This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
internal macro FFH_SUPPORT which gets enabled when platforms wants
to enable lower EL EA handling at EL3. The internal macro FFH_SUPPORT
will be automatically enabled if HANDLE_EA_EL3_FIRST_NS is enabled.
FFH_SUPPORT along with ENABLE_FEAT_RAS will be used in source files
to provide equivalent check which was provided by RAS_FFH_SUPPORT
earlier. In generic code we needed a macro which could abstract both
HANDLE_EA_EL3_FIRST_NS and RAS_FFH_SUPPORT macros that had limitations.
Former was tied up with NS world only while the latter was tied to RAS
feature.
This is to allow Secure/Realm world to have their own FFH macros
in future.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5692ccbf462f5dcc3f005a5beea5aa35124ac73
As part of migrating RAS extension to feature detection mechanism, the
macro ENABLE_FEAT_RAS was allowed to have dynamic detection (FEAT_STATE
2). Considering this feature does impact execution of EL3 and we need
to know at compile time about the presence of this feature. Do not use
dynamic detection part of feature detection mechanism.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I23858f641f81fbd81b6b17504eb4a2cc65c1a752
For synchronization of errors at exception boundries TF-A uses "esb"
instruction with FEAT_RAS or "dsb" and "isb" otherwise. The problem
with esb instruction is, along with synching errors it might also
consume the error, which is not ideal in all scenarios. On the other
hand we can't use dsb always as its in the hot path.
To solve above mentioned problem the best way is to use FEAT_IESB
feature which provides controls to insert an implicit Error
synchronization event at exception entry and exception return.
Assumption in TF-A is, if RAS Extension is present then FEAT_IESB will
also be present and enabled.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5861eec5da4028a116406bb4d1fea7dac232456
Vector entries in EL3 from lower ELs, first check for any pending
async EAs from lower EL before handling the original exception.
This happens when there is an error (EA) in the system which is not
yet signaled to PE while executing at lower EL. During entry into EL3
the errors (EA) are synchronized causing async EA to pend at EL3.
On detecting the pending EA (via ISR_EL1.A) EL3 either reflects it back
to lower EL (KFH) or handles it in EL3 (FFH) based on EA routing model.
In case of Firmware First handling mode (FFH), EL3 handles the pended
EA first before returing back to handle the original exception.
While in case of Kernel First handling mode (KFH), EL3 will return back
to lower EL without handling the original exception. On returing to
lower EL, EA will be pended. In KFH mode there is a risk of back and
forth between EL3 and lower EL if the EA is masked at lower EL or
priority of EA is lower than that of original exception. This is a
limitation in current architecture but can be solved in future if EL3
gets a capability to inject virtual SError.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I3a2a31de7cf454d9d690b1ef769432a5b24f6c11
Make interprets lines prefixed with the tab characters as recipes
(commands to run in the shell). Convert the use of ifdef as this
incorrectly interprets when a flag is disabled i.e.
`ENABLE_FEAT_MPAM=0`.
Change-Id: I5173d18a20ef0e3ffc32f0ffb1e70dc30aa4c4a9
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Disable FEAT_MPAM support for Aarch32 as it is not supported, following
[1]. ENABLE_FEAT_MPAM is set to 2 by default for Aarch64 in
arch_features.mk, eliminating the need for duplication in the platform
makefile.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/23710
Change-Id: I1c8b6844254e00e6372900f1c87f995f292ae65c
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Currently, EL3 context registers are duplicated per-world per-cpu.
Some registers have the same value across all CPUs, so this patch
moves these registers out into a per-world context to reduce
memory usage.
Change-Id: I91294e3d5f4af21a58c23599af2bdbd2a747c54a
Signed-off-by: Elizabeth Ho <elizabeth.ho@arm.com>
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
This patch adds necessary support for RMI_VERSION command.
This patch sets RMI version numbers to 1.0 as per
RMM Specification 1.0-eac5.
Change-Id: If7f88d5b5efa58716752488108fa110fc71ae836
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
With commit@f5211420b(refactor(cpufeat): refactor arch feature build
options all mandatory options are enabled with
'make_helpers/arch_features.mk' so avoid enabling of mandatory features
in platform makefile.
Use correct Arch Major/Minor to get all the mandatory features enabled
by default.
Change-Id: Ia214aa75dc9caea949f697ecafb1ef1812c6d899
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
During build 'ENABLE_SPE_FOR_NS=0' is a valid build option however
using ifdef would incorrectly translate this as enabled.
Change-Id: I1c516fb68f6e382bb83c578e499cbb86869d9eca
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
With changes to refactor to use first platform makefiles
then parse arch_features.mk file 'ENABLE_RME' will be initialised
only when we define during build or at arch_features.mk thus
making comparison of 'ENABLE_RME' to '0' incorrect.
So keep BRBE disabled when RME is enabled at main makefile level.
Change-Id: I7e3d99eb444678d63585bd5971ada627cfc4fcc9
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
With commit@f5211420b(refactor(cpufeat): refactor arch feature build
options all mandatory options are enabled with
'make_helpers/arch_features.mk'
However the commit makes it impossible for enabling of mandatory
features through command line and platform make files, So re-order
handling of mandatory features in 'make_helpers/arch_features.mk'
Use below order to enable mandatory features.
1.) first enable mandatory features by arch major/minor
2.) check if features were not earlier defined in platform makefile or
through cmdline if defined earlier don't initialise them to '0' but
retain their values from prior initialisation.
Change-Id: Icea3180c9dda0cd6e0b59316add9f3290ae51972
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
n1sdp based out of Arm Neoverse N1 Core uses Arm®v8.2‑A extensions
so set ARM_ARCH_MAJOR.ARM_ARCH_MINOR for n1sdp platform to 8.2
Change-Id: Ib70c6be5e12817961430870d50fb1b0efca32df2
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Commit(f5211420b refactor(cpufeat): refactor arch feature build
options) ensures mandatory arch features are enabled based on
ARM_ARCH_MAJOR and ARM_ARCH_MINOR, which would be expected to be
provided from platform makefile. However it missed ensuring platform
makefile is included before parsing and enabling any mandatory arch
features.
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Change-Id: Ia0ccb7d73b2d24c87d3d235babed4704230bec28
* changes:
docs: mark PSA_CRYPTO as an experimental feature
feat(fvp): increase BL1 RW area for PSA_CRYPTO implementation
feat(mbedtls-psa): mbedTLS PSA Crypto with ECDSA
Typecast the base and size arguments for build time as unsigned
integers and the limit derived from these two as an unsigned long
to prevent size integer overflow issues during the build.
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Change-Id: Iefc148e0091e8c8a4ca505691036c79528a558a4
Post image handling of the HW_CONFIG is out-of-scope for
`plat_get_next_bl_params`. Move parts of the code responsible for post
processing of loaded images into `bl2_plat_handle_post_image_load` for code
reusability and maintainability.
Change-Id: I476b3d306ebcd4529f5e542ba1063e144920bb5f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
In certain instances a platform may need to make modifications to an
image after it has been loaded by BL2. The existing common
implementation is a thin wrapper for a more generic arm post image
handler. To enable platforms to make changes to images when
they're loaded, move this into platform code.
Change-Id: I44025391056adb2d8a8eb4ea5984257b02027181
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The coherent memory should be mapped as Device nGnRnE.
This fix adds the missing MMU attributes for coherent memory
if enabled.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Change-Id: I90b8de167c48f03392c9740f88f4b1e7b073a82d
* changes:
refactor(arm): use gpt_partition_init
feat(partition): add interface to init gpt
refactor(partition): convert warn to verbose
feat(partition): add support to use backup GPT header
refactor(partition): get GPT header location from MBR
feat(arm): add IO policy to use backup gpt header
feat(tbbr): add image id for backup GPT
Current interface partition_init accepts GPT image id and parses the
GPT image but doesn't return any error on failure.
So use gpt_partition_init which implicitly initialises with GPT image
ID and returns a value.
Change-Id: I63280aa672388f1f8d9dc377ae13002c9f861f03
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Current interface 'partition_init' accepts parameter image_id
and returns no value. But the entire partition driver is build
only to parse and handle GPT partitions, so add new interface
gpt_partition_init which would return failure to platform code
if it fails to parse the image.
Change-Id: Iaf574d2ad01a15d0723c1475290c31dc4a078835
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Convert all warn messages to verbose messages. As most warning are
needed during debug only and and won't increase the binary size by
default.
Change-Id: Icc5d5157f13507ccbc34675c20357117cad98255
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Currently we just use primary GPT header which is located in second
entry after MBR header, but if this block is corrupted or CRC
mismatch occurs we could try to use the backup GPT header located at
LBAn and GPT entries following this from LBA-33.
Add suitable warning messages before returning any errors to identify
the cause of issue.
Change-Id: I0018ae9eafbacb683a18784d2c8bd917c70f50e1
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
GPT header is located in first LBA after MBR entry and mbr header has
details of beginning of first entry, so use mbr header entry first_lba
data to locate GPT header rather than GPT_HEADER_OFFSET.
GPT header size is available in gpt_header, so use that
rather than using DEFAULT_GPT_HEADER_SIZE.
The location of GPT entries is available once we parse gpt_header
and is available as partitiona_lba use that to load gpt_entries rather
than GPT_ENTRY_OFFSET.
Change-Id: I3c11f8cc9d4b0b1778a37fe342fb845ea4a4eff1
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Add a IO block spec to use GPT backup header if primary fails.
Currently we use only the primary gpt header which is in the second
block(LBA-1) after the MBR block(LBA-0) so we restrict IO access to
primary gpt header and its entries.
But we plan to use backup GPT which is the last block of the
partition (LBA-n) in case our primary GPT header fails verification
or is corrupted.
Offset and length of the block spec will be updated runtime from
partition driver after parsing MBR data.
Change-Id: Id1d49841d6f4cbcc3248af19faf2fbd8e24a8ba1
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Add image identifier to access backup-GPT header and entry,
when we fail to get primary GPT header.
Currently we use only the primary gpt header, But we plan to
use backup GPT header in case our primary GPT header fails
verification or is corrupted.
Change-Id: I12eedd5d2a5cda21c64254d461d09d400d4edb30
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
The firmware handoff framework is a light weight mechanism for sharing
information between bootloader stages. Add support for this framework at
the handoff boundary between runtime firmware BL31 and NS software on FVP.
Change-Id: Ib02e0e4c20a39e32e06da667caf2ce5a28de1e28
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
* changes:
fix(cpus): fix the rev-var of Neoverse-V1
fix(errata-abi): update the Neoverse-N2 errata ABI struct
fix(errata-abi): update the neoverse-N1 errata ABI struct
fix(cpus): fix the rev-var of Cortex-X2
fix(errata-abi): update the Cortex-A78C errata ABI struct
fix(cpus): update the rev-var for Cortex-A78AE
fix(errata-abi): update the Cortex-A76 errata ABI struct
fix(cpus): fix the rev-var for Cortex-A710
Since FVP does not support RSS, RSS APIs used to provide the hardcoded
platform token and attestation key. However, that seems to be causing
un-necessary mandating of some PSA crypto definitions, that doesn't
seem appropriate.
Hence to retrieve platform token and realm attestation key, these
RSS APIs calls have been replaced with hardcoded information.
Change-Id: I5fd091025e3444a698b9d387763ce20db6b13ae1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Adding basic CPU library code to support Travis CPU
Change-Id: I3c85e9fab409325d213978888a8f6d6949291258
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Several platforms, such as NXP platforms, employ Trusted Boot support
without relying on MBEDTLS_CONFIG. This patch addresses the build
issues that arose on such platforms as a result of recent change
c1ec23dd60 [1].
[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/23730
Change-Id: Idfbeeafb8a30dc15bb0060beb5b17819a8807084
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updated the documentation to mark PSA_CRYPTO as an experimental
feature.
Change-Id: I894b687d6727fe7f80df54e6b08937e171f459b6
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
