Cortex-A78C erratum 2743232 is a Cat B erratum that applies
to revisions r0p1 and r0p2 and is still open.
The workaround is to set CPUACTLR5_EL1[56:55] to 2'b01.
SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2004089/latest
Change-Id: Ic62579c2dd69b7a8cbbeaa936f45b2cc9436439a
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Neoverse V1 erratum 2348377 is a Cat B erratum that applies to
all revisions <= r1p1 and is fixed in r1p2. The workaround is to
set CPUACTLR5_EL1[61] to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1401781/latest
Change-Id: Ica402494f78811c85e56a262e1f60b09915168fe
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Cortex-X3 erratum 2779509 is a Cat B erratum that applies to
all revisions <= r1p1 and is fixed in r1p2. The workaround is
to set chicken bit CPUACTLR3_EL1[47], this might have a small
impact on power and has negligible impact on performance.
SDEN documentation:
https://developer.arm.com/documentation/2055130/latest
Change-Id: Id92dbae6f1f313b133ffaa018fbf9c078da55d75
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Arm has made the strategic decision to deprecate the TC1 platform.
Consequently, software development and the creation of fast models
for the TC1 platform have been officially discontinued.
The TC1 platform, now considered obsolete, has been succeeded by
the TC2 platform. It's noteworthy that the TC2 platform is already
integrated and supported in both TF-A and CI repositories.
Change-Id: Ia196a5fc975b4dbf3c913333daf595199968d95d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
A number of features are marked experimental in the build system through
makefiles but there wasn't an explicit document to list them.
Added a dedicated experimental build options section and moved
existing experimental build option descriptions in this section.
Restoring the change from [1] removing the experimental flag on the EL3
SPMC (this has been lost in rebasing a later change).
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/24713
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2c458c6857c347114b265404e8b9ede9ac588463
As part of the release process, revisit the list of maintainers to
keep it updated.
Change-Id: Ifdbbe0d0dd1c8db3e5fbc84affcceb6d3c7716d4
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
This change updates the model versions that we claim to be testing with
to reflect what the reality in the CI.
Change-Id: Ieb44f3f21cd0ba7149d47f7688698831c9eab487
Signed-off-by: Chris Kay <chris.kay@arm.com>
Arm Confidential Compute Architecture (Arm CCA) support, underpinned by
Arm Realm Management Extension (RME) support, brings in a few important
software and hardware architectural changes in TF-A, which warrants a
new security analysis of the code base. Results of this analysis are
captured in a new threat model document, provided in this patch.
The main changes introduced in TF-A to support Arm CCA / RME are:
- Presence of a new threat agent: realm world clients.
- Availability of Arm CCA Hardware Enforced Security (HES) to support
measured boot and trusted boot.
- Configuration of the Granule Protection Tables (GPT) for
inter-world memory protection.
This is only an initial version of the threat model and we expect to
enrich it in the future.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iab84dc724df694511508f90dc76b6d469c4cccd5
Removed RSS usage from the Base AEM FVP platform, as it wasn't
functional on this platform. The Base AEM FVP platform lacks
support for RSS.
Instead, the TC2 platform with RSS is available for actual RSS
interface implementation and testing.
Change-Id: I8f68157319399ab526f9e851b26dba903db5c2e7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Removed the PLAT_RSS_NOT_SUPPORTED build option, which was initially
introduced for building the Base AEM FVP platform platform with RSS.
However, we now have a well-defined TC2 platform with RSS, making it
unnecessary to keep this flag.
Note -
Theoretically this is a breaking change. Other platforms could be
using the PLAT_RSS_NOT_SUPPORTED build option. Among upstream platforms,
only the Base AEM FVP uses it right now but we don't know about
downstream platforms.
Change-Id: I931905a4c6ac1ebe3895ab6e0287d0fa07721707
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
TF-A supports reading input data from UART interfaces. This opens up
an attack vector for arbitrary data to be injected into TF-A, which is
not covered in the threat model right now.
Fill this gap by:
- Updating the data flow diagrams. Data may flow from the UART into
TF-A (and not only the other way around).
- Documenting the threats inherent to reading untrusted data from a
UART.
Change-Id: I508da5d2f7ad5d20717b958d76ab9337c5eca50f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
CryptoCell-712 and CryptoCell-713 drivers have been deprecated since
TF-A v2.9 and their removal was announced for TF-A v2.10 release.
See [1].
As the release is approaching, this patch deletes these drivers' code as
well as all references to them in the documentation and Arm platforms
code (Nuvoton platform is taken care in a subsequent patch). Associated
build options (ARM_CRYPTOCELL_INTEG and PLAT_CRYPTOCELL_BASE) have also
been removed and thus will have no effect if defined.
This is a breaking change for downstream platforms which use these
drivers.
[1] https://trustedfirmware-a.readthedocs.io/en/v2.9/about/release-information.html#removal-of-deprecated-drivers
Note that TF-A v3.0 release later got renumbered into v2.10.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Idabbc9115f6732ac1a0e52b273d3380677a39813
The EL3 SPMC is known to be deployed into end products and properly
tested since its introduction into TF-A v2.7.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I96bb897cfefef20c33cfc39627b10746dce5485c
There is no platform function to retrieve the info in the generic code.
Populate the BL32 image base, size and max limit in arg2, arg3 and arg4.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I35527fb41829102083b488a5150c0c707c5ede15
Introducing INIT_UNUSED_NS_EL2 macro which guards the code that
disables the unused EL2 when a platform hands off from EL3
to NS-EL1 instead of NS-EL2. Platforms without NS-EL2 in use
must enable this flag.
BREAKING CHANGE: Initialisation code for handoff from EL3 to NS-EL1
disabled by default. Platforms which do that need to enable this macro
going forward
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I61431cc4f7e2feb568d472828e5fd79cc73e51f5
Add a chapter "Version numbering" in release information file that
explains macros used for TF-A version. It also introduces VERSION_PATCH
macro that is used for LTS releases. A comment for this macro is also
added in Makefile.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I946b6cb91bb8454131f07b24534d28ab1aef1771
Cortex-X2 erratum 2742423 is a Cat B erratum that applies to all
revisions <= r2p1 and is still open.
The workaround is to set CPUACTLR5_EL1[56:55] to 2'b01.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775100/latest
Change-Id: I03897dc2a7f908937612c2b66ce7a043c1b7575d
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Cortex-A710 erratum 2742423 is a Cat B erratum that applies to all
revisions <= r2p1 and is still open. The workaround is to set
CPUACTLR5_EL1[56:55] to 2'b01.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775101/latest
Change-Id: I4d9d3760491f1e6c59b2667c16d59b99cc7979f1
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Neoverse N2 erratum 2340933 is a Cat B erratum that applies to
revision r0p0 and is fixed in r0p1. The workaround is to set
CPUACTLR5_EL1[61] to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1982442/latest
Change-Id: I121add0dd35072c53392d33f049d893a5ff6354f
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Neoverse N2 erratum 2346952 is a Cat B erratum that applies to all
revisions <= r0p2 and is fixed in r0p3.
The workaround is to set L2 TQ size statically to it's full size.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1982442/latest
Change-Id: I03c3cf1f951fbc906fdebcb99a523c5ac8ba055d
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
* changes:
docs(ras): update RAS documentation
docs(el3-runtime): update BL31 exception vector handling
fix(el3-runtime): restrict lower el EA handlers in FFH mode
fix(ras): remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT
fix(ras): restrict ENABLE_FEAT_RAS to have only two states
feat(ras): use FEAT_IESB for error synchronization
feat(el3-runtime): modify vector entry paths
Add information about Versal NET platform for TSP and provide
the build commands.
Change-Id: Id7c9d75f8a42813ca2bfd18494bfc6b73df0af52
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Add information about Versal platform for TSP and provide
the build commands.
Change-Id: I7106ab477a881c58e1c45863bd6854d188982282
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Add details about RAS error handling philosophies and its implementation
It also updates the tests introduced to verify them.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iedc8c1e713dad05baadd58e5752df36fa00121a7
This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
internal macro FFH_SUPPORT which gets enabled when platforms wants
to enable lower EL EA handling at EL3. The internal macro FFH_SUPPORT
will be automatically enabled if HANDLE_EA_EL3_FIRST_NS is enabled.
FFH_SUPPORT along with ENABLE_FEAT_RAS will be used in source files
to provide equivalent check which was provided by RAS_FFH_SUPPORT
earlier. In generic code we needed a macro which could abstract both
HANDLE_EA_EL3_FIRST_NS and RAS_FFH_SUPPORT macros that had limitations.
Former was tied up with NS world only while the latter was tied to RAS
feature.
This is to allow Secure/Realm world to have their own FFH macros
in future.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5692ccbf462f5dcc3f005a5beea5aa35124ac73
As part of migrating RAS extension to feature detection mechanism, the
macro ENABLE_FEAT_RAS was allowed to have dynamic detection (FEAT_STATE
2). Considering this feature does impact execution of EL3 and we need
to know at compile time about the presence of this feature. Do not use
dynamic detection part of feature detection mechanism.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I23858f641f81fbd81b6b17504eb4a2cc65c1a752
As the SEL2 SPMC design doc is migrated to Hafnium tree, remove the
reference to this implementation from TF-A's SPM-MM doc.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I1609c7d1d098420412dffc7b1309cc9c11502f8a
* changes:
docs: mark PSA_CRYPTO as an experimental feature
feat(fvp): increase BL1 RW area for PSA_CRYPTO implementation
feat(mbedtls-psa): mbedTLS PSA Crypto with ECDSA
