Armv8.6 introduced the FEAT_LS64 extension, which provides a 64 *byte*
store instruction. A related instruction is ST64BV0, which will replace
the lowest 32 bits of the data with a value taken from the ACCDATA_EL1
system register (so that EL0 cannot alter them).
Using that ST64BV0 instruction and accessing the ACCDATA_EL1 system
register is guarded by two SCR_EL3 bits, which we should set to avoid a
trap into EL3, when lower ELs use one of those.
Add the required bits and pieces to make this feature usable:
- Add the ENABLE_FEAT_LS64_ACCDATA build option (defaulting to 0).
- Add the CPUID and SCR_EL3 bit definitions associated with FEAT_LS64.
- Add a feature check to check for the existing four variants of the
LS64 feature and detect future extensions.
- Add code to save and restore the ACCDATA_EL1 register on
secure/non-secure context switches.
- Enable the feature with runtime detection for FVP and Arm FPGA.
Please note that the *basic* FEAT_LS64 feature does not feature any trap
bits, it's only the addition of the ACCDATA_EL1 system register that
adds these traps and the SCR_EL3 bits.
Change-Id: Ie3e2ca2d9c4fbbd45c0cc6089accbb825579138a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add documentation for the feature where EL3 can be used to sign realm
attestation token requests using RMM_EL3_TOKEN_SIGN command.
This patch also adds documentation for the RMM_EL3_FEATURES features
command that can be used to discover support for features such as
RMM_EL3_TOKEN_SIGN.
Change-Id: Iab5a157761ed17931210c3702f813198fc9c4b3a
Signed-off-by: Raghu Krishnamurthy <raghupathyk@nvidia.com>
This patch disables trapping to EL3 when the FEAT_D128
specific registers are accessed by setting the SCR_EL3.D128En bit.
If FEAT_D128 is implemented, then FEAT_SYSREG128 is implemented.
With FEAT_SYSREG128 certain system registers are treated as 128-bit,
so we should be context saving and restoring 128-bits instead of 64-bit
when FEAT_D128 is enabled.
FEAT_SYSREG128 adds support for MRRS and MSRR instruction which
helps us to read write to 128-bit system register.
Refer to Arm Architecture Manual for further details.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I1a53db5eac29e56c8fbdcd4961ede3abfcb2411a
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Arm v8.9 introduces FEAT_SCTLR2, adding SCTLR2_ELx registers.
Support this, context switching the registers and disabling
traps so lower ELs can access the new registers.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I0c4cba86917b6b065a7e8dd6af7daf64ee18dcda
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Arm v8.9 introduces FEAT_THE, adding Translation Hardening Extension
Read-Check-Write mask registers, RCWMASK_EL1 and RCWSMASK_EL1.
Support this, context switching the registers and disabling
traps so lower ELs can access the new registers.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I8775787f523639b39faf61d046ef482f73b2a562
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Updating toolchain to the latest production release version
13.3.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
We build TF-A in CI using x86_64 Linux hosted cross toolchains:
---------------------------------------------------------------
* AArch32 bare-metal target (arm-none-eabi)
* AArch64 bare-metal target (aarch64-none-elf)
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: If5915fdc14a6c65ce58ac7fccfddd6fe85c0d7c9
This new update to the LTS branch of MbedTLS provides minor
enhancements and bug fixes; including some security
fixes, and a fix to a compilation warning which
previously affected TF-A.
Full patch notes to this MbedTLS update can be found at
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1.
Change-Id: I1a68dfcb52a8361c1689cb6ef12d265a6462fda3
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Previously the max GPT block size was set to 2MB as a conservative
default. For workloads making use of SMMU in Normal world, and has
a Stage 2 block mapping of large sizes like 512MB or 1GB, then a
max GPT block size of 2MB may result in performance regression.
Hence this patch changes the default max GPT block size from 2MB to 512MB.
Change-Id: If90f12f494ec0f44d3e5974df8d58fcb528cfd34
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch documents the support for the newly introduced
CTX_INCLUDE_SVE_REGS build flag. Since this build flag is influenced
by other build flags, the relevant sections have been updated with
proper guidance.
This patch also documents the SEPARATE_SIMD_SECTION build flag.
Change-Id: I07852c4a65239c6a9c6de18a95c61aac429bec1c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Add the RMM option description in the build-options document.
Signed-off-by: Jaylyn Ren <Jaylyn.Ren2@arm.com>
Change-Id: Idb884e2707a2bdc686f676d16f0ff2f0e001a17d
This patch disables trapping to EL3 when the FEAT_FGT2
specific trap registers are accessed by setting the
SCR_EL3.FGTEn2 bit
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I6d2b614affb9067b2bc3d7bf0ae7d169d031592a
This patch enables FEAT_Debugv8p9 and prevents EL1/0 from
trapping to EL3 when accessing MDSELR_EL1 register by
setting the MDCR_EL3.EBWE bit.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I3613af1dd8cb8c0d3c33dc959f170846c0b9695a
Since DPE support is experimental, move the build option for
the DPE to the experimental section.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2e18947d37c52a0151b5ac656098dbae51254956
This patch adds support in GPT library for configuration
of the memory block size protected by one bit of 'bitlock'
structure. Build option 'RME_GPT_BITLOCK_BLOCK' defines the
number of 512MB blocks covered by each bit. This numeric
parameter must be a power of 2 and can take the values from
0 to 512. Setting this value to 0 chooses a single spinlock
for all GPT L1 table entries. The default value is set to 1
which corresponds to 512MB per bit.
Change-Id: I710d178072894a3ef40daebea701f74d19e8a3d7
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
This patch adds support for large GPT mappings using
Contiguous descriptors. The maximum size of supported
contiguous block in MB is defined in RME_GPT_MAX_BLOCK
build parameter and takes values 0, 2, 32 and 512 and
by default set to 2 in make_helpers/defaults.mk.
Setting RME_GPT_MAX_BLOCK value to 0 disables use of
Contiguous descriptors.
Function gpt_tlbi_by_pa_ll() and its declaration
are removed from lib/aarch64/misc_helpers.S and
include/arch/aarch64/arch_helpers.h, because the
GPT library now uses tlbirpalos_xxx() functions.
Change-Id: Ia9a59bde1741c5666b4ca1de9324e6dfd6f734eb
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
The use of AMU counters at the highest implemented exception level
can expose information about them to lower exception levels, such as
specific behavior happening in the CPU (e.g.: MPMM gear shifting in
TC2). In order to prevent this, read accesses to AMU counters are
restricted by default, so they are RAZ (read-as-zero) from lower
exception levels from now on.
Change-Id: I660b0928bea3fe09436ad53b0bb43c3067523178
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
With Commit@55aed7d798f3d48d6aa08d58eb46c4cda318bcfb
we have now updated to use mbedtls 3.6.0.
Update document to reflect the same.
Change-Id: I6bd8fcca795373a05bc6beb2e085d24fdd14932f
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Adds driver support to preserve DSU PMU register values over a DSU
power cycle. This driver needs to be enabled by the platforms that
support DSU and also need it's PMU registers to be preserved
Change-Id: I7fc68a3d7d99ee369379aa5cd114fffc763fc0d2
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
* changes:
feat(stm32mp2): use early traces
feat(st-bsec): use early traces
refactor(st): replace STM32MP_EARLY_CONSOLE with EARLY_CONSOLE
feat(console): introduce EARLY_CONSOLE
feat(bl32): create an sp_min_setup function
Add support for vendor-specific el3 service. SMCCC 1.5 introduces
support for vendor-specific EL3 monitor calls.
SMCCC Documentation reference:
https://developer.arm.com/docs/den0028/latest
Change-Id: Id8bc43842eecdb7a8a2ec7f31a631e88fe4fe0b4
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Add vendor specific el3 function id and update docs for the same.
SMCCC Documentation reference:
https://developer.arm.com/documentation/den0028/latest
Change-Id: Ieeb63608ad74d7b764d7131d8a92ecf10053c50d
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
This is a generic porting of what was done on ST platforms with flag
STM32MP_EARLY_CONSOLE. It creates the flag and the prototype for
plat_setup_early_console(). This function depends on platform
implementation. This function call is added at the beginning of each BL
image early setup function.
The patch also introduce an extra log macro: EARLY_ERROR. This can
replace ERROR macro in code that will only be executed before the
default console is enabled, and will do nothing when the EARLY_CONSOLE
is not enabled. This can then save some space in memory.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I77bf0a0c4289b4c7df94e4bfb783a938e05bf023
The ordering of the setup guide is quite confusing, primarly because the
min requirements section is overly verbose. Reconcile this information
into a single table, and present the most important information at the
start of the document i.e. how to get the source, and the tools to
compile.
Change-Id: I1c4d708259e152b101c7282dad19e467d6c36519
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Our code does not preclude the use of versions 1.0.x of OpenSSL.
Instead, we discourage it's use due to security concerns. Update the
documentation to reflect this.
Change-Id: I5c60907337f10b05d5c43b0384247c5d4135db50
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Updating toolchain to the latest production release version
13.2.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
We build TF-A in CI using x86_64 Linux hosted cross toolchains:
---------------------------------------------------------------
* AArch32 bare-metal target (arm-none-eabi)
* AArch64 bare-metal target (aarch64-none-elf)
Change-Id: I9b60728bcb1a48508ccd4fcbe0114b3029509a64
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Our build system extensively uses syntax and tools that are not natively
supported by Windows shells (i.e., CMD.exe and Powershell). This
dependency necessitates a UNIX-compatible build environment. This commit
updates the prerequisites section in our documentation to reflect this.
Change-Id: Ia7e02d7a335e6c88bbaa0394650f1313cdfd6e40
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Currently both FEAT_MTE and FEAT_MTE_PERM aren't used for enabling
of any feature bits in EL3. So remove both FEAT handling.
All mte regs that are currently context saved/restored are needed
only when FEAT_MTE2 is enabled, so move to usage of FEAT_MTE2 and
remove FEAT_MTE usage.
BREAKING CHANGE: Any platform or downstream code trying to use
SCR_EL3.ATA bit(26) will see failures as this is now moved to be
used only with FEAT_MTE2 with
commit@ef0d0e5478a3f19cbe70a378b9b184036db38fe2
Change-Id: Id01e154156571f7792135639e17dc5c8d0e17cf8
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
The client platform relies on the DICE attestation
scheme. RSS provides the DICE Protection Environment
(DPE) service. TF-A measured boot framework supports
multiple backends. A given platform always enables
the corresponding backend which is required by the
attestation scheme.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Idc3360d0d7216e4859e99b5db3d377407e0aeee5
DPE commands are CBOR encoded. QCBOR library is used
in TF-A for CBOR encoding.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ifd01e1e6e1477cf991e765b97c446684fc6ef9b9
The version 2 of the FWU metadata structure is designed such that the
information on the updatable images can be omitted from the metadata
structure. Add a config flag, PSA_FWU_METADATA_FW_STORE_DESC, which is
used to select whether the metadata structure has this information
included or not. It's value is set to 1 by default.
Change-Id: Id6c99455db768edd59b0a316051432a900d30076
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Update the links for accessing the FWU Multi Bank update specification
to point to the latest revision of the specification.
Change-Id: I25f35556a94ca81ca0a7463aebfcbc2d84595e8f
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Also increase add PLAT_ARM_SP_MAX_SIZE to override the default
ARM_SP_MAX_SIZE to support Trusty image and move OPTEE_SP_FW_CONFIG
documentation to build-internals.rst as it's not externally set-able.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ief90ae9113d32265ee2200f35f3e517b7b9a4bea
Add support for feat mte2. tfsr_el2 is available only with mte2,
however currently its context_save/restore is done with mte rather than
mte2, so introduce 'is_feat_mte2_supported' to check mte2.
Change-Id: I108d9989a8f5b4d1d2f3b9865a914056fa566cf2
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
This feature provides support to context save the
SCXTNUM_ELx register. FEAT_CSV2_3 implies the implementation
of FEAT_CSV2_2. FEAT_CSV2_3 is supported in AArch64 state only
and is an optional feature in Arm v8.0 implementations.
This patch adds feature detection for v8.9 feature FEAT_CSV2_3,
adds macros for ID_AA64PFR0_EL1.CSV2 bits [59:56] for detecting
FEAT_CSV2_3 and macro for ENABLE_FEAT_CSV2_3.
Change-Id: Ida9f31e832b5f11bd89eebd6cc9f10ddad755c14
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
The current documentation of the FEATURE_DETECTION build option seems
to suggest that this macro enables the dynamic runtime checking of
features, although this is done regardless of this debug feature.
FEATURE_DETECTION just adds the detect_arch_features() function to the
build and calls it early on, plus it enables the CPU errata order
checking.
Simplify the description of the FEATURE_DETECTION macro to make this
clear, and move the dynamic feature detection description into a
separate section, before all the specific ENABLE_FEAT_xxx explanations.
This also renames all mentioning of:
"... to align with the FEATURE_DETECTIION mechanism ..."
with:
"... to align with the ENABLE_FEAT mechanism ..."
in the description of each feature.
Change-Id: I5f4dd2d1e43bd440687b7cee551d02ec853d4e23
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Currently CTX_INCLUDE_MTE_REGS is used for dual purpose,
to enable allocation tags register and to context save and restore
them and also to check if mte feature is available.
To make it more meaningful, remove CTX_INCLUDE_MTE_REGS
and introduce FEAT_MTE. This would enable allocation tags register
when FEAT_MTE is enabled and also supported from platform.
Also arch features can be conditionally enabled disabled based on
arch version from `make_helpers/arch_features.mk`
Change-Id: Ibdd2d43874634ad7ddff93c7edad6044ae1631ed
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
This patch provides a reporting functionality to display the memory
consumed by the context in each security state and for each exception
level. Flag PLATFORM_REPORT_CTX_MEM_USE enables or disables this
feature.
Change-Id: I1515366bf87561dcedf2b3206be167804df681d4
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
New build option CTX_INCLUDE_MPAM_REGS is added to select
if the firmware needs to save the MPAM EL2 registers during world
switches. This option is currently disabled as MPAM is only
enabled for NS world.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ie2e5e184cdb65f7e1a98d8fe81590253fd859679
This patch enables support for the gcc compiler option "-mharden-sls",
the default is not to use this option. Setting HARDEN_SLS=1 sets
"-mharden-sls=all" that enables all hardening against straight line
speculation.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I59f5963c22431571f5aebe7e0c5642b32362f4c9
A number of features are marked experimental in the build system through
makefiles but there wasn't an explicit document to list them.
Added a dedicated experimental build options section and moved
existing experimental build option descriptions in this section.
Restoring the change from [1] removing the experimental flag on the EL3
SPMC (this has been lost in rebasing a later change).
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/24713
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2c458c6857c347114b265404e8b9ede9ac588463
Removed the PLAT_RSS_NOT_SUPPORTED build option, which was initially
introduced for building the Base AEM FVP platform platform with RSS.
However, we now have a well-defined TC2 platform with RSS, making it
unnecessary to keep this flag.
Note -
Theoretically this is a breaking change. Other platforms could be
using the PLAT_RSS_NOT_SUPPORTED build option. Among upstream platforms,
only the Base AEM FVP uses it right now but we don't know about
downstream platforms.
Change-Id: I931905a4c6ac1ebe3895ab6e0287d0fa07721707
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
CryptoCell-712 and CryptoCell-713 drivers have been deprecated since
TF-A v2.9 and their removal was announced for TF-A v2.10 release.
See [1].
As the release is approaching, this patch deletes these drivers' code as
well as all references to them in the documentation and Arm platforms
code (Nuvoton platform is taken care in a subsequent patch). Associated
build options (ARM_CRYPTOCELL_INTEG and PLAT_CRYPTOCELL_BASE) have also
been removed and thus will have no effect if defined.
This is a breaking change for downstream platforms which use these
drivers.
[1] https://trustedfirmware-a.readthedocs.io/en/v2.9/about/release-information.html#removal-of-deprecated-drivers
Note that TF-A v3.0 release later got renumbered into v2.10.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Idabbc9115f6732ac1a0e52b273d3380677a39813
