Some platforms do not support FEAT_MEC. Hence, they do not provide
an interface to update the update of the key corresponding to a
MECID.
This patch adds a condition in order to verify FEAT_MEC is present
before calling the corresponding platform hook, thus preventing it
from being called when the platform does not support the feature.
Change-Id: Ib1eb9e42f475e27ec31529569e888b93b207148c
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
- Define information structures for SMMU, root complex,
root port and BDF mappings.
- Add entries for SMMU and PCIe root complexes to Boot manifest.
- Update RMMD_MANIFEST_VERSION_MINOR from 4 to 5.
Change-Id: I0a76dc18edbaaff40116f376aeb56c750d57c7c1
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
* changes:
refactor(arm): simplify early platform setup functions
feat(bl32): enable r3 usage for boot args
feat(handoff): add lib to sp-min sources
feat(handoff): add 32-bit variant of SRAM layout
feat(handoff): add 32-bit variant of ep info
fix(aarch32): avoid using r12 to store boot params
fix(arm): reinit secure and non-secure tls
refactor(handoff): downgrade error messages
Refactor `arm_sp_min_early_platform_setup` to accept generic
`u_register_r` values to support receiving firmware handoff boot
arguments in common code. This has the added benefit of simplifying the
interface into common early platform setup.
Change-Id: Idfc3d41f94f2bf3a3a0c7ca39f6b9b0013836e3a
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Commit fe488c3796 added an override to
force `CTX_INCLUDE_SVE_REGS` to 0 when `SPD == spmd` and
`SPMD_SPM_AT_SEL2 == 1`.
Since there is an architectural dependency between FP and SVE registers,
`CTX_INCLUDE_FPREGS` must also be overridden to 0 when
CTX_INCLUDE_SVE_REGS is 0.
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I1cd834241a2d5a5368ac532a348d8729a701bbcd
With this addition, TF-A now has an SMC call to handle the
update of MEC keys associated to MECIDs.
The behavior of this newly added call is empty for now until an
implementation for the MPE (Memory Protection Engine) driver is
available. Only parameter sanitization has been implemented.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I2a969310b47e8c6da1817a79be0cd56158c6efc3
This patch provides architectural support for further use of
Memory Encryption Contexts (MEC) by declaring the necessary
registers, bits, masks, helpers and values and modifying the
necessary registers to enable FEAT_MEC.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I670dbfcef46e131dcbf3a0b927467ebf6f438fa4
Increase the size of cactus-tertiary partition to match update in
manifest. Part of effort to use cactus-tertiary partition in StMM/HOB
testing.
Dependent on
https://review.trustedfirmware.org/c/TF-A/tf-a-tests/+/35383
Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I5b91400848e2cf5d04d1c7442874a7a4b9847399
When using ARM_LINUX_KERNEL_AS_BL33, set defaults for the below for
increased build time efficiency:
PRELOADED_BL33_BASE=0x80080000
This address supports older kernels before v5.7
ARM_PRELOADED_DTB_BASE=0x87F00000 (only in RESET_TO_BL31)
1MiB before the address 0x88000000 in FVP. 1MiB seems enough for the
device tree blob (DTB).
Change-Id: I0396b597485e163b43f7c6677c04fcc08db55aa8
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
Add initrd properties to the device tree blob at build time, giving
users the ability to run a linux kernel and successfully boot it to
the terminal. Users can boot a linux kernel in a normal flow as well
as in RESET_TO_BL31. This function is an extension of the build time
option "ARM_LINUX_KERNEL_AS_BL33=1".
The build time options INITRD_SIZE or INITRD_PATH will trigger the
insertion of initrd properties in to the DTB. If both options are
provided then the INITRD_SIZE will take precedence.
The available options are:
INITRD_SIZE: Provide the initrd size in dec or hex (hex format must
precede with '0x'.
Example: INITRD_SIZE=0x1000000
INITRD_PATH: Provide an initrd path for the build time to find its
exact size.
INITRD_BASE: A required build time option that sets the initrd base
address in hex format. A default value can be set by the platform.
Example: INITRD_BASE=0x90000000
Change-Id: Ief8de5f00c453509bcc6e978e0a95d768f1f509c
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
ESR_EL3 value is updated when an exception is taken to EL3 and its value
does not change until a new exception is taken to EL3. We need to save
ESR in context memory only when we expect nested exception in EL3.
The scenarios where we would expect nested EL3 execution are related
with FFH_SUPPORT, namely
1.Handling pending async EAs at EL3 boundry
- It uses CTX_SAVED_ESR_EL3 to preserve origins esr_el3
2.Double fault handling
- Introduce an explicit storage (CTX_DOUBLE_FAULT_ESR) for esr_el3
to take care of DobuleFault.
As the ESR context has been removed, read the register directly instead
of its context value in RD platform.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I7720c5f03903f894a77413a235e3cc05c86f9c17
* changes:
feat(drtm): retrieve DLME image authentication features
feat(drtm): log No-Action Event in Event Log for DRTM measurements
feat(fvp): add stub function to retrieve DLME image auth features
feat(drtm): introduce plat API for DLME authentication features
feat(drtm): ensure event types aligns with DRTM specification v1.1
fix(drtm): add missing DLME data regions for min size requirement
feat(fvp): add stub platform function to get ACPI table region size
feat(drtm): add platform API to retrieve ACPI tables region size
`CTX_INCLUDE_SVE_REGS` should not be enabled when building with
SPD=spmd and SPMD_SPM_AT_SEL2=1 both been used.
Unfortunately a check at top level makefile ignored this, now its been
fixed at top level makefile. Ensure correct combination are handled,
otherwise it will lead to build failures.
Change-Id: Ib84fc0096c92d9b3d56366c0e1d77b6d83098221
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Adding PSA Crypto MBedTLS specific jump table to allow use of ROMLIB, to
be included when PSA_CRYPTO=1 and enabled.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Iff7f0e3c5cba6b89f1732f6c80d3060498e3675d
DLME image authentication features are currently not supported on FVP.
This patch introduces a stub function in fvp_drtm_stub.c as a
placeholder for retrieving DLME image authentication features.
Change-Id: I6d274834245774c5442d67ee93fcd641f3a9cd1a
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduces a stub platform function for FVP to retrieve the ACPI table
region size.
Change-Id: Icbf1ae0cb89c393502de2c2f4f66df6b510e6b81
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The current code is incredibly resilient to updates to the spec and
has worked quite well so far. However, recent implementations expose a
weakness in that this is rather slow. A large part of it is written in
assembly, making it opaque to the compiler for optimisations. The
future proofness requires reading registers that are effectively
`volatile`, making it even harder for the compiler, as well as adding
lots of implicit barriers, making it hard for the microarchitecutre to
optimise as well.
We can make a few assumptions, checked by a few well placed asserts, and
remove a lot of this burden. For a start, at the moment there are 4
group 0 counters with static assignments. Contexting them is a trivial
affair that doesn't need a loop. Similarly, there can only be up to 16
group 1 counters. Contexting them is a bit harder, but we can do with a
single branch with a falling through switch. If/when both of these
change, we have a pair of asserts and the feature detection mechanism to
guard us against pretending that we support something we don't.
We can drop contexting of the offset registers. They are fully
accessible by EL2 and as such are its responsibility to preserve on
powerdown.
Another small thing we can do, is pass the core_pos into the hook.
The caller already knows which core we're running on, we don't need to
call this non-trivial function again.
Finally, knowing this, we don't really need the auxiliary AMUs to be
described by the device tree. Linux doesn't care at the moment, and any
information we need for EL3 can be neatly placed in a simple array.
All of this, combined with lifting the actual saving out of assembly,
reduces the instructions to save the context from 180 to 40, including a
lot fewer branches. The code is also much shorter and easier to read.
Also propagate to aarch32 so that the two don't diverge too much.
Change-Id: Ib62e6e9ba5be7fb9fb8965c8eee148d5598a5361
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
MPMM is a core-specific microarchitectural feature. It has been present
in every Arm core since the Cortex-A510 and has been implemented in
exactly the same way. Despite that, it is enabled more like an
architectural feature with a top level enable flag. This utilised the
identical implementation.
This duality has left MPMM in an awkward place, where its enablement
should be generic, like an architectural feature, but since it is not,
it should also be core-specific if it ever changes. One choice to do
this has been through the device tree.
This has worked just fine so far, however, recent implementations expose
a weakness in that this is rather slow - the device tree has to be read,
there's a long call stack of functions with many branches, and system
registers are read. In the hot path of PSCI CPU powerdown, this has a
significant and measurable impact. Besides it being a rather large
amount of code that is difficult to understand.
Since MPMM is a microarchitectural feature, its correct placement is in
the reset function. The essence of the current enablement is to write
CPUPPMCR_EL3.MPMM_EN if CPUPPMCR_EL3.MPMMPINCTL == 0. Replacing the C
enablement with an assembly macro in each CPU's reset function achieves
the same effect with just a single close branch and a grand total of 6
instructions (versus the old 2 branches and 32 instructions).
Having done this, the device tree entry becomes redundant. Should a core
that doesn't support MPMM arise, this can cleanly be handled in the
reset function. As such, the whole ENABLE_MPMM_FCONF and platform hooks
mechanisms become obsolete and are removed.
Change-Id: I1d0475b21a1625bb3519f513ba109284f973ffdf
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
* changes:
refactor(cpus): declare runtime errata correctly
perf(cpus): make reset errata do fewer branches
perf(cpus): inline the init_cpu_data_ptr function
perf(cpus): inline the reset function
perf(cpus): inline the cpu_get_rev_var call
perf(cpus): inline cpu_rev_var checks
refactor(cpus): register DSU errata with the errata framework's wrappers
refactor(cpus): convert checker functions to standard helpers
refactor(cpus): convert the Cortex-A65 to use the errata framework
fix(cpus): declare reset errata correctly
The existing DSU errata workarounds hijack the errata framework's inner
workings to register with it. However, that is undesirable as any change
to the framework may end up missing these workarounds. So convert the
checks and workarounds to macros and have them included with the
standard wrappers.
The only problem with this is the is_scu_present_in_dsu weak function.
Fortunately, it is only needed for 2 of the errata and only on 3 cores.
So drop it, assuming the default behaviour and have the callers handle
the exception.
Change-Id: Iefa36325804ea093e938f867b9a6f49a6984b8ae
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
* changes:
fix(rdn2): add LCA multichip data for RD-N2-Cfg2
fix(rdv3): add LCA multichip data for RD-V3-Cfg2
feat(gic): add support for local chip addressing
To pass SMMUv3 Realm Page 0 address to RMM
in Boot Manifest, BL31 needs to read SMMU_ROOT_IDR0
register. BL31 at EL3 runs in Root mode, but
CoreSight and peripherals at DEVICE0_BASE
(0x2000_0000) including SMMUv3 at 0x2B40_0000 are
mapped as MT_SECURE which results in RAZ access
to all SMMUv3 registers after enabling MMU.
This patch changes MT_SECURE mapping to EL3_PAS
resulting in MT_SECURE (ENABLE_RME = 0), and
MT_ROOT (ENABLE_RME = 1).
Change-Id: I3d9ae7c86e4836dd6722fa64116a14d8c8aed8da
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
* changes:
refactor(rse)!: remove rse_comms_init
refactor(arm): switch to rse_mbx_init
refactor(rse): put MHU code in a dedicated file
refactor(tc): add plat_rse_comms_init
refactor(arm)!: rename PLAT_MHU_VERSION flag
When RESET_TO_BL31 was enabled, CNTFRQ_EL0 was left uninitialized,
leading to incorrect system counter frequency settings. This
impacted timer-dependent components, such as SMMUv3, causing
initialization failures and unpredictable behavior.
To fix this, CNTFRQ_EL0 is now explicitly set using
plat_get_syscnt_freq2(), ensuring the correct system timer
frequency and proper initialization of dependent components.
Signed-off-by: Lokesh B V <Lokesh.BV@Arm.com>
Change-Id: I808b17d25c87c4dce1bc2c8171a800b69b5c2908
To support TPM start method with SIP, SIP handler dispatch request to
secure partition via MM_COMMUNICATE abi.
That means spm_mm sip handler should generate mm communication header.
Move mm_communication header's definition to spm_mm_svc header.
Change-Id: I40567c16e67b068ee83a39eff050d6578aecfb2c
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
* changes:
fix(qemu): statically allocate bitlocks array
feat(qemu): update for renamed struct memory_bank
feat(fvp): increase GPT PPS to 1TB
feat(gpt): statically allocate bitlocks array
chore(gpt): define PPS in platform header files
feat(fvp): allocate L0 GPT at the top of SRAM
feat(fvp): change size of PCIe memory region 2
feat(rmm): add PCIe IO info to Boot manifest
feat(fvp): define single Root region
The rse_comms_init() function will be removed. The new function to use
is rse_mbx_init() for the MHU mailbox initialization.
Change-Id: I1932500ef71b6e895f0ee164ee9c2b58becf4409
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The same way it is done for neoverse_rd, create a plat_rse_comms_init()
function to call rse_comms_init().
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I12f3b8a38a5369decb4b97f8aceeb0dc81cbea28
In order to support a platform without MHU in RSE, update the flag
PLAT_MHU_VERSION. It is renamed PLAT_MHU and can take the following
entries: NO_MHU, MHUv1, MHUv2, MHUv3...
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ia72e590088ce62ba8c9009f341b6135926947bee
Wait for it to have been created. This is the same issue as
commit db69d11829.
Change-Id: I32bd0c713e2837563d32131fb0beddb5533c0792
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
* changes:
fix(cpus): clear CPUPWRCTLR_EL1.CORE_PWRDN_EN_BIT on reset
chore(docs): drop the "wfi" from `pwr_domain_pwr_down_wfi`
chore(psci): drop skip_wfi variable
feat(arm): convert arm platforms to expect a wakeup
fix(cpus): avoid SME related loss of context on powerdown
feat(psci): allow cores to wake up from powerdown
refactor: panic after calling psci_power_down_wfi()
refactor(cpus): undo errata mitigations
feat(cpus): add sysreg_bit_toggle
- Increase PPS for FVP from 64GB to 1TB.
- GPT L0 table for 1TB PPS requires 8KB memory.
- Set FVP_TRUSTED_SRAM_SIZE to 384 with ENABLE_RME=1
option.
- Add 256MB of PCIe memory region 1 and 3GB of
PCIe memory region 2 to FVP PAS regions array.
Change-Id: Icadd528576f53c55b5d461ff4dcd357429ba622a
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Statically allocate 'gpt_bitlock' array of fine-grained
'bitlock_t' data structures in arm_bl31_setup.c.
The amount of memory needed for this array is controlled
by 'RME_GPT_BITLOCK_BLOCK' build option and 'PLAT_ARM_PPS'
macro defined in platform_def.h which specifies the size
of protected physical address space in bytes.
'PLAT_ARM_PPS' takes values from 4GB to 4PB supported by
Arm architecture.
Change-Id: Icf620b5039e45df6828d58fca089cad83b0bc669
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
This patch allocates level 0 GPT at the top of SRAM
for FVP. This helps to meet L0 GPT alignment requirements
and prevent the occurrence of possible unused gaps in SRAM.
Load addresses for FVP TB_FW, SOC_FW and TOS_FW DTBs are
defined in fvp_fw_config.dts via ARM_BL_RAM_BASE macro.
Change-Id: Iaa52e302373779d9fdbaf4e1ba40c10aa8d1f8bd
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
- Add PCIe and SMMUv3 related information to DTS for
configurations with ENABLE_RME=1.
- Add entries for PCIe IO memory regions to Boot manifest
- Update RMMD_MANIFEST_VERSION_MINOR from 3 to 4.
- Read PCIe related information from DTB and write it to
Boot manifest.
- Rename structures that used to describe DRAM layout
and now describe both DRAM and PCIe IO memory regions:
- ns_dram_bank -> memory_bank
- ns_dram_info -> memory_info.
Change-Id: Ib75d1af86076f724f5c330074e231f1c2ba8e21d
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
For FVP model define single Root PAS which
includes EL3 DRAM data, L1 GPTs and SCP TZC.
This allows to decrease the number of PAS
regions passed to GPT library and use GPT
mapping with Contiguous descriptor of
larger block size.
Change-Id: I70f6babaebc14e5e0bce033783ec423c8a26c542
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Now that all errata flags are all conveniently in a single list we can
make sweeping decisions about their values. The first use-case is to
enable all errata in TF-A. This is useful for CI runs where it is
impractical to list every single one. This should help with the long
standing issue of errata not being built or tested.
Also add missing CPUs with errata to `ENABLE_ERRATA_ALL` to enable all
errata builds in CI.
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I2b456d304d7bf3215c7c4f4fd70b56ecbcb09979
* changes:
feat(rdv3): enable the support to fetch dynamic config
feat(rdv3): add dts files to enable hafnium as BL32
feat(rdv3): define SPMC manifest base address
feat(arm): add a macro for SPMC manifest base address
feat(rdv3): add carveout for BL32 image
feat(rdv3): introduce platform handler for Group0 interrupt
feat(neoverse-rd): use larger stack size when S-EL2 spmc is enabled
fix(neoverse-rd): set correct SVE vector lengths
To enable the support to load Hafnium as BL32, BL31 needs firmware
configuration info to get BL32 manifest load location. The load address
of BL32 is passed via firmware config info.
Add the support to get the address using fconf framework from dynamic
config info.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I3a2a5706789ed290dc7f4a67e62e03751b930c02
On RD-V3 platform and variants, Hafnium is used as SPMC running at
S-EL2 and manage SP running at S-EL0. Hafnium is loaded and configured
as BL32 image. SP is loaded by SP load framework and configured by
Hafnium.
Add the dts files needed to enable load and configuration of hafnium and
SP.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I7de72052323ff9106d7bedbaaf5ece3272e9a6cd
