Add documentation for the new build option ENABLE_SPMD_LP.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I808e6c00e3699fc900dc97e889af63cc01cae794
This patch adds a basic el3 spmd logical partition to the fvp platform
via a platform specific smc handler. One of the use cases for el3
logical partitions is to have the ability to translate sip calls into
ff-a direct requests via the use of spmd logical partitions. The smc
handler creates a direct request based on the incoming smc parameters
and forwards the call as a direct request from the spmd logical
partition to the target secure partition.
Change-Id: If8ba9aab8203924bd00fc1dcdf9cd05a9a04a147
This patch changes spmd.mk to include one or more SPMD logical
partitions specific to a platform. It also adds a basic SPMD logical
partition to fvp.
Change-Id: I2075e0458c92813913b28cbf4cfffc1f151e65cf
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
This patch enables FF-A secure partitions and the SPMC to query EL3 SPMD
logical partitions that are present in the system via partition get info
regs abi. Note that normal world will not be able to see EL3 SPMD
logical partitions as per the spec.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I3fca8aed8ae156a559a74521803324c13ae3d55a
This patch adds support for an EL3 SPMD logical partition to discover
secure partitions using the FFA_PARTITION_INFO_GET_REGS abi. It also
adds helper functions for a logical partition to use the information
returned in registers in a meaningful way.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: Id69488e7367e17e2dfa6c8e332be3c8d41f6c773
Move ffa_partition_info_get definitions from EL3 SPMC private header
files to common header files. The structures are common to FF-A and are
useful for the EL3 SPMD logical partitions.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I19de3f6cb3351afa873022da1397a475a84e3d8b
This patch implements an API that is exposed to SPMD logical partitions
that can be used to send direct messages to a secure partition.
It also adds required code in the SPMD smc handler to complete the
direct response appropriately.
Change-Id: I2d0e38415f13ad4fd28f8984d565036b7d3a9e71
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
This involves replacing:
* the reset_func with the standard cpu_reset_func_{start,end} to apply
errata automatically
* the <cpu>_errata_report with the errata_report_shim to report errata
automatically
...and for each erratum:
* the prologue with the workaround_<type>_start to do the checks and
framework registration automatically
* the epilogue with the workaround_<type>_end
* the checker function with the check_erratum_<type> to make it more
descriptive
It is important to note that the errata workaround sequences remain
unchanged and preserve their git blame.
Testing was conducted by:
* Manual comparison of disassembly of converted functions with non-
converted functions
aarch64-none-elf-objdump -D <trusted-firmware-a with conversion>/build/fvp/release/bl31/bl31.elf
vs
aarch64-none-elf-objdump -D <trusted-firmware-a clean repo>/build/fvp/release/bl31/bl31.elf
* Build for release with all errata flags enabled and run default tftf
tests
CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp DEBUG=0 \
CTX_INCLUDE_AARCH32_REGS=0 HW_ASSISTED_COHERENCY=1 USE_COHERENT_MEM=0 \
BL33=./../tf-a-tests/build/fvp/release/tftf.bin \
WORKAROUND_CVE_2022_23960=1 ERRATA_ABI_SUPPORT=1 all fip
* Build for debug with all errata enabled and step through ArmDS
at reset to ensure all functions are entered.
Change-Id: I34e27e468d4f971423a03a95a4a52f4af8bd783a
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
* changes:
feat(bl32): print entry point before exiting SP_MIN
fix(bl32): avoid clearing argument registers in RESET_TO_SP_MIN case
fix(bl32): always include arm_arch_svc in SP_MIN
fix(services): disable workaround discovery on aarch32 for now
Added to .gitignore the following path, as it was
noticed as untracked after a TF-A CI run:
tools/memory/memory/__pycache__/
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I35ba6f6a33593671c11f8e33c28545ae9bc57b4c
TF-A makefile accepts a device-tree snippet to override hardcoded SP
nodes, via the `ARM_BL2_SP_LIST_DTS` variable. However the SPs declared
in `ARM_BL2_SP_LIST_DTS` must be in the same order as they are in the
FIP image, otherwise hash authentication will fail when loaded by BL2.
This patch generates the `ARM_BL2_SP_LIST_DTS` file from the
`sp_layout.json` file. The SPs in the FIP image are also generated from
`sp_layout.json`, so this ensures that there is only one source of truth
for the SP list, removing the possibility to have the lists disagree
with each other.
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
Change-Id: I7d76715135c596605c6a02aad5196d967dfeb1ce
Convert Neoverse V2 to use CPU helpers, in this case that's
only two spots.
Change-Id: Icd250f92974e8a50c459038de7644a2e68007589
Signed-off-by: Moritz Fischer <moritzf@google.com>
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
For V2, this involves replacing:
- The reset_func with the standard cpu_reset_func_{start,end}
to apply errata automatically
- The <cpu>_errata_report with the errata_report_shim to
report errata automatically
And for each erratum:
- The prologue with the workaround_<type>_start to do the checks and
framework registration automatically at reset or runtime
- The epilogue with the workaround_<type>_end
- The checker function with the check_erratum_<type> to check whether
the erratum applies on the revision of the CPU.
It is important to note that the errata workaround sequences remain
unchanged and preserve their git blame.
Testing was conducted by:
* Manual comparison of disassembly of converted functions with non-
converted functions
aarch64-none-elf-objdump -D <trusted-firmware-a with conversion>/build/fvp/release/bl31/bl31.elf
vs
aarch64-none-elf-objdump -D <trusted-firmware-a clean repo>/build/fvp/release/bl31/bl31.elf
* Build for release with all errata flags enabled and run default tftf
tests
CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp CTX_INCLUDE_AARCH32_REGS=0 \
HW_ASSISTED_COHERENCY=1 USE_COHERENT_MEM=0 \
BL33=./../tf-a-tests/build/fvp/debug/tftf.bin \
ERRATA_V2_2801372 WORKAROUND_CVE_2022_23960=1 ERRATA_ABI_SUPPORT=1 all fip
* Build for debug with all errata enabled and step through ArmDS
at reset to ensure all functions are entered.
Change-Id: Ic968844d6aabea3867189d747769ced8faa87e56
Signed-off-by: Moritz Fischer <moritzf@google.com>
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Not including the proper CPU file can halt execution at the
reset_handler since the cpu_ops obtained will be invalid and therefore
the cpu reset function will be invalid too, unless SUPPORT_UNKNOWN_MPID
is enabled.
This patch adds an assert to check for the validity of the obtained
cpu_ops object and will display an error if the object is invalid.
Change-Id: I0e1661745e4a692aab5e910e110c2de0caf64f46
Signed-off-by: Thaddeus Serna <Thaddeus.Gonzalez-Serna@arm.com>
* changes:
fix(versal-net): make pmc ipi channel as secure
fix(versal): make pmc ipi channel as secure
fix(versal-net): add redundant call to avoid glitches
fix(versal-net): change flag to increase security
This patch details the required packages and terminal commands for
building the documentation in PDF format locally.
Change-Id: Ic5f416b73e46d5f362fe9eb909200b95eda19e6a
Signed-off-by: Elizabeth Ho <elizabeth.ho@arm.com>
Similar to Cortex-A53, the AArch32-only Cortex-A7/12/15/17 have an
(optional) integrated L2 cache that might need to be flushed if the
whole cluster is powered down. However, unlike Cortex-A53 there is
currently no L2 cache flush in the cluster_pwr_dwn implementation for
some reason. This causes problems if there is unwritten data left in
the L2 cache during a cluster power off.
Fix this by adding the L2 cache flush similar to cortex_a53.S.
Change-Id: Icd087bef9acff11e03edcaa0d26dd8b8e30796b7
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
* changes:
refactor(cpus): convert the Cortex-A710 to use cpu helpers
refactor(cpus): convert Cortex-A710 to use the errata framework
refactor(cpus): reorder Cortex-A710 errata by ascending order
feat(cpus): make revision procedure call optional
Align entire TF-A to use Arm in copyright header.
Change-Id: Ief9992169efdab61d0da6bd8c5180de7a4bc2244
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
* changes:
chore(ethos-n): use non blocking soft reset on npu
docs(ethos-n): update build-options.rst
refactor(ethos-n): move build flags to ethosn_npu.mk
Make PMC IPI channel for Versal NET as secure so that NS
systems cannot directly access or modify secure systems.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I75ba8796859dcb35644f3e144d7dc5926755ef78
Make PMC IPI channel for Versal as secure so that NS systems
cannot directly access or modify secure systems.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I22148653fa2d27941cb3031ac790892cee0d1796
Add redundant macro call to increase security by making
code glitch immune as security operations might be
called with the IPI command.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I84d84cca258b7cd981f62816c51032341e19095c
Currently security flag is set to SECURE by default and
is changed to NON_SECURE if NS system is detected. In this
case NS system may access secure system if condition check
gets skipped due to glitches.
So, initialize security_flag to NON_SECURE_FLAG and switch
to SECURE_FLAG if the TrustZone bit is detected to be
in more secure state.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I7af54465bd8744ba97a58c02607631ee23619d47
override_vector_table does adr, followed by an msr ops.
Accidentally was used here for for adr and mrs op.
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Change-Id: I2d3fda12acd097acabbde9b7dcc376d08419e223
This involves replacing:
* the reset_func with the standard cpu_reset_func_{start,end} to apply
errata automatically
* the <cpu>_errata_report with the errata_report_shim to report errata
automatically
...and for each erratum:
* the prologue with the workaround_<type>_start to do the checks and
framework registration automatically
* the epilogue with the workaround_<type>_end
* the checker function with the check_erratum_<type> to make it more
descriptive
It is important to note that the errata workaround and checking
sequences remain unchanged and preserve their git blame. Testing was
conducted by:
* Building for release with all errata flags enabled and running script
in change 19136 to compare output of objdump for each errata.
* Manual comparison of disassembly of converted functions with non-
converted functions
* Build for debug with all errata enabled and step through ArmDS
at reset to ensure all functions are entered.
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Change-Id: I417539ab292f13a4f0949625d2fef6b7792fbd35
Errata report order is enforced to be in ascending order. To achieve
this with the errata framework this has to be done at the definition
level.
Change-Id: I4a6ed55d48e91ec914b7a591c6d30da5ce5d915d
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
For runtime errata, we should avoid generating calls to
`cpu_get_rev_var` unless its necessary. Make the path that generates
this call parameterized, and cache the result in a temporary register to
allow future calls that go down the alternate path to retrieve the cache
CPU revision.
Change-Id: I9882ede76568fbd9a7ccd4caa74eff0c66a7b20e
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Move documentation related to Arm(R) Ethos(TM)-N NPU driver from
docs/plat/arm/arm-build-options.rst to
docs/getting_started/build-options.rst.
Signed-off-by: Rajasekaran Kalidoss <rajasekaran.kalidoss@arm.com>
Change-Id: I388e8dcd3950b11bc3305f5e6396ee2e49c04493
The build flags to enable the Arm(R) Ethos(TM)-N NPU driver are in arm
platform specific make files i.e. plat/arm/common/arm_common.mk. These
flags are renamed and moved to ethosn_npu.mk. Other source and make
files are changed to reflect the changes in these flags.
Signed-off-by: Rajasekaran Kalidoss <rajasekaran.kalidoss@arm.com>
Change-Id: I6fd20225343c574cb5ac1f0f32ff2fc28ef37ea6
* changes:
feat(qemu): add dummy plat_mboot_measure_key() function
docs(rss): update RSS doc for signer-ID
feat(imx): add dummy 'plat_mboot_measure_key' function
feat(tc): implement platform function to measure and publish Public Key
feat(auth): measure and publicise the Public Key
feat(fvp): implement platform function to measure and publish Public Key
feat(fvp): add public key-OID information in RSS metadata structure
feat(auth): add explicit entries for key OIDs
feat(rss): set the signer-ID in the RSS metadata
feat(auth): create a zero-OID for Subject Public Key
docs: add details about plat_mboot_measure_key function
feat(measured-boot): introduce platform function to measure and publish Public Key
The ID field populated for every FVP PWRC register interface must be
computed from the affinity level values from MPIDR.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: If1474fd25704911f8f717dafb419a0734b99a4ec
