When trying to compile and link with gcc on an Aarch32 platform, there
is the following error:
arm-none-eabi-gcc: error: unrecognized command-line option
'-mno-fix-cortex-a53-843419'; did you mean '-mno-fix-cortex-m3-ldrd'?
This option seems specific to Aarch64 version of GCC.
Enclose it with a check on ARCH=aarch64.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I8c8cb784ce2f2938c4c6999745dda09ee9a5669d
Introduce a build flag for enabling the support for loading SEL0 SP in
EL3 SPMC.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I1d63ae4d0d8374a732113565be90d58861506e39
The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A. It is dangerous to keep that feature enabled if not
strictly necessary, especially in production firmware builds.
Thus, we need a way to disable this feature. Moreover, when it is
disabled, all related code should be eliminated from the firmware
binaries, such that no remnant/dead getc() code remains in memory,
which could otherwise be used as a gadget as part of a bigger security
attack.
This patch disables getc() feature by default. For legitimate getc()
use cases [1], it can be explicitly enabled by building TF-A with
ENABLE_CONSOLE_GETC=1.
The following changes are introduced when getc() is disabled:
- The multi-console framework no longer provides the console_getc()
function.
- If the console driver selected by the platform attempts to register
a getc() callback into the multi-console framework then TF-A will
now fail to build.
If registered through the assembly function finish_console_register():
- On AArch64, you'll get:
Error: undefined symbol CONSOLE_T_GETC used as an immediate value.
- On AArch32, you'll get:
Error: internal_relocation (type: OFFSET_IMM) not fixed up
If registered through the C function console_register(), this requires
populating a struct console with a getc field, which will trigger:
error: 'console_t' {aka 'struct console'} has no member named 'getc'
- All console drivers which previously registered a getc() callback
have been modified to do so only when ENABLE_CONSOLE_GETC=1.
[1] Example of such use cases would be:
- Firmware recovery: retrieving a golden BL2 image over the console in
order to repair a broken firmware on a bricked board.
- Factory CLI tool: Drive some soak tests through the console.
Discussed on TF-A mailing list here:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/YS7F6RCNTWBTEOBLAXIRTXWIOYINVRW7/
Change-Id: Icb412304cd23dbdd7662df7cf8992267b7975cc5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
* changes:
feat(mbedtls-psa): use PSA crypto API during signature verification
feat(mbedtls-psa): use PSA crypto API during hash calculation
feat(mbedtls-psa): use PSA crypto API for hash verification
feat(mbedtls-psa): initialise mbedtls psa crypto
feat(mbedtls-psa): register an ad-hoc PSA crypto driver
feat(mbedtls-psa): introduce PSA_CRYPTO build option
docs(changelog): add scope for MbedTLS PSA Crypto
Add VERSION_PATCH macro in Makefile. This will help LTS releases.
While at it, handle VERSION_PATCH macro in .versionrc.js script.
Change-Id: Id3ec359f7768a90ba5c67e35d29736a46eb402b5
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This is a preparatory patch to provide MbedTLS PSA Crypto
API support, with below changes -
1. Added a build macro PSA_CRYPTO to enable the MbedTLS PSA
Crypto API support in the subsequent patches.
2. Compile necessary PSA crypto files from MbedTLS source code
when PSA_CRYPTO=1.
Also, marked PSA_CRYPTO as an experimental feature.
Change-Id: I45188f56c5c98b169b2e21e365150b1825c6c450
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch enables Scalable Matrix Extension (SME) for RMM. RMM will
save/restore required registers that are shared with SVE/FPU register
state so that Realm can use FPU or SVE.
The Relevant RMM support can be found here :
https://github.com/TF-RMM/tf-rmm/commit/0ccd7ae58b00
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I3bbdb840e7736dec00b71c85fcec3d5719413ffd
Add transfer list APIs and firmware handoff build option.
Change-Id: I68a0ace22c7e50fcdacd101eb76b271d7b76d8ff
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Current build infra defaults all cpufeats in defaults.mk and some
mandatory features are enabled in arch_features.mk and optional
arch features are enabled in platform specific makefile.
This fragmentation is sometime confusing to figure out which feature
is tied to which ARCH_MAJOR.ARCH_MINOR.
So, consolidating and grouping them for tracking and enabling makes
more sense. With this change we consolidate all ARCH feature handling
within arch_features.mk and disable all optional features that need
to be enabled to platform makefile.
This is an ongoing series of effort to consolidate and going forward
platform makefile should just specify ARCH_MAJOR and ARCH MINOR and
all mandatory feature should be selected based on arch_features.mk
any optional feature needed by the platform support can be enabled
by platform makefile.
It also makes it easier for platform ports to look upto arch_features.mk
and enable any optional feature that platform may need which are
supported from TF-A.
Change-Id: I18764008856d81414256b6cbabdfa42a16b8040d
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
If AACRH32_SP is not specified, it causes the DEFAULT_LINKER_SCRIPT
variable to be empty, and then the linker takes the variable following
it as if it was the linker script, which is not one. This patch
addresses that issue by requiring the AARCH32_SP variable to be set
before continuing.
Change-Id: I21db7d5bd86b98faaa1a1cd3f985daa592556a2d
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
TF-A makefile accepts a device-tree snippet to override hardcoded SP
nodes, via the `ARM_BL2_SP_LIST_DTS` variable. However the SPs declared
in `ARM_BL2_SP_LIST_DTS` must be in the same order as they are in the
FIP image, otherwise hash authentication will fail when loaded by BL2.
This patch generates the `ARM_BL2_SP_LIST_DTS` file from the
`sp_layout.json` file. The SPs in the FIP image are also generated from
`sp_layout.json`, so this ensures that there is only one source of truth
for the SP list, removing the possibility to have the lists disagree
with each other.
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
Change-Id: I7d76715135c596605c6a02aad5196d967dfeb1ce
Add header file to help with creation of SPMD logical partitions. Also
update linker files to create sections to record SPMD logical partitions
declared. This follows the same pattern as the EL3 SPMC's logical
partitions. This patch also adds initialization of SPMD logical
partitions when the SPMD comes up.
ENABLE_SPMD_LP is a build flag that is used to enable support for
SPMD logical partitions.
Note that the approach chosen is to keep SPMD and SPMC logical
partition support separate, as opposed to extend the existing SPMC
logical partition support since the code would need to have a number of
ifdefs and the interactions with various build options such as
SPMC_AT_EL3 needs to be accounted for, which would make code more
complicated.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I9642ddbf6ea26dd3f4a283baec598d61c07e3661
Current build infra uses ARM_ARCH_MAJOR/MINOR to come up with march
version and uses that march version with the compiler.
However in certain situations this is not ideal, like for example when
we build with gcc-11 which supports only till march=armv8.5 but
we need to build for 8.8 build, this means we need to bump down
MAJOR/MINOR and we can't rely on major and minor values from the
platform to select march value and build infra doesn't even try
to compile and fails with not supported MAJOR/MINOR.
By adding a march build helper we try to check if compiler supports
given march value from MAJOR/MINOR values from platform, if compiler
doesn't support then we try to check what's the max or best supported
march version by compiler and choose that march value and try to
compile with that.
This is a supportive mechanism which will decouple march reliance on
MAJOR/MINOR values from platform and will pave way for setting up
enabling of features based on MAJOR/MINOR without worrying about the
compiler not supporting given MAJOR/MINOR.
Also in TF-A we use generic instructions without much reliance or need
for exact march necessity. So enabling and building features from
armv-8.8 using an armv-8.5 march value is still going to be fine.
Please note: Platforms are free to freeze their march values using
`MARCH_DIRECTIVE`. In absence of this define we are going to poke
the compiler and come up with a potential march value.
Change-Id: I673061a269ec9018ff12e75dc375979f5e33b7d1
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
The FEAT_MTPMU feature disable runs very early after reset. This means,
it needs to be written in assembly, since the C runtime has not been
initialised yet.
However, there is no need for it to be initialised so soon. The PMU
state is only relevant after TF-A has relinquished control. The code
to do this is also very verbose and difficult to read. Delaying the
initialisation allows for it to happen with the rest of the PMU. Align
with FEAT_STATE in the process.
BREAKING CHANGE: This patch explicitly breaks the EL2 entry path. It is
currently unsupported.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I2aa659d026fbdb75152469f6d19812ece3488c6f
The enablement code for the PMU is scattered and difficult to track
down. Factor out the feature into its own lib/extensions folder and
consolidate the implementation. Treat it is as an architecturally
mandatory feature as it is currently.
Additionally, do some cleanup on AArch64. Setting overflow bits in
PMCR_EL0 is irrelevant for firmware so don't do it. Then delay the PMU
initialisation until the context management stage which simplifies the
early environment assembly. One side effect is that the PMU might count
before this happens so reset all counters to 0 to prevent any leakage.
Finally, add an enable to manage_extensions_realm() as realm world uses
the pmu. This introduces the HPMN fixup to realm world.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie13a8625820ecc5fbfa467dc6ca18025bf6a9cd3
Both march32-directive and march64-directive eventually generate the
same march option that will passed to compiler.
Merge this two separate directives to a common one as march-directive.
Change-Id: I220d2b782eb3b54e13ffd5b6a581d0e6da68756a
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Presently, we have an explicit section to add definitions, wherein
we evaluate the definitions after being overwritten by the platform.
To keep it aligned with this pattern, SVE_VECTOR_LEN is moved here.
Change-Id: Ia3373d954a7ee97980fe72d5a069e202352f25b1
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Presently, Makefile is unsystematic with no precise ordering
of configuration and commands.
This patch addresses this issue, by sorting and arranging the related
sections in an order, which helps in maintaining it precisely.
Further, this assists developers in identifying the concerned section
and add related changes appropriately with ease.
Additionally, SIMICS build option linked to Intel platform, has been
removed, as there is no platform specific support to utilise it.
[https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/16737]
Change-Id: I72c09905334f94f803cdfd85f56e2c9572f9b3ef
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
The cpu_macros.S file is loaded with lots of definitions for the cpu_ops
structure. However, since they are defined as .equ directives they are
inaccessible for C code. Convert them to #defines, put them into order,
refactor them for readability, and extract them to a separate file to
make this possible.
This has the benefit of removing some Aarch differences and a lot of
duplicate code.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I72861794b6c9131285a9297d5918822ed718b228
This patch enables CTX_INCLUDE_PAUTH_REGS for RME builds.
The RMM-EL3 specification is also updated to reflect the changes
and also version of the same is bumped from 0.1 to 0.2.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I2e96a592d2b75abaee24294240c1727c5ceba420
Make the symbol table produced by the memory mapping script more
readable. Add a generic interface for interacting with ELF binaries.
This interface enables us to get symbols that provide some insights into
TF-A's memory usage.
Change-Id: I6646f817a1d38d6184b837b78039b7465a533c5c
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
At the moment we only support FEAT_RAS to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (FEAT_RAS=2), by splitting
is_armv8_2_feat_ras_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access RAS related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_ras_supported() function to guard its execution.
Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.
Change-Id: I30498f72fd80b136850856244687400456a03d0e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
The current usage of RAS_EXTENSION in TF-A codebase is to cater for two
things in TF-A :
1. Pull in necessary framework and platform hooks for Firmware first
handling(FFH) of RAS errors.
2. Manage the FEAT_RAS extension when switching the worlds.
FFH means that all the EAs from NS are trapped in EL3 first and signaled
to NS world later after the first handling is done in firmware. There is
an alternate way of handling RAS errors viz Kernel First handling(KFH).
Tying FEAT_RAS to RAS_EXTENSION build flag was not correct as the
feature is needed for proper handling KFH in as well.
This patch breaks down the RAS_EXTENSION flag into a flag to denote the
CPU architecture `ENABLE_FEAT_RAS` which is used in context management
during world switch and another flag `RAS_FFH_SUPPORT` to pull in
required framework and platform hooks for FFH.
Proper support for KFH will be added in future patches.
BREAKING CHANGE: The previous RAS_EXTENSION is now deprecated. The
equivalent functionality can be achieved by the following
2 options:
- ENABLE_FEAT_RAS
- RAS_FFH_SUPPORT
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I1abb9ab6622b8f1b15712b12f17612804d48a6ec
* changes:
build!: check boolean flags are not empty
fix(build): add a default value for INVERTED_MEMMAP
fix(a5ds): add default value for ARM_DISABLE_TRUSTED_WDOG
fix(st-crypto): move flag control into source code
fix(stm32mp1): always define PKA algos flags
fix(stm32mp1): remove boolean check on PLAT_TBBR_IMG_DEF
With gcc-12 any lower address access can trigger a warning/error
this would be useful in other parts of system but in TF-A
there are various reasons to access to the lower address ranges,
example using mmio_read_*/writes_*
So setup to allow access to lower addresses while using gcc-12
Change-Id: Id1b4012b13bc6876d83b90a347fee12478a1921d
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Workaround to help enable the kernel to query errata status using the
errata abi feature for platforms with a non-arm interconnect.
Change-Id: I47b03eaee5a0a763056ae71883fa30dfacb9b3f7
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
This patch adds the errata management firmware interface for lower ELs
to discover details about CPU erratum. Based on the CPU erratum
identifier the interface enables the OS to find the mitigation of an
erratum in EL3.
The ABI can only be present in a system that is compliant with SMCCCv1.1
or higher. This implements v1.0 of the errata ABI spec.
For details on all possible return values, refer the design
documentation below:
ABI design documentation:
https://developer.arm.com/documentation/den0100/1-0?lang=en
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Change-Id: I70f0e2569cf92e6e02ad82e3e77874546232b89a
Currently, enabling SME forces SVE off. However, the SME enablement
requires SVE to be enabled, which is reflected in code. This is the
opposite of what the build flags require.
Further, the few platforms that enable SME also explicitly enable SVE.
Their platform.mk runs after the defaults.mk file so this override never
materializes. As a result, the override is only present on the
commandline.
Change it to something sensible where if SME is on then code can rely on
SVE being on too. Do this with a check in the Makefile as it is the more
widely used pattern. This maintains all valid use cases but subtly
changes corner cases no one uses at the moment to require a slightly
different combination of flags.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: If7ca3972ebc3c321e554533d7bc81af49c2472be
It is needed to check the validity of boolean flags with the updated
macro assert_boolean.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I185beb55606a4ca435d2fee2092fc61725859aa1
This patch introduces support to handle traps from lower ELs for
IMPDEF system register accesses. The actual support is left to the
platforms to implement.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I623d5c432b4ce4328b68f238c15b1c83df97c1e5
ENABLE_RME is set then SPD must either be spmd or it should not be set.
Add a rule to assert this.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I0556e7b0e55b04c3a8e4c20c991fbbc30486570c
FEAT_SME2 is an extension of FEAT_SME and an optional feature
from v9.2. Its an extension of SME, wherein it not only
processes matrix operations efficiently, but also provides
outer-product instructions to accelerate matrix operations.
It affords instructions for multi-vector operations.
Further, it adds an 512 bit architectural register ZT0.
This patch implements all the changes introduced with FEAT_SME2
to ensure that the instructions are allowed to access ZT0
register from Non-secure lower exception levels.
Additionally, it adds support to ensure FEAT_SME2 is aligned
with the existing FEATURE DETECTION mechanism, and documented.
Change-Id: Iee0f61943304a9cfc3db8f986047b1321d0a6463
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the current call stack without requiring a full stack
unwind. Enable access to this feature for EL2 and below, context
switching the newly added EL2 registers as appropriate.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I691aa7c22e3547bb3abe98d96993baf18c5f0e7b
Arm v8.9 introduces a series of features providing a new way to set memory
permissions. Instead of directly encoding the permissions in the page
tables the PTEs contain indexes into an array of permissions stored in
system registers, allowing greater flexibility and density of encoding.
Enable access to these features for EL2 and below, context switching the
newly added EL2 registers as appropriate. Since all of FEAT_S[12]P[IO]E
are separately discoverable we have separate build time options for
enabling them, but note that there is overlap in the registers that they
implement and the enable bit required for lower EL access.
Change the FVP platform to default to handling them as dynamic options so
the right decision can be made by the code at runtime.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: Icf89e444e39e1af768739668b505661df18fb234
Add support for runtime detection (ENABLE_SVE_FOR_NS=2), by splitting
sve_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SVE specific setup.
Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.
Change-Id: I1caaba2216e8e2a651452254944a003607503216
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Add support for runtime detection (ENABLE_SME_FOR_NS=2), by splitting
feat_sme_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SME specific setup.
Change the FVP platform default to the now supported dynamic option
(=2),so the right decision can be made by the code at runtime.
Change-Id: Ida9ccf737db5be20865b84f42b1f9587be0626ab
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
* changes:
feat(sc7280): add support for PSCI_OS_INIT_MODE
feat(fvp): enable support for PSCI OS-initiated mode
feat(psci): update PSCI_FEATURES
feat(psci): add support for OS-initiated mode
feat(psci): add support for PSCI_SET_SUSPEND_MODE
build(psci): add build option for OS-initiated mode
docs(psci): add design proposal for OS-initiated mode
So far we have the ENABLE_AMU build option to include AMU register
handling code for enabling and context switch. There is also an
ENABLE_FEAT_AMUv1 option, solely to protect the HAFGRTR_EL2 system
register handling. The latter needs some alignment with the new feature
scheme, but it conceptually overlaps with the ENABLE_AMU option.
Since there is no real need for two separate options, unify both into a
new ENABLE_FEAT_AMU name in a first step. This is mostly just renaming at
this point, a subsequent patch will make use of the new feature handling
scheme.
Change-Id: I97d8a55bdee2ed1e1509fa9f2b09fd0bdd82736e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
