Updating LTS maintainers list as agreed with other LTS
maintainers.
Change-Id: Ibf087c6b0e24d6faa9dafb6f8a0955a47f583f28
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Ref: https://linaro.atlassian.net/browse/TFC-669
The initial LTS document was created as pdf and was maintained in a
shared folder location, to avoid pdf getting lost and trying to find
where it is we decided to have LTS details part of docs in TF-A.
This patch directly reflects the data from pdf attached to TFC-669.
Any improvements or amends to this will be done at later phases based
on LTS maintainers comments and agreements.
Change-Id: I1434c29f0236161d2a127596e2cc528bf4cc3e85
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
FEAT_MOPS, mandatory from Arm v8.8, is typically managed in EL2.
However, in configurations where NS_EL2 is not enabled,
EL3 must set the HCRX_EL2.MSCEn bit to 1 to enable the feature.
This patch ensures FEAT_MOPS is enabled by setting HCRX_EL2.MSCEn to 1.
Change-Id: Ic4960e0cc14a44279156b79ded50de475b3b21c5
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
* changes:
feat(smccc): implement SMCCC_ARCH_FEATURE_AVAILABILITY
refactor(cm): clean up per-world context
refactor(cm): change owning security state when a feature is disabled
Move platform.mk inclusion in top level Makefile to permit a platform
specifying BRANCH_PROTECTION option.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I1f662f82cd949eedfdbb61b9f66de15c46fb3106
SMCCC_ARCH_FEATURE_AVAILABILITY [1] is a call to query firmware about
the features it is aware of and enables. This is useful when a feature
is not enabled at EL3, eg due to an older FW image, but it is present in
hardware. In those cases, the EL1 ID registers do not reflect the usable
feature set and this call should provide the necessary information to
remedy that.
The call itself is very lightweight - effectively a sanitised read of
the relevant system register. Bits that are not relevant to feature
enablement are masked out and active low bits are converted to active
high.
The implementation is also very simple. All relevant, irrelevant, and
inverted bits combined into bitmasks at build time. Then at runtime the
masks are unconditionally applied to produce the right result. This
assumes that context managers will make sure that disabled features
do not have their bits set and the registers are context switched if
any fields in them make enablement ambiguous.
Features that are not yet supported in TF-A have not been added. On
debug builds, calling this function will fail an assert if any bits that
are not expected are set. In combination with CI this should allow for
this feature to to stay up to date as new architectural features are
added.
If a call for MPAM3_EL3 is made when MPAM is not enabled, the call
will return INVALID_PARAM, while if it is FEAT_STATE_CHECK, it will
return zero. This should be fairly consistent with feature detection.
The bitmask is meant to be interpreted as the logical AND of the
relevant ID registers. It would be permissible for this to return 1
while the ID returns 0. Despite this, this implementation takes steps
not to. In the general case, the two should match exactly.
Finally, it is not entirely clear whether this call replies to SMC32
requests. However, it will not, as the return values are all 64 bits.
[1]: https://developer.arm.com/documentation/den0028/galp1/?lang=en
Co-developed-by: Charlie Bareham <charlie.bareham@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1a74e7d0b3459b1396961b8fa27f84e3f0ad6a6f
By default, the ECDSA Brainpool regular and ECDSA Brainpool twisted
algorithms support 256-bit sized keys. Not defining this leads to
an error indicating that '256' is not a valid key size for ECDSA
Brainpool. KEY_SIZES matrix must have a value in its table to avoid
problems when KEY_SIZE is defined.
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Change-Id: I34886659315f59a9582dcee1d92d0e24d4a4138e
The hashing algorithm for the rotpk is now HASH_ALG,
not always sha-256. The public development keys are
no longer in the repository and are now generated at
run-time, updates the documentation to reflect this.
Change-Id: Ic336f7aca858e9b6a1af6d6e6dc5f4aa428da179
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-X4
revisions r0p0, r0p1, r0p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I378cb4978919cced03e7febc2ad431c572eac72d
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
This patch enables support of FEAT_FPMR by enabling access
to FPMR register. It achieves it by setting the EnFPM bit of
SCR_EL3. This feature is currently enabled for NS world only.
Reference:
https://developer.arm.com/documentation/109697/2024_09/
Feature-descriptions/The-Armv9-5-architecture-extension?lang=en
Change-Id: I580c409b9b22f8ead0737502280fb9093a3d5dd2
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Cortex-X4 erratum 2923935 is a Cat B erratum that applies
to all revisions <= r0p1 and is fixed in r0p2.
The workaround is to set CPUACTLR4_EL1[11:10] to 0b11.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-2432808/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I9207802ad479919a7f77c1271019fa2479e076ee
Commit b65dfe40a removed the documentation for this flag in error. Put
it back.
Change-Id: I61a352553a010385997c47116b53d2fbe939ccd4
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
This new update to the LTS branch of MbedTLS provides
the fix for a buffer underrun vulnerability. TF-A does
not use the previously vulnerable functions
`mbedtls_pk_write_key_der` or `mbedtls_pk_write_key_pem`.
Full patch notes to this MbedTLS update can be found at
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2.
Change-Id: Ibc4a8712c92019648fe0e75390cd3540d86b735d
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Add descriptions for the various parameters for each
function.
Add more description to the example implementation.
Change-Id: I4b7a1ff38914d061e499c1b67e762a484688ee05
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
According to Platform Initialization (PI) Specification [1] and
discussion on edk2 mailing list [2],
StandaloneMm shouldn't create Hob but it should be passed from TF-A.
IOW, TF-A should pass boot information via HOB list to initialise
StandaloneMm properly.
And this HOB lists could be delivered via
- SPM_MM: Transfer List according to the firmware handoff spec[3]
- FF-A v1.1 >= : FF-A boot protocol.
This patch introduces a TF-A HOB creation library and
some of definitions which StandaloneMm requires to boot.
Link: https://uefi.org/sites/default/files/resources/PI_Spec_1_6.pdf [1]
Link: https://edk2.groups.io/g/devel/topic/103675962#114283 [2]
Link: https://github.com/FirmwareHandoff/firmware_handoff [3]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I5e0838adce487110206998a8b79bc3adca922cec
According to Platform Initialization (PI) Specification [1] and
Discussion on edk2 mailing list [2],
StandaloneMm shouldn't create Hob but it should be passed from TF-A.
IOW, TF-A should pass boot information via PHIT Hob to initialize
StandaloneMm properly.
This patch modifies Hob creation code from edk2 codebase
so that TF-A could create Hob information properly to boot StandaloneMm
Link: https://uefi.org/sites/default/files/resources/PI_Spec_1_6.pdf [1]
Link: https://edk2.groups.io/g/devel/topic/103675962#114283 [2]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I5e427b620d8006b118b266370bd08d4b0ff56a83
Update the boot sequence in the RD-1 AE documentation
to include BL32 (OP-TEE).
Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Change-Id: I25fdc114bb71d3ad7e1bb2d845f758d6af037e3d
added a note to specify that tc2 has been deprecated
Change-Id: I7ab69a2560e0e56379f4e144d41da20671c1ca9d
Signed-off-by: Icen Zeyada <Icen.Zeyada2@arm.com>
Generated this change-log using below command:
npm run release -- --skip.commit --skip.tag --release-as 2.12.0
Change-Id: Idb74f6a31bf2691e7666e2738030d6f0e2b8c519
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Update the documentation to reflect the various FVP models
used in the OpenCI environment.
Change-Id: I6144ab7c41d3776421164125d07371dadc9252b5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Bump `dtc`, `clang` and `sphinx` to reconcile our minimum requirements
with the versions used in CI.
Change-Id: Ia848b4bdd93dc833ea03eda5b002561468042f52
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
This small change removes the footnote from Poetry that it is only used
for building documentation, as it is now used for some of the Python
tooling in the repository from the build system.
Additionally, add a link to the official installation guide for Poetry.
Change-Id: Ie36b7ecd8066cbf2a14a1085d84fa9bd9c4409ba
Signed-off-by: Chris Kay <chris.kay@arm.com>
* This patch adds some details on the EL3/Root-Context
and its related interfaces.
* Additionally it updates the existing details on the
interfaces, related to various CPU context entries which
have been improvised recently.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I81a992fe09feca4dc3d579a48e54a4763425e052
Armv8.6 introduced the FEAT_LS64 extension, which provides a 64 *byte*
store instruction. A related instruction is ST64BV0, which will replace
the lowest 32 bits of the data with a value taken from the ACCDATA_EL1
system register (so that EL0 cannot alter them).
Using that ST64BV0 instruction and accessing the ACCDATA_EL1 system
register is guarded by two SCR_EL3 bits, which we should set to avoid a
trap into EL3, when lower ELs use one of those.
Add the required bits and pieces to make this feature usable:
- Add the ENABLE_FEAT_LS64_ACCDATA build option (defaulting to 0).
- Add the CPUID and SCR_EL3 bit definitions associated with FEAT_LS64.
- Add a feature check to check for the existing four variants of the
LS64 feature and detect future extensions.
- Add code to save and restore the ACCDATA_EL1 register on
secure/non-secure context switches.
- Enable the feature with runtime detection for FVP and Arm FPGA.
Please note that the *basic* FEAT_LS64 feature does not feature any trap
bits, it's only the addition of the ACCDATA_EL1 system register that
adds these traps and the SCR_EL3 bits.
Change-Id: Ie3e2ca2d9c4fbbd45c0cc6089accbb825579138a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add documentation for the feature where EL3 can be used to sign realm
attestation token requests using RMM_EL3_TOKEN_SIGN command.
This patch also adds documentation for the RMM_EL3_FEATURES features
command that can be used to discover support for features such as
RMM_EL3_TOKEN_SIGN.
Change-Id: Iab5a157761ed17931210c3702f813198fc9c4b3a
Signed-off-by: Raghu Krishnamurthy <raghupathyk@nvidia.com>
