fix(bl31): avoid clearing of argument registers in RESET_TO_BL31 case
It was assumed that BL31 is the first bootloader to run so there's
no argument to relay from a previous bootloader in RESET_TO_BL31
case, however this is not true for every platform with a non-TF-A
bootloader that might get executed before BL31 while compiling in
RESET_TO_BL31 feature.
Thus, by avoiding zeroing registers, the arguments passed from the
previous bootloader to BL31 are preserved.
Change-Id: I7bb66a10d1fd551ba3fd59a7a38ab5bde3197f72 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Adopted RESET_TO_BL31_WITH_PARAMS functionality in RESET_TO_BL31
in the subsequent patches hence reverted this patch.
This reverts commit ac4ac38c5443afdef38e38e9247c96359de3a2ea.
Change-Id: I5fb8eaea47d0fd6d0171260c6d834ec8de588fad Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Adopted RESET_TO_BL31_WITH_PARAMS functionality in RESET_TO_BL31
in the subsequent patches hence reverted this patch.
This reverts commit 25844ff728e4a0e5430ba2032457aba7b780a701.
Change-Id: Ia0bfa22fc45754f15c82638662dde93f604992c3 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Tintu Thomas [Tue, 21 Feb 2023 17:51:24 +0000 (17:51 +0000)]
fix(tc): change the FIP offset to 8 KiB boundary
* This change overrides the default PLAT_ARM_FIP_OFFSET_IN_GPT
* This aligns the FIP base in GPT image to the RSS ATU page size
boundary (8 KiB). RSS XIP feature requires the FIP to be aligned to
the page size boundary. TC platform will require the XIP feature.
* The aligned FIP_A is starting at sector 48. Hence the offset will be
48*512 = 0x6000.
Signed-off-by: Tintu Thomas <tintu.thomas@arm.com>
Change-Id: I8135ecd4168231847c80151c33ef8353a1586b9a
Akshay Belsare [Mon, 27 Feb 2023 06:34:26 +0000 (12:04 +0530)]
fix(zynqmp): conditional reservation of memory in DTB
When the TF-A is placed in DDR memory range, the DDR memory range is
getting explicitly reserved in the default device tree by TF-A.
This creates an error condition in the use case where Device tree is
not present or it is present at a different location.
To fix this, a new build time parameter, XILINX_OF_BOARD_DTB_ADDR, is
introduced. The TF-A will reserve the DDR memory only when a valid
DTB address is provided to XILINX_OF_BOARD_DTB_ADDR during build.
Now the user has options, either manually reserve the desired
DDR address range for TF-A in device tree or let TF-A access and modify
the device tree, to reserve the DDR address range, in runtime using
the build parameter.
refactor(auth): use a single function for parsing extensions
Previously, extensions were parsed twice: once with error checking for
validation, and a second time without error checking to extract the
extension data. This is error prone and caused TFV-10 (CVE-2022-47630).
A simpler approach is to have get_ext() be responsible for all extension
parsing, and to treat a NULL OID as an indicator that get_ext() is only
being called for validation. cert_parse() checks that get_ext() returns
IMG_PARSER_OK and fails otherwise.
Change-Id: I65a2ff053a188351ba54799827a2b7bd833bb037 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
fix(cpufeat): resolve build errors due to compiler optimization
Currently most of the architectural feature build flags are set
to 2(FEATURE_STATE_CHECK) for fvp platform only.
However other platforms still configure them by default to 0, which
would lead to build failures in cases when compiler configured
to build TF-A with zero optimization (CFLAGS='-O0').
This patch addresses such build issues and thereby resolves the failures
seen under CI-l3 test_configurations.
Govindraj Raja [Tue, 28 Feb 2023 11:37:02 +0000 (11:37 +0000)]
fix(mbedtls): fix mbedtls coverity issues
commit (a8eadc51a refactor(mbedtls): avoid including
MBEDTLS_CONFIG_FILE) avoids using config file directly and relies on
config file usage from mbedtls version.h
But we could build trusted boot without mbedtls dir so guard version.h
include in cot_def.h with availability of config file.
Also we refactored in same commit to break dependencies between
auth_mod.h and cot_def.h, So add cot_def.h include in nxp tbbr
cot file.
Change-Id: I4779e90c18f04c73d2121c88df6420b4b1109c8b Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Manish Pandey [Tue, 28 Feb 2023 10:40:54 +0000 (11:40 +0100)]
Merge changes from topic "feat_state_part2" into integration
* changes:
refactor(trf): enable FEAT_TRF for FEAT_STATE_CHECKED
refactor(brbe): enable FEAT_BRBE for FEAT_STATE_CHECKED
refactor(trbe): enable FEAT_TRBE for FEAT_STATE_CHECKED
fix(cpufeat): context-switch: move FGT availability check to callers
feat(cpufeat): extend check_feature() to deal with min/max
refactor(cpufeat): wrap CPU ID register field isolation
Andre Przywara [Thu, 17 Nov 2022 17:30:43 +0000 (17:30 +0000)]
refactor(trf): enable FEAT_TRF for FEAT_STATE_CHECKED
At the moment we only support FEAT_TRF to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_TRF_FOR_NS=2), by splitting
is_feat_trf_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access TRF related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_trf_supported() function to guard its execution.
The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_TRF is an ARMv8.4 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: Ia97b01adbe24970a4d837afd463dc5506b7295a3 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Thu, 17 Nov 2022 16:42:09 +0000 (16:42 +0000)]
refactor(brbe): enable FEAT_BRBE for FEAT_STATE_CHECKED
At the moment we only support FEAT_BRBE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_BRBE_FOR_NS=2), by splitting
is_feat_brbe_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access BRBE related registers.
The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_BRBE is an ARMv9 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: I5f2e2c9648300f65f0fa9a5f8e2f34e73529d053 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Thu, 17 Nov 2022 16:42:09 +0000 (16:42 +0000)]
refactor(trbe): enable FEAT_TRBE for FEAT_STATE_CHECKED
At the moment we only support FEAT_TRBE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_TRBE_FOR_NS=2), by splitting
is_feat_trbe_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access TRBE related registers.
The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_TRBE is an ARMv9 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: Iee7f88ea930119049543a8a4a105389997e7692c Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Wed, 15 Feb 2023 15:56:15 +0000 (15:56 +0000)]
fix(cpufeat): context-switch: move FGT availability check to callers
To be inline with other features, and to allow the availability to be
checked for different contexts, move the FGT availability check out of
the save/restore functions. This is instead now checked at the caller.
Change-Id: I96e0638714f9d1b6fdadc1cb989cbd33bd48b1f6 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Wed, 1 Feb 2023 11:46:31 +0000 (11:46 +0000)]
feat(cpufeat): extend check_feature() to deal with min/max
So far the check_feature() function compares the subfield of a CPU ID
register against 0, to learn if a feature is enabled or not.
This is problematic for checks that require a certain revision of a
feature, so we should check against a minimum version number instead.
On top of that we might need to add code to support newer versions of a
feature, so we should be alerted if new hardware introduces a higher
number.
Extend the check_feature() function to take two extra arguments: the
minimum version, and the greatest currently known number.
Then make sure that the CPU ID field is in this range.
Change-Id: I425b68535a2ba9eafd31854e74d142183b521cd5 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Wed, 25 Jan 2023 12:26:14 +0000 (12:26 +0000)]
refactor(cpufeat): wrap CPU ID register field isolation
Some MISRA test complains about our code to isolate CPU ID register
fields: the ID registers (and associated masks) are 64 bits wide, but
the eventual field is always 4 bits wide only, so we use an unsigned
int to represent that. MISRA dislikes the differing width here.
Since the code to extract a feature field from a CPU ID register is very
schematic already, provide a wrapper macro to make this more readable,
and do the proper casting in one central place on the way.
While at it, use the same macro for the AArch32 feature detection side.
Change-Id: Ie102a9e7007a386f5879ec65e159ff041504a4ee Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Merge changes from topic "mbedtls3_support" into integration
* changes:
feat(stm32mp1): add mbedtls-3.3 support config
refactor(fvp): minor cleanup with TRUSTED_BOARD_BOOT
style(crypto): add braces for if statement
feat(fvp): increase BL1_RW and BL2 size
feat(mbedtls): add support for mbedtls-3.3
refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options
refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE
Michal Simek [Mon, 27 Feb 2023 08:28:20 +0000 (09:28 +0100)]
revert(zynqmp): remove EM SMC handler
EM support was out of SMC SIP range that's why has been moved to SIP
range 0x3000 by commit acbae3998bd8 ("fix(zynqmp): move EM SMC range
to SIP range").
But after another investigation was found that this interface has no
user in any our SW and likely never adopted by anybody else. That's
why simply remove it. If there is any user it can be added back but
as TF-A size is challenging removing unused code is very welcome.
Origin code was added by commit 504925f99da0 ("xilinx: zynqmp: Add
support for Error Management").
Change-Id: I2d9222d7dde507400893e06f7f12e1713ce6bc9a Signed-off-by: Michal Simek <michal.simek@amd.com>
Jorge Troncoso [Wed, 22 Feb 2023 23:30:47 +0000 (15:30 -0800)]
fix(ufs): set the PRDT length field properly
The PRDT length field contains the count of the entries in the PRDT. See
JEDEC Standard No. 223E, section 6.1.1, "UTP Transfer Request
Descriptor," page 66. Previously we were setting the PRDT length field
to the number of bytes in the PRDT divided by four (the size in units of
32 bits). This was incorrect according to the spec.
Jorge Troncoso [Wed, 22 Feb 2023 09:41:18 +0000 (01:41 -0800)]
fix(ufs): flush the entire PRDT
Previously, if the image being read exceeded 12,800 KB (or 50 PRDT
entries of size 256 KB), the UFS driver would not flush the entire
Physical Region Descriptor Table (PRDT). This would cause the UFS host
controller to read empty PRDT entries, which eventually would make the
system crash. This change updates the UFS driver to flush the entire
PRDT, irrespective of the size of the image being read.
This change also throws an error if the memory allocated for UFS
descriptors is not sufficient to hold the entire Physical Region
Descriptor Table (PRDT).
Jorge Troncoso [Wed, 22 Feb 2023 08:51:31 +0000 (00:51 -0800)]
fix(ufs): only allow using one slot
Currently the UFS driver places the Command UPIU, Response UPIU, and
PRDT immediately after the UTP Transfer Request Descriptor. This space
would normally be reserved for other slots in the UTP Transfer Request
List, but because we always use slot zero, the other slots in the UTP
Transfer Request List are never used and this is okay.
Because the Command UPIU, Response UPIU, and PRDT are placed inside the
UTP Transfer Request List, the UFS driver would break if two or more
slots were used at the same time. Therefore, in a sense the
get_empty_slot() function is misleading. It gives developers the
illusion that they can use two or more slots simultaneously but in
reality they cannot.
This change deletes the get_empty_slot() function and replaces it with
is_slot_available() so that only one slot can be used.
Amit Nagal [Thu, 23 Feb 2023 16:07:23 +0000 (21:37 +0530)]
feat(zynqmp): add hooks for mmap and early setup
Add early setup hooks (via custom_early_setup()) and provide a way
to cover custom memory mapping which includes extending memory map
via custom_mmap_add().
This likely also require to align MAX_XLAT_TABLE, MAX_XLAT_TABLES
macros. It can be done for example by defining these macros in
custom_pkg.mk
MAX_MMAP_REGIONS := XY
$(eval $(call add_define,MAX_MMAP_REGIONS))
MAX_XLAT_TABLES := XZ
$(eval $(call add_define,MAX_XLAT_TABLES))
custom_early_setup() can be used for early low level operations
related to setting up the system to correct state.
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Change-Id: I61df6f9ba5af0bc97c430974fb10a2edde44f23d
Govindraj Raja [Tue, 21 Feb 2023 17:43:55 +0000 (17:43 +0000)]
refactor(bl31): use elx_panic for sysreg_handler64
When we reach sysreg_handler64 from any trap handling we are entering
this path from lower EL and thus we should be calling lower_el_panic
reporting mechanism to print panic report.
Make report_elx_panic available through assembly func elx_panic which
could be used for reporting any lower_el_panic.
Change-Id: Ieb260cf20ea327a59db84198b2c6a6bfc9ca9537 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Ronak Jain [Wed, 22 Feb 2023 12:28:02 +0000 (04:28 -0800)]
fix(zynqmp): add bitmask for get_op_char API
As per the current functionality, there are a couple of types like
PM_OPCHAR_TYPE_TEMP, PM_OPCHAR_TYPE_POWER and PM_OPCHAR_TYPE_LATENCY
for the PM_GET_OP_CHARACTERISTIC EEMI API which is mismatched across
the Versal and ZynqMP platforms.
So added the bitmask functionality for PM_GET_OP_CHARACTERISTIC API
in feature check in the firmware and as part of that the firmware fill
up payload[1] with the bitmask value of supported types of the
PM_GET_OP_CHARACTERISTIC EEMI API but from TF-A based on the current
codebase it is just returning the version. So filling up the bitmask
buffer which is received from the firmware and returned the same to
the user.
Govindraj Raja [Mon, 16 Jan 2023 17:35:07 +0000 (17:35 +0000)]
refactor(aarch64): rename do_panic and el3_panic
Current panic call invokes do_panic which calls el3_panic, but now panic
handles only panic from EL3 anid clear separation to use lower_el_panic()
which handles panic from lower ELs.
So now we can remove do_panic and just call el3_panic for all panics.
Change-Id: I739c69271b9fb15c1176050877a9b0c0394dc739 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Govindraj Raja [Mon, 16 Jan 2023 16:44:45 +0000 (16:44 +0000)]
refactor(aarch64): remove weak links to el3_panic
Cleanup weak links to el3_panic and restrict crash_reporting usage
to bl31.
Crash reporting is not used with bl1, bl2 and weak linkage to el3_panic
is used, this can cause ambiguity in understanding the code so remove
this weak linkage and introduce funcs that should be used when we have
crash reporting for el3 panics.
Change-Id: Ic5c711143ba36898ef9574a078b8fa02effceb12 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Govindraj Raja [Mon, 16 Jan 2023 15:11:47 +0000 (15:11 +0000)]
refactor(aarch64): refactor usage of elx_panic
Currently we call el3_panic for panics from EL3 and elx_panic for
panics from lower ELs.
When we boot into a rich OS environment and interact with BL31 using
SMC/ABI calls and we can also decide to handle any lower EL panics in
EL3. Panic can occur in lower EL from rich OS or during SMC/ABI calls
after context switch to EL3.
But after booting into any rich OS we may land in panic either from
rich OS or while servicing any SMC call, here the logic to use
el3_panic or elx_panic is flawed as spsr_el3[3:0] is always EL3h
and end up in elx_panic even if panic occurred from EL3 during
SMC handling.
We try to decouple the elx_panic usage for its intended purpose,
introduce lower_el_panic which would call elx_panic, currently
lower_el_panic is called from default platform_ea_handle which
would be called due to panic from any of the lower ELs.
Also remove the weak linkage for elx_panic and rename it to
report_elx_panic which could be used with lower_el_panic.
Change-Id: I268bca89c01c60520d127ef6c7ba851460edc747 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Govindraj Raja [Sun, 12 Feb 2023 20:36:02 +0000 (20:36 +0000)]
refactor(fvp): minor cleanup with TRUSTED_BOARD_BOOT
CRYPTO_SUPPORT is enabled by default when TRUSTED_BOARD_BOOT is
enabled so usage CRYPTO_SUPPORT in conjunction with TRUSTED_BOARD_BOOT
might sometime be confusing to look at.
Adding minor cleanup to make it look simpler with conditions.
No functionality changes.
Change-Id: I800524d54ea56dc27b6c6da26c75a07f5f6de984 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
docs(drtm): mention DRTM_SUPPORT as an experimental build option
In spite of the fact that makefile [1] indicates that DRTM_SUPPORT is
an experimental feature, it is better to mention the same in the
documentation of the build option as well.
Govindraj Raja [Fri, 27 Jan 2023 10:08:54 +0000 (10:08 +0000)]
feat(build): allow additional CFLAGS for library build
Current CFLAGS if set for library builds could impact entire build, so
allow to pass additional CFLAGs for library builds based on format
<LIBNAME>_CFLAGS.
This support is currently needed to avoid 'redundant declaration'
error from latest mbedtls-3.3, the issue is reported to mbedtls[1]
and is under consideration to remove any redundant declarations.
But till then we have to disable that compiler option while building
for mbedtls-3.3
Govindraj Raja [Wed, 8 Feb 2023 15:04:55 +0000 (15:04 +0000)]
feat(fvp): increase BL1_RW and BL2 size
To support mbedtls3.3 increase BL1_RW and BL2 size rsa+ecdsa alg.
Increase both by one page size. In mbedtls3.3 numerous config options
have been tweaked and made defaults[1] thus a small increase in size
can result for mbedtls-3.3
This size limitation is observed when we build TF-A with
TF_MBEDTLS_KEY_ALG=rsa+ecdsa this approach is used in juno as well,
so use similar approach for FVP.
Govindraj Raja [Thu, 12 Jan 2023 15:34:12 +0000 (15:34 +0000)]
feat(mbedtls): add support for mbedtls-3.3
TF-A support for mbedtls3.x has been overdue by number of releases.
As per mbedtls support it was advised to use latest and greatest
mbedtls-3.3. But mbedtls-3.x breaks API compatibility with
mbedtls-2.x
To maintain comptability for mbedtls-2.x and enable mbedtls-3.x
support add a functionality into makefile to determine the major version
of mbedtls and use that to selective include or compile files
that are present.
With mbedtls-3.x numerous other config changes have been done.
Some of the config options deprecated or enabled by default.
Thus we decided to introduce a new 3.x config file part of this
change for building TF-A with mbedtls-3.3.
For futher information on migrating to mbedtls 3.x refer to:
https://github.com/Mbed-TLS/mbedtls/blob/development/docs/3.0-migration-guide.md
Change-Id: Ia8106d6f526809df927d608db27fe149623258ed Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Govindraj Raja [Fri, 3 Feb 2023 11:08:00 +0000 (11:08 +0000)]
refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options
In preparation for supporting mbedtls 3.3, usage of
mbedtls_pk_rsassa_pss_options[1] is made private and is broken on 3.3
However looking closely into the usage in 'verify_signature' function
is no hard reason behind usage of this struct and they could be easily
replaced with independent variables.
This Minor refactor to avoid using the struct mbedtls_pk_rsassa_pss_options
and use independent variable will provide compatibility with both 2.x
and 3.x
Govindraj Raja [Wed, 11 Jan 2023 18:34:58 +0000 (18:34 +0000)]
refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE
Currently we include MBEDTLS_CONFIG_FILE directly and if a custom
config file is used it will included.
However from mbedtls-3.x onwards it discourages usage of
MBEDTLS_CONFIG_FILE include directly, so to resolve this and keep 2.28
compatibility include version.h which would include the custom config
file if present and also would expose us with mbedtls-major-version
number which could be used for selecting features and functions for
mbedtls 2.28 or 3.3
Change-Id: I029992311be2a38b588ebbb350875b03ea29acdb Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Michal Simek [Mon, 20 Feb 2023 12:01:27 +0000 (13:01 +0100)]
fix(zynqmp): panic w/o handoff structure in !JTAG
In case that FSBL (or SPL) doesn't provide valid handoff structure don't
fallback to default image location. In non JTAG boot mode all the time
structure should be passed. If it is not it can be opportunity to inject
any code to default locations and start it. That's why panic in all
these cases.
Change-Id: Ib3e11e2ae9ffec7406002cce4997b12b97bdc396 Signed-off-by: Michal Simek <michal.simek@amd.com>
Jorge Troncoso [Tue, 21 Feb 2023 02:35:24 +0000 (18:35 -0800)]
fix(ufs): device present (DP) field is set to '1'
The Device Present (DP) field is set to '1' after host controller
receive 'SUCCESS' return code on the response of the DME_LINKSTARTUP UIC
CMD during host controller initialization.
Chris Kay [Tue, 14 Feb 2023 11:30:04 +0000 (11:30 +0000)]
build: always prefix section names with `.`
Some of our specialized sections are not prefixed with the conventional
period. The compiler uses input section names to derive certain other
section names (e.g. `.rela.text`, `.relacpu_ops`), and these can be
difficult to select in linker scripts when there is a lack of a
delimiter.
This change introduces the period prefix to all specialized section
names.
BREAKING-CHANGE: All input and output linker section names have been
prefixed with the period character, e.g. `cpu_ops` -> `.cpu_ops`.
Change-Id: I51c13c5266d5975fbd944ef4961328e72f82fc1c Signed-off-by: Chris Kay <chris.kay@arm.com>
Michal Simek [Mon, 20 Feb 2023 11:53:31 +0000 (12:53 +0100)]
fix(zynqmp): move EM SMC range to SIP range
EM SMC where out of SIP range which is 15:0 bits only. EM was used 19:17
bits which is wrong but no code was checking it. That's why vove EM SMC
to SIP range.
Change-Id: I83f998a17a8b82b2c25ea8c9b247e42642c82178 Signed-off-by: Michal Simek <michal.simek@amd.com>
Amit Nagal [Wed, 15 Feb 2023 13:13:55 +0000 (18:43 +0530)]
feat(zynqmp): add support for custom sip service
Add support for custom sip service.
Bare minimum implementation for custom_smc_handler is provided
by platform. Actual definition for custom_smc_handler will be provided
by custom pkg.
This feature is going to be used by external libraries. For example
for checking it's status.
The similar approach is also used by qti/{sc7180,sc7280} platforms
by providing a way to select QTISECLIB_PATH.
This code is providing a generic way how to wire any code
via custom $(CUSTOM_PKG_PATH)/custom_pkg.mk makefile with also an
option to wire custom SMC. SMC functionality depends on "package".
Change-Id: Icedffd582f76f89fc399b0bb2e05cdaee9b743a0 Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Michal Simek [Wed, 15 Feb 2023 11:39:22 +0000 (12:39 +0100)]
fix(versal): check smc_fid 23:16 bits
23:16 bits when they gets to SMC handler should be all zeros but be
inside SIP Service Calls range which is defined as 0x82000000-0x8200ffff
or 0xc2000000-0xc200ffff. That's why make sure that code won't handle
any SMCs in SIP range out of predefined range.
Also fix MASK values to check the same range for PM/IPI calls to make
sure that masking covers all required bits including 23:16. Bits 15:12
are used for different class of requests.
Change-Id: I9d3e91aa521d6bb90f6b15b71ff1e89fa77ee379 Signed-off-by: Michal Simek <michal.simek@amd.com>
Michal Simek [Tue, 14 Feb 2023 12:10:29 +0000 (13:10 +0100)]
fix(zynqmp): check smc_fid 23:16 bits
23:16 bits when they gets to SMC handler should be all zeros but be
inside SIP Service Calls range which is defined as 0x82000000-0x8200ffff
or 0xc2000000-0xc200ffff. That's why make sure that code won't handle
any SMCs in SIP range out of predefined range. Because EM SMC is out of
this range already on this SOC check it after it (EMC SMC will be
handled separately).
Also fix MASK values to check the same range for PM/IPI/EM calls to make
sure that masking covers all required bits including 23:16. Bits 15:12
are used for different class of requests.
Change-Id: If23ac769c91d206e47758aeaa1f14e8b9c3dc7bb Signed-off-by: Michal Simek <michal.simek@amd.com>
projects / arm-tf.git / log