At the moment we only support FEAT_RAS to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (FEAT_RAS=2), by splitting
is_armv8_2_feat_ras_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access RAS related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_ras_supported() function to guard its execution.
Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.
Change-Id: I30498f72fd80b136850856244687400456a03d0e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
The current usage of RAS_EXTENSION in TF-A codebase is to cater for two
things in TF-A :
1. Pull in necessary framework and platform hooks for Firmware first
handling(FFH) of RAS errors.
2. Manage the FEAT_RAS extension when switching the worlds.
FFH means that all the EAs from NS are trapped in EL3 first and signaled
to NS world later after the first handling is done in firmware. There is
an alternate way of handling RAS errors viz Kernel First handling(KFH).
Tying FEAT_RAS to RAS_EXTENSION build flag was not correct as the
feature is needed for proper handling KFH in as well.
This patch breaks down the RAS_EXTENSION flag into a flag to denote the
CPU architecture `ENABLE_FEAT_RAS` which is used in context management
during world switch and another flag `RAS_FFH_SUPPORT` to pull in
required framework and platform hooks for FFH.
Proper support for KFH will be added in future patches.
BREAKING CHANGE: The previous RAS_EXTENSION is now deprecated. The
equivalent functionality can be achieved by the following
2 options:
- ENABLE_FEAT_RAS
- RAS_FFH_SUPPORT
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I1abb9ab6622b8f1b15712b12f17612804d48a6ec
* changes:
build!: check boolean flags are not empty
fix(build): add a default value for INVERTED_MEMMAP
fix(a5ds): add default value for ARM_DISABLE_TRUSTED_WDOG
fix(st-crypto): move flag control into source code
fix(stm32mp1): always define PKA algos flags
fix(stm32mp1): remove boolean check on PLAT_TBBR_IMG_DEF
Updating toolchain to the latest production release version
12.2.Rel1 publicly available on https://developer.arm.com/
We build TF-A in CI using:
AArch32 bare-metal target (arm-none-eabi)
AArch64 ELF bare-metal target (aarch64-none-elf)
Change-Id: Ib603cf7417e6878683a1100d5f55311188e36e8e
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
With gcc-12 any lower address access can trigger a warning/error
this would be useful in other parts of system but in TF-A
there are various reasons to access to the lower address ranges,
example using mmio_read_*/writes_*
So setup to allow access to lower addresses while using gcc-12
Change-Id: Id1b4012b13bc6876d83b90a347fee12478a1921d
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Updated the documentation to include missing details about the
TZC secured DRAM mapping for the FVP and Juno platforms.
Change-Id: I10e59b9f9686fa2fef97f89864ebc272b10e5c0b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add debug logs for tracking the status of suspend and resume.
Change-Id: Id2d2ab06fadb3118ab66f816937e0dd6e43dbdc3
Signed-off-by: Jason Chen <Jason-ch.Chen@mediatek.com>
For scalability when we add more tests in the future, add PLATFORM_TESTS
macro when specific test flags, i.e. PLATFORM_TEST_NV_COUNTERS, are
defined.
Change-Id: Icb875a171dde673fca9fcf66624ac55383e7b641
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Updated errata ABI feature enable flag and the errata non-arm
interconnect based flag, the default values for when the
feature is not enabled.
Change-Id: Ieb2144a1bc38f4ed684fda8280842a18964ba148
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Errata ABI feature specific build flag, flag to enable
CPUs in the cpu list, flags to test non-arm interconnect based
errata flags when enabled from a platform level.
Added to the FVP platform makefile to test the errata abi feature
implementation.
The flags to enable CPUs in the cpu list will be removed once
synchronized with the errata framework.
Change-Id: I30877a22ac1348906a6ddfb26f9e8839912d3572
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
The workarounds for these below mentioned errata are not implemented
in EL3, but the flags can be enabled/disabled at a platform level
based on arm/non-arm interconnect IP. The ABI helps assist the Kernel
in the process of mitigation for the following errata:
Cortex-A715: erratum 2701951
Neoverse V2: erratum 2719103
Cortex-A710: erratum 2701952
Cortex-X2: erratum 2701952
Neoverse N2: erratum 2728475
Neoverse V1: erratum 2701953
Cortex-A78: erratum 2712571
Cortex-A78AE: erratum 2712574
Cortex-A78C: erratum 2712575
EL3 provides an appropriate return value via errata ABI when the
kernel makes an SMC call using the EM_CPU_ERRATUM_FEATURES FID with the
appropriate erratum ID.
Change-Id: I35bd69d812dba37410dd8bc2bbde20d4955b0850
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Workaround to help enable the kernel to query errata status using the
errata abi feature for platforms with a non-arm interconnect.
Change-Id: I47b03eaee5a0a763056ae71883fa30dfacb9b3f7
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
This patch adds the errata management firmware interface for lower ELs
to discover details about CPU erratum. Based on the CPU erratum
identifier the interface enables the OS to find the mitigation of an
erratum in EL3.
The ABI can only be present in a system that is compliant with SMCCCv1.1
or higher. This implements v1.0 of the errata ABI spec.
For details on all possible return values, refer the design
documentation below:
ABI design documentation:
https://developer.arm.com/documentation/den0100/1-0?lang=en
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Change-Id: I70f0e2569cf92e6e02ad82e3e77874546232b89a
Reading back a RES0 bit does not necessarily mean it will be read as 0.
The Arm ARM explicitly warns against doing this. The PMU initialisation
code tries to set such bits to 1 (in MDCR_EL3) regardless of whether
they are in use or are RES0, checking their value could be wrong and
PMCR_EL0 might not end up being saved.
Save PMCR_EL0 unconditionally to prevent this. Remove the security state
change as the outgoing state is not relevant to what the root world
context should look like.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Id43667d37b0e2da3ded0beaf23fa0d4f9013f470
EL3's context is poorly defined as it is and polluting it further is not
a good idea. Put it back as it was before the function call.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I9d13c9517962b501246989fd2126d08410191784
Currently, enabling SME forces SVE off. However, the SME enablement
requires SVE to be enabled, which is reflected in code. This is the
opposite of what the build flags require.
Further, the few platforms that enable SME also explicitly enable SVE.
Their platform.mk runs after the defaults.mk file so this override never
materializes. As a result, the override is only present on the
commandline.
Change it to something sensible where if SME is on then code can rely on
SVE being on too. Do this with a check in the Makefile as it is the more
widely used pattern. This maintains all valid use cases but subtly
changes corner cases no one uses at the moment to require a slightly
different combination of flags.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: If7ca3972ebc3c321e554533d7bc81af49c2472be
While doing RAS related tests there were few patches related with
fault injection and handling were applied through CI hooks.
These patches were invisible as they were applied and removed after the
build is done.
This patch introduces build macro PLATFORM_TEST_RAS_FFH and moves the
patches applied through CI under this.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iddba52f3ebf21f575a473e50c607a944391156b9
This patch does the following:
1. Configures SBSA secure watchdog timer as Group0 interrupt for
TC platform while keeping it as Group1 secure interrupt for
other CSS based SoCs.
2. Programs the watchdog timer to trigger periodically
3. Provides a Group0 interrupt handler for TC platform port to
deactivate the EL3 interrupt due to expiry of secure watchdog
timer and refresh it explicitly.
Change-Id: I3847d6eb7347c6ea0e527b97b096119ca1e6701b
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch adds a helper API to explicitly refresh SBSA secure watchdog
timer. Please refer section A.3 of the following spec:
https://developer.arm.com/documentation/den0029/latest/
Change-Id: I2d0943792aea0092bee1e51d74b908348587e66b
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
feat(allwinner): add support for Allwinner T507 SoC
feat(allwinner): add function to detect H616 die variant
feat(allwinner): add extra CPU control registers
refactor(allwinner): consolidate sunxi_cfg.h files
1. When doing a normal boot, tc_bl31_common_platform_setup() should
simply configure the platform and return.
2. When we are running the platform tests instead,
tc_bl31_common_platform_setup() should run the tests then suspend
booting (and thus never return).
We were incorreclty suspending the boot in case 1 as well. Put that
code under a preprocessor condition (PLATFORM_TEST_NV_COUNTERS or
PLATFORM_TEST_TFM_TESTSUITE) to fix this.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I7d20800e3bcd85261e2cdad325586d184e12a3e3
For numeric flags, there is a check for the value to be set. Do the same
for boolean flags. This avoids issues where a flag is defined but
without a value, leading to potential unexpected behaviors.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ib00da2784339471058887e93434d96ccba2aebb2
* changes:
docs(spm): support for handling Group0 interrupts
feat(spmd): introduce platform handler for Group0 interrupt
feat(spmd): add support for FFA_EL3_INTR_HANDLE_32 ABI
feat(spmd): register handler for group0 interrupt from NWd
Commit 66327414fb ("fix(psci): potential array overflow with cpu on")
changed an assert in the PSCI library's psci_cpu_on_start() function to
a runtime error message, followed by a panic. This does not seem right
for two reasons:
- We must not panic() triggered by conditions influenced by lower EL
callers. If non-secure world provides illegal arguments to a PSCI
call, we can easily detect this and return -PSCI_E_INVALID_PARAMS, as
the PSCI spec demands. In fact this is done already, which brings us
to the next reason:
- psci_cpu_on_start() is effectively a function private to the PSCI
library: its prototype is in psci_private.h. It's just not static
because it lives in a different code file from the main PSCI code.
We check for illegal MPID values already in psci_cpu_on(), and return
an error value to the caller, as we should. This function is the ONLY
caller of psci_cpu_on_start(), so there is no way we get an illegal
target_cpu argument into this function. An assert() is thus the proper
way to check for this.
Mostly revert the patch mentioned above, just extending the assert so
that it does also check for not exceeding the array boundaries.
To harden the code, add a check against PLATFORM_MAX_CORE_COUNT in
psci_validate_mpidr(), and return with the proper PSCI error code if
this number is exceeded.
This also fixes the sun50i_a64 build with DEBUG=1, which exceeded an
SRAM limit due to the error message.
Change-Id: I48fc58d96b0173da5b934750f4cadf7884ef5e42
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Commit 4d8c181963 added a redistributor
power off to resolve an error on N1SDP/Morello. Prior to this fix,
turning off both cores in a cluster would cause a hang when powering
back on either core. This change introduced issues on other platforms
with a different GIC implementation, and was reverted in commit
60719e4e09.
This commit uses the previous fix in platform-specific implementations
of power domain off/suspend functions.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Change-Id: I52c463646c494fe931ff4ce47afb940a56978fcd
Commit 4d8c181963 added a redistributor
power off to resolve an error on N1SDP/Morello. Prior to this fix,
turning off both cores in a cluster would cause a hang when powering
back on either core. This change introduced issues on other platforms
with a different GIC implementation, and was reverted in commit
60719e4e09.
This commit uses the previous fix in platform-specific implementations
of power domain off/suspend functions.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Change-Id: Ib7689a5e08ada3862406fa92019a6f0bcfb48d79
Use the address of emad 0 instead of the size of the MRD.
Change-Id: I31ec0001b4474e78caa9dfb468f63122a3708781
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
The offset has been validated on the first loop iteration. Subsequent
iterations can assume it is valid.
Change-Id: Ib06cd0240220b8aa42bcd34c3c40b69d2d86aa72
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
When called on incomplete objects, it might fail or access uninitialized
memory. This allows simplifying spmc_shm_check_obj().
Change-Id: I7c11f15d4c8ebe8cd15e7d8c37a0d0f3daa83675
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Earlier validation ensures spmc_shmem_obj_get_emad() will never fail, so
trip an assertion instead of returning NULL.
Change-Id: I285f3b59150773b2404db5719753fdb240e9ed63
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
A v1.1 descriptor has a minimum length exceeding that of a v1.0
descriptor.
Change-Id: I06265d58f53eccb0d39927fe9ff396b73735df97
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Subsequent code will assume that it version-independent, so check it
with a CASSERT.
Change-Id: I233b51ef700103f1a0789d5608e3b02c96d0eeb7
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Move the runtime errata source file into the PSCI library, as PSCI is
the only component directly dependent on it, and it doesn't require
internal access to the CPUs library.
Change-Id: I92826714d49b1b0131f62c158543b4c167ab9aa8
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change introduces the `BLx_INCLUDE_DIRS` and `BLx_DEFINES`
Makefile variables, which can be used to append include directories
and preprocessor definitions to specific images created using the
`MAKE_BL` Makefile macro.
Change-Id: I9431f9d1cbde5b0b2624d9ce128a4f043c74c87f
Signed-off-by: Chris Kay <chris.kay@arm.com>
It is needed to check the validity of boolean flags with the updated
macro assert_boolean.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I185beb55606a4ca435d2fee2092fc61725859aa1
With introduction of check on boolean flags, it should be ensured that
each boolean flag has default value provided by platform.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia92c3dded842e14099b4a7667569605d7066a8f9
Remove the control from the include file to avoid compilation
issue. Add the check in the source code instead.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: I533f829607f76389399a3e8dbc3c6095278562ab
The flags to set PKA algo are set to 0 when TRUSTED_BOARD_BOOT is not
set.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ib70a2bc51451a2047d7a50a8307e9063d4a2a0ee
