Cortex-A710 erratum 2742423 is a Cat B erratum that applies to all
revisions <= r2p1 and is still open. The workaround is to set
CPUACTLR5_EL1[56:55] to 2'b01.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775101/latest
Change-Id: I4d9d3760491f1e6c59b2667c16d59b99cc7979f1
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Neoverse N2 erratum 2340933 is a Cat B erratum that applies to
revision r0p0 and is fixed in r0p1. The workaround is to set
CPUACTLR5_EL1[61] to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1982442/latest
Change-Id: I121add0dd35072c53392d33f049d893a5ff6354f
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Neoverse N2 erratum 2346952 is a Cat B erratum that applies to all
revisions <= r0p2 and is fixed in r0p3.
The workaround is to set L2 TQ size statically to it's full size.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1982442/latest
Change-Id: I03c3cf1f951fbc906fdebcb99a523c5ac8ba055d
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
* changes:
docs(ras): update RAS documentation
docs(el3-runtime): update BL31 exception vector handling
fix(el3-runtime): restrict lower el EA handlers in FFH mode
fix(ras): remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT
fix(ras): restrict ENABLE_FEAT_RAS to have only two states
feat(ras): use FEAT_IESB for error synchronization
feat(el3-runtime): modify vector entry paths
Add information about Versal NET platform for TSP and provide
the build commands.
Change-Id: Id7c9d75f8a42813ca2bfd18494bfc6b73df0af52
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Add information about Versal platform for TSP and provide
the build commands.
Change-Id: I7106ab477a881c58e1c45863bd6854d188982282
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Introduces support for the Test Secure Payload (TSP) for AMD-Xilinx
Versal NET platform. TSP is a component for testing and validating
secure OS and trusted execution environments.
If a BL32 image is present, then there must be a matching Secure-EL1
Payload Dispatcher (SPD) service called TSPD, this service is
responsible for Initializing the TSP. During initialization that
service must register a function to carry out initialization of BL32
once the runtime services are fully initialized. BL31 invokes such
a registered function to initialize BL32 before running BL33.
The GICv3 driver is initialized in EL3 and does not need to be
initialized again in SEL1 GICv3 driver is initialized in EL3 This is
because the S-EL1 can use GIC system registers to manage interrupts
and does not need GIC interface base addresses to be configured.
The secure code load address is initially being pointed to 0x0 in the
handoff parameters, which is different from the default or user-provided
load address of 0x60000000. In this case, set up the PC to the
requested BL32_BASE address to ensure that the secure code is loaded
and executed from the correct location.
Change-Id: I58fe256dc9d6be5cee384c5ebb9baca2737c02a6
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Introduces support for the Test Secure Payload (TSP) for AMD-Xilinx
Versal platform. TSP is a component for testing and validating
secure OS and trusted execution environments.
If a BL32 image is present, then there must be a matching Secure-
EL1 Payload Dispatcher (SPD) service called TSPD, this service
is responsible for Initializing the TSP. During initialization that
service must register a function to carry out initialization of
BL32 once the runtime services are fully initialized. BL31 invokes
such a registered function to initialize BL32 before running BL33.
The GICv3 driver is initialized in EL3 and does not need to be
initialized again in SEL1 GICv3 driver is initialized in EL3
This is because the S-EL1 can use GIC system registers to manage
interrupts and does not need GIC interface base addresses to be
configured.
The secure code load address is initially being pointed to 0x0
in the handoff parameters, which is different from the default
or user-provided load address of 0x60000000. In this case, set up
the PC to the requested BL32_BASE address to ensure that the secure
code is loaded and executed from the correct location.
Change-Id: Ida0fc6467a10bfde8927ff9b3755a83f3e16f068
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Updated the generic TSP makefile in the common path for reuse in
different platforms.
Change-Id: Idd14675bc547e0a4a95132653a181e7ff39a547a
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Commit(3547270f5 refactor(build): reorder platform Makefile
evaluation) re-ordered platform makefile inclusion before
arch_features evaluations, but then it fails to remove the dependency
that were moved and thus have double evaluation of some build
variables apparently this breaks BUILD_PLAT.
Additionally remove duplicate checks in SPMD similar checks are in
place in main level makefile.
Change-Id: I5a71624fc43977054467ec6502ce359fb1d08838
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
As per SDEI spec (section 5.1.14.1), SDEI_INTERRUPT_BIND interface
expects a valid PPI or SPI. SGI's are not allowed to be bounded.
Current check in the code only checks for an SGI and returns invalid
ID. This check is insufficient as it will not catch architecturally
invalid interrupt IDs.
Modify the check to ensure that interrupt is either PPI or SPI.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I52eb0a6d7f88a12f6816cff9b68fb3a7ca12cbb7
The error code for plat_core_pos_by_mpidr() for an invalid mpidr should
be -1 as mandated by portig guide, but for tegra t186 return value is
PSCI_E_NOT_PRESENT (-7) even though the comment at top of function says
that it should return -1.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I2b69bc1a56f7966f21b2a3c89c515ebde41e3eb8
Add details about RAS error handling philosophies and its implementation
It also updates the tests introduced to verify them.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iedc8c1e713dad05baadd58e5752df36fa00121a7
This patch does following changes to restrict handling of lower EL
EA's only if FFH mode is enabled.
- Compile ea_delegate.S only if FFH mode is enabled.
- For Sync exception from lower ELs if the EC is not SMC or SYS reg
trap it was assumed that it is an EA, which is not correct. Move
the known Sync exceptions (EL3 Impdef) out of sync EA handler.
- Report unhandled exceptions if there are SError from lower EL in
KFH mode, as this is unexpected.
- Move code out of ea_delegate.S which are used for KFH mode.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I577089677d0ec8cde7c20952172bee955573d2ed
This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
internal macro FFH_SUPPORT which gets enabled when platforms wants
to enable lower EL EA handling at EL3. The internal macro FFH_SUPPORT
will be automatically enabled if HANDLE_EA_EL3_FIRST_NS is enabled.
FFH_SUPPORT along with ENABLE_FEAT_RAS will be used in source files
to provide equivalent check which was provided by RAS_FFH_SUPPORT
earlier. In generic code we needed a macro which could abstract both
HANDLE_EA_EL3_FIRST_NS and RAS_FFH_SUPPORT macros that had limitations.
Former was tied up with NS world only while the latter was tied to RAS
feature.
This is to allow Secure/Realm world to have their own FFH macros
in future.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5692ccbf462f5dcc3f005a5beea5aa35124ac73
Reorganized TSP code into common folder, updated paths in
tsp-zynqmp.mk. Handling the return value of a console registration
function.
Change-Id: I848f17c3417b3e8c8cbd2058e9642ed13d121325
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Refactor two platform specific functions, plat_versal_get_mmap() and
plat_versal_net_get_mmap(), to use a more generic function name
plat_get_mmap(). The function can be used in the common code to
obtain memory region.
Change-Id: I3eeb24aff217eef30af60a7742cbebe9d3b2edce
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
As part of migrating RAS extension to feature detection mechanism, the
macro ENABLE_FEAT_RAS was allowed to have dynamic detection (FEAT_STATE
2). Considering this feature does impact execution of EL3 and we need
to know at compile time about the presence of this feature. Do not use
dynamic detection part of feature detection mechanism.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I23858f641f81fbd81b6b17504eb4a2cc65c1a752
For synchronization of errors at exception boundries TF-A uses "esb"
instruction with FEAT_RAS or "dsb" and "isb" otherwise. The problem
with esb instruction is, along with synching errors it might also
consume the error, which is not ideal in all scenarios. On the other
hand we can't use dsb always as its in the hot path.
To solve above mentioned problem the best way is to use FEAT_IESB
feature which provides controls to insert an implicit Error
synchronization event at exception entry and exception return.
Assumption in TF-A is, if RAS Extension is present then FEAT_IESB will
also be present and enabled.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5861eec5da4028a116406bb4d1fea7dac232456
Vector entries in EL3 from lower ELs, first check for any pending
async EAs from lower EL before handling the original exception.
This happens when there is an error (EA) in the system which is not
yet signaled to PE while executing at lower EL. During entry into EL3
the errors (EA) are synchronized causing async EA to pend at EL3.
On detecting the pending EA (via ISR_EL1.A) EL3 either reflects it back
to lower EL (KFH) or handles it in EL3 (FFH) based on EA routing model.
In case of Firmware First handling mode (FFH), EL3 handles the pended
EA first before returing back to handle the original exception.
While in case of Kernel First handling mode (KFH), EL3 will return back
to lower EL without handling the original exception. On returing to
lower EL, EA will be pended. In KFH mode there is a risk of back and
forth between EL3 and lower EL if the EA is masked at lower EL or
priority of EA is lower than that of original exception. This is a
limitation in current architecture but can be solved in future if EL3
gets a capability to inject virtual SError.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I3a2a31de7cf454d9d690b1ef769432a5b24f6c11
This includes initialization of the partition with
the GPT_IMAGE_ID.
Change-Id: I51b09d82ff40207369d76011556f40169196af22
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Modify boot device dependencies and remove the one's
which are not needed.
Change-Id: I71cd60558ab4bb5162afefad4f00d631c2308e72
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Make interprets lines prefixed with the tab characters as recipes
(commands to run in the shell). Convert the use of ifdef as this
incorrectly interprets when a flag is disabled i.e.
`ENABLE_FEAT_MPAM=0`.
Change-Id: I5173d18a20ef0e3ffc32f0ffb1e70dc30aa4c4a9
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Disable FEAT_MPAM support for Aarch32 as it is not supported, following
[1]. ENABLE_FEAT_MPAM is set to 2 by default for Aarch64 in
arch_features.mk, eliminating the need for duplication in the platform
makefile.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/23710
Change-Id: I1c8b6844254e00e6372900f1c87f995f292ae65c
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The TF-M on the secure enclave side takes care of boot bank selection for our platform. The TF-A doesn't require to manage the boot bank, so,
removing the boot bank selection. TF-A doesn't expect the signature area so removed it from FIP partition
Change-Id: I298dd51fa068534c299c66b0e4c353819ea12a26
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Currently, EL3 context registers are duplicated per-world per-cpu.
Some registers have the same value across all CPUs, so this patch
moves these registers out into a per-world context to reduce
memory usage.
Change-Id: I91294e3d5f4af21a58c23599af2bdbd2a747c54a
Signed-off-by: Elizabeth Ho <elizabeth.ho@arm.com>
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Retain assertions in builds for TF-A run from DDR with
ENABLE_ASSERTIONS=1. It helps to catch programming errors
(e.g. bad argument provided by platform porting function)
code size change is 4k.
For debug builds, assertions are enabled by default.
The same change is done by Tegra: plat/nvidia/tegra/platform.mk.
Change-Id: I1790862616faddf68b4d533750722dad27cae269
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Retain assertions in release builds by building TF-A with
ENABLE_ASSERTIONS=1. It helps to catch programming errors
(e.g. bad argument provided by platform porting function)
in release builds as well.
code size change is 4k.
For debug builds, assertions are enabled by default.
The same change is done by Tegra: plat/nvidia/tegra/platform.mk
Change-Id: I0db4b82d42d115866a3ed43933edbfc46ac7406a
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Retain assertions in release builds by building TF-A with
ENABLE_ASSERTIONS=1. It helps to catch programming errors
(e.g. bad argument provided by platform porting function)
in release builds as well.
code size change is 4k.
For debug builds, assertions are enabled by default.
The same change is done by Tegra: plat/nvidia/tegra/platform.mk.
Change-Id: Ie801fa9a326596ebef71be870b95a3cf9077ad20
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
This patch adds necessary support for RMI_VERSION command.
This patch sets RMI version numbers to 1.0 as per
RMM Specification 1.0-eac5.
Change-Id: If7f88d5b5efa58716752488108fa110fc71ae836
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
With commit@f5211420b(refactor(cpufeat): refactor arch feature build
options all mandatory options are enabled with
'make_helpers/arch_features.mk' so avoid enabling of mandatory features
in platform makefile.
Use correct Arch Major/Minor to get all the mandatory features enabled
by default.
Change-Id: Ia214aa75dc9caea949f697ecafb1ef1812c6d899
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
During build 'ENABLE_SPE_FOR_NS=0' is a valid build option however
using ifdef would incorrectly translate this as enabled.
Change-Id: I1c516fb68f6e382bb83c578e499cbb86869d9eca
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
With changes to refactor to use first platform makefiles
then parse arch_features.mk file 'ENABLE_RME' will be initialised
only when we define during build or at arch_features.mk thus
making comparison of 'ENABLE_RME' to '0' incorrect.
So keep BRBE disabled when RME is enabled at main makefile level.
Change-Id: I7e3d99eb444678d63585bd5971ada627cfc4fcc9
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
With commit@f5211420b(refactor(cpufeat): refactor arch feature build
options all mandatory options are enabled with
'make_helpers/arch_features.mk'
However the commit makes it impossible for enabling of mandatory
features through command line and platform make files, So re-order
handling of mandatory features in 'make_helpers/arch_features.mk'
Use below order to enable mandatory features.
1.) first enable mandatory features by arch major/minor
2.) check if features were not earlier defined in platform makefile or
through cmdline if defined earlier don't initialise them to '0' but
retain their values from prior initialisation.
Change-Id: Icea3180c9dda0cd6e0b59316add9f3290ae51972
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
n1sdp based out of Arm Neoverse N1 Core uses Arm®v8.2‑A extensions
so set ARM_ARCH_MAJOR.ARM_ARCH_MINOR for n1sdp platform to 8.2
Change-Id: Ib70c6be5e12817961430870d50fb1b0efca32df2
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
