Currently, when SPMC at S-EL2 is used, we cannot use the RAS framework
to handle Group 0 interrupts. This is required on platforms where first
level of triaging needs to occur at EL3, before forwarding RAS handling
to a secure partition running atop an SPMC (hafnium).
The RAS framework depends on EHF and EHF registers for Group 0
interrupts to be trapped to EL3 when execution is both in secure world
and normal world. However, an FF-A compliant SPMC requires secure
interrupts to be trapped by the SPMC when execution is in S-EL0/S-EL1.
Consequently, the SPMC (hafnium) is incompatible with EHF, since it is
not re-entrant, and a Group 0 interrupt trapped to EL3 when execution is
in secure world, cannot be forwarded to an SP running atop SPMC.
This patch changes EHF to only register for Group 0 interrupts to be
trapped to EL3 when execution is in normal world and also makes it a
valid routing model to do so, when EL3_EXCEPTION_HANDLING is set (when
enabling the RAS framework).
Samuel Holland [Sat, 9 Apr 2022 03:22:04 +0000 (22:22 -0500)]
fix(build): discard sections also with SEPARATE_NOBITS_REGION
Some linker sections are discarded since 511046eaa28f ("BL31: discard
.dynsym .dynstr .hash sections to make ENABLE_PIE work"). However, that
logic was placed inside a preprocessor condition, so it only applied to
the !SEPARATE_NOBITS_REGION case. Move the /DISCARD/ block down so it
applies in all cases.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I6604609f2321a2a9c32a25721a697c320108a974
Samuel Holland [Sat, 9 Apr 2022 02:56:02 +0000 (21:56 -0500)]
fix(build): disable default PIE when linking
Commit f7ec31db2d ("Disable PIE compilation option") allowed building a
non-relocatable firmware with a default-PIE toolchain by disabling PIE
at compilation time. This prevents the compiler from generating
relocations against a GOT.
However, when a default-PIE GCC is used as the linker, the final binary
will still be a PIE, containing an (unused) GOT and dynamic symbol
table. These structures do not affect execution, but they waste space in
the firmware binary. Disable PIE at link time to recover this space.
Change-Id: I2be7ac9c1a957f6db8d75efe6e601e9a5760a925 Signed-off-by: Samuel Holland <samuel@sholland.org>
Juan Pablo Conde [Mon, 28 Feb 2022 19:14:44 +0000 (14:14 -0500)]
fix(errata): workaround for Neoverse-V1 erratum 1618635
Neoverse-V1 erratum 1618635 is a Cat B erratum that applies to
revision r0p0. It is fixed in r1p0.
The workaround is done through the instruction patching
mechanism, which is performed by a write sequence of
IMPLEMENTATION DEFINED registers.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest/
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I53e406735cd3a2a930fdc72ebce3bbed97100168
Currently Tf-A uses whatever openssl binary is on the system to sign
images. However if OPENSSL_DIR is specified in the build flags this can
lead to linking issues as the system binary can end up being linked
against shared libraries provided in OPENSSL_DIR/lib if both binaries
(the system's and the on in OPENSSL_DIR/bin) are the same version.
This patch ensures that the binary used is always the one given by
OPENSSL_DIR to avoid those link issues.
Varun Wadekar [Wed, 3 Aug 2022 11:01:36 +0000 (12:01 +0100)]
fix(bl31): pass the EA bit to 'delegate_sync_ea'
During a synchronous exception, the 'enter_lower_el_sync_ea' handler
tests the ESR_EL3 EA bit and calls 'report_unhandled_exception', if
it is not set.
EA = 0 and IFSC = SEA, seems to be a contradiction. EA provides further
classification of a synchronous abort. A synchronous abort is determined
by the IFSC value on an instruction fetch synchronous abort. As a result,
EA will never be set to 1 on an instruction fetch synchronous abort and
'report_unhandled_exception' should not be called.
This patch removes this behavior to allow the platform to handle the
exception.
Signed-off-by: Nicolas Benech <nbenech@nvidia.com> Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I3f004447ad4316d81649063e1ffb3ac644c83ede
Merge changes from topic "st_fip_uuid" into integration
* changes:
feat(stm32mp1): retrieve FIP partition by type UUID
feat(guid-partition): allow to find partition by type UUID
refactor(stm32mp1): update PLAT_PARTITION_MAX_ENTRIES
Michal Simek [Thu, 21 Jul 2022 06:54:16 +0000 (08:54 +0200)]
fix(versal): remove clock related macros
TF-A doesn't configure clock on Versal. Setup is done by previous
bootloader (called PLM) that's why there is no need to have macro listed in
headers. Also previous phase can disable access to these registers that's
why better to remove them.
Change-Id: I53ba344ad932c532b0babdce9d2b26e4c2c1b846 Signed-off-by: Michal Simek <michal.simek@amd.com>
Fixed below MISRA failure -
>>> CID 379362: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "psci_non_cpu_pd_nodes" of 5 16-byte
>>> elements at element index 5 (byte offset 95) using index
>>> "i" (which evaluates to 5).
Change-Id: Ie88fc555e48b06563372bfe4e51f16b13c0a020b Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Bipin Ravi [Tue, 12 Jul 2022 22:13:01 +0000 (17:13 -0500)]
fix(errata): workaround for Cortex-X2 erratum 2371105
Cortex-X2 erratum 2371105 is a cat B erratum that applies to
revisions r0p0 - r2p0 and is fixed in r2p1. The workaround is to
set bit[40] of CPUACTLR2_EL1 to disable folding of demand requests
into older prefetches with L2 miss requests outstanding.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775100/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ib4f0caac36e1ecf049871acdea45526b394b7bad
fix(tc): tc2 bl1 start address shifted by one page
Change [1] is specific to TC2 model and breaks former TC0/TC1 test
configs.
BL1 start address is 0x0 on TC0/TC1 and 0x1000 from TC2 onwards.
Fix by adding conditional defines depending on TARGET_PLATFORM build
flag.
feat(psci): add a helper function to ensure that non-boot PEs are offline
Introduce a helper function that ensures that non-boot PEs are offline.
This function will be used by DRTM implementation to ensure that system
is running with only single PE.
Bipin Ravi [Tue, 12 Jul 2022 20:53:21 +0000 (15:53 -0500)]
fix(errata): workaround for Cortex-A710 erratum 2371105
Cortex-A710 erratum 2371105 is a cat B erratum that applies to
revisions r0p0 - r2p0 and is fixed in r2p1. The workaround is to
set bit[40] of CPUACTLR2_EL1 to disable folding of demand requests
into older prefetches with L2 miss requests outstanding.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I342b095b66f808bd6c066c20c581df5341bb7c2c
Bipin Ravi [Fri, 15 Jul 2022 22:20:16 +0000 (17:20 -0500)]
fix(errata): workaround for Cortex A78C erratum 2242638
Cortex A78C erratum 2242638 is a Cat B erratum which applies to
revisions r0p1, r0p2 and is still open. The workaround is to apply
a CPU implementation specific specific patch sequence.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2004089/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I35d385245a04a39b87be71c1a42312f75e1152e5
Juan Pablo Conde [Tue, 28 Jun 2022 20:56:32 +0000 (16:56 -0400)]
docs(security): update info on use of OpenSSL 3.0
OpenSSL 3.0 is a pre-requisite since v2.7 and can be installed
on the operating system by updating the previous version.
However, this may not be convenient for everyone, as some may
want to keep their previous versions of OpenSSL.
This update on the docs shows that there is an alternative to
install OpenSSL on the system by using a local build of
OpenSSL 3.0 and pointing both the build and run commands to
that build.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Ib9ad9ee5c333f7b04e2747ae02433aa66e6397f3
Cortex-A78C erratum 2132064 is a cat B erratum that applies to revisions
r0p1 and r0p2 and is still open.
This patch implements workaround option 2 that places the data
prefetcher in the most conservative mode to greatly reduce prefetches
by writing the following bits to the value indicated:
ecltr[7:6], PF_MODE = 2'b11
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2004089/latest
Use the IPI command GET_HANDOFF_PARAM to get the TF-A handoff
params, rather than using the PLM's PPU RAM area. With this
approach this resolves the issue when XPPU is enabled.
Add an empty line just before the "Build Host" title.
Without this, the title is not properly recognized, it does not get
added to the table of contents and the underlining characters appear
as dashes, as can be seen here:
Mark Brown [Wed, 20 Apr 2022 17:14:32 +0000 (18:14 +0100)]
feat(sve): support full SVE vector length
Currently the SVE code hard codes a maximum vector length of 512 bits
when configuring SVE rather than the architecture supported maximum.
While this is fine for current physical implementations the architecture
allows for vector lengths up to 2048 bits and emulated implementations
generally allow any length up to this maximum.
Since there may be system specific reasons to limit the maximum vector
length make the limit configurable, defaulting to the architecture
maximum. The default should be suitable for most implementations since
the hardware will limit the actual vector length selected to what is
physically supported in the system.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I22c32c98a81c0cf9562411189d8a610a5b61ca12
Merge changes Iec22dcab,Ib88b4b5d,I50cd6b82,If1167785,I9b3a08ef, ... into integration
* changes:
feat(imx8m): keep pu domains in default state during boot stage
feat(imx8m): add the PU power domain support on imx8mm/mn
feat(imx8m): add the anamix pll override setting
feat(imx8m): add the ddr frequency change support for imx8m family
feat(imx8mn): enable dram retention suuport on imx8mn
feat(imx8mm): enable dram retention suuport on imx8mm
feat(imx8m): add dram retention flow for imx8m family
Johann Neuhauser [Wed, 16 Feb 2022 16:12:34 +0000 (17:12 +0100)]
feat(stm32mp15-fdts): add support for STM32MP157C based DHCOM SoM on PDK2 board
This is an SoM in SODIMM-200 format on an evaluation board called
"DHCOM Premium Developer Kit #2" (DHCOM PDK2 for short). The SoM features an
STM32MP157C SoC with 1 GB DDR3, 8 GB eMMC, microSD and 2 MB SPI flash.
The baseboard has multiple UART, USB, SPI, and I2C ports/headers and several
other interfaces that are not important for TF-A.
These dts(i) files are based on DHCOM dt's from Linux 5.16 and U-Boot 2022.01.
The DRAM calibration values are taken from U-Boot 2022.01 and are optimized for
industrial temperature range above 85° C.
TF-A on this board was fully tested with the latest OP-TEE developer setup.
Change-Id: I696c01742954d761fbad312cd1059e3ab01fa93c Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
refactor(arm): add debug logs to show the reason behind skipping firmware config loading
Added debug logs to show the reason behind skipping firmware
configuration loading, and also a few debug strings were corrected.
Additionally, a panic will be triggered if the configuration sanity
fails.
Change-Id: I6bbd67b72801e178a14cbe677a8831b25a907d0c Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Daniel Boulby [Wed, 6 Jul 2022 13:33:13 +0000 (14:33 +0100)]
fix(cpus): workaround for Neoverse-N2 erratum 2388450
Neoverse-N2 erratum 2388450 is a cat B erratum that applies to
revision r0p0 and is fixed in r0p1. The workaround is to set
bit[40] of CPUACTLR2_EL1 to disable folding of demand requests into
older prefetches with L2 miss requests outstanding.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Change-Id: I6dd949c79cea8dbad322e569aa5de86cf8cf9639 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
projects / arm-tf.git / log