Currently on image entry, the data cache in the RW address range is
invalidated before MMU is enabled to safeguard against potential
stale data from previous firmware stage. If PIE is enabled however,
RO sections including the GOT may be also modified during pie fixup.
Therefore, to be on the safe side, invalidate the entire image
region if PIE is enabled.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I7ee2a324fe4377b026e32f9ab842617ad4e09d89
Introduced a build flag 'ENABLE_TRF_FOR_NS' to enable trace filter
control registers access in NS-EL2, or NS-EL1 (when NS-EL2 is
implemented but unused).
Change-Id: If3f53b8173a5573424b9a405a4bd8c206ffdeb8c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Trap bits of trace filter control registers access are in
architecturally UNKNOWN state at boot hence
1. Initialized trap bits to one to prohibit trace filter control
registers accesses in lower ELs (EL2, EL1) in all security states
when FEAT_TRF is implemented.
2. These bits are RES0 when FEAT_TRF is not implemented and hence set
it to zero to aligns with the Arm ARM reference recommendation,
that mentions software must writes RES0 bits with all 0s.
Change-Id: I1b7abf2170ece84ee585c91cda32d22b25c0fc34
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced a build flag 'ENABLE_SYS_REG_TRACE_FOR_NS' to enable trace
system registers access in NS-EL2, or NS-EL1 (when NS-EL2 is
implemented but unused).
Change-Id: Idc1acede4186e101758cbf7bed5af7b634d7d18d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Trap bits of trace system registers access are in architecturally
UNKNOWN state at boot hence
1. Initialized trap bits to one to prohibit trace system registers
accesses in lower ELs (EL2, EL1) in all security states when system
trace registers are implemented.
2. These bits are RES0 in the absence of system trace register support
and hence set it to zero to aligns with the Arm ARM reference
recommendation,that mentions software must writes RES0 bits with
all 0s.
Change-Id: I4b6c15cda882325273492895d72568b29de89ca3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Only BL32 (SP_min) is supported at the moment, BL1 and BL2_AT_EL3 are just
stubbed with _pie_fixup_size=0.
The changes are an adaptation for AARCH32 on what has been done for
PIE support on AARCH64.
The RELA_SECTION is redefined for AARCH32, as the created section is
.rel.dyn and the symbols are .rel*.
Change-Id: I92bafe70e6b77735f6f890f32f2b637b98cf01b9
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The use of end addresses is preferred over the size of sections.
This was done for some AARCH64 files for PIE with commit [1],
and some extra explanations can be found in its commit message.
Align the missing AARCH64 files.
For AARCH32 files, this is required to prepare PIE support introduction.
[1] f1722b693d ("PIE: Use PC relative adrp/adr for symbol reference")
Change-Id: I8f1c06580182b10c680310850f72904e58a54d7d
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The speculation barrier feature (`FEAT_SB`) was introduced with and
made mandatory in the Armv8.5-A extension. It was retroactively made
optional in prior extensions, but the checks in our code-base do not
reflect that, assuming that it is only available in Armv8.5-A or later.
This change introduces the `ENABLE_FEAT_SB` definition, which derives
support for the `sb` instruction in the assembler from the feature
flags passed to it. Note that we assume that if this feature is enabled
then all the cores in the system support it - enabling speculation
barriers for only a subset of the cores is unsupported.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: I978ed38829385b221b10ba56d49b78f4756e20ea
ARMv8.6 adds virtual offset registers to support virtualization of the
event counters in EL1 and EL0. This patch enables support for this
feature in EL3 firmware.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7ee1f3d9f554930bf5ef6f3d492e932e6d95b217
If FEAT_PMUv3 is implemented and PMEVTYPER<n>(_EL0).MT bit is implemented
as well, it is possible to control whether PMU counters take into account
events happening on other threads.
If FEAT_MTPMU is implemented, EL3 (or EL2) can override the MT bit
leaving it to effective state of 0 regardless of any write to it.
This patch introduces the DISABLE_MTPMU flag, which allows to diable
multithread event count from EL3 (or EL2). The flag is disabled
by default so the behavior is consistent with those architectures
that do not implement FEAT_MTPMU.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Iee3a8470ae8ba13316af1bd40c8d4aa86e0cb85e
When issuing barrier instructions like DSB or DMB, we must make sure
that the compiler does not undermine out efforts to fence off
instructions. Currently the compiler is free to move the barrier
instruction around, in respect to former or later memory access
statements, which is not what we want.
Add a compiler barrier to the inline assembly statement in our
DEFINE_SYSOP_TYPE_FUNC macro, to make sure memory accesses are not
reordered by the compiler.
This is in line with Linux' definition:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/include/asm/barrier.h
Since those instructions share a definition, apart from DSB and DMB this
now also covers some TLBI instructions. Having a compiler barrier there
also is useful, although we probably have stronger barriers in place
already.
Change-Id: If6fe97b13a562643a643efc507cb4aad29daa5b6
Reported-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
This resolves the following required rule:
bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
0x3c0U" (32 bits) is less that the right hand operand
"18446744073709547519ULL" (64 bits).
This also resolves MISRA defects such as:
bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
In the expression "3U << 20", shifting more than 7 bits, the number
of bits in the essential type of the left expression, "3U", is
not allowed.
Further, MISRA requires that all shifts don't overflow. The definition of
PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
This fixes the violation by changing the definition to 1UL << 12. Since
this uses 32bits, it should not create any issues for aarch32.
This patch also contains a fix for a build failure in the sun50i_a64
platform. Specifically, these misra fixes removed a single and
instruction,
92407e73 and x19, x19, #0xffffffff
from the cm_setup_context function caused a relocation in
psci_cpus_on_start to require a linker-generated stub. This increased the
size of the .text section and caused an alignment later on to go over a
page boundary and round up to the end of RAM before placing the .data
section. This sectionn is of non-zero size and therefore causes a link
error.
The fix included in this reorders the functions during link time
without changing their ording with respect to alignment.
Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
This patch fixes the bug when AMUv1 group1 counters was
always assumed being implemented without checking for its
presence which was causing exception otherwise.
The AMU extension code was also modified as listed below:
- Added detection of AMUv1 for ARMv8.6
- 'PLAT_AMU_GROUP1_NR_COUNTERS' build option is removed and
number of group1 counters 'AMU_GROUP1_NR_COUNTERS' is now
calculated based on 'AMU_GROUP1_COUNTERS_MASK' value
- Added bit fields definitions and access functions for
AMCFGR_EL0/AMCFGR and AMCGCR_EL0/AMCGCR registers
- Unification of amu.c Aarch64 and Aarch32 source files
- Bug fixes and TF-A coding style compliant changes.
Change-Id: I14e407be62c3026ebc674ec7045e240ccb71e1fb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
By writing 0 to CLUSTERPWRDN DSU register bit 0, we send an
advisory to the power controller that cluster power is not required
when all cores are powered down.
The AArch32 CLUSTERPWRDN register is architecturally mapped to the
AArch64 CLUSTERPWRDN_EL1 register
Change-Id: Ie6e67c1c7d811fa25c51e2e405ca7f59bd20c81b
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
bakery_lock_normal.c uses the raw register accessor, read_sctlr(_el3)
to check whether the dcache is enabled.
Using is_dcache_enabled() is cleaner, and a good abstraction for
the library code like this.
A problem is is_dcache_enabled() is declared in the local header,
lib/xlat_tables_v2/xlat_tables_private.h
I searched for a good place to declare this helper. Moving it to
arch_helpers.h, closed to cache operation helpers, looks good enough
to me.
I also changed the type of 'is_cached' to bool for consistency,
and to avoid MISRA warnings.
Change-Id: I9b016f67bc8eade25c316aa9c0db0fa4cd375b79
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Attempts to address MISRA compliance issues in BL1, BL2, and BL31 code.
Mainly issues like not using boolean expressions in conditionals,
conflicting variable names, ignoring return values without (void), adding
explicit casts, etc.
Change-Id: If1fa18ab621b9c374db73fa6eaa6f6e5e55c146a
Signed-off-by: John Powell <john.powell@arm.com>
aarch32 CPUs speculatively execute instructions following a
ERET as if it was not a jump instruction. This could lead to
cache-based side channel vulnerabilities. The software fix is
to place barrier instructions following ERET.
The counterpart patch for aarch64 is merged:
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=f461fe346b728d0e88142fd7b8f2816415af18bc
Change-Id: I2aa3105bee0b92238f389830b3a3b8650f33af3d
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
At each BL entry point, the registers r9 to r12 are used to save info from
the previous BL parameters put in r0 to r3. But zeromem uses r12, leading
to a corruption of arg3. Therefore this change copies r12 to r7 before
zeromem() call and restores r12 afterwards. It may be better to save it
in r7 in el3_arch_init_common and not at the entrypoint as r7 could be used
in other functions, especially platform ones.
This is a fix for Task T661.
Change-Id: Icc11990c69b5d4c542d08aca1a77b1f754b61a53
Signed-off-by: Yann Gautier <yann.gautier@st.com>
From AArch64 state, arguments are passed in registers W0-W7(X0-X7)
and results are returned in W0-W7(X0-X7) for SMC32(SMC64) calls.
From AArch32 state, arguments are passed in registers R0-R7 and
results are returned in registers R0-R7 for SMC32 calls.
Most of the functions and macros already existed to support using
upto 8 registers for passing/returning parameters/results. Added
few helper macros for SMC calls from AArch32 state.
Link to the specification:
https://developer.arm.com/docs/den0028/c
Change-Id: I87976b42454dc3fc45c8343e9640aa78210e9741
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Add the missing flag for aarch32 XIP memory mode. It was
previously added in aarch64 only.
Minor: Correct the aarch64 missing flag.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iac0a7581a1fd580aececa75f97deb894858f776f
This patch changes implementation for disabling Secure Cycle
Counter. For ARMv8.5 the counter gets disabled by setting
SDCR.SCCD bit on CPU cold/warm boot. For the earlier
architectures PMCR register is saved/restored on secure
world entry/exit from/to Non-secure state, and cycle counting
gets disabled by setting PMCR.DP bit.
In 'include\aarch32\arch.h' header file new
ARMv8.5-PMU related definitions were added.
Change-Id: Ia8845db2ebe8de940d66dff479225a5b879316f8
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
All common C compilers predefine a macro called __ASSEMBLER__ when
preprocessing a .S file. There is no reason for TF-A to define it's own
__ASSEMBLY__ macro for this purpose instead. To unify code with the
export headers (which use __ASSEMBLER__ to avoid one extra dependency),
let's deprecate __ASSEMBLY__ and switch the code base over to the
predefined standard.
Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
Signed-off-by: Julius Werner <jwerner@chromium.org>
This patch introduces an additional precautionary step to further
enhance protection against variant 4. During the context initialisation
before we enter the various BL stages, the SPSR.SSBS bit is explicitly
set to zero. As such, speculative loads/stores are by default disabled
for all BL stages when they start executing. Subsequently, each BL
stage, can choose to enable speculative loads/stores or keep them
disabled.
This change doesn't affect the initial execution context of BL33 which
is totally platform dependent and, thus, it is intentionally left up to
each platform to initialise.
For Arm platforms, SPSR.SSBS is set to zero for BL33 too. This means
that, for Arm platforms, all BL stages start with speculative
loads/stores disabled.
Change-Id: Ie47d39c391d3f20fc2852fc59dbd336f8cacdd6c
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Update the skeleton implementation of the console interface.
The 32 bit version was outdated and has been copied from the 64 bit
version.
Change-Id: Ib3e4eb09402ffccb1a30c703a53829a7bf064dfe
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Those defines are used in STM32MP1 clock driver.
It is better to put them altogether with already defined registers.
Change-Id: I6f8ad8c2477b947af6f76283a4ef5c40212d0027
Signed-off-by: Yann Gautier <yann.gautier@st.com>
ARMv7 and Cortex-A32(ARMv8/aarch32) uses "arm-linux-gnueabi" toolchain which
has both soft-float and hard-float variants and so there could be scenarios
where soft-float toolchain is used.Even though TF-A documentation recommends
to use hard-float toolchain for aarch32 but there are external projects where
we cannot mandate the selection of toolchain and for those projects at least
the build should not fail.
Current TF-A source fails to build with soft-float toolchain because assembler
does not recognizes "vmsr" instruction which is required to enable floating
point unit.
To avoid this piece of code being compiled with soft-float toolchain add
predefined macro guard " __SOFTFP__" exposed by soft-float toolchain.
Change-Id: I76ba40906a8d622dcd476dd36ab4d277a925996c
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
The old version of the macro is deprecated.
Commit cc5859ca19 ("Multi-console: Deprecate the
`finish_console_register` macro") provides more details.
Change-Id: I3d1cdf6496db7d8e6cfbb5804f508ff46ae7e67e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
The workarounds for these errata are so closely related that it is
better to only have one patch to make it easier to understand.
Change-Id: I0287fa69aefa8b72f884833f6ed0e7775ca834e9
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Cortex A5 doesnt support VFP, Large Page addressing and generic timer
which are addressed in this patch. The device tree for Cortex a5
is also included.
Change-Id: I0722345721b145dfcc80bebd36a1afbdc44bb678
Signed-off-by: Usama Arif <usama.arif@arm.com>
Cortex a5 doesnt support hardware division such as sdiv and udiv commands.
This commit adds a software division function in assembly as well as include
appropriate files for software divison.
The software division algorithm is a modified version obtained from:
http://www.keil.com/support/man/docs/armasm/armasm_dom1359731155623.htm
Change-Id: Ib405a330da5f1cea1e68e07e7b520edeef9e2652
Signed-off-by: Usama Arif <usama.arif@arm.com>
In a system with ARMv8.5-PMU implemented:
- If EL3 is using AArch32, setting MDCR_EL3.SCCD to 1 disables counting
in Secure state in PMCCNTR.
- If EL3 is using AArch64, setting SDCR.SCCD to 1 disables counting in
Secure state in PMCCNTR_EL0.
So far this effect has been achieved by setting PMCR_EL0.DP (in AArch64)
or PMCR.DP (in AArch32) to 1 instead, but this isn't considered secure
as any EL can change that value.
Change-Id: I82cbb3e48f2e5a55c44d9c4445683c5881ef1f6f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The Generic Timer is an optional extension to an ARMv7-A implementation.
The generic delay timer can be used from any architecture supported by
the Trusted Firmware. In ARMv7 it is needed to check that this feature
is present. In ARMv8 it is always present.
Change-Id: Ib7e8ec13ffbb2f64445d4ee48ed00f26e34b79b7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
ARMv8.2-TTCNP is mandatory from ARMv8.2 onwards, but it can be implemented
in CPUs that don't implement all mandatory 8.2 features (and so have to
claim to be a lower version).
This patch removes usage of the ARM_ARCH_AT_LEAST() macro and uses system
ID registers to detect whether it is needed to set the bit or not.
Change-Id: I7bcbf0c7c937590dfc2ca668cfd9267c50f7d52c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a2 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The architecture dependant header files in include/lib/${ARCH} and
include/common/${ARCH} have been moved to /include/arch/${ARCH}.
Change-Id: I96f30fdb80b191a51448ddf11b1d4a0624c03394
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>