* changes:
refactor(cpufeat): enable FEAT_VHE for FEAT_STATE_CHECKED
refactor(mpam): enable FEAT_MPAM for FEAT_STATE_CHECKED
feat(libc): add support for fallthrough statement
refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED
refactor(cpufeat): rename ENABLE_SPE_FOR_LOWER_ELS to ENABLE_SPE_FOR_NS
fix(spe): drop SPE EL2 context switch code
At the moment we only support FEAT_VHE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_FEAT_VHE=2), by splitting
is_armv8_1_vhe_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access VHE related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_vhe_supported() function to guard its execution.
Enable VHE in its runtime detection version for all FVP builds.
Change-Id: Ib397cd0c83e8c709bd6fed603560e39901fa672b
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_MPAM to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_MPAM_FOR_LOWER_ELS=2), by
splitting get_mpam_version() into an ID register reading
function and a second function to report the support status. That
function considers both build time settings and runtime information (if
needed), and is used before we access MPAM related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_mpam_supported() function to guard its execution.
ENABLE_MPAM_FOR_LOWER_ELS defaults to 0, so add a stub enable function
to cover builds with compiler optimisations turned off. The unused
mpam_enable() function call will normally be optimised away (because it
would never be called), but with -O0 the compiler will leave the symbol
in the object file.
Change-Id: I531d87cb855a7c43471f861f625b5a6d4bc61313
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_SPE_FOR_NS=2), by splitting
is_armv8_2_feat_spe_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access SPE related registers.
Previously SPE was enabled unconditionally for all platforms, change
this now to the runtime detection version.
Change-Id: I830c094107ce6a398bf1f4aef7ffcb79d4f36552
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL2.E2PB accordingly.
This should be reflected in the feature selection symbol, so rename that
to ENABLE_SPE_FOR_NS, to make it clearer that SPE is not supported in
the secure world.
Change-Id: I3f9b48eab1a45d6ccfcbb9c90a11eeb66867ad9a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL3.NSPB accordingly.
This also means that the secure world cannot use SPE, so there is no
need to context switch the PMSCR_EL2 register.
Drop the SPE bits from the EL2 context switch code. If any of the other
EL2 worlds wish to start using SPE, this can be brought back.
Change-Id: Ie0fedb2aeb722a2c9db316051fbbe57ca0e3c0c9
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the new registers.
Change the FVP platform to default to handling this as a dynamic option so
the right decision can be made by the code at runtime.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I297452acd8646d58bac64fc15e05b06a543e5148
get_cpu_ops_ptr asserts that it didn't get 0 for a cpu_ops pointer. Its
callers don't need to do the same.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I547ac592949f74e153ef161015326f64aead2f28
The cpu-ops makefile has errata flag definition and flag processing done
per flag in separate parts in the file. Rework this to make a list and
do this in a much more concise way.
To ensure no flags were missed, a bash script [1] was used to verify all
errata flags made it across. Only the first few flags with different
naming were checked manually.
[1]:
sed -n "s/CPU_FLAG_LIST += ERRATA_\(.*\)/\1/p" lib/cpus/cpu-ops.mk > \
/tmp/new
git checkout origin/master
sed -n "s/ERRATA_\([[:alnum:]_-]*\)\s*?=0/\1/p" lib/cpus/cpu-ops.mk > \
/tmp/old
diff /tmp/old /tmp/new
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I3b88af46838cc26f42d2c66b31f96c0855fa406c
BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).
BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.
Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Neoverse V1 erratum 2743233 is a Cat B erratum that applies to
all revisions <= r1p2 and is still open.
The workaround sets CPUACTLR5_EL1[56:55] to 2'b01.
SDEN documentation: https://developer.arm.com/documentation/SDEN1401781/latest
Change-Id: If51a6f4293fa8b5b35c44edd564ebb715ba309a1
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Cortex-A78C erratum 2779484 is a Cat B erratum that applies to
revisions r0p1 and r0p2 and is still open.
The workaround is to set the CPUACTLR3_EL1[47] bit to 1. Setting this
bit might have a small impact on power and negligible impact on
performance.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2004089/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I9a8c16a845c3ba6eb2f17a5119aa6ca09a0d27ed
Cortex-A78 erratum 2742426 is a Cat B erratum that applies to
all revisions <= r1p2 and is still open.
The workaround is to set the CPUACTLR5_EL1[56:55] to 2'b01.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1401784/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I42506a87d41c9e2b30bc78c08d22f36e1f9635c1
* changes:
refactor(trf): enable FEAT_TRF for FEAT_STATE_CHECKED
refactor(brbe): enable FEAT_BRBE for FEAT_STATE_CHECKED
refactor(trbe): enable FEAT_TRBE for FEAT_STATE_CHECKED
fix(cpufeat): context-switch: move FGT availability check to callers
feat(cpufeat): extend check_feature() to deal with min/max
refactor(cpufeat): wrap CPU ID register field isolation
At the moment we only support FEAT_TRF to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_TRF_FOR_NS=2), by splitting
is_feat_trf_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access TRF related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_trf_supported() function to guard its execution.
The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_TRF is an ARMv8.4 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: Ia97b01adbe24970a4d837afd463dc5506b7295a3
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_BRBE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_BRBE_FOR_NS=2), by splitting
is_feat_brbe_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access BRBE related registers.
The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_BRBE is an ARMv9 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: I5f2e2c9648300f65f0fa9a5f8e2f34e73529d053
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_TRBE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_TRBE_FOR_NS=2), by splitting
is_feat_trbe_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access TRBE related registers.
The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_TRBE is an ARMv9 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: Iee7f88ea930119049543a8a4a105389997e7692c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To be inline with other features, and to allow the availability to be
checked for different contexts, move the FGT availability check out of
the save/restore functions. This is instead now checked at the caller.
Change-Id: I96e0638714f9d1b6fdadc1cb989cbd33bd48b1f6
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
feat(stm32mp1): add mbedtls-3.3 support config
refactor(fvp): minor cleanup with TRUSTED_BOARD_BOOT
style(crypto): add braces for if statement
feat(fvp): increase BL1_RW and BL2 size
feat(mbedtls): add support for mbedtls-3.3
refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options
refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE
Currently we include MBEDTLS_CONFIG_FILE directly and if a custom
config file is used it will included.
However from mbedtls-3.x onwards it discourages usage of
MBEDTLS_CONFIG_FILE include directly, so to resolve this and keep 2.28
compatibility include version.h which would include the custom config
file if present and also would expose us with mbedtls-major-version
number which could be used for selecting features and functions for
mbedtls 2.28 or 3.3
Change-Id: I029992311be2a38b588ebbb350875b03ea29acdb
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Some of our specialized sections are not prefixed with the conventional
period. The compiler uses input section names to derive certain other
section names (e.g. `.rela.text`, `.relacpu_ops`), and these can be
difficult to select in linker scripts when there is a lack of a
delimiter.
This change introduces the period prefix to all specialized section
names.
BREAKING-CHANGE: All input and output linker section names have been
prefixed with the period character, e.g. `cpu_ops` -> `.cpu_ops`.
Change-Id: I51c13c5266d5975fbd944ef4961328e72f82fc1c
Signed-off-by: Chris Kay <chris.kay@arm.com>
This file provides __aeabi_memclr8 builtin which the Ubuntu 22.04
version of clang 14 needs to compile. Add it to prevent this oddity from
failing the build.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Id67aa0abba4a27c51b3ed6bb1be84b4e803b44bf
There are a variety of code styles used by the various linker scripts
around the code-base. This change brings them in line with one another
and attempts to make the scripts more friendly for skim-readers.
Change-Id: Ibee2afad0d543129c9ba5a8a22e3ec17d77e36ea
Signed-off-by: Chris Kay <chris.kay@arm.com>
* changes:
feat(spmd): map SPMC manifest region as EL3_PAS
feat(fvp): update device tree with load addresses of TOS_FW config
refactor(fvp): rename the DTB info structure member
feat(fconf): rename 'ns-load-address' to 'secondary-load-address'
Enable SCXTNUM_ELx access for lower ELs in non-secure state.
Make realm context setup take this build flag into account but enable it
by default when RME is used.
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Change-Id: Ieb0186b2fdffad464bb9316fc3973772c9c28cd0
Adding AP/RSS interface for retrieving and incrementing non-volatile
counters.
The read interface implements the psa_call:
psa_call(RSS_PLATFORM_SERVICE_HANDLE,
RSS_PLATFORM_API_ID_NV_READ,
in_vec, 1, out_vec, 1);
where the in_vec indicates which of the 3 counters we want, and the
out_vec stores the counter value we get back from RSS.
The increment interface implements the psa_call:
psa_call(RSS_PLATFORM_SERVICE_HANDLE,
RSS_PLATFORM_API_ID_NV_INCREMENT,
in_vec, 1, (psa_outvec *)NULL, 0);
where, again, in_vec indicates the counter to increment, and we don't
get any output parameter from RSS.
Through this service, we will be able to get/increment any of the 3 NV
counters used on a CCA platform:
- NV counter for CCA firmware (BL2, BL31, RMM).
- NV counter for secure firmware.
- NV counter for non-secure firmware.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Signed-off-by: Raef Coles <raef.coles@arm.com>
Change-Id: I4c1c7f4837ebff30de16bb0ce7ecd416b70b1f62
The 'ns-load-address' property has been renamed to 'secondary-load-
address' in order to make it more generic. It can be used to copy
the configuration to any location, be it root, secure, or non-secure.
Change-Id: I122508e155ccd99082296be3f6b8db2f908be221
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This adds the ability to load the OP-TEE image via an SMC called from
non-secure userspace rather than loading it during boot. This should
only be utilized on platforms that can ensure security is maintained up
until the point the SMC is invoked as it breaks the normal barrier
between the secure and non-secure world.
Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
Change-Id: I21cfa9699617c493fa4190f01d1cbb714e7449cc
Cortex-A510 erratum 2684597 is a Cat B erratum that applies to revisions
r0p0, r0p1, r0p2, r0p3, r1p0, r1p1 and r1p2. It is fixed in r1p3. The
workaround is to execute a TSB CSYNC and DSB before executing WFI for
power down.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1873361/latesthttps://developer.arm.com/documentation/SDEN1873351/latest
Change-Id: Ic0b24b600bc013eb59c797401fbdc9bda8058d6d
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
A processing element should never return from a wfi, however, due to a
hardware bug, certain CPUs may wake up because of an external event.
This patch tightens the behaviour of the common power down sequence, it
ensures the routine never returns by entering a wfi loop at its end. It
aligns with the behaviour of the platform implementations.
Change-Id: I36d8b0c64eccb71035bf164b4cd658d66ed7beb4
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
With "ENABLE_MPAM_FOR_LOWER_ELS" and "CTX_INCLUDE_EL2_REGS" build
options enabled, MPAM EL2 registers would be saved/restored as part of
context management. Context save/restore routines as of now would
proceed to access all of MPAM EL2 registers without any runtime checks.
MPAM specification states that MPAMHCR_EL2 should only be accessed if
MPAMIDR_EL1.HAS_HCR is "1". Likewise, MPAMIDR_EL1.VPMR_MAX has to be
probed to obtain the maximum supported MPAMVPM<x>_EL2 before accessing
corresponding MPAMVPM<x>_EL2 registers. Since runtime checks are not
being made, an exception would be raised if the platform under test
doesn't support one of the registers. On Neoverse reference design
platforms, an exception is being raised while MPAMVPM2_EL2 or above are
accessed. Neoverse reference design platforms support only registers
till MPAMVPM1_EL2 at this point.
To resolve this, add sufficient runtime checks in MPAM EL2 context
save/restore routines. As part of the new save/restore routines,
MPAMIDR_EL1.HAS_HCR and MPAMIDR_EL1.VPMR_MAX are probed for the right
set of registers to be saved and restored.
CC: Davidson Kumaresan <davidson.kumaresan@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I2e3affd23091023b287b2bd5057a4a549037b611
* changes:
fix(libc): remove __putchar alias
fix(console): correct scopes for console symbols
fix(auth): use NULL instead of 0 for pointer check
fix(io): compare function pointers with NULL
fix(fdt-wrappers): use correct prototypes
Neoverse V1 erratum 2779461 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open.
The workaround sets CPUACTLR3_EL1[47] bit to 1. Setting this
bit might have a small impact on power and negligible impact
on performance.
SDEN documentation:https://developer.arm.com/documentation/SDEN1401781/latest
Change-Id: I367cda1779684638063d7292fda20ca6734e6f10
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Cortex-A78 erratum 2779479 is a Cat B erratum that applies to
all revisions <= r1p2 and is still open.
The workaround is to set the CPUACTLR3_EL1[47] bit to 1. Setting this
bit might have a small impact on power and negligible impact
on performance.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1401784/latest
Change-Id: I3779fd1eff3017c5961ffa101b357918070b3b36
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
