This errata workaround did not work as intended and was revised in
subsequent SDEN releases so we are reverting this change.
This is the patch being reverted:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4684
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I560749a5b55e22fbe49d3f428a8b9545d6bdaaf0
Include EL2 registers related to SPE in EL2 context save/restore
routines if architecture supports it and platform wants to use these
features in Secure world.
Change-Id: Ie01a2c38fa5f6c907276eddec120fdfb222561a6
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Include EL2 registers related to Nested Virtualization in EL2 context
save/restore routines if architecture supports it and platform wants to
use these features in Secure world.
Change-Id: If006ab83bbc2576488686f5ffdff88b91adced5c
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
AArch64-only platforms do not implement AArch32 at EL1 and higher ELs.
In such cases the build option CTX_INCLUDE_AARCH32_REGS is set to 0.
So don't save/restore aarch32 system registers in el2_sysregs_context
save/restore routines if CTX_INCLUDE_AARCH32_REGS is set to 0.
Change-Id: I229cdd46136c4b4bc9623b02eb444d904e09ce5a
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
This resolves the following required rule:
bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
0x3c0U" (32 bits) is less that the right hand operand
"18446744073709547519ULL" (64 bits).
This also resolves MISRA defects such as:
bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
In the expression "3U << 20", shifting more than 7 bits, the number
of bits in the essential type of the left expression, "3U", is
not allowed.
Further, MISRA requires that all shifts don't overflow. The definition of
PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
This fixes the violation by changing the definition to 1UL << 12. Since
this uses 32bits, it should not create any issues for aarch32.
This patch also contains a fix for a build failure in the sun50i_a64
platform. Specifically, these misra fixes removed a single and
instruction,
92407e73 and x19, x19, #0xffffffff
from the cm_setup_context function caused a relocation in
psci_cpus_on_start to require a linker-generated stub. This increased the
size of the .text section and caused an alignment later on to go over a
page boundary and round up to the end of RAM before placing the .data
section. This sectionn is of non-zero size and therefore causes a link
error.
The fix included in this reorders the functions during link time
without changing their ording with respect to alignment.
Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
And from crash_console_flush.
We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.
Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Cortex A77 erratum 1925769 is a Cat B erratum, present in older
revisions of the Cortex A77 processor core. The workaround is to
set bit 8 in the ECTLR_EL1 register, there is a small performance cost
(<0.5%) for setting this bit.
SDEN can be found here:
https://documentation-service.arm.com/static/5f7c35d0d3be967f7be46d33
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I9cf0e0b5dc1e3e32e24279d2632c759cc7bd7ce9
Cortex A76 erratum 1868343 is a Cat B erratum, present in older
revisions of the Cortex A76 processor core. The workaround is to
set a bit in the CPUACTLR_EL1 system register, which delays instruction
fetch after branch misprediction. This workaround will have a small
impact on performance.
This workaround is the same as workarounds for errata 1262606 and
1275112, so all 3 have been combined into one function call.
SDEN can be found here:
https://documentation-service.arm.com/static/5f2bed6d60a93e65927bc8e7
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7f2f9965f495540a1f84bb7dcc28aff45d6cee5d
Update the libfdt source files, the upstream commit is 73e0f143b73d
("libfdt: fdt_strerror(): Fix comparison warning").
This brings us the fixes for the signed/unsigned comparison warnings,
so platforms can enable -Wsign-compare now.
Change-Id: I303d891c82ffea0acefdde27289339db5ac5a289
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
plat/arm: Add platform support for Morello
fdts: add device tree sources for morello platform
lib/cpus: add support for Morello Rainier CPUs
This patch adds CPU support for the Rainier CPU which is
derived from Neoverse N1 r4p0 CPU and implements the
Morello capability architecture.
Change-Id: Ic6b796481da5a66504ecb0648879446edf4c69fb
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Cortex A77 erratum 1508412 is a Cat B Errata present in r0p0 and r1p0.
The workaround is a write sequence to several implementation defined
registers based on A77 revision.
This errata is explained in this SDEN:
https://static.docs.arm.com/101992/0010/Arm_Cortex_A77_MP074_Software_Developer_Errata_Notice_v10.pdf
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I217993cffb3ac57c313db8490e7b8a7bb393379b
This patch allows the system to fallback to a default CPU library
in case the MPID does not match with any of the supported ones.
This feature can be enabled by setting SUPPORT_UNKNOWN_MPID build
option to 1 (enabled by default only on arm_fpga platform).
This feature can be very dangerous on a production image and
therefore it MUST be disabled for Release images.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I0df7ef2b012d7d60a4fd5de44dea1fbbb46881ba
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
Made small changes to fit into TF-A project
Change-Id: I991f653a7ace04f9c84bcda78ad8d7114ea18e93
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Implemented a parser which populates the properties of
the CoT descriptors as per the binding document [1].
'COT_DESC_IN_DTB' build option is disabled by default and can
be enabled in future for all Arm platforms by making necessary
changes in the memory map.
Currently, this parser is tested only for FVP platform.
[1]:
https://trustedfirmware-a.readthedocs.io/en/latest/components/cot-binding.html
Change-Id: I2f911206087a1a2942aa728de151d2ac269d27cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently the feature test for the SPE extension requires the feature
bits in the ID_AA64DFR0 register to read exactly 0b0001.
However the architecture guarantees that any values greater than 0
indicate the presence of a feature, which is what we are after in
our spe_supported() function.
Change the comparison to include all values greater than 0.
This fixes SPE support in non-secure world on implementations which
include the Scalable Vector Extension (SVE), for instance on Zeus cores.
Change-Id: If6cbd1b72d6abb8a303e2c0a7839d508f071cdbe
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
It uses the existing implementation of snprintf() function
Change-Id: Ie59418564c2e415222e819cf322c34e9a4d1f336
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Neoverse N1 erratum 1868343 is a Cat B erratum, present in older
revisions of the Neoverse N1 processor core. The workaround is to
set a bit in the CPUACTLR_EL1 system register, which delays instruction
fetch after branch misprediction. This workaround will have a small
impact on performance.
SDEN can be found here:
https://documentation-service.arm.com/static/5f2c130260a93e65927bc92f
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I37da2b3b2da697701b883bff9a1eff2772352844
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
Made small changes to fit into TF-A project
Change-Id: I07fd7fe1037857f6b299c35367c104fb51fa5cfa
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Currently our memset() implementation is safe, but slow. The main reason
for that seems to be the single byte writes that it issues, which can
show horrible performance, depending on the implementation of the
load/store subsystem.
Improve the algorithm by trying to issue 64-bit writes. As this only
works with aligned pointers, have a head and a tail section which
covers unaligned pointers, and leave the bulk of the work to the middle
section that does use 64-bit writes.
Put through some unit tests, which exercise all combinations of nasty
input parameters (pointers with various alignments, various odd and even
sizes, corner cases of content to write (-1, 256)).
Change-Id: I28ddd3d388cc4989030f1a70447581985368d5bb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The API can be used to invoke a 'stop_func' callback for all
other cores from any initiating core. Optionally it can also
wait for other cores to power down. There may be various use
of such API by platform. Ex: Platform may use this to power
down all other cores from a crashed core.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: I4f9dc8a38d419f299c021535d5f1bcc6883106f9
Trace analysis of FVP_Base_AEMv8A 0.0/6063 model
running in Aarch32 mode with the build options
listed below:
TRUSTED_BOARD_BOOT=1 GENERATE_COT=1
ARM_ROTPK_LOCATION=devel_ecdsa KEY_ALG=ecdsa
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem
shows that when auth_signature() gets called
71.99% of CPU execution time is spent in memset() function
written in C using single byte write operations,
see lib\libc\memset.c.
This patch introduces new libc_asm.mk makefile which
replaces C memset() implementation with assembler
version giving the following results:
- for Aarch32 in auth_signature() call memset() CPU time
reduced to 20.56%.
The number of CPU instructions (Inst) executed during
TF-A boot stage before start of BL33 in RELEASE builds
for different versions is presented in the tables below,
where:
- C TF-A: existing TF-A C code;
- C musl: "lightweight code" C "implementation of the
standard library for Linux-based systems"
https://git.musl-libc.org/cgit/musl/tree/src/string/memset.c
- Asm Opt: assemler version from "Arm Optimized Routines"
project
https://github.com/ARM-software/optimized-routines/blob/
master/string/arm/memset.S
- Asm Linux: assembler version from Linux kernel
https://github.com/torvalds/linux/blob/master/arch/arm/lib/memset.S
- Asm TF-A: assembler version from this patch
Aarch32:
+-----------+------+------+--------------+----------+
| Variant | Set | Size | Inst | Ratio |
+-----------+------+------+--------------+----------+
| C TF-A | T32 | 16 | 2122110003 | 1.000000 |
| C musl | T32 | 156 | 1643917668 | 0.774662 |
| Asm Opt | T32 | 84 | 1604810003 | 0.756233 |
| Asm Linux | A32 | 168 | 1566255018 | 0.738065 |
| Asm TF-A | A32 | 160 | 1525865101 | 0.719032 |
+-----------+------+------+--------------+----------+
AArch64:
+-----------+------+------------+----------+
| Variant | Size | Inst | Ratio |
+-----------+------+------------+----------+
| C TF-A | 28 | 2732497518 | 1.000000 |
| C musl | 212 | 1802999999 | 0.659836 |
| Asm TF-A | 140 | 1680260003 | 0.614917 |
+-----------+------+------------+----------+
This patch modifies 'plat\arm\common\arm_common.mk'
by overriding libc.mk makefile with libc_asm.mk and
does not effect other platforms.
Change-Id: Ie89dd0b74ba1079420733a0d76b7366ad0157c2e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
The DSU contains system control registers in the SCU and L3 logic to
control the functionality of the cluster. If "DIRECT CONNECT" L3
memory system variant is used, there won't be any L3 cache,
snoop filter, and SCU logic present hence no system control register
will be present. Hence check SCU presence before accessing DSU register
for DSU_936184 errata.
Signed-off-by: Pramod Kumar <pramod.kumar@broadcom.com>
Change-Id: I1ffa8afb0447ae3bd1032c9dd678d68021fe5a63
DCO is not supported by the SKUs released after MIDR_PN4. This
patch skips enabling or disabling the DCO on these SKUs.
Change-Id: Ic31a829de3ae560314d0fb5c5e867689d4ba243b
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch introduces support for PN9 variant for some
Denver based platforms.
Original change by: Hemant Nigam <hnigam@nvidia.com>
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
Change-Id: I331cd3a083721fd1cd1b03f4a11b32fd306a21f3
This patch introduces a macro to declare cpu_op for all Denver
SKUs.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ibcf88c3256fc5dcaa1be855749ebd2c5c396c977
The current implementation of snprintf() does not support pointer and
hexadecimal format specifiers, which can be needed, for instance, for
DTB manipulations.
This patch adds that functionality by borrowing some code from the
printf() implementation.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I2076ea46693a73a04890982bf20e3c633c2767fb
The cpu_ops structure contains a lot of function pointers. It
is a good idea to verify that the function pointer is not NULL
before executing it.
This patch sanity checks each pointer before use to prevent any
unforeseen crashes. These checks have been enabled for debug
builds only.
Change-Id: Ib208331c20e60f0c7c582a20eb3d8cc40fb99d21
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This reverts commit e7d344de01.
This reverts the patch https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5313 due to a timing issue with the merge. The merge occurred at the same time as the additional comments and thusly were were not seen until the merge was done. This reverts the change and additional patches from Alexei will follow to address the concerns expressed in the orignal patch.
Change-Id: Iae5f6403c93ac13ceeda29463883fcd4c437f2b7
Trace analysis of FVP_Base_AEMv8A model running in
Aarch32 mode with the build options listed below:
TRUSTED_BOARD_BOOT=1 GENERATE_COT=1
ARM_ROTPK_LOCATION=devel_ecdsa KEY_ALG=ecdsa
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem
shows that when auth_signature() gets called
71.84% of CPU execution time is spent in memset() function
written in C using single byte write operations,
see lib\libc\memset.c.
This patch replaces C memset() implementation with assembler
version giving the following results:
- for Aarch32 in auth_signature() call memset() CPU time
reduced to 24.84%.
- Number of CPU instructions executed during TF-A
boot stage before start of BL33 in RELEASE builds:
----------------------------------------------
| Arch | C | assembler | % |
----------------------------------------------
| Aarch32 | 2073275460 | 1487400003 | -28.25 |
| Aarch64 | 2056807158 | 1244898303 | -39.47 |
----------------------------------------------
The patch also replaces memset.c with aarch64/memset.S
in plat\nvidia\tegra\platform.mk.
Change-Id: Ifbf085a2f577a25491e2d28446ee95a4ac891597
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Make this more scalable by explicitly checking internal and hardware
states at run_time
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I1c6ed1c1badb3538a93bff3ac5b5189b59cccfa1
As per latest mailing communication [1], we decided to
update AT speculative workaround implementation in order to
disable page table walk for lower ELs(EL1 or EL0) immediately
after context switching to EL3 from lower ELs.
Previous implementation of AT speculative workaround is available
here: 45aecff00
AT speculative workaround is updated as below:
1. Avoid saving and restoring of SCTLR and TCR registers for EL1
in context save and restore routine respectively.
2. On EL3 entry, save SCTLR and TCR registers for EL1.
3. On EL3 entry, update EL1 system registers to disable stage 1
page table walk for lower ELs (EL1 and EL0) and enable EL1
MMU.
4. On EL3 exit, restore SCTLR and TCR registers for EL1 which
are saved in step 2.
[1]:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-July/000586.html
Change-Id: Iee8de16f81dc970a8f492726f2ddd57e7bd9ffb5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Reported the status (applies, missing) of AT speculative workaround
which is applicable for below CPUs.
+---------+--------------+
| Errata | CPU |
+=========+==============+
| 1165522 | Cortex-A76 |
+---------+--------------+
| 1319367 | Cortex-A72 |
+---------+--------------+
| 1319537 | Cortex-A57 |
+---------+--------------+
| 1530923 | Cortex-A55 |
+---------+--------------+
| 1530924 | Cortex-A53 |
+---------+--------------+
Also, changes are done to enable common macro 'ERRATA_SPECULATIVE_AT'
if AT speculative errata workaround is enabled for any of the above
CPUs using 'ERRATA_*' CPU specific build macro.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I3e6a5316a2564071f3920c3ce9ae9a29adbe435b
SCTLR and TCR registers of EL1 plays role in enabling/disabling of
page table walk for lower ELs (EL0 and EL1).
Hence re-arranged EL1 context offsets to have SCTLR and TCR registers
values one after another in the stack so that these registers values
can be saved and restored using stp and ldp instruction respectively.
Change-Id: Iaa28fd9eba82a60932b6b6d85ec8857a9acd5f8b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
As per latest mailing communication [1], we decided
not to update SCTLR and TCR registers in EL1 and EL2 context
restore routine when AT speculative workaround is enabled
hence reverted the changes done as part of this commit: 45aecff00.
[1]:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-July/000586.html
Change-Id: I8c5f31d81fcd53770a610e302a5005d98772b71f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Following f3ccf036ec the INFO print in amu_enable is causing
a lot of print outs on UART1 in DEBUG mode especially on PSCI test
cases because CPU_ON or SUSPEND operations call:
cm_prepare_el3_exit => enable_extensions_nonsecure => amu_enable.
PSCI SUSPEND is also very frequent in linux boot cases causing test
timeout failures.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I63581f8fa489d44b3b1d10af3b7f6fdf3af44720
Add support to generate a certificate named "plat-sp-cert" for Secure
Partitions(SP) owned by Platform.
Earlier a single certificate file "sip-sp-cert" was generated which
contained hash of all 8 SPs, with this change SPs are divided into
two categories viz "SiP owned" and "Plat owned" containing 4 SPs each.
Platform RoT key pair is used for signing.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
This patch fixes the bug when AMUv1 group1 counters was
always assumed being implemented without checking for its
presence which was causing exception otherwise.
The AMU extension code was also modified as listed below:
- Added detection of AMUv1 for ARMv8.6
- 'PLAT_AMU_GROUP1_NR_COUNTERS' build option is removed and
number of group1 counters 'AMU_GROUP1_NR_COUNTERS' is now
calculated based on 'AMU_GROUP1_COUNTERS_MASK' value
- Added bit fields definitions and access functions for
AMCFGR_EL0/AMCFGR and AMCGCR_EL0/AMCGCR registers
- Unification of amu.c Aarch64 and Aarch32 source files
- Bug fixes and TF-A coding style compliant changes.
Change-Id: I14e407be62c3026ebc674ec7045e240ccb71e1fb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch adds support for additional Denver MIDRs to
cover all the current SKUs.
Change-Id: I85d0ffe9b3cb351f430ca7d7065a2609968a7a28
Signed-off-by: Alex Van Brunt <avanbrunt@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch removes the 'workaround_bpflush_runtime_exceptions' exception
vector table base address from the globals list as it gets used only by
the Denver CPU implementation.
Change-Id: I6ef94989f6dc4535d464493cc8621d32795ee1f6
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
MISRA defect cleanup and general code cleanup in mem_region.c and
semihosting.c. This task also called for cleanup of the ARM NOR flash
driver but that was removed at some point since the Jira task was
created. This patch fixes all MISRA defects in these files except for a
few "Calling function "console_flush()" which returns error information
without testing the error information." errors which can't really be
avoided.
Defects Fixed
File Line Rule
lib/semihosting/semihosting.c 70 MISRA C-2012 Rule 14.4 (required)
lib/semihosting/semihosting.c 197 MISRA C-2012 Rule 14.3 (required)
lib/semihosting/semihosting.c 210 MISRA C-2012 Rule 14.4 (required)
lib/utils/mem_region.c 128 MISRA C-2012 Rule 12.1 (advisory)
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I21a039d1cfccd6aa4301da09daec15e373305a80
If the user tries to change BUILD_BASE to put the build products outside
the build tree the compile will fail due to hard coded assumptions that
$BUILD_BASE is a relative path. Fix by using $(abspath $(BUILD_BASE))
to rationalize to an absolute path every time and remove the relative
path assumptions.
This patch also adds documentation that BUILD_BASE can be specified by
the user.
Signed-off-by: Grant Likely <grant.likely@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib1af874de658484aaffc672f30029b852d2489c8
This patch fixes violation of Rules 2.1, 7.3, 10.1,
10.4, 12.1, 14.3, 14.4, 17.7, 20.9 reported by
MISRA-2012 scan and adds braces for conditional
statements according to the TF-A coding style.
Change-Id: Ib2463601fb43d955c3d901102b6dceaaad6614f3
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This reverts commit 11af40b630, reversing
changes made to 2afcf1d4b8.
This errata workaround did not work as intended so we are reverting this
change. In the future, when the corrected workaround is published in an
SDEN, we will push a new workaround.
This is the patch being reverted:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4750
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I20aa064c1bac9671939e657bec269d32b9e75a97
This patch makes optimisation of Aarch32 memcpy4()
function.
Change-Id: If9cdaa4a1224f88fb14df8a308a645344b6c4f1c
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Updated the function 'set_fw_config_info' to make it generic
by doing below changes:
1. Rename function name from 'set_fw_config_info' to 'set_config_info'
2. Take image_id as an argument so that this function can set any
config information.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Icf29e19d3e9996d8154d84dbbbc76712fab0f0c1
Update the data type of the member 'config_max_size' present in the
structure 'dyn_cfg_dtb_info_t' to uint32_t.
This change is being done so that dyn_cfg_dtb_info_t and image_info
structure should use same data type for maximum size.
Change-Id: I9b5927a47eb8351bbf3664b8b1e047ae1ae5a260
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch adds support for Measured Boot driver functionality
to FCONF library code.
Change-Id: I81cdb06f1950f7e6e58f938a1b9c2f74f7cfdf88
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This version corresponds to the following commit <7be250b>
libfdt: Correct condition for reordering blocks
Also, updated the Juno romlib jumptable with fdt APIs.
Change-Id: Ib6d28c1aea81c2144a263958f0792cc4daea7a1f
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree
Neoverse N1 erratum 1800710 is a Cat B erratum, present in older
revisions of the Neoverse N1 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885747/f/Arm_Neoverse_N1_MP050_Software_Developer_Errata_Notice_v21.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ie5b15c8bc3235e474a06a57c3ec70684361857a6
Cortex A77 erratum 1800714 is a Cat B erratum, present in older
revisions of the Cortex A77 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
Since this is the first errata workaround implemented for Cortex A77,
this patch also adds the required cortex_a77_reset_func in the file
lib/cpus/aarch64/cortex_a77.S.
This errata is explained in this SDEN:
https://static.docs.arm.com/101992/0010/Arm_Cortex_A77_MP074_Software_Developer_Errata_Notice_v10.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I844de34ee1bd0268f80794e2d9542de2f30fd3ad
Modified the code to do below changes:
1. Load tb_fw_config along with fw_config by BL1.
2. Populate fw_config device tree information in the
BL1 to load tb_fw_config.
3. In BL2, populate fw_config information to retrieve
the address of tb_fw_config and then tb_fw_config
gets populated using retrieved address.
4. Avoid processing of configuration file in case of error
value returned from "fw_config_load" function.
5. Updated entrypoint information for BL2 image so
that it's arg0 should point to fw_config address.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c
Updated 'fconf_load_config' function to return
the error.
Error from 'fconf_load_config" gets handled
by BL1 in subsequent patches.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4360f4df850e355b5762bb2d9666eb285101bc68
Modified the `fconf_load_config` function so that it can
additionally support loading of tb_fw_config along with
fw_config.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie060121d367ba12e3fcac5b8ff169d415a5c2bcd
Cleaned up confused naming between TB_FW and FW_CONFIG.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9e9f6e6ca076d38fee0388f97d370431ae067f08
Added support in fiptool to include fw_config image
in FIP.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ibbd14723a4141598d9d7f6bfcf88a0ef92cf87bc
Moved BL2 configuration nodes from fw_config to newly
created tb_fw_config device tree.
fw_config device tree's main usage is to hold properties shared
across all BLx images.
An example is the "dtb-registry" node, which contains the
information about the other device tree configurations
(load-address, size).
Also, Updated load-address of tb_fw_config which is now located
after fw_config in SRAM.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
Cortex A76 erratum 1800710 is a Cat B erratum, present in older
revisions of the Cortex A76 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifc34f2e9e053dcee6a108cfb7df7ff7f497c9493
Cortex A76 erratum 1791580 is a Cat B erratum present in earlier
revisions of the Cortex A76. The workaround is to set a bit in the
implementation defined CPUACTLR2 register, which forces atomic store
operations to write-back memory to be performed in the L1 data cache.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Iefd58159b3f2e2286138993317b98e57dc361925
This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set
SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register
accesses from EL1 or EL2 to EL3.
RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438
This patch adds all Tegra194 RAS nodes definitions and support to
handle all uncorrectable RAS errors.
Change-Id: I109b5a8dbca91d92752dc282c4ca30f273c475f9
Signed-off-by: David Pu <dpu@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The Denver CPUs implement support for PMUv3 for ARMv8.1 and expect the
PMCR_EL0 to be saved in non-secure context.
This patch disables cycle counter when event counting is prohibited
immediately on entering the secure world to avoid leaking useful
information about the PMU counters. The context saving code later
saves the value of PMCR_EL0 to the non-secure world context.
Verified with 'PMU Leakage' test suite.
******************************* Summary *******************************
> Test suite 'PMU Leakage'
Passed
=================================
Tests Skipped : 2
Tests Passed : 2
Tests Failed : 0
Tests Crashed : 0
Total tests : 4
=================================
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I3675e2b99b44ed23d86e29a5af1b496e80324875
Add support to generate certificate "sip-sp-cert" for Secure
Partitions(SP) owned by Silicon provider(SiP).
To avoid deviation from TBBR specification the support is only added for
dualroot CoT and not for TBBR CoT.
A single certificate file is generated containing hash of individual
packages. Maximum 8 secure partitions are supported.
Following new options added to cert_tool:
--sip-sp-cert --> SiP owned Secure Partition Content Certificate
--sp-pkg1 --> Secure Partition Package1 file
--sp-pkg2
.....
--sp-pkg8
Trusted world key pair is used for signing.
Going forward, this feature can be extended for Platfrom owned
Partitions, if required.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
Enhanced Counter Virtualization, ECV, is an architecture extension introduced
in ARMv8.6. This extension allows the hypervisor, at EL2, to setup
self-synchronizing views of the timers for it's EL1 Guests. This patch pokes the
control register to enable this extension when booting a hypervisor at EL2.
Change-Id: I4e929ecdf400cea17eff1de5cf8704aa7e40973d
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
The Fine Grained Traps (FGT) architecture extension was added to aarch64 in
ARMv8.6. This extension primarily allows hypervisors, at EL2, to trap specific
instructions in a more fine grained manner, with an enable bit for each
instruction. This patch adds support for this extension by enabling the
extension when booting an hypervisor at EL2.
Change-Id: Idb9013ed118b6a1b7b76287237096de992ca4da3
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
This should allow git to easily track file moves
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I1592cf39a4f94209c560dc6d1a8bc1bfb21d8327
This patch fixes wrong ID_AA64DFR0_EL1 register read instead of
ID_AA64PFR0_EL1 to detect support for MPAM extension.
It also implements get_mpam_version() function which returns
MPAM version as:
0x00: None Armv8.0 or later;
0x01: v0.1 Armv8.4 or later;
0x10: v1.0 Armv8.2 or later;
0x11: v1.1 Armv8.4 or later;
Change-Id: I31d776b1a1b60cb16e5e62296d70adb129d7b760
Reported-by: Matteo Zini <matteozini96@gmail.com>
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch enables the v8.6 extension to add a delay before WFE traps
are taken. A weak hook plat_arm_set_twedel_scr_el3 has been added in
plat/common/aarch64/plat_common.c that disables this feature by default
but platform-specific code can override it when needed.
The only hook provided sets the TWED fields in SCR_EL3, there are similar
fields in HCR_EL2, SCTLR_EL2, and SCTLR_EL1 to control WFE trap delays in
lower ELs but these should be configured by code running at EL2 and/or EL1
depending on the platform configuration and is outside the scope of TF-A.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I0a9bb814205efeab693a3d0a0623e62144abba2d