These bits (MDCR_EL3.{NSTB, NSTBE, TTRF, TPM}, CPTR_EL3.TTA) only affect
EL2 (and lower) execution. Each feat_init_el3() is called long before
any lower EL has had a chance to execute, so setting the bits at reset
is redundant. Removing them from reset code also improves readability of
the immutable EL3 state.
Preserve the original intention for the TTA bit of "enabled for NS and
disabled everywhere else" (inferred from commit messages d4582d3088 and
2031d6166a and the comment). This is because CPTR_EL3 will be contexted
and so everyone will eventually get whatever NS has anyway.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I3d24b45d3ea80882c8e450b2d9db9d5531facec1
With the introduction of FEAT_RME MDCR_EL3 bits NSPB and NSPBE depend on
each other. The enable code relies on the register being initialised to
zero and omits to reset NSPBE. However, this is not obvious. Reset the
bit explicitly to document this.
Similarly, reset the STE bit , since it's part of the feature enablement.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I3714507bae10042cdccd2b7bc713b31d4cdeb02f
The FEAT_MTPMU feature disable runs very early after reset. This means,
it needs to be written in assembly, since the C runtime has not been
initialised yet.
However, there is no need for it to be initialised so soon. The PMU
state is only relevant after TF-A has relinquished control. The code
to do this is also very verbose and difficult to read. Delaying the
initialisation allows for it to happen with the rest of the PMU. Align
with FEAT_STATE in the process.
BREAKING CHANGE: This patch explicitly breaks the EL2 entry path. It is
currently unsupported.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I2aa659d026fbdb75152469f6d19812ece3488c6f
The enablement code for the PMU is scattered and difficult to track
down. Factor out the feature into its own lib/extensions folder and
consolidate the implementation. Treat it is as an architecturally
mandatory feature as it is currently.
Additionally, do some cleanup on AArch64. Setting overflow bits in
PMCR_EL0 is irrelevant for firmware so don't do it. Then delay the PMU
initialisation until the context management stage which simplifies the
early environment assembly. One side effect is that the PMU might count
before this happens so reset all counters to 0 to prevent any leakage.
Finally, add an enable to manage_extensions_realm() as realm world uses
the pmu. This introduces the HPMN fixup to realm world.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie13a8625820ecc5fbfa467dc6ca18025bf6a9cd3
Make the default value for MTPME always be 1 to preserve the reset
behaviour on newer revisions and on older revisions where the bit is
RES0 it doesn't matter.
Before its introduction MDCR_EL3.MTPME was RES0. Upon its introduction
the field resets to 1, making the MTPMU architecturally "enabled". As
such, the logical action on TF-A's part is to "disable" it, which led to
the introduction of DISABLE_MTPMU.
This hinges on the assumption that MDCR_EL3.MTPME will always be 1
unless the above flag is set. Unfortunately this is not the case, as the
reset value is overwritten at reset with a macro that sets this bit to
0.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie570774972f246b3aa41dc016ecbcc6fc2f581f6
Debugging assembly is painful as it is, and having no useful stack trace
does not help. Code must emit CFI directives whenever the stack moves to
enable stack traces. Otherwise, the layout of the stack frame is
ambiguous, the debugger gives up, and shows nothing. The compiler does
this automatically for C but not assembly.
Add this information to the (currently unused) func_prologue macro.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ief5fd672285df8d9d90fa6a2214b5c6e45eddd81
At the moment, TF-A does not need to access VAs or PAs larger than
48 bits, so this patch just enables proper detection of support
for 4KB and 16KB granularity with 52 bits address support.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Iccebbd5acc21f09dbb234ef21a802300e290ec18
The cpu_macros.S file is loaded with lots of definitions for the cpu_ops
structure. However, since they are defined as .equ directives they are
inaccessible for C code. Convert them to #defines, put them into order,
refactor them for readability, and extract them to a separate file to
make this possible.
This has the benefit of removing some Aarch differences and a lot of
duplicate code.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I72861794b6c9131285a9297d5918822ed718b228
When using the ENABLE_STACK_PROTECTOR=strong build option, the QEMU code
will try to use the RNDR CPU instructions to initialise the stack
canary. Since the instructions are defined for AArch64 only, this will
fail to build for AArch32.
And even though we now always return "false" when asked about the
availability of the RNDR instruction, the compiler will still leave the
reference to read_rdnr() in, if optimisations are turned off (-O0).
Avoid this by providing a dummy read_rndr() implementation, that makes
the linker happy in any case.
This fixes the QEMU build for AArch32 with ENABLE_STACK_PROTECTOR=strong
Change-Id: Ibf450ba4a46167fdf3a14a527d338350ced8b5ba
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Many newer architecture features are defined for AArch64 only, so cannot
be used in an AArch32 build.
To avoid #ifdef-ing every single user, just provide trivial
implementations of the feature check functions is_feat_xxx_supported(),
which always return "false" in AArch32. The compiler will then optimise
out the dependent code automatically.
Change-Id: I1e7d653fca0e676a11858efd953c2d623f2d5c9e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
FEAT_PAN is implemented in AArch32 as well, provide the helper functions
to query the feature availability at runtime.
Change-Id: I375e3eb7b05955ea28a092ba99bb93302af48a0e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_RAS to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (FEAT_RAS=2), by splitting
is_armv8_2_feat_ras_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access RAS related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_ras_supported() function to guard its execution.
Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.
Change-Id: I30498f72fd80b136850856244687400456a03d0e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
This patch adds the errata management firmware interface for lower ELs
to discover details about CPU erratum. Based on the CPU erratum
identifier the interface enables the OS to find the mitigation of an
erratum in EL3.
The ABI can only be present in a system that is compliant with SMCCCv1.1
or higher. This implements v1.0 of the errata ABI spec.
For details on all possible return values, refer the design
documentation below:
ABI design documentation:
https://developer.arm.com/documentation/den0100/1-0?lang=en
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Change-Id: I70f0e2569cf92e6e02ad82e3e77874546232b89a
FEAT_SME2 is an extension of FEAT_SME and an optional feature
from v9.2. Its an extension of SME, wherein it not only
processes matrix operations efficiently, but also provides
outer-product instructions to accelerate matrix operations.
It affords instructions for multi-vector operations.
Further, it adds an 512 bit architectural register ZT0.
This patch implements all the changes introduced with FEAT_SME2
to ensure that the instructions are allowed to access ZT0
register from Non-secure lower exception levels.
Additionally, it adds support to ensure FEAT_SME2 is aligned
with the existing FEATURE DETECTION mechanism, and documented.
Change-Id: Iee0f61943304a9cfc3db8f986047b1321d0a6463
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Macro esb used in TF-A executes the instruction "esb" and is kept under
RAS_EXTENSION macro. RAS_EXTENSION, as it stands today, is only enabled
for platforms which wants RAS errors to be handled in Firmware while esb
instruction is available when RAS architecture feature is present
irrespective of its handling.
Currently TF-A does not have mechanism to detect whether RAS is present
or not in HW, define this macro unconditionally.
Its harmless for non-RAS cores as this instruction executes as NOP.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I556f2bcf5669c378bda05909525a0a4f96c7b336
At the moment we only support FEAT_DIT to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_DIT=2), by splitting
is_armv8_4_dit_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed).
We use ENABLE_DIT in two occassions in assembly code, where we just set
the DIT bit in the DIT system register.
Protect those two cases by reading the CPU ID register when ENABLE_DIT
is set to 2.
Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.
Change-Id: I506d352f18e23c60db8cdf08edb449f60adbe098
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the current call stack without requiring a full stack
unwind. Enable access to this feature for EL2 and below, context
switching the newly added EL2 registers as appropriate.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I691aa7c22e3547bb3abe98d96993baf18c5f0e7b
The value of register HCRX_EL2 is UNKNOWN out of reset. This can
affect the behavior in lower exception levels, such as traps to
EL2 due to a wrong configuration of the register upon reset.
This patch initializes the register at EL3 and disables all traps
related to it.
On the other hand, new fields have been introduced for HCRX_EL2,
which are now defined in this patch, so they can be used in
further development.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I0bf1e949aa0d3be9f227358ad088a1ecb96ce222
Arm v8.9 introduces a series of features providing a new way to set memory
permissions. Instead of directly encoding the permissions in the page
tables the PTEs contain indexes into an array of permissions stored in
system registers, allowing greater flexibility and density of encoding.
Enable access to these features for EL2 and below, context switching the
newly added EL2 registers as appropriate. Since all of FEAT_S[12]P[IO]E
are separately discoverable we have separate build time options for
enabling them, but note that there is overlap in the registers that they
implement and the enable bit required for lower EL access.
Change the FVP platform to default to handling them as dynamic options so
the right decision can be made by the code at runtime.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: Icf89e444e39e1af768739668b505661df18fb234
When building the FVP platform with SPMD (which activates the context
switch code), but keeping ARM_ARCH_MINOR to 4 or lower, the assembler
will complain about the SCXTNUM_EL2 system register not being supported
by the "selected processor".
Allow building this combination of options by defining the SCXTNUM_EL2
register via the generic S3_ encoding, so any assembler, with any -march
settings, will generate the access without any warnings.
We do protect accesses to this register by runtime checks, if not
explicitly requested otherwise, so can override the toolchain in this
case.
Change-Id: I0941f4c4dcf541bd968c153b9c3fac61ca23f7ef
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add support for runtime detection (ENABLE_SVE_FOR_NS=2), by splitting
sve_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SVE specific setup.
Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.
Change-Id: I1caaba2216e8e2a651452254944a003607503216
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Add support for runtime detection (ENABLE_SME_FOR_NS=2), by splitting
feat_sme_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SME specific setup.
Change the FVP platform default to the now supported dynamic option
(=2),so the right decision can be made by the code at runtime.
Change-Id: Ida9ccf737db5be20865b84f42b1f9587be0626ab
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
The AMU extension code was using its own feature detection routines.
Replace them with the generic CPU feature handlers (defined in
arch_features.h), which get updated to cover the v1p1 variant as well.
Change-Id: I8540f1e745d7b02a25a6c6cdf2a39d6f5e21f2aa
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
So far we have the ENABLE_AMU build option to include AMU register
handling code for enabling and context switch. There is also an
ENABLE_FEAT_AMUv1 option, solely to protect the HAFGRTR_EL2 system
register handling. The latter needs some alignment with the new feature
scheme, but it conceptually overlaps with the ENABLE_AMU option.
Since there is no real need for two separate options, unify both into a
new ENABLE_FEAT_AMU name in a first step. This is mostly just renaming at
this point, a subsequent patch will make use of the new feature handling
scheme.
Change-Id: I97d8a55bdee2ed1e1509fa9f2b09fd0bdd82736e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support for FEAT_RNG to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (FEAT_RNG=2), by splitting
is_armv8_5_rng_present() into an ID register reading function and a second
function to report the support status. That function considers both build
time settings and runtime information (if needed), and is used before we
access the RNDRRS system register.
Change the QEMU platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.
Change-Id: I1a4a538d5ad395fead7324f297d0056bda4f84cb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
In ARMv8.4, the EL2 exception level got added to the secure world.
Adapt and rename the existing is_armv8_4_sel2_present() function, to
align its handling with the other CPU features.
Change-Id: If11e1942fdeb63c63f36ab9e89be810347d1a952
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support for FEAT_NV2 to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (CTX_INCLUDE_NEVE_REGS=2), by
splitting get_armv8_4_feat_nv_support() into an ID register reading
function and a second function to report the support status. That
function considers both build time settings and runtime information
(if needed), and is used before we access the VNCR_EL2 system register.
Also move the context saving code from assembly to C, and use the new
is_feat_nv2_supported() function to guard its execution.
Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.
Change-Id: I85b080641995fb72cfd4ac933f7a3f75770c2cb9
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_TWED to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_FEAT_TWED=2), by splitting
is_armv8_6_twed_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we set the trap delay time.
Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.
Change-Id: I58626230ef0af49886c0a197abace01e81f661d2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_CSV2_2 to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_FEAT_CSV2_2=2), by splitting
is_armv8_0_feat_csv2_2_present() into an ID register reading function
and a second function to report the support status. That function
considers both build time settings and runtime information (if needed),
and is used before we access the SCXTNUM_EL2 system register.
Also move the context saving code from assembly to C, and use the new
is_feat_csv2_2_supported() function to guard its execution.
Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.
Change-Id: I89c7bc883e6a65727fdbdd36eb3bfbffb2196da7
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_ECV to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_FEAT_ECV=2), by splitting
is_feat_ecv_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access the CNTPOFF_EL2 system register.
Also move the context saving code from assembly to C, and use the new
is_feat_ecv_supported() function to guard its execution.
Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.
Change-Id: I4acd5384929f1902b62a87ae073aafa1472cd66b
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_PAN to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_FEAT_PAN=2), by splitting
is_armv8_1_pan_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we PAN specific setup.
Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.
Change-Id: I58e5fe8d3c9332820391c7d93a8fb9dba4cf754a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
FEAT_SB introduces a new speculation barrier instruction, that is more
lightweight than a "dsb; isb" combination. We use that in a hot path,
so cannot afford and don't want a runtime detection mechanism.
Nevertheless align the implementation of the feature detection part
with the other features, but renaming the detection function, and
updating the FEAT_DETECTION code. Also update the documentation.
Change-Id: I2b86dfd1ad259c3bb99ab5186e2911ace454b54c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The "sb" barrier instruction is a rather new addition to the AArch64
instruction set, so it is not recognised by all toolchains. On top of
that, the GNU assembler denies this instruction, unless a compatible
processor is selected:
asm_macros.S:223: Error: selected processor does not support `sb'
Provide an alternative encoding of the "sb" instruction, by using a
system register write, as this is the group where the barrier
instructions borrow their encoding space from.
This results in the exact same opcode to be generated, and any
disassembler will decode this instruction as "sb".
Change-Id: I5f44c8321e0cc04c784e02bd838e964602a96a8e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support access to the trace unit by system
registers (SYS_REG_TRACE) to be either unconditionally compiled in, or
to be not supported at all.
Add support for runtime detection (ENABLE_SYS_REG_TRACE_FOR_NS=2), by
adding is_feat_sys_reg_trace_supported(). That function considers both
build time settings and runtime information (if needed), and is used
before we access SYS_REG_TRACE related registers.
The FVP platform decided to compile in support unconditionally (=1),
even though this is an optional feature, so it is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: I450a574a4f6bd9fc269887037049c94c906f54b2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_VHE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_FEAT_VHE=2), by splitting
is_armv8_1_vhe_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access VHE related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_vhe_supported() function to guard its execution.
Enable VHE in its runtime detection version for all FVP builds.
Change-Id: Ib397cd0c83e8c709bd6fed603560e39901fa672b
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_MPAM to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_MPAM_FOR_LOWER_ELS=2), by
splitting get_mpam_version() into an ID register reading
function and a second function to report the support status. That
function considers both build time settings and runtime information (if
needed), and is used before we access MPAM related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_mpam_supported() function to guard its execution.
ENABLE_MPAM_FOR_LOWER_ELS defaults to 0, so add a stub enable function
to cover builds with compiler optimisations turned off. The unused
mpam_enable() function call will normally be optimised away (because it
would never be called), but with -O0 the compiler will leave the symbol
in the object file.
Change-Id: I531d87cb855a7c43471f861f625b5a6d4bc61313
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_SPE_FOR_NS=2), by splitting
is_armv8_2_feat_spe_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access SPE related registers.
Previously SPE was enabled unconditionally for all platforms, change
this now to the runtime detection version.
Change-Id: I830c094107ce6a398bf1f4aef7ffcb79d4f36552
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the new registers.
Change the FVP platform to default to handling this as a dynamic option so
the right decision can be made by the code at runtime.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I297452acd8646d58bac64fc15e05b06a543e5148
BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).
BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.
Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
