Armv8.6 introduced the FEAT_LS64 extension, which provides a 64 *byte*
store instruction. A related instruction is ST64BV0, which will replace
the lowest 32 bits of the data with a value taken from the ACCDATA_EL1
system register (so that EL0 cannot alter them).
Using that ST64BV0 instruction and accessing the ACCDATA_EL1 system
register is guarded by two SCR_EL3 bits, which we should set to avoid a
trap into EL3, when lower ELs use one of those.
Add the required bits and pieces to make this feature usable:
- Add the ENABLE_FEAT_LS64_ACCDATA build option (defaulting to 0).
- Add the CPUID and SCR_EL3 bit definitions associated with FEAT_LS64.
- Add a feature check to check for the existing four variants of the
LS64 feature and detect future extensions.
- Add code to save and restore the ACCDATA_EL1 register on
secure/non-secure context switches.
- Enable the feature with runtime detection for FVP and Arm FPGA.
Please note that the *basic* FEAT_LS64 feature does not feature any trap
bits, it's only the addition of the ACCDATA_EL1 system register that
adds these traps and the SCR_EL3 bits.
Change-Id: Ie3e2ca2d9c4fbbd45c0cc6089accbb825579138a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add documentation for the feature where EL3 can be used to sign realm
attestation token requests using RMM_EL3_TOKEN_SIGN command.
This patch also adds documentation for the RMM_EL3_FEATURES features
command that can be used to discover support for features such as
RMM_EL3_TOKEN_SIGN.
Change-Id: Iab5a157761ed17931210c3702f813198fc9c4b3a
Signed-off-by: Raghu Krishnamurthy <raghupathyk@nvidia.com>
Add CCA Measured Boot and DPE measured boot backends to
the threat model.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I234a2400d00fea606c5312ebddf94e2624463ff8
Restructure Measured Boot threat model for more description and clarity:
- Add what critical assets are to be protected.
- Mention other attributes and the possible attacks.
- Rephrase the section that describes the Measured Boot backends.
Change-Id: I6577a56184992bf16f4aa1b773d1636781cbb049
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
This patch includes
- Fix the indent.
- LD argument is no longer needed. Remove LD parameter from the build
command.
Change-Id: I615704cf6f4b6fd9e37c047b18c40f00652e269d
Signed-off-by: Yidi Lin <yidilin@chromium.org>
This patch disables trapping to EL3 when the FEAT_D128
specific registers are accessed by setting the SCR_EL3.D128En bit.
If FEAT_D128 is implemented, then FEAT_SYSREG128 is implemented.
With FEAT_SYSREG128 certain system registers are treated as 128-bit,
so we should be context saving and restoring 128-bits instead of 64-bit
when FEAT_D128 is enabled.
FEAT_SYSREG128 adds support for MRRS and MSRR instruction which
helps us to read write to 128-bit system register.
Refer to Arm Architecture Manual for further details.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I1a53db5eac29e56c8fbdcd4961ede3abfcb2411a
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Remove all instances of macros CTX_INCLUDE_MTE_REGS and FEAT_MTE
since these have been deprecated in v2.11
Change-Id: I7838a865755326f03668e43768140929a2d9e418
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Tentatively updating the plan for TF-A v2.13 release in May'25.
Change-Id: I98abe5f72901b71179a1efe3762046756d5ab6ac
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Arm v8.9 introduces FEAT_SCTLR2, adding SCTLR2_ELx registers.
Support this, context switching the registers and disabling
traps so lower ELs can access the new registers.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I0c4cba86917b6b065a7e8dd6af7daf64ee18dcda
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Arm v8.9 introduces FEAT_THE, adding Translation Hardening Extension
Read-Check-Write mask registers, RCWMASK_EL1 and RCWSMASK_EL1.
Support this, context switching the registers and disabling
traps so lower ELs can access the new registers.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I8775787f523639b39faf61d046ef482f73b2a562
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Arm has made the strategic decision to deprecate the TC2 platform. As
a result, software development and the creation of fast models for TC2
have been officially discontinued. The TC2 platform, now considered
obsolete, has been succeeded by the TC3 and TC4 platforms. Notably,
both TC3 and TC4 are already integrated into TF-A, with TC3 included
in the CI repository. Work to add CI support for TC4 is currently in
progress.
Change-Id: I4df3c3e947faa1849a0f4742593c604cb2ee43b9
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updating toolchain to the latest production release version
13.3.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
We build TF-A in CI using x86_64 Linux hosted cross toolchains:
---------------------------------------------------------------
* AArch32 bare-metal target (arm-none-eabi)
* AArch64 bare-metal target (aarch64-none-elf)
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: If5915fdc14a6c65ce58ac7fccfddd6fe85c0d7c9
Cortex-X4 erratum 3076789 is a Cat B erratum that is present
in revisions r0p0, r0p1 and is fixed in r0p2.
The workaround is to set chicken bits CPUACTLR3_EL1[14:13]=0b11
and CPUACTLR_EL1[52] = 1.
Expected performance degradation is < 0.5%, but isolated
benchmark components might see higher impact.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2432808/latest
Change-Id: Ib100bfab91efdb6330fdcdac127bcc5732d59196
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Create a new platform for the RD-1 AE automotive FVP.
This platform contains:
* Neoverse-V3AE, Arm9.2-A application processor
* A GICv4-compatible GIC-720AE
* 128 MB of SRAM, of which 1 MB is reserved for TF-A
and BL2 runs at ELmax (EL3).
Additionally, this commit updates the maintainers.rst file and
the changelog.yaml to add scope for RD-1 AE variants.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Divin Raj <divin.raj@arm.com>
Signed-off-by: Rahul Singh <rahul.singh@arm.com>
Change-Id: I9ae64b3f05a52653ebd1d334b15b7f21821264e2
This commit introduces a new ARM platform-specific build option called
`ARM_FW_CONFIG_LOAD_ENABLE`. This option enables the loading of the
`fw_config` device tree when resetting to the BL2 scenario.
Additionally, the FW_CONFIG image reference has been added to the
fdts/tbbr_cot_descriptors.dtsi file in order to use in the scenario of
RESET_TO_BL2.
Signed-off-by: Divin Raj <divin.raj@arm.com>
Change-Id: I11de497b7dbb1386ed84d939d6fd2a11856e9e1b
ERR051700 erratum is present on all S32CC-based SoCs and relates to
reset. Releasing multiple Software Resettable Domains (SRDs) from
reset simultaneously, may cause a false error in the fault control
unit.
The workaround is to clear the SRD resets sequentially instead of
simultaneously.
Change-Id: I883bc223bf6834907259e6964a5702d7186e4c7f
Signed-off-by: Alexandru-Catalin Ionita <alexandru-catalin.ionita@nxp.com>
Signed-off-by: Ghennadi Procopciuc <ghennadi.procopciuc@nxp.com>
Cortex-X4 erratum 2897503 is a Cat B erratum that applies
to all revisions <= r0p1 and is fixed in r0p2.
The workaround is to set CPUACTLR4_EL1[8] to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-2432808/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I3178a890b6f1307b310e817af75f8fdfb8668cc9
This new update to the LTS branch of MbedTLS provides minor
enhancements and bug fixes; including some security
fixes, and a fix to a compilation warning which
previously affected TF-A.
Full patch notes to this MbedTLS update can be found at
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1.
Change-Id: I1a68dfcb52a8361c1689cb6ef12d265a6462fda3
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
The support for runtime-model has never been implemented by any SPMC.
Hence, remove the corresponding field from binding document.
Also, fix the incorrect description of the `managed-exit-virq` property.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I0a5ef3f08202a8c76edd9a6e1ac680ac3a38ca60
When this is provided in the partition manifest, it should be added to
the load address to get the base address of the region.
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Change-Id: Ib6d3d6a29af0a3eb87fac67c58220ba25342e1cd
This feature is enabled by default using STM32MP_DDR_FIP_IO_STORAGE.
DDR firmware binary is loaded from FIP to SRAM1 which needs to be
mapped.
Only half of the SRAM1 will be allocated to TF-A.
RISAB3 has to be configured to allow access to SRAM1.
Add image ID and update maximum number on platform side also.
Fill related descriptor information, add policy and update numbers.
DDR_TYPE variable is used to identify binary file, and image is now
added in the fiptool command line.
The DDR PHY firmware is not in TF-A repository. It can be found at
https://github.com/STMicroelectronics/stm32-ddr-phy-binary
To ease the selection of the firmware path, STM32MP_DDR_FW_PATH is added
to platform.mk file.
Change-Id: I09ab0a5c63406055a7b5ccd16d65e443de47ca2f
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
* changes:
refactor(docs): update RSE docs to match the example CCA token
refactor(qemu): use the example CCA platform token from iat-verifier
refactor(fvp): use the example CCA platform token from iat-verifier
Until now, the attestation token size was limited by the size of the
shared buffer between RMM and TF-A. With this change, RMM can now
request the token in pieces, so they fit in the shared buffer. A new
output parameter was added to the SMC call, which will return (along
with the size of bytes copied into the buffer) the number of bytes
of the token that remain to be retrieved.
TF-A will keep an offset variable that will indicate the position in
the token where the next call will retrieve bytes from. This offset
will be increased on every call by adding the number number of bytes
copied. If the received hash size is not 0, TF-A will reset the
offset to 0 and copy from that position on.
The SMC call will now return at most the size of the shared buffer
in bytes on every call. Therefore, from now on, multiple SMC calls
may be needed to be issued if the token size exceeds the shared
buffer size.
Change-Id: I591f7013d06f64e98afaf9535dbea6f815799723
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Fixed a few typos in the cot binding document.
Change-Id: I043187b3f4b516db944e82569307834df2c3c72a
Signed-off-by: sah01 <sahil@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
I originally added myself here because I had experience with the rk3399
code, when there were no other maintainers and that was the only
supported Rockchip SoC. Nowadays there are maintainers from the actual
manufacturer and most changes concern other SoCs, so I don't think it
makes sense for me to still be on here.
Change-Id: Id75089e62cf1a8b4cf1a27903808922968520636
Signed-off-by: Julius Werner <jwerner@chromium.org>
Update the test files to eliminate the use of preprocessor macros,
as the tool now requires processed output. The documentation has
also been revised accordingly.
Additionally, remove the Device Tree Source test files that were
added to test the #ifdef conditions.
Change-Id: I13a682db20e5e44170fc25a2e2dbedd45b9c7321
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Previously the max GPT block size was set to 2MB as a conservative
default. For workloads making use of SMMU in Normal world, and has
a Stage 2 block mapping of large sizes like 512MB or 1GB, then a
max GPT block size of 2MB may result in performance regression.
Hence this patch changes the default max GPT block size from 2MB to 512MB.
Change-Id: If90f12f494ec0f44d3e5974df8d58fcb528cfd34
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
