Bipin Ravi [Thu, 13 Oct 2022 22:25:51 +0000 (17:25 -0500)]
fix(security): optimisations for CVE-2022-23960
Optimised the loop workaround for Spectre_BHB mitigation:
1. use of speculation barrier for cores implementing SB instruction.
2. use str/ldr instead of stp/ldp as the loop uses only X2 register.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I8ac53ea1e42407ad8004c1d59c05f791011f195d
Scott Parlane [Mon, 5 Sep 2022 22:59:57 +0000 (10:59 +1200)]
fix(rk3399): explicitly define the sys_sleep_flag_sram type
Recent GCC versions now do array-bounds checking which fails for
sys_sleep_flag_sram because the struct is larger than the 8-bytes
size that (void *) is
This variable is only used in one place as the struct,
so it can be defined with the struct type.
Resolves:
plat/rockchip/px30/drivers/pmu/pmu.c: In function 'rockchip_soc_sys_pwr_dm_suspend':
plat/rockchip/px30/drivers/pmu/pmu.c:977:23: error: array subscript 'struct psram_data_t[0]' is partly outside array bounds of 'void[8]' [-Werror=array-bounds]
977 | psram_boot_cfg->pm_flag &= ~PM_WARM_BOOT_BIT;
Change-Id: Ifbe42d11d0c7875f6cb23dc0b7ffb3f3f90c55a8 Signed-off-by: Scott Parlane <scott@parlanenz.com>
The arm,vexpress,config-bus DT binding restricts the possible (sub)node
names.
Adjust the current node names, to drop the unneeded address specifier,
and make the node names binding compliant.
Change-Id: Ic48c6969268c960ce92c8ec3a756ed1d89e61b08 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 22 Aug 2022 14:50:22 +0000 (15:50 +0100)]
fix(fvp): fdts: fix memtimer subframe addressing
The arm,armv7-timer-mem DT binding documentation demands that the
#size-cells property should be <1> only.
Adjust the value to be <1> and drop the now needless leading 0 in the
frame's reg property. Convert to #address-cell = <1> on the way.
Also adjust the interrupts property to use the proper GIC macros.
Change-Id: Ia2224663b1e6aaa7cf94af777473641de6a840d2 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Fri, 19 Aug 2022 15:21:29 +0000 (16:21 +0100)]
feat(fvp): fdts: update rtsm_ve DT files from the Linux kernel
The existing DT files for the base FVP model are having some issues,
that lead to warnings reported by the device tree compiler.
Those (and many other issues around (updated) DT binding compliance)
were fixed in the Linux kernel tree, so let's sync those files back into
TF-A.
We cannot copy the files "as is" for now, since we rely on certain custom
properties to be added (max-pwr-lvl in the PSCI node, SDEI nodes, etc).
Merge in the changed parts of the Linux kernel DT (from Linux v6.0-rc1),
and rework the base file to allow including the motherboard.dtsi
unchanged. This should make any future update less painful.
As this also affects the FVP VE boards (Cortex-A7 and Cortex-A5), since
they share the motherboard include file, fix them up as well.
Change-Id: I4f74d05e5583747f8849e32f246f74aeec7a9c60 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Fri, 19 Aug 2022 10:01:16 +0000 (11:01 +0100)]
refactor(fvp): fdts: consolidate GICv2 base FVP DT files
The GICv2 and GICv3 version of the FVP DT files are unnecessarily split,
as the common part of the peripherals is the same: it's literally just
the interrupt controller node that is different.
Since the GICv3 versions now use a generic DT include file (without any
GIC node), let's reuse that for the GICv2 versions of the FVP as well.
We just add a separate fvp-base-gicv2.dtsi file which describes the
GICv2 interrupt controller. Also shorten the compatible string, since
the GICv2 binding documentation does not allow the current combination.
This allows to remove the mostly redundant nodes from the GICv2 .dts
file.
Change-Id: I9018031bb611fb00ca7dbefc1bff7d40c3f05819 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Fri, 19 Aug 2022 10:00:37 +0000 (11:00 +0100)]
refactor(fvp): fdts: consolidate GICv3 base FVP DT files
The GICv2 and GICv3 version of the FVP DT files are unnecessarily split,
as the common part of the peripherals is the same: it's literally just
the interrupt controller node that is different.
To facilitate a unification, refactor the DT include files to explicitly
include a snippet with just the GICv3 description, and a generic base DT
file for the rest. This generic file can then be reused by the GICv2
versions later.
Since we can only have a /memreserve/ entry *before* any DT nodes, move
that line to each file, to allow including the GIC DT file separately.
Change-Id: I9ff357d3fe0ce46e280c30131aeae97a99631512 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Fri, 19 Aug 2022 09:26:00 +0000 (10:26 +0100)]
feat(fvp): dts: drop 32-bit .dts files
Conceptually the DT is a hardware description, as such it's independent
from the instruction set that a DT client uses. So having separate DTs
for aarch32 and aarch64 does not make sense and is not needed.
Probably due to historic reasons (a Linux bug fixed in 2016 with Linux
commit ba6dea4f7ced, in Linux v4.8) the CPU reg property was using a
different size between aarch64 and aarch32, even though the size of it
is solely governed by the parent's #address-cells property.
Consolidate this to be always 2, and always use two cells to describe
the CPU's MPIDR register.
This removes the last difference of the -aarch32 versions of the FVP
DT files, so just remove all of them. The respective versions without
that suffix can now be used with AArch32 DT clients as well.
Also remove the respective part in the documentation.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I45d3a2cbba8e04595a741e1cf41900377952673e
For no real reason we were shipping two separate DT include files for the
base FVP motherboard peripherals, one for aarch32, one for aarch64.
There is no difference in the hardware description when using a
different instruction set, and the diff between the two files was about
a missing interrupt map for the 64-bit DT files.
Consolidate the situation by just using a single motherboard .dtsi file,
which relies on an interrupt map by the including files.
Provide that map in the two files where it was missing before, and
change the filenames to let all users include the same file now.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I19b77ecc8da9b4bfbd61d02f910b9ab05dbf92e9
Andre Przywara [Thu, 25 Aug 2022 11:59:10 +0000 (12:59 +0100)]
refactor(fvp_ve): fdts: prepare Cortex-A5 and A7 model DTs
The DT files for the Cortex-A5 and Cortex-A7 FVP models include the
shared rtsm_ve-motherboard.dtsi file, which we need to sync with the
upstream Linux version soon.
To prepare for its changed structure there, adjust the top-level
#address-cells and #size-cells properties to be compatible with the
expectations of the Linux version.
Also extend the interrupt map to cover all peripherals listed in the
motherboard file, and use the proper GIC macros to make them more
readable on the way.
Change-Id: I7d1493f1a200e8350530f912833f9ffcc5f94b21 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Fri, 10 Dec 2021 18:22:09 +0000 (18:22 +0000)]
fix(fvp): fdts: unify and fix PSCI nodes
The PSCI DT nodes used for the various fvp-base model variants provide
explicit function IDs, as required for the pre-v0.2 PSCI specification.
This prevents them from being used from both AArch32 and AArch64 DT
clients, and using this version of the PSCI spec is long deprecated
anyway.
Remove the old compatible string and the function properties, to
force clients to use the standard function IDs as described in the PSCI
spec. sys_poweroff and sys_reset were never standardised or used anyway.
There should be no client software around that cannot deal with PSCI
v0.2.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ie87deb9898eae79b7307c15bcefcd4b311d4dc22
Fix a syntax error in the delegated attestation service code.
Unfortunately, this build failure was not caught by the CI system
because right now lib/psa/delegated_attestation.c file is not getting
pulled in by any upstream platform. This will be addressed in a
separate patch.
revert(cpus): "Revert workaround for A77 erratum 1800714"
Reinstate the workaround introduced in commit 9bbc03a6e0608a949d66d9da6db12a455b452bfb. The cited change to the SDEN
could not be found and there are no known problems with the workaround.
Merge changes I072fe5fe,I4066d476,Ie4af38b8,I730e7b04,Iac3356f8, ... into integration
* changes:
fix(psa): extend measured boot logging
fix(rss): determine the size of sw_type in RSS mboot metadata
fix(psa): align with original API in tf-m-extras
fix(rss): clear the message buffer
feat(tc): enable RSS backend based measured boot
feat(tc): increase maximum BL1/BL2/BL31 sizes
Harrison Mutai [Mon, 3 Oct 2022 11:48:35 +0000 (12:48 +0100)]
feat(cpu): add library support for Hunter ELP
Add basic CPU library code to support the Hunter ELP CPU in TF-A.
Hunter-ELP adds v9.2 architecture support and is derived from
Makalu-ELP. As such, the library code is adapted from the
Makalu-ELP support library.
Change-Id: I7e93b9af6b1f0bc4d08c3cf5caf071d2cbdbc89f Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
David Vincze [Mon, 11 Apr 2022 15:08:20 +0000 (17:08 +0200)]
feat(tc): add RSS-AP message size macro
Define the RSS_COMMS_PAYLOAD_MAX_SIZE macro. Its value is platform
specific and gives the largest message size which are exchanged
on the TC2 platform between RSS and AP.
Change-Id: Id831c282dc9a39755b82befead1a81767e217215 Signed-off-by: David Vincze <david.vincze@arm.com> Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Tamas Ban [Wed, 31 Aug 2022 12:50:27 +0000 (14:50 +0200)]
feat(psa): add delegated attestation partition API
Delegated attestation is a service provided by RSS to:
- Derive a delegated attestation key: Realm Attestation Key
- Query the platform attestation token
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I3edf09fcbef24bca7c8a000ffac8c1ab64dfb812
Manish Pandey [Thu, 6 Oct 2022 15:39:35 +0000 (17:39 +0200)]
Merge changes from topic "mb/drtm-preparatory-patches" into integration
* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache before DLME launch
feat(drtm): invalidate icache before DLME launch
feat(drtm): ensure that passed region lies within Non-Secure region of DRAM
feat(fvp): add plat API to validate that passed region is non-secure
feat(drtm): ensure that no SDEI event registered during dynamic launch
feat(drtm): prepare EL state during dynamic launch
feat(drtm): prepare DLME data for DLME launch
feat(drtm): take DRTM components measurements before DLME launch
feat(drtm): add a few DRTM DMA protection APIs
feat(drtm): add remediation driver support in DRTM
feat(fvp): add plat API to set and get the DRTM error
feat(drtm): add Event Log driver support for DRTM
feat(drtm): check drtm arguments during dynamic launch
feat(drtm): introduce drtm dynamic launch function
refactor(measured-boot): split out a few Event Log driver functions
feat(drtm): retrieve DRTM features
feat(drtm): add platform functions for DRTM
feat(sdei): add a function to return total number of events registered
feat(drtm): add PCR entries for DRTM
feat(drtm): update drtm setup function
refactor(crypto): change CRYPTO_SUPPORT flag to numeric
feat(mbedtls): update mbedTLS driver for DRTM support
feat(fvp): add crypto support in BL31
feat(crypto): update crypto module for DRTM support
build(changelog): add new scope for mbedTLS and Crypto module
feat(drtm): add standard DRTM service
build(changelog): add new scope for DRTM service
feat(fvp): increase MAX_XLAT_TABLES entries for DRTM support
feat(fvp): increase BL31's stack size for DRTM support
feat(fvp): add platform hooks for DRTM DMA protection
Added Event Log driver support for DRTM. This driver
is responsible for the doing the hash measurement of
various DRTM components as per [1], and putting these
measurements in the Event Log buffer.
Manish Pandey [Mon, 20 Jun 2022 16:42:41 +0000 (17:42 +0100)]
feat(drtm): introduce drtm dynamic launch function
This function is placeholder for checking all the necessary conditions
before doing drtm dynamic launch.
In this patch following conditions are checked (based on Table 31 of
DRTM spec beta0), rest of the conditions will be added in later
patches.
- Only boot PE is online
- Caller execution state is AArch64
- Caller exception level is NS-EL2 or NS-EL1
refactor(measured-boot): split out a few Event Log driver functions
Reorganized a few Event Log functions into multiple functions so that
they can be used for the upcoming DRTM feature. This change mainly
implements below new functions -
1. event_log_buf_init - called by 'event_log_init' to initialise Event
Log buffer
2. event_log_write_specid_event - called by 'event_log_fixed_header' to
write specification id event to Event Log buffer
3. event_log_measure and event_log_record - called by
'event_log_measure_and_record' to measure and record the measurement
to the Event Log buffer
Change-Id: I1aabb57f79bead726fcf36d59839702cd6a3521d Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
John Powell [Thu, 12 May 2022 17:49:55 +0000 (12:49 -0500)]
feat(sdei): add a function to return total number of events registered
This patch adds a public API to return the total number of registered
events. The purpose of this is primarily for DRTM to ensure that no
SDEI event can interfere with a dynamic launch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I1d1cba2da7d5566cc340620ee1ce7d7844740b86
Updated DRTM setup functionality that mainly does below 2 things
1. Initialise the DRTM DMA protection, this function assumes the
platform must support complete DMA protection.
2. Initialise the Crypto module that will be useful to calculate
the hash of various DRTM element involved.
Added a dummy DRTM setup function and also, introduced DRTM SMCs
handling as per DRTM spec [1]. Few basic SMCs are handled in this
change such as ARM_DRTM_SVC_VERSION and ARM_DRTM_SVC_FEATURES
that returns DRTM version and functions ids supported respectively,
and others are dummy for now.
feat(fvp): add platform hooks for DRTM DMA protection
Added necessary platform hooks for DRTM DMA protection.
These calls will be used by the subsequent DRTM implementation
patches.
DRTM platform API declarations have been listed down in a
separate header file.
When pointer authentication is used the frame record return address
includes the pointer authentication code hence it must be masked out
when willing to compare the pointer value with another address or
checking its validity. The stack unwind function missed one case of
adjusting the return address leading to a misinterpreted corrupted stack
frame error message.
Andre Przywara [Tue, 4 Oct 2022 12:41:32 +0000 (13:41 +0100)]
fix(qemu): enable SVE and SME
Starting with QEMU v3.1.0 (Dec 2018), QEMU's TCG emulation engine supports
the SVE architecture extension. In QEMU v7.1.0 (Aug 2022) it also gained
SME support.
As it stands today, running TF-A under QEMU with "-cpu max" makes Linux
hang, because SME and SVE accesses trap to EL3, but are never handled
there. This is because the Linux kernel sees the SVE or SME feature bits,
and assumes firmware has enabled the feature for lower exception levels.
This requirement is described in the Linux kernel booting protocol.
Enable those features in the TF-A build, so that BL31 does the proper
EL3 setup to make the feature usable in non-secure world.
We check the actual feature bits before accessing SVE or SME registers,
so this is safe even for older QEMU version or when not running with
-cpu max. As SVE and SME are AArch64 features only, do not enable them
when building for AArch32.
Change-Id: I5b718eb298a0bbcf36244479e8d42e54a2faca61 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
projects / arm-tf.git / log