As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' function. The function is
a wrapper to 'cm_prepare_el3_exit' function for Non-secure state.
When EL2 sysregs context exists (CTX_INCLUDE_EL2_REGS is
enabled) EL1 and EL2 sysreg values are restored from the context
instead of directly updating the registers.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9b071030576bb05500d54090e2a03b3f125d1653
The following registers are only accessible from secure state,
therefore don't need to be saved/restored during world switch.
- SDER32_EL2
- VSTCR_EL2
- VSTTBR_EL2
This patch removes these registers from EL2 context.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I24d08aacb1b6def261c7b37d3e1265bb76adafdc
* changes:
feat(gic600ae_fmu): enable all GICD, PPI, ITS SMs
feat(gic600ae_fmu): disable SMID for unavailable blocks
feat(gic600ae_fmu): introduce support for RAS error handling
The following SMIDs are disabled by default.
* GICD: MBIST REQ error and GICD FMU ClkGate override
* PPI: MBIST REQ error and PPI FMU ClkGate override
* ITS: MBIST REQ error and ITS FMU ClkGate override
This patch explicitly enables them during the FMU init sequence.
Change-Id: I573e64786e3318d4cbcd07d0a1caf25f8e6e9200
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch updates the gic600_fmu_init function to disable all safety
mechanisms for a block ID that is not present on the platform. All
safety mechanisms for GIC-600AE are enabled by default and should be
disabled for blocks that are not present on the platform to avoid
false positive RAS errors.
Change-Id: I52dc3bee9a8b49fd2e51d7ed851fdc803a48e6e3
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Add __BASE_XLAT_TABLE_START__/_END__ and __XLAT_TABLE_START__/_END__
symbols in the linker script to have them in the .map file.
This allows displaying those areas when running memory map script.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I768a459c5cecc403a9b81b36a71397ecc3179f4f
The GIC-600AE uses a range of RAS features for all RAMs, which include
SECDED, ECC, and Scrub, software and bus error reporting. The GIC makes
all necessary information available to software through Armv8.2 RAS
architecture compliant register space.
This patch introduces support to probe the FMU_ERRGSR register to find
the right error record. Once the correct record is identified, the
"handler" function queries the FMU_ERR<m>STATUS register to further
identify the block ID, safety mechanism and the architecturally defined
primary error code. The description of the error is displayed on the
console to simplify debug.
Change-Id: I7e543664b74457afee2da250549f4c3d9beb1a03
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Replacing ARM_ARCH_AT_LEAST macro with feature specific build options
to prevent unconditional accesses to the registers during context save
and restore routines.
Registers are tightly coupled with features more than architecture
versions. Henceforth having a feature-specific build flag guarding the
respective registers, will restrict any undefined actions.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I809774df580530803c8a6e05a62d8d4de0910e02
This patch adds architectural features detection procedure to ensure
features enabled are present in the given hardware implementation.
It verifies whether the architecture build flags passed during
compilation match the respective features by reading their ID
registers. It reads through all the enabled feature specific ID
registers at once and panics in case of mismatch(feature enabled
but not implemented in PE).
Feature flags are used at sections (context_management,
save and restore routines of registers) during context switch.
If the enabled feature flag is not supported by the PE, it causes an
exception while saving or restoring the registers guarded by them.
With this mechanism, the build flags are validated at an early
phase prior to their usage, thereby preventing any undefined action
under their control.
This implementation is based on tristate approach for each feature and
currently FEAT_STATE=0 and FEAT_STATE=1 are covered as part of this
patch. FEAT_STATE=2 is planned for phase-2 implementation and will be
taken care separately.
The patch has been explicitly tested, by adding a new test_config
with build config enabling majority of the features and detected
all of them under FVP launched with parameters enabling v8.7 features.
Note: This is an experimental procedure and the mechanism itself is
guarded by a macro "FEATURE_DETECTION", which is currently being
disabled by default.
The "FEATURE_DETECTION" macro is documented and the platforms are
encouraged to make use of this diagnostic tool by enabling this
"FEATURE_DETECTION" flag explicitly and get used to its behaviour
during booting before the procedure gets mandated.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: Ia23d95430fe82d417a938b672bfb5edc401b0f43
Add a dummy realm attestation key to RMMD, and return it on request.
The realm attestation key is requested with an SMC with the following
parameters:
* Fid (0xC400001B2).
* Attestation key buffer PA (the realm attestation key is copied
at this address by the monitor).
* Attestation key buffer length as input and size of realm
attesation key as output.
* Type of elliptic curve.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I12d8d98fd221f4638ef225c9383374ddf6e65eac
Add new options SEPARATE_BL2_NOLOAD_REGION to separate no-loadable
sections (.bss, stack, page tables) to a ram region specified
by BL2_NOLOAD_START and BL2_NOLOAD_LIMIT.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I844ee0fc405474af0aff978d292c826fbe0a82fd
Add support for Chassis 3.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I85cf68d4f1db81bf344e34dce13799ae173aa23a
Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC40001B3).
* Platform token PA (the platform token is copied at this address by
the monitor). The challenge object needs to be passed by
the caller in this buffer.
* Platform token len.
* Challenge object len.
When calling the SMC, the platform token buffer received by EL3 contains
the challenge object. It is not used on the FVP and is only printed to
the log.
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I8b2f1d54426c04e76d7a3baa6b0fbc40b0116348
This patch reworks the GTSI service implementation in RMMD
such that it is made internal to RMMD. This rework also
lays the ground work for additional RMMD services which
can be invoked from RMM.
The rework renames some of the FID macros to make it
more suited for adding more RMMD services. All the RMM-EL31
service SMCs are now routed via rmmd_rmm_el3_handler().
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: Ic52ca0f33b79a1fd1deefa8136f9586b088b2e07
Cortex A78 AE erratum 2395408 is a Cat B erratum that applies
to revisions <= r0p1. It is still open.
This erratum states, "A translation table walk that matches an
existing L1 prefetch with a read request outstanding on CHI might
fold into the prefetch, which might lead to data corruption for
a future instruction fetch"
This erratum is avoided by setting CPUACTLR2_EL1[40] to 1 to
disable folding of demand requests into older prefetches with
L2 miss requests outstanding.
SDEN is available at https://developer.arm.com/documentation/SDEN-1707912
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ic17968987ca3c67fa7f64211bcde6dfcb35ed5d6
Cortex A78 AE erratum 2376748 is a Cat B erratum that applies
to revisions <= r0p1. It is still open.
The erratum states, "A PE executing a PLDW or PRFM PST instruction
that lies on a mispredicted branch path might cause a second PE
executing a store exclusive to the same cache line address to fail
continuously."
The erratum is avoided by setting CPUACTLR2_EL1[0] to 1 to force
PLDW/PFRM ST to behave like PLD/PRFM LD and not cause invalidations
to other PE caches. There might be a small performance degradation
to this workaround for certain workloads that share data.
SDEN is available at https://developer.arm.com/documentation/SDEN-1707912
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I93bd392a870d4584f3e12c8e4626dbe5a3a40a4d
And new file stm32mp13-tzc400.h is created for STM32MP13.
Change-Id: I18d6aa443d07dc42c0fff56fefb2a47632a2c0e6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This new function pmic_voltages_init() is used to set the minimum value
for STM32MP13 VDDCPU and VDDCORE regulators. This value is retrieved
from device tree.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ibbe237cb5dccc1fddf92e07ffd3955048ff82075
Add new clock driver for STM32MP13. Split the include file to manage
either STM32MP13 or STM32MP15.
Change-Id: Ia568cd12b1d5538809204f0fd2224d51e5d1e985
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
Add dedicated clock and reset dt-bindings include files. The former
files are renamed with stm32mp15, and the stm32mp1 file just
determine through STM32MP13 or STM32MP15 flag which file to include.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I0db23996a3ba25f7c3ea920f16230b11cf051208
Implements the loop workaround for Cortex-A76AE, Cortex-A78AE and
Cortex-A78C.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I5c838f5b9d595ed3c461a7452bd465bd54acc548
This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new SMCCC_ARCH_WORKAROUND_3 and enables necessary discovery
hooks for Coxtex-A72, Cortex-A57, Cortex-A73 and Cortex-A75 to
enable discovery of this SMC via SMC_FEATURES. SMCCC_ARCH_WORKAROUND_3
is implemented for A57/A72 because some revisions are affected by both
CVE-2022-23960 and CVE-2017-5715 and this allows callers to replace
SMCCC_ARCH_WORKAROUND_1 calls with SMCCC_ARCH_WORKAROUND_3. For details
of SMCCC_ARCH_WORKAROUND_3, please refer SMCCCv1.4 specification.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifa6d9c7baa6764924638efe3c70468f98d60ed7c
Implements mitigation for Cortex-A72 CPU versions that support
the CSV2 feature(from r1p0). It also applies the mitigation for
Cortex-A57 CPU.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I7cfcf06537710f144f6e849992612033ddd79d33
The previous delegating/undelegating sequence was incorrect as per the
specification DDI0615, "Architecture Reference Manual Supplement, The
Realm Management Extension (RME), for Armv9-A" Sections A1.1.1 and
A1.1.2
Off topic:
- cleaning the gpt_is_gpi_valid and gpt_check_pass_overlap
Change-Id: Idb64d0a2e6204f1708951137062847938ab5e0ac
Signed-off-by: Robert Wakim <robert.wakim@arm.com>
Cortex-A710 erratum 2282622 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to set
CPUACTLR2_EL1[0] to 1, which will force PLDW/PFRM ST to behave like
PLD/PRFM LD and not cause invalidations to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ic48409822536e9eacc003300036a1f0489593020
Cortex-A510 erratum 2172148 is a Cat B erratum that applies to revisions
r0p0, r0p1, r0p2, r0p3 and r1p0, and is fixed in r1p1.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2397239
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I1784d643ca3d1d448340cd421facb5f229df1d22
* changes:
fix(nxp-crypto): refine code to avoid hang issue for some of toolchain
build(changelog): add new scope for nxp crypto
fix(lx2): drop erratum A-009810
Platforms which support Realm world cannot boot up
properly if measured boot is enabled at build time.
An assertions occurs due to the missing RMM entry
in the event_log_metadata array.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I172f10a440797f7c9e1bc79dc72242b40c2521ea
On RME-enabled platforms, it is currently not possible to incorporate
mapping of all bl_regions specified in bl31 setup[1] with the
ARM_BL_REGIONS macro defined to 6. Hence increased its count to 7.
[1]: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/
plat/arm/common/arm_bl31_setup.c#n380
Change-Id: Ieaa97f026ab2ae6eae22442595aa4122ba0a13c4
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Cortex-A510 erratum 2042739 is a Cat B erratum that applies to revisions
r0p0, r0p1 and r0p2 and is fixed in r0p3.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2397239
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I1d2ebee3914396e1e298eb45bdab35ce9e194ad9
Cortex-A510 erratum 2288014 is a Cat B erratum that applies to revisions
r0p0, r0p1, r0p2, r0p3 and r1p0, and is fixed in r1p1.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2397239
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I875519ff55be90244cc3d3a7e9f7abad0fc3c2b8
Cortex-A510 erratum 1922240 is a Cat B erratum that applies to revision
r0p0 and is fixed in r0p1.
Since no errata framework code existed for A510 prior to this patch, it
has been added as well. Also some general cleanup changes in the CPU lib
makefile.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2397239
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I8c427ef255cb4b38ed3e5c2c7444fcef957277e4
bitfield structure maybe has strict-aliasing issue for some compiler,
for example the old code has hang issue for yocto 3.4 toolchain, so
refine the code to avoid to use bitfield structure.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6b6d7597311240dd6d6b8ca4ce508c69332f9c68