Certain erratum workarounds like Neoverse N1 1542419, need a part
of their mitigation done in EL3 and the rest in lower EL. But currently
such workarounds return HIGHER_EL_MITIGATION which indicates that the
erratum has already been mitigated by a higher EL(EL3 in this case)
which causes the lower EL to not apply it's part of the mitigation.
This patch fixes this issue by adding support for split workarounds
so that on certain errata we return AFFECTED even though EL3 has
applied it's workaround. This is done by reusing the chosen field of
erratum_entry structure into a bitfield that has two bitfields -
Bit 0 indicates that the erratum has been enabled in build,
Bit 1 indicates that the erratum is a split workaround and should
return AFFECTED instead of HIGHER_EL_MITIGATION.
SDEN documentation:
https://developer.arm.com/documentation/SDEN885747/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Iec94d665b5f55609507a219a7d1771eb75e7f4a7
Retrieve DLME image authentication features and report them
back to the DCE preamble. Currently, this value is always set
to 0, as no platform supports DLME authentication.
Additionally, the default schema is always used instead of
the DLME PCR schema since DLME authentication is not currently
supported.
This change primarily upgrades the DRTM parameters version to V2,
aligning with DRTM spec v1.1 [1].
[1]: https://developer.arm.com/documentation/den0113/c/?lang=en
Change-Id: Ie2ceb0d2ff49465643597e8725710a93d89e74a2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch updates `drtm_measurements.c` to ensure that a No-Action
event is recorded in the Event Log as part of the DRTM measurement
process.
This helps maintain compliance with the event logging requirements
specified in DRTM spec v1.1 [1].
[1]: https://developer.arm.com/documentation/den0113/c/?lang=en
Change-Id: Ifcf25b7ec91393a0c91b05e30f1f6cc4960d5634
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch updates event logging to comply with the latest version
(v1.1) of the DRTM specification [1]. It ensures that all required
event types, including those related to DLME authentication, are
properly defined.
Although these additional events are not currently utilized in the
implementation, this change ensures their presence as specified in
DRTM v1.1 for completeness.
[1]: https://developer.arm.com/documentation/den0113/c/?lang=en
Change-Id: I6846488c4121b1e2dc948d73c946e06883e16b28
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Ensure compliance with minimum size requirements by including the
missing DLME data regions, such as the DLME data header and ACPI
region size.
This will prevent incorrect allocation of DLME data regions in
the DCE preamble.
Change-Id: Ic493262152dfe39eb2d54f8771f19651be042288
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
When SPMD_SPM_AT_SEL2 is enabled, saving and restoring the SIMD context
is not needed because the SPMC handles it. The function
spmd_secure_interrupt_handler incorrectly restores the SWD SIMD context
before entering the SPMC without saving the NWD SIMD context, leading to
its loss. Furthermore, the SWD SIMD context is saved after returning
from the SPMC which is unnecessary.
This commit prevents the restoration of the SWD SIMD context before SPMC
entry and the saving of the SWD SIMD context after returning from the
SPMC when SPMD_SPM_AT_SEL2 is enabled. This ensures the preservation of
the NWD SIMD context.
Change-Id: I16a3e698e61da7019b3a670475e542d1690a5dd9
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
dlme_data_min_size is currently defined in pages but is being compared
against byte sizes in the code. This patch corrects this issue.
Change-Id: Ib250ef6efedf321706624dfca263e8042a25f6d1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
As per the specification the address map region in the
DLME data must be sorted.
Change-Id: Ibf39dad33ef7ce739d6ec8632198df55a4e8a1c3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch implements SMCCC_ARCH_WORKAROUND_4 and
allows discovery through SMCCC_ARCH_FEATURES.
This mechanism is enabled if CVE_2024_7881 [1] is enabled
by the platform. If CVE_2024_7881 mitigation
is implemented, the discovery call returns 0,
if not -1 (SMC_ARCH_CALL_NOT_SUPPORTED).
For more information about SMCCC_ARCH_WORKAROUND_4 [2], please
refer to the SMCCC Specification reference provided below.
[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
[2]: https://developer.arm.com/documentation/den0028/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I1b1ffaa1f806f07472fd79d5525f81764d99bc79
MDCR_EL3 register will context switch across all worlds. Thus the pmuv3
init has to be part of context management initialization.
Change-Id: I10ef7a3071c0fc5c11a93d3c9c2a95ec8c6493bf
Signed-off-by: Mateusz Sulimowicz <matsul@google.com>
On some platforms plat_my_core_pos is a nontrivial function that takes a
bit of time and the compiler really doesn't like to inline. In the PSCI
library, at least, we have no need to keep repeatedly calling it and we
can instead pass it around as an argument. This saves on a lot of
redundant calls, speeding the library up a bit.
Change-Id: I137f69bea80d7cac90d7a20ffe98e1ba8d77246f
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
* changes:
feat(el3_spmc): ffa error handling in direct msg
feat(ff-a): support FFA_MSG_SEND_DIRECT_REQ2/RESP2
feat(ff-a): add FFA_MEM_PERM_GET/SET_SMC64
feat(el3-spmc): support Hob list to boot S-EL0 SP
feat(synquacer): add support Hob creation
fix(fvp): exclude extend memory map TZC regions
feat(fvp): add StandaloneMm manifest in fvp
feat(spm): use xfer list with Hob list in SPM_MM
When an FFA_ERROR happens while handling a direct message
from normal world, return to normal world with
FFA_ERROR. Otherwise, the system would re-enter the secure partition
with FFA_ERROR.
Change-Id: I3d9a68a41b4815c1a8e10354cfcf68fec9f4b800
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
StandaloneMm which is S-EL0 partition uses
FFA_MSG_SEND_DIRECT_REQ2/RESP2 to handle multiple services.
For this, add support for FFA_MSG_SEND_DIRECT_REQ2/RESP2 in el3_spmc
restrictly up to use 8 registers.
although FF-A v1.2 defines FFA_MSG_SEND_DIRECT_REQ2/RESP2
with ability to pass/return up to 18 registers.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I8ab1c332d269d9d131330bb2debd10d75bdba1ee
Switch the state back to non-secure after a secure interrupt
using spmd_smc_switch_state with FFA_NORMAL_WORLD_RESUME
to reduce the number of control flow paths for world switches.
Fixes an issue where FP registers were not correctly restored
after secure interrupts.
Upstreamed from https://r.android.com/3345999, tested on Trusty.
Change-Id: I3ce33f7657c13b999969ebb8957d5d4b6c3aa634
Signed-off-by: Andrei Homescu <ahomescu@google.com>
* changes:
feat(qemu): hand off TPM event log via TL
feat(handoff): common API for TPM event log handoff
feat(handoff): transfer entry ID for TPM event log
fix(qemu): fix register convention in BL31 for qemu
fix(handoff): fix register convention in opteed
SMCCC_ARCH_FEATURE_AVAILABILITY [1] is a call to query firmware about
the features it is aware of and enables. This is useful when a feature
is not enabled at EL3, eg due to an older FW image, but it is present in
hardware. In those cases, the EL1 ID registers do not reflect the usable
feature set and this call should provide the necessary information to
remedy that.
The call itself is very lightweight - effectively a sanitised read of
the relevant system register. Bits that are not relevant to feature
enablement are masked out and active low bits are converted to active
high.
The implementation is also very simple. All relevant, irrelevant, and
inverted bits combined into bitmasks at build time. Then at runtime the
masks are unconditionally applied to produce the right result. This
assumes that context managers will make sure that disabled features
do not have their bits set and the registers are context switched if
any fields in them make enablement ambiguous.
Features that are not yet supported in TF-A have not been added. On
debug builds, calling this function will fail an assert if any bits that
are not expected are set. In combination with CI this should allow for
this feature to to stay up to date as new architectural features are
added.
If a call for MPAM3_EL3 is made when MPAM is not enabled, the call
will return INVALID_PARAM, while if it is FEAT_STATE_CHECK, it will
return zero. This should be fairly consistent with feature detection.
The bitmask is meant to be interpreted as the logical AND of the
relevant ID registers. It would be permissible for this to return 1
while the ID returns 0. Despite this, this implementation takes steps
not to. In the general case, the two should match exactly.
Finally, it is not entirely clear whether this call replies to SMC32
requests. However, it will not, as the return values are all 64 bits.
[1]: https://developer.arm.com/documentation/den0028/galp1/?lang=en
Co-developed-by: Charlie Bareham <charlie.bareham@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1a74e7d0b3459b1396961b8fa27f84e3f0ad6a6f
In preparation for SMCCC_ARCH_FEATURE_AVAILABILITY, it is useful for
context to be directly related to the underlying system. Currently,
certain bits like SCR_EL3.APK are always set with the understanding that
they will only take effect if the feature is present.
However, that is problematic for SMCCC_ARCH_FEATURE_AVAILABILITY (an
SMCCC call to report which features firmware enables), as simply reading
the enable bit may contradict the ID register, like the APK bit above
for a system with no Pauth present.
This patch is to clean up these cases. Add a check for PAuth's presence
so that the APK bit remains unset if not present. Also move SPE and TRBE
enablement to only the NS context. They already only enable the features
for NS only and disable them for Secure and Realm worlds. This change
only makes these worlds' context read 0 for easy bitmasking.
There's only a single snag on SPE and TRBE. Currently, their fields have
the same values and any world asymmetry is handled by hardware. Since we
don't want to do that, the buffers' ownership will change if we just set
the fields to 0 for non-NS worlds. Doing that, however, exposes Secure
state to a potential denial of service attack - a malicious NS can
enable profiling and call an SMC. Then, the owning security state will
change and since no SPE/TRBE registers are contexted, Secure state will
start generating records. Always have NS world own the buffers to
prevent this.
Finally, get rid of manage_extensions_common() as it's just a level of
indirection to enable a single feature.
Change-Id: I487bd4c70ac3e2105583917a0e5499e0ee248ed9
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
The commit with Change-Id:Ie417e054a7a4c192024a2679419e99efeded1705
updated the register convention r1/x1 values but missing necessary
changes in BL31.
As a result, a system panic observed during setup for BL32 when
TRANSFER_LIST is enabled due to unexpected arguments.
This patch is to fix this issue for optee.
Change-Id: I13e116e7cb5a7d89fafc11d20295cffbf24793ab
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
FF-A memory management protocol v1.1 specifies not only
FFA_MEM_PERM_GET_SMC32/FFA_MEM_PERM_SET_SMC32 but also
FFA_MEM_PERM_GET_SMC64/FFA_MEM_PERM_SET_SMC64.
Change former FFA_MEM_PERM_GET/SET definitions to separate operations
and add handler for FFA_MEM_PERM_GET/SET_SMC64 in spmc_smc_handler().
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I175063654703db26c1ffc3cfd7fa428b94d2bfc9
The EDKII/StandaloneMm module runs as a S-EL0 partition
on top of the EL3 FF-A SPMC.
In the past the StandaloneMm partition received its boot information through
the use of a device tree (DT) passed through the FF-A boot protocol.
The StandaloneMm itself converted the DT into a HOB.
To better match the UEFI PI spec,
the EL3 SPMC must now produce the HOB including the PHIT
(Phase Handoff Information Table) as first item in the HOB list.
The SPMC then passes the HOB through the FF-A boot protocol for
the StandaloneMm consumption.
This discards the use of a DT between the SPMC and
the StandaloneMm partition.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I22fb02c710169bd5a5ba1d1f60dce977a5a59ab6
According to Platform Initialization (PI) Specification [1] and
Discussion on edk2 mailing list [2],
StandaloneMm shouldn't create Hob but it should be passed from TF-A.
IOW, TF-A should pass boot information via PHIT Hob to initialise
StandaloneMm properly.
This patch applies using transfer list with PHIT Hob list [3] for
delivering boot information to StandaloneMm.
Link: https://uefi.org/sites/default/files/resources/PI_Spec_1_6.pdf [1]
Link: https://edk2.groups.io/g/devel/topic/103675962#114283 [2]
Link: https://github.com/FirmwareHandoff/firmware_handoff [3]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I3df71a7679abf9859612afc8a5be7b2381007311
Fix an issue where one ERROR line was placed
incorrectly outside its conditional check.
Signed-off-by: Andrei Homescu <ahomescu@google.com>
Change-Id: I7860c399e4a84de6eaa4139fe2103595c52576dd
Updated the code to ensure the Event Log in the DLME meets
the minimum size requirement of 64KB, as specified in the
specification.
Change-Id: If0b179a97c0dca489edc0047da401bbb4ce09f39
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Clang build breaks with the following warning:
| In file included from services/std_svc/spmd/spmd_logical_sp.c:15:
| include/services/el3_spmd_logical_sp.h:15:38: error: redefinition of
| typedef 'spmd_spm_core_context_t' is a C11 feature [-Werror,-Wtypedef-redefinition].
| 15 | typedef struct spmd_spm_core_context spmd_spm_core_context_t;
| | ^
| services/std_svc/spmd/spmd_private.h:58:3: note: previous definition is here
| 58 | } spmd_spm_core_context_t;
| | ^
| CC services/std_svc/std_svc_setup.c
| 1 error generated.
| In file included from services/std_svc/spmd/spmd_main.c:35:
| services/std_svc/spmd/spmd_private.h:58:3: error: redefinition of typedef
| 'spmd_spm_core_context_t' is a C11 feature [-Werror,-Wtypedef-redefinition]
| 58 | } spmd_spm_core_context_t;
| | ^
| include/services/el3_spmd_logical_sp.h:15:38: note: previous definition is here
| 15 | typedef struct spmd_spm_core_context spmd_spm_core_context_t;
| | ^
| 1 error generated.
A structure 'spmd_spm_core_context_t' defined in 'spmd_private.h' is
also declared in 'el3_spmd_logical_sp.h' as it is used in a couple of
function declarations. These function declarations can be moved to
spmd_private.h as they are not needed elsewhere.
Change-Id: Ic6b9a277abe00cb7129f671570abf7255be62dfa
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
* This patch adds support to tsp (BL32) Image, to exercise
EL1_context registers at S-EL1.
* Adds a SMC function ID "MODIFY_EL1_CTX" to handle EL1_CTX
registers at S-EL1 and overwrite them.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: Id4f2b3b748f7bc9e6c9d72a2f03d50aefbfb61cb
This patch disables trapping to EL3 when the FEAT_D128
specific registers are accessed by setting the SCR_EL3.D128En bit.
If FEAT_D128 is implemented, then FEAT_SYSREG128 is implemented.
With FEAT_SYSREG128 certain system registers are treated as 128-bit,
so we should be context saving and restoring 128-bits instead of 64-bit
when FEAT_D128 is enabled.
FEAT_SYSREG128 adds support for MRRS and MSRR instruction which
helps us to read write to 128-bit system register.
Refer to Arm Architecture Manual for further details.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I1a53db5eac29e56c8fbdcd4961ede3abfcb2411a
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Add required SMCs by RMM to push attestation signing requests to EL3
and get responses. EL3 may then choose to push these requests to a HES
as suitable for a platform. This patch also supports the new
RMM_EL3_FEATURES interface, that RMM can use to query for support for
HES based signing. The new interface exposes a feature register with
different bits defining different discoverable features. This new
interface is available starting the 0.4 version of the RMM-EL3
interface, causing the version to bump up. This patch also adds a
platform port for FVP that implements the platform hooks required to
enable the new SMCs, but it does not push to a HES and instead copies a
zeroed buffer in EL3.
Change-Id: I69c110252835122a9533e71bdcce10b5f2a686b2
Signed-off-by: Raghu Krishnamurthy <raghupathyk@nvidia.com>
commit 42e35d2f8c
("refactor(cm): convert el1 ctx assembly offset entries to c structure")
moves cntkctl_el1 register from el1_sysregs_t's common to arch_timer
structure.
To set cntkctl_el1, it should use write_el1_ctx_timer() instead of
write_el1_ctx_common() otherwise, build failed.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: Ifa1ca6e056fa95bd07598d20705856e208670808
According to the specifications, the DLME launch should occur with
the cache disabled. Initially, the cache was enabled to enhance
performance. However, to comply with the PSCI specification, we
decided to disable it before launching the DLME.
Also, ensure that full DLME region is invalidated.
Change-Id: Idf619afb7e4a34ebe213bd3b559105ade993f3ad
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Until now, the attestation token size was limited by the size of the
shared buffer between RMM and TF-A. With this change, RMM can now
request the token in pieces, so they fit in the shared buffer. A new
output parameter was added to the SMC call, which will return (along
with the size of bytes copied into the buffer) the number of bytes
of the token that remain to be retrieved.
TF-A will keep an offset variable that will indicate the position in
the token where the next call will retrieve bytes from. This offset
will be increased on every call by adding the number number of bytes
copied. If the received hash size is not 0, TF-A will reset the
offset to 0 and copy from that position on.
The SMC call will now return at most the size of the shared buffer
in bytes on every call. Therefore, from now on, multiple SMC calls
may be needed to be issued if the token size exceeds the shared
buffer size.
Change-Id: I591f7013d06f64e98afaf9535dbea6f815799723
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
The function `spmd_handle_spmc_message` was added into SPMD for
potential cases of SPMC sending a message (through SMC conduit)
to the SPMD. There is no longer a use case for this scenario.
Instead, if such a message is received by SPMD, return FFA_ERROR.
Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Change-Id: I74eda4cc0edf99c83a96d10981cf6d9e727207f8
The DRTM get and set error previously returned SMC_UNK when these
SMCs were issued. This has been corrected to return an appropriate
error code on failure, and success otherwise.
Also,align the error code values with the specification.
Change-Id: I8f11f94f1ab097245003dbde97365fa54e0097ba
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
You can only bind a limited number of events in each range. If you
attempt to bind more, it was crashing. This patch makes it return an
error code instead.
Change-Id: Ib19f0f0780959ded244d45349d9d6c8607255c15
Signed-off-by: Charlie Bareham <charlie.bareham@arm.com>
SCTLR_EL1 and TCR_EL1 regs are included either as part of errata
"ERRATA_SPECULATIVE_AT" or under el1_sysregs_t context structure.
The code to write and read into these context entries, looks
repetitive and is invoked at most places.
This section is refactored to bring them under a static procedure,
keeping the code neat and easier to maintain.
Change-Id: Ib0d8c51bee09e1600c5baaa7f9745083dca9fee1
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
* changes:
feat(fvp): allow SIMD context to be put in TZC DRAM
docs(simd): introduce CTX_INCLUDE_SVE_REGS build flag
feat(fvp): add Cactus partition manifest for EL3 SPMC
chore(simd): remove unused macros and utilities for FP
feat(el3-spmc): support simd context management upon world switch
feat(trusty): switch to simd_ctx_save/restore apis
feat(pncd): switch to simd_ctx_save/restore apis
feat(spm-mm): switch to simd_ctx_save/restore APIs
feat(simd): add rules to rationalize simd ctxt mgmt
feat(simd): introduce simd context helper APIs
feat(simd): add routines to save, restore sve state
feat(simd): add sve state to simd ctxt struct
feat(simd): add data struct for simd ctxt management
This patch performs necessary simd context management operations for
context switch from NWd to SWD and vice versa.
Change-Id: Ife01fffc4e2a7f3deb9b6273424161c225fdbbfb
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch demonstrates the trivial changes to transparently switch
the fpregs_context_* helpers to simd_ctx_* helpers.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I14bda6bd0ead1f34a570b59be8dec3ac40891c20
This patch moves EXTRACT_PARTNUM from errata abi includes
to arch.h which is part of common includes
Change-Id: Id8bbaf21566f3145a75cfa0dafec6823ed2df3a9
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
* changes:
fix(rmmd): remove the assert check for RMM_BASE
fix(std_svc): continue boot if rmmd_setup fails
fix(rmmd): ignore SMC FID when RMM image is not present
fix(rmmd): fail gracefully if RME is not enabled
fix(rmmd): handle RMMD manifest loading failure
Currently the EL1 part of the context structure (el1_sysregs_t),
is coupled with feature flags reducing the context memory allocation
for platforms, that don't enable/support all the architectural
features at once.
Similar to the el2 context optimization commit-"d6af234" this patch
further improves this section by converting the assembly context-offset
entries into a c structure. It relies on garbage collection of the
linker removing unreferenced structures from memory, as well as aiding
in readability and future maintenance. Additionally, it eliminates
the #ifs usage in 'context_mgmt.c' source file.
Change-Id: If6075931cec994bc89231241337eccc7042c5ede
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
