1. 06 Dec, 2019 1 commit
    • Achin Gupta's avatar
      Add support for enabling S-EL2 · 0376e7c4
      Achin Gupta authored
      
      
      This patch adds support for enabling S-EL2 if this EL is specified in the entry
      point information being used to initialise a secure context. It is the caller's
      responsibility to check if S-EL2 is available on the system before requesting
      this EL through the entry point information.
      Signed-off-by: default avatarAchin Gupta <achin.gupta@arm.com>
      Change-Id: I2752964f078ab528b2e80de71c7d2f35e60569e1
      0376e7c4
  2. 26 Nov, 2019 1 commit
  3. 11 Nov, 2019 1 commit
  4. 07 Nov, 2019 1 commit
  5. 05 Nov, 2019 1 commit
  6. 11 Oct, 2019 1 commit
  7. 08 Oct, 2019 1 commit
  8. 07 Oct, 2019 1 commit
  9. 04 Oct, 2019 1 commit
    • laurenw-arm's avatar
      Neoverse N1 Errata Workaround 1542419 · 80942622
      laurenw-arm authored
      
      
      Coherent I-cache is causing a prefetch violation where when the core
      executes an instruction that has recently been modified, the core might
      fetch a stale instruction which violates the ordering of instruction
      fetches.
      
      The workaround includes an instruction sequence to implementation
      defined registers to trap all EL0 IC IVAU instructions to EL3 and a trap
      handler to execute a TLB inner-shareable invalidation to an arbitrary
      address followed by a DSB.
      Signed-off-by: default avatarLauren Wehrmeister <lauren.wehrmeister@arm.com>
      Change-Id: Ic3b7cbb11cf2eaf9005523ef5578a372593ae4d6
      80942622
  10. 03 Oct, 2019 3 commits
  11. 02 Oct, 2019 2 commits
  12. 30 Sep, 2019 1 commit
  13. 26 Sep, 2019 4 commits
    • Alexei Fedorov's avatar
      AArch32: Disable Secure Cycle Counter · c3e8b0be
      Alexei Fedorov authored
      
      
      This patch changes implementation for disabling Secure Cycle
      Counter. For ARMv8.5 the counter gets disabled by setting
      SDCR.SCCD bit on CPU cold/warm boot. For the earlier
      architectures PMCR register is saved/restored on secure
      world entry/exit from/to Non-secure state, and cycle counting
      gets disabled by setting PMCR.DP bit.
      In 'include\aarch32\arch.h' header file new
      ARMv8.5-PMU related definitions were added.
      
      Change-Id: Ia8845db2ebe8de940d66dff479225a5b879316f8
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      c3e8b0be
    • Madhukar Pappireddy's avatar
      Migrate ARM platforms to use the new GICv3 API · 6806cd23
      Madhukar Pappireddy authored
      
      
      This patch invokes the new function gicv3_rdistif_probe() in the
      ARM platform specific gicv3 driver. Since this API modifies the
      shared GIC related data structure, it must be invoked coherently
      by using the platform specific pwr_domain_on_finish_late hook.
      
      Change-Id: I6efb17d5da61545a1c5a6641b8f58472b31e62a8
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      6806cd23
    • Madhukar Pappireddy's avatar
      Adding new optional PSCI hook pwr_domain_on_finish_late · 10107707
      Madhukar Pappireddy authored
      
      
      This PSCI hook is similar to pwr_domain_on_finish but is
      guaranteed to be invoked with the respective core and cluster are
      participating in coherency. This will be necessary to safely invoke
      the new GICv3 API which modifies shared GIC data structures concurrently.
      
      Change-Id: I8e54f05c9d4ef5712184c9c18ba45ac97a29eb7a
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      10107707
    • Madhukar Pappireddy's avatar
      GICv3: Enable multi socket GIC redistributor frame discovery · ec834925
      Madhukar Pappireddy authored
      
      
      This patch provides declaration and definition of new GICv3 driver
      API: gicv3_rdistif_probe().This function delegates the responsibility
      of discovering the corresponding Redistributor base frame to each CPU
      itself. It is a modified version of gicv3_rdistif_base_addrs_probe()
      and is executed by each CPU in the platform unlike the previous
      approach in which only the Primary CPU did the discovery of all the
      Redistributor frames for every CPU.
      
      The flush operations as part of gicv3_driver_init() function are
      made necessary even for platforms with WARMBOOT_ENABLE_DCACHE_EARLY
      because the GICv3 driver data structure contents are accessed by CPU
      with D-Cache turned off during power down operations.
      
      Change-Id: I1833e81d3974b32a3e4a3df4766a33d070982268
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      ec834925
  14. 20 Sep, 2019 2 commits
  15. 18 Sep, 2019 1 commit
  16. 13 Sep, 2019 5 commits
    • Andre Przywara's avatar
      Add fdt_add_reserved_memory() helper function · 3ef45dda
      Andre Przywara authored
      
      
      If a firmware component like TF-A reserves special memory regions for
      its own or secure payload services, it should announce the location and
      size of those regions to the non-secure world. This will avoid
      disappointment when some rich OS tries to acccess this memory, which
      will likely end in a crash.
      
      The traditional way of advertising reserved memory using device tree is
      using the special memreserve feature of the device tree blob (DTB).
      However by definition those regions mentioned there do not prevent the
      rich OS to map this memory, which may lead to speculative accesses to
      this memory and hence spurious bus errors.
      
      A safer way of carving out memory is to use the /reserved-memory node as
      part of the normal DT structure. Besides being easier to setup, this
      also defines an explicit "no-map" property to signify the secure-only
      nature of certain memory regions, which avoids the rich OS to
      accidentally step on it.
      
      Add a helper function to allow platform ports to easily add a region.
      
      Change-Id: I2b92676cf48fd3bdacda05b5c6b1c7952ebed68c
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      3ef45dda
    • Andre Przywara's avatar
      rpi3: Move rng driver to drivers · 990ab78e
      Andre Przywara authored
      
      
      To allow sharing the driver between the RPi3 and RPi4, move the random
      number generator driver into the generic driver directory.
      
      Change-Id: Iae94d7cb22c6bce3af9bff709d76d4caf87b14d1
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      990ab78e
    • Andre Przywara's avatar
      qemu: Move and generalise FDT PSCI fixup · f240728b
      Andre Przywara authored
      
      
      The QEMU platform port scans its device tree to advertise PSCI as the
      CPU enable method. It does this by scanning *every* node in the DT and
      check whether its compatible string starts with "arm,cortex-a". Then it
      sets the enable-method to PSCI, if it doesn't already have one.
      
      Other platforms might want to use this functionality as well, so let's
      move it out of the QEMU platform directory and make it more robust by
      fixing some shortcomings:
      - A compatible string starting with a certain prefix is not a good way
      to find the CPU nodes. For instance a "arm,cortex-a72-pmu" node will
      match as well and is in turn favoured with an enable-method.
      - If the DT already has an enable-method, we won't change this to PSCI.
      
      Those two issues will for instance fail on the Raspberry Pi 4 DT.
      To fix those problems, we adjust the scanning method:
      The DT spec says that all CPU nodes are subnodes of the mandatory
      /cpus node, which is a subnode of the root node. Also each CPU node has
      to have a device_type = "cpu" property. So we find the /cpus node, then
      scan for a subnode with the proper device_type, forcing the
      enable-method to "psci".
      We have to restart this search after a property has been patched, as the
      node offsets might have changed meanwhile.
      
      This allows this routine to be reused for the Raspberry Pi 4 later.
      
      Change-Id: I00cae16cc923d9f8bb96a9b2a2933b9a79b06139
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      f240728b
    • Andre Przywara's avatar
      rpi3: Move VC mailbox driver into generic drivers directory · c0031189
      Andre Przywara authored
      
      
      To allow sharing the driver between the RPi3 and RPi4, move the mailbox
      driver into the generic driver directory.
      
      Change-Id: I463e49acf82b02bf004f3d56482b7791f3020bc0
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      c0031189
    • Alexei Fedorov's avatar
      Refactor ARMv8.3 Pointer Authentication support code · ed108b56
      Alexei Fedorov authored
      
      
      This patch provides the following features and makes modifications
      listed below:
      - Individual APIAKey key generation for each CPU.
      - New key generation on every BL31 warm boot and TSP CPU On event.
      - Per-CPU storage of APIAKey added in percpu_data[]
        of cpu_data structure.
      - `plat_init_apiakey()` function replaced with `plat_init_apkey()`
        which returns 128-bit value and uses Generic timer physical counter
        value to increase the randomness of the generated key.
        The new function can be used for generation of all ARMv8.3-PAuth keys
      - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
      - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
        generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
        pauth_disable_el1()` and `pauth_disable_el3()` functions disable
        PAuth for EL1 and EL3 respectively;
        `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
        cpu-data structure.
      - Combined `save_gp_pauth_registers()` function replaces calls to
        `save_gp_registers()` and `pauth_context_save()`;
        `restore_gp_pauth_registers()` replaces `pauth_context_restore()`
        and `restore_gp_registers()` calls.
      - `restore_gp_registers_eret()` function removed with corresponding
        code placed in `el3_exit()`.
      - Fixed the issue when `pauth_t pauth_ctx` structure allocated space
        for 12 uint64_t PAuth registers instead of 10 by removal of macro
        CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
        and assigning its value to CTX_PAUTH_REGS_END.
      - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
        in `msr	spsel`  instruction instead of hard-coded values.
      - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
      
      Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      ed108b56
  17. 12 Sep, 2019 2 commits
  18. 11 Sep, 2019 2 commits
    • Justin Chadwell's avatar
      Add UBSAN support and handlers · 1f461979
      Justin Chadwell authored
      
      
      This patch adds support for the Undefined Behaviour sanitizer. There are
      two types of support offered - minimalistic trapping support which
      essentially immediately crashes on undefined behaviour and full support
      with full debug messages.
      
      The full support relies on ubsan.c which has been adapted from code used
      by OPTEE.
      
      Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      1f461979
    • Masahiro Yamada's avatar
      libc: fix sparse warning for __assert() · f906a44e
      Masahiro Yamada authored
      
      
      Sparse warns this:
      
      lib/libc/assert.c:29:6: error: symbol '__assert' redeclared with different type (originally declared at include/lib/libc/assert.h:36) - different modifiers
      
      Add __dead2 to match the header declaration and C definition.
      
      I also changed '__dead2 void' to 'void __dead2' for the consistency
      with other parts.
      
      Change-Id: Iefa4f0e787c24fa7e7e499d2e7baf54d4deb49ef
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      f906a44e
  19. 10 Sep, 2019 2 commits
  20. 09 Sep, 2019 1 commit
    • Justin Chadwell's avatar
      Enable MTE support in both secure and non-secure worlds · 9dd94382
      Justin Chadwell authored
      
      
      This patch adds support for the new Memory Tagging Extension arriving in
      ARMv8.5. MTE support is now enabled by default on systems that support
      at EL0. To enable it at ELx for both the non-secure and the secure
      world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving
      and restoring when necessary in order to prevent register leakage
      between the worlds.
      
      Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      9dd94382
  21. 05 Sep, 2019 2 commits
  22. 04 Sep, 2019 1 commit
    • Masahiro Yamada's avatar
      mbedtls: use #include <...> instead of "..." · 948a0c0d
      Masahiro Yamada authored
      
      
      The #include "mbedtls/check_config.h" directive first searches for
      the header in the relative path to mbedtls_config.h, i.e.
      include/drivers/auth/mbedtls/mbedtls/check_config.h
      
      Obviously, it does not exist since check_config.h is located in
      the mbedtls project.
      
      It is more sensible to use #include <...> form.
      
      Change-Id: If72a71381f84e7748a2c9f07dd1176559d9bb1d2
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      948a0c0d
  23. 02 Sep, 2019 2 commits
  24. 21 Aug, 2019 1 commit
    • Alexei Fedorov's avatar
      AArch64: Disable Secure Cycle Counter · e290a8fc
      Alexei Fedorov authored
      
      
      This patch fixes an issue when secure world timing information
      can be leaked because Secure Cycle Counter is not disabled.
      For ARMv8.5 the counter gets disabled by setting MDCR_El3.SCCD
      bit on CPU cold/warm boot.
      For the earlier architectures PMCR_EL0 register is saved/restored
      on secure world entry/exit from/to Non-secure state, and cycle
      counting gets disabled by setting PMCR_EL0.DP bit.
      'include\aarch64\arch.h' header file was tided up and new
      ARMv8.5-PMU related definitions were added.
      
      Change-Id: I6f56db6bc77504634a352388990ad925a69ebbfa
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      e290a8fc