Exclude the threat of power analysis side-channel attacks
from consideration in the TF-A generic threat model.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I5b245f33609fe8948e473ce4484898db5ff8db4d
* changes:
Revert "fix(ti): do not take system power reference in bl31_platform_setup()"
refactor(ti): remove ti_sci_init function
fix(k3): increment while reading trail bytes
Remove any residual RSS usage in the FVP platform, complementing the
changes made in commit dea307fd6c.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9ced272503456361610ec0c7783d270349233926
Explain that platforms are free to define their own Chain of Trust (CoT)
based on their needs but default ones are provided in TF-A source code:
TBBR, dualroot and CCA.
Give a brief overview of the use case for each of these CoTs.
Simplified diagrams are also provided for the TBBR and dualroot CoTs -
CCA CoT is missing such a diagram right now, it should be provided as a
future improvement.
Also do some cosmetic changes along the way.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I7c4014d4d12d852b0ae5632ba9c71a9ad266080a
To properly update pyproject.toml & docs/conf.py, we should manage
several digits for version number (the 10 for VERSION_MINOR), and the
VERSION_PATCH.
Change-Id: I612338fd2896f3fe614f23d14f56d58d43318a11
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Having a comment at the end of VERSION_PATCH definition line prevent
the release script to work properly. Move it on the previous line.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I4008ccbccd512edf33f67c645b38937ad1af9777
In gicv3_main.c the function is_sgi_ppi() returns true when its
sgi/ppi or false when the interrupt number matches an spi interrupt.
Introducing a new API is_valid_interrupt() which validates if
an interrupt number matches SGI/PPI or SPI as a valid interrupt,
any other interrupt number is considered invalid and panics.
Change-Id: Idce8f5432a94c8d300b9408cf5b2502c60e13318
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Essentially revert [1] to permit specifying SME support along with
SPD=spmd on FVP platform.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/20764
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Iab15d5a4c966b9f5b265ccde6711765e242abeaa
A normal world caller can emit an SMC with the SVE hint bit set such
that the callee can perform an optimization by omitting to save/restore
the SVE context. Update the SPMD to pass this information to the SPMC
when set by the caller in the SMC flags parameter.
For now, restrict this behavior to the SPMC living at S-EL2.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Icf46eb8a391dd3ddd2ee6aff8581a2f1c8a1c274
Fix the wrong placement of the closing parenthesis in the second
condition check that resulted in the incorrect calculation of the MHU
message size. Also, format the code for readability.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I0e012f3ff00bae2dfc12cdb1c2c636fc6c0a0b55
The function mhu_get_max_message_size() for MHUv2 should return only the
available memory for use after considering all the overheads for its own
use.
Signed-off-by: Sathyam Panda <sathyam.panda@arm.com>
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I14ad16e8f4b781e396bca6173077513db74157d5
* changes:
fix(spe): invoke spe_disable during power domain off/suspend
feat(psci): add psci_do_manage_extensions API
fix(arm_fpga): halve number of PEs per core
In RME documentation use "bp.secure_memory=0" to disable TZC,
and avoid conflicts with SPM in 4-world configuration.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I532bca8ab3bd3e6d4f18b5aa7e848c533e016f39
Added SiP calls to FVP platform to protect/unprotect a
memory range.
These leverage rme features to change the PAS of a given
memory range from non-secure to secure.
The mentioned call is leveraged by the SPMC in the memory
sharing flow, when memory is shared from the normal world
onto the secure world.
More details in the SPM related patches.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Iaf15d8603a549d247ffb1fc14c16bfb94d0e178a
Cortex-A715 erratum 2561034 is a Cat B erratum that applies to
revision r1p0 and is fixed in r1p1.
The workaround is to set bit[26] in CPUACTLR2_EL1. Setting this
bit is not expected to have a significant performance impact.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2148827/latest
Change-Id: I377f250a2994b6ced3ac7d93f947af6ceb690d49
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Add minimal compilation step when enabling STM32MP_USB_PROGRAMMER flag
on STM32MP2. Add DWL_BUFFER_BASE in platform.mk and the compilation
of the new file plat/st/stm32mp2/stm32mp2_usb_dfu.c (just stubs for
the moment).
Signed-off-by: Pankaj Dev <pankaj.dev@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I8891ff23ddc3d40d7477ada3e49e439dd8af8316
As these definitions will be the same for STM32MP1 and STM32MP2, move
PLATFORM_MTD_MAX_PAGE_SIZE and DWL_BUFFER_SIZE macro definition to the
file: plat/st/common/include/stm32mp_common.h
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I480669d009d15fec753298f47b136e34fa240132
PLAT_STM32MP_NS_IMAGE_OFFSET and PLAT_EMMC_BOOT_SSBL_OFFSET macros should
have been removed with patch [1].
[1] 981b9dcb87 ("refactor(stm32mp1): remove STM32MP_USE_STM32IMAGE")
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ice98c43c0257041226525199be06134fde8466c5
When trying to compile USB stack for STM32MP2, the following warning
happens:
In file included from plat/st/stm32mp2/stm32mp2_usb_dfu.c:7:
include/drivers/usb_device.h:193:9: error: unknown type name 'bool'
193 | bool is_in;
Correct it by adding: #include <stdbool.h>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If17e4e269fcdc885e42f5fcad9cfb763829786e4
ti_sci_get_revision handles getting the firmware version and ti_sci_init
is just a wrapper around it with no added benefit.
Refactor the ti_sci_get_revision to give the version information and
remove ti_sci_init wrapper.
Change-Id: I39184af5b00bedc8b9220533f1ddac3b6672d2f1
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
spe_disable function, disables profiling and flushes all the buffers and
hence needs to be called on power-off/suspend path.
It needs to be invoked as SPE feature writes to memory as part of
regular operation and not disabling before exiting coherency
could potentially cause issues.
Currently, this is handled only for the FVP. Other platforms need
to replicate this behaviour and is covered as part of this patch.
Calling it from generic psci library code, before the platform specific
actions to turn off the CPUs, will make it applicable for all the
platforms which have ported the PSCI library.
Change-Id: I90b24c59480357e2ebfa3dfc356c719ca935c13d
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Adding a new API under PSCI library,for managing all the architectural
features, required during power off or suspend cases.
Change-Id: I1659560daa43b9344dd0cc0d9b311129b4e9a9c7
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
When creating the Arm FPGA platform, we had plenty of memory available,
so assigned a generous four PEs per core for the potential CPU topology.
In reality we barely see implementations with two PEs per core, and
didn't have four at all so far.
With some design changes we now include more data per CPU type, and
since the Arm FPGA build supports many cores (and determines the correct
one at runtime), we run out of memory with certain build options.
Since we don't really need four PEs per core, just halve that number, to
reduce our memory footprint without sacrificing functionality.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ieb37ccc9f362b10ff0ce038f72efca21512a71cb
This setup helps to mimic an end-to-end RAS handling flow inspired
by real world design with a dedicated RAS secure partition managed
by SPMC.
The detailed steps are documented as comments in the relevant source
files introduced in this patch.
Change-Id: I97737c66649f6e49840fa0bdf2e0af4fb6b08fc7
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
SCR_EL3.EEL2 bit enabled denotes that the system has S-EL2 present and
enabled, Ideally this bit is constant throughout the lifetime and
should not be modified. Currently this bit is initialized in the context
mgmt code where each world copy of the SCR_EL3 register has this bit set
to 1, but for the time duration between the RESET and the first exit to
a lower EL this bit is zero.
Modifying SCR_EL3.EEL2 along with EA bit at RESET does also helps in
mitigating against ERRATA_V2_3099206.
For details on Neoverse V2 errata 3099206, refer the SDEN document
given below.
https://developer.arm.com/documentation/SDEN-2332927/latest
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If8b2bdbb19bc65391a33dd34cc9824a0203ae4b1
Section "Describing the authentication method(s)" of the Authentication
Framework documentation shows the authentication parameters types
(auth_param_type_t enum type) but is missing the AUTH_PARAM_NV_CTR
value. Add it.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I7c9022badfb039bfa9f999ecee40f18b49e6764c
The former link pointed to a page which displayed the following warning
message:
We could not find that page in the latest version, so we have taken
you to the first page instead
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Icf9277770e38bc5e602b75052c2386301984238d
Move RME to 9.2 optional features and add minor updates to comments.
Change-Id: I12a4940e82ca5df72af5421ddab43bc6a1628e95
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
All mandatory FEAT_* enabling is done from arch_features.mk.
Remove some old code which would enable some mandatory options based
on arch-features option passed to march appending.
This is now not needed anymore since if we are using correct
ARCH_MAJOR/MINOR the mandatory options will taken care from
arch_features.mk
Change-Id: I8565ac4ebb3ced29835be65ea5b043a08810872f
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Currently all march compiler option handling is moved to build
utility in march.mk.
We pass arch-features to build which appends to march options,
so this should be done once we decide march options and moving
it to march.mk file.
Change-Id: Ifaf99af5f371fd28db376a12657ccf4f363295c2
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Currently we enable all mandatory options for a current MAJOR.MINOR
number without considering architecturally to what version the current
arch should be compliant with.
For example Arch v9 should be compliant with 8.5 and shouldn't
consider being compliant with 8.9, so refactor FEAT_* handling to
ensure we capture and handle compliance correctly.
So refactor to use a list and add FEAT_* which are only compliant
with a given arch rather than relying on all the FEAT_* from previous
should be enabled for given arch version.
Change-Id: I8b0dd076c168a647de43b8618fbbe607412f7cab
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
