Commit 71c4443886ff ("fix(lib/rmm_el3_ifc): add console name to checksum
calculation") on TF-RMM updated the checksum calcualtion of the RMM
manifest to include the console names.
Include console names in the QEMU manifest to remain compatible with
RMM, just like commit aa99881d30 ("fix(rme): add console name to
checksum calculation") did for FVP.
Checksum calculation is done by adding together 64-bit values. Add a
helper that does this.
Change-Id: Ica6cab628160593830270bef1acdeb475d1c0c36
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
* changes:
feat(smccc): implement SMCCC_ARCH_FEATURE_AVAILABILITY
refactor(cm): clean up per-world context
refactor(cm): change owning security state when a feature is disabled
Move platform.mk inclusion in top level Makefile to permit a platform
specifying BRANCH_PROTECTION option.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I1f662f82cd949eedfdbb61b9f66de15c46fb3106
Similarly to BL1 and BL31, use EL3_PAS macro from xlat_tables header
(depends on ENABLE_RME) in BL2 to define MAP_BL2_TOTAL.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I59a3b297efd2eacd082a297de6b579b7c9052883
print ni-tower discovery tree to understand ni-tower hierarchy which
might be useful during debugging.
Change-Id: Ib49fef9c63f7740e04b4d8371c1083bd040f6e09
Signed-off-by: Jagdish Gediya <jagdish.gediya@arm.com>
Signed-off-by: Icen.Zeyada <Icen.Zeyada2@arm.com>
Set console baurate to 38400 for fvp as well for code
simplicity.
Change-Id: I58ba6b7043541f6eb67e32257307da4eba0bb28a
Signed-off-by: Jagdish Gediya <jagdish.gediya@arm.com>
Signed-off-by: Icen.Zeyada <Icen.Zeyada2@arm.com>
remove redundant macro UARTCLK_FREQ and replace it with TC_UARTCLK
in dts.
Change-Id: Id463a9ddc1588278e552ffca3dfb738676229ce7
Signed-off-by: Jagdish Gediya <jagdish.gediya@arm.com>
Signed-off-by: Icen.Zeyada <Icen.Zeyada2@arm.com>
SMCCC_ARCH_FEATURE_AVAILABILITY [1] is a call to query firmware about
the features it is aware of and enables. This is useful when a feature
is not enabled at EL3, eg due to an older FW image, but it is present in
hardware. In those cases, the EL1 ID registers do not reflect the usable
feature set and this call should provide the necessary information to
remedy that.
The call itself is very lightweight - effectively a sanitised read of
the relevant system register. Bits that are not relevant to feature
enablement are masked out and active low bits are converted to active
high.
The implementation is also very simple. All relevant, irrelevant, and
inverted bits combined into bitmasks at build time. Then at runtime the
masks are unconditionally applied to produce the right result. This
assumes that context managers will make sure that disabled features
do not have their bits set and the registers are context switched if
any fields in them make enablement ambiguous.
Features that are not yet supported in TF-A have not been added. On
debug builds, calling this function will fail an assert if any bits that
are not expected are set. In combination with CI this should allow for
this feature to to stay up to date as new architectural features are
added.
If a call for MPAM3_EL3 is made when MPAM is not enabled, the call
will return INVALID_PARAM, while if it is FEAT_STATE_CHECK, it will
return zero. This should be fairly consistent with feature detection.
The bitmask is meant to be interpreted as the logical AND of the
relevant ID registers. It would be permissible for this to return 1
while the ID returns 0. Despite this, this implementation takes steps
not to. In the general case, the two should match exactly.
Finally, it is not entirely clear whether this call replies to SMC32
requests. However, it will not, as the return values are all 64 bits.
[1]: https://developer.arm.com/documentation/den0028/galp1/?lang=en
Co-developed-by: Charlie Bareham <charlie.bareham@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1a74e7d0b3459b1396961b8fa27f84e3f0ad6a6f
In preparation for SMCCC_ARCH_FEATURE_AVAILABILITY, it is useful for
context to be directly related to the underlying system. Currently,
certain bits like SCR_EL3.APK are always set with the understanding that
they will only take effect if the feature is present.
However, that is problematic for SMCCC_ARCH_FEATURE_AVAILABILITY (an
SMCCC call to report which features firmware enables), as simply reading
the enable bit may contradict the ID register, like the APK bit above
for a system with no Pauth present.
This patch is to clean up these cases. Add a check for PAuth's presence
so that the APK bit remains unset if not present. Also move SPE and TRBE
enablement to only the NS context. They already only enable the features
for NS only and disable them for Secure and Realm worlds. This change
only makes these worlds' context read 0 for easy bitmasking.
There's only a single snag on SPE and TRBE. Currently, their fields have
the same values and any world asymmetry is handled by hardware. Since we
don't want to do that, the buffers' ownership will change if we just set
the fields to 0 for non-NS worlds. Doing that, however, exposes Secure
state to a potential denial of service attack - a malicious NS can
enable profiling and call an SMC. Then, the owning security state will
change and since no SPE/TRBE registers are contexted, Secure state will
start generating records. Always have NS world own the buffers to
prevent this.
Finally, get rid of manage_extensions_common() as it's just a level of
indirection to enable a single feature.
Change-Id: I487bd4c70ac3e2105583917a0e5499e0ee248ed9
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
This resolves Dependabot vulnerability alert #19, resolving a DoS issue
in a dependency of pytest.
Change-Id: I2959da88d3d0422e15d25df5820dfd91f474d6ca
Signed-off-by: Chris Kay <chris.kay@arm.com>
SPE and TRBE don't have an outright EL3 disable, there are only
constraints on what's allowed. Since we only enable them for NS at the
moment, we want NS to own the buffers even when the feature should be
"disabled" for a world. This means that when we're running in NS
everything is as normal but when running in S/RL then tracing is
prohibited (since the buffers are owned by NS). This allows us to fiddle
with context a bit more without having to context switch registers.
Change-Id: Ie1dc7c00e4cf9bcc746f02ae43633acca32d3758
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
The combination of ENABLE_RME=1 + ENABLE_PIE=1 build options is
prevented currently for no good reason. ENABLE_PIE in a 4 worlds
configuration is mostly for building BL31 with PIE support.
BL1 / BL2 (BL2_RUNS_AT_EL3=1) remain non-PIE. BL32 (TSP) is PIE capable
but typically unused in this configuration. TRP doesn't support PIE
but is loaded in place so isn't affected by this option.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ia60e295534a92cb1b4e3eb88b3e240aea4f4fe1d
This is a small change adding accessor functions for the Debug Power
Control register (DBGPRCR_EL1) to the common architectural helpers.
Change-Id: I72261fbf0395d900347b46af320093ed946aa73d
Signed-off-by: Chris Kay <chris.kay@arm.com>
* changes:
feat(mbedtls): optimize SHA256 for reduced memory footprint
refactor(arm): rename ARM_ROTPK_HEADER_LEN
docs(arm): update docs to reflect rotpk key changes
feat(arm): use provided algs for (swd/p)rotpk
feat(arm): use the provided hash alg to hash rotpk
By default, the ECDSA Brainpool regular and ECDSA Brainpool twisted
algorithms support 256-bit sized keys. Not defining this leads to
an error indicating that '256' is not a valid key size for ECDSA
Brainpool. KEY_SIZES matrix must have a value in its table to avoid
problems when KEY_SIZE is defined.
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Change-Id: I34886659315f59a9582dcee1d92d0e24d4a4138e
Set MBEDTLS_SHA256_SMALLER as the default mbedTLS configuration
to minimize memory usage, trading off some processing speed for
a smaller footprint.
Change-Id: Ibfa6e115a0ed94096b9acdd9e237f3fb5457071d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This variable had a misleading name, as it is the length
of the header only when the ROTPK is a hash.
Also rename arm_rotpk_header to match the new pattern.
Change-Id: I36c29998eebf50c356a6ca959ec9223c8837b540
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
The hashing algorithm for the rotpk is now HASH_ALG,
not always sha-256. The public development keys are
no longer in the repository and are now generated at
run-time, updates the documentation to reflect this.
Change-Id: Ic336f7aca858e9b6a1af6d6e6dc5f4aa428da179
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
No longer hard code SHA-256 hashed rsa dev keys,
now the keys can use pair of key alg: rsa, p256, p384
and hash alg: sha256, sha384, sha512.
All public keys are now generated at build-time from the dev
keys.
Change-Id: I669438b7d1cd319962c4a135bb0e204e44d7447e
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
No longer hard code SHA-256 hashed dev rotpks, instead
use the algorithm given by HASH_ALG. This means that
we no longer need the plat_arm_configs (once the protpk and
swd_rotpk are also updated to use HASH_ALG).
The rot public key is now generated at build time, as is
the header for the key.
Also support some default 3k and 4k RSA keys.
Change-Id: I33538124aeb4fa7d67918d878d17f2a84d3a6756
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
* changes:
fix(versal2): typecast operands to match data type
fix(versal): typecast operands to match data type
fix(versal-net): typecast operands to match data type
fix(xilinx): typecast operands to match data type
fix(zynqmp): typecast operands to match data type
fix(versal-net): typecast operands to match data type
fix(versal): typecast operands to match data type
fix(xilinx): typecast operands to match data type
fix(zynqmp): typecast operands to match data type
fix(versal2): typecast expressions to match data type
fix(versal-net): typecast expressions to match data type
fix(versal): typecast expressions to match data type
fix(xilinx): typecast expressions to match data type
fix(zynqmp): typecast expressions to match data type
fix(zynqmp): align essential type categories
fix(zynqmp): typecast expression to match data type
fix(xilinx): typecast expression to match data type
Commit a6485b2 ("refactor(delay-timer): add timer callback
functions") introduced a requirement for timer-related APIs
to have a timer object initialized before use. This caused
assertion failures in SMMU routines on Neoverse platforms,
as they relied on timer APIs.
Resolve this issue by initializing the timer early during
platform boot to set up the timer_ops object properly.
Change-Id: I3d9ababdb7897185f23e9ccf982b9aab6c666b8c
Signed-off-by: Sammit Joshi <sammit.joshi@arm.com>
This corrects the MISRA violation C2012-10.3:
The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.
Change-Id: I37ec9f8d716347df9acea5eb084f5a423a32a058
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-10.3:
The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.
Change-Id: Ie82297e7eb5faa5d45b1a613c59516052e0c5ecb
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-10.3:
The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.
Change-Id: Ie2d32d5554d251cde8a9c8b7c7a85666ea505a15
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-10.3:
The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.
Change-Id: I1606422aadfd64b283fd9948b6dadcddecdf61e0
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-10.3:
The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.
Change-Id: I141fbc554265173df0ca90c2ddc7f28137c6b0f1
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-10.1:
Operands shall not be of an inappropriate essential type.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.
Change-Id: If0a6ffa84c4d1ce5ae08337a4eb20c9a221d7795
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-10.1:
Operands shall not be of an inappropriate essential type.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.
Change-Id: I41b08349fc6023458ffc6e126f58293a9ef37422
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-10.1:
Operands shall not be of an inappropriate essential type.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.
Change-Id: I675f1b2ac408b70a9ca307fb5161ebb8e597897c
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-10.1:
Operands shall not be of an inappropriate essential type.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.
Change-Id: I016f9df3811d80cd230257b5533d4d15a15fe14f
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-10.4:
Both operands of an operator in which the usual arithmetic
conversions are performed shall have the same essential type
category.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.
Change-Id: Ia352e3cf261b52777c1c431701e1e6c3be9cd279
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
