fix(versal-net): use spin_lock instead of bakery_lock
In ARM v8.2 the cache will turn off automatically when cpu power down.
Therefore use the spin_lock instead of bakery_lock for the platform in
which HW_ASSISTED_COHERENCY is enabled.
In Versal NET platform HW_ASSISTED_COHERENCY is enabled so it will use
spin lock. In ZynqMP and Versal HW_ASSISTED_COHERENCY is not enabled so
it will use bakery_lock.
Also remove bakery_lock_init() because it is empty.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I18ff939b51f16d7d3484d8564d6ee6c586f363d8
Jay Buddhabhatti [Thu, 23 Mar 2023 05:44:16 +0000 (22:44 -0700)]
fix(versal-net): correct aff level for cpu off
CPU suspend is calling validate_power_state PSCI opps which returns
power domain state for CPU suspend according to PSTATE type. In case of
power down it assigns PLAT_MAX_OFF_STATE to all affinity level which is
incorrect since for CPU suspend we need to set only MPIDR_AFFLVL0 which
is CPU state. So correct affinity level for CPU suspend.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I39f92790ea74e4cab8e87342e73e1ac211a46fcd
Bipin Ravi [Mon, 20 Mar 2023 21:21:24 +0000 (22:21 +0100)]
Merge changes from topics "qemu", "qemu_sbsa" into integration
* changes:
feat(qemu): add A76/N1 cpu support for virt
feat(qemu): add "neoverse-n1" cpu support
feat(qemu): make coherent memory section optional
refactor(qemu): make use of setup_page_tables()
Manish Pandey [Mon, 20 Mar 2023 17:25:00 +0000 (18:25 +0100)]
Merge changes from topic "feat_state_part3" into integration
* changes:
refactor(cpufeat): enable FEAT_VHE for FEAT_STATE_CHECKED
refactor(mpam): enable FEAT_MPAM for FEAT_STATE_CHECKED
feat(libc): add support for fallthrough statement
refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED
refactor(cpufeat): rename ENABLE_SPE_FOR_LOWER_ELS to ENABLE_SPE_FOR_NS
fix(spe): drop SPE EL2 context switch code
Andre Przywara [Thu, 17 Nov 2022 16:42:09 +0000 (16:42 +0000)]
refactor(cpufeat): enable FEAT_VHE for FEAT_STATE_CHECKED
At the moment we only support FEAT_VHE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_FEAT_VHE=2), by splitting
is_armv8_1_vhe_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access VHE related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_vhe_supported() function to guard its execution.
Enable VHE in its runtime detection version for all FVP builds.
Change-Id: Ib397cd0c83e8c709bd6fed603560e39901fa672b Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Thu, 17 Nov 2022 16:42:09 +0000 (16:42 +0000)]
refactor(mpam): enable FEAT_MPAM for FEAT_STATE_CHECKED
At the moment we only support FEAT_MPAM to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_MPAM_FOR_LOWER_ELS=2), by
splitting get_mpam_version() into an ID register reading
function and a second function to report the support status. That
function considers both build time settings and runtime information (if
needed), and is used before we access MPAM related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_mpam_supported() function to guard its execution.
ENABLE_MPAM_FOR_LOWER_ELS defaults to 0, so add a stub enable function
to cover builds with compiler optimisations turned off. The unused
mpam_enable() function call will normally be optimised away (because it
would never be called), but with -O0 the compiler will leave the symbol
in the object file.
Change-Id: I531d87cb855a7c43471f861f625b5a6d4bc61313 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Tue, 21 Feb 2023 12:05:29 +0000 (12:05 +0000)]
feat(libc): add support for fallthrough statement
Modern C compilers warn about unannotated switch/case fallthrough code,
and require either a comment with some magic words, or an explicit
compiler attribute.
Since some TF-A static analysis CI check suggests having a "fallthrough;"
statement instead of a comment, introduce a macro that implements that
statement, and emits the proper compiler attribute.
Change-Id: Ib34e615fb48d0f4a340aabfad4472e08d5c70248 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Thu, 17 Nov 2022 16:42:09 +0000 (16:42 +0000)]
refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED
At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_SPE_FOR_NS=2), by splitting
is_armv8_2_feat_spe_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access SPE related registers.
Previously SPE was enabled unconditionally for all platforms, change
this now to the runtime detection version.
Change-Id: I830c094107ce6a398bf1f4aef7ffcb79d4f36552 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Fri, 3 Feb 2023 15:30:14 +0000 (15:30 +0000)]
refactor(cpufeat): rename ENABLE_SPE_FOR_LOWER_ELS to ENABLE_SPE_FOR_NS
At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL2.E2PB accordingly.
This should be reflected in the feature selection symbol, so rename that
to ENABLE_SPE_FOR_NS, to make it clearer that SPE is not supported in
the secure world.
Change-Id: I3f9b48eab1a45d6ccfcbb9c90a11eeb66867ad9a Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Fri, 3 Feb 2023 15:23:59 +0000 (15:23 +0000)]
fix(spe): drop SPE EL2 context switch code
At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL3.NSPB accordingly.
This also means that the secure world cannot use SPE, so there is no
need to context switch the PMSCR_EL2 register.
Drop the SPE bits from the EL2 context switch code. If any of the other
EL2 worlds wish to start using SPE, this can be brought back.
Change-Id: Ie0fedb2aeb722a2c9db316051fbbe57ca0e3c0c9 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
As per SMCCC spec Table 2.1 bit 23:17 must be zero (MBZ),
for all Fast Calls, when bit[31] == 1.
Adding this check to ensure SMC FIDs when get to the SMC handler
have these bits (23:17) cleared, if not capture and report them
as an unknown SMCs at the core.
Also the C runtime stack is copied to the stackpointer well in
advance, to leverage the existing el3_exit routine for unknown SMC.
Mark Brown [Tue, 14 Mar 2023 20:13:03 +0000 (20:13 +0000)]
feat(tcr2): support FEAT_TCR2
Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the new registers.
Change the FVP platform to default to handling this as a dynamic option so
the right decision can be made by the code at runtime.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I297452acd8646d58bac64fc15e05b06a543e5148
Boyan Karatotev [Thu, 17 Nov 2022 12:01:29 +0000 (12:01 +0000)]
refactor(cpus): shorten errata flag defines
The cpu-ops makefile has errata flag definition and flag processing done
per flag in separate parts in the file. Rework this to make a list and
do this in a much more concise way.
To ensure no flags were missed, a bash script [1] was used to verify all
errata flags made it across. Only the first few flags with different
naming were checked manually.
Maksims Svecovs [Wed, 15 Mar 2023 13:24:44 +0000 (13:24 +0000)]
style(hooks): adds Arm copyright style fix
Adds a check to pre-commit hook that makes sure "Arm" is written in a
correct case and not "arm" or "ARM". Same as a copyright-year check, the
hook will fix the issue and prompt user to stage the fix.
refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3
BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).
BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.
feat(morello): implement methods to retrieve soc-id information
Added silicon revision in the platform information SDS structure.
Implemented platform functions to retrieve the soc-id information
for the morello SoC platform. SoC revision, which is same as
silicon revision, is fetched from the morello_plat_info structure
and SoC version is populated with the part number from SSC_VERSION
register, and is reflected in bits[0:15] of soc-id.
Marco Felsch [Wed, 9 Nov 2022 11:59:09 +0000 (12:59 +0100)]
feat(build): add support for new binutils versions
Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:
ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions
Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/
Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de> Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
Marco Felsch [Thu, 24 Nov 2022 10:02:05 +0000 (11:02 +0100)]
build(makefile): add helper to detect linker options
This is a small helper to check for possible linker options. If the
linker supports the requested option it is returned and if not nothing
will be returned, e.g.:
Merge changes from topic "imx8m_misc_changes" into integration
* changes:
feat(imx8mq): enable dram dvfs support on imx8mq
feat(imx8m): use non-fast wakeup stop mode for system suspend
feat(imx8mq): correct the slot ack setting for STOP mode
feat(imx8mq): add anamix pll override setting for DSM mode
feat(imx8mq): add workaround code for ERR11171 on imx8mq
feat(imx8mq): add the dram retention support for imx8mq
feat(imx8mq): add version for B2
fix(imx8m): backup mr12/14 value from lpddr4 chip
fix(imx8m): add ddr4 dvfs sw workaround for ERR050712
fix(imx8m): fix coverity out of bound access issue
fix(imx8m): fix the dram retention random hang on some imx8mq Rev2.0
feat(imx8m): add more dram pll setting
fix(imx8m): fix the current fsp init
fix(imx8m): fix the rank to rank space issue
fix(imx8m): fix the dfiphymaster setting after dvfs
feat(imx8m): update the ddr4 dvfs flow to include ddr3l support
fix(imx8m): correct the rank info get fro mstr
feat(imx8m): fix the ddr4 dvfs random hang on imx8m
Olivier Deprez [Wed, 16 Nov 2022 15:46:23 +0000 (16:46 +0100)]
feat(spmd): fail safe if SPM fails to initialize
The spmd_setup function is made fail safe in that a failure in the
SPMC manifest parsing, SPMD or SPMC initialization returns a success
code to the standard services initialization routine (std_svc_setup).
This permits continuing the boot process and initialize services
beyond the SPMD to succeed for the system to operate in the normal
world. It operates in a degraded mode for the secure world.
feat(fvp): copy the Event Log to TZC secured DRAM area
Copied the Event Log from internal SRAM to the TZC secured DRAM
reserved area. Also passed this Trusted DRAM address to OPTEE via
NT FW configuration, and to SPMC via TOS FW configuration,
which is eventually used to extend PCR via fTPM application running
on top of OPTEE/SPMC.
Furthermore, this patch makes it easier to access Event Log in RME
enabled systems where Secure World firmware does not have access to
internal(Root) SRAM.
Change-Id: I005e9da1e6075511f412bdf4d8b541fa543df9ab Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Reserved 4KB area for Event Log in DRAM1. This area is used by BL2
to copy Event Log from internal SRAM to this carved out DRAM region
in the subsequent patch.
Change-Id: I7b405775c66d249e31edf7688d95770e6c05c175 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
laurenw-arm [Tue, 7 Feb 2023 19:40:05 +0000 (13:40 -0600)]
test(tc): test for AP/RSS NV counter interface
Change in PLATFORM_TEST build flag from boolean -> string, with the
current string options being tfm-testsuite and rss-nv-counters.
To get the old behavior, i.e. where we used to use PLATFORM_TEST=1,
we now need to pass PLATFORM_TEST=tfm-testsuite.
Adding new test of the AP/RSS interface for non-volatile counters.
The test reads, increments, and reads again each 3 types of NV
counters for: CCA, secure, and non-secure firmware. Enabled by
PLATFORM_TEST=rss-nv-counters.
Change-Id: I2044cc9b2f37984697e0754c9c824eab51a11e7f Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Signed-off-by: Raef Coles <raef.coles@arm.com>
Tintu Thomas [Tue, 21 Feb 2023 17:51:24 +0000 (17:51 +0000)]
fix(tc): change the FIP offset to 8 KiB boundary
* This change overrides the default PLAT_ARM_FIP_OFFSET_IN_GPT
* This aligns the FIP base in GPT image to the RSS ATU page size
boundary (8 KiB). RSS XIP feature requires the FIP to be aligned to
the page size boundary. TC platform will require the XIP feature.
* The aligned FIP_A is starting at sector 48. Hence the offset will be
48*512 = 0x6000.
Signed-off-by: Tintu Thomas <tintu.thomas@arm.com>
Change-Id: I8135ecd4168231847c80151c33ef8353a1586b9a
Andrew Davis [Tue, 7 Mar 2023 15:22:32 +0000 (09:22 -0600)]
fix(ti): do not take system power reference in bl31_platform_setup()
Taking a reference at this early stage can cause boot failure if the DM
firmware is not fully initialized. Remove this early call until the
fix in DM firmware is widely available.
Signed-off-by: Andrew Davis <afd@ti.com>
Change-Id: Ic9c47ccf1e9a1b9faeb1c7d2665d54cf55ef5396
AlexeiFedorov [Tue, 7 Mar 2023 13:34:45 +0000 (13:34 +0000)]
fix(pmu): switch FVP PMUv3 SPIs to PPI
FVP PMUv3 SPIs legacy interrupts are only listed for
cluster #0 and are missing for cluster #1.
This patch changes FVP SPIs to PMUv3 PPI as in
arm_fpga.dtsi, morello.dtsi and n1sdp.dtsi.
David Vincze [Mon, 6 Mar 2023 14:02:08 +0000 (15:02 +0100)]
fix(rss): fix msg deserialization bugs in comms
-fix1: size of struct instead of pointer during reply_size check
-fix2: update the out_vec length with the actual length from reply
message (e.g. in case of an output buffer, the returned output
data length remained the size of the buffer and was not updated
with the size of the actual data in it)
Change-Id: Ibed5520ca1fb05df358de4bdf85ace219183866c Signed-off-by: David Vincze <david.vincze@arm.com>
Akshay Belsare [Mon, 27 Feb 2023 06:34:26 +0000 (12:04 +0530)]
fix(zynqmp): conditional reservation of memory in DTB
When the TF-A is placed in DDR memory range, the DDR memory range is
getting explicitly reserved in the default device tree by TF-A.
This creates an error condition in the use case where Device tree is
not present or it is present at a different location.
To fix this, a new build time parameter, XILINX_OF_BOARD_DTB_ADDR, is
introduced. The TF-A will reserve the DDR memory only when a valid
DTB address is provided to XILINX_OF_BOARD_DTB_ADDR during build.
Now the user has options, either manually reserve the desired
DDR address range for TF-A in device tree or let TF-A access and modify
the device tree, to reserve the DDR address range, in runtime using
the build parameter.
refactor(auth): use a single function for parsing extensions
Previously, extensions were parsed twice: once with error checking for
validation, and a second time without error checking to extract the
extension data. This is error prone and caused TFV-10 (CVE-2022-47630).
A simpler approach is to have get_ext() be responsible for all extension
parsing, and to treat a NULL OID as an indicator that get_ext() is only
being called for validation. cert_parse() checks that get_ext() returns
IMG_PARSER_OK and fails otherwise.
Change-Id: I65a2ff053a188351ba54799827a2b7bd833bb037 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
fix(cpufeat): resolve build errors due to compiler optimization
Currently most of the architectural feature build flags are set
to 2(FEATURE_STATE_CHECK) for fvp platform only.
However other platforms still configure them by default to 0, which
would lead to build failures in cases when compiler configured
to build TF-A with zero optimization (CFLAGS='-O0').
This patch addresses such build issues and thereby resolves the failures
seen under CI-l3 test_configurations.
Baruch Siach [Tue, 28 Feb 2023 10:52:00 +0000 (11:52 +0100)]
fix(mmc): remove redundant reset_to_idle call
mmc_enumerate() is the only caller of mmc_send_op_cond().
mmc_enumerate() calls mmc_reset_to_idle() just before calling
mmc_send_op_cond(). No need to do that again in mmc_send_op_cond().
Govindraj Raja [Tue, 28 Feb 2023 11:37:02 +0000 (11:37 +0000)]
fix(mbedtls): fix mbedtls coverity issues
commit (a8eadc51a refactor(mbedtls): avoid including
MBEDTLS_CONFIG_FILE) avoids using config file directly and relies on
config file usage from mbedtls version.h
But we could build trusted boot without mbedtls dir so guard version.h
include in cot_def.h with availability of config file.
Also we refactored in same commit to break dependencies between
auth_mod.h and cot_def.h, So add cot_def.h include in nxp tbbr
cot file.
Change-Id: I4779e90c18f04c73d2121c88df6420b4b1109c8b Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>