instead of it being lost in the middle of supported platform ports.
Regarding a), this gets moved under the "Processes & Policies" section.
More specifically, it gets clubbed with the existing platform
compatibility policy. The combined document gets renamed into a
"Platforms Ports Policy" document.
This patch adds the following changes to complete the existing
TRNG implementation:
1. Adds a feature specific scope for buildlog generation.
2. Updates the docs on the build flag "TRNG_SUPPORT" and its values.
3. Makefile update and improves the existing comments at few sections
for better understanding of the underlying logic.
- Remove mentions of Arm SGM-775 and MediaTek MT6795 platforms.
Both platform ports were deleted from TF-A source tree in the
last release (v2.7).
- Remove mention of Arm Morello platform, as it now has a dedicated
documentation page accessible from the table of contents
(see docs/plat/arm/morello/).
Manish Pandey [Tue, 1 Nov 2022 16:16:55 +0000 (16:16 +0000)]
fix(debug): decouple "get_el_str()" from backtrace
get_el_str() was implemented under ENABLE_BACKTRACE macro but being
used at generic places too, this causes multiple definition of this
function.
Remove duplicate definition of this function and move it out of
backtrace scope. Also, this patch fixes a small bug where in default
case S-EL1 is returned which ideally should be EL1, as there is no
notion of security state in EL string.
Olivier Deprez [Tue, 11 Oct 2022 13:38:27 +0000 (15:38 +0200)]
feat: pass SMCCCv1.3 SVE hint bit to dispatchers
SMCCCv1.3 introduces the SVE hint bit added to the SMC FID (bit 16)
denoting that the world issuing an SMC doesn't expect the callee to
preserve the SVE state (FFR, predicates, Zn vector bits greater than
127). Update the generic SMC handler to copy the SVE hint bit state
to SMC flags and mask out the bit by default for the services called
by the standard dispatcher. It is permitted by the SMCCC standard to
ignore the bit as long as the SVE state is preserved. In any case a
callee must preserve the NEON state (FPCR/FPSR, Vn 128b vectors)
whichever the SVE hint bit state.
Manish Pandey [Tue, 11 Oct 2022 16:28:14 +0000 (17:28 +0100)]
fix(bl31): harden check in delegate_async_ea
Following hardening done around ESR_EL3 register usage
- Panic if exception is anyting other than SError
- AET bit is only valid if DFSC is 0x11, move DFSC check before AET.
Marc Bonnici [Tue, 18 Oct 2022 13:03:13 +0000 (14:03 +0100)]
fix(el3-spmc): check descriptor size for overflow
Ensure that the provided descriptor size used when reserving space
for a memory descriptor does not overflow to prevent scope for
memory corruption. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: If06985c4de9a88ff82ce60d10e346da948ed383f
Marc Bonnici [Tue, 18 Oct 2022 12:50:04 +0000 (13:50 +0100)]
fix(el3-spmc): fix detection of overlapping memory regions
The current logic does not cover all scenarios of overlapping
memory regions. Update the implementation to verify non-overlapping
regions instead. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I16c53d081e4455bc0e28399d28a1b27b1a9eb49c
Marc Bonnici [Tue, 18 Oct 2022 12:39:48 +0000 (13:39 +0100)]
fix(el3-spmc): fix incomplete reclaim validation
Ensure that the full memory transaction descriptor has been transmitted
before a request to reclaim the memory transaction is permitted.
This prevents any potential accesses to the incomplete descriptor.
Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I33e993c6b754632051e899ab20edd19b18b6cf65
This change updates the version of the Node Version Manager suggested by
the prerequisites documentation. The NVM installation command line hint
has been replaced with the snippet provided by NVM's user guide, and the
second line now automatically installs a version of Node.js compatible
with TF-A's repository scripts.
Change-Id: I6ef5e504118238716ceb45a52083450c424c5d20 Signed-off-by: Chris Kay <chris.kay@arm.com>
Olivier Deprez [Fri, 4 Nov 2022 09:47:54 +0000 (10:47 +0100)]
Merge changes from topic "hikey960-el3-spmc" into integration
* changes:
feat(hikey960): read serial number from UFS
feat(hikey960): add a FF-A logical partition
feat(hikey960): add memory sharing hooks for SPMC_AT_EL3
feat(hikey960): add plat-defines for SPMC_AT_EL3
feat(hikey960): define a datastore for SPMC_AT_EL3
feat(hikey960): add SP manifest for SPMC_AT_EL3
feat(hikey960): increase secure workspace to 64MB
feat(hikey960): upgrade to xlat_tables_v2
Bipin Ravi [Wed, 2 Nov 2022 21:50:03 +0000 (16:50 -0500)]
fix(cpus): workaround for Cortex-A76 erratum 2743102
Cortex-A76 erratum 2743102 is a Cat B erratum that applies to
all revisions <=r4p1 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
Bipin Ravi [Wed, 2 Nov 2022 21:12:01 +0000 (16:12 -0500)]
fix(cpus): workaround for Neoverse N1 erratum 2743102
Neoverse N1 erratum 2743102 is a Cat B erratum that applies to
all revisions <=r4p1 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
feat(drtm): add DRTM parameters structure version check
Added DRTM parameters structure version check that as per
the current released DRTM specification [1].
Mainly to cater below mentioned in the specification [1]
section 3.12 -
For a given DRTM major version number this structure will
always be extended in a backwards compatible manner.
vallau01 [Mon, 8 Aug 2022 12:10:14 +0000 (14:10 +0200)]
fix(el3-spmc): compute full FF-A V1.1 desc size
This patch fixes an issue in spmc_ffa_fill_desc.
In order to compute the spmc_shm_get_v1_1_descriptor_size,
fragment_length which is a fraction of the descriptor size is used as
desc_size parameter. It has to be replaced with the
full V1.0 descriptor size(obj->desc_filled).
Boyan Karatotev [Mon, 3 Oct 2022 13:21:28 +0000 (14:21 +0100)]
fix(cpus): workaround for Cortex-A710 erratum 2291219
Cortex-A710 erratum 2291219 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to set
CPUACTLR2_EL1[36] to 1 before the power down sequence that sets
CORE_PWRDN_EN. This allows the cpu to retry the power down and prevents
the deadlock. TF-A never clears this bit even if it wakes up from the
wfi in the sequence since it is not expected to do anything but retry to
power down after and the bit is cleared on reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Boyan Karatotev [Mon, 3 Oct 2022 13:18:28 +0000 (14:18 +0100)]
fix(cpus): workaround for Cortex-X3 erratum 2313909
Cortex-X3 erratum 2313909 is a Cat B erratum that applies to revisions
r0p0 and r1p0, and is fixed in r1p1. The workaround is to set
CPUACTLR2_EL1[36] to 1 before the power down sequence that sets
CORE_PWRDN_EN. This allows the cpu to retry the power down and prevents
the deadlock. TF-A never clears this bit even if it wakes up from the
wfi in the sequence since it is not expected to do anything but retry to
power down after and the bit is cleared on reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2055130/latest
Boyan Karatotev [Mon, 3 Oct 2022 13:07:08 +0000 (14:07 +0100)]
fix(cpus): workaround for Neoverse-N2 erratum 2326639
Neoverse-N2 erratum 2326639 is a Cat B erratum that applies to revision
r0p0 and is fixed in r0p1. The workaround is to set CPUACTLR2_EL1[36] to
1 before the power down sequence that sets CORE_PWRDN_EN. This allows
the cpu to retry the power down and prevents the deadlock. TF-A never
clears this bit even if it wakes up from the wfi in the sequence since
it is not expected to do anything but retry to power down after and the
bit is cleared on reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest/
Platforms which implement pwr_domain_pwr_down_wfi differ substantially
in behaviour. However, different cpus require similar sequences to power
down. This patch tightens the behaviour of these platforms to end on a
wfi loop after performing platform power down. This is required so that
platforms behave more consistently on power down, in cases where the wfi
can fall through.
Add documentation how to build EL3 SPMC,
briefly describes all FF-A interfaces,
SP boot flow, SP Manifest, Power Management,
Boot Info Protocol, Runtime model and state
transition and Interrupt Handling.
Boyan Karatotev [Tue, 25 Oct 2022 10:29:04 +0000 (11:29 +0100)]
chore: rename Makalu ELP to Cortex-X3
The Cortex-X3 cpu port was developed before its public release when it
was known as Makalu ELP. Now that it's released we can use the official
product name.
Bipin Ravi [Thu, 13 Oct 2022 22:25:51 +0000 (17:25 -0500)]
fix(security): optimisations for CVE-2022-23960
Optimised the loop workaround for Spectre_BHB mitigation:
1. use of speculation barrier for cores implementing SB instruction.
2. use str/ldr instead of stp/ldp as the loop uses only X2 register.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I8ac53ea1e42407ad8004c1d59c05f791011f195d
Shawn Guo [Wed, 26 Oct 2022 08:38:53 +0000 (16:38 +0800)]
fix(imx8m): update poweroff related SNVS_LPCR bits only
Function imx_system_off() writes SNVS_LPCR register to power off the SoC
without bit masking. This clears other bits like LPWUI_EN and breaks
the function of SoC wake-up using RTC alarm. Fix it by updating poweroff
related bits only.
Fixed the qemu 32 bit clang build fail caused because of
no march32 directives in TF_CFLAGS_aarch32 variable
march32_directive is initialized later in Makefile and since clang build
uses Immediate set instead of Lazy set , TF_CFLAGS_aarch32 doesn't
have mcpu variable.
Daniel Boulby [Wed, 5 Oct 2022 10:05:22 +0000 (11:05 +0100)]
feat(zlib): update zlib source files
Upgrade the zlib source files to the ones present in the version 1.2.13
of zlib [1]. Since 1.2.11 the use of Arm crc32 instructions has been
introduced so update the files to make use of this.
[1] https://github.com/madler/zlib/tree/v1.2.13
Change-Id: Ideef78c56f05ae7daec390d00dcaa8f66b18729e Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
projects / arm-tf.git / log