The only platform to use this is fvp_r. As this platform is now gone, so
is the need for this library. Support for it never went out of
"experimental" so it does not appear to be finished.
Change-Id: I76499b92ca4368651330f17dc80803991158cc36
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Commit 2cadf21bc removed fvp_r but did not list it as such. Do that.
Change-Id: I84e83196add3d0f912fd503cd253bc5496647dd6
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
The platform has not been maintained for some years and is generally
broken. Remove it to avoid confusion.
Change-Id: I93d832d51e114689ec79969af5d96071a03f4a88
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
- Define information structures for SMMU, root complex,
root port and BDF mappings.
- Add entries for SMMU and PCIe root complexes to Boot manifest.
- Update RMMD_MANIFEST_VERSION_MINOR from 4 to 5.
Change-Id: I0a76dc18edbaaff40116f376aeb56c750d57c7c1
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
With this addition, TF-A now has an SMC call to handle the
update of MEC keys associated to MECIDs.
The behavior of this newly added call is empty for now until an
implementation for the MPE (Memory Protection Engine) driver is
available. Only parameter sanitization has been implemented.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I2a969310b47e8c6da1817a79be0cd56158c6efc3
Add the discrete TPM to the TCG event log section of the measured boot
threat model. Include the example of a physical vurnerability that can
be used to compromise a dTPM.
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: I2c06edf5e9031adc970c24426a8ae52b06efb614
-documentation for Discrete TPM drivers.
-documentation for a proof of concept on rpi3;
Measured Boot using Discrete TPM.
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: If8e7c14a1c0b9776af872104aceeff21a13bd821
Cortex-A510 erratum 2971420 applies to revisions r0p1, r0p2, r0p3,
r1p0, r1p1, r1p2 and r1p3, and is still open.
Under some conditions, data might be corrupted if Trace Buffer
Extension (TRBE) is enabled. The workaround is to disable trace
collection via TRBE by programming MDCR_EL3.NSTB[1] to the opposite
value of SCR_EL3.NS on a security state switch. Since we only enable
TRBE for non-secure world, the workaround is to disable TRBE by
setting the NSTB field to 00 so accesses are trapped to EL3 and
secure state owns the buffer.
SDEN: https://developer.arm.com/documentation/SDEN-1873361/latest/
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ia77051f6b64c726a8c50596c78f220d323ab7d97
Cortex-A715 erratum 2804830 applies to r0p0, r1p0, r1p1 and r1p2,
and is fixed in r1p3.
Under some conditions, writes of a 64B-aligned, 64B granule of
memory might cause data corruption without this workaround. See SDEN
for details.
Since this workaround disables write streaming, it is expected to
have a significant performance impact for code that is heavily
reliant on write streaming, such as memcpy or memset.
SDEN: https://developer.arm.com/documentation/SDEN-2148827/latest/
Change-Id: Ia12f6c7de7c92f6ea4aec3057b228b828d48724c
Signed-off-by: John Powell <john.powell@arm.com>
This patch provides architectural support for further use of
Memory Encryption Contexts (MEC) by declaring the necessary
registers, bits, masks, helpers and values and modifying the
necessary registers to enable FEAT_MEC.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I670dbfcef46e131dcbf3a0b927467ebf6f438fa4
More recent versions of Poetry introduced the `package-mode` key to
configure whether the project should be used for dependency management
only, but this is incompatible with the earlier versions of Poetry that
we still support.
Instead, we rely on installing with the `--no-root` flag, which behaves
similarly. Installing without passing the `--no-root` flag is
deprecated, and in recent versions of Poetry has become a hard error.
This change ensures that the build system always installs dependencies
with the required flag.
Change-Id: Ic1543511314dcd20c00b73fd9e8cfae3dd034a41
Signed-off-by: Chris Kay <chris.kay@arm.com>
* changes:
feat(fvp): set defaults for build commandline
docs(arm): enable Linux boot from fip as BL33
feat(arm): enable Linux boot from fip as BL33
docs(fvp): update fvp build time options
docs(arm): add initrd props to dtb at build time
feat(arm): add initrd props to dtb at build time
The function got renamed to pwr_domain_pwr_down() but have a reference
to it for anyone wondering where it went.
Change-Id: Ica5fa11b9f18a7446c188e37b9f1d5508f4cf749
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Document additional functionality of TF-A to package the Linux kernel in
the fip image as a BL33 and boot it. A ramdisk is used as a file system.
The ramdisk properties are injected in to the device tree at build time.
Change-Id: I326f920fdac4bd20572f6f0da07d012def114274
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
Add new fvp specific build time options. Specifically the below:
- INITRD_SIZE
- INITRD_PATH
- INITRD_BASE
Change-Id: Ieadf01fce7a0a0a8e9e7582d7b7e371b247207c2
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
Document the ability of the FVP platform to boot a Linux Kernel as a
preloaded image. A preloaded Linux Kernel can be booted in a normal
flow as well as in RESET_TO_BL31. This is made possible by updating
the device tree with initrd properties at build time.
Change-Id: I4e1d8c24f82510d21b2afa06b429a18da4d623bd
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
This change refactors the memmap tool into a Poetry project, with its
own dependencies. You can continue to run it manually with:
poetry run memory <args>
Change-Id: I346283df1b8bfad4babc1f5a3861dab94d4a006a
Signed-off-by: Chris Kay <chris.kay@arm.com>
This patch introduces a platform-specific function to provide DLME
authentication features. While no platforms currently support DLME
authentication, this change offers a structured way for platforms
to define and expose their DLME authentication features, with the
flexibility to extend support in the future if needed.
Change-Id: Ia708914477c4d8cfee4809a9daade9a3e91ed073
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduces a platform-specific API to retrieve the ACPI table
region size. This will be used in a subsequent patch to specify
the minimum DLME size requirement for the DCE preamble.
Change-Id: I44ce9241733b22fea3cbce9d42f1c2cc5ef20852
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Patch series:
https://review.trustedfirmware.org/q/topic:%22gr/fvp_11_28_23%22
Migrated FVP's to use version 11.28.23 and also removed some model
testing that are now no more available or not working with newer model
configuration.
Change-Id: I58c5406ff49ad4c537391c61259d71d9610e875a
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
SVE and SME aren't enabled symmetrically for all worlds, but EL3 needs
to context switch them nonetheless. Previously, this had to happen by
writing the enable bits just before reading/writing the relevant
context. But since the introduction of root context, this need not be
the case. We can have these enables always be present for EL3 and save
on some work (and ISBs!) on every context switch.
We can also hoist ZCR_EL3 to a never changing register, as we set its
value to be identical for every world, which happens to be the one we
want for EL3 too.
Change-Id: I3d950e72049a298008205ba32f230d5a5c02f8b0
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
The current code is incredibly resilient to updates to the spec and
has worked quite well so far. However, recent implementations expose a
weakness in that this is rather slow. A large part of it is written in
assembly, making it opaque to the compiler for optimisations. The
future proofness requires reading registers that are effectively
`volatile`, making it even harder for the compiler, as well as adding
lots of implicit barriers, making it hard for the microarchitecutre to
optimise as well.
We can make a few assumptions, checked by a few well placed asserts, and
remove a lot of this burden. For a start, at the moment there are 4
group 0 counters with static assignments. Contexting them is a trivial
affair that doesn't need a loop. Similarly, there can only be up to 16
group 1 counters. Contexting them is a bit harder, but we can do with a
single branch with a falling through switch. If/when both of these
change, we have a pair of asserts and the feature detection mechanism to
guard us against pretending that we support something we don't.
We can drop contexting of the offset registers. They are fully
accessible by EL2 and as such are its responsibility to preserve on
powerdown.
Another small thing we can do, is pass the core_pos into the hook.
The caller already knows which core we're running on, we don't need to
call this non-trivial function again.
Finally, knowing this, we don't really need the auxiliary AMUs to be
described by the device tree. Linux doesn't care at the moment, and any
information we need for EL3 can be neatly placed in a simple array.
All of this, combined with lifting the actual saving out of assembly,
reduces the instructions to save the context from 180 to 40, including a
lot fewer branches. The code is also much shorter and easier to read.
Also propagate to aarch32 so that the two don't diverge too much.
Change-Id: Ib62e6e9ba5be7fb9fb8965c8eee148d5598a5361
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
MPMM is a core-specific microarchitectural feature. It has been present
in every Arm core since the Cortex-A510 and has been implemented in
exactly the same way. Despite that, it is enabled more like an
architectural feature with a top level enable flag. This utilised the
identical implementation.
This duality has left MPMM in an awkward place, where its enablement
should be generic, like an architectural feature, but since it is not,
it should also be core-specific if it ever changes. One choice to do
this has been through the device tree.
This has worked just fine so far, however, recent implementations expose
a weakness in that this is rather slow - the device tree has to be read,
there's a long call stack of functions with many branches, and system
registers are read. In the hot path of PSCI CPU powerdown, this has a
significant and measurable impact. Besides it being a rather large
amount of code that is difficult to understand.
Since MPMM is a microarchitectural feature, its correct placement is in
the reset function. The essence of the current enablement is to write
CPUPPMCR_EL3.MPMM_EN if CPUPPMCR_EL3.MPMMPINCTL == 0. Replacing the C
enablement with an assembly macro in each CPU's reset function achieves
the same effect with just a single close branch and a grand total of 6
instructions (versus the old 2 branches and 32 instructions).
Having done this, the device tree entry becomes redundant. Should a core
that doesn't support MPMM arise, this can cleanly be handled in the
reset function. As such, the whole ENABLE_MPMM_FCONF and platform hooks
mechanisms become obsolete and are removed.
Change-Id: I1d0475b21a1625bb3519f513ba109284f973ffdf
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
RAS errors can cause problems for powerdown. On cpus like the A510,
receiving a RAS error after executing the powerdown `wfi` will deadlock
the core. The TRM suggests disabling the generation of interrupts.
However, which interrupts to disable is not apparent for generic code as
the meaning of each error record is *heavily* IMPDEF, despite the
standard format. Iterating over the list and disabling all is not
desirable as this might disable errors for components that do not have
an effect on the core that is powering down.
As such, leave this for the platform port to handle. Leave a note in the
porting guide so this is not missed.
Change-Id: I43c3f6f909fafc449d3b4e748b015b05338d9618
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Errata application is painful for performance. For a start, it's done
when the core has just come out of reset, which means branch predictors
and caches will be empty so a branch to a workaround function must be
fetched from memory and that round trip is very slow. Then it also runs
with the I-cache off, which means that the loop to iterate over the
workarounds must also be fetched from memory on each iteration.
We can remove both branches. First, we can simply apply every erratum
directly instead of defining a workaround function and jumping to it.
Currently, no errata that need to be applied at both reset and runtime,
with the same workaround function, exist. If the need arose in future,
this should be achievable with a reset + runtime wrapper combo.
Then, we can construct a function that applies each erratum linearly
instead of looping over the list. If this function is part of the reset
function, then the only "far" branches at reset will be for the checker
functions. Importantly, this mitigates the slowdown even when an erratum
is disabled.
The result is ~50% speedup on N1SDP and ~20% on AArch64 Juno on wakeup
from PSCI calls that end in powerdown. This is roughly back to the
baseline of v2.9, before the errata framework regressed on performance
(or a little better). It is important to note that there are other
slowdowns since then that remain unknown.
Change-Id: Ie4d5288a331b11fd648e5c4a0b652b74160b07b9
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Similar to the cpu_rev_var and cpu_ger_rev_var functions, inline the
call_reset_handler handler. This way we skip the costly branch at no
extra cost as this is the only place where this is called.
While we're at it, drop the options for CPU_NO_RESET_FUNC. The only cpus
that need that are virtual cpus which can spare the tiny bit of
performance lost. The rest are real cores which can save on the check
for zero.
Now is a good time to put the assert for a missing cpu in the
get_cpu_ops_ptr function so that it's a bit better encapsulated.
Change-Id: Ia7c3dcd13b75e5d7c8bafad4698994ea65f42406
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
rk3576 is an Octa-core soc with Cortex-a53/a72 inside.
This patch supports the following functions:
1. basic platform setup
2. power up/off cpus
3. suspend/resume cpus
4. suspend/resume system
5. reset system
6. power off system
Change-Id: I67a019822bd4af13e4a3cdd09cf06202f4922cc4
Signed-off-by: XiaoDong Huang <derrick.huang@rock-chips.com>
Commit@af5ae9a73f67dc8c9ed493846d031b052b0f22a0
Adding a Cortex-A720-AE erratum 3699562 has a typo in CPU name
for the errata, it is for Cortex-A720-AE but had incorrectly
mentioned as Cortex-A715_AE.
Change-Id: I2332a3fcaf56a7aaab5a04e3d40428cc746d2d46
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
* changes:
refactor(rse)!: remove rse_comms_init
refactor(arm): switch to rse_mbx_init
refactor(rse): put MHU code in a dedicated file
refactor(tc): add plat_rse_comms_init
refactor(arm)!: rename PLAT_MHU_VERSION flag
Cortex-X925 erratum 2963999 that applies to r0p0 and is fixed in
r0p1.
In EL3, reads of MPIDR_EL1 and MIDR_EL1 might incorrectly virtualize
which register to return when reading the value of
MPIDR_EL1/VMPIDR_EL2 and MIDR_EL1/VPIDR_EL2, respectively.
The workaround is to do an ISB prior to an MRS read to either
MPIDR_EL1 and MIDR_EL1.
SDEN documentation:
https://developer.arm.com/documentation/109180/latest/
Change-Id: I447fd359ea32e1d274e1245886e1de57d14f082c
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Neoverse V3 erratum 2970647 that applies to r0p0 and is fixed in r0p1.
In EL3, reads of MPIDR_EL1 and MIDR_EL1 might incorrectly virtualize
which register to return when reading the value of
MPIDR_EL1/VMPIDR_EL2 and MIDR_EL1/VPIDR_EL2, respectively.
The workaround is to do an ISB prior to an MRS read to either
MPIDR_EL1 and MIDR_EL1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-2891958/latest/
Change-Id: Iedf7d799451f0be58a5da1f93f7f5b6940f2bb35
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Cortex-X4 erratum 2957258 that applies to r0p0, r0p1 and is fixed in
r0p2.
In EL3, reads of MPIDR_EL1 and MIDR_EL1 might incorrectly virtualize
which register to return when reading the value of
MPIDR_EL1/VMPIDR_EL2 and MIDR_EL1/VPIDR_EL2, respectively.
The workaround is to do an ISB prior to an MRS read to either
MPIDR_EL1 and MIDR_EL1.
SDEN documentation:
https://developer.arm.com/documentation/109148/latest/
Change-Id: I2d8e7f4ce19ca2e1d87527c31e7778d81aff0279
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
