Add information about Versal platform for TSP and provide
the build commands.
Change-Id: I7106ab477a881c58e1c45863bd6854d188982282
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Add details about RAS error handling philosophies and its implementation
It also updates the tests introduced to verify them.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iedc8c1e713dad05baadd58e5752df36fa00121a7
This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
internal macro FFH_SUPPORT which gets enabled when platforms wants
to enable lower EL EA handling at EL3. The internal macro FFH_SUPPORT
will be automatically enabled if HANDLE_EA_EL3_FIRST_NS is enabled.
FFH_SUPPORT along with ENABLE_FEAT_RAS will be used in source files
to provide equivalent check which was provided by RAS_FFH_SUPPORT
earlier. In generic code we needed a macro which could abstract both
HANDLE_EA_EL3_FIRST_NS and RAS_FFH_SUPPORT macros that had limitations.
Former was tied up with NS world only while the latter was tied to RAS
feature.
This is to allow Secure/Realm world to have their own FFH macros
in future.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5692ccbf462f5dcc3f005a5beea5aa35124ac73
As part of migrating RAS extension to feature detection mechanism, the
macro ENABLE_FEAT_RAS was allowed to have dynamic detection (FEAT_STATE
2). Considering this feature does impact execution of EL3 and we need
to know at compile time about the presence of this feature. Do not use
dynamic detection part of feature detection mechanism.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I23858f641f81fbd81b6b17504eb4a2cc65c1a752
As the SEL2 SPMC design doc is migrated to Hafnium tree, remove the
reference to this implementation from TF-A's SPM-MM doc.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I1609c7d1d098420412dffc7b1309cc9c11502f8a
* changes:
docs: mark PSA_CRYPTO as an experimental feature
feat(fvp): increase BL1 RW area for PSA_CRYPTO implementation
feat(mbedtls-psa): mbedTLS PSA Crypto with ECDSA
* changes:
fix(cpus): fix the rev-var of Neoverse-V1
fix(errata-abi): update the Neoverse-N2 errata ABI struct
fix(errata-abi): update the neoverse-N1 errata ABI struct
fix(cpus): fix the rev-var of Cortex-X2
fix(errata-abi): update the Cortex-A78C errata ABI struct
fix(cpus): update the rev-var for Cortex-A78AE
fix(errata-abi): update the Cortex-A76 errata ABI struct
fix(cpus): fix the rev-var for Cortex-A710
Updated the 'Deprecated Platforms' table to reflect that the
deletion of sgi575 and rdn1Edge is still unconfirmed.
Change-Id: Ie8e8af55a735f624f5ee604d75bb497d870620cd
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updated the documentation to mark PSA_CRYPTO as an experimental
feature.
Change-Id: I894b687d6727fe7f80df54e6b08937e171f459b6
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Restricts MPAM to only NS world and enables trap to EL3 for access of
MPAM registers from lower ELs of Secure and Realm world.
This patch removes MPAM enablement from global context and adds it to
EL3 State context which enables/disables MPAM during world switches.
Renamed ENABLE_MPAM_FOR_LOWER_ELS to ENABLE_FEAT_MPAM and
removed mpam_init_el3() as RESET behaviour is trapping.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I131f9dba5df236a71959b2d425ee11af7f3c38c4
Cortex-A510 erratum 2080326 is a Cat B erratum that applies
to all revisions <= r0p2 and is fixed in r0p3.
The workaround sequence helps perform a DSB after each TLBI
instruction and can be applied only for version r0p2 and has
minimal performance impact.
The workaround is not applicable for versions < r0p2.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1873361/latest
Change-Id: Ib9bce8b711c25a79f7b2f891ae6f8b366fc80ddd
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Update the revision and variant information in the
errata ABI file, neoverse_v1.S file for erratum ID - 2294912
to match the revision and variant in the latest SDEN.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1401781/latest
Change-Id: I38a0f53c3515860ba442b5c0872c8ab051fdda6f
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Update the revision and variant information in the
errata ABI file, cortex_X2.S file for erratum ID - 2058056
to match the revision and variant in the latest SDEN.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775100/latest
Change-Id: I28ee39949d977c53d6f5243100f0c29bc3c0428c
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Update the revision and variant information in the
cortex_a78_ae.s and errata ABI file for erratum ID - 2376748
based on the latest SDEN.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1707912/latest
Change-Id: I082aac41adf717b0d5d59046a8933a3f5a3de94f
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Update the revision and variant information in the
errata ABI file, cortex_A710.S file for erratum ID - 2058056
and erratum ID - 2055002 to match the revision and variant
in the latest SDEN.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775101/latest
Change-Id: Ie010dae90dabf8670f588a06f9a606cf41e22afa
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
TF-A is no more in charge of configuring OP-TEE shared memory.
Set the STM32MP15_OPTEE_RSV_SHM flag as deprecated (as well as the code
depending on it).
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I863d9a1e45e0bfc2f45d9bd84b90d626738934ab
Adding the possible key sizes for the ecdsa key algorithm.
Change-Id: I58947bc749fed911766a1462a0c2ba520b8f7c69
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Introduce a build flag for enabling the support for loading SEL0 SP in
EL3 SPMC.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I1d63ae4d0d8374a732113565be90d58861506e39
The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A. It is dangerous to keep that feature enabled if not
strictly necessary, especially in production firmware builds.
Thus, we need a way to disable this feature. Moreover, when it is
disabled, all related code should be eliminated from the firmware
binaries, such that no remnant/dead getc() code remains in memory,
which could otherwise be used as a gadget as part of a bigger security
attack.
This patch disables getc() feature by default. For legitimate getc()
use cases [1], it can be explicitly enabled by building TF-A with
ENABLE_CONSOLE_GETC=1.
The following changes are introduced when getc() is disabled:
- The multi-console framework no longer provides the console_getc()
function.
- If the console driver selected by the platform attempts to register
a getc() callback into the multi-console framework then TF-A will
now fail to build.
If registered through the assembly function finish_console_register():
- On AArch64, you'll get:
Error: undefined symbol CONSOLE_T_GETC used as an immediate value.
- On AArch32, you'll get:
Error: internal_relocation (type: OFFSET_IMM) not fixed up
If registered through the C function console_register(), this requires
populating a struct console with a getc field, which will trigger:
error: 'console_t' {aka 'struct console'} has no member named 'getc'
- All console drivers which previously registered a getc() callback
have been modified to do so only when ENABLE_CONSOLE_GETC=1.
[1] Example of such use cases would be:
- Firmware recovery: retrieving a golden BL2 image over the console in
order to repair a broken firmware on a bricked board.
- Factory CLI tool: Drive some soak tests through the console.
Discussed on TF-A mailing list here:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/YS7F6RCNTWBTEOBLAXIRTXWIOYINVRW7/
Change-Id: Icb412304cd23dbdd7662df7cf8992267b7975cc5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Updating toolchain to the latest production release version
12.3.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
We build TF-A in CI using x86_64 Linux hosted cross toolchains:
---------------------------------------------------------------
* AArch32 bare-metal target (arm-none-eabi)
* AArch64 bare-metal target (aarch64-none-elf)
Change-Id: Ifcabb7fb9d8e13b87e164c3c1be8c8d32c31b49a
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
* changes:
feat(mbedtls-psa): use PSA crypto API during signature verification
feat(mbedtls-psa): use PSA crypto API during hash calculation
feat(mbedtls-psa): use PSA crypto API for hash verification
feat(mbedtls-psa): initialise mbedtls psa crypto
feat(mbedtls-psa): register an ad-hoc PSA crypto driver
feat(mbedtls-psa): introduce PSA_CRYPTO build option
docs(changelog): add scope for MbedTLS PSA Crypto
- Fix the name of the user account under which the CI bot posts
review comments.
- The CI has now transitioned to trustedfirmware.org so CI results
are publically accessible.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I53dd93e200c9e119b5df6bbaf2644485cde57ce5
Cortex-X3 erratum 2070301 is a Cat B erratum that applies to all
revisions <= r1p2 and is still open.
The workaround is to write the value 4'b1001 to the PF_MODE bits
in the IMP_CPUECTLR2_EL1 register. This places the data prefetcher
in the most conservative mode instead of disabling it.
SDEN documentation:
https://developer.arm.com/documentation/2055130/latest
Change-Id: I337c4c7bb9221715aaf973a55d0154e1c7555768
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
This is a preparatory patch to provide MbedTLS PSA Crypto
API support, with below changes -
1. Added a build macro PSA_CRYPTO to enable the MbedTLS PSA
Crypto API support in the subsequent patches.
2. Compile necessary PSA crypto files from MbedTLS source code
when PSA_CRYPTO=1.
Also, marked PSA_CRYPTO as an experimental feature.
Change-Id: I45188f56c5c98b169b2e21e365150b1825c6c450
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch enables Scalable Matrix Extension (SME) for RMM. RMM will
save/restore required registers that are shared with SVE/FPU register
state so that Realm can use FPU or SVE.
The Relevant RMM support can be found here :
https://github.com/TF-RMM/tf-rmm/commit/0ccd7ae58b00
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I3bbdb840e7736dec00b71c85fcec3d5719413ffd
Update version and release schedule for the upcoming TF-A
release v2.10.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I505fbb034a74ce1cc6bc20efdd26803e6fb8c0c1
Revise the AST2700 boot flow to the RESET_TO_BL31 scheme.
The execution of BL1/2 can be saved from ARM CA35 while most
low level platform initialization are moved to a preceding MCU.
This patch updates the build configuration and also adds
the SMP mailbox setup code to hold secondary cores until
they are being waken up.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Change-Id: I7e0aa6416b92b97036153db1d9a26baaa41b7b18
Rather than returning 0 or 1, the above function returns bool false
or true. No functional change.
Change-Id: Iea904ffc368568208fa8203e0d2e0cdaa500b1e0
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Add transfer list APIs and firmware handoff build option.
Change-Id: I68a0ace22c7e50fcdacd101eb76b271d7b76d8ff
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Add pkcs11 engine support which allows using keys that are securely
stored on a HSM or TPM. To use this feature the user has to supply
an RFC 7512 compliant PKCS11 URI to a key instead of a file as an
argument to one of the key options. This change is fully backwards
compatible.
This change makes use of the openssl engine API which is deprecated
since openssl 3.0 and will most likely be removed in version 4. So
pkcs11 support will have to be updated to the openssl provider API
in the near future.
Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Change-Id: If96725988ca62c5613ec59123943bf15922f5d1f
Neoverse V2 erratum 2743011 is a Cat B erratum that applies to
all revisions <= r0p1 and is fixed in r0p2. The workaround is to
set CPUACTLR5_EL1[56:55] to 2'b01.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2332927/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I0e06ca723a1cce51fb027b7160f3dd06a4c93e64
Neoverse V2 erratum 2779510 is a Cat B erratum that applies to
all revisions <= r0p1 and is fixed in r0p2. The workaround is to
set bit[47] of CPUACTLR3_EL1 which might have a small impact on
power and negligible impact on performance.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2332927/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I6d937747bdcbf2913a64c4037f99918cbc466e80
Neoverse V2 erratum 2719105 is a Cat B erratum that applies to all
revisions <= r0p1 and is fixed in r0p2.
The erratum is avoided by setting CPUACTLR2_EL1[0] to 1 to force
PLDW/PFRM ST to behave like PLD/PRFM LD and not cause invalidations
to other PE caches. There might be a small performance degradation
to this workaround for certain workloads that share data.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2332927/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Id026edcb7ee1ca93371ce0001d18f5a8282c49ba
