Merge "Update change log for v2.2 Release" into integration
This commit is contained in:
commit
c381ab6897
|
@ -4,6 +4,422 @@ Change Log & Release Notes
|
|||
This document contains a summary of the new features, changes, fixes and known
|
||||
issues in each release of Trusted Firmware-A.
|
||||
|
||||
Version 2.2
|
||||
-----------
|
||||
|
||||
New Features
|
||||
^^^^^^^^^^^^
|
||||
|
||||
- Architecture
|
||||
- Enable Pointer Authentication (PAuth) support for Secure World
|
||||
- Adds support for ARMv8.3-PAuth in BL1 SMC calls and
|
||||
BL2U image for firmware updates.
|
||||
|
||||
- Enable Memory Tagging Extension (MTE) support in both secure and non-secure
|
||||
worlds
|
||||
- Adds support for the new Memory Tagging Extension arriving in
|
||||
ARMv8.5. MTE support is now enabled by default on systems that
|
||||
support it at EL0.
|
||||
- To enable it at ELx for both the non-secure and the secure
|
||||
world, the compiler flag ``CTX_INCLUDE_MTE_REGS`` includes register
|
||||
saving and restoring when necessary in order to prevent information
|
||||
leakage between the worlds.
|
||||
|
||||
- Add support for Branch Target Identification (BTI)
|
||||
|
||||
- Build System
|
||||
- Modify FVP makefile for CPUs that support both AArch64/32
|
||||
|
||||
- AArch32: Allow compiling with soft-float toolchain
|
||||
|
||||
- Makefile: Add default warning flags
|
||||
|
||||
- Add Makefile check for PAuth and AArch64
|
||||
|
||||
- Add compile-time errors for HW_ASSISTED_COHERENCY flag
|
||||
|
||||
- Apply compile-time check for AArch64-only CPUs
|
||||
|
||||
- build_macros: Add mechanism to prevent bin generation.
|
||||
|
||||
- Add support for default stack-protector flag
|
||||
|
||||
- spd: opteed: Enable NS_TIMER_SWITCH
|
||||
|
||||
- plat/arm: Skip BL2U if RESET_TO_SP_MIN flag is set
|
||||
|
||||
- Add new build option to let each platform select which implementation of spinlocks
|
||||
it wants to use
|
||||
|
||||
- CPU Support
|
||||
- DSU: Workaround for erratum 798953 and 936184
|
||||
|
||||
- Neoverse N1: Force cacheable atomic to near atomic
|
||||
- Neoverse N1: Workaround for erratum 1073348, 1130799, 1165347, 1207823,
|
||||
1220197, 1257314, 1262606, 1262888, 1275112, 1315703, 1542419
|
||||
|
||||
- Neoverse Zeus: Apply the MSR SSBS instruction
|
||||
|
||||
- cortex-a76AE: Support added for Cortex-A76AE CPU
|
||||
- cortex-a76: Workaround for erratum 1257314, 1262606, 1262888, 1275112,
|
||||
1286807
|
||||
|
||||
- cortex-a65/a65AE: Support added for Cortex-A65 and Cortex-A65AE CPUs
|
||||
- cortex-a65: Enable AMU for Cortex-A65
|
||||
|
||||
- cortex-a55: Workaround for erratum 1221012
|
||||
|
||||
- cortex-a35: Workaround for erratum 855472
|
||||
|
||||
- cortex-a9: Workaround for erratum 794073
|
||||
|
||||
- Drivers
|
||||
- console: Allow the console to register multiple times
|
||||
|
||||
- delay: Timeout detection support
|
||||
|
||||
- gicv3: Enabled multi-socket GIC redistributor frame discovery and migrated
|
||||
ARM platforms to the new API
|
||||
- Adds ``gicv3_rdistif_probe`` function that delegates the responsibility
|
||||
of discovering the corresponding redistributor base frame to each CPU
|
||||
itself.
|
||||
|
||||
- sbsa: Add SBSA watchdog driver
|
||||
|
||||
- st/stm32_hash: Add HASH driver
|
||||
|
||||
- ti/uart: Add an AArch32 variant
|
||||
|
||||
- Library at ROM (romlib)
|
||||
- Introduce BTI support in Library at ROM (romlib)
|
||||
|
||||
- New Platforms Support
|
||||
- amlogic: g12a: New platform support added for the S905X2 (G12A) platform
|
||||
- amlogic: meson/gxl: New platform support added for Amlogic Meson
|
||||
S905x (GXL)
|
||||
|
||||
- arm/a5ds: New platform support added for A5 DesignStart
|
||||
|
||||
- arm/corstone: New platform support added for Corstone-700
|
||||
|
||||
- intel: New platform support added for Agilex
|
||||
|
||||
- mediatek: New platform support added for MediaTek mt8183
|
||||
|
||||
- qemu/qemu_sbsa: New platform support added for QEMU SBSA platform
|
||||
|
||||
- renesas/rcar_gen3: plat: New platform support added for D3
|
||||
|
||||
- rockchip: New platform support added for px30
|
||||
- rockchip: New platform support added for rk3288
|
||||
|
||||
- rpi: New platform support added for Raspberry Pi 4
|
||||
|
||||
- Platforms
|
||||
- arm/common: Introduce wrapper functions to setup secure watchdog
|
||||
|
||||
- arm/fvp: Add Delay Timer driver to BL1 and BL31 and option for defining
|
||||
platform DRAM2 base
|
||||
- arm/fvp: Add Linux DTS files for 32 bit threaded FVPs
|
||||
|
||||
- arm/n1sdp: Add code for DDR ECC enablement and BL33 copy to DDR, Initialise CNTFRQ
|
||||
in Non Secure CNTBaseN
|
||||
|
||||
- arm/juno: Use shared mbedtls heap between BL1 and BL2 and add basic support for
|
||||
dynamic config
|
||||
|
||||
- imx: Basic support for PicoPi iMX7D, rdc module init, caam module init,
|
||||
aipstz init, IMX_SIP_GET_SOC_INFO, IMX_SIP_BUILDINFO added
|
||||
|
||||
- intel: Add ncore ccu driver
|
||||
|
||||
- mediatek/mt81*: Use new bl31_params_parse() helper
|
||||
|
||||
- nvidia: tegra: Add support for multi console interface
|
||||
|
||||
- qemu/qemu_sbsa: Adding memory mapping for both FLASH0/FLASH1
|
||||
- qemu: Added gicv3 support, new console interface in AArch32, and sub-platforms
|
||||
|
||||
- renesas/rcar_gen3: plat: Add R-Car V3M support, new board revision for H3ULCB, DBSC4
|
||||
setting before self-refresh mode
|
||||
|
||||
- socionext/uniphier: Support console based on multi-console
|
||||
|
||||
- st: stm32mp1: Add OP-TEE, Avenger96, watchdog, LpDDR3, authentication support
|
||||
and general SYSCFG management
|
||||
|
||||
- ti/k3: common: Add support for J721E, Use coherent memory for shared data, Trap all
|
||||
asynchronous bus errors to EL3
|
||||
|
||||
- xilinx/zynqmp: Add support for multi console interface, Initialize IPI table from
|
||||
zynqmp_config_setup()
|
||||
|
||||
- PSCI
|
||||
- Adding new optional PSCI hook ``pwr_domain_on_finish_late``
|
||||
- This PSCI hook ``pwr_domain_on_finish_late`` is similar to
|
||||
``pwr_domain_on_finish`` but is guaranteed to be invoked when the
|
||||
respective core and cluster are participating in coherency.
|
||||
|
||||
- Security
|
||||
- Speculative Store Bypass Safe (SSBS): Further enhance protection against Spectre
|
||||
variant 4 by disabling speculative loads/stores (SPSR.SSBS bit) by default.
|
||||
|
||||
- UBSAN support and handlers
|
||||
- Adds support for the Undefined Behaviour sanitizer. There are two types of
|
||||
support offered - minimalistic trapping support which essentially immediately
|
||||
crashes on undefined behaviour and full support with full debug messages.
|
||||
|
||||
- Tools
|
||||
- cert_create: Add support for bigger RSA key sizes (3KB and 4KB),
|
||||
previously the maximum size was 2KB.
|
||||
|
||||
- fiptool: Add support to build fiptool on Windows.
|
||||
|
||||
|
||||
Changed
|
||||
^^^^^^^
|
||||
|
||||
- Architecture
|
||||
- Refactor ARMv8.3 Pointer Authentication support code
|
||||
|
||||
- backtrace: Strip PAC field when PAUTH is enabled
|
||||
|
||||
- Prettify crash reporting output on AArch64.
|
||||
|
||||
- Rework smc_unknown return code path in smc_handler
|
||||
- Leverage the existing ``el3_exit()`` return routine for smc_unknown return
|
||||
path rather than a custom set of instructions.
|
||||
|
||||
- BL-Specific
|
||||
- Invalidate dcache build option for BL2 entry at EL3
|
||||
|
||||
- Add missing support for BL2_AT_EL3 in XIP memory
|
||||
|
||||
- Boot Flow
|
||||
- Add helper to parse BL31 parameters (both versions)
|
||||
|
||||
- Factor out cross-BL API into export headers suitable for 3rd party code
|
||||
|
||||
- Introduce lightweight BL platform parameter library
|
||||
|
||||
- Drivers
|
||||
- auth: Memory optimization for Chain of Trust (CoT) description
|
||||
|
||||
- bsec: Move bsec_mode_is_closed_device() service to platform
|
||||
|
||||
- cryptocell: Move Cryptocell specific API into driver
|
||||
|
||||
- gicv3: Prevent pending G1S interrupt from becoming G0 interrupt
|
||||
|
||||
- mbedtls: Remove weak heap implementation
|
||||
|
||||
- mmc: Increase delay between ACMD41 retries
|
||||
- mmc: stm32_sdmmc2: Correctly manage block size
|
||||
- mmc: stm32_sdmmc2: Manage max-frequency property from DT
|
||||
|
||||
- synopsys/emmc: Do not change FIFO TH as this breaks some platforms
|
||||
- synopsys: Update synopsys drivers to not rely on undefined overflow behaviour
|
||||
|
||||
- ufs: Extend the delay after reset to wait for some slower chips
|
||||
|
||||
- Platforms
|
||||
- amlogic/meson/gxl: Remove BL2 dependency from BL31
|
||||
|
||||
- arm/common: Shorten the Firmware Update (FWU) process
|
||||
|
||||
- arm/fvp: Remove GIC initialisation from secondary core cold boot
|
||||
|
||||
- arm/sgm: Temporarily disable shared Mbed TLS heap for SGM
|
||||
|
||||
- hisilicon: Update hisilicon drivers to not rely on undefined overflow behaviour
|
||||
|
||||
- imx: imx8: Replace PLAT_IMX8* with PLAT_imx8*, remove duplicated linker symbols and
|
||||
deprecated code include, keep only IRQ 32 unmasked, enable all power domain by default
|
||||
|
||||
- marvell: Prevent SError accessing PCIe link, Switch to xlat_tables_v2, do not rely on
|
||||
argument passed via smc, make sure that comphy init will use correct address
|
||||
|
||||
- mediatek: mt8173: Refactor RTC and PMIC drivers
|
||||
- mediatek: mt8173: Apply MULTI_CONSOLE framework
|
||||
|
||||
- nvidia: Tegra: memctrl_v2: fix "overflow before widen" coverity issue
|
||||
|
||||
- qemu: Simplify the image size calculation, Move and generalise FDT PSCI fixup, move
|
||||
gicv2 codes to separate file
|
||||
|
||||
- renesas/rcar_gen3: Convert to multi-console API, update QoS setting, Update IPL and
|
||||
Secure Monitor Rev2.0.4, Change to restore timer counter value at resume, Update DDR
|
||||
setting rev.0.35, qos: change subslot cycle, Change periodic write DQ training option.
|
||||
|
||||
- rockchip: Allow SOCs with undefined wfe check bits, Streamline and complete UARTn_BASE
|
||||
macros, drop rockchip-specific imported linker symbols for bl31, Disable binary generation
|
||||
for all SOCs, Allow console device to be set by DTB, Use new bl31_params_parse functions
|
||||
|
||||
- rpi/rpi3: Move shared rpi3 files into common directory
|
||||
|
||||
- socionext/uniphier: Set CONSOLE_FLAG_TRANSLATE_CRLF and clean up console driver
|
||||
- socionext/uniphier: Replace DIV_ROUND_UP() with div_round_up() from utils_def.h
|
||||
|
||||
- st/stm32mp: Split stm32mp_io_setup function, move stm32_get_gpio_bank_clock() to private
|
||||
file, correctly handle Clock Spreading Generator, move oscillator functions to generic file,
|
||||
realign device tree files with internal devs, enable RTCAPB clock for dual-core chips, use a
|
||||
common function to check spinlock is available, move check_header() to common code
|
||||
|
||||
- ti/k3: Enable SEPARATE_CODE_AND_RODATA by default, Remove shared RAM space,
|
||||
Drop _ADDRESS from K3_USART_BASE to match other defines, Remove MSMC port
|
||||
definitions, Allow USE_COHERENT_MEM for K3, Set L2 latency on A72 cores
|
||||
|
||||
- PSCI
|
||||
- PSCI: Lookup list of parent nodes to lock only once
|
||||
|
||||
- Secure Partition Manager (SPM): SPCI Prototype
|
||||
- Fix service UUID lookup
|
||||
|
||||
- Adjust size of virtual address space per partition
|
||||
|
||||
- Refactor xlat context creation
|
||||
|
||||
- Move shim layer to TTBR1_EL1
|
||||
|
||||
- Ignore empty regions in resource description
|
||||
|
||||
- Security
|
||||
- Refactor SPSR initialisation code
|
||||
|
||||
- SMMUv3: Abort DMA transactions
|
||||
- For security DMA should be blocked at the SMMU by default unless explicitly
|
||||
enabled for a device. SMMU is disabled after reset with all streams bypassing
|
||||
the SMMU, and abortion of all incoming transactions implements a default deny
|
||||
policy on reset.
|
||||
- Moves ``bl1_platform_setup()`` function from arm_bl1_setup.c to FVP platforms'
|
||||
fvp_bl1_setup.c and fvp_ve_bl1_setup.c files.
|
||||
|
||||
- Tools
|
||||
- cert_create: Remove RSA PKCS#1 v1.5 support
|
||||
|
||||
|
||||
Resolved Issues
|
||||
^^^^^^^^^^^^^^^
|
||||
|
||||
- Architecture
|
||||
- Fix the CAS spinlock implementation by adding a missing DSB in ``spin_unlock()``
|
||||
|
||||
- AArch64: Fix SCTLR bit definitions
|
||||
- Removes incorrect ``SCTLR_V_BIT`` definition and adds definitions for
|
||||
ARMv8.3-Pauth `EnIB`, `EnDA` and `EnDB` bits.
|
||||
|
||||
- Fix restoration of PAuth context
|
||||
- Replace call to ``pauth_context_save()`` with ``pauth_context_restore()`` in
|
||||
case of unknown SMC call.
|
||||
|
||||
- BL-Specific Issues
|
||||
- Fix BL31 crash reporting on AArch64 only platforms
|
||||
|
||||
- Build System
|
||||
- Remove several warnings reported with W=2 and W=1
|
||||
|
||||
- Code Quality Issues
|
||||
- SCTLR and ACTLR are 32-bit for AArch32 and 64-bit for AArch64
|
||||
- Unify type of "cpu_idx" across PSCI module.
|
||||
- Assert if power level value greater then PSCI_INVALID_PWR_LVL
|
||||
- Unsigned long should not be used as per coding guidelines
|
||||
- Reduce the number of memory leaks in cert_create
|
||||
- Fix type of cot_desc_ptr
|
||||
- Use explicit-width data types in AAPCS parameter structs
|
||||
- Add python configuration for editorconfig
|
||||
- BL1: Fix type consistency
|
||||
|
||||
- Enable -Wshift-overflow=2 to check for undefined shift behavior
|
||||
- Updated upstream platforms to not rely on undefined overflow behaviour
|
||||
|
||||
- Coverity Quality Issues
|
||||
- Remove GGC ignore -Warray-bounds
|
||||
- Fix Coverity #261967, Infinite loop
|
||||
- Fix Coverity #343017, Missing unlock
|
||||
- Fix Coverity #343008, Side affect in assertion
|
||||
- Fix Coverity #342970, Uninitialized scalar variable
|
||||
|
||||
- CPU Support
|
||||
- cortex-a12: Fix MIDR mask
|
||||
|
||||
- Drivers
|
||||
- console: Remove Arm console unregister on suspend
|
||||
|
||||
- gicv3: Fix support for full SPI range
|
||||
|
||||
- scmi: Fix wrong payload length
|
||||
|
||||
- Library Code
|
||||
- libc: Fix sparse warning for __assert()
|
||||
|
||||
- libc: Fix memchr implementation
|
||||
|
||||
- Platforms
|
||||
- rpi: rpi3: Fix compilation error when stack protector is enabled
|
||||
|
||||
- socionext/uniphier: Fix compilation fail for SPM support build config
|
||||
|
||||
- st/stm32mp1: Fix TZC400 configuration against non-secure DDR
|
||||
|
||||
- ti/k3: common: Fix RO data area size calculation
|
||||
|
||||
- Security
|
||||
- AArch32: Disable Secure Cycle Counter
|
||||
- Changes the implementation for disabling Secure Cycle Counter.
|
||||
For ARMv8.5 the counter gets disabled by setting ``SDCR.SCCD`` bit on
|
||||
CPU cold/warm boot. For the earlier architectures PMCR register is
|
||||
saved/restored on secure world entry/exit from/to Non-secure state,
|
||||
and cycle counting gets disabled by setting PMCR.DP bit.
|
||||
- AArch64: Disable Secure Cycle Counter
|
||||
- For ARMv8.5 the counter gets disabled by setting ``MDCR_El3.SCCD`` bit on
|
||||
CPU cold/warm boot. For the earlier architectures PMCR_EL0 register is
|
||||
saved/restored on secure world entry/exit from/to Non-secure state,
|
||||
and cycle counting gets disabled by setting PMCR_EL0.DP bit.
|
||||
|
||||
Deprecations
|
||||
^^^^^^^^^^^^
|
||||
|
||||
- Common Code
|
||||
- Remove MULTI_CONSOLE_API flag and references to it
|
||||
|
||||
- Remove deprecated `plat_crash_console_*`
|
||||
|
||||
- Remove deprecated interfaces `get_afflvl_shift`, `mpidr_mask_lower_afflvls`, `eret`
|
||||
|
||||
- AARCH32/AARCH64 macros are now deprecated in favor of ``__aarch64__``
|
||||
|
||||
- ``__ASSEMBLY__`` macro is now deprecated in favor of ``__ASSEMBLER__``
|
||||
|
||||
- Drivers
|
||||
- console: Removed legacy console API
|
||||
- console: Remove deprecated finish_console_register
|
||||
|
||||
- tzc: Remove deprecated types `tzc_action_t` and `tzc_region_attributes_t`
|
||||
|
||||
- Secure Partition Manager (SPM):
|
||||
- Prototype SPCI-based SPM (services/std_svc/spm) will be replaced with alternative
|
||||
methods of secure partitioning support.
|
||||
|
||||
Known Issues
|
||||
^^^^^^^^^^^^
|
||||
|
||||
- Build System Issues
|
||||
- dtb: DTB creation not supported when building on a Windows host.
|
||||
|
||||
This step in the build process is skipped when running on a Windows host. A
|
||||
known issue from the 1.6 release.
|
||||
|
||||
- Platform Issues
|
||||
- arm/juno: System suspend from Linux does not function as documented in the
|
||||
user guide
|
||||
|
||||
Following the instructions provided in the user guide document does not
|
||||
result in the platform entering system suspend state as expected. A message
|
||||
relating to the hdlcd driver failing to suspend will be emitted on the
|
||||
Linux terminal.
|
||||
|
||||
- mediatek/mt6795: This platform does not build in this release
|
||||
|
||||
Version 2.1
|
||||
-----------
|
||||
|
||||
|
|
Loading…
Reference in New Issue