Format the configuration file to follow our coding guidelines and common
Python style conventions.
Change-Id: Ic83372287db08df0662f562f7683a02ddff0bac8
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
* changes:
feat(fvp): mock support for CCA NV ctr
feat(auth): add CCA NV ctr to CCA CoT
feat(build): pass CCA NV ctr option to cert_create
feat(cert-create): add new option for CCA NV ctr
Add a new page in TF-A documentation for clarifying the process to
elect a new maintainer. This builds on top of the Trusted Firmware
process [1], with the following TF-A specific details:
- Must have contributed to the project for at least a couple of years.
- Must dedicate at least 2 hours a week for maintainer duties.
- Details about the election process. In particular, setting a
one-calendar-week deadline for other maintainers to raise
objections.
[1] https://developer.trustedfirmware.org/w/collaboration/project-maintenance-process/
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Ibef08bbbd4d18cd7aea13e01ba570972a7ee808d
* changes:
feat(cpus): wrappers to propagate AArch32 errata info
feat(cpus): add a way to automatically report errata
feat(cpus): add a concise way to implement AArch64 errata
refactor(cpus): convert print_errata_status to C
refactor(cpus): rename errata_report.h to errata.h
refactor(cpus): move cpu_ops field defines to a header
With the current implementation of stripping the last null
byte from a string, there was no way to get the TF-M measured
boot test suite to pass. It would expect the size of the string
passed into extend measurement to be unaffected by the call.
This fix should allow passing a string with the null char
pre-stripped, allowing the tests to exclude the null char in
their test data and not have the length decremented.
Further, This patch adds an early exit if either the version
or sw_type is larger than its buffer. Without this check,
it may be possible to pass a length one more than the maximum,
and if the last element is a null, the length will be truncated
to fit. This is instead suppsed to return an error.
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I98e1bb53345574d4645513009883c6e7b6612531
AArch32 is not being ported to the errata framework. However, the
runtime errata list is needed at runtime for the upcoming errata ABI.
Add wrappers to populate this information and make it accessible in the
same way as AArch64.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I084720f34d6ed4e00e94b09babd3c90a5393298a
Using the errata framework per-cpu data structure, errata can all be
reported automatically through a single standard errata reporter which
can replace the cpu-specific ones.
This reporter can also enforce the ordering requirement of errata.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I7d2d5ac5bcb9d21aed0d560d7d23919a323ffdab
Errata implementation involves adding a lot of boilerplate to random
places with just conventions on how to do them. Copy pasting is the
usual method for doing this. The result is an error-prone and verbose
patch that is a nightmare to get through review.
Errata workarounds have a very large degree of similarity - most of them
involve setting a bit at reset. As such most of the boilerplate is not
strictly necessary. To solve this, add a collection of assembly macros
to wrap errata implementations such that only the actual mitigations
need to be written. A new erratum mitigation looks something like:
workaround_reset_start cortex_a77, ERRATUM(1925769), ERRATA_A77_1925769
sysreg_bit_set CORTEX_A77_CPUECTLR_EL1, CORTEX_A77_CPUECTLR_EL1_BIT_8
workaround_reset_end cortex_a77, ERRATUM(1925769)
check_erratum_ls cortex_a77, ERRATUM(1925769), CPU_REV(1, 1)
Note, that the long comment on every mitigation is missing. This is on
purpose, as this new format includes all of its contents into an easily
readable format.
The workaround wrappers add an erratum entry (24 bytes) to a per-cpu
data structure which can then be read by a standard reset function to
apply all errata automatically. This has the added benefit of collecting
all errata TF-A knows about in a central way, which was previously
missing. This can then be used at runtime with the errata ABI.
If an erratum doesn't fit this standard definition (eg. the
CVE_2022_23960), it can progressively be unwrapped to the old
convention. The only differences are that the naming format is slightly
more verbose and a call to add_erratum_entry is needed to inform the
framework about the errata.
Finally, the internal workaround names change a tiny bit, especially
CVEs.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iac644f85dcf85b8279b25e83baf1e7d08b253b16
The function is called in a fully initialised C environment and calls
into other C functions. The Aarch differences are minimal and are hidden
by the pre-existing headers. Converting it results into cleaner code
that is the same across both Aarch64 and Aarch32.
To avoid having to do very ugly pointer arithmetic, define a C struct
for the cpu_ops for both Aarch64 and Aarch32.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Idc07c4064e03143c88a4a0e2d10ceda70ba19a50
The ERRATA_XXX macros, used in cpu_helpers.S, are necessary for the
check_errata_xxx family of functions. The CPU_REV should be used in the
cpu files but for whatever reason the values have been hard-coded so far
(at the cost of readability). It's evident this file is not strictly for
status reporting.
The new purpose of this file is to make it a one-stop-shop for all
things errata.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1ce22dd36df5aa0bcfc5f2772251f91af8703dfb
The cpu_macros.S file is loaded with lots of definitions for the cpu_ops
structure. However, since they are defined as .equ directives they are
inaccessible for C code. Convert them to #defines, put them into order,
refactor them for readability, and extract them to a separate file to
make this possible.
This has the benefit of removing some Aarch differences and a lot of
duplicate code.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I72861794b6c9131285a9297d5918822ed718b228
AEM FVP does not have a third CCA NV counter so the
implementation will fake it by returning the Trusted
NV counter value when the caller requests the CCA NV
counter. This allows us to use the CCA CoT on AEM FVP
nonetheless.
The FVP platform port now gets its own version of
plat_get_nv_ctr() as it now need to diverge from the
common implementation provided at the Arm development
platforms level.
Change-Id: I3258f837249a539d943d6d783406ba222bd4554e
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Modifying the CCA CoT description to put the CCA content certificate
under the new CCA NV counter.
Change-Id: Ib962cef5eaa15bb9ccce86012f21327d29d4adad
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Modifying build system to pass the new CCA NV counter options
ccafw_nvctr to cert_create tool in context of CCA COT
Change-Id: I9de2cdc041d96bc19180c3189628ed23e68a992b
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Extends cert_create tool with a new option for CCA NV
counter: ccafw_nvctr.
And changes the non-volatile counter used to protect
the CCA Content Certificate from the Trusted FW NV counter
to the CCA FW NV counter in the CCA CoT description.
Change-Id: I27f3ab2e25809f0dcc56fa05e5c3a25a2e861ef6
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
* changes:
feat(versal-net): add support for SMCC ARCH SOC ID
feat(versal): add support for SMCC ARCH SOC ID
refactor(versal-net): move macros to common header
feat(xilinx): add support to get chipid
Pack the structure and make id/ver smaller and sorted.
The change saves 400bytes in RODATA section.
Change-Id: I8bcbe8fd589ba193551a0dd2cd19572516252e73
Signed-off-by: Michal Simek <michal.simek@amd.com>
* changes:
feat(xilinx): fix IPI calculation for Versal/NET
feat(xilinx): setup local/remote id in header
feat(xilinx): clean macro names
fix(zynqmp): do not export apu_ipi
fix(zynqmp): remove unused headers
feat(xilinx): move IPI related macros to plat_ipi.h
Add support for SMCCC_ARCH_SOC_ID as per SMC Calling Convention for
Versal NET platform.
The SMCC ARCH SOC ID call is used by system software to obtain the SiP
defined SoC identification details.
Change-Id: I6648051c7f5fa27d2f02080209da36ee8d5a9d95
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Add support for SMCCC_ARCH_SOC_ID as per SMC Calling Convention for
Versal platform.
The SMCC ARCH SOC ID call is used by system software to obtain the SiP
defined SoC identification details.
Change-Id: I1466a9ad1bc8dde1cda516ddd3edbaa6a5941237
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Move the macros to common header from platform specific folder, so that
the same macros can be re-used in other platforms.
Change-Id: I355b024f5e870c6fc104598bc571dbaa29503ae2
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Add support for PM API SYS to get the chip ID from the target.
The API calls the IPI command to read the Chip idcode and revision.
Change-Id: Id4d7d812cbf77c5e2fc7785b8afb379214f8dd19
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
When compiling with user defined areas of memory the platform code
calculates the size with (base + size - 1). However, the linker
file aligns section on a page boundary. So having the -1 in
the size calculations leads to an error message looking like this:
bl31.elf section `coherent_ram' will not fit in region `RAM'
aarch64-buildroot-linux-uclibc-ld: region `RAM' overflowed by 1 byte
While at it fix all other occurences of predefined values that were
calculated with -1.
Fixes: 1d333e6909 ("feat(versal-net): add support for Xilinx
Versal NET platform")
Change-Id: I4455f63ee3ad52369f517a7d8d3627faf0b28c0f
Signed-off-by: Michal Simek <michal.simek@amd.com>
This patch enables CTX_INCLUDE_PAUTH_REGS for RME builds.
The RMM-EL3 specification is also updated to reflect the changes
and also version of the same is bumped from 0.1 to 0.2.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I2e96a592d2b75abaee24294240c1727c5ceba420
When compiling with user defined areas of memory the platform code
calculates the size with (base + size - 1). However, the linker file
aligns section on a page boundary. So having the -1 in the size
calculations leads to an error message looking like this:
bl31.elf section `coherent_ram' will not fit in region `RAM'
aarch64-buildroot-linux-uclibc-ld: region `RAM' overflowed by 1 byte
While at it fix all other occurences of predefined values that were
calculated with -1
Fixes: commit f91c3cb1df ("arm64: versal: Add support for new Xilinx Versal ACAPs")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Change-Id: Ica1f97867b701e7fcd60ea8ea07d2ae96c485443
When compiling with user defined areas of memory the platform code
calculates the size with (base + size - 1). However, the linker file
aligns section on a page boundary. So having the -1 in the size
calculations leads to an error message looking like this:
bl31.elf section `coherent_ram' will not fit in region `RAM'
aarch64-buildroot-linux-uclibc-ld: region `RAM' overflowed by 1 byte
Commit 9b4ed0af02 ("feat(plat/zynqmp): fix section `coherent_ram' will not fit in region `RAM'")
applied a similar fix, but only in the predefined for BL31LIMIT/BASE.
While at it fix all other occurences of predefined values that were
calculated with -1
Fixes: 01555332fa ("zynqmp: Revise memory configuration options")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Change-Id: Ic96e36808d01f6bb92e6839cec92fc52320dd3f3
This patch is to restructure system manager. Move platform dependent
MACROs to individual platform system manager. Common system manager will
remain for those common declaration only.
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I385455671413e154d04a879d33fdd774fcfefbd6
This patch is to restructure system manager. Move platform dependent
MACROs to individual platform system manager. Common system manager will
remain for those common declaration only.
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I2f52d3eaf47716f7dfc636bbf1a23d68a04f39cb
Add checking on the size of source data does not exceed source size
when using memcpy and memset.
Add checking on the size of source data in FPGA Crypto Service does
not exceed the maximum of expected data size and does not meet the
minimum of expected data size.
Signed-off-by: Phui Kei Wong <phui.kei.wong@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: Idb18f05c18d9142fbe703c3f4075341d179d8bad
