALID_KEY_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000004)
-/*! Illegal key size. */
-#define CC_BSV_CRYPTO_INVALID_KEY_SIZE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000005)
-/*! Invalid key pointer. */
-#define CC_BSV_CRYPTO_INVALID_KEY_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000006)
-/*! Illegal key DMA type. */
-#define CC_BSV_CRYPTO_INVALID_KEY_DMA_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000007)
-/*! Illegal IV pointer. */
-#define CC_BSV_CRYPTO_INVALID_IV_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000008)
-/*! Illegal cipher mode. */
-#define CC_BSV_CRYPTO_INVALID_CIPHER_MODE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000009)
-/*! Illegal result buffer pointer. */
-#define CC_BSV_CRYPTO_INVALID_RESULT_BUFFER_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000A)
-/*! Invalid DMA type. */
-#define CC_BSV_CRYPTO_INVALID_DMA_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000B)
-/*! Invalid in/out buffers overlapping. */
-#define CC_BSV_CRYPTO_DATA_OUT_DATA_IN_OVERLAP_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000C)
-/*! Invalid KDF label size. */
-#define CC_BSV_CRYPTO_ILLEGAL_KDF_LABEL_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000D)
-/*! Invalid KDF Context size. */
-#define CC_BSV_CRYPTO_ILLEGAL_KDF_CONTEXT_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000E)
-/*! Invalid CCM key. */
-#define CC_BSV_CCM_INVALID_KEY_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000f)
-/*! Invalid CCM Nonce. */
-#define CC_BSV_CCM_INVALID_NONCE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000010)
-/*! Invalid CCM associated data. */
-#define CC_BSV_CCM_INVALID_ASSOC_DATA_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000011)
-/*! Invalid CCM text data. */
-#define CC_BSV_CCM_INVALID_TEXT_DATA_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000012)
-/*! Invalid CCM-MAC buffer. */
-#define CC_BSV_CCM_INVALID_MAC_BUF_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000013)
-/*! CCM-MAC comparison failed. */
-#define CC_BSV_CCM_TAG_LENGTH_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000014)
-/*! CCM-MAC comparison failed. */
-#define CC_BSV_CCM_MAC_INVALID_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000015)
-/*! Illegal flow mode. */
-#define CC_BSV_CRYPTO_INVALID_FLOW_MODE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000016)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
-
-
diff --git a/include/drivers/arm/cryptocell/713/cc_address_defs.h b/include/drivers/arm/cryptocell/713/cc_address_defs.h
deleted file mode 100644
index 0abc15c..0000000
--- a/include/drivers/arm/cryptocell/713/cc_address_defs.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_ADDRESS_DEFS_H
-#define _CC_ADDRESS_DEFS_H
-
-/*!
-@file
-@brief This file contains general definitions.
-*/
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-
-/************************ Defines ******************************/
-
-/**
- * Address types within CC
- */
-/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
-typedef uint64_t CCDmaAddr_t;
-/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
-typedef uint64_t CCAddr_t;
-/*! Definition of CC SRAM address type, can be 32 bits according to CryptoCell's HW. */
-typedef uint32_t CCSramAddr_t;
-
-/*
- * CCSramAddr_t is being cast into pointer type which can be 64 bit.
- */
-/*! Definition of MACRO that casts SRAM addresses to pointer types. */
-#define CCSramAddr2Ptr(sramAddr) ((uintptr_t)sramAddr)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
- @}
- */
-
-
diff --git a/include/drivers/arm/cryptocell/713/cc_boot_defs.h b/include/drivers/arm/cryptocell/713/cc_boot_defs.h
deleted file mode 100644
index 4d29a6d..0000000
--- a/include/drivers/arm/cryptocell/713/cc_boot_defs.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_BOOT_DEFS_H
-#define _CC_BOOT_DEFS_H
-
-/*!
- @file
- @brief This file contains general definitions of types and enums of Boot APIs.
- */
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! Version counters value. */
-typedef enum {
-
- CC_SW_VERSION_TRUSTED = 0, /*!< Trusted counter. */
- CC_SW_VERSION_NON_TRUSTED, /*!< Non trusted counter. */
- CC_SW_VERSION_MAX = 0x7FFFFFFF /*!< Reserved */
-} CCSbSwVersionId_t;
-
-/*! The hash boot key definition. */
-typedef enum {
- CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< Hbk0: 128-bit truncated SHA-256 digest of PubKB0. Used by ICV */
- CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< Hbk1: 128-bit truncated SHA-256 digest of PubKB1. Used by OEM */
- CC_SB_HASH_BOOT_KEY_256B = 2, /*!< Hbk: 256-bit SHA-256 digest of public key. */
- CC_SB_HASH_BOOT_NOT_USED = 0xF, /*!< Hbk is not used. */
- CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!< Reserved. */
-} CCSbPubKeyIndexType_t;
-
-/*! Chip state. */
-typedef enum {
- CHIP_STATE_NOT_INITIALIZED = 0, /*! Chip is not initialized. */
- CHIP_STATE_TEST = 1, /*! Chip is in Production state. */
- CHIP_STATE_PRODUCTION = 2, /*! Chip is in Production state. */
- CHIP_STATE_ERROR = 3, /*! Chip is in Error state. */
-} CCBsvChipState_t;
-#ifdef __cplusplus
-}
-#endif
-
-#endif /*_CC_BOOT_DEFS_H */
-
-/**
-@}
- */
diff --git a/include/drivers/arm/cryptocell/713/cc_pal_types.h b/include/drivers/arm/cryptocell/713/cc_pal_types.h
deleted file mode 100644
index 4ab3960..0000000
--- a/include/drivers/arm/cryptocell/713/cc_pal_types.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef CC_PAL_TYPES_H
-#define CC_PAL_TYPES_H
-
-/*!
-@file
-@brief This file contains platform-dependent definitions and types of the PAL layer.
-
-@defgroup cc_pal_types CryptoCell platform-dependent PAL layer definitions and types
-@{
-@ingroup cc_pal
-
- @{
- @ingroup cc_pal
- @}
-*/
-
-#include "cc_pal_types_plat.h"
-
-/*! Definition of Boolean type.*/
-typedef enum {
- /*! Boolean false.*/
- CC_FALSE = 0,
- /*! Boolean true.*/
- CC_TRUE = 1
-} CCBool_t;
-
-/*! Success. */
-#define CC_SUCCESS 0UL
-/*! Failure. */
-#define CC_FAIL 1UL
-
-/*! Success (OK). */
-#define CC_OK 0
-
-/*! This macro handles unused parameters in the code, to avoid compilation warnings. */
-#define CC_UNUSED_PARAM(prm) ((void)prm)
-
-/*! The maximal uint32 value.*/
-#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
-
-
-/* Minimal and Maximal macros */
-#ifdef min
-/*! Definition for minimal calculation. */
-#define CC_MIN(a,b) min( a , b )
-#else
-/*! Definition for minimal calculation. */
-#define CC_MIN( a , b ) ( ( (a) < (b) ) ? (a) : (b) )
-#endif
-
-#ifdef max
-/*! Definition for maximal calculation. */
-#define CC_MAX(a,b) max( a , b )
-#else
-/*! Definition for maximal calculation.. */
-#define CC_MAX( a , b ) ( ( (a) > (b) ) ? (a) : (b) )
-#endif
-
-/*! This macro calculates the number of full Bytes from bits, where seven bits are one Byte. */
-#define CALC_FULL_BYTES(numBits) ((numBits)/CC_BITS_IN_BYTE + (((numBits) & (CC_BITS_IN_BYTE-1)) > 0))
-/*! This macro calculates the number of full 32-bit words from bits where 31 bits are one word. */
-#define CALC_FULL_32BIT_WORDS(numBits) ((numBits)/CC_BITS_IN_32BIT_WORD + (((numBits) & (CC_BITS_IN_32BIT_WORD-1)) > 0))
-/*! This macro calculates the number of full 32-bit words from Bytes where three Bytes are one word. */
-#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) ((sizeBytes)/CC_32BIT_WORD_SIZE + (((sizeBytes) & (CC_32BIT_WORD_SIZE-1)) > 0))
-/*! This macro calculates the number of full 32-bit words from 64-bits dwords. */
-#define CALC_32BIT_WORDS_FROM_64BIT_DWORD(sizeWords) (sizeWords * CC_32BIT_WORD_IN_64BIT_DWORD)
-/*! This macro rounds up bits to 32-bit words. */
-#define ROUNDUP_BITS_TO_32BIT_WORD(numBits) (CALC_FULL_32BIT_WORDS(numBits) * CC_BITS_IN_32BIT_WORD)
-/*! This macro rounds up bits to Bytes. */
-#define ROUNDUP_BITS_TO_BYTES(numBits) (CALC_FULL_BYTES(numBits) * CC_BITS_IN_BYTE)
-/*! This macro rounds up bytes to 32-bit words. */
-#define ROUNDUP_BYTES_TO_32BIT_WORD(sizeBytes) (CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) * CC_32BIT_WORD_SIZE)
-/*! This macro calculates the number Bytes from words. */
-#define CALC_WORDS_TO_BYTES(numwords) ((numwords)*CC_32BIT_WORD_SIZE)
-/*! Definition of 1 KB in Bytes. */
-#define CC_1K_SIZE_IN_BYTES 1024
-/*! Definition of number of bits in a Byte. */
-#define CC_BITS_IN_BYTE 8
-/*! Definition of number of bits in a 32-bits word. */
-#define CC_BITS_IN_32BIT_WORD 32
-/*! Definition of number of Bytes in a 32-bits word. */
-#define CC_32BIT_WORD_SIZE 4
-/*! Definition of number of 32-bits words in a 64-bits dword. */
-#define CC_32BIT_WORD_IN_64BIT_DWORD 2
-
-
-#endif
-
-/**
-@}
- */
-
-
-
diff --git a/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h b/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h
deleted file mode 100644
index 0c102a0..0000000
--- a/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/*! @file
-@brief This file contains basic type definitions that are platform-dependent.
-*/
-#ifndef _CC_PAL_TYPES_PLAT_H
-#define _CC_PAL_TYPES_PLAT_H
-/* Host specific types for standard (ISO-C99) compliant platforms */
-
-#include <stddef.h>
-#include <stdint.h>
-
-typedef uint32_t CCStatus;
-
-#define CCError_t CCStatus
-#define CC_INFINITE 0xFFFFFFFF
-
-#define CEXPORT_C
-#define CIMPORT_C
-
-#endif /*_CC_PAL_TYPES_PLAT_H*/
diff --git a/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h b/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h
deleted file mode 100644
index 1a1bce0..0000000
--- a/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_PKA_HW_PLAT_DEFS_H
-#define _CC_PKA_HW_PLAT_DEFS_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-
-#include "cc_pal_types.h"
-/*!
-@file
-@brief Contains the enums and definitions that are used in the PKA code (definitions that are platform dependent).
-*/
-
-/*! The size of the PKA engine word. */
-#define CC_PKA_WORD_SIZE_IN_BITS 128
-
-/*! The maximal supported size of modulus in RSA in bits. */
-#define CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 4096
-/*! The maximal supported size of key-generation in RSA in bits. */
-#define CC_RSA_MAX_KEY_GENERATION_HW_SIZE_BITS 4096
-
-/*! Secure boot/debug certificate RSA public modulus key size in bits. */
-#if (KEY_SIZE == 3072)
- #define BSV_CERT_RSA_KEY_SIZE_IN_BITS 3072
-#else
- #define BSV_CERT_RSA_KEY_SIZE_IN_BITS 2048
-#endif
-/*! Secure boot/debug certificate RSA public modulus key size in bytes. */
-#define BSV_CERT_RSA_KEY_SIZE_IN_BYTES (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_BYTE)
-/*! Secure boot/debug certificate RSA public modulus key size in words. */
-#define BSV_CERT_RSA_KEY_SIZE_IN_WORDS (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD)
-
-/*! The maximal count of extra bits in PKA operations. */
-#define PKA_EXTRA_BITS 8
-/*! The number of memory registers in PKA operations. */
-#define PKA_MAX_COUNT_OF_PHYS_MEM_REGS 32
-
-/*! Size of buffer for Barrett modulus tag in words. */
-#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS 5
-/*! Size of buffer for Barrett modulus tag in bytes. */
-#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES (RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS*CC_32BIT_WORD_SIZE)
-
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif //_CC_PKA_HW_PLAT_DEFS_H
-
-/**
- @}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/cc_sec_defs.h b/include/drivers/arm/cryptocell/713/cc_sec_defs.h
deleted file mode 100644
index 8fb698f..0000000
--- a/include/drivers/arm/cryptocell/713/cc_sec_defs.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_SEC_DEFS_H
-#define _CC_SEC_DEFS_H
-
-/*!
-@file
-@brief This file contains general definitions and types.
-*/
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-
-/*! Hashblock size in words. */
-#define HASH_BLOCK_SIZE_IN_WORDS 16
-/*! Hash - SHA2 results in words. */
-#define HASH_RESULT_SIZE_IN_WORDS 8
-/*! Hash - SHA2 results in bytes. */
-#define HASH_RESULT_SIZE_IN_BYTES 32
-
-/*! Definition for hash result array. */
-typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
-
-/*! Definition for converting pointer to Host address. */
-#define CONVERT_TO_ADDR(ptr) (unsigned long)ptr
-
-/*! Definition for converting pointer to SRAM address. */
-#define CONVERT_TO_SRAM_ADDR(ptr) (0xFFFFFFFF & ptr)
-
-/*! The data size of the signed SW image, in bytes. */
-/*!\internal ContentCertImageRecord_t includes: HS(8W) + 64-b dstAddr(2W) + imgSize(1W) + isCodeEncUsed(1W) */
-#define SW_REC_SIGNED_DATA_SIZE_IN_BYTES 48
-
-/*! The data size of the unsigned SW image, in bytes. */
-/*!\internal CCSbSwImgAddData_t includes: 64-b srcAddr(2W)*/
-#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES 8
-
-/*! The additional data size - storage address and length of the unsigned SW image, in words. */
-#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_WORDS SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES/CC_32BIT_WORD_SIZE
-
-/*! The additional data section size, in bytes. */
-#define CC_SB_MAX_SIZE_ADDITIONAL_DATA_BYTES 128
-
-/*! Indication of whether or not to load the SW image to memory. */
-#define CC_SW_COMP_NO_MEM_LOAD_INDICATION 0xFFFFFFFFFFFFFFFFUL
-
-/*! Indication of product version, stored in certificate version field. */
-#define CC_SB_CERT_VERSION_PROJ_PRD 0x713
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
-
-
diff --git a/include/drivers/arm/cryptocell/cc_rotpk.h b/include/drivers/arm/cryptocell/cc_rotpk.h
deleted file mode 100644
index 9398496..0000000
--- a/include/drivers/arm/cryptocell/cc_rotpk.h
+++ /dev/null
@@ -1,13 +0,0 @@
-/*
- * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_ROTPK_H
-#define _CC_ROTPK_H
-
-int cc_get_rotpk_hash(unsigned char *dst, unsigned int len,
- unsigned int *flags);
-
-#endif
diff --git a/include/lib/cpus/aarch64/cortex_a520.h b/include/lib/cpus/aarch64/cortex_a520.h
index 4176981..1c5f886 100644
--- a/include/lib/cpus/aarch64/cortex_a520.h
+++ b/include/lib/cpus/aarch64/cortex_a520.h
@@ -15,6 +15,11 @@
#define CORTEX_A520_CPUECTLR_EL1 S3_0_C15_C1_4
/*******************************************************************************
+ * CPU Auxiliary Control register 1 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A520_CPUACTLR_EL1 S3_0_C15_C1_0
+
+/*******************************************************************************
* CPU Power Control register specific definitions
******************************************************************************/
#define CORTEX_A520_CPUPWRCTLR_EL1 S3_0_C15_C2_7
diff --git a/include/lib/cpus/aarch64/cortex_a710.h b/include/lib/cpus/aarch64/cortex_a710.h
index 432e17a..9df8d47 100644
--- a/include/lib/cpus/aarch64/cortex_a710.h
+++ b/include/lib/cpus/aarch64/cortex_a710.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -39,6 +39,11 @@
#define CORTEX_A710_CPUACTLR2_EL1_BIT_36 (ULL(1) << 36)
/*******************************************************************************
+ * CPU Auxiliary Control register 3 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A710_CPUACTLR3_EL1 S3_0_C15_C1_2
+
+/*******************************************************************************
* CPU Auxiliary Control register 5 specific definitions.
******************************************************************************/
#define CORTEX_A710_CPUACTLR5_EL1 S3_0_C15_C8_0
diff --git a/include/lib/cpus/aarch64/cortex_a78c.h b/include/lib/cpus/aarch64/cortex_a78c.h
index 301be69..d600eca 100644
--- a/include/lib/cpus/aarch64/cortex_a78c.h
+++ b/include/lib/cpus/aarch64/cortex_a78c.h
@@ -47,4 +47,9 @@
#define CORTEX_A78C_IMP_CPUPOR_EL3 S3_6_C15_C8_2
#define CORTEX_A78C_IMP_CPUPMR_EL3 S3_6_C15_C8_3
+/*******************************************************************************
+ * CPU Auxiliary Control register 5 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A78C_ACTLR5_EL1 S3_0_C15_C9_0
+
#endif /* CORTEX_A78C_H */
diff --git a/include/lib/cpus/aarch64/cortex_x2.h b/include/lib/cpus/aarch64/cortex_x2.h
index 863b8c8..0f97b1e 100644
--- a/include/lib/cpus/aarch64/cortex_x2.h
+++ b/include/lib/cpus/aarch64/cortex_x2.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -28,6 +28,11 @@
#define CORTEX_X2_CPUECTLR2_EL1_PF_MODE_CNSRV ULL(0x9)
/*******************************************************************************
+ * CPU Auxiliary Control register 3 specific definitions.
+ ******************************************************************************/
+#define CORTEX_X2_CPUACTLR3_EL1 S3_0_C15_C1_2
+
+/*******************************************************************************
* CPU Power Control register specific definitions
******************************************************************************/
#define CORTEX_X2_CPUPWRCTLR_EL1 S3_0_C15_C2_7
diff --git a/include/lib/cpus/aarch64/cortex_x3.h b/include/lib/cpus/aarch64/cortex_x3.h
index 04548ea..4a3ac77 100644
--- a/include/lib/cpus/aarch64/cortex_x3.h
+++ b/include/lib/cpus/aarch64/cortex_x3.h
@@ -47,4 +47,10 @@
#define CORTEX_X3_CPUECTLR2_EL1_PF_MODE_WIDTH U(4)
#define CORTEX_X3_CPUECTLR2_EL1_PF_MODE_CNSRV ULL(0x9)
+/*******************************************************************************
+ * CPU Auxiliary Control register 3 specific definitions.
+ ******************************************************************************/
+#define CORTEX_X3_CPUACTLR3_EL1 S3_0_C15_C1_2
+#define CORTEX_X3_CPUACTLR3_EL1_BIT_47 (ULL(1) << 47)
+
#endif /* CORTEX_X3_H */
diff --git a/include/lib/cpus/aarch64/neoverse_n2.h b/include/lib/cpus/aarch64/neoverse_n2.h
index 0d50854..b379fab 100644
--- a/include/lib/cpus/aarch64/neoverse_n2.h
+++ b/include/lib/cpus/aarch64/neoverse_n2.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -65,5 +65,8 @@
#define NEOVERSE_N2_CPUECTLR2_EL1_PF_MODE_CNSRV ULL(9)
#define CPUECTLR2_EL1_PF_MODE_LSB U(11)
#define CPUECTLR2_EL1_PF_MODE_WIDTH U(4)
+#define CPUECTLR2_EL1_TXREQ_STATIC_FULL ULL(0)
+#define CPUECTLR2_EL1_TXREQ_LSB U(0)
+#define CPUECTLR2_EL1_TXREQ_WIDTH U(3)
#endif /* NEOVERSE_N2_H */
diff --git a/include/lib/cpus/aarch64/neoverse_v1.h b/include/lib/cpus/aarch64/neoverse_v1.h
index d618994..1e2d7ea 100644
--- a/include/lib/cpus/aarch64/neoverse_v1.h
+++ b/include/lib/cpus/aarch64/neoverse_v1.h
@@ -47,5 +47,6 @@
#define NEOVERSE_V1_ACTLR5_EL1 S3_0_C15_C9_0
#define NEOVERSE_V1_ACTLR5_EL1_BIT_55 (ULL(1) << 55)
#define NEOVERSE_V1_ACTLR5_EL1_BIT_56 (ULL(1) << 56)
+#define NEOVERSE_V1_ACTLR5_EL1_BIT_61 (ULL(1) << 61)
#endif /* NEOVERSE_V1_H */
diff --git a/include/lib/cpus/aarch64/neoverse_v2.h b/include/lib/cpus/aarch64/neoverse_v2.h
index 68c1558..39a6607 100644
--- a/include/lib/cpus/aarch64/neoverse_v2.h
+++ b/include/lib/cpus/aarch64/neoverse_v2.h
@@ -22,6 +22,10 @@
******************************************************************************/
#define NEOVERSE_V2_CPUPWRCTLR_EL1 S3_0_C15_C2_7
#define NEOVERSE_V2_CPUPWRCTLR_EL1_CORE_PWRDN_BIT U(1)
+#define NEOVERSE_V2_CPUPWRCTLR_EL1_WFI_RET_CTRL_SHIFT U(4)
+#define NEOVERSE_V2_CPUPWRCTLR_EL1_WFI_RET_CTRL_WIDTH U(3)
+#define NEOVERSE_V2_CPUPWRCTLR_EL1_WFE_RET_CTRL_SHIFT U(7)
+#define NEOVERSE_V2_CPUPWRCTLR_EL1_WFE_RET_CTRL_WIDTH U(3)
/*******************************************************************************
* CPU Extended Control register 2 specific definitions.
@@ -30,6 +34,9 @@
#define NEOVERSE_V2_CPUECTLR2_EL1_PF_MODE_CNSRV ULL(9)
#define NEOVERSE_V2_CPUECTLR2_EL1_PF_MODE_LSB U(11)
#define NEOVERSE_V2_CPUECTLR2_EL1_PF_MODE_WIDTH U(4)
+#define NEOVERSE_V2_CPUECTLR2_EL1_TXREQ_STATIC_FULL ULL(0)
+#define NEOVERSE_V2_CPUECTLR2_EL1_TXREQ_LSB U(0)
+#define NEOVERSE_V2_CPUECTLR2_EL1_TXREQ_WIDTH U(3)
/*******************************************************************************
* CPU Auxiliary Control register 2 specific definitions.
diff --git a/include/lib/libfdt/fdt.h b/include/lib/libfdt/fdt.h
index eb9edb7..c9acc0c 100644
--- a/include/lib/libfdt/fdt.h
+++ b/include/lib/libfdt/fdt.h
@@ -35,14 +35,14 @@
struct fdt_node_header {
fdt32_t tag;
- char name[0];
+ char name[];
};
struct fdt_property {
fdt32_t tag;
fdt32_t len;
fdt32_t nameoff;
- char data[0];
+ char data[];
};
#endif /* !__ASSEMBLER__*/
diff --git a/include/lib/libfdt/libfdt.h b/include/lib/libfdt/libfdt.h
index a7f432c..d0a2ed2 100644
--- a/include/lib/libfdt/libfdt.h
+++ b/include/lib/libfdt/libfdt.h
@@ -660,6 +660,13 @@
const struct fdt_property *fdt_get_property_by_offset(const void *fdt,
int offset,
int *lenp);
+static inline struct fdt_property *fdt_get_property_by_offset_w(void *fdt,
+ int offset,
+ int *lenp)
+{
+ return (struct fdt_property *)(uintptr_t)
+ fdt_get_property_by_offset(fdt, offset, lenp);
+}
/**
* fdt_get_property_namelen - find a property based on substring
diff --git a/include/lib/transfer_list.h b/include/lib/transfer_list.h
index 54c8643..5ea5a41 100644
--- a/include/lib/transfer_list.h
+++ b/include/lib/transfer_list.h
@@ -10,47 +10,57 @@
#include <stdbool.h>
#include <stdint.h>
+#include <common/ep_info.h>
#include <lib/utils_def.h>
-#define TRANSFER_LIST_SIGNATURE U(0x006ed0ff)
-#define TRANSFER_LIST_VERSION U(0x0001)
+#define TRANSFER_LIST_SIGNATURE U(0x4a0fb10b)
+#define TRANSFER_LIST_VERSION U(0x0001)
-// Init value of maximum alignment required by any TE data in the TL
-// specified as a power of two
-#define TRANSFER_LIST_INIT_MAX_ALIGN U(3)
+/*
+ * Init value of maximum alignment required by any TE data in the TL
+ * specified as a power of two
+ */
+#define TRANSFER_LIST_INIT_MAX_ALIGN U(3)
-// alignment required by TE header start address, in bytes
-#define TRANSFER_LIST_GRANULE U(8)
+/* Alignment required by TE header start address, in bytes */
+#define TRANSFER_LIST_GRANULE U(8)
-// version of the register convention used.
-// Set to 1 for both AArch64 and AArch32 according to fw handoff spec v0.9
+/*
+ * Version of the register convention used.
+ * Set to 1 for both AArch64 and AArch32 according to fw handoff spec v0.9
+ */
#define REGISTER_CONVENTION_VERSION_MASK (1 << 24)
#ifndef __ASSEMBLER__
+#define TL_FLAGS_HAS_CHECKSUM BIT(0)
+
enum transfer_list_tag_id {
TL_TAG_EMPTY = 0,
TL_TAG_FDT = 1,
TL_TAG_HOB_BLOCK = 2,
TL_TAG_HOB_LIST = 3,
TL_TAG_ACPI_TABLE_AGGREGATE = 4,
+ TL_TAG_OPTEE_PAGABLE_PART = 0x100,
};
enum transfer_list_ops {
- TL_OPS_NON, // invalid for any operation
- TL_OPS_ALL, // valid for all operations
- TL_OPS_RO, // valid for read only
- TL_OPS_CUS, // either abort or switch to special code to interpret
+ TL_OPS_NON, /* invalid for any operation */
+ TL_OPS_ALL, /* valid for all operations */
+ TL_OPS_RO, /* valid for read only */
+ TL_OPS_CUS, /* abort or switch to special code to interpret */
};
struct transfer_list_header {
- uint32_t signature;
- uint8_t checksum;
- uint8_t version;
- uint8_t hdr_size;
- uint8_t alignment; // max alignment of TE data
- uint32_t size; // TL header + all TEs
- uint32_t max_size;
+ uint32_t signature;
+ uint8_t checksum;
+ uint8_t version;
+ uint8_t hdr_size;
+ uint8_t alignment; /* max alignment of TE data */
+ uint32_t size; /* TL header + all TEs */
+ uint32_t max_size;
+ uint32_t flags;
+ uint32_t reserved; /* spare bytes */
/*
* Commented out element used to visualize dynamic part of the
* data structure.
@@ -64,10 +74,10 @@
};
struct transfer_list_entry {
- uint16_t tag_id;
- uint8_t reserved0; // place holder
- uint8_t hdr_size;
- uint32_t data_size;
+ uint16_t tag_id;
+ uint8_t reserved0; /* place holder */
+ uint8_t hdr_size;
+ uint32_t data_size;
/*
* Commented out element used to visualize dynamic part of the
* data structure.
@@ -80,11 +90,16 @@
};
void transfer_list_dump(struct transfer_list_header *tl);
+entry_point_info_t *
+transfer_list_set_handoff_args(struct transfer_list_header *tl,
+ entry_point_info_t *ep_info);
struct transfer_list_header *transfer_list_init(void *addr, size_t max_size);
-struct transfer_list_header *transfer_list_relocate(struct transfer_list_header *tl,
- void *addr, size_t max_size);
-enum transfer_list_ops transfer_list_check_header(const struct transfer_list_header *tl);
+struct transfer_list_header *
+transfer_list_relocate(struct transfer_list_header *tl, void *addr,
+ size_t max_size);
+enum transfer_list_ops
+transfer_list_check_header(const struct transfer_list_header *tl);
void transfer_list_update_checksum(struct transfer_list_header *tl);
bool transfer_list_verify_checksum(const struct transfer_list_header *tl);
@@ -94,18 +109,22 @@
uint32_t new_data_size);
void *transfer_list_entry_data(struct transfer_list_entry *entry);
-bool transfer_list_rem(struct transfer_list_header *tl, struct transfer_list_entry *entry);
+bool transfer_list_rem(struct transfer_list_header *tl,
+ struct transfer_list_entry *entry);
struct transfer_list_entry *transfer_list_add(struct transfer_list_header *tl,
- uint16_t tag_id, uint32_t data_size,
+ uint16_t tag_id,
+ uint32_t data_size,
const void *data);
-struct transfer_list_entry *transfer_list_add_with_align(struct transfer_list_header *tl,
- uint16_t tag_id, uint32_t data_size,
- const void *data, uint8_t alignment);
+struct transfer_list_entry *
+transfer_list_add_with_align(struct transfer_list_header *tl, uint16_t tag_id,
+ uint32_t data_size, const void *data,
+ uint8_t alignment);
-struct transfer_list_entry *transfer_list_next(struct transfer_list_header *tl,
- struct transfer_list_entry *last);
+struct transfer_list_entry *
+transfer_list_next(struct transfer_list_header *tl,
+ struct transfer_list_entry *last);
struct transfer_list_entry *transfer_list_find(struct transfer_list_header *tl,
uint16_t tag_id);
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index 9176e88..e098c10 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -196,16 +196,7 @@
ARM_AP_TZC_DRAM1_SIZE - 1U)
/* Define the Access permissions for Secure peripherals to NS_DRAM */
-#if ARM_CRYPTOCELL_INTEG
-/*
- * Allow Secure peripheral to read NS DRAM when integrated with CryptoCell.
- * This is required by CryptoCell to authenticate BL33 which is loaded
- * into the Non Secure DDR.
- */
-#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_RD
-#else
#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_NONE
-#endif
#ifdef SPD_opteed
/*
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index c92121f..4d1b1c1 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -80,6 +80,20 @@
int plat_core_pos_by_mpidr(u_register_t mpidr);
int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size);
+/*******************************************************************************
+ * Simple routine to determine whether a mpidr is valid or not.
+ ******************************************************************************/
+static inline bool is_valid_mpidr(u_register_t mpidr)
+{
+ int pos = plat_core_pos_by_mpidr(mpidr);
+
+ if ((pos < 0) || ((unsigned int)pos >= PLATFORM_CORE_COUNT)) {
+ return false;
+ }
+
+ return true;
+}
+
#if STACK_PROTECTOR_ENABLED
/*
* Return a new value to be used for the stack protection's canary.
diff --git a/include/plat/nuvoton/common/npcm845x_arm_def.h b/include/plat/nuvoton/common/npcm845x_arm_def.h
index faddb88..5a44907 100644
--- a/include/plat/nuvoton/common/npcm845x_arm_def.h
+++ b/include/plat/nuvoton/common/npcm845x_arm_def.h
@@ -149,16 +149,7 @@
ARM_AP_TZC_DRAM1_SIZE - 1U)
/* Define the Access permissions for Secure peripherals to NS_DRAM */
-#if ARM_CRYPTOCELL_INTEG
-/*
- * Allow Secure peripheral to read NS DRAM when integrated with CryptoCell.
- * This is required by CryptoCell to authenticate BL33 which is loaded
- * into the Non Secure DDR.
- */
-#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_RD
-#else
#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_NONE
-#endif /* ARM_CRYPTOCELL_INTEG */
#ifdef SPD_opteed
/*
diff --git a/include/services/ffa_svc.h b/include/services/ffa_svc.h
index de56638..9ed6a8b 100644
--- a/include/services/ffa_svc.h
+++ b/include/services/ffa_svc.h
@@ -34,7 +34,7 @@
#define FFA_VERSION_MAJOR U(1)
#define FFA_VERSION_MAJOR_SHIFT 16
#define FFA_VERSION_MAJOR_MASK U(0x7FFF)
-#define FFA_VERSION_MINOR U(1)
+#define FFA_VERSION_MINOR U(2)
#define FFA_VERSION_MINOR_SHIFT 0
#define FFA_VERSION_MINOR_MASK U(0xFFFF)
#define FFA_VERSION_BIT31_MASK U(0x1u << 31)
@@ -117,6 +117,10 @@
#define FFA_FNUM_SPM_ID_GET U(0x85)
#define FFA_FNUM_MSG_SEND2 U(0x86)
#define FFA_FNUM_SECONDARY_EP_REGISTER U(0x87)
+#define FFA_FNUM_MEM_PERM_GET U(0x88)
+#define FFA_FNUM_MEM_PERM_SET U(0x89)
+
+/* FF-A v1.2 */
#define FFA_FNUM_PARTITION_INFO_GET_REGS U(0x8B)
#define FFA_FNUM_EL3_INTR_HANDLE U(0x8C)
@@ -165,6 +169,8 @@
#define FFA_SPM_ID_GET FFA_FID(SMC_32, FFA_FNUM_SPM_ID_GET)
#define FFA_NORMAL_WORLD_RESUME FFA_FID(SMC_32, FFA_FNUM_NORMAL_WORLD_RESUME)
#define FFA_EL3_INTR_HANDLE FFA_FID(SMC_32, FFA_FNUM_EL3_INTR_HANDLE)
+#define FFA_MEM_PERM_GET FFA_FID(SMC_32, FFA_FNUM_MEM_PERM_GET)
+#define FFA_MEM_PERM_SET FFA_FID(SMC_32, FFA_FNUM_MEM_PERM_SET)
/* FFA SMC64 FIDs */
#define FFA_ERROR_SMC64 FFA_FID(SMC_64, FFA_FNUM_ERROR)
diff --git a/lib/compiler-rt/builtins/divmoddi4.c b/lib/compiler-rt/builtins/divmoddi4.c
index e7cbbb1..64bbb69 100644
--- a/lib/compiler-rt/builtins/divmoddi4.c
+++ b/lib/compiler-rt/builtins/divmoddi4.c
@@ -18,8 +18,8 @@
const int bits_in_dword_m1 = (int)(sizeof(di_int) * CHAR_BIT) - 1;
di_int s_a = a >> bits_in_dword_m1; // s_a = a < 0 ? -1 : 0
di_int s_b = b >> bits_in_dword_m1; // s_b = b < 0 ? -1 : 0
- a = (a ^ s_a) - s_a; // negate if s_a == -1
- b = (b ^ s_b) - s_b; // negate if s_b == -1
+ a = (du_int)(a ^ s_a) - s_a; // negate if s_a == -1
+ b = (du_int)(b ^ s_b) - s_b; // negate if s_b == -1
s_b ^= s_a; // sign of quotient
du_int r;
di_int q = (__udivmoddi4(a, b, &r) ^ s_b) - s_b; // negate if s_b == -1
diff --git a/lib/compiler-rt/builtins/int_lib.h b/lib/compiler-rt/builtins/int_lib.h
index fb791eb..04ea2d9 100644
--- a/lib/compiler-rt/builtins/int_lib.h
+++ b/lib/compiler-rt/builtins/int_lib.h
@@ -49,7 +49,7 @@
#define SYMBOL_NAME(name) XSTR(__USER_LABEL_PREFIX__) #name
#if defined(__ELF__) || defined(__MINGW32__) || defined(__wasm__) || \
- defined(_AIX)
+ defined(_AIX) || defined(__CYGWIN__)
#define COMPILER_RT_ALIAS(name, aliasname) \
COMPILER_RT_ABI __typeof(name) aliasname __attribute__((__alias__(#name)));
#elif defined(__APPLE__)
diff --git a/lib/compiler-rt/builtins/int_math.h b/lib/compiler-rt/builtins/int_math.h
index 48b9580..74d3e31 100644
--- a/lib/compiler-rt/builtins/int_math.h
+++ b/lib/compiler-rt/builtins/int_math.h
@@ -65,6 +65,11 @@
#define crt_copysign(x, y) __builtin_copysign((x), (y))
#define crt_copysignf(x, y) __builtin_copysignf((x), (y))
#define crt_copysignl(x, y) __builtin_copysignl((x), (y))
+#if __has_builtin(__builtin_copysignf128)
+#define crt_copysignf128(x, y) __builtin_copysignf128((x), (y))
+#elif __has_builtin(__builtin_copysignq) || (defined(__GNUC__) && __GNUC__ >= 7)
+#define crt_copysignf128(x, y) __builtin_copysignq((x), (y))
+#endif
#endif
#if defined(_MSC_VER) && !defined(__clang__)
@@ -75,6 +80,11 @@
#define crt_fabs(x) __builtin_fabs((x))
#define crt_fabsf(x) __builtin_fabsf((x))
#define crt_fabsl(x) __builtin_fabsl((x))
+#if __has_builtin(__builtin_fabsf128)
+#define crt_fabsf128(x) __builtin_fabsf128((x))
+#elif __has_builtin(__builtin_fabsq) || (defined(__GNUC__) && __GNUC__ >= 7)
+#define crt_fabsf128(x) __builtin_fabsq((x))
+#endif
#endif
#if defined(_MSC_VER) && !defined(__clang__)
diff --git a/lib/compiler-rt/builtins/int_types.h b/lib/compiler-rt/builtins/int_types.h
index e94d315..18bf0a7 100644
--- a/lib/compiler-rt/builtins/int_types.h
+++ b/lib/compiler-rt/builtins/int_types.h
@@ -165,16 +165,80 @@
#define HAS_80_BIT_LONG_DOUBLE 0
#endif
-#if CRT_HAS_FLOATING_POINT
+#if HAS_80_BIT_LONG_DOUBLE
+typedef long double xf_float;
typedef union {
uqwords u;
- long double f;
-} long_double_bits;
+ xf_float f;
+} xf_bits;
+#endif
+
+#ifdef __powerpc64__
+// From https://gcc.gnu.org/wiki/Ieee128PowerPC:
+// PowerPC64 uses the following suffixes:
+// IFmode: IBM extended double
+// KFmode: IEEE 128-bit floating point
+// TFmode: Matches the default for long double. With -mabi=ieeelongdouble,
+// it is IEEE 128-bit, with -mabi=ibmlongdouble IBM extended double
+// Since compiler-rt only implements the tf set of libcalls, we use long double
+// for the tf_float typedef.
+typedef long double tf_float;
+#define CRT_LDBL_128BIT
+#define CRT_HAS_F128
+#if __LDBL_MANT_DIG__ == 113 && !defined(__LONG_DOUBLE_IBM128__)
+#define CRT_HAS_IEEE_TF
+#define CRT_LDBL_IEEE_F128
+#endif
+#define TF_C(x) x##L
+#elif __LDBL_MANT_DIG__ == 113
+// Use long double instead of __float128 if it matches the IEEE 128-bit format.
+#define CRT_LDBL_128BIT
+#define CRT_HAS_F128
+#define CRT_HAS_IEEE_TF
+#define CRT_LDBL_IEEE_F128
+typedef long double tf_float;
+#define TF_C(x) x##L
+#elif defined(__FLOAT128__) || defined(__SIZEOF_FLOAT128__)
+#define CRT_HAS___FLOAT128_KEYWORD
+#define CRT_HAS_F128
+// NB: we assume the __float128 type uses IEEE representation.
+#define CRT_HAS_IEEE_TF
+typedef __float128 tf_float;
+#define TF_C(x) x##Q
+#endif
+
+#ifdef CRT_HAS_F128
+typedef union {
+ uqwords u;
+ tf_float f;
+} tf_bits;
+#endif
+// __(u)int128_t is currently needed to compile the *tf builtins as we would
+// otherwise need to manually expand the bit manipulation on two 64-bit value.
+#if defined(CRT_HAS_128BIT) && defined(CRT_HAS_F128)
+#define CRT_HAS_TF_MODE
+#endif
+
+#if CRT_HAS_FLOATING_POINT
#if __STDC_VERSION__ >= 199901L
typedef float _Complex Fcomplex;
typedef double _Complex Dcomplex;
typedef long double _Complex Lcomplex;
+#if defined(CRT_LDBL_128BIT)
+typedef Lcomplex Qcomplex;
+#define CRT_HAS_NATIVE_COMPLEX_F128
+#elif defined(CRT_HAS___FLOAT128_KEYWORD)
+#if defined(__clang_major__) && __clang_major__ > 10
+// Clang prior to 11 did not support __float128 _Complex.
+typedef __float128 _Complex Qcomplex;
+#define CRT_HAS_NATIVE_COMPLEX_F128
+#elif defined(__GNUC__) && __GNUC__ >= 7
+// GCC does not allow __float128 _Complex, but accepts _Float128 _Complex.
+typedef _Float128 _Complex Qcomplex;
+#define CRT_HAS_NATIVE_COMPLEX_F128
+#endif
+#endif
#define COMPLEX_REAL(x) __real__(x)
#define COMPLEX_IMAGINARY(x) __imag__(x)
@@ -194,5 +258,17 @@
#define COMPLEX_REAL(x) (x).real
#define COMPLEX_IMAGINARY(x) (x).imaginary
#endif
+
+#ifdef CRT_HAS_NATIVE_COMPLEX_F128
+#define COMPLEXTF_REAL(x) __real__(x)
+#define COMPLEXTF_IMAGINARY(x) __imag__(x)
+#elif defined(CRT_HAS_F128)
+typedef struct {
+ tf_float real, imaginary;
+} Qcomplex;
+#define COMPLEXTF_REAL(x) (x).real
+#define COMPLEXTF_IMAGINARY(x) (x).imaginary
+#endif
+
#endif
#endif // INT_TYPES_H
diff --git a/lib/cpus/aarch64/cortex_a520.S b/lib/cpus/aarch64/cortex_a520.S
index 6c2f33e..92f13f4 100644
--- a/lib/cpus/aarch64/cortex_a520.S
+++ b/lib/cpus/aarch64/cortex_a520.S
@@ -21,6 +21,11 @@
#error "Cortex A520 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+workaround_reset_start cortex_a520, ERRATUM(2630792), ERRATA_A520_2630792
+ sysreg_bit_set CORTEX_A520_CPUACTLR_EL1, BIT(38)
+workaround_reset_end cortex_a520, ERRATUM(2630792)
+
+check_erratum_ls cortex_a520, ERRATUM(2630792), CPU_REV(0, 1)
/* ----------------------------------------------------
* HW will do the cache maintenance while powering down
* ----------------------------------------------------
diff --git a/lib/cpus/aarch64/cortex_a710.S b/lib/cpus/aarch64/cortex_a710.S
index c618d98..b99fbb3 100644
--- a/lib/cpus/aarch64/cortex_a710.S
+++ b/lib/cpus/aarch64/cortex_a710.S
@@ -178,6 +178,14 @@
check_erratum_ls cortex_a710, ERRATUM(2371105), CPU_REV(2, 0)
+workaround_reset_start cortex_a710, ERRATUM(2742423), ERRATA_A710_2742423
+ /* Set CPUACTLR5_EL1[56:55] to 2'b01 */
+ sysreg_bit_set CORTEX_A710_CPUACTLR5_EL1, BIT(55)
+ sysreg_bit_clear CORTEX_A710_CPUACTLR5_EL1, BIT(56)
+workaround_reset_end cortex_a710, ERRATUM(2742423)
+
+check_erratum_ls cortex_a710, ERRATUM(2742423), CPU_REV(2, 1)
+
workaround_runtime_start cortex_a710, ERRATUM(2768515), ERRATA_A710_2768515
/* dsb before isb of power down sequence */
dsb sy
@@ -185,6 +193,12 @@
check_erratum_ls cortex_a710, ERRATUM(2768515), CPU_REV(2, 1)
+workaround_reset_start cortex_a710, ERRATUM(2778471), ERRATA_A710_2778471
+ sysreg_bit_set CORTEX_A710_CPUACTLR3_EL1, BIT(47)
+workaround_reset_end cortex_a710, ERRATUM(2778471)
+
+check_erratum_ls cortex_a710, ERRATUM(2778471), CPU_REV(2, 1)
+
workaround_reset_start cortex_a710, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
/*
diff --git a/lib/cpus/aarch64/cortex_a78c.S b/lib/cpus/aarch64/cortex_a78c.S
index d19c693..2e6e8b6 100644
--- a/lib/cpus/aarch64/cortex_a78c.S
+++ b/lib/cpus/aarch64/cortex_a78c.S
@@ -72,6 +72,14 @@
check_erratum_range cortex_a78c, ERRATUM(2395411), CPU_REV(0, 1), CPU_REV(0, 2)
+workaround_reset_start cortex_a78c, ERRATUM(2743232), ERRATA_A78C_2743232
+ /* Set CPUACTLR5_EL1[56:55] to 2'b01 */
+ sysreg_bit_set CORTEX_A78C_ACTLR5_EL1, BIT(55)
+ sysreg_bit_clear CORTEX_A78C_ACTLR5_EL1, BIT(56)
+workaround_reset_end cortex_a78c, ERRATUM(2743232)
+
+check_erratum_range cortex_a78c, ERRATUM(2743232), CPU_REV(0, 1), CPU_REV(0, 2)
+
workaround_runtime_start cortex_a78c, ERRATUM(2772121), ERRATA_A78C_2772121
/* dsb before isb of power down sequence */
dsb sy
diff --git a/lib/cpus/aarch64/cortex_x2.S b/lib/cpus/aarch64/cortex_x2.S
index 855d196..d018182 100644
--- a/lib/cpus/aarch64/cortex_x2.S
+++ b/lib/cpus/aarch64/cortex_x2.S
@@ -118,6 +118,14 @@
check_erratum_ls cortex_x2, ERRATUM(2371105), CPU_REV(2, 0)
+workaround_reset_start cortex_x2, ERRATUM(2742423), ERRATA_X2_2742423
+ /* Set CPUACTLR5_EL1[56:55] to 2'b01 */
+ sysreg_bit_set CORTEX_X2_CPUACTLR5_EL1, BIT(55)
+ sysreg_bit_clear CORTEX_X2_CPUACTLR5_EL1, BIT(56)
+workaround_reset_end cortex_x2, ERRATUM(2742423)
+
+check_erratum_ls cortex_x2, ERRATUM(2742423), CPU_REV(2, 1)
+
workaround_reset_start cortex_x2, ERRATUM(2768515), ERRATA_X2_2768515
/* dsb before isb of power down sequence */
dsb sy
@@ -125,6 +133,12 @@
check_erratum_ls cortex_x2, ERRATUM(2768515), CPU_REV(2, 1)
+workaround_reset_start cortex_x2, ERRATUM(2778471), ERRATA_X2_2778471
+ sysreg_bit_set CORTEX_X2_CPUACTLR3_EL1, BIT(47)
+workaround_reset_end cortex_x2, ERRATUM(2778471)
+
+check_erratum_ls cortex_x2, ERRATUM(2778471), CPU_REV(2, 1)
+
workaround_reset_start cortex_x2, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
/*
diff --git a/lib/cpus/aarch64/cortex_x3.S b/lib/cpus/aarch64/cortex_x3.S
index 0cb3b97..95f3d10 100644
--- a/lib/cpus/aarch64/cortex_x3.S
+++ b/lib/cpus/aarch64/cortex_x3.S
@@ -57,6 +57,13 @@
check_erratum_ls cortex_x3, ERRATUM(2742421), CPU_REV(1, 1)
+workaround_reset_start cortex_x3, ERRATUM(2779509), ERRATA_X3_2779509
+ /* Set CPUACTLR3_EL1 bit 47 */
+ sysreg_bit_set CORTEX_X3_CPUACTLR3_EL1, CORTEX_X3_CPUACTLR3_EL1_BIT_47
+workaround_reset_end cortex_x3, ERRATUM(2779509)
+
+check_erratum_ls cortex_x3, ERRATUM(2779509), CPU_REV(1, 1)
+
workaround_reset_start cortex_x3, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
override_vector_table wa_cve_vbar_cortex_x3
diff --git a/lib/cpus/aarch64/dsu_helpers.S b/lib/cpus/aarch64/dsu_helpers.S
index a34b9a6..8e5b459 100644
--- a/lib/cpus/aarch64/dsu_helpers.S
+++ b/lib/cpus/aarch64/dsu_helpers.S
@@ -151,13 +151,22 @@
* This function is called from both assembly and C environment. So it
* follows AAPCS.
*
- * Clobbers: x0-x3
+ * Clobbers: x0-x4
* -----------------------------------------------------------------------
*/
.globl check_errata_dsu_2313941
.globl errata_dsu_2313941_wa
func check_errata_dsu_2313941
+ mov x4, x30
+ bl is_scu_present_in_dsu
+ cmp x0, xzr
+ /* Default error status */
+ mov x0, #ERRATA_NOT_APPLIES
+
+ /* If SCU is not present, return without applying patch */
+ b.eq 1f
+
mov x2, #ERRATA_APPLIES
mov x3, #ERRATA_NOT_APPLIES
@@ -170,7 +179,8 @@
mov x1, #(0x31 << CLUSTERIDR_REV_SHIFT)
cmp x0, x1
csel x0, x2, x3, LS
- ret
+1:
+ ret x4
endfunc check_errata_dsu_2313941
/* --------------------------------------------------
diff --git a/lib/cpus/aarch64/neoverse_n2.S b/lib/cpus/aarch64/neoverse_n2.S
index ead3908..477522f 100644
--- a/lib/cpus/aarch64/neoverse_n2.S
+++ b/lib/cpus/aarch64/neoverse_n2.S
@@ -165,6 +165,23 @@
check_erratum_ls neoverse_n2, ERRATUM(2326639), CPU_REV(0, 0)
+workaround_runtime_start neoverse_n2, ERRATUM(2340933), ERRATA_N2_2340933
+ /* Set bit 61 in CPUACTLR5_EL1 */
+ sysreg_bit_set NEOVERSE_N2_CPUACTLR5_EL1, BIT(61)
+workaround_runtime_end neoverse_n2, ERRATUM(2340933)
+
+check_erratum_ls neoverse_n2, ERRATUM(2340933), CPU_REV(0, 0)
+
+workaround_runtime_start neoverse_n2, ERRATUM(2346952), ERRATA_N2_2346952
+ /* Set TXREQ to STATIC and full L2 TQ size */
+ mrs x1, NEOVERSE_N2_CPUECTLR2_EL1
+ mov x0, #CPUECTLR2_EL1_TXREQ_STATIC_FULL
+ bfi x1, x0, #CPUECTLR2_EL1_TXREQ_LSB, #CPUECTLR2_EL1_TXREQ_WIDTH
+ msr NEOVERSE_N2_CPUECTLR2_EL1, x1
+workaround_runtime_end neoverse_n2, ERRATUM(2346952)
+
+check_erratum_ls neoverse_n2, ERRATUM(2346952), CPU_REV(0, 2)
+
workaround_reset_start neoverse_n2, ERRATUM(2376738), ERRATA_N2_2376738
/* Set CPUACTLR2_EL1[0] to 1 to force PLDW/PFRM
* ST to behave like PLD/PFRM LD and not cause
diff --git a/lib/cpus/aarch64/neoverse_v1.S b/lib/cpus/aarch64/neoverse_v1.S
index 2a49134..c2fbb11 100644
--- a/lib/cpus/aarch64/neoverse_v1.S
+++ b/lib/cpus/aarch64/neoverse_v1.S
@@ -196,6 +196,13 @@
check_erratum_ls neoverse_v1, ERRATUM(2294912), CPU_REV(1, 2)
+workaround_runtime_start neoverse_v1, ERRATUM(2348377), ERRATA_V1_2348377
+ /* Set bit 61 in CPUACTLR5_EL1 */
+ sysreg_bit_set NEOVERSE_V1_ACTLR5_EL1, NEOVERSE_V1_ACTLR5_EL1_BIT_61
+workaround_runtime_end neoverse_v1, ERRATUM(2348377)
+
+check_erratum_ls neoverse_v1, ERRATUM(2348377), CPU_REV(1, 1)
+
workaround_reset_start neoverse_v1, ERRATUM(2372203), ERRATA_V1_2372203
/* Set bit 40 in ACTLR2_EL1 */
sysreg_bit_set NEOVERSE_V1_ACTLR2_EL1, NEOVERSE_V1_ACTLR2_EL1_BIT_40
diff --git a/lib/cpus/aarch64/neoverse_v2.S b/lib/cpus/aarch64/neoverse_v2.S
index bfd088d..d4b3a96 100644
--- a/lib/cpus/aarch64/neoverse_v2.S
+++ b/lib/cpus/aarch64/neoverse_v2.S
@@ -29,6 +29,25 @@
check_erratum_ls neoverse_v2, ERRATUM(2331132), CPU_REV(0, 2)
+workaround_reset_start neoverse_v2, ERRATUM(2618597), ERRATA_V2_2618597
+ /* Disable retention control for WFI and WFE. */
+ mrs x0, NEOVERSE_V2_CPUPWRCTLR_EL1
+ bfi x0, xzr, #NEOVERSE_V2_CPUPWRCTLR_EL1_WFI_RET_CTRL_SHIFT, \
+ #NEOVERSE_V2_CPUPWRCTLR_EL1_WFI_RET_CTRL_WIDTH
+ bfi x0, xzr, #NEOVERSE_V2_CPUPWRCTLR_EL1_WFE_RET_CTRL_SHIFT, \
+ #NEOVERSE_V2_CPUPWRCTLR_EL1_WFE_RET_CTRL_WIDTH
+ msr NEOVERSE_V2_CPUPWRCTLR_EL1, x0
+workaround_reset_end neoverse_v2, ERRATUM(2618597)
+
+check_erratum_ls neoverse_v2, ERRATUM(2618597), CPU_REV(0, 1)
+
+workaround_reset_start neoverse_v2, ERRATUM(2662553), ERRATA_V2_2662553
+ sysreg_bitfield_insert NEOVERSE_V2_CPUECTLR2_EL1, NEOVERSE_V2_CPUECTLR2_EL1_TXREQ_STATIC_FULL, \
+ NEOVERSE_V2_CPUECTLR2_EL1_TXREQ_LSB, NEOVERSE_V2_CPUECTLR2_EL1_TXREQ_WIDTH
+workaround_reset_end neoverse_v2, ERRATUM(2662553)
+
+check_erratum_ls neoverse_v2, ERRATUM(2662553), CPU_REV(0, 1)
+
workaround_reset_start neoverse_v2, ERRATUM(2719105), ERRATA_V2_2719105
sysreg_bit_set NEOVERSE_V2_CPUACTLR2_EL1, NEOVERSE_V2_CPUACTLR2_EL1_BIT_0
workaround_reset_end neoverse_v2, ERRATUM(2719105)
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index ea29047..68d6ef8 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -393,6 +393,10 @@
# It is still open.
CPU_FLAG_LIST += ERRATA_A78C_2712575
+# Flag to apply erratum 2743232 workaround during reset. This erratum applies
+# to revisions r0p1 and r0p2 of the A78C cpu. It is still open.
+CPU_FLAG_LIST += ERRATA_A78C_2743232
+
# Flag to apply erratum 2772121 workaround during powerdown. This erratum
# applies to revisions r0p0, r0p1 and r0p2 of the A78C cpu. It is still open.
CPU_FLAG_LIST += ERRATA_A78C_2772121
@@ -520,6 +524,10 @@
# to revisions r0p0, r1p0, and r1p1 and r1p2 of the Neoverse V1 cpu and is still open.
CPU_FLAG_LIST += ERRATA_V1_2294912
+# Flag to apply erratum 2348377 workaround during reset. This erratum applies
+# to revisions r0p0, r1p0 and r1p1 of the Neoverse V1 cpu and is fixed in r1p2.
+CPU_FLAG_LIST += ERRATA_V1_2348377
+
# Flag to apply erratum 2372203 workaround during reset. This erratum applies
# to revisions r0p0, r1p0 and r1p1 of the Neoverse V1 cpu and is still open.
CPU_FLAG_LIST += ERRATA_V1_2372203
@@ -607,11 +615,21 @@
# and is still open.
CPU_FLAG_LIST += ERRATA_A710_2701952
+# Flag to apply erratum 2742423 workaround during reset. This erratum applies
+# to revision r0p0, r1p0, r2p0 and r2p1 of the Cortex-A710 cpu and is still
+# open.
+CPU_FLAG_LIST += ERRATA_A710_2742423
+
# Flag to apply erratum 2768515 workaround during power down. This erratum
# applies to revision r0p0, r1p0, r2p0 and r2p1 of the Cortex-A710 cpu and is
# still open.
CPU_FLAG_LIST += ERRATA_A710_2768515
+# Flag to apply erratum 2778471 workaround during reset. This erratum applies
+# to revisions r0p0, r1p0, r2p0, r2p1 of the Cortex-A710 cpu and is still
+# open.
+CPU_FLAG_LIST += ERRATA_A710_2778471
+
# Flag to apply erratum 2002655 workaround during reset. This erratum applies
# to revisions r0p0 of the Neoverse-N2 cpu and is fixed in r0p1.
CPU_FLAG_LIST += ERRATA_N2_2002655
@@ -656,10 +674,18 @@
# to revision r0p0 of the Neoverse N2 cpu and is fixed in r0p1.
CPU_FLAG_LIST += ERRATA_N2_2280757
-# Flag to apply erraturm 2326639 workaroud during powerdown. This erratum
+# Flag to apply erratum 2326639 workaroud during powerdown. This erratum
# applies to revision r0p0 of the Neoverse N2 cpu and is fixed in r0p1.
CPU_FLAG_LIST += ERRATA_N2_2326639
+# Flag to apply erratum 2340933 workaroud during reset. This erratum
+# applies to revision r0p0 of the Neoverse N2 cpu and is fixed in r0p1.
+CPU_FLAG_LIST += ERRATA_N2_2340933
+
+# Flag to apply erratum 2346952 workaround during reset. This erratum applies
+# to r0p0, r0p1, r0p2 of the Neoverse N2 cpu, it is fixed in r0p3.
+CPU_FLAG_LIST += ERRATA_N2_2346952
+
# Flag to apply erratum 2376738 workaround during reset. This erratum applies
# to revision r0p0, r0p1, r0p2, r0p3 of the Neoverse N2 cpu and is still open.
CPU_FLAG_LIST += ERRATA_N2_2376738
@@ -730,11 +756,19 @@
# and is still open.
CPU_FLAG_LIST += ERRATA_X2_2701952
+# Flag to apply erratum 2742423 workaround during reset. This erratum applies
+# to revisions r0p0, r1p0, r2p0 and r2p1 of the Cortex-X2 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_X2_2742423
+
# Flag to apply erratum 2768515 workaround during power down. This erratum
# applies to revision r0p0, r1p0, r2p0 and r2p1 of the Cortex-X2 cpu and is
# still open.
CPU_FLAG_LIST += ERRATA_X2_2768515
+# Flag to apply erratum 2778471 workaround during reset. This erratum applies
+# to revisions r0p0, r1p0, r2p0, r2p1 of the Cortex-X2 cpu and it is still open.
+CPU_FLAG_LIST += ERRATA_X2_2778471
+
# Flag to apply erratum 2070301 workaround on reset. This erratum applies
# to revisions r0p0, r1p0, r1p1 and r1p2 of the Cortex-X3 cpu and is
# still open.
@@ -752,6 +786,10 @@
# to revisions r0p0, r1p0 and r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_X3_2742421
+# Flag to apply erratum 2779509 workaround on reset. This erratum applies
+# to revisions r0p0, r1p0, r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
+CPU_FLAG_LIST += ERRATA_X3_2779509
+
# Flag to apply erratum 1922240 workaround during reset. This erratum applies
# to revision r0p0 of the Cortex-A510 cpu and is fixed in r0p1.
CPU_FLAG_LIST += ERRATA_A510_1922240
@@ -805,10 +843,22 @@
# Cortex-A510 cpu and is fixed in r1p3.
CPU_FLAG_LIST += ERRATA_A510_2684597
+# Flag to apply erratum 2630792 workaround during reset. This erratum applies
+# to revisions r0p0, r0p1 of the Cortex-A520 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_A520_2630792
+
# Flag to apply erratum 2331132 workaround during reset. This erratum applies
# to revisions r0p0, r0p1 and r0p2. It is still open.
CPU_FLAG_LIST += ERRATA_V2_2331132
+# Flag to apply erratum 2618597 workaround during reset. This erratum applies
+# to revisions r0p0 and r0p1. It is fixed in r0p2.
+CPU_FLAG_LIST += ERRATA_V2_2618597
+
+# Flag to apply erratum 2662553 workaround during reset. This erratum applies
+# to revisions r0p0 and r0p1. It is fixed in r0p2.
+CPU_FLAG_LIST += ERRATA_V2_2662553
+
# Flag to apply erratum 2719103 workaround for non-arm interconnect ip. This
# erratum applies to revisions r0p0, rop1. Fixed in r0p2.
CPU_FLAG_LIST += ERRATA_V2_2719103
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 6231898..fdd1388 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -711,6 +711,7 @@
write_hcr_el2(hcr_el2);
}
+#if INIT_UNUSED_NS_EL2
/*******************************************************************************
* Enable architecture extensions in-place at EL2 on first entry to Non-secure
* world when EL2 is empty and unused.
@@ -757,6 +758,7 @@
#endif /* ENABLE_PAUTH */
#endif /* IMAGE_BL31 */
}
+#endif /* INIT_UNUSED_NS_EL2 */
/*******************************************************************************
* Enable architecture extensions on first entry to Secure world.
@@ -809,8 +811,9 @@
}
/* EL2 present but unused, need to disable safely. SCTLR_EL2 can be ignored */
-static __unused void init_nonsecure_el2_unused(cpu_context_t *ctx)
+static void init_nonsecure_el2_unused(cpu_context_t *ctx)
{
+#if INIT_UNUSED_NS_EL2
u_register_t hcr_el2 = HCR_RESET_VAL;
u_register_t mdcr_el2;
u_register_t scr_el3;
@@ -909,6 +912,7 @@
write_cnthp_ctl_el2(CNTHP_CTL_RESET_VAL & ~(CNTHP_CTL_ENABLE_BIT));
manage_extensions_nonsecure_el2_unused();
+#endif /* INIT_UNUSED_NS_EL2 */
}
/*******************************************************************************
diff --git a/lib/libc/printf.c b/lib/libc/printf.c
index 6931a7e..a856345 100644
--- a/lib/libc/printf.c
+++ b/lib/libc/printf.c
@@ -95,6 +95,7 @@
*
* The following padding specifiers are supported by this print
* %0NN - Left-pad the number with 0s (NN is a decimal number)
+ * %NN - Left-pad the number with spaces (NN is a decimal number)
*
* The print exits on all other formats specifiers other than valid
* combinations of the above specifiers.
@@ -191,6 +192,27 @@
fmt++;
}
assert(0); /* Unreachable */
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9':
+ padc = ' ';
+ padn = 0;
+
+ for (;;) {
+ char ch = *fmt;
+ if ((ch < '0') || (ch > '9')) {
+ goto loop;
+ }
+ padn = (padn * 10) + (ch - '0');
+ fmt++;
+ }
+ assert(0); /* Unreachable */
default:
/* Exit on any other format specifier */
return -1;
diff --git a/lib/pmf/pmf_main.c b/lib/pmf/pmf_main.c
index bf0ad83..b33f49c 100644
--- a/lib/pmf/pmf_main.c
+++ b/lib/pmf/pmf_main.c
@@ -165,7 +165,7 @@
/* Search for registered service. */
svc_desc = get_service(tid);
- if ((svc_desc == NULL) || (plat_core_pos_by_mpidr(mpidr) < 0)) {
+ if (svc_desc == NULL) {
*ts_value = 0;
return -EINVAL;
} else {
diff --git a/lib/pmf/pmf_smc.c b/lib/pmf/pmf_smc.c
index 71486df..f3dd112 100644
--- a/lib/pmf/pmf_smc.c
+++ b/lib/pmf/pmf_smc.c
@@ -26,6 +26,10 @@
int rc;
unsigned long long ts_value;
+ /* Determine if the cpu exists of not */
+ if (!is_valid_mpidr(x2))
+ return PSCI_E_INVALID_PARAMS;
+
if (((smc_fid >> FUNCID_CC_SHIFT) & FUNCID_CC_MASK) == SMC_32) {
x1 = (uint32_t)x1;
diff --git a/lib/psa/measured_boot.c b/lib/psa/measured_boot.c
index c359e9f..38990b5 100644
--- a/lib/psa/measured_boot.c
+++ b/lib/psa/measured_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -61,7 +61,6 @@
INFO(" - locking : %s\n", lock_measurement ? "true" : "false");
}
-#if !PLAT_RSS_NOT_SUPPORTED
psa_status_t
rss_measured_boot_extend_measurement(uint8_t index,
const uint8_t *signer_id,
@@ -175,47 +174,3 @@
return status;
}
-
-#else /* !PLAT_RSS_NOT_SUPPORTED */
-
-psa_status_t
-rss_measured_boot_extend_measurement(uint8_t index,
- const uint8_t *signer_id,
- size_t signer_id_size,
- const uint8_t *version,
- size_t version_size,
- uint32_t measurement_algo,
- const uint8_t *sw_type,
- size_t sw_type_size,
- const uint8_t *measurement_value,
- size_t measurement_value_size,
- bool lock_measurement)
-{
- log_measurement(index, signer_id, signer_id_size,
- version, version_size, sw_type, sw_type_size,
- measurement_algo, measurement_value,
- measurement_value_size, lock_measurement);
-
- return PSA_SUCCESS;
-}
-
-psa_status_t rss_measured_boot_read_measurement(uint8_t index,
- uint8_t *signer_id,
- size_t signer_id_size,
- size_t *signer_id_len,
- uint8_t *version,
- size_t version_size,
- size_t *version_len,
- uint32_t *measurement_algo,
- uint8_t *sw_type,
- size_t sw_type_size,
- size_t *sw_type_len,
- uint8_t *measurement_value,
- size_t measurement_value_size,
- size_t *measurement_value_len,
- bool *is_locked)
-{
- return PSA_SUCCESS;
-}
-
-#endif /* !PLAT_RSS_NOT_SUPPORTED */
diff --git a/lib/psci/psci_common.c b/lib/psci/psci_common.c
index 70bf77e..f9de432 100644
--- a/lib/psci/psci_common.c
+++ b/lib/psci/psci_common.c
@@ -818,20 +818,6 @@
}
/*******************************************************************************
- * Simple routine to determine whether a mpidr is valid or not.
- ******************************************************************************/
-int psci_validate_mpidr(u_register_t mpidr)
-{
- int pos = plat_core_pos_by_mpidr(mpidr);
-
- if ((pos < 0) || ((unsigned int)pos >= PLATFORM_CORE_COUNT)) {
- return PSCI_E_INVALID_PARAMS;
- }
-
- return PSCI_E_SUCCESS;
-}
-
-/*******************************************************************************
* This function determines the full entrypoint information for the requested
* PSCI entrypoint on power on/resume and returns it.
******************************************************************************/
diff --git a/lib/psci/psci_main.c b/lib/psci/psci_main.c
index 326f125..a015531 100644
--- a/lib/psci/psci_main.c
+++ b/lib/psci/psci_main.c
@@ -29,9 +29,8 @@
int rc;
entry_point_info_t ep;
- /* Determine if the cpu exists of not */
- rc = psci_validate_mpidr(target_cpu);
- if (rc != PSCI_E_SUCCESS)
+ /* Validate the target CPU */
+ if (!is_valid_mpidr(target_cpu))
return PSCI_E_INVALID_PARAMS;
/* Validate the entry point and get the entry_point_info */
@@ -245,19 +244,18 @@
int psci_affinity_info(u_register_t target_affinity,
unsigned int lowest_affinity_level)
{
- int ret;
unsigned int target_idx;
+ /* Validate the target affinity */
+ if (!is_valid_mpidr(target_affinity))
+ return PSCI_E_INVALID_PARAMS;
+
/* We dont support level higher than PSCI_CPU_PWR_LVL */
if (lowest_affinity_level > PSCI_CPU_PWR_LVL)
return PSCI_E_INVALID_PARAMS;
/* Calculate the cpu index of the target */
- ret = plat_core_pos_by_mpidr(target_affinity);
- if (ret == -1) {
- return PSCI_E_INVALID_PARAMS;
- }
- target_idx = (unsigned int)ret;
+ target_idx = (unsigned int) plat_core_pos_by_mpidr(target_affinity);
/*
* Generic management:
@@ -285,6 +283,10 @@
int rc;
u_register_t resident_cpu_mpidr;
+ /* Validate the target cpu */
+ if (!is_valid_mpidr(target_cpu))
+ return PSCI_E_INVALID_PARAMS;
+
rc = psci_spd_migrate_info(&resident_cpu_mpidr);
if (rc != PSCI_TOS_UP_MIG_CAP)
return (rc == PSCI_TOS_NOT_UP_MIG_CAP) ?
@@ -298,8 +300,7 @@
return PSCI_E_NOT_PRESENT;
/* Check the validity of the specified target cpu */
- rc = psci_validate_mpidr(target_cpu);
- if (rc != PSCI_E_SUCCESS)
+ if (!is_valid_mpidr(target_cpu))
return PSCI_E_INVALID_PARAMS;
assert((psci_spd_pm != NULL) && (psci_spd_pm->svc_migrate != NULL));
@@ -339,8 +340,7 @@
int rc;
/* Validate target_cpu */
- rc = psci_validate_mpidr(target_cpu);
- if (rc != PSCI_E_SUCCESS)
+ if (!is_valid_mpidr(target_cpu))
return PSCI_E_INVALID_PARAMS;
/* Validate power_level against PLAT_MAX_PWR_LVL */
diff --git a/lib/psci/psci_on.c b/lib/psci/psci_on.c
index 31875ff..b279774 100644
--- a/lib/psci/psci_on.c
+++ b/lib/psci/psci_on.c
@@ -61,15 +61,7 @@
{
int rc;
aff_info_state_t target_aff_state;
- int ret = plat_core_pos_by_mpidr(target_cpu);
- unsigned int target_idx;
-
- /* Calling function must supply valid input arguments */
- assert(ret >= 0);
- assert((unsigned int)ret < PLATFORM_CORE_COUNT);
- assert(ep != NULL);
-
- target_idx = (unsigned int)ret;
+ unsigned int target_idx = (unsigned int)plat_core_pos_by_mpidr(target_cpu);
/*
* This function must only be called on platforms where the
diff --git a/lib/psci/psci_private.h b/lib/psci/psci_private.h
index 04f93bd..2eb4a9b 100644
--- a/lib/psci/psci_private.h
+++ b/lib/psci/psci_private.h
@@ -286,7 +286,6 @@
int psci_validate_power_state(unsigned int power_state,
psci_power_state_t *state_info);
void psci_query_sys_suspend_pwrstate(psci_power_state_t *state_info);
-int psci_validate_mpidr(u_register_t mpidr);
void psci_init_req_local_pwr_states(void);
#if PSCI_OS_INIT_MODE
void psci_update_req_local_pwr_states(unsigned int end_pwrlvl,
diff --git a/lib/psci/psci_stat.c b/lib/psci/psci_stat.c
index ad88d07..bedb816 100644
--- a/lib/psci/psci_stat.c
+++ b/lib/psci/psci_stat.c
@@ -181,10 +181,8 @@
psci_power_state_t state_info = { {PSCI_LOCAL_STATE_RUN} };
plat_local_state_t local_state;
- /* Validate the target_cpu parameter and determine the cpu index */
+ /* Determine the cpu index */
target_idx = (unsigned int) plat_core_pos_by_mpidr(target_cpu);
- if (target_idx == (unsigned int) -1)
- return PSCI_E_INVALID_PARAMS;
/* Validate the power_state parameter */
if (psci_plat_pm_ops->translate_power_state_by_mpidr == NULL)
@@ -228,6 +226,11 @@
unsigned int power_state)
{
psci_stat_t psci_stat;
+
+ /* Validate the target cpu */
+ if (!is_valid_mpidr(target_cpu))
+ return 0;
+
int rc = psci_get_stat(target_cpu, power_state, &psci_stat);
if (rc == PSCI_E_SUCCESS)
@@ -241,6 +244,11 @@
unsigned int power_state)
{
psci_stat_t psci_stat;
+
+ /* Validate the target cpu */
+ if (!is_valid_mpidr(target_cpu))
+ return 0;
+
int rc = psci_get_stat(target_cpu, power_state, &psci_stat);
if (rc == PSCI_E_SUCCESS)
diff --git a/lib/transfer_list/transfer_list.c b/lib/transfer_list/transfer_list.c
index e38bf74..63969e9 100644
--- a/lib/transfer_list/transfer_list.c
+++ b/lib/transfer_list/transfer_list.c
@@ -4,6 +4,7 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <arch.h>
#include <assert.h>
#include <inttypes.h>
#include <string.h>
@@ -20,29 +21,66 @@
if (!tl) {
return;
}
- NOTICE("Dump transfer list:\n");
- NOTICE("signature 0x%x\n", tl->signature);
- NOTICE("checksum 0x%x\n", tl->checksum);
- NOTICE("version 0x%x\n", tl->version);
- NOTICE("hdr_size 0x%x\n", tl->hdr_size);
- NOTICE("alignment 0x%x\n", tl->alignment);
- NOTICE("size 0x%x\n", tl->size);
- NOTICE("max_size 0x%x\n", tl->max_size);
+ INFO("Dump transfer list:\n");
+ INFO("signature 0x%x\n", tl->signature);
+ INFO("checksum 0x%x\n", tl->checksum);
+ INFO("version 0x%x\n", tl->version);
+ INFO("hdr_size 0x%x\n", tl->hdr_size);
+ INFO("alignment 0x%x\n", tl->alignment);
+ INFO("size 0x%x\n", tl->size);
+ INFO("max_size 0x%x\n", tl->max_size);
+ INFO("flags 0x%x\n", tl->flags);
while (true) {
te = transfer_list_next(tl, te);
if (!te) {
break;
}
- NOTICE("Entry %d:\n", i++);
- NOTICE("tag_id 0x%x\n", te->tag_id);
- NOTICE("hdr_size 0x%x\n", te->hdr_size);
- NOTICE("data_size 0x%x\n", te->data_size);
- NOTICE("data_addr 0x%lx\n",
- (unsigned long)transfer_list_entry_data(te));
+ INFO("Entry %d:\n", i++);
+ INFO("tag_id 0x%x\n", te->tag_id);
+ INFO("hdr_size 0x%x\n", te->hdr_size);
+ INFO("data_size 0x%x\n", te->data_size);
+ INFO("data_addr 0x%lx\n",
+ (unsigned long)transfer_list_entry_data(te));
}
}
/*******************************************************************************
+ * Set the handoff arguments according to the transfer list payload
+ * Return pointer to the entry point info if arguments are set properly
+ * or NULL if not
+ ******************************************************************************/
+entry_point_info_t *
+transfer_list_set_handoff_args(struct transfer_list_header *tl,
+ entry_point_info_t *ep_info)
+{
+ struct transfer_list_entry *te = NULL;
+ void *dt = NULL;
+
+ if (!ep_info || !tl || transfer_list_check_header(tl) == TL_OPS_NON) {
+ return NULL;
+ }
+
+ te = transfer_list_find(tl, TL_TAG_FDT);
+ dt = transfer_list_entry_data(te);
+
+ ep_info->args.arg1 = TRANSFER_LIST_SIGNATURE |
+ REGISTER_CONVENTION_VERSION_MASK;
+ ep_info->args.arg3 = (uintptr_t)tl;
+
+ if (GET_RW(ep_info->spsr) == MODE_RW_32) {
+ /* aarch32 */
+ ep_info->args.arg0 = 0;
+ ep_info->args.arg2 = (uintptr_t)dt;
+ } else {
+ /* aarch64 */
+ ep_info->args.arg0 = (uintptr_t)dt;
+ ep_info->args.arg2 = 0;
+ }
+
+ return ep_info;
+}
+
+/*******************************************************************************
* Creating a transfer list in a reserved memory region specified
* Compliant to 2.4.5 of Firmware handoff specification (v0.9)
* Return pointer to the created transfer list or NULL on error
@@ -65,9 +103,10 @@
tl->signature = TRANSFER_LIST_SIGNATURE;
tl->version = TRANSFER_LIST_VERSION;
tl->hdr_size = sizeof(*tl);
- tl->alignment = TRANSFER_LIST_INIT_MAX_ALIGN; // initial max align
- tl->size = sizeof(*tl); // initial size is the size of header
+ tl->alignment = TRANSFER_LIST_INIT_MAX_ALIGN; /* initial max align */
+ tl->size = sizeof(*tl); /* initial size is the size of header */
tl->max_size = max_size;
+ tl->flags = TL_FLAGS_HAS_CHECKSUM;
transfer_list_update_checksum(tl);
@@ -77,11 +116,11 @@
/*******************************************************************************
* Relocating a transfer list to a reserved memory region specified
* Compliant to 2.4.6 of Firmware handoff specification (v0.9)
- * Return true on success or false on error
+ * Return pointer to the relocated transfer list or NULL on error
******************************************************************************/
-struct transfer_list_header *transfer_list_relocate(
- struct transfer_list_header *tl,
- void *addr, size_t max_size)
+struct transfer_list_header *
+transfer_list_relocate(struct transfer_list_header *tl, void *addr,
+ size_t max_size)
{
uintptr_t new_addr, align_mask, align_off;
struct transfer_list_header *new_tl;
@@ -101,7 +140,7 @@
new_max_size = max_size - (new_addr - (uintptr_t)addr);
- // the new space is not sufficient for the tl
+ /* the new space is not sufficient for the tl */
if (tl->size > new_max_size) {
return NULL;
}
@@ -120,37 +159,39 @@
* Compliant to 2.4.1 of Firmware handoff specification (v0.9)
* Return transfer list operation status code
******************************************************************************/
-enum transfer_list_ops transfer_list_check_header(
- const struct transfer_list_header *tl)
+enum transfer_list_ops
+transfer_list_check_header(const struct transfer_list_header *tl)
{
if (!tl) {
return TL_OPS_NON;
}
if (tl->signature != TRANSFER_LIST_SIGNATURE) {
- ERROR("Bad transfer list signature %#"PRIx32"\n",
+ ERROR("Bad transfer list signature %#" PRIx32 "\n",
tl->signature);
return TL_OPS_NON;
}
if (!tl->max_size) {
- ERROR("Bad transfer list max size %#"PRIx32"\n",
+ ERROR("Bad transfer list max size %#" PRIx32 "\n",
tl->max_size);
return TL_OPS_NON;
}
if (tl->size > tl->max_size) {
- ERROR("Bad transfer list size %#"PRIx32"\n", tl->size);
+ ERROR("Bad transfer list size %#" PRIx32 "\n", tl->size);
return TL_OPS_NON;
}
if (tl->hdr_size != sizeof(struct transfer_list_header)) {
- ERROR("Bad transfer list header size %#"PRIx32"\n", tl->hdr_size);
+ ERROR("Bad transfer list header size %#" PRIx32 "\n",
+ tl->hdr_size);
return TL_OPS_NON;
}
if (!transfer_list_verify_checksum(tl)) {
- ERROR("Bad transfer list checksum %#"PRIx32"\n", tl->checksum);
+ ERROR("Bad transfer list checksum %#" PRIx32 "\n",
+ tl->checksum);
return TL_OPS_NON;
}
@@ -190,14 +231,13 @@
if (last) {
va = (uintptr_t)last;
- // check if the total size overflow
- if (add_overflow(last->hdr_size,
- last->data_size, &sz)) {
+ /* check if the total size overflow */
+ if (add_overflow(last->hdr_size, last->data_size, &sz)) {
return NULL;
}
- // roundup to the next entry
- if (add_with_round_up_overflow(va, sz,
- TRANSFER_LIST_GRANULE, &va)) {
+ /* roundup to the next entry */
+ if (add_with_round_up_overflow(va, sz, TRANSFER_LIST_GRANULE,
+ &va)) {
return NULL;
}
} else {
@@ -207,9 +247,8 @@
te = (struct transfer_list_entry *)va;
if (va + sizeof(*te) > tl_ev || te->hdr_size < sizeof(*te) ||
- add_overflow(te->hdr_size, te->data_size, &sz) ||
- add_overflow(va, sz, &ev) ||
- ev > tl_ev) {
+ add_overflow(te->hdr_size, te->data_size, &sz) ||
+ add_overflow(va, sz, &ev) || ev > tl_ev) {
return NULL;
}
@@ -226,10 +265,6 @@
uint8_t cs = 0;
size_t n = 0;
- if (!tl) {
- return 0;
- }
-
for (n = 0; n < tl->size; n++) {
cs += b[n];
}
@@ -245,7 +280,7 @@
{
uint8_t cs;
- if (!tl) {
+ if (!tl || !(tl->flags & TL_FLAGS_HAS_CHECKSUM)) {
return;
}
@@ -262,6 +297,14 @@
******************************************************************************/
bool transfer_list_verify_checksum(const struct transfer_list_header *tl)
{
+ if (!tl) {
+ return false;
+ }
+
+ if (!(tl->flags & TL_FLAGS_HAS_CHECKSUM)) {
+ return true;
+ }
+
return !calc_byte_sum(tl);
}
@@ -284,27 +327,31 @@
}
tl_old_ev = (uintptr_t)tl + tl->size;
- // calculate the old and new end of TE
- // both must be roundup to align with TRANSFER_LIST_GRANULE
+ /*
+ * calculate the old and new end of TE
+ * both must be roundup to align with TRANSFER_LIST_GRANULE
+ */
if (add_overflow(te->hdr_size, te->data_size, &sz) ||
- add_with_round_up_overflow((uintptr_t)te, sz,
- TRANSFER_LIST_GRANULE, &old_ev)) {
+ add_with_round_up_overflow((uintptr_t)te, sz, TRANSFER_LIST_GRANULE,
+ &old_ev)) {
return false;
}
if (add_overflow(te->hdr_size, new_data_size, &sz) ||
- add_with_round_up_overflow((uintptr_t)te, sz,
- TRANSFER_LIST_GRANULE, &new_ev)) {
+ add_with_round_up_overflow((uintptr_t)te, sz, TRANSFER_LIST_GRANULE,
+ &new_ev)) {
return false;
}
if (new_ev > old_ev) {
- // move distance should be roundup
- // to meet the requirement of TE data max alignment
- // ensure that the increased size doesn't exceed
- // the max size of TL
+ /*
+ * move distance should be roundup
+ * to meet the requirement of TE data max alignment
+ * ensure that the increased size doesn't exceed
+ * the max size of TL
+ */
mov_dis = new_ev - old_ev;
- if (round_up_overflow(mov_dis, 1 << tl->alignment,
- &mov_dis) || tl->size + mov_dis > tl->max_size) {
+ if (round_up_overflow(mov_dis, 1 << tl->alignment, &mov_dis) ||
+ tl->size + mov_dis > tl->max_size) {
return false;
}
ru_new_ev = old_ev + mov_dis;
@@ -316,7 +363,7 @@
}
if (gap >= sizeof(*dummy_te)) {
- // create a dummy TE to fill up the gap
+ /* create a dummy TE to fill up the gap */
dummy_te = (struct transfer_list_entry *)new_ev;
dummy_te->tag_id = TL_TAG_EMPTY;
dummy_te->reserved0 = 0;
@@ -335,7 +382,7 @@
* Return true on success or false on error
******************************************************************************/
bool transfer_list_rem(struct transfer_list_header *tl,
- struct transfer_list_entry *te)
+ struct transfer_list_entry *te)
{
if (!tl || !te || (uintptr_t)te > (uintptr_t)tl + tl->size) {
return false;
@@ -369,11 +416,13 @@
tl_ev = (uintptr_t)tl + tl->size;
ev = tl_ev;
- // skip the step 1 (optional step)
- // new TE will be added into the tail
+ /*
+ * skip the step 1 (optional step)
+ * new TE will be added into the tail
+ */
if (add_overflow(sizeof(*te), data_size, &sz) ||
- add_with_round_up_overflow(ev, sz,
- TRANSFER_LIST_GRANULE, &ev) || ev > max_tl_ev) {
+ add_with_round_up_overflow(ev, sz, TRANSFER_LIST_GRANULE, &ev) ||
+ ev > max_tl_ev) {
return NULL;
}
@@ -385,7 +434,7 @@
tl->size += ev - tl_ev;
if (data) {
- // get TE data pointer
+ /* get TE data pointer */
te_data = transfer_list_entry_data(te);
if (!te_data) {
return NULL;
@@ -404,10 +453,10 @@
* Compliant to 2.4.4 of Firmware handoff specification (v0.9)
* Return pointer to the added transfer entry or NULL on error
******************************************************************************/
-struct transfer_list_entry *transfer_list_add_with_align(
- struct transfer_list_header *tl,
- uint16_t tag_id, uint32_t data_size,
- const void *data, uint8_t alignment)
+struct transfer_list_entry *
+transfer_list_add_with_align(struct transfer_list_header *tl, uint16_t tag_id,
+ uint32_t data_size, const void *data,
+ uint8_t alignment)
{
struct transfer_list_entry *te = NULL;
uintptr_t tl_ev, ev, new_tl_ev;
@@ -421,15 +470,17 @@
ev = tl_ev + sizeof(struct transfer_list_entry);
if (!is_aligned(ev, 1 << alignment)) {
- // TE data address is not aligned to the new alignment
- // fill the gap with an empty TE as a placeholder before
- // adding the desire TE
+ /*
+ * TE data address is not aligned to the new alignment
+ * fill the gap with an empty TE as a placeholder before
+ * adding the desire TE
+ */
new_tl_ev = round_up(ev, 1 << alignment) -
- sizeof(struct transfer_list_entry);
- dummy_te_data_sz = new_tl_ev - tl_ev -
- sizeof(struct transfer_list_entry);
+ sizeof(struct transfer_list_entry);
+ dummy_te_data_sz =
+ new_tl_ev - tl_ev - sizeof(struct transfer_list_entry);
if (!transfer_list_add(tl, TL_TAG_EMPTY, dummy_te_data_sz,
- NULL)) {
+ NULL)) {
return NULL;
}
}
diff --git a/lib/xlat_tables_v2/xlat_tables_context.c b/lib/xlat_tables_v2/xlat_tables_context.c
index 2fbbc78..ae9244a 100644
--- a/lib/xlat_tables_v2/xlat_tables_context.c
+++ b/lib/xlat_tables_v2/xlat_tables_context.c
@@ -200,7 +200,7 @@
* region. Therefore, in this case we have to assume that the whole address
* space size might be mapped.
*/
-#ifdef PLAT_XLAT_TABLES_DYNAMIC
+#if PLAT_XLAT_TABLES_DYNAMIC
#define MAX_PHYS_ADDR tf_xlat_ctx.pa_max_address
#else
#define MAX_PHYS_ADDR tf_xlat_ctx.max_pa
diff --git a/lib/zlib/adler32.c b/lib/zlib/adler32.c
index d0be438..04b81d2 100644
--- a/lib/zlib/adler32.c
+++ b/lib/zlib/adler32.c
@@ -7,8 +7,6 @@
#include "zutil.h"
-local uLong adler32_combine_ OF((uLong adler1, uLong adler2, z_off64_t len2));
-
#define BASE 65521U /* largest prime smaller than 65536 */
#define NMAX 5552
/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */
@@ -60,11 +58,7 @@
#endif
/* ========================================================================= */
-uLong ZEXPORT adler32_z(adler, buf, len)
- uLong adler;
- const Bytef *buf;
- z_size_t len;
-{
+uLong ZEXPORT adler32_z(uLong adler, const Bytef *buf, z_size_t len) {
unsigned long sum2;
unsigned n;
@@ -131,20 +125,12 @@
}
/* ========================================================================= */
-uLong ZEXPORT adler32(adler, buf, len)
- uLong adler;
- const Bytef *buf;
- uInt len;
-{
+uLong ZEXPORT adler32(uLong adler, const Bytef *buf, uInt len) {
return adler32_z(adler, buf, len);
}
/* ========================================================================= */
-local uLong adler32_combine_(adler1, adler2, len2)
- uLong adler1;
- uLong adler2;
- z_off64_t len2;
-{
+local uLong adler32_combine_(uLong adler1, uLong adler2, z_off64_t len2) {
unsigned long sum1;
unsigned long sum2;
unsigned rem;
@@ -169,18 +155,10 @@
}
/* ========================================================================= */
-uLong ZEXPORT adler32_combine(adler1, adler2, len2)
- uLong adler1;
- uLong adler2;
- z_off_t len2;
-{
+uLong ZEXPORT adler32_combine(uLong adler1, uLong adler2, z_off_t len2) {
return adler32_combine_(adler1, adler2, len2);
}
-uLong ZEXPORT adler32_combine64(adler1, adler2, len2)
- uLong adler1;
- uLong adler2;
- z_off64_t len2;
-{
+uLong ZEXPORT adler32_combine64(uLong adler1, uLong adler2, z_off64_t len2) {
return adler32_combine_(adler1, adler2, len2);
}
diff --git a/lib/zlib/crc32.c b/lib/zlib/crc32.c
index 21a69a8..6c38f5c 100644
--- a/lib/zlib/crc32.c
+++ b/lib/zlib/crc32.c
@@ -103,19 +103,6 @@
# define ARMCRC32
#endif
-/* Local functions. */
-local z_crc_t multmodp OF((z_crc_t a, z_crc_t b));
-local z_crc_t x2nmodp OF((z_off64_t n, unsigned k));
-
-#if defined(W) && (!defined(ARMCRC32) || defined(DYNAMIC_CRC_TABLE))
- local z_word_t byte_swap OF((z_word_t word));
-#endif
-
-#if defined(W) && !defined(ARMCRC32)
- local z_crc_t crc_word OF((z_word_t data));
- local z_word_t crc_word_big OF((z_word_t data));
-#endif
-
#if defined(W) && (!defined(ARMCRC32) || defined(DYNAMIC_CRC_TABLE))
/*
Swap the bytes in a z_word_t to convert between little and big endian. Any
@@ -123,9 +110,7 @@
instruction, if one is available. This assumes that word_t is either 32 bits
or 64 bits.
*/
-local z_word_t byte_swap(word)
- z_word_t word;
-{
+local z_word_t byte_swap(z_word_t word) {
# if W == 8
return
(word & 0xff00000000000000) >> 56 |
@@ -146,24 +131,77 @@
}
#endif
+#ifdef DYNAMIC_CRC_TABLE
+/* =========================================================================
+ * Table of powers of x for combining CRC-32s, filled in by make_crc_table()
+ * below.
+ */
+ local z_crc_t FAR x2n_table[32];
+#else
+/* =========================================================================
+ * Tables for byte-wise and braided CRC-32 calculations, and a table of powers
+ * of x for combining CRC-32s, all made by make_crc_table().
+ */
+# include "crc32.h"
+#endif
+
/* CRC polynomial. */
#define POLY 0xedb88320 /* p(x) reflected, with x^32 implied */
-#ifdef DYNAMIC_CRC_TABLE
+/*
+ Return a(x) multiplied by b(x) modulo p(x), where p(x) is the CRC polynomial,
+ reflected. For speed, this requires that a not be zero.
+ */
+local z_crc_t multmodp(z_crc_t a, z_crc_t b) {
+ z_crc_t m, p;
+
+ m = (z_crc_t)1 << 31;
+ p = 0;
+ for (;;) {
+ if (a & m) {
+ p ^= b;
+ if ((a & (m - 1)) == 0)
+ break;
+ }
+ m >>= 1;
+ b = b & 1 ? (b >> 1) ^ POLY : b >> 1;
+ }
+ return p;
+}
+/*
+ Return x^(n * 2^k) modulo p(x). Requires that x2n_table[] has been
+ initialized.
+ */
+local z_crc_t x2nmodp(z_off64_t n, unsigned k) {
+ z_crc_t p;
+
+ p = (z_crc_t)1 << 31; /* x^0 == 1 */
+ while (n) {
+ if (n & 1)
+ p = multmodp(x2n_table[k & 31], p);
+ n >>= 1;
+ k++;
+ }
+ return p;
+}
+
+#ifdef DYNAMIC_CRC_TABLE
+/* =========================================================================
+ * Build the tables for byte-wise and braided CRC-32 calculations, and a table
+ * of powers of x for combining CRC-32s.
+ */
local z_crc_t FAR crc_table[256];
-local z_crc_t FAR x2n_table[32];
-local void make_crc_table OF((void));
#ifdef W
local z_word_t FAR crc_big_table[256];
local z_crc_t FAR crc_braid_table[W][256];
local z_word_t FAR crc_braid_big_table[W][256];
- local void braid OF((z_crc_t [][256], z_word_t [][256], int, int));
+ local void braid(z_crc_t [][256], z_word_t [][256], int, int);
#endif
#ifdef MAKECRCH
- local void write_table OF((FILE *, const z_crc_t FAR *, int));
- local void write_table32hi OF((FILE *, const z_word_t FAR *, int));
- local void write_table64 OF((FILE *, const z_word_t FAR *, int));
+ local void write_table(FILE *, const z_crc_t FAR *, int);
+ local void write_table32hi(FILE *, const z_word_t FAR *, int);
+ local void write_table64(FILE *, const z_word_t FAR *, int);
#endif /* MAKECRCH */
/*
@@ -176,7 +214,6 @@
/* Definition of once functionality. */
typedef struct once_s once_t;
-local void once OF((once_t *, void (*)(void)));
/* Check for the availability of atomics. */
#if defined(__STDC__) && __STDC_VERSION__ >= 201112L && \
@@ -196,10 +233,7 @@
invoke once() at the same time. The state must be a once_t initialized with
ONCE_INIT.
*/
-local void once(state, init)
- once_t *state;
- void (*init)(void);
-{
+local void once(once_t *state, void (*init)(void)) {
if (!atomic_load(&state->done)) {
if (atomic_flag_test_and_set(&state->begun))
while (!atomic_load(&state->done))
@@ -222,10 +256,7 @@
/* Test and set. Alas, not atomic, but tries to minimize the period of
vulnerability. */
-local int test_and_set OF((int volatile *));
-local int test_and_set(flag)
- int volatile *flag;
-{
+local int test_and_set(int volatile *flag) {
int was;
was = *flag;
@@ -234,10 +265,7 @@
}
/* Run the provided init() function once. This is not thread-safe. */
-local void once(state, init)
- once_t *state;
- void (*init)(void);
-{
+local void once(once_t *state, void (*init)(void)) {
if (!state->done) {
if (test_and_set(&state->begun))
while (!state->done)
@@ -279,8 +307,7 @@
combinations of CRC register values and incoming bytes.
*/
-local void make_crc_table(void)
-{
+local void make_crc_table(void) {
unsigned i, j, n;
z_crc_t p;
@@ -447,11 +474,7 @@
Write the 32-bit values in table[0..k-1] to out, five per line in
hexadecimal separated by commas.
*/
-local void write_table(out, table, k)
- FILE *out;
- const z_crc_t FAR *table;
- int k;
-{
+local void write_table(FILE *out, const z_crc_t FAR *table, int k) {
int n;
for (n = 0; n < k; n++)
@@ -464,11 +487,7 @@
Write the high 32-bits of each value in table[0..k-1] to out, five per line
in hexadecimal separated by commas.
*/
-local void write_table32hi(out, table, k)
-FILE *out;
-const z_word_t FAR *table;
-int k;
-{
+local void write_table32hi(FILE *out, const z_word_t FAR *table, int k) {
int n;
for (n = 0; n < k; n++)
@@ -484,11 +503,7 @@
bits. If not, then the type cast and format string can be adjusted
accordingly.
*/
-local void write_table64(out, table, k)
- FILE *out;
- const z_word_t FAR *table;
- int k;
-{
+local void write_table64(FILE *out, const z_word_t FAR *table, int k) {
int n;
for (n = 0; n < k; n++)
@@ -498,8 +513,7 @@
}
/* Actually do the deed. */
-int main(void)
-{
+int main(void) {
make_crc_table();
return 0;
}
@@ -511,12 +525,7 @@
Generate the little and big-endian braid tables for the given n and z_word_t
size w. Each array must have room for w blocks of 256 elements.
*/
-local void braid(ltl, big, n, w)
- z_crc_t ltl[][256];
- z_word_t big[][256];
- int n;
- int w;
-{
+local void braid(z_crc_t ltl[][256], z_word_t big[][256], int n, int w) {
int k;
z_crc_t i, p, q;
for (k = 0; k < w; k++) {
@@ -531,69 +540,13 @@
}
#endif
-#else /* !DYNAMIC_CRC_TABLE */
-/* ========================================================================
- * Tables for byte-wise and braided CRC-32 calculations, and a table of powers
- * of x for combining CRC-32s, all made by make_crc_table().
- */
-#include "crc32.h"
#endif /* DYNAMIC_CRC_TABLE */
-/* ========================================================================
- * Routines used for CRC calculation. Some are also required for the table
- * generation above.
- */
-
-/*
- Return a(x) multiplied by b(x) modulo p(x), where p(x) is the CRC polynomial,
- reflected. For speed, this requires that a not be zero.
- */
-local z_crc_t multmodp(a, b)
- z_crc_t a;
- z_crc_t b;
-{
- z_crc_t m, p;
-
- m = (z_crc_t)1 << 31;
- p = 0;
- for (;;) {
- if (a & m) {
- p ^= b;
- if ((a & (m - 1)) == 0)
- break;
- }
- m >>= 1;
- b = b & 1 ? (b >> 1) ^ POLY : b >> 1;
- }
- return p;
-}
-
-/*
- Return x^(n * 2^k) modulo p(x). Requires that x2n_table[] has been
- initialized.
- */
-local z_crc_t x2nmodp(n, k)
- z_off64_t n;
- unsigned k;
-{
- z_crc_t p;
-
- p = (z_crc_t)1 << 31; /* x^0 == 1 */
- while (n) {
- if (n & 1)
- p = multmodp(x2n_table[k & 31], p);
- n >>= 1;
- k++;
- }
- return p;
-}
-
/* =========================================================================
* This function can be used by asm versions of crc32(), and to force the
* generation of the CRC tables in a threaded application.
*/
-const z_crc_t FAR * ZEXPORT get_crc_table()
-{
+const z_crc_t FAR * ZEXPORT get_crc_table(void) {
#ifdef DYNAMIC_CRC_TABLE
once(&made, make_crc_table);
#endif /* DYNAMIC_CRC_TABLE */
@@ -619,11 +572,8 @@
#define Z_BATCH_ZEROS 0xa10d3d0c /* computed from Z_BATCH = 3990 */
#define Z_BATCH_MIN 800 /* fewest words in a final batch */
-unsigned long ZEXPORT crc32_z(crc, buf, len)
- unsigned long crc;
- const unsigned char FAR *buf;
- z_size_t len;
-{
+unsigned long ZEXPORT crc32_z(unsigned long crc, const unsigned char FAR *buf,
+ z_size_t len) {
z_crc_t val;
z_word_t crc1, crc2;
const z_word_t *word;
@@ -723,18 +673,14 @@
least-significant byte of the word as the first byte of data, without any pre
or post conditioning. This is used to combine the CRCs of each braid.
*/
-local z_crc_t crc_word(data)
- z_word_t data;
-{
+local z_crc_t crc_word(z_word_t data) {
int k;
for (k = 0; k < W; k++)
data = (data >> 8) ^ crc_table[data & 0xff];
return (z_crc_t)data;
}
-local z_word_t crc_word_big(data)
- z_word_t data;
-{
+local z_word_t crc_word_big(z_word_t data) {
int k;
for (k = 0; k < W; k++)
data = (data << 8) ^
@@ -745,11 +691,8 @@
#endif
/* ========================================================================= */
-unsigned long ZEXPORT crc32_z(crc, buf, len)
- unsigned long crc;
- const unsigned char FAR *buf;
- z_size_t len;
-{
+unsigned long ZEXPORT crc32_z(unsigned long crc, const unsigned char FAR *buf,
+ z_size_t len) {
/* Return initial CRC, if requested. */
if (buf == Z_NULL) return 0;
@@ -781,8 +724,8 @@
words = (z_word_t const *)buf;
/* Do endian check at execution time instead of compile time, since ARM
- processors can change the endianess at execution time. If the
- compiler knows what the endianess will be, it can optimize out the
+ processors can change the endianness at execution time. If the
+ compiler knows what the endianness will be, it can optimize out the
check and the unused branch. */
endian = 1;
if (*(unsigned char *)&endian) {
@@ -1069,20 +1012,13 @@
#endif
/* ========================================================================= */
-unsigned long ZEXPORT crc32(crc, buf, len)
- unsigned long crc;
- const unsigned char FAR *buf;
- uInt len;
-{
+unsigned long ZEXPORT crc32(unsigned long crc, const unsigned char FAR *buf,
+ uInt len) {
return crc32_z(crc, buf, len);
}
/* ========================================================================= */
-uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
- uLong crc1;
- uLong crc2;
- z_off64_t len2;
-{
+uLong ZEXPORT crc32_combine64(uLong crc1, uLong crc2, z_off64_t len2) {
#ifdef DYNAMIC_CRC_TABLE
once(&made, make_crc_table);
#endif /* DYNAMIC_CRC_TABLE */
@@ -1090,18 +1026,12 @@
}
/* ========================================================================= */
-uLong ZEXPORT crc32_combine(crc1, crc2, len2)
- uLong crc1;
- uLong crc2;
- z_off_t len2;
-{
+uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2) {
return crc32_combine64(crc1, crc2, (z_off64_t)len2);
}
/* ========================================================================= */
-uLong ZEXPORT crc32_combine_gen64(len2)
- z_off64_t len2;
-{
+uLong ZEXPORT crc32_combine_gen64(z_off64_t len2) {
#ifdef DYNAMIC_CRC_TABLE
once(&made, make_crc_table);
#endif /* DYNAMIC_CRC_TABLE */
@@ -1109,17 +1039,11 @@
}
/* ========================================================================= */
-uLong ZEXPORT crc32_combine_gen(len2)
- z_off_t len2;
-{
+uLong ZEXPORT crc32_combine_gen(z_off_t len2) {
return crc32_combine_gen64((z_off64_t)len2);
}
/* ========================================================================= */
-uLong ZEXPORT crc32_combine_op(crc1, crc2, op)
- uLong crc1;
- uLong crc2;
- uLong op;
-{
+uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op) {
return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
}
diff --git a/lib/zlib/inffast.c b/lib/zlib/inffast.c
index 1fec7f3..9354676 100644
--- a/lib/zlib/inffast.c
+++ b/lib/zlib/inffast.c
@@ -47,10 +47,7 @@
requires strm->avail_out >= 258 for each loop to avoid checking for
output space.
*/
-void ZLIB_INTERNAL inflate_fast(strm, start)
-z_streamp strm;
-unsigned start; /* inflate()'s starting value for strm->avail_out */
-{
+void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start) {
struct inflate_state FAR *state;
z_const unsigned char FAR *in; /* local strm->next_in */
z_const unsigned char FAR *last; /* have enough input while in < last */
diff --git a/lib/zlib/inffast.h b/lib/zlib/inffast.h
index e5c1aa4..49c6d15 100644
--- a/lib/zlib/inffast.h
+++ b/lib/zlib/inffast.h
@@ -8,4 +8,4 @@
subject to change. Applications should only use zlib.h.
*/
-void ZLIB_INTERNAL inflate_fast OF((z_streamp strm, unsigned start));
+void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start);
diff --git a/lib/zlib/inflate.c b/lib/zlib/inflate.c
index aa25e61..b0757a9 100644
--- a/lib/zlib/inflate.c
+++ b/lib/zlib/inflate.c
@@ -91,20 +91,7 @@
# endif
#endif
-/* function prototypes */
-local int inflateStateCheck OF((z_streamp strm));
-local void fixedtables OF((struct inflate_state FAR *state));
-local int updatewindow OF((z_streamp strm, const unsigned char FAR *end,
- unsigned copy));
-#ifdef BUILDFIXED
- void makefixed OF((void));
-#endif
-local unsigned syncsearch OF((unsigned FAR *have, const unsigned char FAR *buf,
- unsigned len));
-
-local int inflateStateCheck(strm)
-z_streamp strm;
-{
+local int inflateStateCheck(z_streamp strm) {
struct inflate_state FAR *state;
if (strm == Z_NULL ||
strm->zalloc == (alloc_func)0 || strm->zfree == (free_func)0)
@@ -116,9 +103,7 @@
return 0;
}
-int ZEXPORT inflateResetKeep(strm)
-z_streamp strm;
-{
+int ZEXPORT inflateResetKeep(z_streamp strm) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
@@ -142,9 +127,7 @@
return Z_OK;
}
-int ZEXPORT inflateReset(strm)
-z_streamp strm;
-{
+int ZEXPORT inflateReset(z_streamp strm) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
@@ -155,10 +138,7 @@
return inflateResetKeep(strm);
}
-int ZEXPORT inflateReset2(strm, windowBits)
-z_streamp strm;
-int windowBits;
-{
+int ZEXPORT inflateReset2(z_streamp strm, int windowBits) {
int wrap;
struct inflate_state FAR *state;
@@ -195,12 +175,8 @@
return inflateReset(strm);
}
-int ZEXPORT inflateInit2_(strm, windowBits, version, stream_size)
-z_streamp strm;
-int windowBits;
-const char *version;
-int stream_size;
-{
+int ZEXPORT inflateInit2_(z_streamp strm, int windowBits,
+ const char *version, int stream_size) {
int ret;
struct inflate_state FAR *state;
@@ -239,22 +215,17 @@
return ret;
}
-int ZEXPORT inflateInit_(strm, version, stream_size)
-z_streamp strm;
-const char *version;
-int stream_size;
-{
+int ZEXPORT inflateInit_(z_streamp strm, const char *version,
+ int stream_size) {
return inflateInit2_(strm, DEF_WBITS, version, stream_size);
}
-int ZEXPORT inflatePrime(strm, bits, value)
-z_streamp strm;
-int bits;
-int value;
-{
+int ZEXPORT inflatePrime(z_streamp strm, int bits, int value) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+ if (bits == 0)
+ return Z_OK;
state = (struct inflate_state FAR *)strm->state;
if (bits < 0) {
state->hold = 0;
@@ -278,9 +249,7 @@
used for threaded applications, since the rewriting of the tables and virgin
may not be thread-safe.
*/
-local void fixedtables(state)
-struct inflate_state FAR *state;
-{
+local void fixedtables(struct inflate_state FAR *state) {
#ifdef BUILDFIXED
static int virgin = 1;
static code *lenfix, *distfix;
@@ -396,11 +365,7 @@
output will fall in the output data, making match copies simpler and faster.
The advantage may be dependent on the size of the processor's data caches.
*/
-local int updatewindow(strm, end, copy)
-z_streamp strm;
-const Bytef *end;
-unsigned copy;
-{
+local int updatewindow(z_streamp strm, const Bytef *end, unsigned copy) {
struct inflate_state FAR *state;
unsigned dist;
@@ -622,10 +587,7 @@
will return Z_BUF_ERROR if it has not reached the end of the stream.
*/
-int ZEXPORT inflate(strm, flush)
-z_streamp strm;
-int flush;
-{
+int ZEXPORT inflate(z_streamp strm, int flush) {
struct inflate_state FAR *state;
z_const unsigned char FAR *next; /* next input */
unsigned char FAR *put; /* next output */
@@ -1301,9 +1263,7 @@
return ret;
}
-int ZEXPORT inflateEnd(strm)
-z_streamp strm;
-{
+int ZEXPORT inflateEnd(z_streamp strm) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm))
return Z_STREAM_ERROR;
@@ -1315,11 +1275,8 @@
return Z_OK;
}
-int ZEXPORT inflateGetDictionary(strm, dictionary, dictLength)
-z_streamp strm;
-Bytef *dictionary;
-uInt *dictLength;
-{
+int ZEXPORT inflateGetDictionary(z_streamp strm, Bytef *dictionary,
+ uInt *dictLength) {
struct inflate_state FAR *state;
/* check state */
@@ -1338,11 +1295,8 @@
return Z_OK;
}
-int ZEXPORT inflateSetDictionary(strm, dictionary, dictLength)
-z_streamp strm;
-const Bytef *dictionary;
-uInt dictLength;
-{
+int ZEXPORT inflateSetDictionary(z_streamp strm, const Bytef *dictionary,
+ uInt dictLength) {
struct inflate_state FAR *state;
unsigned long dictid;
int ret;
@@ -1373,10 +1327,7 @@
return Z_OK;
}
-int ZEXPORT inflateGetHeader(strm, head)
-z_streamp strm;
-gz_headerp head;
-{
+int ZEXPORT inflateGetHeader(z_streamp strm, gz_headerp head) {
struct inflate_state FAR *state;
/* check state */
@@ -1401,11 +1352,8 @@
called again with more data and the *have state. *have is initialized to
zero for the first call.
*/
-local unsigned syncsearch(have, buf, len)
-unsigned FAR *have;
-const unsigned char FAR *buf;
-unsigned len;
-{
+local unsigned syncsearch(unsigned FAR *have, const unsigned char FAR *buf,
+ unsigned len) {
unsigned got;
unsigned next;
@@ -1424,9 +1372,7 @@
return next;
}
-int ZEXPORT inflateSync(strm)
-z_streamp strm;
-{
+int ZEXPORT inflateSync(z_streamp strm) {
unsigned len; /* number of bytes to look at or looked at */
int flags; /* temporary to save header status */
unsigned long in, out; /* temporary to save total_in and total_out */
@@ -1482,9 +1428,7 @@
block. When decompressing, PPP checks that at the end of input packet,
inflate is waiting for these length bytes.
*/
-int ZEXPORT inflateSyncPoint(strm)
-z_streamp strm;
-{
+int ZEXPORT inflateSyncPoint(z_streamp strm) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
@@ -1492,10 +1436,7 @@
return state->mode == STORED && state->bits == 0;
}
-int ZEXPORT inflateCopy(dest, source)
-z_streamp dest;
-z_streamp source;
-{
+int ZEXPORT inflateCopy(z_streamp dest, z_streamp source) {
struct inflate_state FAR *state;
struct inflate_state FAR *copy;
unsigned char FAR *window;
@@ -1539,10 +1480,7 @@
return Z_OK;
}
-int ZEXPORT inflateUndermine(strm, subvert)
-z_streamp strm;
-int subvert;
-{
+int ZEXPORT inflateUndermine(z_streamp strm, int subvert) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
@@ -1557,10 +1495,7 @@
#endif
}
-int ZEXPORT inflateValidate(strm, check)
-z_streamp strm;
-int check;
-{
+int ZEXPORT inflateValidate(z_streamp strm, int check) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
@@ -1572,9 +1507,7 @@
return Z_OK;
}
-long ZEXPORT inflateMark(strm)
-z_streamp strm;
-{
+long ZEXPORT inflateMark(z_streamp strm) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm))
@@ -1585,9 +1518,7 @@
(state->mode == MATCH ? state->was - state->length : 0));
}
-unsigned long ZEXPORT inflateCodesUsed(strm)
-z_streamp strm;
-{
+unsigned long ZEXPORT inflateCodesUsed(z_streamp strm) {
struct inflate_state FAR *state;
if (inflateStateCheck(strm)) return (unsigned long)-1;
state = (struct inflate_state FAR *)strm->state;
diff --git a/lib/zlib/inftrees.c b/lib/zlib/inftrees.c
index 57d2793..8a208c2 100644
--- a/lib/zlib/inftrees.c
+++ b/lib/zlib/inftrees.c
@@ -1,5 +1,5 @@
/* inftrees.c -- generate Huffman trees for efficient decoding
- * Copyright (C) 1995-2022 Mark Adler
+ * Copyright (C) 1995-2023 Mark Adler
* For conditions of distribution and use, see copyright notice in zlib.h
*/
@@ -9,7 +9,7 @@
#define MAXBITS 15
const char inflate_copyright[] =
- " inflate 1.2.13 Copyright 1995-2022 Mark Adler ";
+ " inflate 1.3 Copyright 1995-2023 Mark Adler ";
/*
If you use the zlib library in a product, an acknowledgment is welcome
in the documentation of your product. If for some reason you cannot
@@ -29,14 +29,9 @@
table index bits. It will differ if the request is greater than the
longest code or if it is less than the shortest code.
*/
-int ZLIB_INTERNAL inflate_table(type, lens, codes, table, bits, work)
-codetype type;
-unsigned short FAR *lens;
-unsigned codes;
-code FAR * FAR *table;
-unsigned FAR *bits;
-unsigned short FAR *work;
-{
+int ZLIB_INTERNAL inflate_table(codetype type, unsigned short FAR *lens,
+ unsigned codes, code FAR * FAR *table,
+ unsigned FAR *bits, unsigned short FAR *work) {
unsigned len; /* a code's length in bits */
unsigned sym; /* index of code symbols */
unsigned min, max; /* minimum and maximum code lengths */
@@ -62,7 +57,7 @@
35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0};
static const unsigned short lext[31] = { /* Length codes 257..285 extra */
16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,
- 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 194, 65};
+ 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 198, 203};
static const unsigned short dbase[32] = { /* Distance codes 0..29 base */
1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,
257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,
diff --git a/lib/zlib/inftrees.h b/lib/zlib/inftrees.h
index f536653..a10712d 100644
--- a/lib/zlib/inftrees.h
+++ b/lib/zlib/inftrees.h
@@ -57,6 +57,6 @@
DISTS
} codetype;
-int ZLIB_INTERNAL inflate_table OF((codetype type, unsigned short FAR *lens,
- unsigned codes, code FAR * FAR *table,
- unsigned FAR *bits, unsigned short FAR *work));
+int ZLIB_INTERNAL inflate_table(codetype type, unsigned short FAR *lens,
+ unsigned codes, code FAR * FAR *table,
+ unsigned FAR *bits, unsigned short FAR *work);
diff --git a/lib/zlib/zconf.h b/lib/zlib/zconf.h
index bf977d3..fb76ffe 100644
--- a/lib/zlib/zconf.h
+++ b/lib/zlib/zconf.h
@@ -241,7 +241,11 @@
#endif
#ifdef Z_SOLO
- typedef unsigned long z_size_t;
+# ifdef _WIN64
+ typedef unsigned long long z_size_t;
+# else
+ typedef unsigned long z_size_t;
+# endif
#else
# define z_longlong long long
# if defined(NO_SIZE_T)
@@ -520,7 +524,7 @@
#if !defined(_WIN32) && defined(Z_LARGE64)
# define z_off64_t off64_t
#else
-# if defined(_WIN32) && !defined(__GNUC__) && !defined(Z_SOLO)
+# if defined(_WIN32) && !defined(__GNUC__)
# define z_off64_t __int64
# else
# define z_off64_t z_off_t
diff --git a/lib/zlib/zlib.h b/lib/zlib/zlib.h
index 953cb50..6b7244f 100644
--- a/lib/zlib/zlib.h
+++ b/lib/zlib/zlib.h
@@ -1,7 +1,7 @@
/* zlib.h -- interface of the 'zlib' general purpose compression library
- version 1.2.13, October 13th, 2022
+ version 1.3, August 18th, 2023
- Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler
+ Copyright (C) 1995-2023 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
@@ -37,11 +37,11 @@
extern "C" {
#endif
-#define ZLIB_VERSION "1.2.13"
-#define ZLIB_VERNUM 0x12d0
+#define ZLIB_VERSION "1.3"
+#define ZLIB_VERNUM 0x1300
#define ZLIB_VER_MAJOR 1
-#define ZLIB_VER_MINOR 2
-#define ZLIB_VER_REVISION 13
+#define ZLIB_VER_MINOR 3
+#define ZLIB_VER_REVISION 0
#define ZLIB_VER_SUBREVISION 0
/*
@@ -78,8 +78,8 @@
even in the case of corrupted input.
*/
-typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size));
-typedef void (*free_func) OF((voidpf opaque, voidpf address));
+typedef voidpf (*alloc_func)(voidpf opaque, uInt items, uInt size);
+typedef void (*free_func)(voidpf opaque, voidpf address);
struct internal_state;
@@ -217,7 +217,7 @@
/* basic functions */
-ZEXTERN const char * ZEXPORT zlibVersion OF((void));
+ZEXTERN const char * ZEXPORT zlibVersion(void);
/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
If the first character differs, the library code actually used is not
compatible with the zlib.h header file used by the application. This check
@@ -225,12 +225,12 @@
*/
/*
-ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level));
+ZEXTERN int ZEXPORT deflateInit(z_streamp strm, int level);
Initializes the internal stream state for compression. The fields
zalloc, zfree and opaque must be initialized before by the caller. If
zalloc and zfree are set to Z_NULL, deflateInit updates them to use default
- allocation functions.
+ allocation functions. total_in, total_out, adler, and msg are initialized.
The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
1 gives best speed, 9 gives best compression, 0 gives no compression at all
@@ -247,7 +247,7 @@
*/
-ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush));
+ZEXTERN int ZEXPORT deflate(z_streamp strm, int flush);
/*
deflate compresses as much data as possible, and stops when the input
buffer becomes empty or the output buffer becomes full. It may introduce
@@ -320,8 +320,8 @@
with the same value of the flush parameter and more output space (updated
avail_out), until the flush is complete (deflate returns with non-zero
avail_out). In the case of a Z_FULL_FLUSH or Z_SYNC_FLUSH, make sure that
- avail_out is greater than six to avoid repeated flush markers due to
- avail_out == 0 on return.
+ avail_out is greater than six when the flush marker begins, in order to avoid
+ repeated flush markers upon calling deflate() again when avail_out == 0.
If the parameter flush is set to Z_FINISH, pending input is processed,
pending output is flushed and deflate returns with Z_STREAM_END if there was
@@ -360,7 +360,7 @@
*/
-ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm));
+ZEXTERN int ZEXPORT deflateEnd(z_streamp strm);
/*
All dynamically allocated data structures for this stream are freed.
This function discards any unprocessed input and does not flush any pending
@@ -375,7 +375,7 @@
/*
-ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm));
+ZEXTERN int ZEXPORT inflateInit(z_streamp strm);
Initializes the internal stream state for decompression. The fields
next_in, avail_in, zalloc, zfree and opaque must be initialized before by
@@ -383,7 +383,8 @@
read or consumed. The allocation of a sliding window will be deferred to
the first call of inflate (if the decompression does not complete on the
first call). If zalloc and zfree are set to Z_NULL, inflateInit updates
- them to use default allocation functions.
+ them to use default allocation functions. total_in, total_out, adler, and
+ msg are initialized.
inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
@@ -397,7 +398,7 @@
*/
-ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush));
+ZEXTERN int ZEXPORT inflate(z_streamp strm, int flush);
/*
inflate decompresses as much data as possible, and stops when the input
buffer becomes empty or the output buffer becomes full. It may introduce
@@ -517,7 +518,7 @@
*/
-ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm));
+ZEXTERN int ZEXPORT inflateEnd(z_streamp strm);
/*
All dynamically allocated data structures for this stream are freed.
This function discards any unprocessed input and does not flush any pending
@@ -535,12 +536,12 @@
*/
/*
-ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm,
- int level,
- int method,
- int windowBits,
- int memLevel,
- int strategy));
+ZEXTERN int ZEXPORT deflateInit2(z_streamp strm,
+ int level,
+ int method,
+ int windowBits,
+ int memLevel,
+ int strategy);
This is another version of deflateInit with more compression options. The
fields zalloc, zfree and opaque must be initialized before by the caller.
@@ -607,9 +608,9 @@
compression: this will be done by deflate().
*/
-ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength));
+ZEXTERN int ZEXPORT deflateSetDictionary(z_streamp strm,
+ const Bytef *dictionary,
+ uInt dictLength);
/*
Initializes the compression dictionary from the given byte sequence
without producing any compressed output. When using the zlib format, this
@@ -651,9 +652,9 @@
not perform any compression: this will be done by deflate().
*/
-ZEXTERN int ZEXPORT deflateGetDictionary OF((z_streamp strm,
- Bytef *dictionary,
- uInt *dictLength));
+ZEXTERN int ZEXPORT deflateGetDictionary(z_streamp strm,
+ Bytef *dictionary,
+ uInt *dictLength);
/*
Returns the sliding dictionary being maintained by deflate. dictLength is
set to the number of bytes in the dictionary, and that many bytes are copied
@@ -673,8 +674,8 @@
stream state is inconsistent.
*/
-ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest,
- z_streamp source));
+ZEXTERN int ZEXPORT deflateCopy(z_streamp dest,
+ z_streamp source);
/*
Sets the destination stream as a complete copy of the source stream.
@@ -691,20 +692,20 @@
destination.
*/
-ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm));
+ZEXTERN int ZEXPORT deflateReset(z_streamp strm);
/*
This function is equivalent to deflateEnd followed by deflateInit, but
does not free and reallocate the internal compression state. The stream
will leave the compression level and any other attributes that may have been
- set unchanged.
+ set unchanged. total_in, total_out, adler, and msg are initialized.
deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
stream state was inconsistent (such as zalloc or state being Z_NULL).
*/
-ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm,
- int level,
- int strategy));
+ZEXTERN int ZEXPORT deflateParams(z_streamp strm,
+ int level,
+ int strategy);
/*
Dynamically update the compression level and compression strategy. The
interpretation of level and strategy is as in deflateInit2(). This can be
@@ -729,7 +730,7 @@
Then no more input data should be provided before the deflateParams() call.
If this is done, the old level and strategy will be applied to the data
compressed before deflateParams(), and the new level and strategy will be
- applied to the the data compressed after deflateParams().
+ applied to the data compressed after deflateParams().
deflateParams returns Z_OK on success, Z_STREAM_ERROR if the source stream
state was inconsistent or if a parameter was invalid, or Z_BUF_ERROR if
@@ -740,11 +741,11 @@
retried with more output space.
*/
-ZEXTERN int ZEXPORT deflateTune OF((z_streamp strm,
- int good_length,
- int max_lazy,
- int nice_length,
- int max_chain));
+ZEXTERN int ZEXPORT deflateTune(z_streamp strm,
+ int good_length,
+ int max_lazy,
+ int nice_length,
+ int max_chain);
/*
Fine tune deflate's internal compression parameters. This should only be
used by someone who understands the algorithm used by zlib's deflate for
@@ -757,8 +758,8 @@
returns Z_OK on success, or Z_STREAM_ERROR for an invalid deflate stream.
*/
-ZEXTERN uLong ZEXPORT deflateBound OF((z_streamp strm,
- uLong sourceLen));
+ZEXTERN uLong ZEXPORT deflateBound(z_streamp strm,
+ uLong sourceLen);
/*
deflateBound() returns an upper bound on the compressed size after
deflation of sourceLen bytes. It must be called after deflateInit() or
@@ -772,9 +773,9 @@
than Z_FINISH or Z_NO_FLUSH are used.
*/
-ZEXTERN int ZEXPORT deflatePending OF((z_streamp strm,
- unsigned *pending,
- int *bits));
+ZEXTERN int ZEXPORT deflatePending(z_streamp strm,
+ unsigned *pending,
+ int *bits);
/*
deflatePending() returns the number of bytes and bits of output that have
been generated, but not yet provided in the available output. The bytes not
@@ -787,9 +788,9 @@
stream state was inconsistent.
*/
-ZEXTERN int ZEXPORT deflatePrime OF((z_streamp strm,
- int bits,
- int value));
+ZEXTERN int ZEXPORT deflatePrime(z_streamp strm,
+ int bits,
+ int value);
/*
deflatePrime() inserts bits in the deflate output stream. The intent
is that this function is used to start off the deflate output with the bits
@@ -804,8 +805,8 @@
source stream state was inconsistent.
*/
-ZEXTERN int ZEXPORT deflateSetHeader OF((z_streamp strm,
- gz_headerp head));
+ZEXTERN int ZEXPORT deflateSetHeader(z_streamp strm,
+ gz_headerp head);
/*
deflateSetHeader() provides gzip header information for when a gzip
stream is requested by deflateInit2(). deflateSetHeader() may be called
@@ -821,16 +822,17 @@
gzip file" and give up.
If deflateSetHeader is not used, the default gzip header has text false,
- the time set to zero, and os set to 255, with no extra, name, or comment
- fields. The gzip header is returned to the default state by deflateReset().
+ the time set to zero, and os set to the current operating system, with no
+ extra, name, or comment fields. The gzip header is returned to the default
+ state by deflateReset().
deflateSetHeader returns Z_OK if success, or Z_STREAM_ERROR if the source
stream state was inconsistent.
*/
/*
-ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm,
- int windowBits));
+ZEXTERN int ZEXPORT inflateInit2(z_streamp strm,
+ int windowBits);
This is another version of inflateInit with an extra parameter. The
fields next_in, avail_in, zalloc, zfree and opaque must be initialized
@@ -883,9 +885,9 @@
deferred until inflate() is called.
*/
-ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength));
+ZEXTERN int ZEXPORT inflateSetDictionary(z_streamp strm,
+ const Bytef *dictionary,
+ uInt dictLength);
/*
Initializes the decompression dictionary from the given uncompressed byte
sequence. This function must be called immediately after a call of inflate,
@@ -906,9 +908,9 @@
inflate().
*/
-ZEXTERN int ZEXPORT inflateGetDictionary OF((z_streamp strm,
- Bytef *dictionary,
- uInt *dictLength));
+ZEXTERN int ZEXPORT inflateGetDictionary(z_streamp strm,
+ Bytef *dictionary,
+ uInt *dictLength);
/*
Returns the sliding dictionary being maintained by inflate. dictLength is
set to the number of bytes in the dictionary, and that many bytes are copied
@@ -921,7 +923,7 @@
stream state is inconsistent.
*/
-ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm));
+ZEXTERN int ZEXPORT inflateSync(z_streamp strm);
/*
Skips invalid compressed data until a possible full flush point (see above
for the description of deflate with Z_FULL_FLUSH) can be found, or until all
@@ -940,8 +942,8 @@
input each time, until success or end of the input data.
*/
-ZEXTERN int ZEXPORT inflateCopy OF((z_streamp dest,
- z_streamp source));
+ZEXTERN int ZEXPORT inflateCopy(z_streamp dest,
+ z_streamp source);
/*
Sets the destination stream as a complete copy of the source stream.
@@ -956,18 +958,19 @@
destination.
*/
-ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm));
+ZEXTERN int ZEXPORT inflateReset(z_streamp strm);
/*
This function is equivalent to inflateEnd followed by inflateInit,
but does not free and reallocate the internal decompression state. The
stream will keep attributes that may have been set by inflateInit2.
+ total_in, total_out, adler, and msg are initialized.
inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
stream state was inconsistent (such as zalloc or state being Z_NULL).
*/
-ZEXTERN int ZEXPORT inflateReset2 OF((z_streamp strm,
- int windowBits));
+ZEXTERN int ZEXPORT inflateReset2(z_streamp strm,
+ int windowBits);
/*
This function is the same as inflateReset, but it also permits changing
the wrap and window size requests. The windowBits parameter is interpreted
@@ -980,9 +983,9 @@
the windowBits parameter is invalid.
*/
-ZEXTERN int ZEXPORT inflatePrime OF((z_streamp strm,
- int bits,
- int value));
+ZEXTERN int ZEXPORT inflatePrime(z_streamp strm,
+ int bits,
+ int value);
/*
This function inserts bits in the inflate input stream. The intent is
that this function is used to start inflating at a bit position in the
@@ -1001,7 +1004,7 @@
stream state was inconsistent.
*/
-ZEXTERN long ZEXPORT inflateMark OF((z_streamp strm));
+ZEXTERN long ZEXPORT inflateMark(z_streamp strm);
/*
This function returns two values, one in the lower 16 bits of the return
value, and the other in the remaining upper bits, obtained by shifting the
@@ -1029,8 +1032,8 @@
source stream state was inconsistent.
*/
-ZEXTERN int ZEXPORT inflateGetHeader OF((z_streamp strm,
- gz_headerp head));
+ZEXTERN int ZEXPORT inflateGetHeader(z_streamp strm,
+ gz_headerp head);
/*
inflateGetHeader() requests that gzip header information be stored in the
provided gz_header structure. inflateGetHeader() may be called after
@@ -1070,8 +1073,8 @@
*/
/*
-ZEXTERN int ZEXPORT inflateBackInit OF((z_streamp strm, int windowBits,
- unsigned char FAR *window));
+ZEXTERN int ZEXPORT inflateBackInit(z_streamp strm, int windowBits,
+ unsigned char FAR *window);
Initialize the internal stream state for decompression using inflateBack()
calls. The fields zalloc, zfree and opaque in strm must be initialized
@@ -1091,13 +1094,13 @@
the version of the header file.
*/
-typedef unsigned (*in_func) OF((void FAR *,
- z_const unsigned char FAR * FAR *));
-typedef int (*out_func) OF((void FAR *, unsigned char FAR *, unsigned));
+typedef unsigned (*in_func)(void FAR *,
+ z_const unsigned char FAR * FAR *);
+typedef int (*out_func)(void FAR *, unsigned char FAR *, unsigned);
-ZEXTERN int ZEXPORT inflateBack OF((z_streamp strm,
- in_func in, void FAR *in_desc,
- out_func out, void FAR *out_desc));
+ZEXTERN int ZEXPORT inflateBack(z_streamp strm,
+ in_func in, void FAR *in_desc,
+ out_func out, void FAR *out_desc);
/*
inflateBack() does a raw inflate with a single call using a call-back
interface for input and output. This is potentially more efficient than
@@ -1165,7 +1168,7 @@
cannot return Z_OK.
*/
-ZEXTERN int ZEXPORT inflateBackEnd OF((z_streamp strm));
+ZEXTERN int ZEXPORT inflateBackEnd(z_streamp strm);
/*
All memory allocated by inflateBackInit() is freed.
@@ -1173,7 +1176,7 @@
state was inconsistent.
*/
-ZEXTERN uLong ZEXPORT zlibCompileFlags OF((void));
+ZEXTERN uLong ZEXPORT zlibCompileFlags(void);
/* Return flags indicating compile-time options.
Type sizes, two bits each, 00 = 16 bits, 01 = 32, 10 = 64, 11 = other:
@@ -1226,8 +1229,8 @@
you need special options.
*/
-ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen));
+ZEXTERN int ZEXPORT compress(Bytef *dest, uLongf *destLen,
+ const Bytef *source, uLong sourceLen);
/*
Compresses the source buffer into the destination buffer. sourceLen is
the byte length of the source buffer. Upon entry, destLen is the total size
@@ -1241,9 +1244,9 @@
buffer.
*/
-ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen,
- int level));
+ZEXTERN int ZEXPORT compress2(Bytef *dest, uLongf *destLen,
+ const Bytef *source, uLong sourceLen,
+ int level);
/*
Compresses the source buffer into the destination buffer. The level
parameter has the same meaning as in deflateInit. sourceLen is the byte
@@ -1257,15 +1260,15 @@
Z_STREAM_ERROR if the level parameter is invalid.
*/
-ZEXTERN uLong ZEXPORT compressBound OF((uLong sourceLen));
+ZEXTERN uLong ZEXPORT compressBound(uLong sourceLen);
/*
compressBound() returns an upper bound on the compressed size after
compress() or compress2() on sourceLen bytes. It would be used before a
compress() or compress2() call to allocate the destination buffer.
*/
-ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen));
+ZEXTERN int ZEXPORT uncompress(Bytef *dest, uLongf *destLen,
+ const Bytef *source, uLong sourceLen);
/*
Decompresses the source buffer into the destination buffer. sourceLen is
the byte length of the source buffer. Upon entry, destLen is the total size
@@ -1282,8 +1285,8 @@
buffer with the uncompressed data up to that point.
*/
-ZEXTERN int ZEXPORT uncompress2 OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong *sourceLen));
+ZEXTERN int ZEXPORT uncompress2(Bytef *dest, uLongf *destLen,
+ const Bytef *source, uLong *sourceLen);
/*
Same as uncompress, except that sourceLen is a pointer, where the
length of the source is *sourceLen. On return, *sourceLen is the number of
@@ -1302,7 +1305,7 @@
typedef struct gzFile_s *gzFile; /* semi-opaque gzip file descriptor */
/*
-ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode));
+ZEXTERN gzFile ZEXPORT gzopen(const char *path, const char *mode);
Open the gzip (.gz) file at path for reading and decompressing, or
compressing and writing. The mode parameter is as in fopen ("rb" or "wb")
@@ -1339,7 +1342,7 @@
file could not be opened.
*/
-ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode));
+ZEXTERN gzFile ZEXPORT gzdopen(int fd, const char *mode);
/*
Associate a gzFile with the file descriptor fd. File descriptors are
obtained from calls like open, dup, creat, pipe or fileno (if the file has
@@ -1362,7 +1365,7 @@
will not detect if fd is invalid (unless fd is -1).
*/
-ZEXTERN int ZEXPORT gzbuffer OF((gzFile file, unsigned size));
+ZEXTERN int ZEXPORT gzbuffer(gzFile file, unsigned size);
/*
Set the internal buffer size used by this library's functions for file to
size. The default buffer size is 8192 bytes. This function must be called
@@ -1378,7 +1381,7 @@
too late.
*/
-ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy));
+ZEXTERN int ZEXPORT gzsetparams(gzFile file, int level, int strategy);
/*
Dynamically update the compression level and strategy for file. See the
description of deflateInit2 for the meaning of these parameters. Previously
@@ -1389,7 +1392,7 @@
or Z_MEM_ERROR if there is a memory allocation error.
*/
-ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len));
+ZEXTERN int ZEXPORT gzread(gzFile file, voidp buf, unsigned len);
/*
Read and decompress up to len uncompressed bytes from file into buf. If
the input file is not in gzip format, gzread copies the given number of
@@ -1419,8 +1422,8 @@
Z_STREAM_ERROR.
*/
-ZEXTERN z_size_t ZEXPORT gzfread OF((voidp buf, z_size_t size, z_size_t nitems,
- gzFile file));
+ZEXTERN z_size_t ZEXPORT gzfread(voidp buf, z_size_t size, z_size_t nitems,
+ gzFile file);
/*
Read and decompress up to nitems items of size size from file into buf,
otherwise operating as gzread() does. This duplicates the interface of
@@ -1445,14 +1448,14 @@
file, resetting and retrying on end-of-file, when size is not 1.
*/
-ZEXTERN int ZEXPORT gzwrite OF((gzFile file, voidpc buf, unsigned len));
+ZEXTERN int ZEXPORT gzwrite(gzFile file, voidpc buf, unsigned len);
/*
Compress and write the len uncompressed bytes at buf to file. gzwrite
returns the number of uncompressed bytes written or 0 in case of error.
*/
-ZEXTERN z_size_t ZEXPORT gzfwrite OF((voidpc buf, z_size_t size,
- z_size_t nitems, gzFile file));
+ZEXTERN z_size_t ZEXPORT gzfwrite(voidpc buf, z_size_t size,
+ z_size_t nitems, gzFile file);
/*
Compress and write nitems items of size size from buf to file, duplicating
the interface of stdio's fwrite(), with size_t request and return types. If
@@ -1465,7 +1468,7 @@
is returned, and the error state is set to Z_STREAM_ERROR.
*/
-ZEXTERN int ZEXPORTVA gzprintf Z_ARG((gzFile file, const char *format, ...));
+ZEXTERN int ZEXPORTVA gzprintf(gzFile file, const char *format, ...);
/*
Convert, format, compress, and write the arguments (...) to file under
control of the string format, as in fprintf. gzprintf returns the number of
@@ -1480,7 +1483,7 @@
This can be determined using zlibCompileFlags().
*/
-ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s));
+ZEXTERN int ZEXPORT gzputs(gzFile file, const char *s);
/*
Compress and write the given null-terminated string s to file, excluding
the terminating null character.
@@ -1488,7 +1491,7 @@
gzputs returns the number of characters written, or -1 in case of error.
*/
-ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len));
+ZEXTERN char * ZEXPORT gzgets(gzFile file, char *buf, int len);
/*
Read and decompress bytes from file into buf, until len-1 characters are
read, or until a newline character is read and transferred to buf, or an
@@ -1502,13 +1505,13 @@
buf are indeterminate.
*/
-ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c));
+ZEXTERN int ZEXPORT gzputc(gzFile file, int c);
/*
Compress and write c, converted to an unsigned char, into file. gzputc
returns the value that was written, or -1 in case of error.
*/
-ZEXTERN int ZEXPORT gzgetc OF((gzFile file));
+ZEXTERN int ZEXPORT gzgetc(gzFile file);
/*
Read and decompress one byte from file. gzgetc returns this byte or -1
in case of end of file or error. This is implemented as a macro for speed.
@@ -1517,7 +1520,7 @@
points to has been clobbered or not.
*/
-ZEXTERN int ZEXPORT gzungetc OF((int c, gzFile file));
+ZEXTERN int ZEXPORT gzungetc(int c, gzFile file);
/*
Push c back onto the stream for file to be read as the first character on
the next read. At least one character of push-back is always allowed.
@@ -1529,7 +1532,7 @@
gzseek() or gzrewind().
*/
-ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush));
+ZEXTERN int ZEXPORT gzflush(gzFile file, int flush);
/*
Flush all pending output to file. The parameter flush is as in the
deflate() function. The return value is the zlib error number (see function
@@ -1545,8 +1548,8 @@
*/
/*
-ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file,
- z_off_t offset, int whence));
+ZEXTERN z_off_t ZEXPORT gzseek(gzFile file,
+ z_off_t offset, int whence);
Set the starting position to offset relative to whence for the next gzread
or gzwrite on file. The offset represents a number of bytes in the
@@ -1564,7 +1567,7 @@
would be before the current position.
*/
-ZEXTERN int ZEXPORT gzrewind OF((gzFile file));
+ZEXTERN int ZEXPORT gzrewind(gzFile file);
/*
Rewind file. This function is supported only for reading.
@@ -1572,7 +1575,7 @@
*/
/*
-ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file));
+ZEXTERN z_off_t ZEXPORT gztell(gzFile file);
Return the starting position for the next gzread or gzwrite on file.
This position represents a number of bytes in the uncompressed data stream,
@@ -1583,7 +1586,7 @@
*/
/*
-ZEXTERN z_off_t ZEXPORT gzoffset OF((gzFile file));
+ZEXTERN z_off_t ZEXPORT gzoffset(gzFile file);
Return the current compressed (actual) read or write offset of file. This
offset includes the count of bytes that precede the gzip stream, for example
@@ -1592,7 +1595,7 @@
be used for a progress indicator. On error, gzoffset() returns -1.
*/
-ZEXTERN int ZEXPORT gzeof OF((gzFile file));
+ZEXTERN int ZEXPORT gzeof(gzFile file);
/*
Return true (1) if the end-of-file indicator for file has been set while
reading, false (0) otherwise. Note that the end-of-file indicator is set
@@ -1607,7 +1610,7 @@
has grown since the previous end of file was detected.
*/
-ZEXTERN int ZEXPORT gzdirect OF((gzFile file));
+ZEXTERN int ZEXPORT gzdirect(gzFile file);
/*
Return true (1) if file is being copied directly while reading, or false
(0) if file is a gzip stream being decompressed.
@@ -1628,7 +1631,7 @@
gzip file reading and decompression, which may not be desired.)
*/
-ZEXTERN int ZEXPORT gzclose OF((gzFile file));
+ZEXTERN int ZEXPORT gzclose(gzFile file);
/*
Flush all pending output for file, if necessary, close file and
deallocate the (de)compression state. Note that once file is closed, you
@@ -1641,8 +1644,8 @@
last read ended in the middle of a gzip stream, or Z_OK on success.
*/
-ZEXTERN int ZEXPORT gzclose_r OF((gzFile file));
-ZEXTERN int ZEXPORT gzclose_w OF((gzFile file));
+ZEXTERN int ZEXPORT gzclose_r(gzFile file);
+ZEXTERN int ZEXPORT gzclose_w(gzFile file);
/*
Same as gzclose(), but gzclose_r() is only for use when reading, and
gzclose_w() is only for use when writing or appending. The advantage to
@@ -1653,7 +1656,7 @@
zlib library.
*/
-ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum));
+ZEXTERN const char * ZEXPORT gzerror(gzFile file, int *errnum);
/*
Return the error message for the last error which occurred on file.
errnum is set to zlib error number. If an error occurred in the file system
@@ -1669,7 +1672,7 @@
functions above that do not distinguish those cases in their return values.
*/
-ZEXTERN void ZEXPORT gzclearerr OF((gzFile file));
+ZEXTERN void ZEXPORT gzclearerr(gzFile file);
/*
Clear the error and end-of-file flags for file. This is analogous to the
clearerr() function in stdio. This is useful for continuing to read a gzip
@@ -1686,7 +1689,7 @@
library.
*/
-ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len));
+ZEXTERN uLong ZEXPORT adler32(uLong adler, const Bytef *buf, uInt len);
/*
Update a running Adler-32 checksum with the bytes buf[0..len-1] and
return the updated checksum. An Adler-32 value is in the range of a 32-bit
@@ -1706,15 +1709,15 @@
if (adler != original_adler) error();
*/
-ZEXTERN uLong ZEXPORT adler32_z OF((uLong adler, const Bytef *buf,
- z_size_t len));
+ZEXTERN uLong ZEXPORT adler32_z(uLong adler, const Bytef *buf,
+ z_size_t len);
/*
Same as adler32(), but with a size_t length.
*/
/*
-ZEXTERN uLong ZEXPORT adler32_combine OF((uLong adler1, uLong adler2,
- z_off_t len2));
+ZEXTERN uLong ZEXPORT adler32_combine(uLong adler1, uLong adler2,
+ z_off_t len2);
Combine two Adler-32 checksums into one. For two sequences of bytes, seq1
and seq2 with lengths len1 and len2, Adler-32 checksums were calculated for
@@ -1724,7 +1727,7 @@
negative, the result has no meaning or utility.
*/
-ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len));
+ZEXTERN uLong ZEXPORT crc32(uLong crc, const Bytef *buf, uInt len);
/*
Update a running CRC-32 with the bytes buf[0..len-1] and return the
updated CRC-32. A CRC-32 value is in the range of a 32-bit unsigned integer.
@@ -1742,14 +1745,14 @@
if (crc != original_crc) error();
*/
-ZEXTERN uLong ZEXPORT crc32_z OF((uLong crc, const Bytef *buf,
- z_size_t len));
+ZEXTERN uLong ZEXPORT crc32_z(uLong crc, const Bytef *buf,
+ z_size_t len);
/*
Same as crc32(), but with a size_t length.
*/
/*
-ZEXTERN uLong ZEXPORT crc32_combine OF((uLong crc1, uLong crc2, z_off_t len2));
+ZEXTERN uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2);
Combine two CRC-32 check values into one. For two sequences of bytes,
seq1 and seq2 with lengths len1 and len2, CRC-32 check values were
@@ -1759,13 +1762,13 @@
*/
/*
-ZEXTERN uLong ZEXPORT crc32_combine_gen OF((z_off_t len2));
+ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t len2);
Return the operator corresponding to length len2, to be used with
crc32_combine_op().
*/
-ZEXTERN uLong ZEXPORT crc32_combine_op OF((uLong crc1, uLong crc2, uLong op));
+ZEXTERN uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op);
/*
Give the same result as crc32_combine(), using op in place of len2. op is
is generated from len2 by crc32_combine_gen(). This will be faster than
@@ -1778,20 +1781,20 @@
/* deflateInit and inflateInit are macros to allow checking the zlib version
* and the compiler's view of z_stream:
*/
-ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level,
- const char *version, int stream_size));
-ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm,
- const char *version, int stream_size));
-ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method,
- int windowBits, int memLevel,
- int strategy, const char *version,
- int stream_size));
-ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits,
- const char *version, int stream_size));
-ZEXTERN int ZEXPORT inflateBackInit_ OF((z_streamp strm, int windowBits,
- unsigned char FAR *window,
- const char *version,
- int stream_size));
+ZEXTERN int ZEXPORT deflateInit_(z_streamp strm, int level,
+ const char *version, int stream_size);
+ZEXTERN int ZEXPORT inflateInit_(z_streamp strm,
+ const char *version, int stream_size);
+ZEXTERN int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
+ int windowBits, int memLevel,
+ int strategy, const char *version,
+ int stream_size);
+ZEXTERN int ZEXPORT inflateInit2_(z_streamp strm, int windowBits,
+ const char *version, int stream_size);
+ZEXTERN int ZEXPORT inflateBackInit_(z_streamp strm, int windowBits,
+ unsigned char FAR *window,
+ const char *version,
+ int stream_size);
#ifdef Z_PREFIX_SET
# define z_deflateInit(strm, level) \
deflateInit_((strm), (level), ZLIB_VERSION, (int)sizeof(z_stream))
@@ -1836,7 +1839,7 @@
unsigned char *next;
z_off64_t pos;
};
-ZEXTERN int ZEXPORT gzgetc_ OF((gzFile file)); /* backward compatibility */
+ZEXTERN int ZEXPORT gzgetc_(gzFile file); /* backward compatibility */
#ifdef Z_PREFIX_SET
# undef z_gzgetc
# define z_gzgetc(g) \
@@ -1853,13 +1856,13 @@
* without large file support, _LFS64_LARGEFILE must also be true
*/
#ifdef Z_LARGE64
- ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *));
- ZEXTERN z_off64_t ZEXPORT gzseek64 OF((gzFile, z_off64_t, int));
- ZEXTERN z_off64_t ZEXPORT gztell64 OF((gzFile));
- ZEXTERN z_off64_t ZEXPORT gzoffset64 OF((gzFile));
- ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off64_t));
- ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off64_t));
- ZEXTERN uLong ZEXPORT crc32_combine_gen64 OF((z_off64_t));
+ ZEXTERN gzFile ZEXPORT gzopen64(const char *, const char *);
+ ZEXTERN z_off64_t ZEXPORT gzseek64(gzFile, z_off64_t, int);
+ ZEXTERN z_off64_t ZEXPORT gztell64(gzFile);
+ ZEXTERN z_off64_t ZEXPORT gzoffset64(gzFile);
+ ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off64_t);
+ ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off64_t);
+ ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off64_t);
#endif
#if !defined(ZLIB_INTERNAL) && defined(Z_WANT64)
@@ -1881,50 +1884,50 @@
# define crc32_combine_gen crc32_combine_gen64
# endif
# ifndef Z_LARGE64
- ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *));
- ZEXTERN z_off_t ZEXPORT gzseek64 OF((gzFile, z_off_t, int));
- ZEXTERN z_off_t ZEXPORT gztell64 OF((gzFile));
- ZEXTERN z_off_t ZEXPORT gzoffset64 OF((gzFile));
- ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine_gen64 OF((z_off_t));
+ ZEXTERN gzFile ZEXPORT gzopen64(const char *, const char *);
+ ZEXTERN z_off_t ZEXPORT gzseek64(gzFile, z_off_t, int);
+ ZEXTERN z_off_t ZEXPORT gztell64(gzFile);
+ ZEXTERN z_off_t ZEXPORT gzoffset64(gzFile);
+ ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off_t);
# endif
#else
- ZEXTERN gzFile ZEXPORT gzopen OF((const char *, const char *));
- ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile, z_off_t, int));
- ZEXTERN z_off_t ZEXPORT gztell OF((gzFile));
- ZEXTERN z_off_t ZEXPORT gzoffset OF((gzFile));
- ZEXTERN uLong ZEXPORT adler32_combine OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine_gen OF((z_off_t));
+ ZEXTERN gzFile ZEXPORT gzopen(const char *, const char *);
+ ZEXTERN z_off_t ZEXPORT gzseek(gzFile, z_off_t, int);
+ ZEXTERN z_off_t ZEXPORT gztell(gzFile);
+ ZEXTERN z_off_t ZEXPORT gzoffset(gzFile);
+ ZEXTERN uLong ZEXPORT adler32_combine(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t);
#endif
#else /* Z_SOLO */
- ZEXTERN uLong ZEXPORT adler32_combine OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine_gen OF((z_off_t));
+ ZEXTERN uLong ZEXPORT adler32_combine(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t);
#endif /* !Z_SOLO */
/* undocumented functions */
-ZEXTERN const char * ZEXPORT zError OF((int));
-ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp));
-ZEXTERN const z_crc_t FAR * ZEXPORT get_crc_table OF((void));
-ZEXTERN int ZEXPORT inflateUndermine OF((z_streamp, int));
-ZEXTERN int ZEXPORT inflateValidate OF((z_streamp, int));
-ZEXTERN unsigned long ZEXPORT inflateCodesUsed OF((z_streamp));
-ZEXTERN int ZEXPORT inflateResetKeep OF((z_streamp));
-ZEXTERN int ZEXPORT deflateResetKeep OF((z_streamp));
+ZEXTERN const char * ZEXPORT zError(int);
+ZEXTERN int ZEXPORT inflateSyncPoint(z_streamp);
+ZEXTERN const z_crc_t FAR * ZEXPORT get_crc_table(void);
+ZEXTERN int ZEXPORT inflateUndermine(z_streamp, int);
+ZEXTERN int ZEXPORT inflateValidate(z_streamp, int);
+ZEXTERN unsigned long ZEXPORT inflateCodesUsed(z_streamp);
+ZEXTERN int ZEXPORT inflateResetKeep(z_streamp);
+ZEXTERN int ZEXPORT deflateResetKeep(z_streamp);
#if defined(_WIN32) && !defined(Z_SOLO)
-ZEXTERN gzFile ZEXPORT gzopen_w OF((const wchar_t *path,
- const char *mode));
+ZEXTERN gzFile ZEXPORT gzopen_w(const wchar_t *path,
+ const char *mode);
#endif
#if defined(STDC) || defined(Z_HAVE_STDARG_H)
# ifndef Z_SOLO
-ZEXTERN int ZEXPORTVA gzvprintf Z_ARG((gzFile file,
- const char *format,
- va_list va));
+ZEXTERN int ZEXPORTVA gzvprintf(gzFile file,
+ const char *format,
+ va_list va);
# endif
#endif
diff --git a/lib/zlib/zutil.c b/lib/zlib/zutil.c
index 9543ae8..b1c5d2d 100644
--- a/lib/zlib/zutil.c
+++ b/lib/zlib/zutil.c
@@ -24,13 +24,11 @@
};
-const char * ZEXPORT zlibVersion()
-{
+const char * ZEXPORT zlibVersion(void) {
return ZLIB_VERSION;
}
-uLong ZEXPORT zlibCompileFlags()
-{
+uLong ZEXPORT zlibCompileFlags(void) {
uLong flags;
flags = 0;
@@ -121,9 +119,7 @@
# endif
int ZLIB_INTERNAL z_verbose = verbose;
-void ZLIB_INTERNAL z_error(m)
- char *m;
-{
+void ZLIB_INTERNAL z_error(char *m) {
fprintf(stderr, "%s\n", m);
exit(1);
}
@@ -132,9 +128,7 @@
/* exported to allow conversion of error code to string for compress() and
* uncompress()
*/
-const char * ZEXPORT zError(err)
- int err;
-{
+const char * ZEXPORT zError(int err) {
return ERR_MSG(err);
}
@@ -148,22 +142,14 @@
#ifndef HAVE_MEMCPY
-void ZLIB_INTERNAL zmemcpy(dest, source, len)
- Bytef* dest;
- const Bytef* source;
- uInt len;
-{
+void ZLIB_INTERNAL zmemcpy(Bytef* dest, const Bytef* source, uInt len) {
if (len == 0) return;
do {
*dest++ = *source++; /* ??? to be unrolled */
} while (--len != 0);
}
-int ZLIB_INTERNAL zmemcmp(s1, s2, len)
- const Bytef* s1;
- const Bytef* s2;
- uInt len;
-{
+int ZLIB_INTERNAL zmemcmp(const Bytef* s1, const Bytef* s2, uInt len) {
uInt j;
for (j = 0; j < len; j++) {
@@ -172,10 +158,7 @@
return 0;
}
-void ZLIB_INTERNAL zmemzero(dest, len)
- Bytef* dest;
- uInt len;
-{
+void ZLIB_INTERNAL zmemzero(Bytef* dest, uInt len) {
if (len == 0) return;
do {
*dest++ = 0; /* ??? to be unrolled */
@@ -216,8 +199,7 @@
* a protected system like OS/2. Use Microsoft C instead.
*/
-voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items, unsigned size)
-{
+voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items, unsigned size) {
voidpf buf;
ulg bsize = (ulg)items*size;
@@ -242,8 +224,7 @@
return buf;
}
-void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr)
-{
+void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr) {
int n;
(void)opaque;
@@ -279,14 +260,12 @@
# define _hfree hfree
#endif
-voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, uInt items, uInt size)
-{
+voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, uInt items, uInt size) {
(void)opaque;
return _halloc((long)items, size);
}
-void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr)
-{
+void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr) {
(void)opaque;
_hfree(ptr);
}
@@ -299,25 +278,18 @@
#ifndef MY_ZCALLOC /* Any system without a special alloc function */
#ifndef STDC
-extern voidp malloc OF((uInt size));
-extern voidp calloc OF((uInt items, uInt size));
-extern void free OF((voidpf ptr));
+extern voidp malloc(uInt size);
+extern voidp calloc(uInt items, uInt size);
+extern void free(voidpf ptr);
#endif
-voidpf ZLIB_INTERNAL zcalloc(opaque, items, size)
- voidpf opaque;
- unsigned items;
- unsigned size;
-{
+voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items, unsigned size) {
(void)opaque;
return sizeof(uInt) > 2 ? (voidpf)malloc(items * size) :
(voidpf)calloc(items, size);
}
-void ZLIB_INTERNAL zcfree(opaque, ptr)
- voidpf opaque;
- voidpf ptr;
-{
+void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr) {
(void)opaque;
free(ptr);
}
diff --git a/lib/zlib/zutil.h b/lib/zlib/zutil.h
index 0bc7f4e..902a304 100644
--- a/lib/zlib/zutil.h
+++ b/lib/zlib/zutil.h
@@ -191,9 +191,9 @@
/* provide prototypes for these when building zlib without LFS */
#if !defined(_WIN32) && \
(!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0)
- ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off_t));
- ZEXTERN uLong ZEXPORT crc32_combine_gen64 OF((z_off_t));
+ ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off_t);
+ ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off_t);
#endif
/* common defaults */
@@ -232,16 +232,16 @@
# define zmemzero(dest, len) memset(dest, 0, len)
# endif
#else
- void ZLIB_INTERNAL zmemcpy OF((Bytef* dest, const Bytef* source, uInt len));
- int ZLIB_INTERNAL zmemcmp OF((const Bytef* s1, const Bytef* s2, uInt len));
- void ZLIB_INTERNAL zmemzero OF((Bytef* dest, uInt len));
+ void ZLIB_INTERNAL zmemcpy(Bytef* dest, const Bytef* source, uInt len);
+ int ZLIB_INTERNAL zmemcmp(const Bytef* s1, const Bytef* s2, uInt len);
+ void ZLIB_INTERNAL zmemzero(Bytef* dest, uInt len);
#endif
/* Diagnostic functions */
#ifdef ZLIB_DEBUG
# include <stdio.h>
extern int ZLIB_INTERNAL z_verbose;
- extern void ZLIB_INTERNAL z_error OF((char *m));
+ extern void ZLIB_INTERNAL z_error(char *m);
# define Assert(cond,msg) {if(!(cond)) z_error(msg);}
# define Trace(x) {if (z_verbose>=0) fprintf x ;}
# define Tracev(x) {if (z_verbose>0) fprintf x ;}
@@ -258,9 +258,9 @@
#endif
#ifndef Z_SOLO
- voidpf ZLIB_INTERNAL zcalloc OF((voidpf opaque, unsigned items,
- unsigned size));
- void ZLIB_INTERNAL zcfree OF((voidpf opaque, voidpf ptr));
+ voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items,
+ unsigned size);
+ void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr);
#endif
#define ZALLOC(strm, items, size) \
diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk
index 71cf18b..08a6046 100644
--- a/make_helpers/build_macros.mk
+++ b/make_helpers/build_macros.mk
@@ -573,7 +573,7 @@
$(LDPATHS) $(LIBWRAPPER) $(LDLIBS) $(BL_LIBS) \
$(BUILD_DIR)/build_message.o $(OBJS)
else ifneq ($(findstring gcc,$(notdir $(LD))),)
- $$(Q)$$(LD) -o $$@ $$(TF_LDFLAGS) $$(LDFLAGS) -Wl,-Map=$(MAPFILE) \
+ $$(Q)$$(LD) -o $$@ $$(TF_LDFLAGS) $$(LDFLAGS) $(BL_LDFLAGS) -Wl,-Map=$(MAPFILE) \
$(addprefix -Wl$(comma)--script$(comma),$(LINKER_SCRIPTS)) -Wl,--script,$(DEFAULT_LINKER_SCRIPT) \
$(BUILD_DIR)/build_message.o \
$(OBJS) $(LDPATHS) $(LIBWRAPPER) $(LDLIBS) $(BL_LIBS)
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index e02917c..8829fcb 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -150,6 +150,10 @@
# Enable Handoff protocol using transfer lists
TRANSFER_LIST := 0
+# Enables support for the gcc compiler option "-mharden-sls=all".
+# By default, disables all SLS hardening.
+HARDEN_SLS := 0
+
# Secure hash algorithm flag, accepts 3 values: sha256, sha384 and sha512.
# The default value is sha256.
HASH_ALG := sha256
@@ -347,9 +351,6 @@
# Disable Firmware update support by default
PSA_FWU_SUPPORT := 0
-# By default, disable the mocking of RSS provided services
-PLAT_RSS_NOT_SUPPORTED := 0
-
# Dynamic Root of Trust for Measurement support
DRTM_SUPPORT := 0
@@ -367,3 +368,9 @@
# Disabled by default because it constitutes an attack vector into TF-A. It
# should only be enabled if there is a use case for it.
ENABLE_CONSOLE_GETC := 0
+
+# Build option to disable EL2 when it is not used.
+# Most platforms switch from EL3 to NS-EL2 and hence the unused NS-EL2
+# functions must be enabled by platforms if they require it.
+# Disabled by default.
+INIT_UNUSED_NS_EL2 := 0
diff --git a/package-lock.json b/package-lock.json
index e23f9a4..e43fa65 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "trusted-firmware-a",
- "version": "2.9.0",
+ "version": "2.10.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "trusted-firmware-a",
- "version": "2.9.0",
+ "version": "2.10.0",
"hasInstallScript": true,
"license": "BSD-3-Clause",
"devDependencies": {
diff --git a/package.json b/package.json
index 8b724dae..1c557fd 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "trusted-firmware-a",
- "version": "2.9.0",
+ "version": "2.10.0",
"license": "BSD-3-Clause",
"private": true,
"scripts": {
diff --git a/plat/arm/board/common/board_arm_trusted_boot.c b/plat/arm/board/common/board_arm_trusted_boot.c
index c4f15dd..655a4d2 100644
--- a/plat/arm/board/common/board_arm_trusted_boot.c
+++ b/plat/arm/board/common/board_arm_trusted_boot.c
@@ -9,7 +9,6 @@
#include <string.h>
#include <common/debug.h>
-#include <drivers/arm/cryptocell/cc_rotpk.h>
#include <drivers/delay_timer.h>
#include <lib/cassert.h>
#include <lib/fconf/fconf.h>
@@ -27,11 +26,9 @@
#include <plat/arm/common/plat_arm.h>
#include <platform_def.h>
-#if !ARM_CRYPTOCELL_INTEG
#if !ARM_ROTPK_LOCATION_ID
#error "ARM_ROTPK_LOCATION_ID not defined"
#endif
-#endif
#if COT_DESC_IN_DTB && defined(IMAGE_BL2)
uintptr_t nv_cntr_base_addr[MAX_NV_CTR_IDS];
@@ -50,7 +47,7 @@
extern unsigned char arm_rotpk_header[], arm_rotpk_key[], arm_rotpk_hash_end[],
arm_rotpk_key_end[];
-#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID) || ARM_CRYPTOCELL_INTEG
+#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
static unsigned char rotpk_hash_der[ARM_ROTPK_HEADER_LEN + ARM_ROTPK_HASH_LEN];
#endif
@@ -117,38 +114,12 @@
}
#endif
-#if ARM_CRYPTOCELL_INTEG
-/*
- * Return ROTPK hash from CryptoCell.
- */
-int arm_get_rotpk_info_cc(void **key_ptr, unsigned int *key_len,
- unsigned int *flags)
-{
- unsigned char *dst;
-
- assert(key_ptr != NULL);
- assert(key_len != NULL);
- assert(flags != NULL);
-
- /* Copy the DER header */
- memcpy(rotpk_hash_der, arm_rotpk_header, ARM_ROTPK_HEADER_LEN);
- dst = &rotpk_hash_der[ARM_ROTPK_HEADER_LEN];
- *key_ptr = rotpk_hash_der;
- *key_len = sizeof(rotpk_hash_der);
- return cc_get_rotpk_hash(dst, ARM_ROTPK_HASH_LEN, flags);
-}
-#endif
-
/*
* Wrapper function for most Arm platforms to get ROTPK info.
*/
static int get_rotpk_info(void **key_ptr, unsigned int *key_len,
unsigned int *flags)
{
-#if ARM_CRYPTOCELL_INTEG
- return arm_get_rotpk_info_cc(key_ptr, key_len, flags);
-#else
-
#if ARM_USE_DEVEL_ROTPK
return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
#elif (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
@@ -156,7 +127,6 @@
#else
return 1;
#endif
-#endif /* ARM_CRYPTOCELL_INTEG */
}
#if defined(ARM_COT_tbbr)
diff --git a/plat/arm/board/common/board_common.mk b/plat/arm/board/common/board_common.mk
index cbdbf70..365a960 100644
--- a/plat/arm/board/common/board_common.mk
+++ b/plat/arm/board/common/board_common.mk
@@ -13,7 +13,7 @@
ifneq (${TRUSTED_BOARD_BOOT},0)
ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_dev_rotpk.S
-ifneq (${ARM_CRYPTOCELL_INTEG}, 1)
+
# ROTPK hash location
ifeq (${ARM_ROTPK_LOCATION}, regs)
ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID
@@ -79,13 +79,7 @@
# On others, we mock it by aliasing it to the Trusted Firmware Non-Volatile counter,
# hence we set both counters to the same default value.
CCAFW_NVCTR_VAL ?= 31
-else
-# Certificate NV-Counters when CryptoCell is integrated. For development
-# platforms we set the counter to first valid value.
-TFW_NVCTR_VAL ?= 0
-NTFW_NVCTR_VAL ?= 0
-CCAFW_NVCTR_VAL ?= 0
-endif
+
BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
${ARM_ROTPK_S}
BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
diff --git a/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts b/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts
index e159248..ee6c260 100644
--- a/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts
+++ b/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts
@@ -20,7 +20,7 @@
attribute {
spmc_id = <0x8000>;
maj_ver = <0x1>;
- min_ver = <0x1>;
+ min_ver = <0x2>;
exec_state = <0x0>;
load_address = <0x0 0x6000000>;
entrypoint = <0x0 0x6000000>;
diff --git a/plat/arm/board/fvp/fdts/fvp_spmc_optee_sp_manifest.dts b/plat/arm/board/fvp/fdts/fvp_spmc_optee_sp_manifest.dts
index 041dade..17a2fd1 100644
--- a/plat/arm/board/fvp/fdts/fvp_spmc_optee_sp_manifest.dts
+++ b/plat/arm/board/fvp/fdts/fvp_spmc_optee_sp_manifest.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -20,7 +20,7 @@
attribute {
spmc_id = <0x8000>;
maj_ver = <0x1>;
- min_ver = <0x1>;
+ min_ver = <0x2>;
exec_state = <0x0>;
load_address = <0x0 0x6000000>;
entrypoint = <0x0 0x6000000>;
diff --git a/plat/arm/board/fvp/fvp_common_measured_boot.c b/plat/arm/board/fvp/fvp_common_measured_boot.c
index 0c1d5e7..d56f510 100644
--- a/plat/arm/board/fvp/fvp_common_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_common_measured_boot.c
@@ -19,7 +19,6 @@
int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
{
int err;
- int rc = 0;
/* Calculate image hash and record data in Event Log */
err = event_log_measure_and_record(image_data->image_base,
@@ -29,26 +28,14 @@
if (err != 0) {
ERROR("%s%s image id %u (%i)\n",
"Failed to ", "record in event log", image_id, err);
- rc = err;
+ return err;
}
- /* Calculate image hash and record data in RSS */
- err = rss_mboot_measure_and_record(fvp_rss_mboot_metadata,
- image_data->image_base,
- image_data->image_size,
- image_id);
- if (err != 0) {
- ERROR("%s%s image id %u (%i)\n",
- "Failed to ", "record in RSS", image_id, err);
- rc = (rc == 0) ? err : -1;
- }
-
- return rc;
+ return 0;
}
int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr,
size_t pk_len)
{
- return rss_mboot_set_signer_id(fvp_rss_mboot_metadata, pk_oid, pk_ptr,
- pk_len);
+ return 0;
}
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index 2fdff34..df26dd7 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -440,10 +440,6 @@
override BL1_SOURCES =
endif
-# RSS is not supported on FVP right now. Thus, we use the mocked version
-# of the provided PSA APIs. They return with success and hard-coded token/key.
-PLAT_RSS_NOT_SUPPORTED := 1
-
# Include Measured Boot makefile before any Crypto library makefile.
# Crypto library makefile may need default definitions of Measured Boot build
# flags present in Measured Boot makefile.
@@ -471,23 +467,6 @@
BL2_SOURCES += plat/arm/board/fvp/fvp_common_measured_boot.c \
plat/arm/board/fvp/fvp_bl2_measured_boot.c \
lib/psa/measured_boot.c
-
-# Even though RSS is not supported on FVP (see above), we support overriding
-# PLAT_RSS_NOT_SUPPORTED from the command line, just for the purpose of building
-# the code to detect any build regressions. The resulting firmware will not be
-# functional.
-ifneq (${PLAT_RSS_NOT_SUPPORTED},1)
- $(warning "RSS is not supported on FVP. The firmware will not be functional.")
- include drivers/arm/rss/rss_comms.mk
- BL1_SOURCES += ${RSS_COMMS_SOURCES}
- BL2_SOURCES += ${RSS_COMMS_SOURCES}
- BL31_SOURCES += ${RSS_COMMS_SOURCES}
-
- BL1_CFLAGS += -DPLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0
- BL2_CFLAGS += -DPLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0
- BL31_CFLAGS += -DPLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0
-endif
-
endif
ifeq (${DRTM_SUPPORT}, 1)
diff --git a/plat/arm/board/fvp_r/fvp_r_bl1_setup.c b/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
index a642929..6a7c0c8 100644
--- a/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
+++ b/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
@@ -105,9 +105,6 @@
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
-#if ARM_CRYPTOCELL_INTEG
- ARM_MAP_BL_COHERENT_RAM,
-#endif
/* DRAM1_region: */
MAP_REGION_FLAT(
PLAT_ARM_DRAM1_BASE,
diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h
index aa96038..5c9a7a3 100644
--- a/plat/arm/board/juno/include/platform_def.h
+++ b/plat/arm/board/juno/include/platform_def.h
@@ -32,9 +32,6 @@
#define PLATFORM_CORE_COUNT (JUNO_CLUSTER0_CORE_COUNT + \
JUNO_CLUSTER1_CORE_COUNT)
-/* Cryptocell HW Base address */
-#define PLAT_CRYPTOCELL_BASE UL(0x60050000)
-
/*
* Other platform porting definitions are provided by included headers
*/
diff --git a/plat/arm/board/juno/juno_trusted_boot.c b/plat/arm/board/juno/juno_trusted_boot.c
index 25a7470..c730406 100644
--- a/plat/arm/board/juno/juno_trusted_boot.c
+++ b/plat/arm/board/juno/juno_trusted_boot.c
@@ -8,7 +8,6 @@
#include <stdint.h>
#include <string.h>
-#include <drivers/arm/cryptocell/cc_rotpk.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/common_def.h>
#include <plat/common/platform.h>
@@ -109,10 +108,6 @@
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags)
{
-#if ARM_CRYPTOCELL_INTEG
- return arm_get_rotpk_info_cc(key_ptr, key_len, flags);
-#else
-
#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \
(ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID)
return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
@@ -121,6 +116,4 @@
#else
return 1;
#endif
-
-#endif /* ARM_CRYPTOCELL_INTEG */
}
diff --git a/plat/arm/board/morello/fdts/morello_nt_fw_config.dts b/plat/arm/board/morello/fdts/morello_nt_fw_config.dts
index e730d34..6ec282d 100644
--- a/plat/arm/board/morello/fdts/morello_nt_fw_config.dts
+++ b/plat/arm/board/morello/fdts/morello_nt_fw_config.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -23,4 +23,19 @@
scc-config = <0x0>;
#endif
};
+
+ /*
+ * Placeholder for firmware-version node with default values.
+ * The value will be set to the correct values during
+ * the BL2 stage of boot.
+ */
+ firmware-version {
+#ifdef TARGET_PLATFORM_SOC
+ mcc-fw-version = <0x0>;
+ pcc-fw-version = <0x0>;
+#endif
+ scp-fw-version = <0x0>;
+ scp-fw-commit = <0x0>;
+ tfa-fw-version = "unknown-dirty_00000000";
+ };
};
diff --git a/plat/arm/board/morello/morello_def.h b/plat/arm/board/morello/morello_def.h
index e42a03c..25122e6 100644
--- a/plat/arm/board/morello/morello_def.h
+++ b/plat/arm/board/morello/morello_def.h
@@ -15,6 +15,15 @@
MORELLO_NS_SRAM_SIZE, \
MT_DEVICE | MT_RW | MT_SECURE)
+/* SDS Firmware version defines */
+#define MORELLO_SDS_FIRMWARE_VERSION_STRUCT_ID U(2)
+#define MORELLO_SDS_FIRMWARE_VERSION_OFFSET U(0)
+#ifdef TARGET_PLATFORM_FVP
+# define MORELLO_SDS_FIRMWARE_VERSION_SIZE U(8)
+#else
+# define MORELLO_SDS_FIRMWARE_VERSION_SIZE U(16)
+#endif
+
/* SDS Platform information defines */
#define MORELLO_SDS_PLATFORM_INFO_STRUCT_ID U(8)
#define MORELLO_SDS_PLATFORM_INFO_OFFSET U(0)
@@ -122,8 +131,40 @@
} __packed;
#endif
-/* Compile time assertion to ensure the size of structure is of the required bytes */
+/* SDS Firmware revision struct definition */
+#ifdef TARGET_PLATFORM_FVP
+/*
+ * Firmware revision structure stored in SDS.
+ * This structure holds information about firmware versions.
+ * - SCP firmware version
+ * - SCP firmware commit
+ */
+struct morello_firmware_version {
+ uint32_t scp_fw_ver;
+ uint32_t scp_fw_commit;
+} __packed;
+#else
+/*
+ * Firmware revision structure stored in SDS.
+ * This structure holds information about firmware versions.
+ * - SCP firmware version
+ * - SCP firmware commit
+ * - MCC firmware version
+ * - PCC firmware version
+ */
+struct morello_firmware_version {
+ uint32_t scp_fw_ver;
+ uint32_t scp_fw_commit;
+ uint32_t mcc_fw_ver;
+ uint32_t pcc_fw_ver;
+} __packed;
+#endif
+
+/* Compile time assertions to ensure the size of structures are of the required bytes */
CASSERT(sizeof(struct morello_plat_info) == MORELLO_SDS_PLATFORM_INFO_SIZE,
assert_invalid_plat_info_size);
+CASSERT(sizeof(struct morello_firmware_version) == MORELLO_SDS_FIRMWARE_VERSION_SIZE,
+ assert_invalid_firmware_version_size);
+
#endif /* MORELLO_DEF_H */
diff --git a/plat/arm/board/morello/morello_image_load.c b/plat/arm/board/morello/morello_image_load.c
index b5d9bd5..4ea2bb3 100644
--- a/plat/arm/board/morello/morello_image_load.c
+++ b/plat/arm/board/morello/morello_image_load.c
@@ -23,7 +23,8 @@
}
/*******************************************************************************
- * This function inserts Platform information via device tree nodes as,
+ * This function inserts Platform information and firmware versions
+ * via device tree nodes as,
* platform-info {
* local-ddr-size = <0x0 0x0>;
*#ifdef TARGET_PLATFORM_SOC
@@ -33,12 +34,22 @@
* scc-config = <0x0>;
*#endif
* };
+ * firmware-version {
+ *#ifdef TARGET_PLATFORM_SOC
+ * mcc-fw-version = <0x0>;
+ * pcc-fw-version = <0x0>;
+ *#endif
+ * scp-fw-version = <0x0>;
+ * scp-fw-commit = <0x0>;
+ * tfa-fw-version = "unknown-dirty_00000000";
+ * };
******************************************************************************/
-static int plat_morello_append_config_node(struct morello_plat_info *plat_info)
+static int plat_morello_append_config_node(struct morello_plat_info *plat_info,
+ struct morello_firmware_version *fw_version)
{
bl_mem_params_node_t *mem_params;
void *fdt;
- int nodeoffset, err;
+ int nodeoffset_plat, nodeoffset_fw, err;
uint64_t usable_mem_size;
usable_mem_size = plat_info->local_ddr_size;
@@ -57,35 +68,41 @@
return -1;
}
- nodeoffset = fdt_subnode_offset(fdt, 0, "platform-info");
- if (nodeoffset < 0) {
+ nodeoffset_plat = fdt_subnode_offset(fdt, 0, "platform-info");
+ if (nodeoffset_plat < 0) {
ERROR("NT_FW_CONFIG: Failed to get platform-info node offset\n");
return -1;
}
+ nodeoffset_fw = fdt_subnode_offset(fdt, 0, "firmware-version");
+ if (nodeoffset_fw < 0) {
+ ERROR("NT_FW_CONFIG: Failed to get firmware-version node offset\n");
+ return -1;
+ }
+
#ifdef TARGET_PLATFORM_SOC
- err = fdt_setprop_u64(fdt, nodeoffset, "remote-ddr-size",
+ err = fdt_setprop_u64(fdt, nodeoffset_plat, "remote-ddr-size",
plat_info->remote_ddr_size);
if (err < 0) {
ERROR("NT_FW_CONFIG: Failed to set remote-ddr-size\n");
return -1;
}
- err = fdt_setprop_u32(fdt, nodeoffset, "remote-chip-count",
+ err = fdt_setprop_u32(fdt, nodeoffset_plat, "remote-chip-count",
plat_info->remote_chip_count);
if (err < 0) {
ERROR("NT_FW_CONFIG: Failed to set remote-chip-count\n");
return -1;
}
- err = fdt_setprop_u32(fdt, nodeoffset, "multichip-mode",
+ err = fdt_setprop_u32(fdt, nodeoffset_plat, "multichip-mode",
plat_info->multichip_mode);
if (err < 0) {
ERROR("NT_FW_CONFIG: Failed to set multichip-mode\n");
return -1;
}
- err = fdt_setprop_u32(fdt, nodeoffset, "scc-config",
+ err = fdt_setprop_u32(fdt, nodeoffset_plat, "scc-config",
plat_info->scc_config);
if (err < 0) {
ERROR("NT_FW_CONFIG: Failed to set scc-config\n");
@@ -95,8 +112,41 @@
if (plat_info->scc_config & MORELLO_SCC_CLIENT_MODE_MASK) {
usable_mem_size = get_mem_client_mode(plat_info->local_ddr_size);
}
+
+ err = fdt_setprop_u32(fdt, nodeoffset_fw, "mcc-fw-version",
+ fw_version->mcc_fw_ver);
+ if (err < 0) {
+ ERROR("NT_FW_CONFIG: Failed to set mcc-fw-version\n");
+ return -1;
+ }
+
+ err = fdt_setprop_u32(fdt, nodeoffset_fw, "pcc-fw-version",
+ fw_version->pcc_fw_ver);
+ if (err < 0) {
+ ERROR("NT_FW_CONFIG: Failed to set pcc-fw-version\n");
+ return -1;
+ }
#endif
- err = fdt_setprop_u64(fdt, nodeoffset, "local-ddr-size",
+ err = fdt_setprop_u32(fdt, nodeoffset_fw, "scp-fw-version",
+ fw_version->scp_fw_ver);
+ if (err < 0) {
+ ERROR("NT_FW_CONFIG: Failed to set scp-fw-version\n");
+ return -1;
+ }
+
+ err = fdt_setprop_u32(fdt, nodeoffset_fw, "scp-fw-commit",
+ fw_version->scp_fw_commit);
+ if (err < 0) {
+ ERROR("NT_FW_CONFIG: Failed to set scp-fw-commit\n");
+ return -1;
+ }
+
+ err = fdt_setprop_string(fdt, nodeoffset_fw, "tfa-fw-version", version_string);
+ if (err < 0) {
+ WARN("NT_FW_CONFIG: Unable to set tfa-fw-version\n");
+ }
+
+ err = fdt_setprop_u64(fdt, nodeoffset_plat, "local-ddr-size",
usable_mem_size);
if (err < 0) {
ERROR("NT_FW_CONFIG: Failed to set local-ddr-size\n");
@@ -115,6 +165,7 @@
{
int ret;
struct morello_plat_info plat_info;
+ struct morello_firmware_version fw_version;
ret = sds_init();
if (ret != SDS_OK) {
@@ -132,6 +183,16 @@
panic();
}
+ ret = sds_struct_read(MORELLO_SDS_FIRMWARE_VERSION_STRUCT_ID,
+ MORELLO_SDS_FIRMWARE_VERSION_OFFSET,
+ &fw_version,
+ MORELLO_SDS_FIRMWARE_VERSION_SIZE,
+ SDS_ACCESS_MODE_NON_CACHED);
+ if (ret != SDS_OK) {
+ ERROR("Error getting firmware version from SDS. ret:%d\n", ret);
+ panic();
+ }
+
/* Validate plat_info SDS */
#ifdef TARGET_PLATFORM_FVP
if (plat_info.local_ddr_size == 0U) {
@@ -146,7 +207,7 @@
panic();
}
- ret = plat_morello_append_config_node(&plat_info);
+ ret = plat_morello_append_config_node(&plat_info, &fw_version);
if (ret != 0) {
panic();
}
diff --git a/plat/arm/board/rdn1edge/platform.mk b/plat/arm/board/rdn1edge/platform.mk
index 95753aa..d8d1293 100644
--- a/plat/arm/board/rdn1edge/platform.mk
+++ b/plat/arm/board/rdn1edge/platform.mk
@@ -73,3 +73,6 @@
endif
override CTX_INCLUDE_AARCH32_REGS := 0
+
+# Enable the flag since RD-N1-EDGE has a system level cache
+NEOVERSE_Nx_EXTERNAL_LLC := 1
diff --git a/plat/arm/board/rdn2/fdts/rdn2_fw_config.dts b/plat/arm/board/rdn2/fdts/rdn2_fw_config.dts
index 9c9cefe..d992eac 100644
--- a/plat/arm/board/rdn2/fdts/rdn2_fw_config.dts
+++ b/plat/arm/board/rdn2/fdts/rdn2_fw_config.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -18,6 +18,12 @@
id = <TB_FW_CONFIG_ID>;
};
+ tos_fw-config {
+ load-address = <0x0 0x04001500>;
+ max-size = <0x1000>;
+ id = <TOS_FW_CONFIG_ID>;
+ };
+
nt_fw-config {
load-address = <0x0 0xFEF00000>;
max-size = <0x0100000>;
diff --git a/plat/arm/board/rdn2/fdts/rdn2_stmm_sel0_manifest.dts b/plat/arm/board/rdn2/fdts/rdn2_stmm_sel0_manifest.dts
new file mode 100644
index 0000000..6119706
--- /dev/null
+++ b/plat/arm/board/rdn2/fdts/rdn2_stmm_sel0_manifest.dts
@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) 2023, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+#include <platform_def.h>
+
+/ {
+#define MODE_SEL0 (0x1)
+
+#define SECURE_RO 0x1
+#define SECURE_RW 0x3
+#define SECURE_EXECUTE_RO 0x5
+#define SECURE_EXECUTE_RW 0x7
+#define NON_SECURE_RO 0x9
+#define NON_SECURE_RW 0xB
+#define NON_SECURE_EXECUTE_RO 0xD
+#define NON_SECURE_EXECUTE_RW 0xF
+ /*
+ * FF-A compatible Secure Partition Manager parses the
+ * manifest file and fetch the following booting arguments to
+ * pass on to the StandAloneMM(StMM) Secure Partition.
+ */
+ compatible = "arm,ffa-manifest-1.0";
+
+ description = "RDN2 StMM";
+ ffa-version = <0x00010001>; /* 31:16 - Major, 15:0 - Minor */
+ uuid = <0x378daedc 0xf06b4446 0x831440ab 0x933c87a3>;
+ id = <0x8001>;
+ execution-ctx-count = <1>;
+ exception-level = <MODE_SEL0>; /* S-EL0 */
+ execution-state = <0>; /* AArch64 */
+ load-address = <0x0 0xFF200000>;
+ image-size = <0x0 0x280000>;
+ xlat-granule = <0>; /* 4KiB */
+ boot-order = <0>;
+ messaging-method = <0x3>; /* Direct request/response supported. */
+ power-management-messages = <0>;
+ gp-register-num = <0>;
+
+ device-regions {
+ compatible = "arm,ffa-manifest-device-regions";
+
+ /*
+ * System registers region for access from S-EL0.
+ * Similar to PLAT_ARM_SECURE_MAP_SYSTEMREG.
+ */
+ sys-regs {
+ base-address = <0x0 0x0C010000>;
+ pages-count = <0x10>;
+ attributes = <SECURE_RW>;
+ };
+
+ rtc {
+ base-address = <0x0 0x0C170000>;
+ pages-count = <0x1>;
+ attributes = <SECURE_RW>;
+ };
+
+ /*
+ * ARM CSS SoC Expansion Peripherals.
+ */
+ soc_components {
+ base-address = <0x0 0x0E000000>;
+ pages-count = <0x2000>;
+ attributes = <SECURE_RW>;
+ };
+
+ cluster_utility {
+ base-address = <0x0 0x20000000>;
+ pages-count = <0x20000>;
+ attributes = <SECURE_RW>;
+ };
+
+ secure_uart {
+ base-address = <0x0 0x2A410000>;
+ pages-count = <0x10>;
+ attributes = <SECURE_RW>;
+ };
+
+ /*
+ * Used for Secure booting.
+ */
+ nor_flash2 {
+ base-address = <0x10 0x54000000>;
+ pages-count = <0x4000>;
+ attributes = <SECURE_RW>;
+ };
+ };
+
+ memory-regions {
+ compatible = "arm,ffa-manifest-memory-regions";
+
+ /*
+ * SPM Payload memory. Mapped as code region for S-EL0
+ * Similar to ARM_SP_IMAGE_MMAP macro used for defining base of
+ * the SP image.
+ */
+ stmm_region {
+ base-address = <0x0 0xff200000>;
+ pages-count = <0x300>;
+ /* StMM will remap the regions during runtime. */
+ attributes = <SECURE_EXECUTE_RO>;
+ };
+
+ /*
+ * Memory shared between EL3 SPMC and S-EL0.
+ */
+ rx-tx-buffers {
+ description = "shared-buff";
+ base-address = <0x0 0xff500000>;
+ pages-count = <0x100>;
+ attributes = <SECURE_RW>;
+ };
+
+ /*
+ * Memory shared between Normal world and S-EL0.
+ */
+ ns_comm_buffer {
+ /*
+ * Description is needed for StMM to identify
+ * ns-communication buffer.
+ */
+ description = "ns-comm";
+ base-address = <0x0 0xff600000>;
+ pages-count = <0x30>;
+ attributes = <NON_SECURE_RW>;
+ };
+
+ /*
+ * Heap used by SP to allocate memory for DMA.
+ */
+ heap {
+ /*
+ * Description is needed for StMM to identify
+ * heap buffer.
+ */
+ description = "heap";
+ base-address = <0x0 0xFF630000>;
+ pages-count = <0x5D0>;
+ attributes = <SECURE_RW>;
+ };
+ };
+};
diff --git a/plat/arm/board/rdn2/platform.mk b/plat/arm/board/rdn2/platform.mk
index ef8f3d4..28ec5dc 100644
--- a/plat/arm/board/rdn2/platform.mk
+++ b/plat/arm/board/rdn2/platform.mk
@@ -93,5 +93,37 @@
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config))
+STMM_CONFIG_DTS := ${RDN2_BASE}/fdts/${PLAT}_stmm_sel0_manifest.dts
+FDT_SOURCES += ${STMM_CONFIG_DTS}
+TOS_FW_CONFIG := ${BUILD_PLAT}/fdts/$(notdir $(basename ${STMM_CONFIG_DTS})).dtb
+
+# Add the TOS_FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${TOS_FW_CONFIG},--tos-fw-config,${TOS_FW_CONFIG}))
+
override CTX_INCLUDE_AARCH32_REGS := 0
override ENABLE_FEAT_AMU := 1
+
+# Enable the flag since RD-N2 has a system level cache
+NEOVERSE_Nx_EXTERNAL_LLC := 1
+
+# Enable N2 CPU errata workarounds
+ERRATA_N2_2002655 := 1
+ERRATA_N2_2009478 := 1
+ERRATA_N2_2067956 := 1
+ERRATA_N2_2025414 := 1
+ERRATA_N2_2189731 := 1
+ERRATA_N2_2138956 := 1
+ERRATA_N2_2138953 := 1
+ERRATA_N2_2242415 := 1
+ERRATA_N2_2138958 := 1
+ERRATA_N2_2242400 := 1
+ERRATA_N2_2280757 := 1
+ERRATA_N2_2326639 := 1
+ERRATA_N2_2340933 := 1
+ERRATA_N2_2346952 := 1
+ERRATA_N2_2376738 := 1
+ERRATA_N2_2388450 := 1
+ERRATA_N2_2743014 := 1
+ERRATA_N2_2743089 := 1
+ERRATA_N2_2728475 := 1
+ERRATA_N2_2779511 := 1
diff --git a/plat/arm/board/rdv1/platform.mk b/plat/arm/board/rdv1/platform.mk
index a5fba67..0b059b5 100644
--- a/plat/arm/board/rdv1/platform.mk
+++ b/plat/arm/board/rdv1/platform.mk
@@ -63,3 +63,6 @@
$(error "CSS_SGI_PLATFORM_VARIANT for RD-V1 should always be 0, \
currently set to ${CSS_SGI_PLATFORM_VARIANT}.")
endif
+
+# Enable the flag since RD-V1 has a system level cache
+NEOVERSE_Nx_EXTERNAL_LLC := 1
diff --git a/plat/arm/board/rdv1mc/platform.mk b/plat/arm/board/rdv1mc/platform.mk
index 92f7c10..176e0ef 100644
--- a/plat/arm/board/rdv1mc/platform.mk
+++ b/plat/arm/board/rdv1mc/platform.mk
@@ -74,3 +74,6 @@
$(error "CSS_SGI_PLATFORM_VARIANT for RD-V1-MC should always be 0, \
currently set to ${CSS_SGI_PLATFORM_VARIANT}.")
endif
+
+# Enable the flag since RD-V1-MC has a system level cache
+NEOVERSE_Nx_EXTERNAL_LLC := 1
diff --git a/plat/arm/board/tc/fdts/tc_spmc_manifest.dts b/plat/arm/board/tc/fdts/tc_spmc_manifest.dts
index b64e076..8ef6330 100644
--- a/plat/arm/board/tc/fdts/tc_spmc_manifest.dts
+++ b/plat/arm/board/tc/fdts/tc_spmc_manifest.dts
@@ -13,7 +13,7 @@
attribute {
spmc_id = <0x8000>;
maj_ver = <0x1>;
- min_ver = <0x1>;
+ min_ver = <0x2>;
exec_state = <0x0>;
load_address = <0x0 0xfd000000>;
entrypoint = <0x0 0xfd000000>;
diff --git a/plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts b/plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts
index 382f0e1..73314ee 100644
--- a/plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts
+++ b/plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts
@@ -13,7 +13,7 @@
attribute {
spmc_id = <0x8000>;
maj_ver = <0x1>;
- min_ver = <0x1>;
+ min_ver = <0x2>;
exec_state = <0x0>;
load_address = <0x0 0xfd000000>;
entrypoint = <0x0 0xfd000000>;
diff --git a/plat/arm/board/tc/plat_tc_mbedtls_config.h b/plat/arm/board/tc/plat_tc_mbedtls_config.h
index f0aa60b..773629c 100644
--- a/plat/arm/board/tc/plat_tc_mbedtls_config.h
+++ b/plat/arm/board/tc/plat_tc_mbedtls_config.h
@@ -22,11 +22,7 @@
#endif
#define MBEDTLS_PSA_CRYPTO_C
-#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_ENTROPY_C
-#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-#define MBEDTLS_NO_PLATFORM_ENTROPY
-#define MBEDTLS_TEST_NULL_ENTROPY
+#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
#define MBEDTLS_ECP_C
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk
index 8db6f1d..6874cfa 100644
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@@ -9,6 +9,11 @@
$(error Platform ${PLAT}$(TARGET_PLATFORM) is deprecated.)
endif
+ifeq ($(TARGET_PLATFORM), 1)
+ $(warning Platform ${PLAT}$(TARGET_PLATFORM) is deprecated. \
+ Some of the features might not work as expected)
+endif
+
ifeq ($(shell expr $(TARGET_PLATFORM) \<= 2), 0)
$(error TARGET_PLATFORM must be less than or equal to 2)
endif
diff --git a/plat/arm/board/tc/tc_bl31_setup.c b/plat/arm/board/tc/tc_bl31_setup.c
index ff7809d..aac7ece 100644
--- a/plat/arm/board/tc/tc_bl31_setup.c
+++ b/plat/arm/board/tc/tc_bl31_setup.c
@@ -9,6 +9,7 @@
#include <libfdt.h>
#include <tc_plat.h>
+#include <arch_helpers.h>
#include <common/bl_common.h>
#include <common/debug.h>
#include <drivers/arm/css/css_mhu_doorbell.h>
@@ -19,6 +20,36 @@
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
+#ifdef PLATFORM_TEST_TFM_TESTSUITE
+#include <psa/crypto_platform.h>
+#include <psa/crypto_types.h>
+#include <psa/crypto_values.h>
+#endif /* PLATFORM_TEST_TFM_TESTSUITE */
+
+#ifdef PLATFORM_TEST_TFM_TESTSUITE
+/*
+ * We pretend using an external RNG (through MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+ * mbedTLS config option) so we need to provide an implementation of
+ * mbedtls_psa_external_get_random(). Provide a fake one, since we do not
+ * actually use any of external RNG and this function is only needed during
+ * the execution of TF-M testsuite during exporting the public part of the
+ * delegated attestation key.
+ */
+psa_status_t mbedtls_psa_external_get_random(
+ mbedtls_psa_external_random_context_t *context,
+ uint8_t *output, size_t output_size,
+ size_t *output_length)
+{
+ for (size_t i = 0U; i < output_size; i++) {
+ output[i] = (uint8_t)(read_cntpct_el0() & 0xFFU);
+ }
+
+ *output_length = output_size;
+
+ return PSA_SUCCESS;
+}
+#endif /* PLATFORM_TEST_TFM_TESTSUITE */
+
static scmi_channel_plat_info_t tc_scmi_plat_info[] = {
{
.scmi_mbx_mem = CSS_SCMI_PAYLOAD_BASE,
diff --git a/plat/arm/common/aarch64/arm_helpers.S b/plat/arm/common/aarch64/arm_helpers.S
index ed85ea1..3e56691 100644
--- a/plat/arm/common/aarch64/arm_helpers.S
+++ b/plat/arm/common/aarch64/arm_helpers.S
@@ -86,51 +86,3 @@
func platform_mem_init
ret
endfunc platform_mem_init
-
-/*
- * Need to use coherent stack when ARM Cryptocell is used to autheticate images
- * since Cryptocell uses DMA to transfer data and it is not coherent with the
- * AP CPU.
- */
-#if ARM_CRYPTOCELL_INTEG
-#if defined(IMAGE_BL1) || defined(IMAGE_BL2)
- .globl plat_get_my_stack
- .globl plat_set_my_stack
- .local platform_coherent_stacks
-
- /* -------------------------------------------------------
- * uintptr_t plat_get_my_stack ()
- *
- * For cold-boot BL images, only the primary CPU needs a
- * stack. This function returns the stack pointer for a
- * stack allocated in coherent memory.
- * -------------------------------------------------------
- */
-func plat_get_my_stack
- get_up_stack platform_coherent_stacks, PLATFORM_STACK_SIZE
- ret
-endfunc plat_get_my_stack
-
- /* -------------------------------------------------------
- * void plat_set_my_stack ()
- *
- * For cold-boot BL images, only the primary CPU needs a
- * stack. This function sets the stack pointer to a stack
- * allocated in coherent memory.
- * -------------------------------------------------------
- */
-func plat_set_my_stack
- get_up_stack platform_coherent_stacks, PLATFORM_STACK_SIZE
- mov sp, x0
- ret
-endfunc plat_set_my_stack
-
- /* ----------------------------------------------------
- * Single cpu stack in coherent memory.
- * ----------------------------------------------------
- */
-declare_stack platform_coherent_stacks, .tzfw_coherent_mem, \
- PLATFORM_STACK_SIZE, 1, CACHE_WRITEBACK_GRANULE
-
-#endif /* defined(IMAGE_BL1) || defined(IMAGE_BL2) */
-#endif /* ARM_CRYPTOCELL_INTEG */
diff --git a/plat/arm/common/arm_bl1_setup.c b/plat/arm/common/arm_bl1_setup.c
index 7000236..feff691 100644
--- a/plat/arm/common/arm_bl1_setup.c
+++ b/plat/arm/common/arm_bl1_setup.c
@@ -108,11 +108,8 @@
*****************************************************************************/
void arm_bl1_plat_arch_setup(void)
{
-#if USE_COHERENT_MEM && !ARM_CRYPTOCELL_INTEG
- /*
- * Ensure ARM platforms don't use coherent memory in BL1 unless
- * cryptocell integration is enabled.
- */
+#if USE_COHERENT_MEM
+ /* Ensure ARM platforms don't use coherent memory in BL1. */
assert((BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE) == 0U);
#endif
@@ -123,9 +120,6 @@
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
-#if ARM_CRYPTOCELL_INTEG
- ARM_MAP_BL_COHERENT_RAM,
-#endif
{0}
};
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index e15bf0f..3e8109e 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -184,11 +184,8 @@
******************************************************************************/
void arm_bl2_plat_arch_setup(void)
{
-#if USE_COHERENT_MEM && !ARM_CRYPTOCELL_INTEG
- /*
- * Ensure ARM platforms don't use coherent memory in BL2 unless
- * cryptocell integration is enabled.
- */
+#if USE_COHERENT_MEM
+ /* Ensure ARM platforms don't use coherent memory in BL2. */
assert((BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE) == 0U);
#endif
@@ -199,9 +196,6 @@
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
-#if ARM_CRYPTOCELL_INTEG
- ARM_MAP_BL_COHERENT_RAM,
-#endif
ARM_MAP_BL_CONFIG_REGION,
#if ENABLE_RME
ARM_MAP_L0_GPT_REGION,
diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c
index f47bc3e..8e90615 100644
--- a/plat/arm/common/arm_bl31_setup.c
+++ b/plat/arm/common/arm_bl31_setup.c
@@ -198,6 +198,24 @@
while (bl_params != NULL) {
if (bl_params->image_id == BL32_IMAGE_ID) {
bl32_image_ep_info = *bl_params->ep_info;
+#if SPMC_AT_EL3
+ /*
+ * Populate the BL32 image base, size and max limit in
+ * the entry point information, since there is no
+ * platform function to retrieve them in generic
+ * code. We choose arg2, arg3 and arg4 since the generic
+ * code uses arg1 for stashing the SP manifest size. The
+ * SPMC setup uses these arguments to update SP manifest
+ * with actual SP's base address and it size.
+ */
+ bl32_image_ep_info.args.arg2 =
+ bl_params->image_info->image_base;
+ bl32_image_ep_info.args.arg3 =
+ bl_params->image_info->image_size;
+ bl32_image_ep_info.args.arg4 =
+ bl_params->image_info->image_base +
+ bl_params->image_info->image_max_size;
+#endif
}
#if ENABLE_RME
else if (bl_params->image_id == RMM_IMAGE_ID) {
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index bbb39d5..ae0d85d 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -164,24 +164,11 @@
endif
endif
-# Disable ARM Cryptocell by default
-ARM_CRYPTOCELL_INTEG := 0
-$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG))
-$(eval $(call add_define,ARM_CRYPTOCELL_INTEG))
-
# Enable PIE support for RESET_TO_BL31/RESET_TO_SP_MIN case
ifneq ($(filter 1,${RESET_TO_BL31} ${RESET_TO_SP_MIN}),)
ENABLE_PIE := 1
endif
-# CryptoCell integration relies on coherent buffers for passing data from
-# the AP CPU to the CryptoCell
-ifeq (${ARM_CRYPTOCELL_INTEG},1)
- ifeq (${USE_COHERENT_MEM},0)
- $(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.")
- endif
-endif
-
# Disable GPT parser support, use FIP image by default
ARM_GPT_SUPPORT := 0
$(eval $(call assert_boolean,ARM_GPT_SUPPORT))
@@ -447,11 +434,7 @@
BL31_SOURCES += drivers/auth/crypto_mod.c
# We expect to locate the *.mk files under the directories specified below
- ifeq (${ARM_CRYPTOCELL_INTEG},0)
- CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
- else
- CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
- endif
+ CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
$(info Including ${CRYPTO_LIB_MK})
include ${CRYPTO_LIB_MK}
diff --git a/plat/arm/css/sgi/include/sgi_base_platform_def.h b/plat/arm/css/sgi/include/sgi_base_platform_def.h
index 9dfe040..dab5f8b 100644
--- a/plat/arm/css/sgi/include/sgi_base_platform_def.h
+++ b/plat/arm/css/sgi/include/sgi_base_platform_def.h
@@ -34,10 +34,10 @@
*/
#if defined(IMAGE_BL31)
# if SPM_MM || (SPMC_AT_EL3 && SPMC_AT_EL3_SEL0_SP)
-# define PLAT_ARM_MMAP_ENTRIES (9 + ((CSS_SGI_CHIP_COUNT - 1) * 3))
-# define MAX_XLAT_TABLES (7 + ((CSS_SGI_CHIP_COUNT - 1) * 3))
-# define PLAT_SP_IMAGE_MMAP_REGIONS 10
-# define PLAT_SP_IMAGE_MAX_XLAT_TABLES 12
+# define PLAT_ARM_MMAP_ENTRIES (10 + ((CSS_SGI_CHIP_COUNT - 1) * 3))
+# define MAX_XLAT_TABLES (8 + ((CSS_SGI_CHIP_COUNT - 1) * 3))
+# define PLAT_SP_IMAGE_MMAP_REGIONS 12
+# define PLAT_SP_IMAGE_MAX_XLAT_TABLES 14
# else
# define PLAT_ARM_MMAP_ENTRIES (5 + ((CSS_SGI_CHIP_COUNT - 1) * 3))
# define MAX_XLAT_TABLES (6 + ((CSS_SGI_CHIP_COUNT - 1) * 3))
@@ -105,7 +105,7 @@
* A buffer of ~35KB is added to account for future expansion of the image,
* making it a total of 100KB.
*/
-#define CSS_SGI_BL31_SIZE (100 * 1024) /* 100 KB */
+#define CSS_SGI_BL31_SIZE (116 * 1024) /* 116 KB */
#define PLAT_ARM_MAX_BL31_SIZE (CSS_SGI_BL31_SIZE + \
PLAT_ARM_MAX_BL2_SIZE + \
PLAT_ARM_MAX_BL1_RW_SIZE)
@@ -217,7 +217,7 @@
*/
#define CSS_SGI_SP_CPER_BUF_BASE (PLAT_SP_IMAGE_NS_BUF_BASE + \
PLAT_SP_IMAGE_NS_BUF_SIZE)
-#define CSS_SGI_SP_CPER_BUF_SIZE ULL(0x20000)
+#define CSS_SGI_SP_CPER_BUF_SIZE ULL(0x10000)
#define CSS_SGI_SP_CPER_BUF_MMAP MAP_REGION2( \
CSS_SGI_SP_CPER_BUF_BASE, \
CSS_SGI_SP_CPER_BUF_BASE, \
diff --git a/plat/imx/imx8m/ddr/clock.c b/plat/imx/imx8m/ddr/clock.c
index 31f2f56..21a1b68 100644
--- a/plat/imx/imx8m/ddr/clock.c
+++ b/plat/imx/imx8m/ddr/clock.c
@@ -91,12 +91,16 @@
case 4000:
mmio_write_32(DRAM_PLL_CTRL + 0x4, (250 << 12) | (3 << 4) | 1);
break;
+ case 3734:
case 3733:
case 3732:
mmio_write_32(DRAM_PLL_CTRL + 0x4, (311 << 12) | (4 << 4) | 1);
break;
+ case 3600:
+ mmio_write_32(DRAM_PLL_CTRL + 0x4, (300 << 12) | (8 << 4) | 0);
+ break;
case 3200:
- mmio_write_32(DRAM_PLL_CTRL + 0x4, (200 << 12) | (3 << 4) | 1);
+ mmio_write_32(DRAM_PLL_CTRL + 0x4, (300 << 12) | (9 << 4) | 0);
break;
case 2400:
mmio_write_32(DRAM_PLL_CTRL + 0x4, (300 << 12) | (3 << 4) | 2);
diff --git a/plat/intel/soc/agilex/include/socfpga_plat_def.h b/plat/intel/soc/agilex/include/socfpga_plat_def.h
index a744d09..ff7d971 100644
--- a/plat/intel/soc/agilex/include/socfpga_plat_def.h
+++ b/plat/intel/soc/agilex/include/socfpga_plat_def.h
@@ -65,7 +65,7 @@
#define DEVICE4_SIZE (0x0100000000)
#define BL2_BASE (0xffe00000)
-#define BL2_LIMIT (0xffe1b000)
+#define BL2_LIMIT (0xffe2b000)
#define BL31_BASE (0x1000)
#define BL31_LIMIT (0x81000)
@@ -77,6 +77,11 @@
#define PLAT_UART1_BASE (0xFFC02100)
/*******************************************************************************
+ * WDT related constants
+ ******************************************************************************/
+#define WDT_BASE (0xFFD00200)
+
+/*******************************************************************************
* GIC related constants
******************************************************************************/
#define PLAT_GIC_BASE (0xFFFC0000)
diff --git a/plat/intel/soc/agilex5/bl2_plat_setup.c b/plat/intel/soc/agilex5/bl2_plat_setup.c
index a2fafd2..3912ba8 100644
--- a/plat/intel/soc/agilex5/bl2_plat_setup.c
+++ b/plat/intel/soc/agilex5/bl2_plat_setup.c
@@ -84,7 +84,8 @@
PLAT_BAUDRATE, &console);
/* Store magic number */
- mmio_write_32(L2_RESET_DONE_REG, PLAT_L2_RESET_REQ);
+ // TODO: Temp workaround to ungate testing
+ // mmio_write_32(L2_RESET_DONE_REG, PLAT_L2_RESET_REQ);
}
void bl2_el3_plat_arch_setup(void)
diff --git a/plat/intel/soc/agilex5/include/socfpga_plat_def.h b/plat/intel/soc/agilex5/include/socfpga_plat_def.h
index 8a49d61..597612f 100644
--- a/plat/intel/soc/agilex5/include/socfpga_plat_def.h
+++ b/plat/intel/soc/agilex5/include/socfpga_plat_def.h
@@ -23,9 +23,12 @@
#define PLAT_CPU_ID_MPIDR_AFF_SHIFT MPIDR_AFF1_SHIFT
#define PLAT_L2_RESET_REQ 0xB007C0DE
-/* System Counter */ /* TODO: Update back to 400MHz */
-#define PLAT_SYS_COUNTER_FREQ_IN_TICKS (80000000)
-#define PLAT_SYS_COUNTER_FREQ_IN_MHZ (80)
+/* System Counter */
+/* TODO: Update back to 400MHz.
+ * This shall be updated to read from L4 clock instead of hardcoded.
+ */
+#define PLAT_SYS_COUNTER_FREQ_IN_TICKS (400000000)
+#define PLAT_SYS_COUNTER_FREQ_IN_MHZ (400)
/* FPGA config helpers */
#define INTEL_SIP_SMC_FPGA_CONFIG_ADDR 0x400000
@@ -83,7 +86,7 @@
#define GIC_SIZE (0x00100000)
#define BL2_BASE (0x00000000)
-#define BL2_LIMIT (0x0001b000)
+#define BL2_LIMIT (0x0002b000)
#define BL31_BASE (0x80000000)
#define BL31_LIMIT (0x82000000)
@@ -95,6 +98,11 @@
#define PLAT_UART1_BASE (0x10C02100)
/*******************************************************************************
+ * WDT related constants
+ ******************************************************************************/
+#define WDT_BASE (0x10D00200)
+
+/*******************************************************************************
* GIC related constants
******************************************************************************/
#define PLAT_GIC_BASE (0x1D000000)
diff --git a/plat/intel/soc/common/drivers/ccu/ncore_ccu.c b/plat/intel/soc/common/drivers/ccu/ncore_ccu.c
index 684a625..2094c65 100644
--- a/plat/intel/soc/common/drivers/ccu/ncore_ccu.c
+++ b/plat/intel/soc/common/drivers/ccu/ncore_ccu.c
@@ -134,7 +134,7 @@
/* Enabled Stream ctrl register for Agilex5 */
mmio_write_32(SOCFPGA_SYSMGR(DMA_TBU_STREAM_CTRL_REG_0_DMA0), ENABLE_STREAMID);
mmio_write_32(SOCFPGA_SYSMGR(DMA_TBU_STREAM_CTRL_REG_0_DMA1), ENABLE_STREAMID);
- mmio_write_32(SOCFPGA_SYSMGR(SDM_TBU_STREAM_CTRL_REG_1_SDM), ENABLE_STREAMID_SECURE_TX);
+ mmio_write_32(SOCFPGA_SYSMGR(SDM_TBU_STREAM_CTRL_REG_1_SDM), ENABLE_STREAMID);
mmio_write_32(SOCFPGA_SYSMGR(IO_TBU_STREAM_CTRL_REG_2_USB2), ENABLE_STREAMID);
mmio_write_32(SOCFPGA_SYSMGR(IO_TBU_STREAM_CTRL_REG_2_USB3), ENABLE_STREAMID);
mmio_write_32(SOCFPGA_SYSMGR(IO_TBU_STREAM_CTRL_REG_2_SDMMC), ENABLE_STREAMID);
diff --git a/plat/intel/soc/common/drivers/qspi/cadence_qspi.c b/plat/intel/soc/common/drivers/qspi/cadence_qspi.c
index da8a8bd..6d8825f 100644
--- a/plat/intel/soc/common/drivers/qspi/cadence_qspi.c
+++ b/plat/intel/soc/common/drivers/qspi/cadence_qspi.c
@@ -634,8 +634,9 @@
int cad_qspi_read_bank(uint8_t *buffer, uint32_t offset, uint32_t size)
{
int status;
- uint32_t read_count = 0, *read_data;
+ uint32_t read_count = 0;
int level = 1, count = 0, i;
+ uint8_t *read_data;
status = cad_qspi_indirect_read_start_bank(offset, size);
@@ -647,11 +648,11 @@
level = CAD_QSPI_SRAMFILL_INDRDPART(
mmio_read_32(CAD_QSPI_OFFSET +
CAD_QSPI_SRAMFILL));
- read_data = (uint32_t *)(buffer + read_count);
+ read_data = (uint8_t *)(buffer + read_count);
for (i = 0; i < level; ++i)
- *read_data++ = mmio_read_32(CAD_QSPIDATA_OFST);
+ *read_data++ = mmio_read_8(CAD_QSPIDATA_OFST);
- read_count += level * sizeof(uint32_t);
+ read_count += level * sizeof(uint8_t);
count++;
} while (level > 0);
}
diff --git a/plat/intel/soc/common/drivers/wdt/watchdog.h b/plat/intel/soc/common/drivers/wdt/watchdog.h
index 4ee4cff..940ebf3 100644
--- a/plat/intel/soc/common/drivers/wdt/watchdog.h
+++ b/plat/intel/soc/common/drivers/wdt/watchdog.h
@@ -7,11 +7,8 @@
#ifndef CAD_WATCHDOG_H
#define CAD_WATCHDOG_H
-#if PLATFORM_MODEL == PLAT_SOCFPGA_AGILEX5
-#define WDT_BASE (0x10D00200)
-#else
-#define WDT_BASE (0xFFD00200)
-#endif
+#include "socfpga_plat_def.h"
+
#define WDT_REG_SIZE_OFFSET (0x4)
#define WDT_MIN_CYCLES (65536)
#define WDT_PERIOD (20)
diff --git a/plat/intel/soc/common/include/socfpga_reset_manager.h b/plat/intel/soc/common/include/socfpga_reset_manager.h
index 9d06a3d..93cc945 100644
--- a/plat/intel/soc/common/include/socfpga_reset_manager.h
+++ b/plat/intel/soc/common/include/socfpga_reset_manager.h
@@ -155,6 +155,8 @@
#define RSTMGR_HDSKACK_F2SDRAM0ACK 0x00000800
#define RSTMGR_HDSKACK_FPGA2SOCACK 0x00001000
#define RSTMGR_HDSKACK_FPGAHSACK_DASRT 0x00000000
+#define RSTMGR_HDSKACK_LWSOC2FPGAACK_DASRT 0x00000000
+#define RSTMGR_HDSKACK_SOC2FPGAACK_DASRT 0x00000000
#define RSTMGR_HDSKACK_F2SDRAM0ACK_DASRT 0x00000000
#define RSTMGR_HDSKACK_FPGA2SOCACK_DASRT 0x00000000
diff --git a/plat/intel/soc/common/soc/socfpga_reset_manager.c b/plat/intel/soc/common/soc/socfpga_reset_manager.c
index 7db86c7..7aa6b70 100644
--- a/plat/intel/soc/common/soc/socfpga_reset_manager.c
+++ b/plat/intel/soc/common/soc/socfpga_reset_manager.c
@@ -130,6 +130,7 @@
}
#endif
+#if PLATFORM_MODEL != PLAT_SOCFPGA_AGILEX5
static int poll_idle_status_by_clkcycles(uint32_t addr, uint32_t mask,
uint32_t match, uint32_t delay_clk_cycles)
{
@@ -144,6 +145,7 @@
}
return -ETIMEDOUT;
}
+#endif
static void socfpga_s2f_bridge_mask(uint32_t mask,
uint32_t *brg_mask,
@@ -407,6 +409,7 @@
int socfpga_bridges_enable(uint32_t mask)
{
int ret = 0;
+ int ret_hps = 0;
uint32_t brg_mask = 0;
uint32_t noc_mask = 0;
uint32_t f2s_idlereq = 0;
@@ -424,12 +427,18 @@
#if PLATFORM_MODEL == PLAT_SOCFPGA_AGILEX5
/* Enable SOC2FPGA bridge */
if (brg_mask & RSTMGR_BRGMODRSTMASK_SOC2FPGA) {
- /* Write Reset Manager hdskreq[soc2fpga_flush_req] = 1 */
- NOTICE("Set S2F hdskreq ...\n");
+ /*
+ * To request handshake
+ * Write Reset Manager hdskreq[soc2fpga_flush_req] = 1
+ */
+ INFO("Set S2F hdskreq ...\n");
mmio_setbits_32(SOCFPGA_RSTMGR(HDSKREQ),
RSTMGR_HDSKREQ_SOC2FPGAREQ);
- /* Read Reset Manager hdskack[soc2fpga] = 1 */
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[soc2fpga] = 1
+ */
ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
RSTMGR_HDSKACK_SOC2FPGAACK, RSTMGR_HDSKACK_SOC2FPGAACK,
300);
@@ -438,13 +447,19 @@
ERROR("S2F bridge enable: Timeout hdskack\n");
}
- /* Write Reset Manager hdskreq[soc2fpga_flush_req] = 0 */
- NOTICE("Clear S2F hdskreq ...\n");
+ /*
+ * To clear idle request
+ * Write Reset Manager hdskreq[soc2fpga_flush_req] = 0
+ */
+ INFO("Clear S2F hdskreq ...\n");
mmio_clrbits_32(SOCFPGA_RSTMGR(HDSKREQ),
RSTMGR_HDSKREQ_SOC2FPGAREQ);
- /* Write Reset Manager brgmodrst[soc2fpga] = 1 */
- NOTICE("Assert S2F ...\n");
+ /*
+ * To assert reset
+ * Write Reset Manager hdskreq[soc2fpga_flush_req] = 0
+ */
+ INFO("Assert S2F ...\n");
mmio_setbits_32(SOCFPGA_RSTMGR(BRGMODRST),
RSTMGR_BRGMODRST_SOC2FPGA);
@@ -453,20 +468,29 @@
/* dummy delay */
}
- /* Write Reset Manager brgmodrst[soc2fpga] = 0 */
- NOTICE("Deassert S2F ...\n");
+ /*
+ * To deassert reset
+ * Write Reset Manager brgmodrst[soc2fpga] = 0
+ */
+ INFO("Deassert S2F ...\n");
mmio_clrbits_32(SOCFPGA_RSTMGR(BRGMODRST),
RSTMGR_BRGMODRST_SOC2FPGA);
}
/* Enable LWSOC2FPGA bridge */
if (brg_mask & RSTMGR_BRGMODRSTMASK_LWHPS2FPGA) {
- /* Write Reset Manager hdskreq[lwsoc2fpga_flush_req] = 1 */
- NOTICE("Set LWS2F hdskreq ...\n");
+ /*
+ * To request handshake
+ * Write Reset Manager hdskreq[lwsoc2fpga_flush_req] = 1
+ */
+ INFO("Set LWS2F hdskreq ...\n");
mmio_setbits_32(SOCFPGA_RSTMGR(HDSKREQ),
RSTMGR_HDSKREQ_LWSOC2FPGAREQ);
- /* Read Reset Manager hdskack[lwsoc2fpga] = 1 */
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[lwsoc2fpga] = 1
+ */
ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
RSTMGR_HDSKACK_LWSOC2FPGAACK, RSTMGR_HDSKACK_LWSOC2FPGAACK,
300);
@@ -475,13 +499,19 @@
ERROR("LWS2F bridge enable: Timeout hdskack\n");
}
- /* Write Reset Manager hdskreq[lwsoc2fpga_flush_req] = 0 */
- NOTICE("Clear LWS2F hdskreq ...\n");
+ /*
+ * To clear idle request
+ * Write Reset Manager hdskreq[lwsoc2fpga_flush_req] = 0
+ */
+ INFO("Clear LWS2F hdskreq ...\n");
mmio_clrbits_32(SOCFPGA_RSTMGR(HDSKREQ),
RSTMGR_HDSKREQ_LWSOC2FPGAREQ);
- /* Write Reset Manager brgmodrst[lwsoc2fpga] = 1 */
- NOTICE("Assert LWS2F ...\n");
+ /*
+ * To assert reset
+ * Write Reset Manager brgmodrst[lwsoc2fpga] = 1
+ */
+ INFO("Assert LWS2F ...\n");
mmio_setbits_32(SOCFPGA_RSTMGR(BRGMODRST),
RSTMGR_BRGMODRST_LWHPS2FPGA);
@@ -490,8 +520,11 @@
/* dummy delay */
}
- /* Write Reset Manager brgmodrst[lwsoc2fpga] = 0 */
- NOTICE("Deassert LWS2F ...\n");
+ /*
+ * To deassert reset
+ * Write Reset Manager brgmodrst[lwsoc2fpga] = 0
+ */
+ INFO("Deassert LWS2F ...\n");
mmio_clrbits_32(SOCFPGA_RSTMGR(BRGMODRST),
RSTMGR_BRGMODRST_LWHPS2FPGA);
}
@@ -505,9 +538,9 @@
mmio_clrbits_32(SOCFPGA_RSTMGR(BRGMODRST), brg_mask);
/* Wait until idle ack becomes 0 */
- ret = poll_idle_status(SOCFPGA_SYSMGR(NOC_IDLEACK),
+ ret_hps = poll_idle_status(SOCFPGA_SYSMGR(NOC_IDLEACK),
noc_mask, 0, 300);
- if (ret < 0) {
+ if (ret_hps < 0) {
ERROR("S2F bridge enable: Timeout idle ack\n");
}
}
@@ -520,16 +553,25 @@
#if PLATFORM_MODEL == PLAT_SOCFPGA_AGILEX5
/* Enable FPGA2SOC bridge */
if (brg_mask & RSTMGR_BRGMODRSTMASK_FPGA2SOC) {
- /* Write Reset Manager hdsken[fpgahsen] = 1 */
- NOTICE("Set FPGA hdsken(fpgahsen) ...\n");
+ /*
+ * To request handshake
+ * Write Reset Manager hdsken[fpgahsen] = 1
+ */
+ INFO("Set FPGA hdsken(fpgahsen) ...\n");
mmio_setbits_32(SOCFPGA_RSTMGR(HDSKEN), RSTMGR_HDSKEN_FPGAHSEN);
- /* Write Reset Manager hdskreq[fpgahsreq] = 1 */
- NOTICE("Set FPGA hdskreq(fpgahsreq) ...\n");
+ /*
+ * To request handshake
+ * Write Reset Manager hdskreq[fpgahsreq] = 1
+ */
+ INFO("Set FPGA hdskreq(fpgahsreq) ...\n");
mmio_setbits_32(SOCFPGA_RSTMGR(HDSKREQ), RSTMGR_HDSKREQ_FPGAHSREQ);
- /* Read Reset Manager hdskack[fpgahsack] = 1 */
- NOTICE("Get FPGA hdskack(fpgahsack) ...\n");
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[fpgahsack] = 1
+ */
+ INFO("Get FPGA hdskack(fpgahsack) ...\n");
ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
RSTMGR_HDSKACK_FPGAHSACK, RSTMGR_HDSKACK_FPGAHSACK,
300);
@@ -538,13 +580,19 @@
ERROR("FPGA bridge fpga handshake fpgahsreq: Timeout\n");
}
- /* Write Reset Manager hdskreq[f2s_flush_req] = 1 */
- NOTICE("Set F2S hdskreq(f2s_flush_req) ...\n");
+ /*
+ * To fence and drain traffic
+ * Write Reset Manager hdskreq[f2s_flush_req] = 1
+ */
+ INFO("Set F2S hdskreq(f2s_flush_req) ...\n");
mmio_setbits_32(SOCFPGA_RSTMGR(HDSKREQ),
RSTMGR_HDSKREQ_FPGA2SOCREQ);
- /* Read Reset Manager hdskack[f2s_flush_ack] = 1 */
- NOTICE("Get F2S hdskack(f2s_flush_ack) ...\n");
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[f2s_flush_ack] = 1
+ */
+ INFO("Get F2S hdskack(f2s_flush_ack) ...\n");
ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
RSTMGR_HDSKACK_FPGA2SOCACK, RSTMGR_HDSKACK_FPGA2SOCACK,
300);
@@ -553,17 +601,26 @@
ERROR("F2S bridge fpga handshake f2sdram_flush_req: Timeout\n");
}
- /* Write Reset Manager hdskreq[fpgahsreq] = 1 */
- NOTICE("Clear FPGA hdskreq(fpgahsreq) ...\n");
+ /*
+ * To clear idle request
+ * Write Reset Manager hdskreq[fpgahsreq] = 1
+ */
+ INFO("Clear FPGA hdskreq(fpgahsreq) ...\n");
mmio_clrbits_32(SOCFPGA_RSTMGR(HDSKREQ), RSTMGR_HDSKREQ_FPGAHSREQ);
- /* Write Reset Manager hdskreq[f2s_flush_req] = 1 */
- NOTICE("Clear F2S hdskreq(f2s_flush_req) ...\n");
+ /*
+ * To clear idle request
+ * Write Reset Manager hdskreq[f2s_flush_req] = 1
+ */
+ INFO("Clear F2S hdskreq(f2s_flush_req) ...\n");
mmio_clrbits_32(SOCFPGA_RSTMGR(HDSKREQ),
RSTMGR_HDSKREQ_FPGA2SOCREQ);
- /* Read Reset Manager hdskack[f2s_flush_ack] = 0 */
- NOTICE("Get F2SDRAM hdskack(f2s_flush_ack) ...\n");
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[f2s_flush_ack] = 0
+ */
+ INFO("Get F2SDRAM hdskack(f2s_flush_ack) ...\n");
ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
RSTMGR_HDSKACK_FPGA2SOCACK, RSTMGR_HDSKACK_FPGA2SOCACK_DASRT,
300);
@@ -572,8 +629,11 @@
ERROR("F2S bridge fpga handshake f2s_flush_ack: Timeout\n");
}
- /* Read Reset Manager hdskack[fpgahsack] = 0 */
- NOTICE("Get FPGA hdskack(fpgahsack) ...\n");
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[fpgahsack] = 0
+ */
+ INFO("Get FPGA hdskack(fpgahsack) ...\n");
ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
RSTMGR_HDSKACK_FPGAHSACK, RSTMGR_HDSKACK_FPGAHSACK_DASRT,
300);
@@ -582,8 +642,11 @@
ERROR("F2S bridge fpga handshake fpgahsack: Timeout\n");
}
- /* Write Reset Manager brgmodrst[fpga2soc] = 1 */
- NOTICE("Assert F2S ...\n");
+ /*
+ * To assert reset
+ * Write Reset Manager brgmodrst[fpga2soc] = 1
+ */
+ INFO("Assert F2S ...\n");
mmio_setbits_32(SOCFPGA_RSTMGR(BRGMODRST), RSTMGR_BRGMODRST_FPGA2SOC);
/* ToDo: Shall use udelay for product release */
@@ -591,28 +654,40 @@
/* dummy delay */
}
- /* Write Reset Manager brgmodrst[fpga2soc] = 0 */
- NOTICE("Deassert F2S ...\n");
+ /*
+ * To deassert reset
+ * Write Reset Manager brgmodrst[fpga2soc] = 0
+ */
+ INFO("Deassert F2S ...\n");
mmio_clrbits_32(SOCFPGA_RSTMGR(BRGMODRST), RSTMGR_BRGMODRST_FPGA2SOC);
/* Write System Manager f2s bridge control register[f2soc_enable] = 1 */
- NOTICE("Deassert F2S f2soc_enable ...\n");
+ INFO("Deassert F2S f2soc_enable ...\n");
mmio_setbits_32(SOCFPGA_SYSMGR(F2S_BRIDGE_CTRL),
SYSMGR_F2S_BRIDGE_CTRL_EN);
}
/* Enable FPGA2SDRAM bridge */
if (brg_mask & RSTMGR_BRGMODRSTMASK_F2SDRAM0) {
- /* Write Reset Manager hdsken[fpgahsen] = 1 */
- NOTICE("Set F2SDRAM hdsken(fpgahsen) ...\n");
+ /*
+ * To request handshake
+ * Write Reset Manager hdsken[fpgahsen] = 1
+ */
+ INFO("Set F2SDRAM hdsken(fpgahsen) ...\n");
mmio_setbits_32(SOCFPGA_RSTMGR(HDSKEN), RSTMGR_HDSKEN_FPGAHSEN);
- /* Write Reset Manager hdskreq[fpgahsreq] = 1 */
- NOTICE("Set F2SDRAM hdskreq(fpgahsreq) ...\n");
+ /*
+ * To request handshake
+ * Write Reset Manager hdskreq[fpgahsreq] = 1
+ */
+ INFO("Set F2SDRAM hdskreq(fpgahsreq) ...\n");
mmio_setbits_32(SOCFPGA_RSTMGR(HDSKREQ), RSTMGR_HDSKREQ_FPGAHSREQ);
- /* Read Reset Manager hdskack[fpgahsack] = 1 */
- NOTICE("Get F2SDRAM hdskack(fpgahsack) ...\n");
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[fpgahsack] = 1
+ */
+ INFO("Get F2SDRAM hdskack(fpgahsack) ...\n");
ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
RSTMGR_HDSKACK_FPGAHSACK, RSTMGR_HDSKACK_FPGAHSACK,
300);
@@ -621,13 +696,19 @@
ERROR("F2SDRAM bridge fpga handshake fpgahsreq: Timeout\n");
}
- /* Write Reset Manager hdskreq[f2sdram_flush_req] = 1 */
- NOTICE("Set F2SDRAM hdskreq(f2sdram_flush_req) ...\n");
+ /*
+ * To fence and drain traffic
+ * Write Reset Manager hdskreq[f2sdram_flush_req] = 1
+ */
+ INFO("Set F2SDRAM hdskreq(f2sdram_flush_req) ...\n");
mmio_setbits_32(SOCFPGA_RSTMGR(HDSKREQ),
RSTMGR_HDSKREQ_F2SDRAM0REQ);
- /* Read Reset Manager hdskack[f2sdram_flush_ack] = 1 */
- NOTICE("Get F2SDRAM hdskack(f2sdram_flush_ack) ...\n");
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[f2sdram_flush_ack] = 1
+ */
+ INFO("Get F2SDRAM hdskack(f2sdram_flush_ack) ...\n");
ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
RSTMGR_HDSKACK_F2SDRAM0ACK, RSTMGR_HDSKACK_F2SDRAM0ACK,
300);
@@ -636,16 +717,25 @@
ERROR("F2SDRAM bridge fpga handshake f2sdram_flush_req: Timeout\n");
}
- /* Write Reset Manager hdskreq[fpgahsreq] = 1 */
- NOTICE("Clear F2SDRAM hdskreq(fpgahsreq) ...\n");
+ /*
+ * To clear idle request
+ * Write Reset Manager hdskreq[fpgahsreq] = 1
+ */
+ INFO("Clear F2SDRAM hdskreq(fpgahsreq) ...\n");
mmio_clrbits_32(SOCFPGA_RSTMGR(HDSKREQ), RSTMGR_HDSKREQ_FPGAHSREQ);
- /* Write Reset Manager hdskreq[f2sdram_flush_req] = 1 */
- NOTICE("Clear F2SDRAM hdskreq(f2sdram_flush_req) ...\n");
+ /*
+ * To clear idle request
+ * Write Reset Manager hdskreq[f2sdram_flush_req] = 1
+ */
+ INFO("Clear F2SDRAM hdskreq(f2sdram_flush_req) ...\n");
mmio_clrbits_32(SOCFPGA_RSTMGR(HDSKREQ), RSTMGR_HDSKREQ_F2SDRAM0REQ);
- /* Read Reset Manager hdskack[f2sdram_flush_ack] = 0 */
- NOTICE("Get F2SDRAM hdskack(f2sdram_flush_ack) ...\n");
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[f2sdram_flush_ack] = 0
+ */
+ INFO("Get F2SDRAM hdskack(f2sdram_flush_ack) ...\n");
ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
RSTMGR_HDSKACK_F2SDRAM0ACK, RSTMGR_HDSKACK_F2SDRAM0ACK_DASRT,
300);
@@ -654,8 +744,11 @@
ERROR("F2SDRAM bridge fpga handshake f2sdram_flush_ack: Timeout\n");
}
- /* Read Reset Manager hdskack[fpgahsack] = 0 */
- NOTICE("Get F2SDRAM hdskack(fpgahsack) ...\n");
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[fpgahsack] = 0
+ */
+ INFO("Get F2SDRAM hdskack(fpgahsack) ...\n");
ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
RSTMGR_HDSKACK_FPGAHSACK, RSTMGR_HDSKACK_FPGAHSACK_DASRT,
300);
@@ -664,8 +757,11 @@
ERROR("F2SDRAM bridge fpga handshake fpgahsack: Timeout\n");
}
- /* Write Reset Manager brgmodrst[fpga2sdram] = 1 */
- NOTICE("Assert F2SDRAM ...\n");
+ /*
+ * To assert reset
+ * Write Reset Manager brgmodrst[fpga2sdram] = 1
+ */
+ INFO("Assert F2SDRAM ...\n");
mmio_setbits_32(SOCFPGA_RSTMGR(BRGMODRST),
RSTMGR_BRGMODRST_F2SSDRAM0);
@@ -674,8 +770,11 @@
/* dummy delay */
}
- /* Write Reset Manager brgmodrst[fpga2sdram] = 0 */
- NOTICE("Deassert F2SDRAM ...\n");
+ /*
+ * To deassert reset
+ * Write Reset Manager brgmodrst[fpga2sdram] = 0
+ */
+ INFO("Deassert F2SDRAM ...\n");
mmio_clrbits_32(SOCFPGA_RSTMGR(BRGMODRST),
RSTMGR_BRGMODRST_F2SSDRAM0);
@@ -683,7 +782,7 @@
* Clear fpga2sdram_manager_main_SidebandManager_FlagOutClr0
* f2s_ready_latency_enable
*/
- NOTICE("Clear F2SDRAM f2s_ready_latency_enable ...\n");
+ INFO("Clear F2SDRAM f2s_ready_latency_enable ...\n");
mmio_setbits_32(SOCFPGA_F2SDRAMMGR(SIDEBANDMGR_FLAGOUTCLR0),
FLAGOUTCLR0_F2SDRAM0_ENABLE);
}
@@ -711,6 +810,7 @@
udelay(5);
}
#endif
+ ret = ret | ret_hps;
return ret;
}
@@ -771,9 +871,86 @@
uint32_t f2s_idleack = 0;
uint32_t f2s_respempty = 0;
uint32_t f2s_cmdidle = 0;
+#if PLATFORM_MODEL == PLAT_SOCFPGA_AGILEX5
+ uint32_t delay = 0;
+#endif
+
/* Disable s2f bridge */
socfpga_s2f_bridge_mask(mask, &brg_mask, &noc_mask);
+#if PLATFORM_MODEL == PLAT_SOCFPGA_AGILEX5
+ /* Disable SOC2FPGA bridge */
+ if (brg_mask & RSTMGR_BRGMODRSTMASK_SOC2FPGA) {
+ /*
+ * To clear handshake
+ * Write Reset Manager hdskreq[soc2fpga_flush_req] = 0
+ */
+ INFO("Set S2F hdskreq ...\n");
+ mmio_clrbits_32(SOCFPGA_RSTMGR(HDSKREQ),
+ RSTMGR_HDSKREQ_SOC2FPGAREQ);
+
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[soc2fpga] = 0
+ */
+ ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
+ RSTMGR_HDSKACK_SOC2FPGAACK, RSTMGR_HDSKACK_SOC2FPGAACK_DASRT,
+ 300);
+
+ if (ret < 0) {
+ ERROR("S2F bridge enable: Timeout hdskack\n");
+ }
+
+ /*
+ * To assert reset
+ * Write Reset Manager brgmodrst[soc2fpga] = 1
+ */
+ INFO("Assert S2F ...\n");
+ mmio_setbits_32(SOCFPGA_RSTMGR(BRGMODRST),
+ RSTMGR_BRGMODRST_SOC2FPGA);
+
+ /* ToDo: Shall use udelay for product release */
+ for (delay = 0; delay < 1000; delay++) {
+ /* dummy delay */
+ }
+ }
+
+ /* Disable LWSOC2FPGA bridge */
+ if (brg_mask & RSTMGR_BRGMODRSTMASK_LWHPS2FPGA) {
+ /*
+ * To clear handshake
+ * Write Reset Manager hdskreq[lwsoc2fpga_flush_req] = 0
+ */
+ INFO("Set LWS2F hdskreq ...\n");
+ mmio_clrbits_32(SOCFPGA_RSTMGR(HDSKREQ),
+ RSTMGR_HDSKREQ_LWSOC2FPGAREQ);
+
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[lwsoc2fpga] = 0
+ */
+ ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
+ RSTMGR_HDSKACK_LWSOC2FPGAACK, RSTMGR_HDSKACK_LWSOC2FPGAACK_DASRT,
+ 300);
+
+ if (ret < 0) {
+ ERROR("LWS2F bridge enable: Timeout hdskack\n");
+ }
+
+ /*
+ * To assert reset
+ * Write Reset Manager brgmodrst[lwsoc2fpga] = 1
+ */
+ INFO("Assert LWS2F ...\n");
+ mmio_setbits_32(SOCFPGA_RSTMGR(BRGMODRST),
+ RSTMGR_BRGMODRST_LWHPS2FPGA);
+
+ /* ToDo: Shall use udelay for product release */
+ for (delay = 0; delay < 1000; delay++) {
+ /* dummy delay */
+ }
+ }
+#else
if (brg_mask != 0U) {
mmio_setbits_32(SOCFPGA_SYSMGR(NOC_IDLEREQ_SET),
noc_mask);
@@ -796,11 +973,152 @@
mmio_write_32(SOCFPGA_SYSMGR(NOC_TIMEOUT), 0);
}
+#endif
/* Disable f2s bridge */
socfpga_f2s_bridge_mask(mask, &brg_mask, &f2s_idlereq,
&f2s_force_drain, &f2s_en,
&f2s_idleack, &f2s_respempty, &f2s_cmdidle);
+#if PLATFORM_MODEL == PLAT_SOCFPGA_AGILEX5
+ /* Disable FPGA2SOC bridge */
+ if (brg_mask & RSTMGR_BRGMODRSTMASK_FPGA2SOC) {
+ /*
+ * To request handshake
+ * Write Reset Manager hdsken[fpgahsen] = 1
+ */
+ INFO("Set FPGA hdsken(fpgahsen) ...\n");
+ mmio_setbits_32(SOCFPGA_RSTMGR(HDSKEN), RSTMGR_HDSKEN_FPGAHSEN);
+
+ /*
+ * To clear handshake request
+ * Write Reset Manager hdskreq[fpgahsreq] = 0
+ */
+ INFO("Clear FPGA hdskreq(fpgahsreq) ...\n");
+ mmio_clrbits_32(SOCFPGA_RSTMGR(HDSKREQ), RSTMGR_HDSKREQ_FPGAHSREQ);
+
+ /*
+ * To clear handshake request
+ * Write Reset Manager hdskreq[f2s_flush_req] = 0
+ */
+ INFO("Clear F2S hdskreq(f2s_flush_req) ...\n");
+ mmio_clrbits_32(SOCFPGA_RSTMGR(HDSKREQ),
+ RSTMGR_HDSKREQ_FPGA2SOCREQ);
+
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[f2s_flush_ack] = 0
+ */
+ INFO("Get F2SDRAM hdskack(f2s_flush_ack) ...\n");
+ ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
+ RSTMGR_HDSKACK_FPGA2SOCACK, RSTMGR_HDSKACK_FPGA2SOCACK_DASRT,
+ 300);
+
+ if (ret < 0) {
+ ERROR("F2S bridge fpga handshake f2s_flush_ack: Timeout\n");
+ }
+
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[fpgahsack] = 0
+ */
+ INFO("Get FPGA hdskack(fpgahsack) ...\n");
+ ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
+ RSTMGR_HDSKACK_FPGAHSACK, RSTMGR_HDSKACK_FPGAHSACK_DASRT,
+ 300);
+
+ if (ret < 0) {
+ ERROR("F2S bridge fpga handshake fpgahsack: Timeout\n");
+ }
+
+ /*
+ * To assert reset
+ * Write Reset Manager brgmodrst[fpga2soc] = 1
+ */
+ INFO("Assert F2S ...\n");
+ mmio_setbits_32(SOCFPGA_RSTMGR(BRGMODRST), RSTMGR_BRGMODRST_FPGA2SOC);
+
+ /* ToDo: Shall use udelay for product release */
+ for (delay = 0; delay < 1000; delay++) {
+ /* dummy delay */
+ }
+
+ /* Write System Manager f2s bridge control register[f2soc_enable] = 0 */
+ INFO("Assert F2S f2soc_enable ...\n");
+ mmio_clrbits_32(SOCFPGA_SYSMGR(F2S_BRIDGE_CTRL),
+ SYSMGR_F2S_BRIDGE_CTRL_EN);
+ }
+
+ /* Disable FPGA2SDRAM bridge */
+ if (brg_mask & RSTMGR_BRGMODRSTMASK_F2SDRAM0) {
+ /*
+ * To request handshake
+ * Write Reset Manager hdsken[fpgahsen] = 1
+ */
+ INFO("Set F2SDRAM hdsken(fpgahsen) ...\n");
+ mmio_setbits_32(SOCFPGA_RSTMGR(HDSKEN), RSTMGR_HDSKEN_FPGAHSEN);
+
+ /*
+ * To clear handshake request
+ * Write Reset Manager hdskreq[fpgahsreq] = 0
+ */
+ INFO("Clear F2SDRAM hdskreq(fpgahsreq) ...\n");
+ mmio_clrbits_32(SOCFPGA_RSTMGR(HDSKREQ), RSTMGR_HDSKREQ_FPGAHSREQ);
+
+ /*
+ * To clear handshake request
+ * Write Reset Manager hdskreq[f2sdram_flush_req] = 0
+ */
+ INFO("Clear F2SDRAM hdskreq(f2sdram_flush_req) ...\n");
+ mmio_clrbits_32(SOCFPGA_RSTMGR(HDSKREQ), RSTMGR_HDSKREQ_F2SDRAM0REQ);
+
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[f2sdram_flush_ack] = 0
+ */
+ INFO("Get F2SDRAM hdskack(f2sdram_flush_ack) ...\n");
+ ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
+ RSTMGR_HDSKACK_F2SDRAM0ACK, RSTMGR_HDSKACK_F2SDRAM0ACK_DASRT,
+ 300);
+
+ if (ret < 0) {
+ ERROR("F2SDRAM bridge fpga handshake f2sdram_flush_ack: Timeout\n");
+ }
+
+ /*
+ * To poll idle status
+ * Read Reset Manager hdskack[fpgahsack] = 0
+ */
+ INFO("Get F2SDRAM hdskack(fpgahsack) ...\n");
+ ret = poll_idle_status_by_counter(SOCFPGA_RSTMGR(HDSKACK),
+ RSTMGR_HDSKACK_FPGAHSACK, RSTMGR_HDSKACK_FPGAHSACK_DASRT,
+ 300);
+
+ if (ret < 0) {
+ ERROR("F2SDRAM bridge fpga handshake fpgahsack: Timeout\n");
+ }
+
+ /*
+ * To assert reset
+ * Write Reset Manager brgmodrst[fpga2sdram] = 1
+ */
+ INFO("Assert F2SDRAM ...\n");
+ mmio_setbits_32(SOCFPGA_RSTMGR(BRGMODRST),
+ RSTMGR_BRGMODRST_F2SSDRAM0);
+
+ /* ToDo: Shall use udelay for product release */
+ for (delay = 0; delay < 1000; delay++) {
+ /* dummy delay */
+ }
+
+ /*
+ * Assert fpga2sdram_manager_main_SidebandManager_FlagOutClr0
+ * f2s_ready_latency_enable
+ */
+ INFO("Assert F2SDRAM f2s_ready_latency_enable ...\n");
+ mmio_clrbits_32(SOCFPGA_F2SDRAMMGR(SIDEBANDMGR_FLAGOUTCLR0),
+ FLAGOUTCLR0_F2SDRAM0_ENABLE);
+ }
+#else
if (brg_mask != 0U) {
if (mmio_read_32(SOCFPGA_RSTMGR(BRGMODRST)) & brg_mask) {
@@ -829,7 +1147,7 @@
/* Bridge reset */
#if PLATFORM_MODEL == PLAT_SOCFPGA_STRATIX10
- /* Software must never write a 0x1 to FPGA2SOC_MASK bit */
+ /* Software must never write a 0x1 to FPGA2SOC_M0ASK bit */
mmio_setbits_32(SOCFPGA_RSTMGR(BRGMODRST),
brg_mask & ~RSTMGR_FIELD(BRG, FPGA2SOC));
#else
@@ -843,6 +1161,7 @@
mmio_setbits_32(SOCFPGA_F2SDRAMMGR(SIDEBANDMGR_FLAGOUTCLR0),
f2s_idlereq);
}
+#endif
return ret;
}
diff --git a/plat/intel/soc/common/socfpga_psci.c b/plat/intel/soc/common/socfpga_psci.c
index 5ffd512..c93e13f 100644
--- a/plat/intel/soc/common/socfpga_psci.c
+++ b/plat/intel/soc/common/socfpga_psci.c
@@ -62,7 +62,7 @@
#if PLATFORM_MODEL != PLAT_SOCFPGA_AGILEX5
if (cpu_id == 0x00) {
psci_boot = mmio_read_32(SOCFPGA_SYSMGR(BOOT_SCRATCH_COLD_8));
- psci_boot |= 0x20000; /* bit 17 */
+ psci_boot |= 0x80000; /* bit 19 */
mmio_write_32(SOCFPGA_SYSMGR(BOOT_SCRATCH_COLD_8), psci_boot);
}
diff --git a/plat/intel/soc/n5x/include/socfpga_plat_def.h b/plat/intel/soc/n5x/include/socfpga_plat_def.h
index a06bbc4..ae0229f 100644
--- a/plat/intel/soc/n5x/include/socfpga_plat_def.h
+++ b/plat/intel/soc/n5x/include/socfpga_plat_def.h
@@ -78,6 +78,11 @@
#define PLAT_UART1_BASE (0xFFC02100)
/*******************************************************************************
+ * WDT related constants
+ ******************************************************************************/
+#define WDT_BASE (0xFFD00200)
+
+/*******************************************************************************
* GIC related constants
******************************************************************************/
#define PLAT_GIC_BASE (0xFFFC0000)
diff --git a/plat/intel/soc/stratix10/include/socfpga_plat_def.h b/plat/intel/soc/stratix10/include/socfpga_plat_def.h
index 7c9f15a..112604f 100644
--- a/plat/intel/soc/stratix10/include/socfpga_plat_def.h
+++ b/plat/intel/soc/stratix10/include/socfpga_plat_def.h
@@ -64,7 +64,7 @@
#define DEVICE4_SIZE (0x0100000000)
#define BL2_BASE (0xffe00000)
-#define BL2_LIMIT (0xffe1b000)
+#define BL2_LIMIT (0xffe2b000)
#define BL31_BASE (0x1000)
#define BL31_LIMIT (0x81000)
@@ -76,6 +76,11 @@
#define PLAT_UART1_BASE (0xFFC02100)
/*******************************************************************************
+ * WDT related constants
+ ******************************************************************************/
+#define WDT_BASE (0xFFD00200)
+
+/*******************************************************************************
* GIC related constants
******************************************************************************/
#define PLAT_GIC_BASE (0xFFFC0000)
diff --git a/plat/mediatek/build_helpers/mtk_build_helpers.mk b/plat/mediatek/build_helpers/mtk_build_helpers.mk
index 83a4dd2..ac2cbad 100644
--- a/plat/mediatek/build_helpers/mtk_build_helpers.mk
+++ b/plat/mediatek/build_helpers/mtk_build_helpers.mk
@@ -103,12 +103,8 @@
MTK_OPTIONS := $(MTK_PLAT)/build_helpers/options.mk
MTK_COND_EVAL := $(MTK_PLAT)/build_helpers/conditional_eval_options.mk
-# Indicate which BL should be built in command line
-ifeq (${NEED_BL32},yes)
-MTK_BL := bl32
-else
MTK_BL := bl31
-endif
+
# Include common, platform, board level config
include $(MTK_COMMON_CFG)
include $(MTK_PLAT_CFG)
diff --git a/plat/mediatek/drivers/iommu/mt8188/mtk_iommu_plat.c b/plat/mediatek/drivers/iommu/mt8188/mtk_iommu_plat.c
index 1d6863f..64a10f1 100644
--- a/plat/mediatek/drivers/iommu/mt8188/mtk_iommu_plat.c
+++ b/plat/mediatek/drivers/iommu/mt8188/mtk_iommu_plat.c
@@ -4,7 +4,7 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include <mtk_iommu_plat.h>
+#include <mtk_iommu_priv.h>
#include <mtk_mmap_pool.h>
#include <platform_def.h>
@@ -42,7 +42,7 @@
#define MMU_DEV_PCIE_0 (0)
#define IFR_CFG_GROUP_NUM (1)
-static struct mtk_smi_larb_config mt8188_larb_cfg[SMI_LARB_NUM] = {
+static struct mtk_smi_larb_config mt8188_larb_cfg[] = {
[SMI_L0_ID] = LARB_CFG_ENTRY(SMI_LARB_0_BASE, 7, 0),
[SMI_L1_ID] = LARB_CFG_ENTRY(SMI_LARB_1_BASE, 7, 0),
[SMI_L2_ID] = LARB_CFG_ENTRY(SMI_LARB_2_BASE, 5, 0),
@@ -80,12 +80,24 @@
static uint32_t mt8188_ifr_mst_cfg_offs[IFR_CFG_GROUP_NUM] = {
PERICFG_AO_IOMMU_1,
};
-static struct mtk_ifr_mst_config mt8188_ifr_mst_cfg[MMU_DEV_NUM] = {
+static struct mtk_ifr_mst_config mt8188_ifr_mst_cfg[] = {
[MMU_DEV_PCIE_0] = IFR_MST_CFG_ENTRY(0, 18),
};
struct mtk_smi_larb_config *g_larb_cfg = &mt8188_larb_cfg[0];
+const unsigned int g_larb_num = ARRAY_SIZE(mt8188_larb_cfg);
+
+static struct mtk_secure_iommu_config mt8188_secure_iommu_config[] = {
+ SEC_IOMMU_CFG_ENTRY(VDO_SECURE_IOMMU_BASE),
+ SEC_IOMMU_CFG_ENTRY(VPP_SECURE_IOMMU_BASE),
+};
+
+struct mtk_secure_iommu_config *g_sec_iommu_cfg = &mt8188_secure_iommu_config[0];
+const unsigned int g_sec_iommu_num = ARRAY_SIZE(mt8188_secure_iommu_config);
+
struct mtk_ifr_mst_config *g_ifr_mst_cfg = &mt8188_ifr_mst_cfg[0];
+const unsigned int g_ifr_mst_num = ARRAY_SIZE(mt8188_ifr_mst_cfg);
+
uint32_t *g_ifr_mst_cfg_base = &mt8188_ifr_mst_cfg_base[0];
uint32_t *g_ifr_mst_cfg_offs = &mt8188_ifr_mst_cfg_offs[0];
diff --git a/plat/mediatek/drivers/iommu/mt8188/mtk_iommu_plat.h b/plat/mediatek/drivers/iommu/mt8188/mtk_iommu_plat.h
index a59e0c7..a3f38a5 100644
--- a/plat/mediatek/drivers/iommu/mt8188/mtk_iommu_plat.h
+++ b/plat/mediatek/drivers/iommu/mt8188/mtk_iommu_plat.h
@@ -7,18 +7,13 @@
#ifndef IOMMU_PLAT_H
#define IOMMU_PLAT_H
-#include <mtk_iommu_priv.h>
-
/* mm iommu */
-#define SMI_LARB_NUM (26)
-extern struct mtk_smi_larb_config *g_larb_cfg;
+#define ATF_MTK_SMI_LARB_CFG_SUPPORT
-/* infra iommu */
-#define MMU_DEV_NUM (1)
-extern struct mtk_ifr_mst_config *g_ifr_mst_cfg;
-extern uint32_t *g_ifr_mst_cfg_base;
-extern uint32_t *g_ifr_mst_cfg_offs;
+/* mm iommu, sec bank dump */
+#define ATF_MTK_IOMMU_CFG_SUPPORT
-extern void mtk_infra_iommu_enable_protect(void);
+/* infra iommu */
+#define ATF_MTK_INFRA_MASTER_CFG_SUPPORT
#endif /* IOMMU_PLAT_H */
diff --git a/plat/mediatek/drivers/iommu/mtk_iommu_priv.h b/plat/mediatek/drivers/iommu/mtk_iommu_priv.h
index 3404d31..bae3694 100644
--- a/plat/mediatek/drivers/iommu/mtk_iommu_priv.h
+++ b/plat/mediatek/drivers/iommu/mtk_iommu_priv.h
@@ -9,6 +9,7 @@
#include <common/debug.h>
#include <lib/mmio.h>
+#include <mtk_iommu_plat.h>
#include <mtk_sip_svc.h>
#define LARB_CFG_ENTRY(bs, p_nr, dom) \
@@ -22,9 +23,13 @@
#define IFR_MST_CFG_ENTRY(idx, bit) \
{ .cfg_addr_idx = (idx), .r_mmu_en_bit = (bit), }
+#define SEC_IOMMU_CFG_ENTRY(s_bs) \
+ { .base = (s_bs), }
+
enum IOMMU_ATF_CMD {
IOMMU_ATF_CMD_CONFIG_SMI_LARB, /* For mm master to enable iommu */
IOMMU_ATF_CMD_CONFIG_INFRA_IOMMU, /* For infra master to enable iommu */
+ IOMMU_ATF_CMD_GET_SECURE_IOMMU_STATUS, /* For secure iommu translation fault report */
IOMMU_ATF_CMD_COUNT,
};
@@ -41,4 +46,30 @@
uint8_t r_mmu_en_bit;
};
+struct mtk_secure_iommu_config {
+ uint32_t base;
+};
+
+
+#ifdef ATF_MTK_SMI_LARB_CFG_SUPPORT
+/* mm smi larb security feature is used */
+extern struct mtk_smi_larb_config *g_larb_cfg;
+extern const unsigned int g_larb_num;
+#endif
+
+#ifdef ATF_MTK_INFRA_MASTER_CFG_SUPPORT
+/* infra iommu is used */
+extern struct mtk_ifr_mst_config *g_ifr_mst_cfg;
+extern const unsigned int g_ifr_mst_num;
+extern uint32_t *g_ifr_mst_cfg_base;
+extern uint32_t *g_ifr_mst_cfg_offs;
+extern void mtk_infra_iommu_enable_protect(void);
+#endif
+
+#ifdef ATF_MTK_IOMMU_CFG_SUPPORT
+/* secure iommu is used */
+extern struct mtk_secure_iommu_config *g_sec_iommu_cfg;
+extern const unsigned int g_sec_iommu_num;
+#endif
+
#endif /* IOMMU_PRIV_H */
diff --git a/plat/mediatek/drivers/iommu/mtk_iommu_smc.c b/plat/mediatek/drivers/iommu/mtk_iommu_smc.c
index e998725..7d70114 100644
--- a/plat/mediatek/drivers/iommu/mtk_iommu_smc.c
+++ b/plat/mediatek/drivers/iommu/mtk_iommu_smc.c
@@ -5,7 +5,7 @@
*/
#include <stddef.h>
-#include <mtk_iommu_plat.h>
+#include <mtk_iommu_priv.h>
/* defination */
/* smi larb */
@@ -23,12 +23,23 @@
/* infra master */
#define IFR_CFG_MMU_EN_MSK(r_bit) (0x3 << (r_bit))
+/* secure iommu */
+#define MMU_INT_CONTROL0 (0x120)
+#define INT_CLR BIT(12)
+#define MMU_FAULT_ST1 (0x134)
+#define MMU_AXI_0_ERR_MASK GENMASK(6, 0)
+#define MMU_AXI_FAULT_STATUS(bus) (0x13c + (bus) * 8)
+#define MMU_AXI_INVLD_PA(bus) (0x140 + (bus) * 8)
+#define MMU_AXI_INT_ID(bus) (0x150 + (bus) * 4)
+
/* smi larb configure */
/*
* If multimedia security config is enabled, the SMI config register must be
* configurated in security world.
* And the SRAM path is also configurated here to enhance security.
*/
+#ifdef ATF_MTK_SMI_LARB_CFG_SUPPORT
+
static void mtk_smi_larb_port_config_to_sram(
const struct mtk_smi_larb_config *larb,
uint32_t port_id)
@@ -55,7 +66,7 @@
uint32_t to_sram;
uint8_t mmu_en;
- if (larb_id >= SMI_LARB_NUM) {
+ if (larb_id >= g_larb_num) {
return MTK_SIP_E_INVALID_PARAM;
}
@@ -75,6 +86,11 @@
return MTK_SIP_E_SUCCESS;
}
+#endif /* ATF_MTK_SMI_LARB_CFG_SUPPORT */
+
+/* infra iommu configure */
+#ifdef ATF_MTK_INFRA_MASTER_CFG_SUPPORT
+
static int mtk_infra_master_config_sec(uint32_t dev_id_msk, uint32_t enable)
{
const struct mtk_ifr_mst_config *ifr_cfg;
@@ -82,11 +98,11 @@
mtk_infra_iommu_enable_protect();
- if (dev_id_msk >= BIT(MMU_DEV_NUM)) {
+ if (dev_id_msk >= BIT(g_ifr_mst_num)) {
return MTK_SIP_E_INVALID_PARAM;
}
- for (dev_id = 0U; dev_id < MMU_DEV_NUM; dev_id++) {
+ for (dev_id = 0U; dev_id < g_ifr_mst_num; dev_id++) {
if ((dev_id_msk & BIT(dev_id)) == 0U) {
continue;
}
@@ -105,10 +121,50 @@
return MTK_SIP_E_SUCCESS;
}
+#endif /* ATF_MTK_INFRA_MASTER_CFG_SUPPORT */
+
+/* secure iommu */
+#ifdef ATF_MTK_IOMMU_CFG_SUPPORT
+/* Report secure IOMMU fault status to normal world for the debug version */
+static int mtk_secure_iommu_fault_report(uint32_t sec_mmu_base,
+ uint32_t *f_sta, uint32_t *f_pa,
+ uint32_t *f_id)
+{
+ const struct mtk_secure_iommu_config *mmu_cfg = NULL;
+ uint32_t __maybe_unused bus_id, fault_type;
+ uint32_t i;
+ int ret = MTK_SIP_E_NOT_SUPPORTED;
+
+ for (i = 0; i < g_sec_iommu_num; i++) {
+ if (g_sec_iommu_cfg[i].base == sec_mmu_base) {
+ mmu_cfg = &g_sec_iommu_cfg[i];
+ break;
+ }
+ }
+
+ if (!mmu_cfg)
+ return MTK_SIP_E_INVALID_PARAM;
+#if DEBUG
+ fault_type = mmio_read_32(mmu_cfg->base + MMU_FAULT_ST1);
+ bus_id = (fault_type & MMU_AXI_0_ERR_MASK) ? 0 : 1;
+
+ if (f_sta)
+ *f_sta = mmio_read_32(mmu_cfg->base + MMU_AXI_FAULT_STATUS(bus_id));
+ if (f_pa)
+ *f_pa = mmio_read_32(mmu_cfg->base + MMU_AXI_INVLD_PA(bus_id));
+ if (f_id)
+ *f_id = mmio_read_32(mmu_cfg->base + MMU_AXI_INT_ID(bus_id));
+ ret = MTK_SIP_E_SUCCESS;
+#endif
+ mmio_setbits_32(mmu_cfg->base + MMU_INT_CONTROL0, INT_CLR);
+
+ return ret;
+}
+#endif /* ATF_MTK_IOMMU_CFG_SUPPORT */
-static u_register_t mtk_iommu_handler(u_register_t x1, u_register_t x2,
- u_register_t x3, u_register_t x4,
- void *handle, struct smccc_res *smccc_ret)
+u_register_t mtk_iommu_handler(u_register_t x1, u_register_t x2,
+ u_register_t x3, u_register_t x4,
+ void *handle, struct smccc_res *smccc_ret)
{
uint32_t cmd_id = x1, mdl_id = x2, val = x3;
int ret = MTK_SIP_E_NOT_SUPPORTED;
@@ -117,12 +173,25 @@
(void)handle;
switch (cmd_id) {
+#ifdef ATF_MTK_SMI_LARB_CFG_SUPPORT
case IOMMU_ATF_CMD_CONFIG_SMI_LARB:
ret = mtk_smi_larb_port_config_sec(mdl_id, val);
break;
+#endif
+#ifdef ATF_MTK_INFRA_MASTER_CFG_SUPPORT
case IOMMU_ATF_CMD_CONFIG_INFRA_IOMMU:
ret = mtk_infra_master_config_sec(mdl_id, val);
break;
+#endif
+#ifdef ATF_MTK_IOMMU_CFG_SUPPORT
+ case IOMMU_ATF_CMD_GET_SECURE_IOMMU_STATUS:
+ (void)val;
+ ret = mtk_secure_iommu_fault_report(mdl_id,
+ (uint32_t *)&smccc_ret->a1,
+ (uint32_t *)&smccc_ret->a2,
+ (uint32_t *)&smccc_ret->a3);
+ break;
+#endif
default:
break;
}
diff --git a/plat/mediatek/drivers/iommu/mtk_iommu_smc.h b/plat/mediatek/drivers/iommu/mtk_iommu_smc.h
new file mode 100644
index 0000000..9537dbe
--- /dev/null
+++ b/plat/mediatek/drivers/iommu/mtk_iommu_smc.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright (c) 2023, MediaTek Inc. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef IOMMU_SMC_H
+#define IOMMU_SMC_H
+
+#include <mtk_sip_svc.h>
+
+u_register_t mtk_iommu_handler(u_register_t x1, u_register_t x2,
+ u_register_t x3, u_register_t x4,
+ void *handle, struct smccc_res *smccc_ret);
+#endif
diff --git a/plat/mediatek/mt8188/include/platform_def.h b/plat/mediatek/mt8188/include/platform_def.h
index 0a7ae6d..71a4e97 100644
--- a/plat/mediatek/mt8188/include/platform_def.h
+++ b/plat/mediatek/mt8188/include/platform_def.h
@@ -107,7 +107,13 @@
#define CIRQ_SPI_START (96)
/*******************************************************************************
- * MM IOMMU & SMI related constants
+ * MM IOMMU related constants
+ ******************************************************************************/
+#define VDO_SECURE_IOMMU_BASE (IO_PHYS + 0x0c028000 + 0x4000)
+#define VPP_SECURE_IOMMU_BASE (IO_PHYS + 0x04018000 + 0x4000)
+
+/*******************************************************************************
+ * SMI larb constants
******************************************************************************/
#define SMI_LARB_0_BASE (IO_PHYS + 0x0c022000)
#define SMI_LARB_1_BASE (IO_PHYS + 0x0c023000)
diff --git a/plat/nuvoton/npcm845x/platform.mk b/plat/nuvoton/npcm845x/platform.mk
index cb5a553..92c7e2f 100644
--- a/plat/nuvoton/npcm845x/platform.mk
+++ b/plat/nuvoton/npcm845x/platform.mk
@@ -140,25 +140,11 @@
endif
endif
-# Disable ARM Cryptocell by default
-ARM_CRYPTOCELL_INTEG := 0
-$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG))
-$(eval $(call add_define,ARM_CRYPTOCELL_INTEG))
-
# Enable PIE support for RESET_TO_BL31 case
ifeq (${RESET_TO_BL31},1)
ENABLE_PIE := 1
endif
-# CryptoCell integration relies on coherent buffers for passing data from
-# the AP CPU to the CryptoCell
-
-ifeq (${ARM_CRYPTOCELL_INTEG},1)
-ifeq (${USE_COHERENT_MEM},0)
-$(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.")
-endif
-endif
-
PLAT_INCLUDES := -Iinclude/plat/nuvoton/npcm845x \
-Iinclude/plat/nuvoton/common \
-Iinclude/drivers/nuvoton/npcm845x \
@@ -339,11 +325,7 @@
$(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_))
# We expect to locate the *.mk files under the directories specified below
-ifeq (${ARM_CRYPTOCELL_INTEG},0)
CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
-else
-CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
-endif
IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
diff --git a/plat/qemu/common/common.mk b/plat/qemu/common/common.mk
index b23f7fd..2dcac69 100644
--- a/plat/qemu/common/common.mk
+++ b/plat/qemu/common/common.mk
@@ -29,18 +29,6 @@
lib/cpus/aarch64/qemu_max.S
PLAT_INCLUDES += -Iinclude/plat/arm/common/${ARCH}
-
-# Cpu core architecture level:
-# v8.0: a53, a57, a72
-# v8.2: a76, n1
-# v8.4: v1
-# v9.0: a710, n2
-#
-# let treat v9.0 as v8.5 as they share cpu features
-# https://developer.arm.com/documentation/102378/0201/Armv8-x-and-Armv9-x-extensions-and-features
-
-ARM_ARCH_MAJOR := 8
-ARM_ARCH_MINOR := 5
endif
PLAT_BL_COMMON_SOURCES := ${PLAT_QEMU_COMMON_PATH}/qemu_common.c \
@@ -91,7 +79,44 @@
# CPU flag enablement
ifeq (${ARCH},aarch64)
+# Cpu core architecture level:
+# v8.0: a53, a57, a72
+# v8.2: a55, a76, n1
+# v8.4: v1
+# v9.0: a710, n2
+#
+#
+# We go v8.0 by default and will enable all features we want
+
+ARM_ARCH_MAJOR := 8
+ARM_ARCH_MINOR := 0
+
+# 8.0
+ENABLE_FEAT_CSV2_2 := 2
+
+# 8.1
+ENABLE_FEAT_PAN := 2
+ENABLE_FEAT_VHE := 2
+
+# 8.2
+# TF-A currently does not permit dynamic detection of FEAT_RAS
+# so this is the only safe setting
+ENABLE_FEAT_RAS := 0
+
-# Later QEMU versions support SME and SVE.
+# 8.4
+ENABLE_FEAT_SEL2 := 2
+ENABLE_FEAT_DIT := 2
+
+# 8.5
+ENABLE_FEAT_RNG := 2
+ENABLE_FEAT_SB := 2
+
+# 8.6
+ENABLE_FEAT_FGT := 2
+
+# 8.7
+ENABLE_FEAT_HCX := 2
+
# SPM_MM is not compatible with ENABLE_SVE_FOR_NS (build breaks)
ifeq (${SPM_MM},1)
ENABLE_SVE_FOR_NS := 0
@@ -101,12 +126,6 @@
ENABLE_SME_FOR_NS := 2
endif
-# QEMU will use the RNDR instruction for the stack protector canary.
-ENABLE_FEAT_RNG := 2
-
-# QEMU 7.2+ has support for FGT and Linux needs it enabled to boot on max
-ENABLE_FEAT_FGT := 2
-
# Treating this as a memory-constrained port for now
USE_COHERENT_MEM := 0
diff --git a/plat/qemu/common/qemu_private.h b/plat/qemu/common/qemu_private.h
index c8912b2..25b14e2 100644
--- a/plat/qemu/common/qemu_private.h
+++ b/plat/qemu/common/qemu_private.h
@@ -9,7 +9,7 @@
#include <stdint.h>
-#include <lib/xlat_tables/xlat_tables_compat.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
void plat_qemu_io_setup(void);
int qemu_io_register_sp_pkg(const char *name, const char *uuid,
diff --git a/plat/qemu/common/qemu_spm.c b/plat/qemu/common/qemu_spm.c
index c66f47e..abedbe4 100644
--- a/plat/qemu/common/qemu_spm.c
+++ b/plat/qemu/common/qemu_spm.c
@@ -9,7 +9,7 @@
#include <common/debug.h>
#include <common/fdt_fixup.h>
#include <common/fdt_wrappers.h>
-#include <lib/xlat_tables/xlat_tables_compat.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
#include <services/spm_mm_partition.h>
#include <platform_def.h>
diff --git a/plat/qemu/common/sp_min/sp_min_setup.c b/plat/qemu/common/sp_min/sp_min_setup.c
index 7ec657b..d0c38e0 100644
--- a/plat/qemu/common/sp_min/sp_min_setup.c
+++ b/plat/qemu/common/sp_min/sp_min_setup.c
@@ -16,7 +16,7 @@
#include <drivers/arm/gicv2.h>
#include <drivers/console.h>
#include <lib/mmio.h>
-#include <lib/xlat_tables/xlat_tables.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
#include <plat/common/platform.h>
#include "../qemu_private.h"
diff --git a/plat/qemu/qemu_sbsa/platform.mk b/plat/qemu/qemu_sbsa/platform.mk
index 1b147ce..528e093 100644
--- a/plat/qemu/qemu_sbsa/platform.mk
+++ b/plat/qemu/qemu_sbsa/platform.mk
@@ -18,7 +18,6 @@
ifeq (${SPM_MM},1)
NEED_BL32 := yes
EL3_EXCEPTION_HANDLING := 1
-GICV2_G0_FOR_EL3 := 1
endif
include plat/qemu/common/common.mk
diff --git a/plat/renesas/common/bl2_secure_setting.c b/plat/renesas/common/bl2_secure_setting.c
index 2f8b001..297b1a9 100644
--- a/plat/renesas/common/bl2_secure_setting.c
+++ b/plat/renesas/common/bl2_secure_setting.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -107,8 +107,10 @@
/*
* Security group 0 attribute setting for master ports 3
* Security group 1 attribute setting for master ports 3
- * {SEC_GRP0CR3, 0x00000000U},
- * {SEC_GRP1CR3, 0x00000000U},
+ */
+ { SEC_GRP0CR3, 0x00003780U },
+ { SEC_GRP1CR3, 0x00003780U },
+ /*
* Security group 0 attribute setting for slave ports 0
* Security group 1 attribute setting for slave ports 0
* {SEC_GRP0COND0, 0x00000000U},
@@ -259,10 +261,51 @@
};
/* AXI settings */
-static const struct {
+struct axi_t {
uint32_t reg;
uint32_t val;
-} axi[] = {
+};
+
+static const struct axi_t axi[] = {
+ /*
+ * SRAM ptotection
+ * AXI sram protected area division
+ */
+ {AXI_SPTDIVCR0, 0x0E0E6304U},
+ {AXI_SPTDIVCR1, 0x0E0E6360U},
+ {AXI_SPTDIVCR2, 0x0E0E6360U},
+ {AXI_SPTDIVCR3, 0x0E0E6360U},
+ {AXI_SPTDIVCR4, 0x0E0E6360U},
+ {AXI_SPTDIVCR5, 0x0E0E6360U},
+ {AXI_SPTDIVCR6, 0x0E0E6360U},
+ {AXI_SPTDIVCR7, 0x0E0E6360U},
+ {AXI_SPTDIVCR8, 0x0E0E6360U},
+ {AXI_SPTDIVCR9, 0x0E0E6360U},
+ {AXI_SPTDIVCR10, 0x0E0E6360U},
+ {AXI_SPTDIVCR11, 0x0E0E6360U},
+ {AXI_SPTDIVCR12, 0x0E0E6360U},
+ {AXI_SPTDIVCR13, 0x0E0E6360U},
+ {AXI_SPTDIVCR14, 0x0E0E6360U},
+ /* AXI sram protected area setting */
+ {AXI_SPTCR0, 0x0E000E0EU},
+ {AXI_SPTCR1, 0x0E000000U},
+ {AXI_SPTCR2, 0x0E000000U},
+ {AXI_SPTCR3, 0x0E000000U},
+ {AXI_SPTCR4, 0x0E000000U},
+ {AXI_SPTCR5, 0x0E000000U},
+ {AXI_SPTCR6, 0x0E000000U},
+ {AXI_SPTCR7, 0x0E000000U},
+ {AXI_SPTCR8, 0x0E000000U},
+ {AXI_SPTCR9, 0x0E000000U},
+ {AXI_SPTCR10, 0x0E000000U},
+ {AXI_SPTCR11, 0x0E000000U},
+ {AXI_SPTCR12, 0x0E000000U},
+ {AXI_SPTCR13, 0x0E000000U},
+ {AXI_SPTCR14, 0x0E000000U},
+ {AXI_SPTCR15, 0x0E000000U}
+};
+
+static const struct axi_t axi_dram[] = {
/*
* DRAM protection
* AXI dram protected area division
@@ -299,41 +342,7 @@
{AXI_DPTCR13, 0x0E000000U},
{AXI_DPTCR14, 0x0E000000U},
{AXI_DPTCR15, 0x0E000000U},
- /*
- * SRAM ptotection
- * AXI sram protected area division
- */
- {AXI_SPTDIVCR0, 0x0E0E6304U},
- {AXI_SPTDIVCR1, 0x0E0E6360U},
- {AXI_SPTDIVCR2, 0x0E0E6360U},
- {AXI_SPTDIVCR3, 0x0E0E6360U},
- {AXI_SPTDIVCR4, 0x0E0E6360U},
- {AXI_SPTDIVCR5, 0x0E0E6360U},
- {AXI_SPTDIVCR6, 0x0E0E6360U},
- {AXI_SPTDIVCR7, 0x0E0E6360U},
- {AXI_SPTDIVCR8, 0x0E0E6360U},
- {AXI_SPTDIVCR9, 0x0E0E6360U},
- {AXI_SPTDIVCR10, 0x0E0E6360U},
- {AXI_SPTDIVCR11, 0x0E0E6360U},
- {AXI_SPTDIVCR12, 0x0E0E6360U},
- {AXI_SPTDIVCR13, 0x0E0E6360U},
- {AXI_SPTDIVCR14, 0x0E0E6360U},
/* AXI sram protected area setting */
- {AXI_SPTCR0, 0x0E000E0EU},
- {AXI_SPTCR1, 0x0E000000U},
- {AXI_SPTCR2, 0x0E000000U},
- {AXI_SPTCR3, 0x0E000000U},
- {AXI_SPTCR4, 0x0E000000U},
- {AXI_SPTCR5, 0x0E000000U},
- {AXI_SPTCR6, 0x0E000000U},
- {AXI_SPTCR7, 0x0E000000U},
- {AXI_SPTCR8, 0x0E000000U},
- {AXI_SPTCR9, 0x0E000000U},
- {AXI_SPTCR10, 0x0E000000U},
- {AXI_SPTCR11, 0x0E000000U},
- {AXI_SPTCR12, 0x0E000000U},
- {AXI_SPTCR13, 0x0E000000U},
- {AXI_SPTCR14, 0x0E000000U},
{AXI_SPTCR15, 0x0E000000U}
};
@@ -345,7 +354,7 @@
mmio_write_32(lifec[i].reg, lifec[i].val);
}
-/* SRAM/DRAM protection setting */
+/* SRAM protection setting */
static void axi_security_setting(void)
{
uint32_t i;
@@ -354,6 +363,15 @@
mmio_write_32(axi[i].reg, axi[i].val);
}
+/* DRAM protection setting */
+void bl2_ram_security_setting_finish(void)
+{
+ uint32_t i;
+
+ for (i = 0; i < ARRAY_SIZE(axi_dram); i++)
+ mmio_write_32(axi_dram[i].reg, axi_dram[i].val);
+}
+
void bl2_secure_setting(void)
{
lifec_security_setting();
diff --git a/plat/renesas/common/include/platform_def.h b/plat/renesas/common/include/platform_def.h
index ab071ec..8178f3a 100644
--- a/plat/renesas/common/include/platform_def.h
+++ b/plat/renesas/common/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -144,7 +144,8 @@
******************************************************************************/
#ifndef SPD_NONE
#define BL32_BASE U(0x44100000)
-#define BL32_LIMIT (BL32_BASE + U(0x200000))
+#define BL32_SIZE U(0x200000)
+#define BL32_LIMIT (BL32_BASE + BL32_SIZE)
#endif
/*******************************************************************************
@@ -152,7 +153,8 @@
******************************************************************************/
#define BL33_BASE DRAM1_NS_BASE
#define BL33_COMP_SIZE U(0x200000)
-#define BL33_COMP_BASE (BL33_BASE - BL33_COMP_SIZE)
+#define BL33_DECOMP_SIZE (BL33_COMP_SIZE * 32)
+#define BL33_COMP_BASE (BL33_BASE + BL33_DECOMP_SIZE)
/*******************************************************************************
* Platform specific page table and MMU setup constants
diff --git a/plat/renesas/common/include/rcar_def.h b/plat/renesas/common/include/rcar_def.h
index 2cd26ed..f1c2553 100644
--- a/plat/renesas/common/include/rcar_def.h
+++ b/plat/renesas/common/include/rcar_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -31,7 +31,7 @@
#define DRAM_LIMIT ULL(0x0000010000000000)
#define DRAM1_BASE U(0x40000000)
#define DRAM1_SIZE U(0x80000000)
-#define DRAM1_NS_BASE (DRAM1_BASE + U(0x10000000))
+#define DRAM1_NS_BASE (DRAM1_BASE + U(0x08000000))
#define DRAM1_NS_SIZE (DRAM1_SIZE - DRAM1_NS_BASE)
#define DRAM_40BIT_BASE ULL(0x0400000000)
#define DRAM_40BIT_SIZE ULL(0x0400000000)
diff --git a/plat/renesas/rcar/bl2_plat_setup.c b/plat/renesas/rcar/bl2_plat_setup.c
index 81ee93e..cf77da2 100644
--- a/plat/renesas/rcar/bl2_plat_setup.c
+++ b/plat/renesas/rcar/bl2_plat_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2018-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -68,6 +68,7 @@
extern void bl2_enter_bl31(const struct entry_point_info *bl_ep_info);
extern void bl2_system_cpg_init(void);
extern void bl2_secure_setting(void);
+extern void bl2_ram_security_setting_finish(void);
extern void bl2_cpg_init(void);
extern void rcar_io_emmc_setup(void);
extern void rcar_io_setup(void);
@@ -417,44 +418,61 @@
}
#endif
-int bl2_plat_handle_pre_image_load(unsigned int image_id)
+static uint64_t check_secure_load_area(uintptr_t base, uint32_t size,
+ uintptr_t dest, uint32_t len)
{
- u_register_t *boot_kind = (void *) BOOT_KIND_BASE;
- bl_mem_params_node_t *bl_mem_params;
+ uintptr_t free_end, requested_end;
- bl_mem_params = get_bl_mem_params_node(image_id);
-
-#if RCAR_GEN3_BL33_GZIP == 1
- if (image_id == BL33_IMAGE_ID) {
- image_decompress_prepare(&bl_mem_params->image_info);
+ /*
+ * Handle corner cases first.
+ *
+ * The order of the 2 tests is important, because if there's no space
+ * left (i.e. free_size == 0) but we don't ask for any memory
+ * (i.e. size == 0) then we should report that the memory is free.
+ */
+ if (len == 0U) {
+ WARN("BL2: load data size is zero\n");
+ return 0; /* A zero-byte region is always free */
}
-#endif
-
- if (image_id != BL31_IMAGE_ID)
- return 0;
-
- if (is_ddr_backup_mode() == RCAR_COLD_BOOT)
- goto cold_boot;
-
- *boot_kind = RCAR_WARM_BOOT;
- flush_dcache_range(BOOT_KIND_BASE, sizeof(*boot_kind));
+ if (size == 0U) {
+ goto err;
+ }
- console_flush();
- bl2_plat_flush_bl31_params();
+ /*
+ * Check that the end addresses don't overflow.
+ * If they do, consider that this memory region is not free, as this
+ * is an invalid scenario.
+ */
+ if (check_uptr_overflow(base, size - 1U)) {
+ goto err;
+ }
+ free_end = base + (size - 1U);
- /* will not return */
- bl2_enter_bl31(&bl_mem_params->ep_info);
+ if (check_uptr_overflow(dest, len - 1U)) {
+ goto err;
+ }
+ requested_end = dest + (len - 1U);
-cold_boot:
- *boot_kind = RCAR_COLD_BOOT;
- flush_dcache_range(BOOT_KIND_BASE, sizeof(*boot_kind));
+ /*
+ * Finally, check that the requested memory region lies within the free
+ * region.
+ */
+ if ((dest < base) || (requested_end > free_end)) {
+ goto err;
+ }
return 0;
+
+err:
+ ERROR("BL2: load data is outside the loadable area.\n");
+ ERROR("BL2: dst=0x%lx, len=%d(0x%x)\n", dest, len, len);
+ return 1;
}
-static uint64_t rcar_get_dest_addr_from_cert(uint32_t certid, uintptr_t *dest)
+static uint64_t rcar_get_dest_addr_from_cert(uint32_t certid, uintptr_t *dest,
+ uint32_t *len)
{
- uint32_t cert, len;
+ uint32_t cert;
int ret;
ret = rcar_get_certificate(certid, &cert);
@@ -463,7 +481,104 @@
return 1;
}
+ rcar_read_certificate((uint64_t) cert, len, dest);
+
+ return 0;
+}
+
+int bl2_plat_handle_pre_image_load(unsigned int image_id)
+{
+ u_register_t *boot_kind = (void *) BOOT_KIND_BASE;
+ bl_mem_params_node_t *bl_mem_params;
+ uintptr_t dev_handle;
+ uintptr_t image_spec;
+ uintptr_t dest;
+ uint32_t len;
+ uint64_t ui64_ret;
+ int iret;
+
+ bl_mem_params = get_bl_mem_params_node(image_id);
+ if (bl_mem_params == NULL) {
+ ERROR("BL2: Failed to get loading parameter.\n");
+ return 1;
+ }
+
+ switch (image_id) {
+ case BL31_IMAGE_ID:
+ if (is_ddr_backup_mode() == RCAR_COLD_BOOT) {
+ iret = plat_get_image_source(image_id, &dev_handle,
+ &image_spec);
+ if (iret != 0) {
+ return 1;
+ }
+
+ ui64_ret = rcar_get_dest_addr_from_cert(
+ SOC_FW_CONTENT_CERT_ID, &dest, &len);
+ if (ui64_ret != 0U) {
+ return 1;
+ }
+
- rcar_read_certificate((uint64_t) cert, &len, dest);
+ ui64_ret = check_secure_load_area(
+ BL31_BASE, BL31_LIMIT - BL31_BASE,
+ dest, len);
+ if (ui64_ret != 0U) {
+ return 1;
+ }
+
+ *boot_kind = RCAR_COLD_BOOT;
+ flush_dcache_range(BOOT_KIND_BASE, sizeof(*boot_kind));
+
+ bl_mem_params->image_info.image_base = dest;
+ bl_mem_params->image_info.image_size = len;
+ } else {
+ *boot_kind = RCAR_WARM_BOOT;
+ flush_dcache_range(BOOT_KIND_BASE, sizeof(*boot_kind));
+
+ console_flush();
+ bl2_plat_flush_bl31_params();
+
+ /* will not return */
+ bl2_enter_bl31(&bl_mem_params->ep_info);
+ }
+
+ return 0;
+#ifndef SPD_NONE
+ case BL32_IMAGE_ID:
+ ui64_ret = rcar_get_dest_addr_from_cert(
+ TRUSTED_OS_FW_CONTENT_CERT_ID, &dest, &len);
+ if (ui64_ret != 0U) {
+ return 1;
+ }
+
+ ui64_ret = check_secure_load_area(
+ BL32_BASE, BL32_LIMIT - BL32_BASE, dest, len);
+ if (ui64_ret != 0U) {
+ return 1;
+ }
+
+ bl_mem_params->image_info.image_base = dest;
+ bl_mem_params->image_info.image_size = len;
+
+ return 0;
+#endif
+ case BL33_IMAGE_ID:
+ /* case of image_id == BL33_IMAGE_ID */
+ ui64_ret = rcar_get_dest_addr_from_cert(
+ NON_TRUSTED_FW_CONTENT_CERT_ID,
+ &dest, &len);
+
+ if (ui64_ret != 0U) {
+ return 1;
+ }
+
+#if RCAR_GEN3_BL33_GZIP == 1
+ image_decompress_prepare(&bl_mem_params->image_info);
+#endif
+
+ return 0;
+ default:
+ return 1;
+ }
return 0;
}
@@ -472,8 +587,6 @@
{
static bl2_to_bl31_params_mem_t *params;
bl_mem_params_node_t *bl_mem_params;
- uintptr_t dest;
- int ret;
if (!params) {
params = (bl2_to_bl31_params_mem_t *) PARAMS_BASE;
@@ -481,25 +594,23 @@
}
bl_mem_params = get_bl_mem_params_node(image_id);
+ if (!bl_mem_params) {
+ ERROR("BL2: Failed to get loading parameter.\n");
+ return 1;
+ }
switch (image_id) {
case BL31_IMAGE_ID:
- ret = rcar_get_dest_addr_from_cert(SOC_FW_CONTENT_CERT_ID,
- &dest);
- if (!ret)
- bl_mem_params->image_info.image_base = dest;
- break;
+ bl_mem_params->ep_info.pc = bl_mem_params->image_info.image_base;
+ return 0;
case BL32_IMAGE_ID:
- ret = rcar_get_dest_addr_from_cert(TRUSTED_OS_FW_CONTENT_CERT_ID,
- &dest);
- if (!ret)
- bl_mem_params->image_info.image_base = dest;
-
+ bl_mem_params->ep_info.pc = bl_mem_params->image_info.image_base;
memcpy(¶ms->bl32_ep_info, &bl_mem_params->ep_info,
sizeof(entry_point_info_t));
- break;
+ return 0;
case BL33_IMAGE_ID:
#if RCAR_GEN3_BL33_GZIP == 1
+ int ret;
if ((mmio_read_32(BL33_COMP_BASE) & 0xffff) == 0x8b1f) {
/* decompress gzip-compressed image */
ret = image_decompress(&bl_mem_params->image_info);
@@ -514,7 +625,9 @@
#endif
memcpy(¶ms->bl33_ep_info, &bl_mem_params->ep_info,
sizeof(entry_point_info_t));
- break;
+ return 0;
+ default:
+ return 1;
}
return 0;
@@ -1173,6 +1286,11 @@
#endif
}
+void bl2_el3_plat_prepare_exit(void)
+{
+ bl2_ram_security_setting_finish();
+}
+
void bl2_platform_setup(void)
{
diff --git a/plat/rockchip/rk3328/platform.mk b/plat/rockchip/rk3328/platform.mk
index 5b4766d..f96e18b 100644
--- a/plat/rockchip/rk3328/platform.mk
+++ b/plat/rockchip/rk3328/platform.mk
@@ -65,6 +65,7 @@
# Enable workarounds for selected Cortex-A53 errata
ERRATA_A53_855873 := 1
+ERRATA_A53_1530924 := 1
$(eval $(call add_define,PLAT_EXTRA_LD_SCRIPT))
$(eval $(call add_define,PLAT_SKIP_OPTEE_S_EL1_INT_REGISTER))
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
index 3f22bfd..d04d805 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
@@ -155,14 +155,14 @@
ret = k3_sec_proxy_clear_rx_thread(SP_RESPONSE);
if (ret) {
ERROR("Could not clear response queue (%d)\n", ret);
- return ret;
+ goto unlock;
}
/* Send the message */
ret = k3_sec_proxy_send(SP_HIGH_PRIORITY, tx_msg);
if (ret) {
ERROR("Message sending failed (%d)\n", ret);
- return ret;
+ goto unlock;
}
/* Get the response if requested */
@@ -170,13 +170,14 @@
ret = ti_sci_get_response(rx_msg, SP_RESPONSE);
if (ret != 0U) {
ERROR("Failed to get response (%d)\n", ret);
- return ret;
+ goto unlock;
}
}
+unlock:
bakery_lock_release(&ti_sci_xfer_lock);
- return 0;
+ return ret;
}
/**
diff --git a/plat/xilinx/common/include/plat_fdt.h b/plat/xilinx/common/include/plat_fdt.h
index a1ee1e1..47a678c 100644
--- a/plat/xilinx/common/include/plat_fdt.h
+++ b/plat/xilinx/common/include/plat_fdt.h
@@ -9,4 +9,8 @@
void prepare_dtb(void);
+#if defined(XILINX_OF_BOARD_DTB_ADDR)
+int32_t is_valid_dtb(void *fdt);
+#endif
+
#endif /* PLAT_FDT_H */
diff --git a/plat/xilinx/common/include/pm_defs.h b/plat/xilinx/common/include/pm_defs.h
index 72ba107..9cdb0ba 100644
--- a/plat/xilinx/common/include/pm_defs.h
+++ b/plat/xilinx/common/include/pm_defs.h
@@ -68,7 +68,6 @@
IOCTL_RPU_BOOT_ADDR_CONFIG = 2,
IOCTL_TCM_COMB_CONFIG = 3,
IOCTL_SET_TAPDELAY_BYPASS = 4,
- IOCTL_SET_SGMII_MODE = 5,
IOCTL_SD_DLL_RESET = 6,
IOCTL_SET_SD_TAPDELAY = 7,
/* Ioctl for clock driver */
diff --git a/plat/xilinx/common/plat_console.c b/plat/xilinx/common/plat_console.c
index 0c0e74b..b84912a 100644
--- a/plat/xilinx/common/plat_console.c
+++ b/plat/xilinx/common/plat_console.c
@@ -18,6 +18,7 @@
#include <drivers/console.h>
#include <libfdt.h>
#include <plat_console.h>
+#include <plat_fdt.h>
#include <platform_def.h>
#include <plat_private.h>
@@ -108,7 +109,7 @@
{
uintptr_t base_addr;
const char *com;
- uint32_t ret = 0;
+ int32_t ret = 0;
com = fdt_getprop(dtb, node, "compatible", NULL);
if (com != NULL) {
@@ -143,16 +144,10 @@
*/
static int fdt_get_uart_info(dt_uart_info_t *info)
{
- int node, ret = 0;
+ int node = 0, ret = 0;
void *dtb = (void *)XILINX_OF_BOARD_DTB_ADDR;
- if (fdt_check_header(dtb) != 0) {
- ERROR("Can't read DT at %p\n", dtb);
- ret = -FDT_ERR_NOTFOUND;
- goto error;
- }
-
- ret = fdt_open_into(dtb, dtb, XILINX_OF_BOARD_DTB_MAX_SIZE);
+ ret = is_valid_dtb(dtb);
if (ret < 0) {
ERROR("Invalid Device Tree at %p: error %d\n", dtb, ret);
ret = -FDT_ERR_NOTFOUND;
@@ -183,9 +178,9 @@
*
* Return: On success, it returns 0; on failure, it returns an error+reason.
*/
-static int check_fdt_uart_info(dt_uart_info_t *info)
+static int32_t check_fdt_uart_info(dt_uart_info_t *info)
{
- uint32_t ret = 0;
+ int32_t ret = 0;
if (info->status == 0) {
ret = -ENODEV;
@@ -224,7 +219,7 @@
static void setup_runtime_console(uint32_t clock, dt_uart_info_t *info)
{
static console_t bl31_runtime_console;
- uint32_t rc;
+ int32_t rc;
#if defined(PLAT_zynqmp)
rc = console_cdns_register(info->base,
@@ -265,6 +260,7 @@
rc = fdt_get_uart_info(uart_info);
if (rc < 0) {
rc = -FDT_ERR_NOTFOUND;
+ goto error;
}
if (strncmp(uart_info->compatible, DT_UART_COMPAT,
@@ -288,13 +284,14 @@
WARN("BL31: No console device found in DT.\n");
}
+error:
return rc;
}
#endif
void setup_console(void)
{
- uint32_t rc;
+ int32_t rc;
uint32_t uart_clk = get_uart_clk();
#if defined(PLAT_zynqmp)
diff --git a/plat/xilinx/common/plat_fdt.c b/plat/xilinx/common/plat_fdt.c
index de5d1a1..ebcc31b 100644
--- a/plat/xilinx/common/plat_fdt.c
+++ b/plat/xilinx/common/plat_fdt.c
@@ -13,6 +13,79 @@
#include <plat_fdt.h>
#include <platform_def.h>
+#if defined(XILINX_OF_BOARD_DTB_ADDR)
+
+#define FIT_CONFS_PATH "/configurations"
+
+static uint8_t is_fit_image(void *dtb)
+{
+ int64_t confs_noffset;
+ uint8_t status = 0;
+
+ confs_noffset = fdt_path_offset(dtb, FIT_CONFS_PATH);
+ /*confs_noffset is only present on FIT image */
+ if (confs_noffset < 0) {
+ status = 0;
+ } else {
+ status = 1;
+ }
+
+ return status;
+}
+
+int32_t is_valid_dtb(void *fdt)
+{
+ int32_t ret = 0;
+
+ if (fdt_check_header(fdt) != 0) {
+ ERROR("Can't read DT at %p\n", fdt);
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+
+ ret = fdt_open_into(fdt, fdt, XILINX_OF_BOARD_DTB_MAX_SIZE);
+ if (ret < 0) {
+ ERROR("Invalid Device Tree at %p: error %d\n", fdt, ret);
+ ret = -FDT_ERR_NOTFOUND;
+ goto error;
+ }
+
+ if (is_fit_image(fdt) != 0U) {
+ WARN("FIT image detected, TF-A will not update DTB for DDR address space\n");
+ ret = -FDT_ERR_NOTFOUND;
+ }
+error:
+ return ret;
+}
+
+static int add_mmap_dynamic_region(unsigned long long base_pa, uintptr_t base_va,
+ size_t size, unsigned int attr)
+{
+ int ret = 0;
+#if defined(PLAT_XLAT_TABLES_DYNAMIC)
+ ret = mmap_add_dynamic_region(base_pa, base_va, size, attr);
+ if (ret != 0) {
+ WARN("Failed to add dynamic region for dtb: error %d\n",
+ ret);
+ }
+#endif
+ return ret;
+}
+
+static int remove_mmap_dynamic_region(uintptr_t base_va, size_t size)
+{
+ int ret = 0;
+#if defined(PLAT_XLAT_TABLES_DYNAMIC)
+ ret = mmap_remove_dynamic_region(base_va, size);
+ if (ret != 0) {
+ WARN("Failed to remove dynamic region for dtb:error %d\n",
+ ret);
+ }
+#endif
+ return ret;
+}
+#endif
+
void prepare_dtb(void)
{
#if defined(XILINX_OF_BOARD_DTB_ADDR)
@@ -24,75 +97,44 @@
if (!IS_TFA_IN_OCM(BL31_BASE)) {
-#if defined(PLAT_XLAT_TABLES_DYNAMIC)
- map_ret = mmap_add_dynamic_region((unsigned long long)dtb,
- (uintptr_t)dtb,
- XILINX_OF_BOARD_DTB_MAX_SIZE,
- MT_MEMORY | MT_RW | MT_NS);
- if (map_ret != 0) {
- WARN("Failed to add dynamic region for dtb: error %d\n",
- map_ret);
- }
-#endif
-
- if (!map_ret) {
+ map_ret = add_mmap_dynamic_region((unsigned long long)dtb,
+ (uintptr_t)dtb,
+ XILINX_OF_BOARD_DTB_MAX_SIZE,
+ MT_MEMORY | MT_RW | MT_NS);
+ if (map_ret == 0) {
/* Return if no device tree is detected */
- if (fdt_check_header(dtb) != 0) {
- NOTICE("Can't read DT at %p\n", dtb);
- } else {
- ret = fdt_open_into(dtb, dtb, XILINX_OF_BOARD_DTB_MAX_SIZE);
-
- if (ret < 0) {
- ERROR("Invalid Device Tree at %p: error %d\n",
- dtb, ret);
- } else {
-
- if (dt_add_psci_node(dtb)) {
- WARN("Failed to add PSCI Device Tree node\n");
- }
-
- if (dt_add_psci_cpu_enable_methods(dtb)) {
- WARN("Failed to add PSCI cpu enable methods in DT\n");
- }
-
- /* Reserve memory used by Trusted Firmware. */
- ret = fdt_add_reserved_memory(dtb,
- "tf-a",
- BL31_BASE,
- BL31_LIMIT
- -
- BL31_BASE);
- if (ret < 0) {
- WARN("Failed to add reserved memory nodes for BL31 to DT.\n");
- }
-
- ret = fdt_pack(dtb);
- if (ret < 0) {
- WARN("Failed to pack dtb at %p: error %d\n",
- dtb, ret);
- }
- flush_dcache_range((uintptr_t)dtb,
- fdt_blob_size(dtb));
+ if (is_valid_dtb(dtb) == 0) {
+ if (dt_add_psci_node(dtb)) {
+ WARN("Failed to add PSCI Device Tree node\n");
+ }
- INFO("Changed device tree to advertise PSCI and reserved memories.\n");
+ if (dt_add_psci_cpu_enable_methods(dtb)) {
+ WARN("Failed to add PSCI cpu enable methods in DT\n");
+ }
+ /* Reserve memory used by Trusted Firmware. */
+ ret = fdt_add_reserved_memory(dtb, "tf-a",
+ BL31_BASE,
+ BL31_LIMIT - BL31_BASE);
+ if (ret < 0) {
+ WARN("Failed to add reserved memory nodes for BL31 to DT.\n");
}
- }
- }
+ ret = fdt_pack(dtb);
+ if (ret < 0) {
+ WARN("Failed to pack dtb at %p: error %d\n", dtb, ret);
+ }
+ flush_dcache_range((uintptr_t)dtb, fdt_blob_size(dtb));
+ INFO("Changed device tree to advertise PSCI and reserved memories.\n");
+ }
-#if defined(PLAT_XLAT_TABLES_DYNAMIC)
- if (!map_ret) {
- ret = mmap_remove_dynamic_region((uintptr_t)dtb,
- XILINX_OF_BOARD_DTB_MAX_SIZE);
+ ret = remove_mmap_dynamic_region((uintptr_t)dtb,
+ XILINX_OF_BOARD_DTB_MAX_SIZE);
if (ret != 0) {
- WARN("Failed to remove dynamic region for dtb:error %d\n",
- ret);
+ WARN("Failed to remove mmap dynamic regions.\n");
}
}
-#endif
}
-
#endif
}
diff --git a/plat/xilinx/common/tsp/tsp.mk b/plat/xilinx/common/tsp/tsp.mk
new file mode 100644
index 0000000..b80f531
--- /dev/null
+++ b/plat/xilinx/common/tsp/tsp.mk
@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2023, Advanced Micro Devices, Inc. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+# TSP source files for AMD-Xilinx platforms
+BL32_SOURCES += plat/common/aarch64/platform_mp_stack.S \
+ plat/xilinx/common/tsp/tsp_plat_setup.c
diff --git a/plat/xilinx/zynqmp/tsp/tsp_plat_setup.c b/plat/xilinx/common/tsp/tsp_plat_setup.c
similarity index 67%
rename from plat/xilinx/zynqmp/tsp/tsp_plat_setup.c
rename to plat/xilinx/common/tsp/tsp_plat_setup.c
index a9f2dbd..21c29c3 100644
--- a/plat/xilinx/zynqmp/tsp/tsp_plat_setup.c
+++ b/plat/xilinx/common/tsp/tsp_plat_setup.c
@@ -1,11 +1,13 @@
/*
* Copyright (c) 2014-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2023, Advanced Micro Devices. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <common/bl_common.h>
#include <common/debug.h>
+#include <drivers/arm/pl011.h>
#include <drivers/console.h>
#include <plat/arm/common/plat_arm.h>
#include <platform_tsp.h>
@@ -22,10 +24,24 @@
* messages from TSP
*/
static console_t tsp_boot_console;
- (void)console_cdns_register(UART_BASE,
- get_uart_clk(),
- UART_BAUDRATE,
- &tsp_boot_console);
+ int32_t rc;
+
+#if defined(PLAT_zynqmp)
+ rc = console_cdns_register((uintptr_t)UART_BASE,
+ (uint32_t)get_uart_clk(),
+ (uint32_t)UART_BAUDRATE,
+ &tsp_boot_console);
+#else
+ rc = console_pl011_register((uintptr_t)UART_BASE,
+ (uint32_t)get_uart_clk(),
+ (uint32_t)UART_BAUDRATE,
+ &tsp_boot_console);
+#endif
+
+ if (rc == 0) {
+ panic();
+ }
+
console_set_scope(&tsp_boot_console,
CONSOLE_FLAG_RUNTIME | CONSOLE_FLAG_BOOT);
}
@@ -35,8 +51,16 @@
******************************************************************************/
void tsp_platform_setup(void)
{
+/*
+ * For ZynqMP, the GICv2 driver needs to be initialized in S-EL1,
+ * and for other platforms, the GICv3 driver is initialized in EL3.
+ * This is because S-EL1 can use GIC system registers to manage
+ * interrupts and does not need to be initialized again in SEL1.
+ */
+#if defined(PLAT_zynqmp)
plat_arm_gic_driver_init();
plat_arm_gic_init();
+#endif
}
/*******************************************************************************
@@ -52,12 +76,14 @@
MT_CODE | MT_SECURE),
MAP_REGION_FLAT(BL_RO_DATA_BASE, BL_RO_DATA_END - BL_RO_DATA_BASE,
MT_RO_DATA | MT_SECURE),
+#if defined(PLAT_zynqmp) || defined(PLAT_versal)
MAP_REGION_FLAT(BL_COHERENT_RAM_BASE,
BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE,
MT_DEVICE | MT_RW | MT_SECURE),
+#endif
{0}
};
- setup_page_tables(bl_regions, plat_arm_get_mmap());
+ setup_page_tables(bl_regions, plat_get_mmap());
enable_mmu_el1(0);
}
diff --git a/plat/xilinx/versal/aarch64/versal_common.c b/plat/xilinx/versal/aarch64/versal_common.c
index 6541f27..aba190d 100644
--- a/plat/xilinx/versal/aarch64/versal_common.c
+++ b/plat/xilinx/versal/aarch64/versal_common.c
@@ -33,7 +33,7 @@
{ 0 }
};
-const mmap_region_t *plat_versal_get_mmap(void)
+const mmap_region_t *plat_get_mmap(void)
{
return plat_versal_mmap;
}
diff --git a/plat/xilinx/versal/bl31_versal_setup.c b/plat/xilinx/versal/bl31_versal_setup.c
index 48f774d..cd105c6 100644
--- a/plat/xilinx/versal/bl31_versal_setup.c
+++ b/plat/xilinx/versal/bl31_versal_setup.c
@@ -115,6 +115,19 @@
panic();
} else {
INFO("BL31: PLM to TF-A handover success %u\n", ret);
+
+ /*
+ * The BL32 load address is indicated as 0x0 in the handoff
+ * parameters, which is different from the default/user-provided
+ * load address of 0x60000000 but the flags are correctly
+ * configured. Consequently, in this scenario, set the PC
+ * to the requested BL32_BASE address.
+ */
+
+ /* TODO: Remove the following check once this is fixed from PLM */
+ if (bl32_image_ep_info.pc == 0 && bl32_image_ep_info.spsr != 0) {
+ bl32_image_ep_info.pc = (uintptr_t)BL32_BASE;
+ }
}
NOTICE("BL31: Secure code at 0x%lx\n", bl32_image_ep_info.pc);
@@ -190,6 +203,8 @@
if (rc != 0) {
panic();
}
+
+ console_switch_state(CONSOLE_FLAG_RUNTIME);
}
/*
@@ -218,6 +233,6 @@
{0}
};
- setup_page_tables(bl_regions, plat_versal_get_mmap());
+ setup_page_tables(bl_regions, plat_get_mmap());
enable_mmu(0);
}
diff --git a/plat/xilinx/versal/include/plat_private.h b/plat/xilinx/versal/include/plat_private.h
index 26545ba..a4210cd 100644
--- a/plat/xilinx/versal/include/plat_private.h
+++ b/plat/xilinx/versal/include/plat_private.h
@@ -20,7 +20,7 @@
uint32_t get_uart_clk(void);
void versal_config_setup(void);
-const mmap_region_t *plat_versal_get_mmap(void);
+const mmap_region_t *plat_get_mmap(void);
extern uint32_t platform_id, platform_version;
diff --git a/plat/xilinx/versal/include/versal_def.h b/plat/xilinx/versal/include/versal_def.h
index 0ac76b5..92c0ba6 100644
--- a/plat/xilinx/versal/include/versal_def.h
+++ b/plat/xilinx/versal/include/versal_def.h
@@ -48,6 +48,7 @@
* IRQ constants
******************************************************************************/
#define VERSAL_IRQ_SEC_PHY_TIMER U(29)
+#define ARM_IRQ_SEC_PHY_TIMER 29
/*******************************************************************************
* CCI-400 related constants
diff --git a/plat/xilinx/versal/platform.mk b/plat/xilinx/versal/platform.mk
index 494c30d..7c53daa 100644
--- a/plat/xilinx/versal/platform.mk
+++ b/plat/xilinx/versal/platform.mk
@@ -54,6 +54,9 @@
$(eval $(call add_define,PLAT_XLAT_TABLES_DYNAMIC))
endif
+# enable assert() for release/debug builds
+ENABLE_ASSERTIONS := 1
+
PLAT_INCLUDES := -Iinclude/plat/arm/common/ \
-Iplat/xilinx/common/include/ \
-Iplat/xilinx/common/ipi_mailbox_service/ \
diff --git a/plat/xilinx/versal/tsp/tsp-versal.mk b/plat/xilinx/versal/tsp/tsp-versal.mk
new file mode 100644
index 0000000..bf32de3
--- /dev/null
+++ b/plat/xilinx/versal/tsp/tsp-versal.mk
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2023, Advanced Micro Devices, Inc. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+# TSP source files specific to Versal platform
+
+PLAT_XILINX_COMMON := plat/xilinx/common/
+
+include ${PLAT_XILINX_COMMON}/tsp/tsp.mk
diff --git a/plat/xilinx/versal_net/aarch64/versal_net_common.c b/plat/xilinx/versal_net/aarch64/versal_net_common.c
index df18814..69c5c87 100644
--- a/plat/xilinx/versal_net/aarch64/versal_net_common.c
+++ b/plat/xilinx/versal_net/aarch64/versal_net_common.c
@@ -34,7 +34,7 @@
{ 0 }
};
-const mmap_region_t *plat_versal_net_get_mmap(void)
+const mmap_region_t *plat_get_mmap(void)
{
return plat_versal_net_mmap;
}
diff --git a/plat/xilinx/versal_net/bl31_versal_net_setup.c b/plat/xilinx/versal_net/bl31_versal_net_setup.c
index 08f79de..56ef27b 100644
--- a/plat/xilinx/versal_net/bl31_versal_net_setup.c
+++ b/plat/xilinx/versal_net/bl31_versal_net_setup.c
@@ -131,6 +131,19 @@
}
INFO("BL31: PLM to TF-A handover success\n");
+
+ /*
+ * The BL32 load address is indicated as 0x0 in the handoff
+ * parameters, which is different from the default/user-provided
+ * load address of 0x60000000 but the flags are correctly
+ * configured. Consequently, in this scenario, set the PC
+ * to the requested BL32_BASE address.
+ */
+
+ /* TODO: Remove the following check once this is fixed from PLM */
+ if (bl32_image_ep_info.pc == 0 && bl32_image_ep_info.spsr != 0) {
+ bl32_image_ep_info.pc = (uintptr_t)BL32_BASE;
+ }
} else {
INFO("BL31: setting up default configs\n");
@@ -213,6 +226,8 @@
if (rc != 0) {
panic();
}
+
+ console_switch_state(CONSOLE_FLAG_RUNTIME);
}
/*
@@ -234,6 +249,6 @@
{0}
};
- setup_page_tables(bl_regions, plat_versal_net_get_mmap());
+ setup_page_tables(bl_regions, plat_get_mmap());
enable_mmu(0);
}
diff --git a/plat/xilinx/versal_net/include/plat_ipi.h b/plat/xilinx/versal_net/include/plat_ipi.h
index 9f9947e..e0fe723 100644
--- a/plat/xilinx/versal_net/include/plat_ipi.h
+++ b/plat/xilinx/versal_net/include/plat_ipi.h
@@ -24,7 +24,15 @@
#define IPI_ID_3 5U
#define IPI_ID_4 6U
#define IPI_ID_5 7U
-#define IPI_ID_MAX 8U
+#define IPI_ID_PMC_NOBUF 8U
+#define IPI_ID_6_NOBUF_95 9U
+#define IPI_ID_1_NOBUF 10U
+#define IPI_ID_2_NOBUF 11U
+#define IPI_ID_3_NOBUF 12U
+#define IPI_ID_4_NOBUF 13U
+#define IPI_ID_5_NOBUF 14U
+#define IPI_ID_6_NOBUF_101 15U
+#define IPI_ID_MAX 16U
/*********************************************************************
* IPI message buffers
@@ -68,5 +76,21 @@
#define IPI4_TRIG_BIT (1 << 6)
#define IPI5_REG_BASE (0xEB380000U)
#define IPI5_TRIG_BIT (1 << 7)
+#define PMC_NOBUF_REG_BASE (0xEB390000U)
+#define PMC_NOBUF_TRIG_BIT (1 << 8)
+#define IPI6_NOBUF_95_REG_BASE (0xEB3A0000U)
+#define IPI6_NOBUF_95_TRIG_BIT (1 << 9)
+#define IPI1_NOBUF_REG_BASE (0xEB3B0000U)
+#define IPI1_NOBUF_TRIG_BIT (1 << 10)
+#define IPI2_NOBUF_REG_BASE (0xEB3B1000U)
+#define IPI2_NOBUF_TRIG_BIT (1 << 11)
+#define IPI3_NOBUF_REG_BASE (0xEB3B2000U)
+#define IPI3_NOBUF_TRIG_BIT (1 << 12)
+#define IPI4_NOBUF_REG_BASE (0xEB3B3000U)
+#define IPI4_NOBUF_TRIG_BIT (1 << 13)
+#define IPI5_NOBUF_REG_BASE (0xEB3B4000U)
+#define IPI5_NOBUF_TRIG_BIT (1 << 14)
+#define IPI6_NOBUF_101_REG_BASE (0xEB3B5000U)
+#define IPI6_NOBUF_101_TRIG_BIT (1 << 15)
#endif /* PLAT_IPI_H */
diff --git a/plat/xilinx/versal_net/include/plat_private.h b/plat/xilinx/versal_net/include/plat_private.h
index 3eb8052..9cd8636 100644
--- a/plat/xilinx/versal_net/include/plat_private.h
+++ b/plat/xilinx/versal_net/include/plat_private.h
@@ -20,7 +20,7 @@
void versal_net_config_setup(void);
uint32_t get_uart_clk(void);
-const mmap_region_t *plat_versal_net_get_mmap(void);
+const mmap_region_t *plat_get_mmap(void);
void plat_versal_net_gic_driver_init(void);
void plat_versal_net_gic_init(void);
diff --git a/plat/xilinx/versal_net/include/versal_net_def.h b/plat/xilinx/versal_net/include/versal_net_def.h
index a53cad9..dd20faa 100644
--- a/plat/xilinx/versal_net/include/versal_net_def.h
+++ b/plat/xilinx/versal_net/include/versal_net_def.h
@@ -128,6 +128,7 @@
* IRQ constants
******************************************************************************/
#define VERSAL_NET_IRQ_SEC_PHY_TIMER U(29)
+#define ARM_IRQ_SEC_PHY_TIMER 29
/*******************************************************************************
* UART related constants
diff --git a/plat/xilinx/versal_net/platform.mk b/plat/xilinx/versal_net/platform.mk
index fb229bb..65ebaaa 100644
--- a/plat/xilinx/versal_net/platform.mk
+++ b/plat/xilinx/versal_net/platform.mk
@@ -69,6 +69,9 @@
$(eval $(call add_define,XILINX_OF_BOARD_DTB_ADDR))
endif
+# enable assert() for release/debug builds
+ENABLE_ASSERTIONS := 1
+
PLAT_INCLUDES := -Iinclude/plat/arm/common/ \
-Iplat/xilinx/common/include/ \
-Iplat/xilinx/common/ipi_mailbox_service/ \
@@ -90,7 +93,9 @@
plat/arm/common/arm_common.c \
plat/common/plat_gicv3.c \
${PLAT_PATH}/aarch64/versal_net_helpers.S \
- ${PLAT_PATH}/aarch64/versal_net_common.c
+ ${PLAT_PATH}/aarch64/versal_net_common.c \
+ ${PLAT_PATH}/plat_topology.c \
+ ${XLAT_TABLES_LIB_SRCS}
BL31_SOURCES += drivers/arm/cci/cci.c \
lib/cpus/aarch64/cortex_a78_ae.S \
@@ -113,10 +118,8 @@
plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c \
plat/xilinx/common/versal.c \
${PLAT_PATH}/bl31_versal_net_setup.c \
- ${PLAT_PATH}/plat_topology.c \
common/fdt_fixup.c \
common/fdt_wrappers.c \
${LIBFDT_SRCS} \
${PLAT_PATH}/sip_svc_setup.c \
- ${PLAT_PATH}/versal_net_gicv3.c \
- ${XLAT_TABLES_LIB_SRCS}
+ ${PLAT_PATH}/versal_net_gicv3.c
diff --git a/plat/xilinx/versal_net/tsp/tsp-versal_net.mk b/plat/xilinx/versal_net/tsp/tsp-versal_net.mk
new file mode 100644
index 0000000..ab7871c
--- /dev/null
+++ b/plat/xilinx/versal_net/tsp/tsp-versal_net.mk
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2023, Advanced Micro Devices, Inc. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+# TSP source files specific to Versal NET platform
+
+PLAT_XILINX_COMMON := plat/xilinx/common/
+
+include ${PLAT_XILINX_COMMON}/tsp/tsp.mk
diff --git a/plat/xilinx/versal_net/versal_net_ipi.c b/plat/xilinx/versal_net/versal_net_ipi.c
index e8d8fb7..7c38921 100644
--- a/plat/xilinx/versal_net/versal_net_ipi.c
+++ b/plat/xilinx/versal_net/versal_net_ipi.c
@@ -63,6 +63,62 @@
.ipi_reg_base = IPI5_REG_BASE,
.secure_only = 0,
},
+
+ /* PMC_NOBUF IPI */
+ [IPI_ID_PMC_NOBUF] = {
+ .ipi_bit_mask = PMC_NOBUF_TRIG_BIT,
+ .ipi_reg_base = PMC_NOBUF_REG_BASE,
+ .secure_only = IPI_SECURE_MASK,
+ },
+
+ /* IPI6 IPI */
+ [IPI_ID_6_NOBUF_95] = {
+ .ipi_bit_mask = IPI6_NOBUF_95_TRIG_BIT,
+ .ipi_reg_base = IPI6_NOBUF_95_REG_BASE,
+ .secure_only = 0,
+ },
+
+ /* IPI1 NO BUF IPI */
+ [IPI_ID_1_NOBUF] = {
+ .ipi_bit_mask = IPI1_NOBUF_TRIG_BIT,
+ .ipi_reg_base = IPI1_NOBUF_REG_BASE,
+ .secure_only = 0,
+ },
+
+ /* IPI2 NO BUF IPI */
+ [IPI_ID_2_NOBUF] = {
+ .ipi_bit_mask = IPI2_NOBUF_TRIG_BIT,
+ .ipi_reg_base = IPI2_NOBUF_REG_BASE,
+ .secure_only = 0,
+ },
+
+ /* IPI3 NO BUF IPI */
+ [IPI_ID_3_NOBUF] = {
+ .ipi_bit_mask = IPI3_NOBUF_TRIG_BIT,
+ .ipi_reg_base = IPI3_NOBUF_REG_BASE,
+ .secure_only = 0,
+ },
+
+ /* IPI4 NO BUF IPI */
+ [IPI_ID_4_NOBUF] = {
+ .ipi_bit_mask = IPI4_NOBUF_TRIG_BIT,
+ .ipi_reg_base = IPI4_NOBUF_REG_BASE,
+ .secure_only = 0,
+ },
+
+ /* IPI5 NO BUF IPI */
+ [IPI_ID_5_NOBUF] = {
+ .ipi_bit_mask = IPI5_NOBUF_TRIG_BIT,
+ .ipi_reg_base = IPI5_NOBUF_REG_BASE,
+ .secure_only = 0,
+ },
+
+ /* IPI6 NO BUF IPI */
+ [IPI_ID_6_NOBUF_101] = {
+ .ipi_bit_mask = IPI6_NOBUF_101_TRIG_BIT,
+ .ipi_reg_base = IPI6_NOBUF_101_REG_BASE,
+ .secure_only = 0,
+ },
};
/* versal_net_ipi_config_table_init() - Initialize versal_net IPI configuration
diff --git a/plat/xilinx/zynqmp/aarch64/zynqmp_common.c b/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
index e1c8ee8..dba1734 100644
--- a/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
+++ b/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
@@ -27,13 +27,18 @@
* This doesn't include TZRAM as the 'mem_layout' argument passed to
* configure_mmu_elx() will give the available subset of that,
*/
-const mmap_region_t plat_arm_mmap[] = {
+const mmap_region_t plat_zynqmp_mmap[] = {
{ DEVICE0_BASE, DEVICE0_BASE, DEVICE0_SIZE, MT_DEVICE | MT_RW | MT_SECURE },
{ DEVICE1_BASE, DEVICE1_BASE, DEVICE1_SIZE, MT_DEVICE | MT_RW | MT_SECURE },
{ CRF_APB_BASE, CRF_APB_BASE, CRF_APB_SIZE, MT_DEVICE | MT_RW | MT_SECURE },
{0}
};
+const mmap_region_t *plat_get_mmap(void)
+{
+ return plat_zynqmp_mmap;
+}
+
static uint32_t zynqmp_get_silicon_ver(void)
{
static unsigned int ver;
diff --git a/plat/xilinx/zynqmp/bl31_zynqmp_setup.c b/plat/xilinx/zynqmp/bl31_zynqmp_setup.c
index 8018535..baf6717 100644
--- a/plat/xilinx/zynqmp/bl31_zynqmp_setup.c
+++ b/plat/xilinx/zynqmp/bl31_zynqmp_setup.c
@@ -190,6 +190,8 @@
#endif
custom_runtime_setup();
+
+ console_switch_state(CONSOLE_FLAG_RUNTIME);
}
/*
@@ -219,6 +221,6 @@
custom_mmap_add();
- setup_page_tables(bl_regions, plat_arm_get_mmap());
+ setup_page_tables(bl_regions, plat_get_mmap());
enable_mmu_el3(0);
}
diff --git a/plat/xilinx/zynqmp/include/plat_private.h b/plat/xilinx/zynqmp/include/plat_private.h
index dda005a..afa102d 100644
--- a/plat/xilinx/zynqmp/include/plat_private.h
+++ b/plat/xilinx/zynqmp/include/plat_private.h
@@ -13,9 +13,12 @@
#include <bl31/interrupt_mgmt.h>
#include <common/bl_common.h>
#include <drivers/cadence/cdns_uart.h>
+#include <lib/xlat_tables/xlat_tables.h>
void zynqmp_config_setup(void);
+const mmap_region_t *plat_get_mmap(void);
+
uint32_t zynqmp_calc_core_pos(u_register_t mpidr);
/* ZynqMP specific functions */
diff --git a/plat/xilinx/zynqmp/include/zynqmp_def.h b/plat/xilinx/zynqmp/include/zynqmp_def.h
index 38f2d9b..d715ce2 100644
--- a/plat/xilinx/zynqmp/include/zynqmp_def.h
+++ b/plat/xilinx/zynqmp/include/zynqmp_def.h
@@ -221,20 +221,6 @@
#define IOU_TAPDLY_BYPASS U(0XFF180390)
#define TAP_DELAY_MASK U(0x7)
-/* SGMII mode */
-#define IOU_GEM_CTRL U(0xFF180360)
-#define IOU_GEM_CLK_CTRL U(0xFF180308)
-#define SGMII_SD_MASK U(0x3)
-#define SGMII_SD_OFFSET U(2)
-#define SGMII_PCS_SD_0 U(0x0)
-#define SGMII_PCS_SD_1 U(0x1)
-#define SGMII_PCS_SD_PHY U(0x2)
-#define GEM_SGMII_MASK U(0x4)
-#define GEM_CLK_CTRL_MASK U(0xF)
-#define GEM_CLK_CTRL_OFFSET U(5)
-#define GEM_RX_SRC_SEL_GTR U(0x1)
-#define GEM_SGMII_MODE U(0x4)
-
/* SD DLL reset */
#define ZYNQMP_SD_DLL_CTRL U(0xFF180358)
#define ZYNQMP_SD0_DLL_RST_MASK U(0x00000004)
diff --git a/plat/xilinx/zynqmp/platform.mk b/plat/xilinx/zynqmp/platform.mk
index b778932..e266615 100644
--- a/plat/xilinx/zynqmp/platform.mk
+++ b/plat/xilinx/zynqmp/platform.mk
@@ -49,6 +49,10 @@
ifdef ZYNQMP_ATF_MEM_PROGBITS_SIZE
$(eval $(call add_define,ZYNQMP_ATF_MEM_PROGBITS_SIZE))
endif
+
+ # enable assert() when TF-A runs from DDR memory.
+ ENABLE_ASSERTIONS := 1
+
endif
ifdef ZYNQMP_BL32_MEM_BASE
diff --git a/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c b/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c
index e812ad6..dd21499 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c
@@ -174,67 +174,6 @@
}
/**
- * pm_ioctl_set_sgmii_mode() - Set SGMII mode for the GEM device.
- * @nid: Node ID of the device.
- * @value: Enable/Disable.
- *
- * This function enable/disable SGMII mode for the GEM device.
- * While enabling SGMII mode, it also ties the GEM PCS Signal
- * Detect to 1 and selects EMIO for RX clock generation.
- *
- * Return: Returns status, either success or error+reason.
- *
- */
-static enum pm_ret_status pm_ioctl_set_sgmii_mode(enum pm_node_id nid,
- uint32_t value)
-{
- uint32_t val, mask, shift;
- enum pm_ret_status ret;
-
- if (value != PM_SGMII_DISABLE && value != PM_SGMII_ENABLE) {
- return PM_RET_ERROR_ARGS;
- }
-
- switch (nid) {
- case NODE_ETH_0:
- shift = 0;
- break;
- case NODE_ETH_1:
- shift = 1;
- break;
- case NODE_ETH_2:
- shift = 2;
- break;
- case NODE_ETH_3:
- shift = 3;
- break;
- default:
- return PM_RET_ERROR_ARGS;
- }
-
- if (value == PM_SGMII_DISABLE) {
- mask = GEM_SGMII_MASK << GEM_CLK_CTRL_OFFSET * shift;
- ret = pm_mmio_write(IOU_GEM_CLK_CTRL, mask, 0U);
- } else {
- /* Tie the GEM PCS Signal Detect to 1 */
- mask = SGMII_SD_MASK << SGMII_SD_OFFSET * shift;
- val = SGMII_PCS_SD_1 << SGMII_SD_OFFSET * shift;
- ret = pm_mmio_write(IOU_GEM_CTRL, mask, val);
- if (ret != PM_RET_SUCCESS) {
- return ret;
- }
-
- /* Set the GEM to SGMII mode */
- mask = GEM_CLK_CTRL_MASK << GEM_CLK_CTRL_OFFSET * shift;
- val = GEM_RX_SRC_SEL_GTR | GEM_SGMII_MODE;
- val <<= GEM_CLK_CTRL_OFFSET * shift;
- ret = pm_mmio_write(IOU_GEM_CLK_CTRL, mask, val);
- }
-
- return ret;
-}
-
-/**
* pm_ioctl_sd_dll_reset() - Reset DLL logic.
* @nid: Node ID of the device.
* @type: Reset type.
@@ -684,9 +623,6 @@
case IOCTL_SET_TAPDELAY_BYPASS:
ret = pm_ioctl_set_tapdelay_bypass(arg1, arg2);
break;
- case IOCTL_SET_SGMII_MODE:
- ret = pm_ioctl_set_sgmii_mode(nid, arg1);
- break;
case IOCTL_SD_DLL_RESET:
ret = pm_ioctl_sd_dll_reset(nid, arg1);
break;
@@ -752,7 +688,6 @@
IOCTL_RPU_BOOT_ADDR_CONFIG,
IOCTL_TCM_COMB_CONFIG,
IOCTL_SET_TAPDELAY_BYPASS,
- IOCTL_SET_SGMII_MODE,
IOCTL_SD_DLL_RESET,
IOCTL_SET_SD_TAPDELAY,
IOCTL_SET_PLL_FRAC_MODE,
diff --git a/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.h b/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.h
index 6b094db..bf94b7c 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.h
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.h
@@ -36,10 +36,6 @@
#define PM_TAPDELAY_BYPASS_DISABLE 0U
#define PM_TAPDELAY_BYPASS_ENABLE 1U
-//sgmii mode
-#define PM_SGMII_DISABLE 0U
-#define PM_SGMII_ENABLE 1U
-
enum tap_delay_type {
PM_TAPDELAY_INPUT,
PM_TAPDELAY_OUTPUT,
diff --git a/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c b/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c
index 0199597..6b42055 100644
--- a/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c
+++ b/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c
@@ -163,10 +163,6 @@
.api_id = PM_MMIO_WRITE,
},
{
- .id = IOCTL_SET_SGMII_MODE,
- .api_id = PM_MMIO_WRITE,
- },
- {
.id = IOCTL_SD_DLL_RESET,
.api_id = PM_MMIO_WRITE,
},
diff --git a/plat/xilinx/zynqmp/tsp/tsp-zynqmp.mk b/plat/xilinx/zynqmp/tsp/tsp-zynqmp.mk
index f91a04c..1d6366f 100644
--- a/plat/xilinx/zynqmp/tsp/tsp-zynqmp.mk
+++ b/plat/xilinx/zynqmp/tsp/tsp-zynqmp.mk
@@ -4,5 +4,7 @@
# SPDX-License-Identifier: BSD-3-Clause
# TSP source files specific to ZynqMP platform
-BL32_SOURCES += plat/common/aarch64/platform_mp_stack.S \
- plat/xilinx/zynqmp/tsp/tsp_plat_setup.c
+
+PLAT_XILINX_COMMON := plat/xilinx/common/
+
+include ${PLAT_XILINX_COMMON}/tsp/tsp.mk
diff --git a/pyproject.toml b/pyproject.toml
index 19ba4d8..0fe2383 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
[tool.poetry]
name = "trusted-firmware-a"
-version = "2.9.0"
+version = "2.10.0"
description = "Trusted Firmware-A (TF-A) Python dependencies."
authors = ["Arm Ltd."]
license = "BSD-3-Clause"
diff --git a/services/std_svc/errata_abi/errata_abi_main.c b/services/std_svc/errata_abi/errata_abi_main.c
index 38ba638..724d363 100644
--- a/services/std_svc/errata_abi/errata_abi_main.c
+++ b/services/std_svc/errata_abi/errata_abi_main.c
@@ -239,9 +239,10 @@
[5] = {2395411, 0x01, 0x02, ERRATA_A78C_2395411},
[6] = {2712575, 0x01, 0x02, ERRATA_A78C_2712575, \
ERRATA_NON_ARM_INTERCONNECT},
- [7] = {2772121, 0x00, 0x02, ERRATA_A78C_2772121},
- [8] = {2779484, 0x01, 0x02, ERRATA_A78C_2779484},
- [9 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [7] = {2743232, 0x01, 0x02, ERRATA_A78C_2743232},
+ [8] = {2772121, 0x00, 0x02, ERRATA_A78C_2772121},
+ [9] = {2779484, 0x01, 0x02, ERRATA_A78C_2779484},
+ [10 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A78C_H_INC */
@@ -297,13 +298,14 @@
[8] = {2139242, 0x00, 0x11, ERRATA_V1_2139242},
[9] = {2216392, 0x10, 0x11, ERRATA_V1_2216392},
[10] = {2294912, 0x00, 0x12, ERRATA_V1_2294912},
- [11] = {2372203, 0x00, 0x11, ERRATA_V1_2372203},
- [12] = {2701953, 0x00, 0x11, ERRATA_V1_2701953, \
+ [11] = {2348377, 0x00, 0x11, ERRATA_V1_2348377},
+ [12] = {2372203, 0x00, 0x11, ERRATA_V1_2372203},
+ [13] = {2701953, 0x00, 0x11, ERRATA_V1_2701953, \
ERRATA_NON_ARM_INTERCONNECT},
- [13] = {2743093, 0x00, 0x12, ERRATA_V1_2743093},
- [14] = {2743233, 0x00, 0x12, ERRATA_V1_2743233},
- [15] = {2779461, 0x00, 0x12, ERRATA_V1_2779461},
- [16 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [14] = {2743093, 0x00, 0x12, ERRATA_V1_2743093},
+ [15] = {2743233, 0x00, 0x12, ERRATA_V1_2743233},
+ [16] = {2779461, 0x00, 0x12, ERRATA_V1_2779461},
+ [17 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* NEOVERSE_V1_H_INC */
@@ -328,8 +330,10 @@
[13] = {2371105, 0x00, 0x20, ERRATA_A710_2371105},
[14] = {2701952, 0x00, 0x21, ERRATA_A710_2701952, \
ERRATA_NON_ARM_INTERCONNECT},
- [15] = {2768515, 0x00, 0x21, ERRATA_A710_2768515},
- [16 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [15] = {2742423, 0x00, 0x21, ERRATA_A710_2742423},
+ [16] = {2768515, 0x00, 0x21, ERRATA_A710_2768515},
+ [17] = {2778471, 0x00, 0x21, ERRATA_A710_2778471},
+ [18 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A710_H_INC */
@@ -350,14 +354,16 @@
[9] = {2242415, 0x00, 0x00, ERRATA_N2_2242415},
[10] = {2280757, 0x00, 0x00, ERRATA_N2_2280757},
[11] = {2326639, 0x00, 0x00, ERRATA_N2_2326639},
- [12] = {2376738, 0x00, 0x03, ERRATA_N2_2376738},
- [13] = {2388450, 0x00, 0x00, ERRATA_N2_2388450},
- [14] = {2728475, 0x00, 0x02, ERRATA_N2_2728475, \
+ [12] = {2340933, 0x00, 0x00, ERRATA_N2_2340933},
+ [13] = {2346952, 0x00, 0x02, ERRATA_N2_2346952},
+ [14] = {2376738, 0x00, 0x00, ERRATA_N2_2376738},
+ [15] = {2388450, 0x00, 0x00, ERRATA_N2_2388450},
+ [16] = {2728475, 0x00, 0x02, ERRATA_N2_2728475, \
ERRATA_NON_ARM_INTERCONNECT},
- [15] = {2743014, 0x00, 0x02, ERRATA_N2_2743014},
- [16] = {2743089, 0x00, 0x02, ERRATA_N2_2743089},
- [17] = {2779511, 0x00, 0x02, ERRATA_N2_2779511},
- [18 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [17] = {2743014, 0x00, 0x02, ERRATA_N2_2743014},
+ [18] = {2743089, 0x00, 0x02, ERRATA_N2_2743089},
+ [19] = {2779511, 0x00, 0x02, ERRATA_N2_2779511},
+ [20 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* NEOVERSE_N2_H_INC */
@@ -377,8 +383,10 @@
[8] = {2371105, 0x00, 0x20, ERRATA_X2_2371105},
[9] = {2701952, 0x00, 0x21, ERRATA_X2_2701952, \
ERRATA_NON_ARM_INTERCONNECT},
- [10] = {2768515, 0x00, 0x21, ERRATA_X2_2768515},
- [11 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [10] = {2742423, 0x00, 0x21, ERRATA_X2_2742423},
+ [11] = {2768515, 0x00, 0x21, ERRATA_X2_2768515},
+ [12] = {2778471, 0x00, 0x21, ERRATA_X2_2778471},
+ [13 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_X2_H_INC */
@@ -409,13 +417,15 @@
.cpu_partnumber = NEOVERSE_V2_MIDR,
.cpu_errata_list = {
[0] = {2331132, 0x00, 0x02, ERRATA_V2_2331132},
- [1] = {2719103, 0x00, 0x01, ERRATA_V2_2719103, \
+ [1] = {2618597, 0x00, 0x01, ERRATA_V2_2618597},
+ [2] = {2662553, 0x00, 0x01, ERRATA_V2_2662553},
+ [3] = {2719103, 0x00, 0x01, ERRATA_V2_2719103, \
ERRATA_NON_ARM_INTERCONNECT},
- [2] = {2719105, 0x00, 0x01, ERRATA_V2_2719105},
- [3] = {2743011, 0x00, 0x01, ERRATA_V2_2743011},
- [4] = {2779510, 0x00, 0x01, ERRATA_V2_2779510},
- [5] = {2801372, 0x00, 0x01, ERRATA_V2_2801372},
- [6 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [4] = {2719105, 0x00, 0x01, ERRATA_V2_2719105},
+ [5] = {2743011, 0x00, 0x01, ERRATA_V2_2743011},
+ [6] = {2779510, 0x00, 0x01, ERRATA_V2_2779510},
+ [7] = {2801372, 0x00, 0x01, ERRATA_V2_2801372},
+ [8 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* NEOVERSE_V2_H_INC */
@@ -439,10 +449,22 @@
[1] = {2313909, 0x00, 0x10, ERRATA_X3_2313909},
[2] = {2615812, 0x00, 0x11, ERRATA_X3_2615812},
[3] = {2742421, 0x00, 0x11, ERRATA_X3_2742421},
- [4 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [4] = {2779509, 0x00, 0x11, ERRATA_X3_2779509},
+ [5 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_X3_H_INC */
+
+#if CORTEX_A520_H_INC
+{
+ .cpu_partnumber = CORTEX_A520_MIDR,
+ .cpu_errata_list = {
+ [0] = {2630792, 0x00, 0x01, ERRATA_A520_2630792},
+ [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ }
+},
+#endif /* CORTEX_A520_H_INC */
+
};
/*
diff --git a/services/std_svc/sdei/sdei_main.c b/services/std_svc/sdei/sdei_main.c
index 44178ed..59a1673 100644
--- a/services/std_svc/sdei/sdei_main.c
+++ b/services/std_svc/sdei/sdei_main.c
@@ -35,8 +35,6 @@
#define LOWEST_INTR_PRIORITY 0xff
-#define is_valid_affinity(_mpidr) (plat_core_pos_by_mpidr(_mpidr) >= 0)
-
CASSERT(PLAT_SDEI_CRITICAL_PRI < PLAT_SDEI_NORMAL_PRI,
sdei_critical_must_have_higher_priority);
@@ -262,7 +260,7 @@
/* Validate flags */
switch (flags) {
case SDEI_REGF_RM_PE:
- if (!is_valid_affinity(mpidr))
+ if (!is_valid_mpidr(mpidr))
return SDEI_EINVAL;
break;
case SDEI_REGF_RM_ANY:
@@ -710,8 +708,8 @@
sdei_ev_map_t *map;
bool retry = true, shared_mapping;
- /* SGIs are not allowed to be bound */
- if (plat_ic_is_sgi(intr_num) != 0)
+ /* Interrupt must be either PPI or SPI */
+ if (!(plat_ic_is_ppi(intr_num) || plat_ic_is_spi(intr_num)))
return SDEI_EINVAL;
shared_mapping = (plat_ic_is_spi(intr_num) != 0);
@@ -926,7 +924,7 @@
return SDEI_EINVAL;
/* Validate target */
- if (plat_core_pos_by_mpidr(target_pe) < 0)
+ if (!is_valid_mpidr(target_pe))
return SDEI_EINVAL;
/* Raise SGI. Platform will validate target_pe */
diff --git a/services/std_svc/spm/el3_spmc/spmc.h b/services/std_svc/spm/el3_spmc/spmc.h
index 48644ac..e093a82 100644
--- a/services/std_svc/spm/el3_spmc/spmc.h
+++ b/services/std_svc/spm/el3_spmc/spmc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2022-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -168,6 +168,12 @@
/* Mailbox tracking. */
struct mailbox mailbox;
+ /* Lock to protect the runtime state of a S-EL0 SP execution context. */
+ spinlock_t rt_state_lock;
+
+ /* Pointer to translation table context of a S-EL0 SP. */
+ xlat_ctx_t *xlat_ctx_handle;
+
/* Secondary entrypoint. Only valid for a S-EL1 SP. */
uintptr_t secondary_ep;
@@ -224,6 +230,10 @@
entry_point_info_t *ep_info);
void spmc_sp_common_ep_commit(struct secure_partition_desc *sp,
entry_point_info_t *ep_info);
+void spmc_el0_sp_spsr_setup(entry_point_info_t *ep_info);
+void spmc_el0_sp_setup(struct secure_partition_desc *sp,
+ int32_t boot_info_reg,
+ void *sp_manifest);
/*
* Helper function to perform a synchronous entry into a SP.
diff --git a/services/std_svc/spm/el3_spmc/spmc_main.c b/services/std_svc/spm/el3_spmc/spmc_main.c
index ada6f45..7978f08 100644
--- a/services/std_svc/spm/el3_spmc/spmc_main.c
+++ b/services/std_svc/spm/el3_spmc/spmc_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2022-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -30,6 +30,17 @@
#include <platform_def.h>
+/* FFA_MEM_PERM_* helpers */
+#define FFA_MEM_PERM_MASK U(7)
+#define FFA_MEM_PERM_DATA_MASK U(3)
+#define FFA_MEM_PERM_DATA_SHIFT U(0)
+#define FFA_MEM_PERM_DATA_NA U(0)
+#define FFA_MEM_PERM_DATA_RW U(1)
+#define FFA_MEM_PERM_DATA_RES U(2)
+#define FFA_MEM_PERM_DATA_RO U(3)
+#define FFA_MEM_PERM_INST_EXEC (U(0) << 2)
+#define FFA_MEM_PERM_INST_NON_EXEC (U(1) << 2)
+
/* Declare the maximum number of SPs and El3 LPs. */
#define MAX_SP_LP_PARTITIONS SECURE_PARTITION_COUNT + MAX_EL3_LP_DESCS_COUNT
@@ -390,6 +401,11 @@
FFA_ERROR_INVALID_PARAMETER);
}
+ /* Protect the runtime state of a UP S-EL0 SP with a lock. */
+ if (sp->runtime_el == S_EL0) {
+ spin_lock(&sp->rt_state_lock);
+ }
+
/*
* Check that the target execution context is in a waiting state before
* forwarding the direct request to it.
@@ -398,6 +414,11 @@
if (sp->ec[idx].rt_state != RT_STATE_WAITING) {
VERBOSE("SP context on core%u is not waiting (%u).\n",
idx, sp->ec[idx].rt_model);
+
+ if (sp->runtime_el == S_EL0) {
+ spin_unlock(&sp->rt_state_lock);
+ }
+
return spmc_ffa_error_return(handle, FFA_ERROR_BUSY);
}
@@ -408,6 +429,11 @@
sp->ec[idx].rt_state = RT_STATE_RUNNING;
sp->ec[idx].rt_model = RT_MODEL_DIR_REQ;
sp->ec[idx].dir_req_origin_id = src_id;
+
+ if (sp->runtime_el == S_EL0) {
+ spin_unlock(&sp->rt_state_lock);
+ }
+
return spmc_smc_return(smc_fid, secure_origin, x1, x2, x3, x4,
handle, cookie, flags, dst_id);
}
@@ -462,6 +488,10 @@
FFA_ERROR_INVALID_PARAMETER);
}
+ if (sp->runtime_el == S_EL0) {
+ spin_lock(&sp->rt_state_lock);
+ }
+
/* Sanity check state is being tracked correctly in the SPMC. */
idx = get_ec_index(sp);
assert(sp->ec[idx].rt_state == RT_STATE_RUNNING);
@@ -470,12 +500,18 @@
if (sp->ec[idx].rt_model != RT_MODEL_DIR_REQ) {
VERBOSE("SP context on core%u not handling direct req (%u).\n",
idx, sp->ec[idx].rt_model);
+ if (sp->runtime_el == S_EL0) {
+ spin_unlock(&sp->rt_state_lock);
+ }
return spmc_ffa_error_return(handle, FFA_ERROR_DENIED);
}
if (sp->ec[idx].dir_req_origin_id != dst_id) {
WARN("Invalid direct resp partition ID 0x%x != 0x%x on core%u.\n",
dst_id, sp->ec[idx].dir_req_origin_id, idx);
+ if (sp->runtime_el == S_EL0) {
+ spin_unlock(&sp->rt_state_lock);
+ }
return spmc_ffa_error_return(handle, FFA_ERROR_DENIED);
}
@@ -485,6 +521,10 @@
/* Clear the ongoing direct request ID. */
sp->ec[idx].dir_req_origin_id = INV_SP_ID;
+ if (sp->runtime_el == S_EL0) {
+ spin_unlock(&sp->rt_state_lock);
+ }
+
/*
* If the receiver is not the SPMC then forward the response to the
* Normal world.
@@ -536,9 +576,15 @@
* Get the execution context of the SP that invoked FFA_MSG_WAIT.
*/
idx = get_ec_index(sp);
+ if (sp->runtime_el == S_EL0) {
+ spin_lock(&sp->rt_state_lock);
+ }
/* Ensure SP execution context was in the right runtime model. */
if (sp->ec[idx].rt_model == RT_MODEL_DIR_REQ) {
+ if (sp->runtime_el == S_EL0) {
+ spin_unlock(&sp->rt_state_lock);
+ }
return spmc_ffa_error_return(handle, FFA_ERROR_DENIED);
}
@@ -550,6 +596,9 @@
* state is updated after the exit.
*/
if (sp->ec[idx].rt_model == RT_MODEL_INIT) {
+ if (sp->runtime_el == S_EL0) {
+ spin_unlock(&sp->rt_state_lock);
+ }
spmc_sp_synchronous_exit(&sp->ec[idx], x4);
/* Should not get here */
panic();
@@ -567,9 +616,19 @@
cm_el1_sysregs_context_save(secure_state_in);
cm_el1_sysregs_context_restore(secure_state_out);
cm_set_next_eret_context(secure_state_out);
+
+ if (sp->runtime_el == S_EL0) {
+ spin_unlock(&sp->rt_state_lock);
+ }
+
SMC_RET0(cm_get_context(secure_state_out));
}
+ /* Protect the runtime state of a S-EL0 SP with a lock. */
+ if (sp->runtime_el == S_EL0) {
+ spin_unlock(&sp->rt_state_lock);
+ }
+
/* Forward the response to the Normal world. */
return spmc_smc_return(smc_fid, secure_origin, x1, x2, x3, x4,
handle, cookie, flags, FFA_NWD_ID);
@@ -1343,14 +1402,21 @@
}
idx = get_ec_index(sp);
+
if (idx != vcpu_id) {
ERROR("Cannot run vcpu %d != %d.\n", idx, vcpu_id);
return spmc_ffa_error_return(handle,
FFA_ERROR_INVALID_PARAMETER);
}
+ if (sp->runtime_el == S_EL0) {
+ spin_lock(&sp->rt_state_lock);
+ }
rt_state = &((sp->ec[idx]).rt_state);
rt_model = &((sp->ec[idx]).rt_model);
if (*rt_state == RT_STATE_RUNNING) {
+ if (sp->runtime_el == S_EL0) {
+ spin_unlock(&sp->rt_state_lock);
+ }
ERROR("Partition (0x%x) is already running.\n", target_id);
return spmc_ffa_error_return(handle, FFA_ERROR_BUSY);
}
@@ -1377,6 +1443,10 @@
*/
*rt_state = RT_STATE_RUNNING;
+ if (sp->runtime_el == S_EL0) {
+ spin_unlock(&sp->rt_state_lock);
+ }
+
return spmc_smc_return(smc_fid, secure_origin, x1, 0, 0, 0,
handle, cookie, flags, target_id);
}
@@ -1505,6 +1575,223 @@
}
/*******************************************************************************
+ * Permissions are encoded using a different format in the FFA_MEM_PERM_* ABIs
+ * than in the Trusted Firmware, where the mmap_attr_t enum type is used. This
+ * function converts a permission value from the FF-A format to the mmap_attr_t
+ * format by setting MT_RW/MT_RO, MT_USER/MT_PRIVILEGED and
+ * MT_EXECUTE/MT_EXECUTE_NEVER. The other fields are left as 0 because they are
+ * ignored by the function xlat_change_mem_attributes_ctx().
+ ******************************************************************************/
+static unsigned int ffa_perm_to_mmap_perm(unsigned int perms)
+{
+ unsigned int tf_attr = 0U;
+ unsigned int access;
+
+ /* Deal with data access permissions first. */
+ access = (perms & FFA_MEM_PERM_DATA_MASK) >> FFA_MEM_PERM_DATA_SHIFT;
+
+ switch (access) {
+ case FFA_MEM_PERM_DATA_RW:
+ /* Return 0 if the execute is set with RW. */
+ if ((perms & FFA_MEM_PERM_INST_NON_EXEC) != 0) {
+ tf_attr |= MT_RW | MT_USER | MT_EXECUTE_NEVER;
+ }
+ break;
+
+ case FFA_MEM_PERM_DATA_RO:
+ tf_attr |= MT_RO | MT_USER;
+ /* Deal with the instruction access permissions next. */
+ if ((perms & FFA_MEM_PERM_INST_NON_EXEC) == 0) {
+ tf_attr |= MT_EXECUTE;
+ } else {
+ tf_attr |= MT_EXECUTE_NEVER;
+ }
+ break;
+
+ case FFA_MEM_PERM_DATA_NA:
+ default:
+ return tf_attr;
+ }
+
+ return tf_attr;
+}
+
+/*******************************************************************************
+ * Handler to set the permissions of a set of contiguous pages of a S-EL0 SP
+ ******************************************************************************/
+static uint64_t ffa_mem_perm_set_handler(uint32_t smc_fid,
+ bool secure_origin,
+ uint64_t x1,
+ uint64_t x2,
+ uint64_t x3,
+ uint64_t x4,
+ void *cookie,
+ void *handle,
+ uint64_t flags)
+{
+ struct secure_partition_desc *sp;
+ unsigned int idx;
+ uintptr_t base_va = (uintptr_t) x1;
+ size_t size = (size_t)(x2 * PAGE_SIZE);
+ uint32_t tf_attr;
+ int ret;
+
+ /* This request cannot originate from the Normal world. */
+ if (!secure_origin) {
+ return spmc_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED);
+ }
+
+ if (size == 0) {
+ return spmc_ffa_error_return(handle,
+ FFA_ERROR_INVALID_PARAMETER);
+ }
+
+ /* Get the context of the current SP. */
+ sp = spmc_get_current_sp_ctx();
+ if (sp == NULL) {
+ return spmc_ffa_error_return(handle,
+ FFA_ERROR_INVALID_PARAMETER);
+ }
+
+ /* A S-EL1 SP has no business invoking this ABI. */
+ if (sp->runtime_el == S_EL1) {
+ return spmc_ffa_error_return(handle, FFA_ERROR_DENIED);
+ }
+
+ if ((x3 & ~((uint64_t)FFA_MEM_PERM_MASK)) != 0) {
+ return spmc_ffa_error_return(handle,
+ FFA_ERROR_INVALID_PARAMETER);
+ }
+
+ /* Get the execution context of the calling SP. */
+ idx = get_ec_index(sp);
+
+ /*
+ * Ensure that the S-EL0 SP is initialising itself. We do not need to
+ * synchronise this operation through a spinlock since a S-EL0 SP is UP
+ * and can only be initialising on this cpu.
+ */
+ if (sp->ec[idx].rt_model != RT_MODEL_INIT) {
+ return spmc_ffa_error_return(handle, FFA_ERROR_DENIED);
+ }
+
+ VERBOSE("Setting memory permissions:\n");
+ VERBOSE(" Start address : 0x%lx\n", base_va);
+ VERBOSE(" Number of pages: %lu (%zu bytes)\n", x2, size);
+ VERBOSE(" Attributes : 0x%x\n", (uint32_t)x3);
+
+ /* Convert inbound permissions to TF-A permission attributes */
+ tf_attr = ffa_perm_to_mmap_perm((unsigned int)x3);
+ if (tf_attr == 0U) {
+ return spmc_ffa_error_return(handle,
+ FFA_ERROR_INVALID_PARAMETER);
+ }
+
+ /* Request the change in permissions */
+ ret = xlat_change_mem_attributes_ctx(sp->xlat_ctx_handle,
+ base_va, size, tf_attr);
+ if (ret != 0) {
+ return spmc_ffa_error_return(handle,
+ FFA_ERROR_INVALID_PARAMETER);
+ }
+
+ SMC_RET1(handle, FFA_SUCCESS_SMC32);
+}
+
+/*******************************************************************************
+ * Permissions are encoded using a different format in the FFA_MEM_PERM_* ABIs
+ * than in the Trusted Firmware, where the mmap_attr_t enum type is used. This
+ * function converts a permission value from the mmap_attr_t format to the FF-A
+ * format.
+ ******************************************************************************/
+static unsigned int mmap_perm_to_ffa_perm(unsigned int attr)
+{
+ unsigned int perms = 0U;
+ unsigned int data_access;
+
+ if ((attr & MT_USER) == 0) {
+ /* No access from EL0. */
+ data_access = FFA_MEM_PERM_DATA_NA;
+ } else {
+ if ((attr & MT_RW) != 0) {
+ data_access = FFA_MEM_PERM_DATA_RW;
+ } else {
+ data_access = FFA_MEM_PERM_DATA_RO;
+ }
+ }
+
+ perms |= (data_access & FFA_MEM_PERM_DATA_MASK)
+ << FFA_MEM_PERM_DATA_SHIFT;
+
+ if ((attr & MT_EXECUTE_NEVER) != 0U) {
+ perms |= FFA_MEM_PERM_INST_NON_EXEC;
+ }
+
+ return perms;
+}
+
+/*******************************************************************************
+ * Handler to get the permissions of a set of contiguous pages of a S-EL0 SP
+ ******************************************************************************/
+static uint64_t ffa_mem_perm_get_handler(uint32_t smc_fid,
+ bool secure_origin,
+ uint64_t x1,
+ uint64_t x2,
+ uint64_t x3,
+ uint64_t x4,
+ void *cookie,
+ void *handle,
+ uint64_t flags)
+{
+ struct secure_partition_desc *sp;
+ unsigned int idx;
+ uintptr_t base_va = (uintptr_t)x1;
+ uint32_t tf_attr = 0;
+ int ret;
+
+ /* This request cannot originate from the Normal world. */
+ if (!secure_origin) {
+ return spmc_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED);
+ }
+
+ /* Get the context of the current SP. */
+ sp = spmc_get_current_sp_ctx();
+ if (sp == NULL) {
+ return spmc_ffa_error_return(handle,
+ FFA_ERROR_INVALID_PARAMETER);
+ }
+
+ /* A S-EL1 SP has no business invoking this ABI. */
+ if (sp->runtime_el == S_EL1) {
+ return spmc_ffa_error_return(handle, FFA_ERROR_DENIED);
+ }
+
+ /* Get the execution context of the calling SP. */
+ idx = get_ec_index(sp);
+
+ /*
+ * Ensure that the S-EL0 SP is initialising itself. We do not need to
+ * synchronise this operation through a spinlock since a S-EL0 SP is UP
+ * and can only be initialising on this cpu.
+ */
+ if (sp->ec[idx].rt_model != RT_MODEL_INIT) {
+ return spmc_ffa_error_return(handle, FFA_ERROR_DENIED);
+ }
+
+ /* Request the permissions */
+ ret = xlat_get_mem_attributes_ctx(sp->xlat_ctx_handle, base_va, &tf_attr);
+ if (ret != 0) {
+ return spmc_ffa_error_return(handle,
+ FFA_ERROR_INVALID_PARAMETER);
+ }
+
+ /* Convert TF-A permission to FF-A permissions attributes. */
+ x2 = mmap_perm_to_ffa_perm(tf_attr);
+
+ SMC_RET3(handle, FFA_SUCCESS_SMC32, 0, x2);
+}
+
+/*******************************************************************************
* This function will parse the Secure Partition Manifest. From manifest, it
* will fetch details for preparing Secure partition image context and secure
* partition image boot arguments if any.
@@ -1588,7 +1875,7 @@
* since this is currently a hardcoded value for S-EL1 partitions
* we don't need to save it here, just validate.
*/
- if (config_32 != PLATFORM_CORE_COUNT) {
+ if ((sp->runtime_el == S_EL1) && (config_32 != PLATFORM_CORE_COUNT)) {
ERROR("SP Execution Context Count (%u) must be %u.\n",
config_32, PLATFORM_CORE_COUNT);
return -EINVAL;
@@ -1615,6 +1902,11 @@
if (ret != 0) {
WARN("Missing Power Management Messages entry.\n");
} else {
+ if ((sp->runtime_el == S_EL0) && (config_32 != 0)) {
+ ERROR("Power messages not supported for S-EL0 SP\n");
+ return -EINVAL;
+ }
+
/*
* Ensure only the currently supported power messages have
* been requested.
@@ -1704,7 +1996,8 @@
* the manifest as boot information later.
*/
next_image_ep_info->args.arg1 = fdt_totalsize(sp_manifest);
- INFO("Manifest size = %lu bytes.\n", next_image_ep_info->args.arg1);
+ INFO("Manifest adr = %lx , size = %lu bytes\n", manifest_base,
+ next_image_ep_info->args.arg1);
/*
* Select an SP descriptor for initialising the partition's execution
@@ -1712,6 +2005,11 @@
*/
sp = spmc_get_current_sp_ctx();
+#if SPMC_AT_EL3_SEL0_SP
+ /* Assign translation tables context. */
+ sp_desc->xlat_ctx_handle = spm_get_sp_xlat_context();
+
+#endif /* SPMC_AT_EL3_SEL0_SP */
/* Initialize entry point information for the SP */
SET_PARAM_HEAD(next_image_ep_info, PARAM_EP, VERSION_1,
SECURE | EP_ST_ENABLE);
@@ -1725,7 +2023,7 @@
}
/* Check that the runtime EL in the manifest was correct. */
- if (sp->runtime_el != S_EL1) {
+ if (sp->runtime_el != S_EL0 && sp->runtime_el != S_EL1) {
ERROR("Unexpected runtime EL: %d\n", sp->runtime_el);
return -EINVAL;
}
@@ -1734,11 +2032,29 @@
spmc_sp_common_setup(sp, next_image_ep_info, boot_info_reg);
/* Perform any initialisation specific to S-EL1 SPs. */
- spmc_el1_sp_setup(sp, next_image_ep_info);
+ if (sp->runtime_el == S_EL1) {
+ spmc_el1_sp_setup(sp, next_image_ep_info);
+ }
+
+#if SPMC_AT_EL3_SEL0_SP
+ /* Setup spsr in endpoint info for common context management routine. */
+ if (sp->runtime_el == S_EL0) {
+ spmc_el0_sp_spsr_setup(next_image_ep_info);
+ }
+#endif /* SPMC_AT_EL3_SEL0_SP */
/* Initialize the SP context with the required ep info. */
spmc_sp_common_ep_commit(sp, next_image_ep_info);
+#if SPMC_AT_EL3_SEL0_SP
+ /*
+ * Perform any initialisation specific to S-EL0 not set by common
+ * context management routine.
+ */
+ if (sp->runtime_el == S_EL0) {
+ spmc_el0_sp_setup(sp, boot_info_reg, sp_manifest);
+ }
+#endif /* SPMC_AT_EL3_SEL0_SP */
return 0;
}
@@ -2051,6 +2367,14 @@
return spmc_ffa_mem_reclaim(smc_fid, secure_origin, x1, x2, x3,
x4, cookie, handle, flags);
+ case FFA_MEM_PERM_GET:
+ return ffa_mem_perm_get_handler(smc_fid, secure_origin, x1, x2,
+ x3, x4, cookie, handle, flags);
+
+ case FFA_MEM_PERM_SET:
+ return ffa_mem_perm_set_handler(smc_fid, secure_origin, x1, x2,
+ x3, x4, cookie, handle, flags);
+
default:
WARN("Unsupported FF-A call 0x%08x.\n", smc_fid);
break;
diff --git a/services/std_svc/spm/el3_spmc/spmc_pm.c b/services/std_svc/spm/el3_spmc/spmc_pm.c
index c7e864f..517d6d5 100644
--- a/services/std_svc/spm/el3_spmc/spmc_pm.c
+++ b/services/std_svc/spm/el3_spmc/spmc_pm.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2022-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -36,7 +36,7 @@
}
/*******************************************************************************
- * This CPU has been turned on. Enter the SP to initialise S-EL1.
+ * This CPU has been turned on. Enter the SP to initialise S-EL0 or S-EL1.
******************************************************************************/
static void spmc_cpu_on_finish_handler(u_register_t unused)
{
@@ -49,6 +49,19 @@
/* Sanity check for a NULL pointer dereference. */
assert(sp != NULL);
+ /* Obtain a reference to the SP execution context */
+ ec = &sp->ec[get_ec_index(sp)];
+
+ /*
+ * In case of a S-EL0 SP, only initialise the context data structure for
+ * the secure world on this cpu and return.
+ */
+ if (sp->runtime_el == S_EL0) {
+ /* Assign the context of the SP to this CPU */
+ cm_set_context(&(ec->cpu_ctx), SECURE);
+ return;
+ }
+
/* Initialize entry point information for the SP. */
SET_PARAM_HEAD(&sec_ec_ep_info, PARAM_EP, VERSION_1,
SECURE | EP_ST_ENABLE);
diff --git a/services/std_svc/spm/el3_spmc/spmc_setup.c b/services/std_svc/spm/el3_spmc/spmc_setup.c
index 6de25f6..609d968 100644
--- a/services/std_svc/spm/el3_spmc/spmc_setup.c
+++ b/services/std_svc/spm/el3_spmc/spmc_setup.c
@@ -20,6 +20,7 @@
#include <plat/common/platform.h>
#include <services/ffa_svc.h>
#include "spm_common.h"
+#include "spm_shim_private.h"
#include "spmc.h"
#include <tools_share/firmware_image_package.h>
@@ -31,6 +32,26 @@
static uint8_t ffa_boot_info_mem[PAGE_SIZE] __aligned(PAGE_SIZE);
/*
+ * We need to choose one execution context from all those available for a S-EL0
+ * SP. This execution context will be used subsequently irrespective of which
+ * physical CPU the SP runs on.
+ */
+#define SEL0_SP_EC_INDEX 0
+#define SP_MEM_READ 0x1
+#define SP_MEM_WRITE 0x2
+#define SP_MEM_EXECUTE 0x4
+#define SP_MEM_NON_SECURE 0x8
+#define SP_MEM_READ_ONLY SP_MEM_READ
+#define SP_MEM_READ_WRITE (SP_MEM_READ | SP_MEM_WRITE)
+
+/* Type of the memory region in SP's manifest. */
+enum sp_memory_region_type {
+ SP_MEM_REGION_DEVICE,
+ SP_MEM_REGION_MEMORY,
+ SP_MEM_REGION_NOT_SPECIFIED
+};
+
+/*
* This function creates a initialization descriptor in the memory reserved
* for passing boot information to an SP. It then copies the partition manifest
* into this region and ensures that its reference in the initialization
@@ -143,14 +164,310 @@
}
/*
- * We are assuming that the index of the execution
- * context used is the linear index of the current physical cpu.
+ * S-EL1 partitions can be assigned with multiple execution contexts, each
+ * pinned to the physical CPU. Each execution context index corresponds to the
+ * respective liner core position.
+ * S-EL0 partitions execute in a single execution context (index 0).
*/
unsigned int get_ec_index(struct secure_partition_desc *sp)
{
+ return (sp->runtime_el == S_EL0) ?
+ SEL0_SP_EC_INDEX : plat_my_core_pos();
+}
+
+#if SPMC_AT_EL3_SEL0_SP
+/* Setup spsr in entry point info for common context management code to use. */
+void spmc_el0_sp_spsr_setup(entry_point_info_t *ep_info)
+{
+ /* Setup Secure Partition SPSR for S-EL0 SP. */
+ ep_info->spsr = SPSR_64(MODE_EL0, MODE_SP_EL0, DISABLE_ALL_EXCEPTIONS);
+}
+
+static void read_optional_string(void *manifest, int32_t offset,
+ char *property, char *out, size_t len)
+{
- return plat_my_core_pos();
+ const fdt32_t *prop;
+ int lenp;
+
+ prop = fdt_getprop(manifest, offset, property, &lenp);
+ if (prop == NULL) {
+ out[0] = '\0';
+ } else {
+ memcpy(out, prop, MIN(lenp, (int)len));
+ }
+}
+
+/*******************************************************************************
+ * This function will parse the Secure Partition Manifest for fetching secure
+ * partition specific memory/device region details. It will find base address,
+ * size, memory attributes for each region and then add the respective region
+ * into secure parition's translation context.
+ ******************************************************************************/
+static void populate_sp_regions(struct secure_partition_desc *sp,
+ void *sp_manifest, int node,
+ enum sp_memory_region_type type)
+{
+ uintptr_t base_address;
+ uint32_t mem_attr, mem_region, size;
+ struct mmap_region sp_mem_regions = {0};
+ int32_t offset, ret;
+ char *compatibility[SP_MEM_REGION_NOT_SPECIFIED] = {
+ "arm,ffa-manifest-device-regions",
+ "arm,ffa-manifest-memory-regions"
+ };
+ char description[10];
+ char *property;
+ char *region[SP_MEM_REGION_NOT_SPECIFIED] = {
+ "device regions",
+ "memory regions"
+ };
+
+ if (type >= SP_MEM_REGION_NOT_SPECIFIED) {
+ WARN("Invalid region type\n");
+ return;
+ }
+
+ INFO("Mapping SP's %s\n", region[type]);
+
+ if (fdt_node_check_compatible(sp_manifest, node,
+ compatibility[type]) != 0) {
+ WARN("Incompatible region node in manifest\n");
+ return;
+ }
+
+ for (offset = fdt_first_subnode(sp_manifest, node), mem_region = 0;
+ offset >= 0;
+ offset = fdt_next_subnode(sp_manifest, offset), mem_region++) {
+ read_optional_string(sp_manifest, offset, "description",
+ description, sizeof(description));
+
+ INFO("Mapping: region: %d, %s\n", mem_region, description);
+
+ property = "base-address";
+ ret = fdt_read_uint64(sp_manifest, offset, property,
+ &base_address);
+ if (ret < 0) {
+ WARN("Missing:%s for %s.\n", property, description);
+ continue;
+ }
+
+ property = "pages-count";
+ ret = fdt_read_uint32(sp_manifest, offset, property, &size);
+ if (ret < 0) {
+ WARN("Missing: %s for %s.\n", property, description);
+ continue;
+ }
+ size *= PAGE_SIZE;
+
+ property = "attributes";
+ ret = fdt_read_uint32(sp_manifest, offset, property, &mem_attr);
+ if (ret < 0) {
+ WARN("Missing: %s for %s.\n", property, description);
+ continue;
+ }
+
+ sp_mem_regions.attr = MT_USER;
+ if (type == SP_MEM_REGION_DEVICE) {
+ sp_mem_regions.attr |= MT_EXECUTE_NEVER;
+ } else {
+ sp_mem_regions.attr |= MT_MEMORY;
+ if ((mem_attr & SP_MEM_EXECUTE) == SP_MEM_EXECUTE) {
+ sp_mem_regions.attr &= ~MT_EXECUTE_NEVER;
+ } else {
+ sp_mem_regions.attr |= MT_EXECUTE_NEVER;
+ }
+ }
+
+ if ((mem_attr & SP_MEM_READ_WRITE) == SP_MEM_READ_WRITE) {
+ sp_mem_regions.attr |= MT_RW;
+ }
+
+ if ((mem_attr & SP_MEM_NON_SECURE) == SP_MEM_NON_SECURE) {
+ sp_mem_regions.attr |= MT_NS;
+ } else {
+ sp_mem_regions.attr |= MT_SECURE;
+ }
+
+ sp_mem_regions.base_pa = base_address;
+ sp_mem_regions.base_va = base_address;
+ sp_mem_regions.size = size;
+
+ INFO("Adding PA: 0x%llx VA: 0x%lx Size: 0x%lx attr:0x%x\n",
+ sp_mem_regions.base_pa,
+ sp_mem_regions.base_va,
+ sp_mem_regions.size,
+ sp_mem_regions.attr);
+
+ if (type == SP_MEM_REGION_DEVICE) {
+ sp_mem_regions.granularity = XLAT_BLOCK_SIZE(1);
+ } else {
+ sp_mem_regions.granularity = XLAT_BLOCK_SIZE(3);
+ }
+ mmap_add_region_ctx(sp->xlat_ctx_handle, &sp_mem_regions);
+ }
}
+static void spmc_el0_sp_setup_mmu(struct secure_partition_desc *sp,
+ cpu_context_t *ctx)
+{
+ xlat_ctx_t *xlat_ctx;
+ uint64_t mmu_cfg_params[MMU_CFG_PARAM_MAX];
+
+ xlat_ctx = sp->xlat_ctx_handle;
+ init_xlat_tables_ctx(sp->xlat_ctx_handle);
+ setup_mmu_cfg((uint64_t *)&mmu_cfg_params, 0, xlat_ctx->base_table,
+ xlat_ctx->pa_max_address, xlat_ctx->va_max_address,
+ EL1_EL0_REGIME);
+
+ write_ctx_reg(get_el1_sysregs_ctx(ctx), CTX_MAIR_EL1,
+ mmu_cfg_params[MMU_CFG_MAIR]);
+
+ write_ctx_reg(get_el1_sysregs_ctx(ctx), CTX_TCR_EL1,
+ mmu_cfg_params[MMU_CFG_TCR]);
+
+ write_ctx_reg(get_el1_sysregs_ctx(ctx), CTX_TTBR0_EL1,
+ mmu_cfg_params[MMU_CFG_TTBR0]);
+}
+
+static void spmc_el0_sp_setup_sctlr_el1(cpu_context_t *ctx)
+{
+ u_register_t sctlr_el1;
+
+ /* Setup SCTLR_EL1 */
+ sctlr_el1 = read_ctx_reg(get_el1_sysregs_ctx(ctx), CTX_SCTLR_EL1);
+
+ sctlr_el1 |=
+ /*SCTLR_EL1_RES1 |*/
+ /* Don't trap DC CVAU, DC CIVAC, DC CVAC, DC CVAP, or IC IVAU */
+ SCTLR_UCI_BIT |
+ /* RW regions at xlat regime EL1&0 are forced to be XN. */
+ SCTLR_WXN_BIT |
+ /* Don't trap to EL1 execution of WFI or WFE at EL0. */
+ SCTLR_NTWI_BIT | SCTLR_NTWE_BIT |
+ /* Don't trap to EL1 accesses to CTR_EL0 from EL0. */
+ SCTLR_UCT_BIT |
+ /* Don't trap to EL1 execution of DZ ZVA at EL0. */
+ SCTLR_DZE_BIT |
+ /* Enable SP Alignment check for EL0 */
+ SCTLR_SA0_BIT |
+ /* Don't change PSTATE.PAN on taking an exception to EL1 */
+ SCTLR_SPAN_BIT |
+ /* Allow cacheable data and instr. accesses to normal memory. */
+ SCTLR_C_BIT | SCTLR_I_BIT |
+ /* Enable MMU. */
+ SCTLR_M_BIT;
+
+ sctlr_el1 &= ~(
+ /* Explicit data accesses at EL0 are little-endian. */
+ SCTLR_E0E_BIT |
+ /*
+ * Alignment fault checking disabled when at EL1 and EL0 as
+ * the UEFI spec permits unaligned accesses.
+ */
+ SCTLR_A_BIT |
+ /* Accesses to DAIF from EL0 are trapped to EL1. */
+ SCTLR_UMA_BIT
+ );
+
+ write_ctx_reg(get_el1_sysregs_ctx(ctx), CTX_SCTLR_EL1, sctlr_el1);
+}
+
+static void spmc_el0_sp_setup_system_registers(struct secure_partition_desc *sp,
+ cpu_context_t *ctx)
+{
+
+ spmc_el0_sp_setup_mmu(sp, ctx);
+
+ spmc_el0_sp_setup_sctlr_el1(ctx);
+
+ /* Setup other system registers. */
+
+ /* Shim Exception Vector Base Address */
+ write_ctx_reg(get_el1_sysregs_ctx(ctx), CTX_VBAR_EL1,
+ SPM_SHIM_EXCEPTIONS_PTR);
+#if NS_TIMER_SWITCH
+ write_ctx_reg(get_el1_sysregs_ctx(ctx), CTX_CNTKCTL_EL1,
+ EL0PTEN_BIT | EL0VTEN_BIT | EL0PCTEN_BIT | EL0VCTEN_BIT);
+#endif
+
+ /*
+ * FPEN: Allow the Secure Partition to access FP/SIMD registers.
+ * Note that SPM will not do any saving/restoring of these registers on
+ * behalf of the SP. This falls under the SP's responsibility.
+ * TTA: Enable access to trace registers.
+ * ZEN (v8.2): Trap SVE instructions and access to SVE registers.
+ */
+ write_ctx_reg(get_el1_sysregs_ctx(ctx), CTX_CPACR_EL1,
+ CPACR_EL1_FPEN(CPACR_EL1_FP_TRAP_NONE));
+}
+
+/* Setup context of an EL0 Secure Partition. */
+void spmc_el0_sp_setup(struct secure_partition_desc *sp,
+ int32_t boot_info_reg,
+ void *sp_manifest)
+{
+ mmap_region_t sel1_exception_vectors =
+ MAP_REGION_FLAT(SPM_SHIM_EXCEPTIONS_START,
+ SPM_SHIM_EXCEPTIONS_SIZE,
+ MT_CODE | MT_SECURE | MT_PRIVILEGED);
+ cpu_context_t *ctx;
+ int node;
+ int offset = 0;
+
+ ctx = &sp->ec[SEL0_SP_EC_INDEX].cpu_ctx;
+
+ sp->xlat_ctx_handle->xlat_regime = EL1_EL0_REGIME;
+
+ /* This region contains the exception vectors used at S-EL1. */
+ mmap_add_region_ctx(sp->xlat_ctx_handle,
+ &sel1_exception_vectors);
+
+ /*
+ * If the SP manifest specified the register to pass the address of the
+ * boot information, then map the memory region to pass boot
+ * information.
+ */
+ if (boot_info_reg >= 0) {
+ mmap_region_t ffa_boot_info_region = MAP_REGION_FLAT(
+ (uintptr_t) ffa_boot_info_mem,
+ PAGE_SIZE,
+ MT_RO_DATA | MT_SECURE | MT_USER);
+ mmap_add_region_ctx(sp->xlat_ctx_handle, &ffa_boot_info_region);
+ }
+
+ /*
+ * Parse the manifest for any device regions that the SP wants to be
+ * mapped in its translation regime.
+ */
+ node = fdt_subnode_offset_namelen(sp_manifest, offset,
+ "device-regions",
+ sizeof("device-regions") - 1);
+ if (node < 0) {
+ WARN("Not found device-region configuration for SP.\n");
+ } else {
+ populate_sp_regions(sp, sp_manifest, node,
+ SP_MEM_REGION_DEVICE);
+ }
+
+ /*
+ * Parse the manifest for any memory regions that the SP wants to be
+ * mapped in its translation regime.
+ */
+ node = fdt_subnode_offset_namelen(sp_manifest, offset,
+ "memory-regions",
+ sizeof("memory-regions") - 1);
+ if (node < 0) {
+ WARN("Not found memory-region configuration for SP.\n");
+ } else {
+ populate_sp_regions(sp, sp_manifest, node,
+ SP_MEM_REGION_MEMORY);
+ }
+
+ spmc_el0_sp_setup_system_registers(sp, ctx);
+
+}
+#endif /* SPMC_AT_EL3_SEL0_SP */
+
/* S-EL1 partition specific initialisation. */
void spmc_el1_sp_setup(struct secure_partition_desc *sp,
entry_point_info_t *ep_info)
@@ -211,12 +528,6 @@
sp->sp_id = sp_id;
}
- /*
- * We currently only support S-EL1 partitions so ensure this is the
- * case.
- */
- assert(sp->runtime_el == S_EL1);
-
/* Check if the SP wants to use the FF-A boot protocol. */
if (boot_info_reg >= 0) {
/*
diff --git a/tools/conventional-changelog-tf-a/package.json b/tools/conventional-changelog-tf-a/package.json
index 116b28b..d0efab8 100644
--- a/tools/conventional-changelog-tf-a/package.json
+++ b/tools/conventional-changelog-tf-a/package.json
@@ -1,6 +1,6 @@
{
"name": "conventional-changelog-tf-a",
- "version": "2.9.0",
+ "version": "2.10.0",
"license": "BSD-3-Clause",
"private": true,
"main": "index.js",
diff --git a/tools/renesas/rcar_layout_create/sa6.c b/tools/renesas/rcar_layout_create/sa6.c
index 8fafdad..58881f9 100644
--- a/tools/renesas/rcar_layout_create/sa6.c
+++ b/tools/renesas/rcar_layout_create/sa6.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -91,7 +91,7 @@
#define RCAR_BL31DST_ADDRESS (0x44000000U)
#define RCAR_BL31DST_ADDRESSH (0x00000000U)
/* Destination size for BL31 */
-#define RCAR_BL31DST_SIZE (0x00004000U)
+#define RCAR_BL31DST_SIZE (0x0000F800U)
/* Destination address for BL32 */
#define RCAR_BL32DST_ADDRESS (0x44100000U)
#define RCAR_BL32DST_ADDRESSH (0x00000000U)
