At the moment we only support FEAT_ECV to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_FEAT_ECV=2), by splitting
is_feat_ecv_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access the CNTPOFF_EL2 system register.
Also move the context saving code from assembly to C, and use the new
is_feat_ecv_supported() function to guard its execution.
Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.
Change-Id: I4acd5384929f1902b62a87ae073aafa1472cd66b
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_PAN to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_FEAT_PAN=2), by splitting
is_armv8_1_pan_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we PAN specific setup.
Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.
Change-Id: I58e5fe8d3c9332820391c7d93a8fb9dba4cf754a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
FEAT_SB introduces a new speculation barrier instruction, that is more
lightweight than a "dsb; isb" combination. We use that in a hot path,
so cannot afford and don't want a runtime detection mechanism.
Nevertheless align the implementation of the feature detection part
with the other features, but renaming the detection function, and
updating the FEAT_DETECTION code. Also update the documentation.
Change-Id: I2b86dfd1ad259c3bb99ab5186e2911ace454b54c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The "sb" barrier instruction is a rather new addition to the AArch64
instruction set, so it is not recognised by all toolchains. On top of
that, the GNU assembler denies this instruction, unless a compatible
processor is selected:
asm_macros.S:223: Error: selected processor does not support `sb'
Provide an alternative encoding of the "sb" instruction, by using a
system register write, as this is the group where the barrier
instructions borrow their encoding space from.
This results in the exact same opcode to be generated, and any
disassembler will decode this instruction as "sb".
Change-Id: I5f44c8321e0cc04c784e02bd838e964602a96a8e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support access to the trace unit by system
registers (SYS_REG_TRACE) to be either unconditionally compiled in, or
to be not supported at all.
Add support for runtime detection (ENABLE_SYS_REG_TRACE_FOR_NS=2), by
adding is_feat_sys_reg_trace_supported(). That function considers both
build time settings and runtime information (if needed), and is used
before we access SYS_REG_TRACE related registers.
The FVP platform decided to compile in support unconditionally (=1),
even though this is an optional feature, so it is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: I450a574a4f6bd9fc269887037049c94c906f54b2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
For builds where we don't have a certain feature enabled, we provide
empty stub xxx_enable() functions in a header file. This way we
avoid #ifdef's in the code, and can call the enable function
unconditionally. When compiling with -O1 or higher, the compiler will
even optimise out the whole call, so the symbol will never make it into
any object file.
When compiling with optimisations turned off, the function stub will
survive, and could make it into multiple object files, which would lead
to a multiple definitons error.
Avoid this by defining those stub functions as "static inline". The
"static" will avoid the multiple definitions problems, the "inline" will
avoid a potential compiler warning about unused functions.
This patterns is used extensively in the Linux kernel.
Change-Id: Iad07bb946aab372587c83f2423b4983bf3817990
Reported-by: Chris Kay <chris.kay@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Cortex-A78C erratum 1827430 is a Cat B erratum that applies to
revision r0p0 and is fixed in r0p1.
The workaround is to set the CPUECTLR_EL1[53] to 1, which disables
allocation of splintered pages in the L2 TLB.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1707916/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ie68771bdd3bddeff54d06b6a456dad4a7fc27426
This patch updates the PSCI_FEATURES handler to indicate support for
OS-initiated mode per section 5.15.2 of the PSCI spec (DEN0022D.b) based
on the value of `FF_SUPPORTS_OS_INIT_MODE`, which is conditionally
enabled by the `PSCI_OS_INIT_MODE` build option.
Change-Id: I5da8a989b53419ad2ab55b73ddeee6e882c25554
Signed-off-by: Wing Li <wingers@google.com>
This patch adds a `psci_validate_state_coordination` function that is
called by `psci_cpu_suspend_start` in OS-initiated mode.
This function validates the request per sections 4.2.3.2, 5.4.5, and 6.3
of the PSCI spec (DEN0022D.b):
- The requested power states are consistent with the system's state
- The calling core is the last running core at the requested power level
This function differs from `psci_do_state_coordination` in that:
- The `psci_req_local_pwr_states` map is not modified if the request
were to be denied
- The `state_info` argument is never modified since it contains the
power states requested by the calling OS
This is conditionally compiled into the build depending on the value of
the `PSCI_OS_INIT_MODE` build option.
Change-Id: I667041c842d2856e9d128c98db4d5ae4e4552df3
Signed-off-by: Wing Li <wingers@google.com>
This patch adds a PSCI_SET_SUSPEND_MODE handler that validates the
request per section 5.20.2 of the PSCI spec (DEN0022D.b), and updates
the suspend mode to the requested mode.
This is conditionally compiled into the build depending on the value of
the `PSCI_OS_INIT_MODE` build option.
Change-Id: Iebf65f5f7846aef6b8643ad6082db99b4dcc4bef
Signed-off-by: Wing Li <wingers@google.com>
At the moment we only support FEAT_VHE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_FEAT_VHE=2), by splitting
is_armv8_1_vhe_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access VHE related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_vhe_supported() function to guard its execution.
Enable VHE in its runtime detection version for all FVP builds.
Change-Id: Ib397cd0c83e8c709bd6fed603560e39901fa672b
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_MPAM to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_MPAM_FOR_LOWER_ELS=2), by
splitting get_mpam_version() into an ID register reading
function and a second function to report the support status. That
function considers both build time settings and runtime information (if
needed), and is used before we access MPAM related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_mpam_supported() function to guard its execution.
ENABLE_MPAM_FOR_LOWER_ELS defaults to 0, so add a stub enable function
to cover builds with compiler optimisations turned off. The unused
mpam_enable() function call will normally be optimised away (because it
would never be called), but with -O0 the compiler will leave the symbol
in the object file.
Change-Id: I531d87cb855a7c43471f861f625b5a6d4bc61313
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Modern C compilers warn about unannotated switch/case fallthrough code,
and require either a comment with some magic words, or an explicit
compiler attribute.
Since some TF-A static analysis CI check suggests having a "fallthrough;"
statement instead of a comment, introduce a macro that implements that
statement, and emits the proper compiler attribute.
Change-Id: Ib34e615fb48d0f4a340aabfad4472e08d5c70248
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_SPE_FOR_NS=2), by splitting
is_armv8_2_feat_spe_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access SPE related registers.
Previously SPE was enabled unconditionally for all platforms, change
this now to the runtime detection version.
Change-Id: I830c094107ce6a398bf1f4aef7ffcb79d4f36552
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL3.NSPB accordingly.
This also means that the secure world cannot use SPE, so there is no
need to context switch the PMSCR_EL2 register.
Drop the SPE bits from the EL2 context switch code. If any of the other
EL2 worlds wish to start using SPE, this can be brought back.
Change-Id: Ie0fedb2aeb722a2c9db316051fbbe57ca0e3c0c9
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
As per SMCCC spec Table 2.1 bit 23:17 must be zero (MBZ),
for all Fast Calls, when bit[31] == 1.
Adding this check to ensure SMC FIDs when get to the SMC handler
have these bits (23:17) cleared, if not capture and report them
as an unknown SMCs at the core.
Also the C runtime stack is copied to the stackpointer well in
advance, to leverage the existing el3_exit routine for unknown SMC.
Change-Id: I9972216db5ac164815011177945fb34dadc871b0
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the new registers.
Change the FVP platform to default to handling this as a dynamic option so
the right decision can be made by the code at runtime.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I297452acd8646d58bac64fc15e05b06a543e5148
BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).
BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.
Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Adds a common function to poll for interrupt status which reports errors
and returns error codes
Signed-off-by: Anand Saminathan <anans@google.com>
Change-Id: Ie5df036dc979e984871de4ae7e974b994296ca4c
Neoverse V1 erratum 2743233 is a Cat B erratum that applies to
all revisions <= r1p2 and is still open.
The workaround sets CPUACTLR5_EL1[56:55] to 2'b01.
SDEN documentation: https://developer.arm.com/documentation/SDEN1401781/latest
Change-Id: If51a6f4293fa8b5b35c44edd564ebb715ba309a1
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Cortex-A78C erratum 2779484 is a Cat B erratum that applies to
revisions r0p1 and r0p2 and is still open.
The workaround is to set the CPUACTLR3_EL1[47] bit to 1. Setting this
bit might have a small impact on power and negligible impact on
performance.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2004089/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I9a8c16a845c3ba6eb2f17a5119aa6ca09a0d27ed
Cortex-A78 erratum 2742426 is a Cat B erratum that applies to
all revisions <= r1p2 and is still open.
The workaround is to set the CPUACTLR5_EL1[56:55] to 2'b01.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1401784/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I42506a87d41c9e2b30bc78c08d22f36e1f9635c1
Reserved 4KB area for Event Log in DRAM1. This area is used by BL2
to copy Event Log from internal SRAM to this carved out DRAM region
in the subsequent patch.
Change-Id: I7b405775c66d249e31edf7688d95770e6c05c175
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently most of the architectural feature build flags are set
to 2(FEATURE_STATE_CHECK) for fvp platform only.
However other platforms still configure them by default to 0, which
would lead to build failures in cases when compiler configured
to build TF-A with zero optimization (CFLAGS='-O0').
This patch addresses such build issues and thereby resolves the failures
seen under CI-l3 test_configurations.
Change-Id: I45b82b821951bba6b9df08177f7d286e624a4239
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
commit (a8eadc51a refactor(mbedtls): avoid including
MBEDTLS_CONFIG_FILE) avoids using config file directly and relies on
config file usage from mbedtls version.h
But we could build trusted boot without mbedtls dir so guard version.h
include in cot_def.h with availability of config file.
Also we refactored in same commit to break dependencies between
auth_mod.h and cot_def.h, So add cot_def.h include in nxp tbbr
cot file.
Change-Id: I4779e90c18f04c73d2121c88df6420b4b1109c8b
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
* changes:
refactor(trf): enable FEAT_TRF for FEAT_STATE_CHECKED
refactor(brbe): enable FEAT_BRBE for FEAT_STATE_CHECKED
refactor(trbe): enable FEAT_TRBE for FEAT_STATE_CHECKED
fix(cpufeat): context-switch: move FGT availability check to callers
feat(cpufeat): extend check_feature() to deal with min/max
refactor(cpufeat): wrap CPU ID register field isolation
At the moment we only support FEAT_TRF to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_TRF_FOR_NS=2), by splitting
is_feat_trf_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access TRF related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_trf_supported() function to guard its execution.
The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_TRF is an ARMv8.4 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: Ia97b01adbe24970a4d837afd463dc5506b7295a3
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_BRBE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_BRBE_FOR_NS=2), by splitting
is_feat_brbe_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access BRBE related registers.
The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_BRBE is an ARMv9 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: I5f2e2c9648300f65f0fa9a5f8e2f34e73529d053
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_TRBE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_TRBE_FOR_NS=2), by splitting
is_feat_trbe_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access TRBE related registers.
The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_TRBE is an ARMv9 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: Iee7f88ea930119049543a8a4a105389997e7692c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Some MISRA test complains about our code to isolate CPU ID register
fields: the ID registers (and associated masks) are 64 bits wide, but
the eventual field is always 4 bits wide only, so we use an unsigned
int to represent that. MISRA dislikes the differing width here.
Since the code to extract a feature field from a CPU ID register is very
schematic already, provide a wrapper macro to make this more readable,
and do the proper casting in one central place on the way.
While at it, use the same macro for the AArch32 feature detection side.
Change-Id: Ie102a9e7007a386f5879ec65e159ff041504a4ee
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
feat(stm32mp1): add mbedtls-3.3 support config
refactor(fvp): minor cleanup with TRUSTED_BOARD_BOOT
style(crypto): add braces for if statement
feat(fvp): increase BL1_RW and BL2 size
feat(mbedtls): add support for mbedtls-3.3
refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options
refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE
The PRDT length field contains the count of the entries in the PRDT. See
JEDEC Standard No. 223E, section 6.1.1, "UTP Transfer Request
Descriptor," page 66. Previously we were setting the PRDT length field
to the number of bytes in the PRDT divided by four (the size in units of
32 bits). This was incorrect according to the spec.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: I960771e6ce57002872392993042fae9ec505447e
When we reach sysreg_handler64 from any trap handling we are entering
this path from lower EL and thus we should be calling lower_el_panic
reporting mechanism to print panic report.
Make report_elx_panic available through assembly func elx_panic which
could be used for reporting any lower_el_panic.
Change-Id: Ieb260cf20ea327a59db84198b2c6a6bfc9ca9537
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Current panic call invokes do_panic which calls el3_panic, but now panic
handles only panic from EL3 anid clear separation to use lower_el_panic()
which handles panic from lower ELs.
So now we can remove do_panic and just call el3_panic for all panics.
Change-Id: I739c69271b9fb15c1176050877a9b0c0394dc739
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Currently we call el3_panic for panics from EL3 and elx_panic for
panics from lower ELs.
When we boot into a rich OS environment and interact with BL31 using
SMC/ABI calls and we can also decide to handle any lower EL panics in
EL3. Panic can occur in lower EL from rich OS or during SMC/ABI calls
after context switch to EL3.
But after booting into any rich OS we may land in panic either from
rich OS or while servicing any SMC call, here the logic to use
el3_panic or elx_panic is flawed as spsr_el3[3:0] is always EL3h
and end up in elx_panic even if panic occurred from EL3 during
SMC handling.
We try to decouple the elx_panic usage for its intended purpose,
introduce lower_el_panic which would call elx_panic, currently
lower_el_panic is called from default platform_ea_handle which
would be called due to panic from any of the lower ELs.
Also remove the weak linkage for elx_panic and rename it to
report_elx_panic which could be used with lower_el_panic.
Change-Id: I268bca89c01c60520d127ef6c7ba851460edc747
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
