1. 02 Jul, 2019 8 commits
  2. 06 Jun, 2019 1 commit
  3. 28 May, 2019 1 commit
  4. 24 May, 2019 1 commit
    • Alexei Fedorov's avatar
      Add support for Branch Target Identification · 9fc59639
      Alexei Fedorov authored
      
      
      This patch adds the functionality needed for platforms to provide
      Branch Target Identification (BTI) extension, introduced to AArch64
      in Armv8.5-A by adding BTI instruction used to mark valid targets
      for indirect branches. The patch sets new GP bit [50] to the stage 1
      Translation Table Block and Page entries to denote guarded EL3 code
      pages which will cause processor to trap instructions in protected
      pages trying to perform an indirect branch to any instruction other
      than BTI.
      BTI feature is selected by BRANCH_PROTECTION option which supersedes
      the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
      and is disabled by default. Enabling BTI requires compiler support
      and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
      The assembly macros and helpers are modified to accommodate the BTI
      instruction.
      This is an experimental feature.
      Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
      is now made as an internal flag and BRANCH_PROTECTION flag should be
      used instead to enable Pointer Authentication.
      Note. USE_LIBROM=1 option is currently not supported.
      
      Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      9fc59639
  5. 07 May, 2019 1 commit
  6. 18 Apr, 2019 1 commit
  7. 17 Apr, 2019 3 commits
  8. 08 Apr, 2019 2 commits
  9. 15 Mar, 2019 1 commit
  10. 14 Mar, 2019 1 commit
  11. 13 Mar, 2019 2 commits
  12. 28 Feb, 2019 6 commits
  13. 27 Feb, 2019 3 commits
    • Varun Wadekar's avatar
      Tegra: Support for scatterfile for the BL31 image · c2ad38ce
      Varun Wadekar authored
      
      
      This patch provides support for using the scatterfile format as
      the linker script with the 'armlink' linker for Tegra platforms.
      
      In order to enable the scatterfile usage the following changes
      have been made:
      
      * provide mapping for ld.S symbols in bl_common.h
      * include bl_common.h from all the affected files
      * update the makefile rules to use the scatterfile and armlink
        to compile BL31
      * update pubsub.h to add sections to the scatterfile
      
      NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY.
      
      Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      c2ad38ce
    • Antonio Nino Diaz's avatar
      Add ARMv8.3-PAuth registers to CPU context · 5283962e
      Antonio Nino Diaz authored
      
      
      ARMv8.3-PAuth adds functionality that supports address authentication of
      the contents of a register before that register is used as the target of
      an indirect branch, or as a load.
      
      This feature is supported only in AArch64 state.
      
      This feature is mandatory in ARMv8.3 implementations.
      
      This feature adds several registers to EL1. A new option called
      CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save
      them during Non-secure <-> Secure world switches. This option must be
      enabled if the hardware has the registers or the values will be leaked
      during world switches.
      
      To prevent leaks, this patch also disables pointer authentication in the
      Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will
      be trapped in EL3.
      
      Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      5283962e
    • Antonio Nino Diaz's avatar
      Cleanup context handling library · 4d1ccf0e
      Antonio Nino Diaz authored
      
      
      Minor style cleanup.
      
      Change-Id: Ief19dece41a989e2e8157859a265701549f6c585
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      4d1ccf0e
  14. 26 Feb, 2019 3 commits
  15. 19 Feb, 2019 5 commits
  16. 14 Feb, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Update macro to check need for CVE-2017-5715 mitigation · ff6f62e1
      Antonio Nino Diaz authored
      
      
      Armv8.5 introduces the field CSV2 to register ID_AA64PFR0_EL1. It can
      have the following 3 values:
      
      - 0: Branch targets trained in one hardware described context may affect
           speculative execution in a different hardware described context. In
           some CPUs it may be needed to apply mitigations.
      
      - 1: Branch targets trained in one hardware described context can only
           affect speculative execution in a different hardware described
           context in a hard-to-determine way. No mitigation required.
      
      - 2: Same as 1, but the device is also aware of SCXTNUM_ELx register
           contexts. The TF doesn't use the registers, so there is no
           difference with 1.
      
      The field CSV2 was originally introduced in the TRM of the Cortex-A76
      before the release of the Armv8.5 architecture. That TRM only mentions
      the meaning of values 0 and 1. Because of this, the code only checks if
      the field has value 1 to know whether to enable or disable the
      mitigations.
      
      This patch makes it aware of value 2 as well. Both values 1 and 2
      disable the mitigation, and 0 enables it.
      
      Change-Id: I5af33de25a0197c98173f52c6c8c77b51a51429f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      ff6f62e1