1. 22 Feb, 2021 3 commits
  2. 19 Feb, 2021 4 commits
  3. 18 Feb, 2021 1 commit
  4. 17 Feb, 2021 1 commit
  5. 16 Feb, 2021 4 commits
  6. 12 Feb, 2021 4 commits
  7. 11 Feb, 2021 8 commits
  8. 10 Feb, 2021 3 commits
  9. 09 Feb, 2021 7 commits
    • Manish V Badarkhe's avatar
      plat/arm: fvp: Protect GICR frames for fused/unused cores · f98630fb
      Manish V Badarkhe authored
      
      
      Currently, BLs are mapping the GIC memory region as read-write
      for all cores on boot-up.
      
      This opens up the security hole where the active core can write
      the GICR frame of fused/inactive core. To avoid this issue, disable
      the GICR frame of all inactive cores as below:
      
      1. After primary CPU boots up, map GICR region of all cores as
         read-only.
      2. After primary CPU boots up, map its GICR region as read-write
         and initialize its redistributor interface.
      3. After secondary CPU boots up, map its GICR region as read-write
         and initialize its redistributor interface.
      4. All unused/fused core's redistributor regions remain read-only and
         write attempt to such protected regions results in an exception.
      
      As mentioned above, this patch offers only the GICR memory-mapped
      region protection considering there is no facility at the GIC IP
      level to avoid writing the redistributor area.
      
      These changes are currently done in BL31 of Arm FVP and guarded under
      the flag 'FVP_GICR_REGION_PROTECTION'.
      
      As of now, this patch is tested manually as below:
      1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
      2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
         register of core 1’s(fused) redistributor from core 0(active).
      
      Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      f98630fb
    • Manish V Badarkhe's avatar
      doc: Build option to protect GICR frame · d30a6615
      Manish V Badarkhe authored
      
      
      Added a build option 'FVP_GICR_REGION_PROTECTION' to make
      redistributor frame of fused/unused cores as read only.
      
      Change-Id: Ie85f86e2465b93321a92a888ce8712a3144e4ccb
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      d30a6615
    • Manish V Badarkhe's avatar
      plat/arm: fvp: Do not map GIC region in BL1 and BL2 · e0cea783
      Manish V Badarkhe authored
      
      
      GIC memory region is not getting used in BL1 and BL2.
      Hence avoid its mapping in BL1 and BL2 that freed some
      page table entries to map other memory regions in the
      future.
      
      Retains mapping of CCN interconnect region in BL1 and BL2
      overlapped with the GIC memory region.
      
      Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      e0cea783
    • Sandrine Bailleux's avatar
    • Usama Arif's avatar
      fdts: use scmi_dvfs clock index 1 for cores 4-7 · a97c390b
      Usama Arif authored
      
      
      This allows Matterhorn cores to operate at their optimal OPPs.
      Signed-off-by: default avatarUsama Arif <usama.arif@arm.com>
      Change-Id: I2e1b784da10154a1f1f65dd0e3a39213e7683116
      a97c390b
    • Heyi Guo's avatar
      tzc400: adjust filter flag if it is set to FILTER_BIT_ALL · d4c61c38
      Heyi Guo authored
      
      
      TZC_400_REGION_ATTR_FILTER_BIT_ALL is a simple constant definition, so
      it can't get the real filter number to construct the bit flag for all
      existing filters. If the platform doesn't have 4 filters, passing
      FILTER_BIT_ALL to tzc400_configure_region() will cause assertion or
      misconfiguration. So adjust the bit flag against the real filter
      number.
      Signed-off-by: default avatarHeyi Guo <guoheyi@linux.alibaba.com>
      Change-Id: Ie5c48303485f3b5015772961ee7c34746121ee84
      d4c61c38
    • Heyi Guo's avatar
      tzc400: fix logical error in FILTER_BIT definitions · 3d66ca6d
      Heyi Guo authored
      
      
      The filters parameter passed to tzc400_configure_region() is supposed
      to be filter bit flag without bit shift, so the macros
      TZC_400_REGION_ATTR_FILTER_BIT and TZC_400_REGION_ATTR_FILTER_BIT_ALL
      should always construct the value without any shift.
      
      It is not a functional issue for TZC_REGION_ATTR_F_EN_SHIFT is lucky
      to be 0.
      Signed-off-by: default avatarHeyi Guo <guoheyi@linux.alibaba.com>
      Change-Id: I5d363c462b8517256523f637e670eefa56722afd
      3d66ca6d
  10. 08 Feb, 2021 1 commit
  11. 05 Feb, 2021 4 commits