GitLab

The Fine Grained Traps (FGT) architecture extension was added to aarch64 in
ARMv8.6. This extension primarily allows hypervisors, at EL2, to trap specific
instructions in a more fine grained manner, with an enable bit for each
instruction. This patch adds support for this extension by enabling the
extension when booting an hypervisor at EL2.

Change-Id: Idb9013ed118b6a1b7b76287237096de992ca4da3
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>

This patch fixes wrong ID_AA64DFR0_EL1 register read instead of
ID_AA64PFR0_EL1 to detect support for MPAM extension.
It also implements get_mpam_version() function which returns
MPAM version as:
0x00: None Armv8.0 or later;
0x01: v0.1 Armv8.4 or later;
0x10: v1.0 Armv8.2 or later;
0x11: v1.1 Armv8.4 or later;

Change-Id: I31d776b1a1b60cb16e5e62296d70adb129d7b760
Reported-by: Matteo Zini <matteozini96@gmail.com>
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

This patch enables the v8.6 extension to add a delay before WFE traps
are taken. A weak hook plat_arm_set_twedel_scr_el3 has been added in
plat/common/aarch64/plat_common.c that disables this feature by default
but platform-specific code can override it when needed.

The only hook provided sets the TWED fields in SCR_EL3, there are similar
fields in HCR_EL2, SCTLR_EL2, and SCTLR_EL1 to control WFE trap delays in
lower ELs but these should be configured by code running at EL2 and/or EL1
depending on the platform configuration and is outside the scope of TF-A.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I0a9bb814205efeab693a3d0a0623e62144abba2d

As a follow-up to bdd2596d

, and related to SPM Dispatcher
EL3 component and SPM Core S-EL2/S-EL1 component: update
with cosmetic and coding rules changes. In addition:
-Add Armv8.4-SecEL2 arch detection helper.
-Add an SPMC context (on current core) get helper.
-Return more meaningful error return codes.
-Remove complexity in few spmd_smc_handler switch-cases.
-Remove unused defines and structures from spmd_private.h
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I99e642450b0dafb19d3218a2f0e2d3107e8ca3fe

This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
  of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
  which returns 128-bit value and uses Generic timer physical counter
  value to increase the randomness of the generated key.
  The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
  generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
  pauth_disable_el1()` and `pauth_disable_el3()` functions disable
  PAuth for EL1 and EL3 respectively;
  `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
  cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
  `save_gp_registers()` and `pauth_context_save()`;
  `restore_gp_pauth_registers()` replaces `pauth_context_restore()`
  and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
  code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
  for 12 uint64_t PAuth registers instead of 10 by removal of macro
  CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
  and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
  in `msr	spsel`  instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.

Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

This patch enables MTE for Normal world if the CPU suppors it. Enabling
MTE for secure world will be done later.

Change-Id: I9ef64460beaba15e9a9c20ab02da4fb2208b6f7d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.

Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

Check for both IMPLEMENTATION_DEFINED and Architected algorithms of
Address Authentication.

Change-Id: I209dcc6087172cfef7baf8d09e0454628f02cbd0
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.

This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.

Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

The Generic Timer is an optional extension to an ARMv7-A implementation.
The generic delay timer can be used from any architecture supported by
the Trusted Firmware. In ARMv7 it is needed to check that this feature
is present. In ARMv8 it is always present.

Change-Id: Ib7e8ec13ffbb2f64445d4ee48ed00f26e34b79b7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

ARMv8.4-TTST (Small Translation tables) relaxes the lower limit on the
size of translation tables by increasing the maximum permitted value
of the T1SZ and T0SZ fields in TCR_EL1, TCR_EL2, TCR_EL3, VTCR_EL2 and
VSTCR_EL2.

This feature is supported in AArch64 state only.

This patch adds support for this feature to both versions of the
translation tables library. It also removes the static build time
checks for virtual address space size checks to runtime assertions.

Change-Id: I4e8cebc197ec1c2092dc7d307486616786e6c093
Signed-off-by: Sathees Balya <sathees.balya@arm.com>

ARMv8.2-TTCNP is mandatory from ARMv8.2 onwards, but it can be implemented
in CPUs that don't implement all mandatory 8.2 features (and so have to
claim to be a lower version).

This patch removes usage of the ARM_ARCH_AT_LEAST() macro and uses system
ID registers to detect whether it is needed to set the bit or not.

Change-Id: I7bcbf0c7c937590dfc2ca668cfd9267c50f7d52c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>