Commit Graph

10532 Commits

Author SHA1 Message Date
Bipin Ravi be9121fd31 fix(security): workaround for CVE-2022-23960 for Cortex-A57, Cortex-A72
Implements mitigation for Cortex-A72 CPU versions that support
the CSV2 feature(from r1p0). It also applies the mitigation for
Cortex-A57 CPU.

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I7cfcf06537710f144f6e849992612033ddd79d33
2022-03-16 16:35:07 -05:00
Madhukar Pappireddy fdb9166b94 fix(fvp): disable reclaiming init code by default
In anticipation of Spectre BHB workaround mitigation patches, we
disable the RECLAIM_INIT_CODE for FVP platform. Since the spectre
BHB mitigation workarounds inevitably increase the size of the various
segments due to additional instructions and/or macros, these segments
cannot be fit in the existing memory layout designated for BL31 image.
The issue is specifically seen in complex build configs for FVP
platform. One such config has TBB with Dual CoT and test secure
payload dispatcher(TSPD) enabled. Even a small increase in individual
segment size in order of few bytes might lead to build fails due to
alignment requirements(PAGE_ALIGN to 4KB).

This is needed to workaround the following build failures observed
across multiple build configs:

aarch64-none-elf-ld.bfd: BL31 init has exceeded progbits limit.

aarch64-none-elf-ld.bfd: /work/workspace/workspace/tf-worker_ws_2/trusted_firmware/build/fvp/debug/bl31/bl31.elf section coherent_ram will not fit in region RAM
aarch64-none-elf-ld.bfd: BL31 image has exceeded its limit.
aarch64-none-elf-ld.bfd: region RAM overflowed by 4096 bytes

Change-Id: Idfab539e9a40f4346ee11eea1e618c97e93e19a1
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
2022-03-16 14:20:48 -05:00
Madhukar Pappireddy 38dd6b61ae Merge "fix(xilinx): fix coding style violations" into integration 2022-03-16 15:41:31 +01:00
Manish V Badarkhe 26850d71ec refactor(st): update set_config_info function call
Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.

Change-Id: Ieeaf9c97085128d7b7339d34495bdd58cd9fcf8a
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2022-03-16 13:51:26 +00:00
Manish V Badarkhe ddbf43b4a0 refactor(fvp_r): update set_config_info function call
Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.

Change-Id: I64e8531e0ad5cda63f14d838efb9da9cf20beea8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2022-04-22 10:05:53 +01:00
Manish V Badarkhe 046cb19b49 refactor(arm): update set_config_info function call
Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.

Change-Id: Ia33adfa9e7b0392f62056053a2df7db321a74e22
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2022-04-21 22:53:43 +01:00
Manish Pandey e58eb9d103 Merge "feat(mt8186): add DFD control in SiP service" into integration 2022-03-16 12:55:03 +01:00
Pali Rohár 19a2d5188b docs(a3k): update documentation about DEBUG mode for UART
DEBUG mode can be enabled without any issue for Armada 37xx and also for
other A7K/A8K/CN913x. There is no incompatibility with Xmodem protocol
like it was written before, because Armada 37xx UART images do not print
anything on UART during image transfer and A7K/A8K/CN913x BLE image
automatically turn off debugging output when booting over UART. Looks
like this incorrect information is some relict from the past.

Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I85adc3c21036656b4620c4692e04330cad11ea2f
2022-03-16 12:38:43 +01:00
Manish Pandey 02c6f36695 Merge "fix(a3k): change fatal error to warning when CM3 reset is not implemented" into integration 2022-03-16 12:37:17 +01:00
Pali Rohár 30cdbe7043 fix(a3k): change fatal error to warning when CM3 reset is not implemented
This allows TF-A's a3700_system_reset() function to try Warm reset
method when CM3 reset method is not implemented by WTMI firmware.

Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I7303197373e1a8ca5a44ba0b1e90b48855d6c0c3
2022-03-16 11:42:47 +01:00
Manish V Badarkhe ed4bf52c33 feat(fconf): add NS load address in configuration DTB nodes
Retrieved the NS load address of configs from FW_CONFIG device tree,
and modified the prototype of "set_config_info" to update device tree
information with the retrieved address.

Change-Id: Ic5a98ba65bc7aa0395c70c7d450253ff8d84d02c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2022-03-16 09:34:36 +00:00
anans 0956319b58 fix(ufs): move nutrs assignment to ufs_init
nutrs is set in ufs_enum (used by get_empty_slot), this will not
be assigned if UFS_FLAGS_SKIPINIT is set in flags during init and
might end up crashing read/write commands

Change-Id: I1517b69c56741fd5bf4ef0ebc1fc8738746233d7
Signed-off-by: anans <anans@google.com>
2022-03-16 09:12:44 +05:30
Channagoud kadabi 38a5ecb756 fix(ufs): fix cache maintenance issues
Fix software cache maintenance issues that can happen when
cpu prefetches data before DMA operations are complete.
This change fixes two cases one for ufs_read_blocks and
other for ufs_check_resp, in both cases invalidation of
buffer was done before the DMA operation completed.
This caused cpu prefetcher to bring data into cache
before DMA completed and caused UFS read failures.
The changes also removes unwanted cache operations to
local variable utrd which is not consumed by UFS host
controller and zeroing out buffer in ufs_read_capacity.

Change-Id: I9a288eb19d6705f6fa8bdb0b817a6411235fd8b6
Signed-off-by: Channagoud kadabi <kadabi@google.com>
2022-03-15 13:09:52 -07:00
Madhukar Pappireddy a5d15b4c2d Merge changes from topic "spectre_bhb" into integration
* changes:
  fix(security): loop workaround for CVE-2022-23960 for Cortex-A76
  refactor(el3-runtime): change Cortex-A76 implementation of CVE-2018-3639
2022-03-15 18:29:55 +01:00
Madhukar Pappireddy fdbbd59e97 Merge changes from topic "revert-14286-uart_segregation-VURJFOWMTM" into integration
* changes:
  Revert "feat(sgi): deviate from arm css common uart related defi..."
  Revert "feat(sgi): route TF-A logs via secure uart"
  Revert "feat(sgi): add page table translation entry for secure uart"
2022-03-15 14:39:49 +01:00
anans 6e16f7f09c refactor(ufs): adds a function for sending command
new function for sending commands and reuses that function in the
driver, this can also be used to have retries for specific
commands in the future

Signed-off-by: anans <anans@google.com>
Change-Id: Ie01f36ff8e2df072db4d97929d293b80ed24f04b
2022-03-15 09:13:20 +05:30
Madhukar Pappireddy 29ba22e8ed Merge "fix(security): workaround for CVE-2022-23960" into integration 2022-03-12 01:39:37 +01:00
Madhukar Pappireddy 64e04687d3 Revert "feat(sgi): deviate from arm css common uart related defi..."
Revert submission 14286-uart_segregation

Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.

Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...

Change-Id: I28a370dd8b3a37087da621460eccc1acd7a30287
2022-03-11 21:49:20 +02:00
Madhukar Pappireddy 162f7923f1 Revert "feat(sgi): route TF-A logs via secure uart"
Revert submission 14286-uart_segregation

Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.

Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...

Change-Id: I7c488aed9fcb70c55686d705431b3fe017b8927d
2022-03-11 21:49:20 +02:00
Madhukar Pappireddy 6127767ae5 Revert "feat(sgi): add page table translation entry for secure uart"
Revert submission 14286-uart_segregation

Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.

Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...

Change-Id: I9bec02496f826e184c6efa643f869b2eb3b52539
2022-03-11 20:49:20 +01:00
Madhukar Pappireddy c5f9d99a7e Merge "fix(st): don't try to read boot partition on SD cards" into integration 2022-03-11 18:00:38 +01:00
Rex-BC Chen e46e9df0d0 feat(mt8186): add DFD control in SiP service
DFD (Design for Debug) is a debugging tool, which scans flip-flops and
dumps to internal RAM on the WDT reset. After system reboots, those
values could be showed for debugging.

BUG=b:222217317
TEST=build pass

Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Change-Id: I659ea1e0789cf135a71a13b752edaa35123e0941
2022-03-11 17:47:05 +08:00
Uwe Kleine-König 9492b391a3 fix(st): don't try to read boot partition on SD cards
When trying to boot from an SD card with STM32MP_EMMC_BOOT enabled,
booting fails with:

	ERROR:   Got unexpected value for active boot partition, 0
	ASSERT: plat/st/common/bl2_stm32_io_storage.c:285

because SD cards don't provide a boot partition. So only try reading
from such a partition when booting from eMMC.

Fixes: 214c8a8d08 ("feat(plat/st): add STM32MP_EMMC_BOOT option")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Change-Id: I354b737a3ae3ea577e83dfeb7096df22275d852d
2022-03-11 10:39:57 +01:00
Joanna Farley 7d00e72a39 Merge "fix(brcm): allow build to specify mbedTLS absolute path" into integration 2022-03-11 10:31:16 +01:00
Bipin Ravi a10a5cb609 fix(security): loop workaround for CVE-2022-23960 for Cortex-A76
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I8d433b39a5c0f9e1cef978df8a2986d7a35d3745
2022-03-11 00:48:03 -06:00
Bipin Ravi 921081049e refactor(el3-runtime): change Cortex-A76 implementation of CVE-2018-3639
Re-factored the prior implementation of workaround for CVE-2018-3639
using branch and link instruction to save vector space to include the
workaround for CVE-2022-23960.

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ib3fe949583160429b5de8f0a4a8e623eb91d87d4
2022-03-11 00:03:03 -06:00
Bipin Ravi 1fe4a9d181 fix(security): workaround for CVE-2022-23960
Implements the loop workaround for Cortex-A77, Cortex-A78,
Cortex-A710, Cortex-X2, Neoverse N1, Neoverse N2 and Neoverse V1
CPUs.

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I11d342df7a2068a15e18f4974c645af3b341235b
2022-03-10 23:57:14 -06:00
Olivier Deprez 7c6d460eff Merge "fix(fvp): op-tee sp manifest doesn't map gicd" into integration 2022-03-10 18:47:09 +01:00
Madhukar Pappireddy 61fa552362 Merge "fix(fvp): FCONF Trace Not Shown" into integration 2022-03-10 18:24:14 +01:00
Madhukar Pappireddy 955be19907 Merge changes from topic "uart_segregation" into integration
* changes:
  feat(sgi): add page table translation entry for secure uart
  feat(sgi): route TF-A logs via secure uart
  feat(sgi): deviate from arm css common uart related definitions
2022-03-10 16:36:29 +01:00
Manish V Badarkhe 903d574295 fix(brcm): allow build to specify mbedTLS absolute path
Updated makefile so that build can accept absolute mbedTLS path.

Change-Id: Ife73266a01d7ed938aafc5e370240023237ebf61
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2022-03-10 15:24:52 +00:00
Juan Pablo Conde 0c55c10305 fix(fvp): FCONF Trace Not Shown
Updating call order for arm_console_boot_init() and arm_bl31_early_platform_setup().

Signed-off-by:  Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: If932fff2ee4282a0aacf8751fa81e7665b886467
2022-03-10 16:03:41 +01:00
Joanna Farley 1842d1f48d Merge "fix(brcm): fix the build failure with mbedTLS config" into integration 2022-03-10 10:14:49 +01:00
Soby Mathew 9c33b087d2 Merge "fix(gpt_rme): rework delegating/undelegating sequence" into integration 2022-03-09 20:47:08 +01:00
Manish V Badarkhe 95b5c0126b fix(brcm): fix the build failure with mbedTLS config
Patch [1] introduces a mechanism to provide the platform
specified mbedTLS config file, but that result in build failure
for Broadcom platform.
This build failure is due to the absence of the mbedTLS configuration
file i.e. brcm_mbedtls_config.h in the TF-A source code repository.
"fatal error: brcm_mbedtls_config.h: No such file or directory"

This problem was resolved by removing the 'brcm_mbedtls_config.h' entry
from the broadcom platform makefile, allowing this platform to use
the default mbedtls_config.h file.

[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13726

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I7cc2efc049aefd3ebce1ae513df9b265fe31ded6
2022-03-09 18:03:11 +00:00
Rohit Mathew 33d10ac8bf feat(sgi): add page table translation entry for secure uart
Add page table translation entry for secure uart so that logs from
secure partition can be routed via the same.

Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I8574b31d5d138d9f94972deb903124f8c5b70ce4
2022-03-09 15:32:55 +00:00
Rohit Mathew 987e2b7c20 feat(sgi): route TF-A logs via secure uart
Route the boot, runtime and crash stage logs via secure UART port
instead of the existing use of non-secure UART. This aligns with the
security state the PE is in when logs are put out. In addition to this,
this allows consolidation of the UART related macros across all the
variants of the Neoverse reference design platforms.

Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I8896ae05eaedf06dead520659375af0329f31015
2022-03-09 15:32:55 +00:00
Rohit Mathew f2ccccaa81 feat(sgi): deviate from arm css common uart related definitions
The Neoverse reference design platforms will migrate to use different
set of secure and non-secure UART ports. This implies that the board
specific macros defined in the common Arm platform code will no longer
be usable for Neoverse reference design platforms.

In preparation for migrating to a different set of UART ports, add a
Neoverse reference design platform specific copy of the board
definitions. The value of these definitions will be changed in
subsequent patches.

Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I39170848ecd81a7c1bbd3689bd905e45f9435f5c
2022-03-09 15:32:55 +00:00
Robert Wakim 6a00e9b0c8 fix(gpt_rme): rework delegating/undelegating sequence
The previous delegating/undelegating sequence was incorrect as per the
specification DDI0615, "Architecture Reference Manual Supplement, The
Realm  Management Extension (RME), for Armv9-A" Sections A1.1.1 and
A1.1.2

Off topic:
 - cleaning the gpt_is_gpi_valid and gpt_check_pass_overlap

Change-Id: Idb64d0a2e6204f1708951137062847938ab5e0ac
Signed-off-by: Robert Wakim <robert.wakim@arm.com>
2022-03-09 16:08:42 +01:00
Madhukar Pappireddy 5e29432ebe Merge changes I713f6e93,Iac4fbf4d,I43d02c77,Iadecd544,Ib31f9c4a, ... into integration
* changes:
  build(intel): enable access to on-chip ram in BL31 for N5X
  fix(intel): make FPGA memory configurations platform specific
  fix(intel): fix ECC Double Bit Error handling
  build(intel): define a macro for SIMICS build
  build(intel): add N5X as a new Intel platform
  build(intel): initial commit for crypto driver
2022-03-09 15:17:24 +01:00
Imre Kis 9ce15fe891 fix(plat/arm): fix SP count limit without dual root CoT
Remove reserved range for platform provider owned SPs if the dual root
CoT is disabled and allow SPs to populate the range up to MAX_SP_IDS.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: Ib4ec18f6530d2515ada21d2c0c388d55aa479d26
2022-03-09 11:38:32 +01:00
Olivier Deprez 69cde5cd95 fix(fvp): op-tee sp manifest doesn't map gicd
Following I2d274fa897171807e39b0ce9c8a28824ff424534:
Remove GICD registers S2 mapping from OP-TEE partition when it runs in a
secure partition on top of Hafnium.
The partition is not meant to access the GIC directly but use the
Hafnium provided interfaces.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I1a38101f6ae9911662828734a3c9572642123f32
2022-03-09 10:40:32 +01:00
Michal Simek bb1768c67e fix(xilinx): fix coding style violations
Fix coding style violations and alignments:
- Remove additional newlines in headers
- Remove additional newlines in code
- Add newline to separate variable from the code
- Use the same indentation in platform.mk
- Align function parameters
- Use tabs for indentation in kernel-doc format

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I0b12804ff63bc19778e8f21041f9accba5b488b9
2022-03-09 09:14:33 +01:00
Boon Khai Ng 39f262cfb4 build(intel): enable access to on-chip ram in BL31 for N5X
This adds the ncore ccu access and enable access to the
on-chip ram for N5X device in BL31.

Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I713f6e93d33b6e91705547477ca32cfba5c8c13d
2022-03-09 09:14:26 +08:00
Sieu Mun Tang f571183b06 fix(intel): make FPGA memory configurations platform specific
Define FPGA_CONFIG_SIZE and FPGA_CONFIG_ADDR in
platform-specific header. This is due to different
allocated sizes between platforms.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Iac4fbf4d4940cdf31834a9d4332f9292870dee76
2022-03-09 09:14:21 +08:00
Sieu Mun Tang c703d752cc fix(intel): fix ECC Double Bit Error handling
SError and Abort are handled in Linux (EL1) instead of
EL3. This patch adds some functionality that complements the
use cases by Linux as follows:

- Provide SMC for ECC DBE notification to EL3
- Determine type of reset needed and service the request in
  place of Linux

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I43d02c77f28004a31770be53599a5a42de412211
2022-03-09 09:14:16 +08:00
Abdul Halim, Muhammad Hadi Asyrafi 1f1c0206d8 build(intel): define a macro for SIMICS build
SIMICS builds have different UART configurations compared
to hardware build. Hence, this patch defines a macro to
differentiate between both.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Iadecd5445e06611486ac3c6a214a6d0dc8ccd27b
2022-03-09 09:14:06 +08:00
Sieu Mun Tang 325eb35d24 build(intel): add N5X as a new Intel platform
This commit adds a new Intel platform called N5X.
This preliminary patch only have Bl31 support.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ib31f9c4a5a0dabdce81c1d5b0d4776188add7195
2022-03-09 09:14:03 +08:00
Sieu Mun Tang 286b96f4bb build(intel): initial commit for crypto driver
This patch adds driver for Intel FPGA's Crypto Services.
These services are provided by Intel platform
Secure Device Manager(SDM) and are made accessible by
processor components (ie ATF).
Below is the list of enabled features:
- Send SDM certificates
- Efuse provision data dump
- Encryption/decryption service
- Hardware IP random number generator

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: If7604cd1cacf27a38a9a29ec6b85b07385e1ea26
2022-03-09 09:13:20 +08:00
Bipin Ravi fee7b2d3b4 Merge "fix(errata): workaround for Cortex-A710 2282622" into integration 2022-03-09 00:05:22 +01:00