Andre Przywara [Thu, 26 Jan 2023 15:27:38 +0000 (15:27 +0000)]
refactor(cpufeat): enable FEAT_PAN for FEAT_STATE_CHECKED
At the moment we only support FEAT_PAN to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_FEAT_PAN=2), by splitting
is_armv8_1_pan_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we PAN specific setup.
Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.
Change-Id: I58e5fe8d3c9332820391c7d93a8fb9dba4cf754a Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Thu, 17 Nov 2022 16:42:09 +0000 (16:42 +0000)]
refactor(cpufeat): align FEAT_SB to new feature handling
FEAT_SB introduces a new speculation barrier instruction, that is more
lightweight than a "dsb; isb" combination. We use that in a hot path,
so cannot afford and don't want a runtime detection mechanism.
Nevertheless align the implementation of the feature detection part
with the other features, but renaming the detection function, and
updating the FEAT_DETECTION code. Also update the documentation.
Change-Id: I2b86dfd1ad259c3bb99ab5186e2911ace454b54c Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Fri, 25 Nov 2022 14:10:13 +0000 (14:10 +0000)]
refactor(cpufeat): use alternative encoding for "SB" barrier
The "sb" barrier instruction is a rather new addition to the AArch64
instruction set, so it is not recognised by all toolchains. On top of
that, the GNU assembler denies this instruction, unless a compatible
processor is selected:
asm_macros.S:223: Error: selected processor does not support `sb'
Provide an alternative encoding of the "sb" instruction, by using a
system register write, as this is the group where the barrier
instructions borrow their encoding space from.
This results in the exact same opcode to be generated, and any
disassembler will decode this instruction as "sb".
Change-Id: I5f44c8321e0cc04c784e02bd838e964602a96a8e Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Thu, 17 Nov 2022 16:42:09 +0000 (16:42 +0000)]
refactor(cpufeat): enable SYS_REG_TRACE for FEAT_STATE_CHECKED
At the moment we only support access to the trace unit by system
registers (SYS_REG_TRACE) to be either unconditionally compiled in, or
to be not supported at all.
Add support for runtime detection (ENABLE_SYS_REG_TRACE_FOR_NS=2), by
adding is_feat_sys_reg_trace_supported(). That function considers both
build time settings and runtime information (if needed), and is used
before we access SYS_REG_TRACE related registers.
The FVP platform decided to compile in support unconditionally (=1),
even though this is an optional feature, so it is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: I450a574a4f6bd9fc269887037049c94c906f54b2 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Wed, 22 Mar 2023 13:25:00 +0000 (13:25 +0000)]
fix(cpufeat): make stub enable functions "static inline"
For builds where we don't have a certain feature enabled, we provide
empty stub xxx_enable() functions in a header file. This way we
avoid #ifdef's in the code, and can call the enable function
unconditionally. When compiling with -O1 or higher, the compiler will
even optimise out the whole call, so the symbol will never make it into
any object file.
When compiling with optimisations turned off, the function stub will
survive, and could make it into multiple object files, which would lead
to a multiple definitons error.
Avoid this by defining those stub functions as "static inline". The
"static" will avoid the multiple definitions problems, the "inline" will
avoid a potential compiler warning about unused functions.
This patterns is used extensively in the Linux kernel.
Change-Id: Iad07bb946aab372587c83f2423b4983bf3817990 Reported-by: Chris Kay <chris.kay@arm.com> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Tue, 21 Mar 2023 14:44:59 +0000 (14:44 +0000)]
fix(mpam): feat_detect: support major/minor
The MPAM CPU ID version number is split between two CPU ID register
fields, with the second being a fractional field, allowing for instance
for a "MPAM v1.1" number. The read_feat_mpam_version() function merges
those two fields to form a "4.4" fixed point fractional number, but the
limit check in the check_feature() function was not taking this into
account.
To support MPAM major version 1, extend the limit from "1" to "17", to
cover the current maximum version of "MPAM v1.1".
This fixes FVP runs with "has_mpam=1" and FEATURE_DETECTION enabled.
Change-Id: Icb557741d597e4e43eaf658b78f18af6e9fb439e Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Bipin Ravi [Mon, 20 Mar 2023 21:21:24 +0000 (22:21 +0100)]
Merge changes from topics "qemu", "qemu_sbsa" into integration
* changes:
feat(qemu): add A76/N1 cpu support for virt
feat(qemu): add "neoverse-n1" cpu support
feat(qemu): make coherent memory section optional
refactor(qemu): make use of setup_page_tables()
Manish Pandey [Mon, 20 Mar 2023 17:25:00 +0000 (18:25 +0100)]
Merge changes from topic "feat_state_part3" into integration
* changes:
refactor(cpufeat): enable FEAT_VHE for FEAT_STATE_CHECKED
refactor(mpam): enable FEAT_MPAM for FEAT_STATE_CHECKED
feat(libc): add support for fallthrough statement
refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED
refactor(cpufeat): rename ENABLE_SPE_FOR_LOWER_ELS to ENABLE_SPE_FOR_NS
fix(spe): drop SPE EL2 context switch code
Andre Przywara [Thu, 17 Nov 2022 16:42:09 +0000 (16:42 +0000)]
refactor(cpufeat): enable FEAT_VHE for FEAT_STATE_CHECKED
At the moment we only support FEAT_VHE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_FEAT_VHE=2), by splitting
is_armv8_1_vhe_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access VHE related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_vhe_supported() function to guard its execution.
Enable VHE in its runtime detection version for all FVP builds.
Change-Id: Ib397cd0c83e8c709bd6fed603560e39901fa672b Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Thu, 17 Nov 2022 16:42:09 +0000 (16:42 +0000)]
refactor(mpam): enable FEAT_MPAM for FEAT_STATE_CHECKED
At the moment we only support FEAT_MPAM to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_MPAM_FOR_LOWER_ELS=2), by
splitting get_mpam_version() into an ID register reading
function and a second function to report the support status. That
function considers both build time settings and runtime information (if
needed), and is used before we access MPAM related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_mpam_supported() function to guard its execution.
ENABLE_MPAM_FOR_LOWER_ELS defaults to 0, so add a stub enable function
to cover builds with compiler optimisations turned off. The unused
mpam_enable() function call will normally be optimised away (because it
would never be called), but with -O0 the compiler will leave the symbol
in the object file.
Change-Id: I531d87cb855a7c43471f861f625b5a6d4bc61313 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Tue, 21 Feb 2023 12:05:29 +0000 (12:05 +0000)]
feat(libc): add support for fallthrough statement
Modern C compilers warn about unannotated switch/case fallthrough code,
and require either a comment with some magic words, or an explicit
compiler attribute.
Since some TF-A static analysis CI check suggests having a "fallthrough;"
statement instead of a comment, introduce a macro that implements that
statement, and emits the proper compiler attribute.
Change-Id: Ib34e615fb48d0f4a340aabfad4472e08d5c70248 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Thu, 17 Nov 2022 16:42:09 +0000 (16:42 +0000)]
refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED
At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_SPE_FOR_NS=2), by splitting
is_armv8_2_feat_spe_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access SPE related registers.
Previously SPE was enabled unconditionally for all platforms, change
this now to the runtime detection version.
Change-Id: I830c094107ce6a398bf1f4aef7ffcb79d4f36552 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Fri, 3 Feb 2023 15:30:14 +0000 (15:30 +0000)]
refactor(cpufeat): rename ENABLE_SPE_FOR_LOWER_ELS to ENABLE_SPE_FOR_NS
At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL2.E2PB accordingly.
This should be reflected in the feature selection symbol, so rename that
to ENABLE_SPE_FOR_NS, to make it clearer that SPE is not supported in
the secure world.
Change-Id: I3f9b48eab1a45d6ccfcbb9c90a11eeb66867ad9a Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Fri, 3 Feb 2023 15:23:59 +0000 (15:23 +0000)]
fix(spe): drop SPE EL2 context switch code
At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL3.NSPB accordingly.
This also means that the secure world cannot use SPE, so there is no
need to context switch the PMSCR_EL2 register.
Drop the SPE bits from the EL2 context switch code. If any of the other
EL2 worlds wish to start using SPE, this can be brought back.
Change-Id: Ie0fedb2aeb722a2c9db316051fbbe57ca0e3c0c9 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Mark Brown [Tue, 14 Mar 2023 20:13:03 +0000 (20:13 +0000)]
feat(tcr2): support FEAT_TCR2
Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the new registers.
Change the FVP platform to default to handling this as a dynamic option so
the right decision can be made by the code at runtime.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I297452acd8646d58bac64fc15e05b06a543e5148
Boyan Karatotev [Thu, 17 Nov 2022 12:01:29 +0000 (12:01 +0000)]
refactor(cpus): shorten errata flag defines
The cpu-ops makefile has errata flag definition and flag processing done
per flag in separate parts in the file. Rework this to make a list and
do this in a much more concise way.
To ensure no flags were missed, a bash script [1] was used to verify all
errata flags made it across. Only the first few flags with different
naming were checked manually.
Maksims Svecovs [Wed, 15 Mar 2023 13:24:44 +0000 (13:24 +0000)]
style(hooks): adds Arm copyright style fix
Adds a check to pre-commit hook that makes sure "Arm" is written in a
correct case and not "arm" or "ARM". Same as a copyright-year check, the
hook will fix the issue and prompt user to stage the fix.
refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3
BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).
BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.
feat(morello): implement methods to retrieve soc-id information
Added silicon revision in the platform information SDS structure.
Implemented platform functions to retrieve the soc-id information
for the morello SoC platform. SoC revision, which is same as
silicon revision, is fetched from the morello_plat_info structure
and SoC version is populated with the part number from SSC_VERSION
register, and is reflected in bits[0:15] of soc-id.
Marco Felsch [Wed, 9 Nov 2022 11:59:09 +0000 (12:59 +0100)]
feat(build): add support for new binutils versions
Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:
ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions
Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/
Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de> Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
Marco Felsch [Thu, 24 Nov 2022 10:02:05 +0000 (11:02 +0100)]
build(makefile): add helper to detect linker options
This is a small helper to check for possible linker options. If the
linker supports the requested option it is returned and if not nothing
will be returned, e.g.:
Merge changes from topic "imx8m_misc_changes" into integration
* changes:
feat(imx8mq): enable dram dvfs support on imx8mq
feat(imx8m): use non-fast wakeup stop mode for system suspend
feat(imx8mq): correct the slot ack setting for STOP mode
feat(imx8mq): add anamix pll override setting for DSM mode
feat(imx8mq): add workaround code for ERR11171 on imx8mq
feat(imx8mq): add the dram retention support for imx8mq
feat(imx8mq): add version for B2
fix(imx8m): backup mr12/14 value from lpddr4 chip
fix(imx8m): add ddr4 dvfs sw workaround for ERR050712
fix(imx8m): fix coverity out of bound access issue
fix(imx8m): fix the dram retention random hang on some imx8mq Rev2.0
feat(imx8m): add more dram pll setting
fix(imx8m): fix the current fsp init
fix(imx8m): fix the rank to rank space issue
fix(imx8m): fix the dfiphymaster setting after dvfs
feat(imx8m): update the ddr4 dvfs flow to include ddr3l support
fix(imx8m): correct the rank info get fro mstr
feat(imx8m): fix the ddr4 dvfs random hang on imx8m
Olivier Deprez [Wed, 16 Nov 2022 15:46:23 +0000 (16:46 +0100)]
feat(spmd): fail safe if SPM fails to initialize
The spmd_setup function is made fail safe in that a failure in the
SPMC manifest parsing, SPMD or SPMC initialization returns a success
code to the standard services initialization routine (std_svc_setup).
This permits continuing the boot process and initialize services
beyond the SPMD to succeed for the system to operate in the normal
world. It operates in a degraded mode for the secure world.
feat(fvp): copy the Event Log to TZC secured DRAM area
Copied the Event Log from internal SRAM to the TZC secured DRAM
reserved area. Also passed this Trusted DRAM address to OPTEE via
NT FW configuration, and to SPMC via TOS FW configuration,
which is eventually used to extend PCR via fTPM application running
on top of OPTEE/SPMC.
Furthermore, this patch makes it easier to access Event Log in RME
enabled systems where Secure World firmware does not have access to
internal(Root) SRAM.
Change-Id: I005e9da1e6075511f412bdf4d8b541fa543df9ab Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Reserved 4KB area for Event Log in DRAM1. This area is used by BL2
to copy Event Log from internal SRAM to this carved out DRAM region
in the subsequent patch.
Change-Id: I7b405775c66d249e31edf7688d95770e6c05c175 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
laurenw-arm [Tue, 7 Feb 2023 19:40:05 +0000 (13:40 -0600)]
test(tc): test for AP/RSS NV counter interface
Change in PLATFORM_TEST build flag from boolean -> string, with the
current string options being tfm-testsuite and rss-nv-counters.
To get the old behavior, i.e. where we used to use PLATFORM_TEST=1,
we now need to pass PLATFORM_TEST=tfm-testsuite.
Adding new test of the AP/RSS interface for non-volatile counters.
The test reads, increments, and reads again each 3 types of NV
counters for: CCA, secure, and non-secure firmware. Enabled by
PLATFORM_TEST=rss-nv-counters.
Change-Id: I2044cc9b2f37984697e0754c9c824eab51a11e7f Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Signed-off-by: Raef Coles <raef.coles@arm.com>
Tintu Thomas [Tue, 21 Feb 2023 17:51:24 +0000 (17:51 +0000)]
fix(tc): change the FIP offset to 8 KiB boundary
* This change overrides the default PLAT_ARM_FIP_OFFSET_IN_GPT
* This aligns the FIP base in GPT image to the RSS ATU page size
boundary (8 KiB). RSS XIP feature requires the FIP to be aligned to
the page size boundary. TC platform will require the XIP feature.
* The aligned FIP_A is starting at sector 48. Hence the offset will be
48*512 = 0x6000.
Signed-off-by: Tintu Thomas <tintu.thomas@arm.com>
Change-Id: I8135ecd4168231847c80151c33ef8353a1586b9a
Andrew Davis [Tue, 7 Mar 2023 15:22:32 +0000 (09:22 -0600)]
fix(ti): do not take system power reference in bl31_platform_setup()
Taking a reference at this early stage can cause boot failure if the DM
firmware is not fully initialized. Remove this early call until the
fix in DM firmware is widely available.
Signed-off-by: Andrew Davis <afd@ti.com>
Change-Id: Ic9c47ccf1e9a1b9faeb1c7d2665d54cf55ef5396
AlexeiFedorov [Tue, 7 Mar 2023 13:34:45 +0000 (13:34 +0000)]
fix(pmu): switch FVP PMUv3 SPIs to PPI
FVP PMUv3 SPIs legacy interrupts are only listed for
cluster #0 and are missing for cluster #1.
This patch changes FVP SPIs to PMUv3 PPI as in
arm_fpga.dtsi, morello.dtsi and n1sdp.dtsi.
David Vincze [Mon, 6 Mar 2023 14:02:08 +0000 (15:02 +0100)]
fix(rss): fix msg deserialization bugs in comms
-fix1: size of struct instead of pointer during reply_size check
-fix2: update the out_vec length with the actual length from reply
message (e.g. in case of an output buffer, the returned output
data length remained the size of the buffer and was not updated
with the size of the actual data in it)
Change-Id: Ibed5520ca1fb05df358de4bdf85ace219183866c Signed-off-by: David Vincze <david.vincze@arm.com>
Akshay Belsare [Mon, 27 Feb 2023 06:34:26 +0000 (12:04 +0530)]
fix(zynqmp): conditional reservation of memory in DTB
When the TF-A is placed in DDR memory range, the DDR memory range is
getting explicitly reserved in the default device tree by TF-A.
This creates an error condition in the use case where Device tree is
not present or it is present at a different location.
To fix this, a new build time parameter, XILINX_OF_BOARD_DTB_ADDR, is
introduced. The TF-A will reserve the DDR memory only when a valid
DTB address is provided to XILINX_OF_BOARD_DTB_ADDR during build.
Now the user has options, either manually reserve the desired
DDR address range for TF-A in device tree or let TF-A access and modify
the device tree, to reserve the DDR address range, in runtime using
the build parameter.
refactor(auth): use a single function for parsing extensions
Previously, extensions were parsed twice: once with error checking for
validation, and a second time without error checking to extract the
extension data. This is error prone and caused TFV-10 (CVE-2022-47630).
A simpler approach is to have get_ext() be responsible for all extension
parsing, and to treat a NULL OID as an indicator that get_ext() is only
being called for validation. cert_parse() checks that get_ext() returns
IMG_PARSER_OK and fails otherwise.
Change-Id: I65a2ff053a188351ba54799827a2b7bd833bb037 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
fix(cpufeat): resolve build errors due to compiler optimization
Currently most of the architectural feature build flags are set
to 2(FEATURE_STATE_CHECK) for fvp platform only.
However other platforms still configure them by default to 0, which
would lead to build failures in cases when compiler configured
to build TF-A with zero optimization (CFLAGS='-O0').
This patch addresses such build issues and thereby resolves the failures
seen under CI-l3 test_configurations.
Govindraj Raja [Tue, 28 Feb 2023 11:37:02 +0000 (11:37 +0000)]
fix(mbedtls): fix mbedtls coverity issues
commit (a8eadc51a refactor(mbedtls): avoid including
MBEDTLS_CONFIG_FILE) avoids using config file directly and relies on
config file usage from mbedtls version.h
But we could build trusted boot without mbedtls dir so guard version.h
include in cot_def.h with availability of config file.
Also we refactored in same commit to break dependencies between
auth_mod.h and cot_def.h, So add cot_def.h include in nxp tbbr
cot file.
Change-Id: I4779e90c18f04c73d2121c88df6420b4b1109c8b Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
projects / arm-tf.git / log