Add APU SMMU hardware semaphore operations to make APU SMMU
able to sync the power status.
Change-Id: I1926cab990fba54a2ea694ac6d9e87135dfb19cf
Signed-off-by: Karl Li <karl.li@mediatek.com>
1. Add smpu protection for APU secure memory.
2. Move emi mpu protection for mt8188 to platform folder
Since the smpu driver has not upstream, we currently leave the interface
and do nothing until smpu driver is ready.
Change-Id: Id70162e90a7deb64befe90f09a841a0903535482
Signed-off-by: Karl Li <karl.li@mediatek.com>
APU RCX is a sub-domain in apusys, connecting several APU components.
The APU RCX DevAPC control lives in APU and can only be set after
APU is powered on.
The APUSYS kernel driver will trigger RCX DevAPC init by smc call.
Change-Id: I3a9b014ea1be7ee80fd6861ad088f1dec5410872
Signed-off-by: Karl Li <karl.li@mediatek.com>
Add APU kernel control operations to provide the bootup init functions.
1. Add software workaround for certain operations on mt8196.
2. Add APU logger operations.
3. Add function to clear mbox spare register, which is used in APU
booting process.
4. Add function to setup CE binary to make sure the CE binary version
is align with the APU firmware.
Change-Id: Ic99adba1409c020c72179ea135e0d4291fc3f384
Signed-off-by: Karl Li <karl.li@mediatek.com>
1. Add APU power on/off functions
2. Refine the APU power on/off interface for mt8188
3. Add dcm setup function to support mt8196
Change-Id: Ie1caca40f89de71caac037fabe7e7455ff2a1872
Signed-off-by: Karl Li <karl.li@mediatek.com>
APUMMU is the MMU in APU, which is responsible for inner address
mapping. The APU kernel driver will setup the APUMMU by SMC call.
Change-Id: Iad7532883e42c288aeb0d23ab419f4dc6d8630f2
Signed-off-by: Karl Li <karl.li@mediatek.com>
Enable mt8196 apusys mailbox mpu protection and
move the mt8188 setting to platform folder
Change-Id: I76b68318bb88e56b12cdacd9e2b998699ca6b48e
Signed-off-by: Karl Li <karl.li@mediatek.com>
Remap the request from domain 5, 7, 14 to domain 6 and setup security
sideband
Change-Id: I06d377f4bcc542bf22e0a04ffb45cf52b7528a75
Signed-off-by: Karl Li <karl.li@mediatek.com>
Apusys AO DevAPC is a set of control registers inside APU, controlling
the access permission of APU AO (Always On) domain.
This patch add the mt8196 APU AO DevAPC setting to setup the protection.
Change-Id: I975a92795031cd1813442302890e29b671ef16f1
Signed-off-by: Karl Li <karl.li@mediatek.com>
Add the APU (AI processing unit) power init flow to prepare the hardware
setting before using APU power functions.
Change-Id: I595b1d5100a4f083263de6527f920e5168700b7a
Signed-off-by: Karl Li <karl.li@mediatek.com>
* changes:
fix(cpus): workaround for CVE-2024-5660 for Cortex-X925
fix(cpus): workaround for CVE-2024-5660 for Cortex-X2
fix(cpus): workaround for CVE-2024-5660 for Cortex-A77
fix(cpus): workaround for CVE-2024-5660 for Neoverse-V1
fix(cpus): workaround for CVE-2024-5660 for Cortex-A78_AE
fix(cpus): workaround for CVE-2024-5660 for Cortex-A78C
fix(cpus): workaround for CVE-2024-5660 for Cortex-A78
fix(cpus): workaround for CVE-2024-5660 for Cortex-X1
fix(cpus): workaround for CVE-2024-5660 for Neoverse-N2
fix(cpus): workaround for CVE-2024-5660 for Cortex-A710
fix(cpus): workaround for CVE-2024-5660 for Neoverse-V2
fix(cpus): workaround for CVE-2024-5660 for Cortex-X3
fix(cpus): workaround for CVE-2024-5660 for Neoverse-V3
fix(cpus): workaround for CVE-2024-5660 for Cortex-X4
Remove XFERLIST_TB_FW_CONFIG as the corresponding patch to add it to the
specification [1] has been abandoned and there are no plans for it to be
merged, with the information it contains being moved to a transfer list
instead.
[1] https://github.com/FirmwareHandoff/firmware_handoff/pull/37
Change-Id: If4a21d56b87bafc2f4894beefd73ac51e36e6571
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Mbed-TLS requires platforms to allocate it a heap for it's own internal
usage. This heap is typically between shared by BL1 and BL2 to conserve
memory.The base address and size of the heap are conveyed from BL1 to
BL2 through the config TB_FW_CONFIG.
This slightly awkward approach necessitates declaring a placeholder node
in the DTS. At runtime, this node is populated with the actual values of
the heap information. Instead, since this is dynamic information, and
simple to represent through C structures, transmit it to later stages
using the firmware handoff framework.
With this migration, remove references to TB_FW_CONFIG when firmware
handoff is enabled, as it is no longer needed. The setup code now relies
solely on TL structures to configure the TB firmware
Change-Id: Iff00dc742924a055b8bd304f15eec03ce3c6d1ef
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Add a struct to store information about the memory location of the heap,
intended for use with cryptographic libraries such as Mbed-TLS.
Change-Id: I42e6bbdbd3a353e01d70fb09b77edeef9498fd98
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The initialization logic for the secure transfer list is currently
scattered and duplicated across platform setup code. This not only leads
to inefficiency but also complicates access to transfer lists from other
parts of the code without invoking setup functions. For instance,
arm_bl2_setup_next_ep_info acts as a thin wrapper in arm_bl2_setup.c to
provide access to the secure transfer list.
To streamline the interface, all setup code has been consolidated into a
central location.
Change-Id: I99d2a567ff39df88baa57e7e08607fccb8af189c
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Our implementation of printf does not support flag format specifiers.
Our previous format specification as a result was causing the integer
values to be omitted. This change updates the formatting to ensure
accurate and complete error messages are displayed.
Change-Id: I80cfb5fd7ff26e44cfad4e06803d9e0912488136
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Add a function to check whether a transfer list has been initialized
at the input address. If not, initialize a transfer list at the
specified location with the given size. This is to help ensure that we
don't accidently overwrite a transfer list that's been passed from a
previous stage.
Change-Id: Ic5906626df09d3801435488e258490765e8f81eb
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Fix dangling comments around define guards, addressing leftovers from
fe94a21a6 ("fix(arm): move HW_CONFIG relocation into BL31") which
implicitly removed constraints on using HW_CONFIG with RESET_TO_BL2.
Change-Id: I19d61812fed6fa4b668875e5bf4eafd1a8a660f6
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The failure was caused by missing a variable definition, `status`
in the RSE initialisation patch.
Change-Id: I937a39e20fae39f3a6d14fe66af578c166545301
Signed-off-by: Icen.Zeyada <Icen.Zeyada2@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-X925
revisions r0p0, r0p1.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I9d5a07ca6b89b27d8876f4349eff2af26c962d8a
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-X2
revisions r0p0, r1p0, r2p0, r2p1.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: If28804e154617a39d7d52c40b3a00a14a39df929
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-A77
revisions r0p0, r1p0, r1p1.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: Ic71b163883ea624e9f2f77deb8b30c69612938b9
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Neoverse-V1
revisions r0p0, r1p0, r1p1, r1p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: Ia59452ea38c66b291790956d7f2880bfcd56d45f
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-A78_AE
revisions r0p0, r0p1, r0p2, r0p3.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I33ac653fcb45f687fe9ace1c76a3eb2000459751
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-A78C
revisions r0p0, r0p1, r0p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: Ieb8d7b122320d16bf8987a43dc683ca41227beb5
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-A78
revisions r0p0, r1p0, r1p1, r1p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I4e40388bef814481943b2459fe35dd7267c625a2
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-X1
revisions r0p0, r1p0, r1p1, r1p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I3124db3980f2786412369a010ca6abbbbaa3b601
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Neoverse-N2
revisions r0p0, r0p1, r0p2, r0p3.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
This patch implements the erratum mitigation for Neoverse-N2.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I2b9dea78771cc159586a03ff563c0ec79591ea64
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-A710
revisions r0p0, r1p0, r2p0, r2p1.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I10feea238600dcceaac7bb75a59db7913ca65cf1
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Neoverse-V2
revisions r0p0, r0p1, r0p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: If66687add52d16f68ce54fe5433dd3b3f067ee04
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-X3
revisions r0p0, r1p0, r1p1, r1p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: Ibe90313948102ece3469f2cfe3faccc7f4beeabe
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Neoverse-V3
revisions r0p0, r0p1.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I9ed2590bf1215bf6a692f01dfd351e469ff072f8
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-X4
revisions r0p0, r0p1, r0p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I378cb4978919cced03e7febc2ad431c572eac72d
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
We never directly reference the event handlers so they look like fair
game to be garbage collected when building with LTO.
Tell the compiler that we definitely need them and to leave them alone.
Change-Id: Iac672ce85e20328d25acbc3f5e544ad157eebf48
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
When GICR_WAKER.ProcessorSleep == 1 (i.e. after gicv3_cpuif_disable())
the GIC will assert the WakeRequest signal to try and wake the core up
instead of delivering an interrupt. This is useful when a core is in
some kind of suspend state.
However, when the core is properly off (CPU_OFF), it shouldn't get woken
up in any way other than a CPU_ON call. In the general case interrupts
would be routed away so this doesn't matter. But in case they aren't, we
want the core to stay off.
So turn the redistributor off on CPU_OFF calls. This will prevent the
WakeRequest from being sent.
Change-Id: I7f20591d1c83a4a9639281ef86caa79d6669b536
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
* changes:
feat(qemu-sbsa): add support for RME on SBSA machine
feat(qemu-sbsa): configure RMM manifest based on system RAM
feat(qemu-sbsa): configure GPT based on system RAM
feat(qemu-sbsa): adjust DT memory start address when supporting RME
feat(qemu-sbsa): relocate DT after the RMM when RME is enabled
feat(qemu-sbsa): dissociate QEMU NS start address and NS_DRAM0_BASE
feat(qemu-sbsa): increase maximum FIP size
refactor(qemu-sbsa): move all DT related functions to sbsa_platform.c
refactor(qemu-sbsa): create accessor functions for platform info
refactor(qemu-sbsa): rename function sip_svc_init() to something more meaningful
refactor(qemu-sbsa): move DT related structures to their own header
refactor(qemu-sbsa): rename struct dynamic_platform_info
refactor(qemu): make L0GPT size configurable
refactor(qemu): move GPT setup to BL31
fix(qemu-sbsa): fix compilation error when accessing DT functions
This patch fixes a bug which was introduced in commit
3065513 related to improper saving of EL1 context in the
context management library code when using 128-bit
system registers.
Bug explanation:
The function el1_sysregs_context_save still used the normal
macros that read all the system registers related to the EL1
context, which then involved casting them to uint64_t and
eventually writing them to a memory structure. This means that
the context management library was saving EL1-related SYSREG128
registers with the upper 64 bits zeroed out.
Alternative macros had previously been introduced for the EL2
context in the aforementioned commit, but not for EL1.
Some refactoring has also been done as part of this patch:
- Re-added "common" back to write_el2_ctx_common_sysreg128
- Added dummy SYSREG128 macros for cases when some features
are disabled
- Removed some newlines
Change-Id: I15aa2190794ac099a493e5f430220b1c81e1b558
Signed-off-by: Igor Podgainõi <igor.podgainoi@arm.com>
* changes:
feat(stm32mp2): add a runtime service for STGEN configuration
feat(stm32mp2): add common SMC runtime services
feat(stm32mp1): rework SVC services
Just like for SPE, we need to synchronize TRBE samples before we change
the context to ensure everything goes where it was intended to. If that
is not done, the in-flight entries might use any piece of now incorrect
context as there are no implicit ordering requirements.
Prior to root context, the buffer drain hooks would have done that. But
now that must happen much earlier. So add a tsb to prepare_el3_entry as
well.
Annoyingly, the barrier can be reordered relative to other instructions
by default (rule RCKVWP). So add an isb after the psb/tsb to assure that
they are ordered, at least as far as context is concerned.
Then, drop the buffer draining hooks. Everything they need to do is
already done by now. There's a notable difference in that there are no
dsb-s now. Since EL3 does not access the buffers or the feature
specific context, we don't need to wait for them to finish.
Finally, drop a stray isb in the context saving macro. It is now
absorbed into root context, but was missed.
Change-Id: I30797a40ac7f91d0bb71ad271a1597e85092ccd5
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
