Move debugfs to Vendor-Specific EL3 Monitor Service Calls.
Function Identifier for Vendor-Specific EL3 Monitor Service is '7' and
allocated subranges of Function identifiers to different services are:
0x87000000-0x8700FFFF-SMC32: Vendor-Specific EL3 Monitor Service Calls
0xC7000000-0xC700FFFF-SMC64: Vendor-Specific EL3 Monitor Service Calls
Amend Debugfs FID's to use this range and id.
Add a deprecation notice to inform debugfs moved from arm-sip range to
Vendor-Specific EL3 range. Debugfs support from arm-sip range will be
removed and will not be available after TF-A 2.12 release.
Reference to debugfs component level documentation:
https://trustedfirmware-a.readthedocs.io/en/latest/components/debugfs-design.html#overview
Change-Id: I97a50170178f361f70c95ed0049bc4e278de59d7
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Add vendor specific el3 function id and update docs for the same.
SMCCC Documentation reference:
https://developer.arm.com/documentation/den0028/latest
Change-Id: Ieeb63608ad74d7b764d7131d8a92ecf10053c50d
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
* changes:
refactor(changelog): change all occurrences of RSS to RSE
refactor(qemu): change all occurrences of RSS to RSE
refactor(fvp): change all occurrences of RSS to RSE
refactor(fiptool): change all occurrences of RSS to RSE
refactor(psa): change all occurrences of RSS to RSE
refactor(fvp): remove leftovers from rss measured boot support
refactor(tc): change all occurrences of RSS to RSE
docs: change all occurrences of RSS to RSE
refactor(measured-boot): change all occurrences of RSS to RSE
refactor(rse): change all occurrences of RSS to RSE
refactor(psa): rename all 'rss' files to 'rse'
refactor(tc): rename all 'rss' files to 'rse'
docs: rename all 'rss' files to 'rse'
refactor(measured-boot): rename all 'rss' files to 'rse'
refactor(rss): rename all 'rss' files to 'rse'
`TL_TAG_RW_MEM_LAYOUT64` encapsulates a structure used to represent the
layout of a region of memory on 64-bit platforms [2]. In TF-A this is
used to represent the `meminfo_t` structure passed between BL1 and BL2,
which provides BL2 with information about the space it has available in
BL2. The `TL_TAG_TB_FW_CONFIG` entry type encapsulates the trusted
bootloader firmware configuration [1].
[1] https://github.com/FirmwareHandoff/firmware_handoff/pull/37
[2] https://github.com/FirmwareHandoff/firmware_handoff/pull/36
Change-Id: I1e0eeec2ec204e469896490d42a9dce9b1b2f209
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Cortex-X4 erratum 2763018 is a Cat B erratum that is present
in revisions r0p0, r0p1 and is fixed in r0p2.
The workaround is to set bit[47] of CPUACTLR3_EL1 register.
Setting this chicken bit might have a small impact on power
and negligible impact on performance.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2432808/latest
Change-Id: Ia188e08c2eb2952923ec72e2a56efdeea836fe1e
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Changes all occurrences of "RSS" and "rss" in the code and build files
to "RSE" and "rse".
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I606e2663fb3719edf6372d6ffa4f1982eef45994
The following system registers are made part of save and restore
operations for EL1 context:
TRFCR_EL1
SCXTNUM_EL0
SCXTNUM_EL1
GCSCR_EL1
GCSCRE0_EL1
GCSPR_EL1
GCSPR_EL0
Change-Id: I1077112bdc29a6c9cd39b9707d6cf10b95fa15e3
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
fix(bl1): add missing `__RW_{START,END}__` symbols
fix(fvp): don't check MPIDRs with the power controller in BL1
fix(arm): only expose `arm_bl2_dyn_cfg_init` to BL2
fix(cm): hide `cm_init_context_by_index` from BL1
fix(bl1): add missing spinlock dependency
This patch adds 'bitlock_t' type and bit_lock() and
bit_unlock() to support locking/release functionality
based on individual bit position. These functions use
atomic bit set and clear instructions which require
FEAT_LSE mandatory from Armv8.1.
Change-Id: I3eb0f29bbccefe6c0f69061aa701187a6364df0c
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
commit@c282384dbb45b6185b4aba14efebbad110d18e49
removed ENABLE_FEAT_MTE but missed its usage in
context structure declaration path.
All mte regs that are currently context saved/restored
are needed only when FEAT_MTE2 is enabled, so move to
usage of FEAT_MTE2 and remove FEAT_MTE usage
Change-Id: I6b4417485fa6b7f52a31045562600945e48e81b7
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
BL1 requires the context management library but does not use or
implement `cm_init_context_by_index`. This change ensures that is not
compiled into BL1, as linking with LTO enabled causes an undefined
reference for this function.
Change-Id: I4a4602843bd75bc4f47b3e0c4c5a6efce1514ef6
Signed-off-by: Chris Kay <chris.kay@arm.com>
The following system registers are made part of save and restore
operations for EL1 context:
MDCCINT_EL1
MDSCR_EL1
DISR_EL1
PIRE0_EL1
PIR_EL1
POR_EL1
S2POR_EL1
TCR2_EL1
Some of these registers are available as part of core Armv8-A
architecture while others are made available through various
architectural extensions.
Change-Id: I507dccb9053ba177e1b98100fceccd1f32bdfc5c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The tag ID is a 3-byte field used to identify the contents of a TE. In
our library, the internal representation of the tag is a 2 byte field.
We currently ignore the top byte of this field, marking it res0. This
causes problems when dealing with non-standard TE types, whose range
starts at 0xff_f000. This commit fixes this by using a bit-field with a
24-bit width, and packing `transfer_list_entry`.
Change-Id: Ib3c212f964b64f528ad6f3dd6ab8b4597b877cd9
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
`TL_TAG_EXEC_EP_INFO64` type entries represent the `entry_point_info_t`
data structure. This structure provides the consumer with the execution
environment of an image. This is needed primarily in BL31 to execute
subsequent images i.e. BL32, BL33, or NT FW.
`TL_TAG_DT_SPMC_MANIFEST` holds the SPMC (Secure Partition Manager Core)
manifest image which is in DT format.
Change-Id: I80c4a72d639851457bc3c9b158b2e56041e8b29a
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Currently both FEAT_MTE and FEAT_MTE_PERM aren't used for enabling
of any feature bits in EL3. So remove both FEAT handling.
All mte regs that are currently context saved/restored are needed
only when FEAT_MTE2 is enabled, so move to usage of FEAT_MTE2 and
remove FEAT_MTE usage.
BREAKING CHANGE: Any platform or downstream code trying to use
SCR_EL3.ATA bit(26) will see failures as this is now moved to be
used only with FEAT_MTE2 with
commit@ef0d0e5478a3f19cbe70a378b9b184036db38fe2
Change-Id: Id01e154156571f7792135639e17dc5c8d0e17cf8
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Rename Neoverse Poseidon to Neoverse V3, make changes
to related build flags, macros, file names etc.
Change-Id: I9e40ba8f80b7390703d543787e6cd2ab6301e891
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Cortex-A720 erratum 2926083 is a Cat B erratum that is present
in revisions r0p0, r0p1 and is fixed in r0p2. The errata is only
present when SPE (Statistical Profiling Extension) is implemented
and enabled.
The workaround is to set bits[58:57] of the CPUACTLR_EL1 to 'b11
when SPE is "implemented and enabled".
SDEN documentation:
https://developer.arm.com/documentation/SDEN2439421/latest
Change-Id: I30182c3893416af65b55fca9a913cb4512430434
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Cortex-A720 erratum 2940794 is a Cat B erratum that is present
in revision r0p0, r0p1 and is fixed in r0p2.
The workaround is to set bit[37] of the CPUACTLR2_EL1 to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2439421/latest
Change-Id: I1488802e0ec7c16349c9633bb45de4d0e1faa9ad
Signed-off-by: Bipin Ravi <biprav01@u203721.austin.arm.com>
Cortex-A715 erratum 2413290 is a Cat B erratum that is present
only in revision r1p0 and is fixed in r1p1. The errata is only
present when SPE(Statistical Profiling Extension) is enabled.
The workaround is to set bits[58:57] of the CPUACTLR_EL1 to 'b11
when SPE is enabled, ENABLE_SPE_FOR_NS=1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2148827/latest
Change-Id: Iaeb258c8b0a92e93d70b7dad6ba59d1056aeb135
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level for region validity
feat(tc): add dummy TRNG support to be able to boot pVMs
feat(tc): get the parent component provided DPE context_handle
feat(tc): share DPE context handle with child component
feat(tc): add DPE context handle node to device tree
feat(tc): add DPE backend to the measured boot framework
feat(auth): add explicit entries for key OIDs
feat(dice): add DPE driver to measured boot
feat(dice): add client API for DICE Protection Environment
feat(dice): add QCBOR library as a dependency of DPE
feat(dice): add typedefs from the Open DICE repo
docs(changelog): add 'dice' scope
refactor(tc): align image identifier string macros
refactor(fvp): align image identifier string macros
refactor(imx8m): align image identifier string macros
refactor(qemu): align image identifier string macros
fix(measured-boot): add missing image identifier string
refactor(measured-boot): move metadata size macros to a common header
refactor(measured-boot): move image identifier strings to a common header
Currently the EL2 part of the context structure (el2_sysregs_t), is
mostly feature dependent.
For instance, CTX_HCRX_EL2 is only needed when FEAT_HCX
(ENABLE_FEAT_HCX=1) is set, but the entry is unconditionally added
in the EL2 context structure and thereby consuming memory even in
build configurations where FEAT_HCX is disabled.
Henceforth, all such context entries should be coupled/tied with
their respective feature enables and be optimized away when unused.
This would reduce the context memory allocation for platforms, that
dont enable/support all the architectural features at once.
Further, converting the assembly context-offset entries into
a c structure relies on garbage collection of the linker
removing unreferenced structures from memory, as well as aiding
in readability and future maintenance.
Change-Id: I0cf49498ee3033cb6f3ee3810331121b26627783
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Cortex-A715 erratum 2344187 is a Cat B erratum that applies to r0p0,
r1p0 and is fixed in r1p1. The workaround is to set GCR_EL1.RRND to
0b1, and apply an implementation specific patch sequence.
SDEN: https://developer.arm.com/documentation/SDEN2148827/latest
Change-Id: I78ea39a91254765c964bff89f771af33b23f29c1
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
This custom argument is meant to simplify to group
components into certificates. Components with
the same cert_id contribute to the same certificate
regardless of the load order or the structure of the
derivation tree. This argument aims to flatten the tree
structure and make it easy to include branches or
subtrees in the main derivation line.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I83c4abc399616063a5eb04792d603899f7513627
RSS provides the DICE Protection Environment
service (DPE). It partially implements the
DPE specification from TCG.
As a DPE profile, it supports the
Open Profile for DICE specification.
https://pigweed.googlesource.com/open-dice/+/refs/heads/main/docs/specification.md
In order to communicate with the service, commands
must be CBOR encoded.
The API implementation:
- Expose a C API to the upper layer,
- Do the CBOR encoding, decoding of the DPE
commands,
- Rely on the PSA framework to communicate
with the RSS through an MHU.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I26a08f0c7cbffe07e725a7defbb6c60fd7735efe
The DPE implementation in RSS is aligned with the
Open Profile for DICE specification:
https://pigweed.googlesource.com/open-dice/
Type definitions are needed to specify the input
values for the DPE service. Instead of mandating to
clone the entire open-dice repo, the following file
is copied from the repository:
https://pigweed.googlesource.com/open-dice/+/refs/heads/main/include/dice/dice.h
Git SHA of the source version: cf549422e3
This is external code, with Apache 2.0 license, therefore
the license.rst is updated accordingly and a copy of this
license is also added.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ie84b8483034819d1143fe0ec812e66514ac7d4cb
The max size macros of metadata elements are shared across
multiple measured boot backends: rss-measured-boot, dpe.
Increase the SW_TYPE_MAX_SIZE to be able to accomodate
all macro.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ic9004a36ef1df96c70a4f7adf7bb86dc27dd307c
* changes:
refactor(tc): correlate secure world addresses with platform_def
feat(tc): add memory node in the device tree
feat(tc): pass the DTB address to BL33 in R0
feat(tc): add arm_ffa node in dts
chore(tc): add dummy entropy to speed up the Linux boot
feat(tc): choose the DPU address and irq based on the target
feat(tc): add SCMI power domain and IOMMU toggles
refactor(tc): move the FVP RoS to a separate file
feat(tc): factor in FVP/FPGA differences
feat(tc): introduce an FPGA subvariant and TC3 CPUs
feat(tc): add TC3 platform definitions
refactor(tc): sanitise the device tree
feat(tc): add PMU entry
feat(tc): allow booting from DRAM
chore(tc): remove unused hdlcd
feat(tc): add firmware update secure partition
feat(tc): add spmc manifest with trusty sp
refactor(tc): unify all the spmc manifests
feat(arm): add trusty_sp_fw_config build option
fix(tc): do not enable MPMM and Aux AMU counters always
fix(tc): correct interrupts
feat(tc): interrupt numbers for `smmu_700`
feat(tc): enable gpu/dpu scmi power domain and also gpu perf domain
With new TC revisions, memory banks move around which requires an update
in platform_def. It also requires an update in the device tree which
doesn't come naturally. To avoid this, add the memory node such that it
uses the macros defined in platform_def.
By doing this we can put u-boot out of its misery in trying to come up
with the correct memory node and tf-a's device tree becomes complete.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ia92cc6931abb12be2856ac3fb1455e4f3005b326
Similar to the refactoring process followed for EL2 system registers,
moving the save and restore routines of EL1 system registers into C
file, thereby reducing assembly code.
Change-Id: Ib59fbbe2eef2aa815effe854cf962fc4ac62a2ae
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Address the coding style issue that arose from patch [1], which
was inadvertently overlooked during the CI check.
[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/26263
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I280766fddf0e9e366bb2376c52a6907093b0d958
Update the TC's platform test Makefile and related common definitions
to correspond to newer TF-M code (commit hash: 4ab7a20).
Change-Id: I6ef3effe194a780a0533f9c0c2eab9d0f4efc1fc
Signed-off-by: David Vincze <david.vincze@arm.com>
Added SiP calls to FVP platform to protect/unprotect a
memory range.
These leverage rme features to change the PAS of a given
memory range from non-secure to secure.
The mentioned call is leveraged by the SPMC in the memory
sharing flow, when memory is shared from the normal world
onto the secure world.
More details in the SPM related patches.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Iaf15d8603a549d247ffb1fc14c16bfb94d0e178a
Cortex-A715 erratum 2561034 is a Cat B erratum that applies to
revision r1p0 and is fixed in r1p1.
The workaround is to set bit[26] in CPUACTLR2_EL1. Setting this
bit is not expected to have a significant performance impact.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2148827/latest
Change-Id: I377f250a2994b6ced3ac7d93f947af6ceb690d49
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Adding a new API under PSCI library,for managing all the architectural
features, required during power off or suspend cases.
Change-Id: I1659560daa43b9344dd0cc0d9b311129b4e9a9c7
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Cortex X3 erratum 2641945 is a Cat B erratum that applies to all
revisions <= r1p0 and is fixed in r1p1.
The workaround is to disable the affected L1 data cache prefetcher
by setting CPUACTLR6_EL1[41] to 1. Doing so will incur a performance
penalty of ~1%. Contact Arm for an alternate workaround that impacts
power.
SDEN documentation:
https://developer.arm.com/documentation/2055130/latest
Change-Id: Ia6d6ac8a66936c63b8aa8d7698b937f42ba8f044
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Currently CTX_INCLUDE_MTE_REGS is used for dual purpose,
to enable allocation tags register and to context save and restore
them and also to check if mte feature is available.
To make it more meaningful, remove CTX_INCLUDE_MTE_REGS
and introduce FEAT_MTE. This would enable allocation tags register
when FEAT_MTE is enabled and also supported from platform.
Also arch features can be conditionally enabled disabled based on
arch version from `make_helpers/arch_features.mk`
Change-Id: Ibdd2d43874634ad7ddff93c7edad6044ae1631ed
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
