FEAT_MOPS, mandatory from Arm v8.8, is typically managed in EL2.
However, in configurations where NS_EL2 is not enabled,
EL3 must set the HCRX_EL2.MSCEn bit to 1 to enable the feature.
This patch ensures FEAT_MOPS is enabled by setting HCRX_EL2.MSCEn to 1.
Change-Id: Ic4960e0cc14a44279156b79ded50de475b3b21c5
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
SMCCC_ARCH_FEATURE_AVAILABILITY [1] is a call to query firmware about
the features it is aware of and enables. This is useful when a feature
is not enabled at EL3, eg due to an older FW image, but it is present in
hardware. In those cases, the EL1 ID registers do not reflect the usable
feature set and this call should provide the necessary information to
remedy that.
The call itself is very lightweight - effectively a sanitised read of
the relevant system register. Bits that are not relevant to feature
enablement are masked out and active low bits are converted to active
high.
The implementation is also very simple. All relevant, irrelevant, and
inverted bits combined into bitmasks at build time. Then at runtime the
masks are unconditionally applied to produce the right result. This
assumes that context managers will make sure that disabled features
do not have their bits set and the registers are context switched if
any fields in them make enablement ambiguous.
Features that are not yet supported in TF-A have not been added. On
debug builds, calling this function will fail an assert if any bits that
are not expected are set. In combination with CI this should allow for
this feature to to stay up to date as new architectural features are
added.
If a call for MPAM3_EL3 is made when MPAM is not enabled, the call
will return INVALID_PARAM, while if it is FEAT_STATE_CHECK, it will
return zero. This should be fairly consistent with feature detection.
The bitmask is meant to be interpreted as the logical AND of the
relevant ID registers. It would be permissible for this to return 1
while the ID returns 0. Despite this, this implementation takes steps
not to. In the general case, the two should match exactly.
Finally, it is not entirely clear whether this call replies to SMC32
requests. However, it will not, as the return values are all 64 bits.
[1]: https://developer.arm.com/documentation/den0028/galp1/?lang=en
Co-developed-by: Charlie Bareham <charlie.bareham@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1a74e7d0b3459b1396961b8fa27f84e3f0ad6a6f
By default, the ECDSA Brainpool regular and ECDSA Brainpool twisted
algorithms support 256-bit sized keys. Not defining this leads to
an error indicating that '256' is not a valid key size for ECDSA
Brainpool. KEY_SIZES matrix must have a value in its table to avoid
problems when KEY_SIZE is defined.
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Change-Id: I34886659315f59a9582dcee1d92d0e24d4a4138e
This patch enables support of FEAT_FPMR by enabling access
to FPMR register. It achieves it by setting the EnFPM bit of
SCR_EL3. This feature is currently enabled for NS world only.
Reference:
https://developer.arm.com/documentation/109697/2024_09/
Feature-descriptions/The-Armv9-5-architecture-extension?lang=en
Change-Id: I580c409b9b22f8ead0737502280fb9093a3d5dd2
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Commit b65dfe40a removed the documentation for this flag in error. Put
it back.
Change-Id: I61a352553a010385997c47116b53d2fbe939ccd4
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
This new update to the LTS branch of MbedTLS provides
the fix for a buffer underrun vulnerability. TF-A does
not use the previously vulnerable functions
`mbedtls_pk_write_key_der` or `mbedtls_pk_write_key_pem`.
Full patch notes to this MbedTLS update can be found at
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2.
Change-Id: Ibc4a8712c92019648fe0e75390cd3540d86b735d
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
According to Platform Initialization (PI) Specification [1] and
discussion on edk2 mailing list [2],
StandaloneMm shouldn't create Hob but it should be passed from TF-A.
IOW, TF-A should pass boot information via HOB list to initialise
StandaloneMm properly.
And this HOB lists could be delivered via
- SPM_MM: Transfer List according to the firmware handoff spec[3]
- FF-A v1.1 >= : FF-A boot protocol.
This patch introduces a TF-A HOB creation library and
some of definitions which StandaloneMm requires to boot.
Link: https://uefi.org/sites/default/files/resources/PI_Spec_1_6.pdf [1]
Link: https://edk2.groups.io/g/devel/topic/103675962#114283 [2]
Link: https://github.com/FirmwareHandoff/firmware_handoff [3]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I5e0838adce487110206998a8b79bc3adca922cec
Bump `dtc`, `clang` and `sphinx` to reconcile our minimum requirements
with the versions used in CI.
Change-Id: Ia848b4bdd93dc833ea03eda5b002561468042f52
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
This small change removes the footnote from Poetry that it is only used
for building documentation, as it is now used for some of the Python
tooling in the repository from the build system.
Additionally, add a link to the official installation guide for Poetry.
Change-Id: Ie36b7ecd8066cbf2a14a1085d84fa9bd9c4409ba
Signed-off-by: Chris Kay <chris.kay@arm.com>
Armv8.6 introduced the FEAT_LS64 extension, which provides a 64 *byte*
store instruction. A related instruction is ST64BV0, which will replace
the lowest 32 bits of the data with a value taken from the ACCDATA_EL1
system register (so that EL0 cannot alter them).
Using that ST64BV0 instruction and accessing the ACCDATA_EL1 system
register is guarded by two SCR_EL3 bits, which we should set to avoid a
trap into EL3, when lower ELs use one of those.
Add the required bits and pieces to make this feature usable:
- Add the ENABLE_FEAT_LS64_ACCDATA build option (defaulting to 0).
- Add the CPUID and SCR_EL3 bit definitions associated with FEAT_LS64.
- Add a feature check to check for the existing four variants of the
LS64 feature and detect future extensions.
- Add code to save and restore the ACCDATA_EL1 register on
secure/non-secure context switches.
- Enable the feature with runtime detection for FVP and Arm FPGA.
Please note that the *basic* FEAT_LS64 feature does not feature any trap
bits, it's only the addition of the ACCDATA_EL1 system register that
adds these traps and the SCR_EL3 bits.
Change-Id: Ie3e2ca2d9c4fbbd45c0cc6089accbb825579138a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add documentation for the feature where EL3 can be used to sign realm
attestation token requests using RMM_EL3_TOKEN_SIGN command.
This patch also adds documentation for the RMM_EL3_FEATURES features
command that can be used to discover support for features such as
RMM_EL3_TOKEN_SIGN.
Change-Id: Iab5a157761ed17931210c3702f813198fc9c4b3a
Signed-off-by: Raghu Krishnamurthy <raghupathyk@nvidia.com>
This patch disables trapping to EL3 when the FEAT_D128
specific registers are accessed by setting the SCR_EL3.D128En bit.
If FEAT_D128 is implemented, then FEAT_SYSREG128 is implemented.
With FEAT_SYSREG128 certain system registers are treated as 128-bit,
so we should be context saving and restoring 128-bits instead of 64-bit
when FEAT_D128 is enabled.
FEAT_SYSREG128 adds support for MRRS and MSRR instruction which
helps us to read write to 128-bit system register.
Refer to Arm Architecture Manual for further details.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I1a53db5eac29e56c8fbdcd4961ede3abfcb2411a
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Arm v8.9 introduces FEAT_SCTLR2, adding SCTLR2_ELx registers.
Support this, context switching the registers and disabling
traps so lower ELs can access the new registers.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I0c4cba86917b6b065a7e8dd6af7daf64ee18dcda
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Arm v8.9 introduces FEAT_THE, adding Translation Hardening Extension
Read-Check-Write mask registers, RCWMASK_EL1 and RCWSMASK_EL1.
Support this, context switching the registers and disabling
traps so lower ELs can access the new registers.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I8775787f523639b39faf61d046ef482f73b2a562
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Updating toolchain to the latest production release version
13.3.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
We build TF-A in CI using x86_64 Linux hosted cross toolchains:
---------------------------------------------------------------
* AArch32 bare-metal target (arm-none-eabi)
* AArch64 bare-metal target (aarch64-none-elf)
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: If5915fdc14a6c65ce58ac7fccfddd6fe85c0d7c9
This new update to the LTS branch of MbedTLS provides minor
enhancements and bug fixes; including some security
fixes, and a fix to a compilation warning which
previously affected TF-A.
Full patch notes to this MbedTLS update can be found at
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1.
Change-Id: I1a68dfcb52a8361c1689cb6ef12d265a6462fda3
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Previously the max GPT block size was set to 2MB as a conservative
default. For workloads making use of SMMU in Normal world, and has
a Stage 2 block mapping of large sizes like 512MB or 1GB, then a
max GPT block size of 2MB may result in performance regression.
Hence this patch changes the default max GPT block size from 2MB to 512MB.
Change-Id: If90f12f494ec0f44d3e5974df8d58fcb528cfd34
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch documents the support for the newly introduced
CTX_INCLUDE_SVE_REGS build flag. Since this build flag is influenced
by other build flags, the relevant sections have been updated with
proper guidance.
This patch also documents the SEPARATE_SIMD_SECTION build flag.
Change-Id: I07852c4a65239c6a9c6de18a95c61aac429bec1c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Add the RMM option description in the build-options document.
Signed-off-by: Jaylyn Ren <Jaylyn.Ren2@arm.com>
Change-Id: Idb884e2707a2bdc686f676d16f0ff2f0e001a17d
This patch disables trapping to EL3 when the FEAT_FGT2
specific trap registers are accessed by setting the
SCR_EL3.FGTEn2 bit
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I6d2b614affb9067b2bc3d7bf0ae7d169d031592a
This patch enables FEAT_Debugv8p9 and prevents EL1/0 from
trapping to EL3 when accessing MDSELR_EL1 register by
setting the MDCR_EL3.EBWE bit.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I3613af1dd8cb8c0d3c33dc959f170846c0b9695a
Since DPE support is experimental, move the build option for
the DPE to the experimental section.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2e18947d37c52a0151b5ac656098dbae51254956
This patch adds support in GPT library for configuration
of the memory block size protected by one bit of 'bitlock'
structure. Build option 'RME_GPT_BITLOCK_BLOCK' defines the
number of 512MB blocks covered by each bit. This numeric
parameter must be a power of 2 and can take the values from
0 to 512. Setting this value to 0 chooses a single spinlock
for all GPT L1 table entries. The default value is set to 1
which corresponds to 512MB per bit.
Change-Id: I710d178072894a3ef40daebea701f74d19e8a3d7
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
This patch adds support for large GPT mappings using
Contiguous descriptors. The maximum size of supported
contiguous block in MB is defined in RME_GPT_MAX_BLOCK
build parameter and takes values 0, 2, 32 and 512 and
by default set to 2 in make_helpers/defaults.mk.
Setting RME_GPT_MAX_BLOCK value to 0 disables use of
Contiguous descriptors.
Function gpt_tlbi_by_pa_ll() and its declaration
are removed from lib/aarch64/misc_helpers.S and
include/arch/aarch64/arch_helpers.h, because the
GPT library now uses tlbirpalos_xxx() functions.
Change-Id: Ia9a59bde1741c5666b4ca1de9324e6dfd6f734eb
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
The use of AMU counters at the highest implemented exception level
can expose information about them to lower exception levels, such as
specific behavior happening in the CPU (e.g.: MPMM gear shifting in
TC2). In order to prevent this, read accesses to AMU counters are
restricted by default, so they are RAZ (read-as-zero) from lower
exception levels from now on.
Change-Id: I660b0928bea3fe09436ad53b0bb43c3067523178
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
With Commit@55aed7d798f3d48d6aa08d58eb46c4cda318bcfb
we have now updated to use mbedtls 3.6.0.
Update document to reflect the same.
Change-Id: I6bd8fcca795373a05bc6beb2e085d24fdd14932f
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Adds driver support to preserve DSU PMU register values over a DSU
power cycle. This driver needs to be enabled by the platforms that
support DSU and also need it's PMU registers to be preserved
Change-Id: I7fc68a3d7d99ee369379aa5cd114fffc763fc0d2
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
* changes:
feat(stm32mp2): use early traces
feat(st-bsec): use early traces
refactor(st): replace STM32MP_EARLY_CONSOLE with EARLY_CONSOLE
feat(console): introduce EARLY_CONSOLE
feat(bl32): create an sp_min_setup function
Add support for vendor-specific el3 service. SMCCC 1.5 introduces
support for vendor-specific EL3 monitor calls.
SMCCC Documentation reference:
https://developer.arm.com/docs/den0028/latest
Change-Id: Id8bc43842eecdb7a8a2ec7f31a631e88fe4fe0b4
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Add vendor specific el3 function id and update docs for the same.
SMCCC Documentation reference:
https://developer.arm.com/documentation/den0028/latest
Change-Id: Ieeb63608ad74d7b764d7131d8a92ecf10053c50d
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
This is a generic porting of what was done on ST platforms with flag
STM32MP_EARLY_CONSOLE. It creates the flag and the prototype for
plat_setup_early_console(). This function depends on platform
implementation. This function call is added at the beginning of each BL
image early setup function.
The patch also introduce an extra log macro: EARLY_ERROR. This can
replace ERROR macro in code that will only be executed before the
default console is enabled, and will do nothing when the EARLY_CONSOLE
is not enabled. This can then save some space in memory.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I77bf0a0c4289b4c7df94e4bfb783a938e05bf023
The ordering of the setup guide is quite confusing, primarly because the
min requirements section is overly verbose. Reconcile this information
into a single table, and present the most important information at the
start of the document i.e. how to get the source, and the tools to
compile.
Change-Id: I1c4d708259e152b101c7282dad19e467d6c36519
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Our code does not preclude the use of versions 1.0.x of OpenSSL.
Instead, we discourage it's use due to security concerns. Update the
documentation to reflect this.
Change-Id: I5c60907337f10b05d5c43b0384247c5d4135db50
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Updating toolchain to the latest production release version
13.2.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
We build TF-A in CI using x86_64 Linux hosted cross toolchains:
---------------------------------------------------------------
* AArch32 bare-metal target (arm-none-eabi)
* AArch64 bare-metal target (aarch64-none-elf)
Change-Id: I9b60728bcb1a48508ccd4fcbe0114b3029509a64
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Our build system extensively uses syntax and tools that are not natively
supported by Windows shells (i.e., CMD.exe and Powershell). This
dependency necessitates a UNIX-compatible build environment. This commit
updates the prerequisites section in our documentation to reflect this.
Change-Id: Ia7e02d7a335e6c88bbaa0394650f1313cdfd6e40
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Currently both FEAT_MTE and FEAT_MTE_PERM aren't used for enabling
of any feature bits in EL3. So remove both FEAT handling.
All mte regs that are currently context saved/restored are needed
only when FEAT_MTE2 is enabled, so move to usage of FEAT_MTE2 and
remove FEAT_MTE usage.
BREAKING CHANGE: Any platform or downstream code trying to use
SCR_EL3.ATA bit(26) will see failures as this is now moved to be
used only with FEAT_MTE2 with
commit@ef0d0e5478a3f19cbe70a378b9b184036db38fe2
Change-Id: Id01e154156571f7792135639e17dc5c8d0e17cf8
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
The client platform relies on the DICE attestation
scheme. RSS provides the DICE Protection Environment
(DPE) service. TF-A measured boot framework supports
multiple backends. A given platform always enables
the corresponding backend which is required by the
attestation scheme.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Idc3360d0d7216e4859e99b5db3d377407e0aeee5
DPE commands are CBOR encoded. QCBOR library is used
in TF-A for CBOR encoding.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ifd01e1e6e1477cf991e765b97c446684fc6ef9b9
The version 2 of the FWU metadata structure is designed such that the
information on the updatable images can be omitted from the metadata
structure. Add a config flag, PSA_FWU_METADATA_FW_STORE_DESC, which is
used to select whether the metadata structure has this information
included or not. It's value is set to 1 by default.
Change-Id: Id6c99455db768edd59b0a316051432a900d30076
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Update the links for accessing the FWU Multi Bank update specification
to point to the latest revision of the specification.
Change-Id: I25f35556a94ca81ca0a7463aebfcbc2d84595e8f
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Also increase add PLAT_ARM_SP_MAX_SIZE to override the default
ARM_SP_MAX_SIZE to support Trusty image and move OPTEE_SP_FW_CONFIG
documentation to build-internals.rst as it's not externally set-able.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ief90ae9113d32265ee2200f35f3e517b7b9a4bea
Add support for feat mte2. tfsr_el2 is available only with mte2,
however currently its context_save/restore is done with mte rather than
mte2, so introduce 'is_feat_mte2_supported' to check mte2.
Change-Id: I108d9989a8f5b4d1d2f3b9865a914056fa566cf2
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
This feature provides support to context save the
SCXTNUM_ELx register. FEAT_CSV2_3 implies the implementation
of FEAT_CSV2_2. FEAT_CSV2_3 is supported in AArch64 state only
and is an optional feature in Arm v8.0 implementations.
This patch adds feature detection for v8.9 feature FEAT_CSV2_3,
adds macros for ID_AA64PFR0_EL1.CSV2 bits [59:56] for detecting
FEAT_CSV2_3 and macro for ENABLE_FEAT_CSV2_3.
Change-Id: Ida9f31e832b5f11bd89eebd6cc9f10ddad755c14
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
The current documentation of the FEATURE_DETECTION build option seems
to suggest that this macro enables the dynamic runtime checking of
features, although this is done regardless of this debug feature.
FEATURE_DETECTION just adds the detect_arch_features() function to the
build and calls it early on, plus it enables the CPU errata order
checking.
Simplify the description of the FEATURE_DETECTION macro to make this
clear, and move the dynamic feature detection description into a
separate section, before all the specific ENABLE_FEAT_xxx explanations.
This also renames all mentioning of:
"... to align with the FEATURE_DETECTIION mechanism ..."
with:
"... to align with the ENABLE_FEAT mechanism ..."
in the description of each feature.
Change-Id: I5f4dd2d1e43bd440687b7cee551d02ec853d4e23
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
