The definition of `dlme_tpm_log_size` has been revised to represent
the actual Event Log data size instead of the fixed minimum of 64KB.
This change will be reflected in the upcoming DRTM specification
update.
Note: This change requires a corresponding update to the ACS DRTM
app in CI.
Change-Id: I967b5a372b283abd46409685d7266ffa60c142b0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
* changes:
fix(psci): avoid altering function parameters
fix(services): avoid altering function parameters
fix(common): ignore the unused function return value
fix(psci): modify variable conflicting with external function
fix(delay-timer): create unique variable name
Report `FFA_MEM_PERM_GET` and `FFA_MEM_PERM_SET` supported to secure
world instances.
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
Change-Id: I90e6b0ab601ae1142b419cacfa56109c183ab640
Some platforms do not support FEAT_MEC. Hence, they do not provide
an interface to update the update of the key corresponding to a
MECID.
This patch adds a condition in order to verify FEAT_MEC is present
before calling the corresponding platform hook, thus preventing it
from being called when the platform does not support the feature.
Change-Id: Ib1eb9e42f475e27ec31529569e888b93b207148c
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
The direct message response received by the SPMD upon a CPU_OFF power
management operation must be a framework message. If message indicates
SPMC denied the CPU_OFF operation, SPMD shall panic.
However, if SPMC does not support receiving power management
related framework messages from SPMD, it will return FFA_ERROR.
In such case, SPMD takes an implementation defined choice to ignore the
the FFA_ERROR and proceed with power management operation.
Change-Id: I18b9ee3fb8fd605bcd4aaa6802c969e9d36ccbe1
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
With this addition, TF-A now has an SMC call to handle the
update of MEC keys associated to MECIDs.
The behavior of this newly added call is empty for now until an
implementation for the MPE (Memory Protection Engine) driver is
available. Only parameter sanitization has been implemented.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I2a969310b47e8c6da1817a79be0cd56158c6efc3
This patch only arranged the case numbers that were incorrectly
ordered.
Change-Id: I0da48c68c5c2f4b5ba19ab770377ea91066bcb6a
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
This corrects the MISRA violation C2012-17.8:
A function parameter should not be modified.
Local variable is declared and used to process the value
from the argument.
Change-Id: I94e8048c43f767ad08820624b7c7e43b0a3e9190
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
Perform sanity checks on the launch features received via DRTM parameters.
Return INVALID_PARAMETERS if they are incorrect.
Change-Id: I7e8068154028d1c8f6b6b45449616bb5711ea76e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Certain erratum workarounds like Neoverse N1 1542419, need a part
of their mitigation done in EL3 and the rest in lower EL. But currently
such workarounds return HIGHER_EL_MITIGATION which indicates that the
erratum has already been mitigated by a higher EL(EL3 in this case)
which causes the lower EL to not apply it's part of the mitigation.
This patch fixes this issue by adding support for split workarounds
so that on certain errata we return AFFECTED even though EL3 has
applied it's workaround. This is done by reusing the chosen field of
erratum_entry structure into a bitfield that has two bitfields -
Bit 0 indicates that the erratum has been enabled in build,
Bit 1 indicates that the erratum is a split workaround and should
return AFFECTED instead of HIGHER_EL_MITIGATION.
SDEN documentation:
https://developer.arm.com/documentation/SDEN885747/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Iec94d665b5f55609507a219a7d1771eb75e7f4a7
Retrieve DLME image authentication features and report them
back to the DCE preamble. Currently, this value is always set
to 0, as no platform supports DLME authentication.
Additionally, the default schema is always used instead of
the DLME PCR schema since DLME authentication is not currently
supported.
This change primarily upgrades the DRTM parameters version to V2,
aligning with DRTM spec v1.1 [1].
[1]: https://developer.arm.com/documentation/den0113/c/?lang=en
Change-Id: Ie2ceb0d2ff49465643597e8725710a93d89e74a2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch updates `drtm_measurements.c` to ensure that a No-Action
event is recorded in the Event Log as part of the DRTM measurement
process.
This helps maintain compliance with the event logging requirements
specified in DRTM spec v1.1 [1].
[1]: https://developer.arm.com/documentation/den0113/c/?lang=en
Change-Id: Ifcf25b7ec91393a0c91b05e30f1f6cc4960d5634
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch updates event logging to comply with the latest version
(v1.1) of the DRTM specification [1]. It ensures that all required
event types, including those related to DLME authentication, are
properly defined.
Although these additional events are not currently utilized in the
implementation, this change ensures their presence as specified in
DRTM v1.1 for completeness.
[1]: https://developer.arm.com/documentation/den0113/c/?lang=en
Change-Id: I6846488c4121b1e2dc948d73c946e06883e16b28
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Ensure compliance with minimum size requirements by including the
missing DLME data regions, such as the DLME data header and ACPI
region size.
This will prevent incorrect allocation of DLME data regions in
the DCE preamble.
Change-Id: Ic493262152dfe39eb2d54f8771f19651be042288
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
When SPMD_SPM_AT_SEL2 is enabled, saving and restoring the SIMD context
is not needed because the SPMC handles it. The function
spmd_secure_interrupt_handler incorrectly restores the SWD SIMD context
before entering the SPMC without saving the NWD SIMD context, leading to
its loss. Furthermore, the SWD SIMD context is saved after returning
from the SPMC which is unnecessary.
This commit prevents the restoration of the SWD SIMD context before SPMC
entry and the saving of the SWD SIMD context after returning from the
SPMC when SPMD_SPM_AT_SEL2 is enabled. This ensures the preservation of
the NWD SIMD context.
Change-Id: I16a3e698e61da7019b3a670475e542d1690a5dd9
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
dlme_data_min_size is currently defined in pages but is being compared
against byte sizes in the code. This patch corrects this issue.
Change-Id: Ib250ef6efedf321706624dfca263e8042a25f6d1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
As per the specification the address map region in the
DLME data must be sorted.
Change-Id: Ibf39dad33ef7ce739d6ec8632198df55a4e8a1c3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch implements SMCCC_ARCH_WORKAROUND_4 and
allows discovery through SMCCC_ARCH_FEATURES.
This mechanism is enabled if CVE_2024_7881 [1] is enabled
by the platform. If CVE_2024_7881 mitigation
is implemented, the discovery call returns 0,
if not -1 (SMC_ARCH_CALL_NOT_SUPPORTED).
For more information about SMCCC_ARCH_WORKAROUND_4 [2], please
refer to the SMCCC Specification reference provided below.
[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
[2]: https://developer.arm.com/documentation/den0028/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I1b1ffaa1f806f07472fd79d5525f81764d99bc79
MDCR_EL3 register will context switch across all worlds. Thus the pmuv3
init has to be part of context management initialization.
Change-Id: I10ef7a3071c0fc5c11a93d3c9c2a95ec8c6493bf
Signed-off-by: Mateusz Sulimowicz <matsul@google.com>
On some platforms plat_my_core_pos is a nontrivial function that takes a
bit of time and the compiler really doesn't like to inline. In the PSCI
library, at least, we have no need to keep repeatedly calling it and we
can instead pass it around as an argument. This saves on a lot of
redundant calls, speeding the library up a bit.
Change-Id: I137f69bea80d7cac90d7a20ffe98e1ba8d77246f
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
* changes:
feat(el3_spmc): ffa error handling in direct msg
feat(ff-a): support FFA_MSG_SEND_DIRECT_REQ2/RESP2
feat(ff-a): add FFA_MEM_PERM_GET/SET_SMC64
feat(el3-spmc): support Hob list to boot S-EL0 SP
feat(synquacer): add support Hob creation
fix(fvp): exclude extend memory map TZC regions
feat(fvp): add StandaloneMm manifest in fvp
feat(spm): use xfer list with Hob list in SPM_MM
When an FFA_ERROR happens while handling a direct message
from normal world, return to normal world with
FFA_ERROR. Otherwise, the system would re-enter the secure partition
with FFA_ERROR.
Change-Id: I3d9a68a41b4815c1a8e10354cfcf68fec9f4b800
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
StandaloneMm which is S-EL0 partition uses
FFA_MSG_SEND_DIRECT_REQ2/RESP2 to handle multiple services.
For this, add support for FFA_MSG_SEND_DIRECT_REQ2/RESP2 in el3_spmc
restrictly up to use 8 registers.
although FF-A v1.2 defines FFA_MSG_SEND_DIRECT_REQ2/RESP2
with ability to pass/return up to 18 registers.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I8ab1c332d269d9d131330bb2debd10d75bdba1ee
Switch the state back to non-secure after a secure interrupt
using spmd_smc_switch_state with FFA_NORMAL_WORLD_RESUME
to reduce the number of control flow paths for world switches.
Fixes an issue where FP registers were not correctly restored
after secure interrupts.
Upstreamed from https://r.android.com/3345999, tested on Trusty.
Change-Id: I3ce33f7657c13b999969ebb8957d5d4b6c3aa634
Signed-off-by: Andrei Homescu <ahomescu@google.com>
* changes:
feat(qemu): hand off TPM event log via TL
feat(handoff): common API for TPM event log handoff
feat(handoff): transfer entry ID for TPM event log
fix(qemu): fix register convention in BL31 for qemu
fix(handoff): fix register convention in opteed
SMCCC_ARCH_FEATURE_AVAILABILITY [1] is a call to query firmware about
the features it is aware of and enables. This is useful when a feature
is not enabled at EL3, eg due to an older FW image, but it is present in
hardware. In those cases, the EL1 ID registers do not reflect the usable
feature set and this call should provide the necessary information to
remedy that.
The call itself is very lightweight - effectively a sanitised read of
the relevant system register. Bits that are not relevant to feature
enablement are masked out and active low bits are converted to active
high.
The implementation is also very simple. All relevant, irrelevant, and
inverted bits combined into bitmasks at build time. Then at runtime the
masks are unconditionally applied to produce the right result. This
assumes that context managers will make sure that disabled features
do not have their bits set and the registers are context switched if
any fields in them make enablement ambiguous.
Features that are not yet supported in TF-A have not been added. On
debug builds, calling this function will fail an assert if any bits that
are not expected are set. In combination with CI this should allow for
this feature to to stay up to date as new architectural features are
added.
If a call for MPAM3_EL3 is made when MPAM is not enabled, the call
will return INVALID_PARAM, while if it is FEAT_STATE_CHECK, it will
return zero. This should be fairly consistent with feature detection.
The bitmask is meant to be interpreted as the logical AND of the
relevant ID registers. It would be permissible for this to return 1
while the ID returns 0. Despite this, this implementation takes steps
not to. In the general case, the two should match exactly.
Finally, it is not entirely clear whether this call replies to SMC32
requests. However, it will not, as the return values are all 64 bits.
[1]: https://developer.arm.com/documentation/den0028/galp1/?lang=en
Co-developed-by: Charlie Bareham <charlie.bareham@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1a74e7d0b3459b1396961b8fa27f84e3f0ad6a6f
In preparation for SMCCC_ARCH_FEATURE_AVAILABILITY, it is useful for
context to be directly related to the underlying system. Currently,
certain bits like SCR_EL3.APK are always set with the understanding that
they will only take effect if the feature is present.
However, that is problematic for SMCCC_ARCH_FEATURE_AVAILABILITY (an
SMCCC call to report which features firmware enables), as simply reading
the enable bit may contradict the ID register, like the APK bit above
for a system with no Pauth present.
This patch is to clean up these cases. Add a check for PAuth's presence
so that the APK bit remains unset if not present. Also move SPE and TRBE
enablement to only the NS context. They already only enable the features
for NS only and disable them for Secure and Realm worlds. This change
only makes these worlds' context read 0 for easy bitmasking.
There's only a single snag on SPE and TRBE. Currently, their fields have
the same values and any world asymmetry is handled by hardware. Since we
don't want to do that, the buffers' ownership will change if we just set
the fields to 0 for non-NS worlds. Doing that, however, exposes Secure
state to a potential denial of service attack - a malicious NS can
enable profiling and call an SMC. Then, the owning security state will
change and since no SPE/TRBE registers are contexted, Secure state will
start generating records. Always have NS world own the buffers to
prevent this.
Finally, get rid of manage_extensions_common() as it's just a level of
indirection to enable a single feature.
Change-Id: I487bd4c70ac3e2105583917a0e5499e0ee248ed9
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
The commit with Change-Id:Ie417e054a7a4c192024a2679419e99efeded1705
updated the register convention r1/x1 values but missing necessary
changes in BL31.
As a result, a system panic observed during setup for BL32 when
TRANSFER_LIST is enabled due to unexpected arguments.
This patch is to fix this issue for optee.
Change-Id: I13e116e7cb5a7d89fafc11d20295cffbf24793ab
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
FF-A memory management protocol v1.1 specifies not only
FFA_MEM_PERM_GET_SMC32/FFA_MEM_PERM_SET_SMC32 but also
FFA_MEM_PERM_GET_SMC64/FFA_MEM_PERM_SET_SMC64.
Change former FFA_MEM_PERM_GET/SET definitions to separate operations
and add handler for FFA_MEM_PERM_GET/SET_SMC64 in spmc_smc_handler().
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I175063654703db26c1ffc3cfd7fa428b94d2bfc9
The EDKII/StandaloneMm module runs as a S-EL0 partition
on top of the EL3 FF-A SPMC.
In the past the StandaloneMm partition received its boot information through
the use of a device tree (DT) passed through the FF-A boot protocol.
The StandaloneMm itself converted the DT into a HOB.
To better match the UEFI PI spec,
the EL3 SPMC must now produce the HOB including the PHIT
(Phase Handoff Information Table) as first item in the HOB list.
The SPMC then passes the HOB through the FF-A boot protocol for
the StandaloneMm consumption.
This discards the use of a DT between the SPMC and
the StandaloneMm partition.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I22fb02c710169bd5a5ba1d1f60dce977a5a59ab6
According to Platform Initialization (PI) Specification [1] and
Discussion on edk2 mailing list [2],
StandaloneMm shouldn't create Hob but it should be passed from TF-A.
IOW, TF-A should pass boot information via PHIT Hob to initialise
StandaloneMm properly.
This patch applies using transfer list with PHIT Hob list [3] for
delivering boot information to StandaloneMm.
Link: https://uefi.org/sites/default/files/resources/PI_Spec_1_6.pdf [1]
Link: https://edk2.groups.io/g/devel/topic/103675962#114283 [2]
Link: https://github.com/FirmwareHandoff/firmware_handoff [3]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I3df71a7679abf9859612afc8a5be7b2381007311
Fix an issue where one ERROR line was placed
incorrectly outside its conditional check.
Signed-off-by: Andrei Homescu <ahomescu@google.com>
Change-Id: I7860c399e4a84de6eaa4139fe2103595c52576dd
Updated the code to ensure the Event Log in the DLME meets
the minimum size requirement of 64KB, as specified in the
specification.
Change-Id: If0b179a97c0dca489edc0047da401bbb4ce09f39
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Clang build breaks with the following warning:
| In file included from services/std_svc/spmd/spmd_logical_sp.c:15:
| include/services/el3_spmd_logical_sp.h:15:38: error: redefinition of
| typedef 'spmd_spm_core_context_t' is a C11 feature [-Werror,-Wtypedef-redefinition].
| 15 | typedef struct spmd_spm_core_context spmd_spm_core_context_t;
| | ^
| services/std_svc/spmd/spmd_private.h:58:3: note: previous definition is here
| 58 | } spmd_spm_core_context_t;
| | ^
| CC services/std_svc/std_svc_setup.c
| 1 error generated.
| In file included from services/std_svc/spmd/spmd_main.c:35:
| services/std_svc/spmd/spmd_private.h:58:3: error: redefinition of typedef
| 'spmd_spm_core_context_t' is a C11 feature [-Werror,-Wtypedef-redefinition]
| 58 | } spmd_spm_core_context_t;
| | ^
| include/services/el3_spmd_logical_sp.h:15:38: note: previous definition is here
| 15 | typedef struct spmd_spm_core_context spmd_spm_core_context_t;
| | ^
| 1 error generated.
A structure 'spmd_spm_core_context_t' defined in 'spmd_private.h' is
also declared in 'el3_spmd_logical_sp.h' as it is used in a couple of
function declarations. These function declarations can be moved to
spmd_private.h as they are not needed elsewhere.
Change-Id: Ic6b9a277abe00cb7129f671570abf7255be62dfa
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
* This patch adds support to tsp (BL32) Image, to exercise
EL1_context registers at S-EL1.
* Adds a SMC function ID "MODIFY_EL1_CTX" to handle EL1_CTX
registers at S-EL1 and overwrite them.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: Id4f2b3b748f7bc9e6c9d72a2f03d50aefbfb61cb
This patch disables trapping to EL3 when the FEAT_D128
specific registers are accessed by setting the SCR_EL3.D128En bit.
If FEAT_D128 is implemented, then FEAT_SYSREG128 is implemented.
With FEAT_SYSREG128 certain system registers are treated as 128-bit,
so we should be context saving and restoring 128-bits instead of 64-bit
when FEAT_D128 is enabled.
FEAT_SYSREG128 adds support for MRRS and MSRR instruction which
helps us to read write to 128-bit system register.
Refer to Arm Architecture Manual for further details.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I1a53db5eac29e56c8fbdcd4961ede3abfcb2411a
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Add required SMCs by RMM to push attestation signing requests to EL3
and get responses. EL3 may then choose to push these requests to a HES
as suitable for a platform. This patch also supports the new
RMM_EL3_FEATURES interface, that RMM can use to query for support for
HES based signing. The new interface exposes a feature register with
different bits defining different discoverable features. This new
interface is available starting the 0.4 version of the RMM-EL3
interface, causing the version to bump up. This patch also adds a
platform port for FVP that implements the platform hooks required to
enable the new SMCs, but it does not push to a HES and instead copies a
zeroed buffer in EL3.
Change-Id: I69c110252835122a9533e71bdcce10b5f2a686b2
Signed-off-by: Raghu Krishnamurthy <raghupathyk@nvidia.com>
commit 42e35d2f8c
("refactor(cm): convert el1 ctx assembly offset entries to c structure")
moves cntkctl_el1 register from el1_sysregs_t's common to arch_timer
structure.
To set cntkctl_el1, it should use write_el1_ctx_timer() instead of
write_el1_ctx_common() otherwise, build failed.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: Ifa1ca6e056fa95bd07598d20705856e208670808
