Commits · 31dfea92048fa2a71495650d77f5c68ae582ab73 · adam.huang / Arm Trusted Firmware

11 Jan, 2018 6 commits

Merge pull request #1214 from dp-arm/dp/cve_2017_5715 · 31dfea92
davidcunado-arm authored Jan 11, 2018
```
Workarounds for CVE-2017-5715 on Cortex A57/A72/A73 and A75
```
31dfea92
Merge pull request #1222 from davidcunado-arm/dp/bl31_mem · f10c0c45
davidcunado-arm authored Jan 11, 2018
```
Increase BL31 memory space by 2 pages
```
f10c0c45

Increase BL31 memory space by 2 pages · f336d4af

Dimitris Papastamos authored Jan 11, 2018



On some build configurations BL31 is running out of space.  Now that
TSP is moved to secure dram, we have a bit of additional space to use
in BL31.

Change-Id: Ib89fcd8bae99c85c9c5e5d9228bb42fb7048dcb6
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>

f336d4af

Use PFR0 to identify need for mitigation of CVE-2017-5915 · 780edd86

Dimitris Papastamos authored Jan 02, 2018



If the CSV2 field reads as 1 then branch targets trained in one
context cannot affect speculative execution in a different context.
In that case skip the workaround on Cortex A75.

Change-Id: I4d5504cba516a67311fb5f0657b08f72909cbd38
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

780edd86

Workaround for CVE-2017-5715 on Cortex A73 and A75 · a1781a21

Dimitris Papastamos authored Dec 18, 2017



Invalidate the Branch Target Buffer (BTB) on entry to EL3 by
temporarily dropping into AArch32 Secure-EL1 and executing the
`BPIALL` instruction.

This is achieved by using 3 vector tables.  There is the runtime
vector table which is used to handle exceptions and 2 additional
tables which are required to implement this workaround.  The
additional tables are `vbar0` and `vbar1`.

The sequence of events for handling a single exception is
as follows:

1) Install vector table `vbar0` which saves the CPU context on entry
   to EL3 and sets up the Secure-EL1 context to execute in AArch32 mode
   with the MMU disabled and I$ enabled.  This is the default vector table.

2) Before doing an ERET into Secure-EL1, switch vbar to point to
   another vector table `vbar1`.  This is required to restore EL3 state
   when returning from the workaround, before proceeding with normal EL3
   exception handling.

3) While in Secure-EL1, the `BPIALL` instruction is executed and an
   SMC call back to EL3 is performed.

4) On entry to EL3 from Secure-EL1, the saved context from step 1) is
   restored.  The vbar is switched to point to `vbar0` in preparation to
   handle further exceptions.  Finally a branch to the runtime vector
   table entry is taken to complete the handling of the original
   exception.

This workaround is enabled by default on the affected CPUs.

NOTE
====

There are 4 different stubs in Secure-EL1.  Each stub corresponds to
an exception type such as Sync/IRQ/FIQ/SError.  Each stub will move a
different value in `R0` before doing an SMC call back into EL3.
Without this piece of information it would not be possible to know
what the original exception type was as we cannot use `ESR_EL3` to
distinguish between IRQs and FIQs.

Change-Id: I90b32d14a3735290b48685d43c70c99daaa4b434
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

a1781a21

Workaround for CVE-2017-5715 on Cortex A57 and A72 · f62ad322

Dimitris Papastamos authored Nov 30, 2017

Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling
and enabling the MMU. To achieve this without performing any branch
instruction, a per-cpu vbar is installed which executes the workaround
and then branches off to the corresponding vector entry in the main
vector table. A side effect of this change is that the main vbar is
configured before any reset handling. This is to allow the per-cpu
reset function to override the vbar setting.

This workaround is enabled by default on the affected CPUs.

Change-Id: I97788d38463a5840a410e3cea85ed297a1678265
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

f62ad322

10 Jan, 2018 3 commits
- Merge pull request #1176 from wjliang/zynqmp-ipi-mb-svc · 08e06be8
  davidcunado-arm authored Jan 10, 2018
```
plat: xilinx: Add ZynqMP IPI mailbox service [v4]
```
  08e06be8
- Merge pull request #1208 from masahir0y/build · 210d8d8b
  davidcunado-arm authored Jan 10, 2018
```
Build: trivial fixes
```
  210d8d8b
- Merge pull request #1207 from hzhuang1/isp_clk · 8d356425
  davidcunado-arm authored Jan 10, 2018
```
hikey960: set isp clks as unsecure mode
```
  8d356425
09 Jan, 2018 4 commits

Merge pull request #1167 from Leo-Yan/hikey-fix-alignment · c14d3dcd
davidcunado-arm authored Jan 09, 2018
```
Set alignment size to 512B for Hikey/Hikey960
```
c14d3dcd

zynqmp: pm_service: use zynqmp_ipi APIs · ebc05162

Wendy Liang authored Oct 03, 2017



Use zynqmp_ipi APIs to access IPI registers in pm_service.
As the zynqmp_ipi APIs doesn't cover IPI buffers, the pm_ipi
in pm_service will still directly access the IPI buffers.
Signed-off-by: Wendy Liang <jliang@xilinx.com>

ebc05162

Add Xilinx ZynqMP IPI mailbox service · e8ffe79d

Wendy Liang authored Sep 06, 2017



Add IPI mailbox service to manage Xilinx ZynqMP IPI(Inter Processors
Interrupt) access.
Signed-off-by: Wendy Liang <jliang@xilinx.com>

e8ffe79d

Introduce ZynqMP IPI implementation · dc1dfe83

Wendy Liang authored Sep 13, 2017



Previously, ZynqMP IPI in ATF is only for ZynqMP PM,
This patch is to have a ZynqMP IPI implementation to handle
both ZynqMP PM IPI requirement and IPI mailbox service requirement
which will be introduced next.

We control IPI agents registers access but not IPI buffers access in
this implementation. Each IPI mailbox user will directly access the
IPI buffers.
Signed-off-by: Wendy Liang <jliang@xilinx.com>

dc1dfe83

08 Jan, 2018 3 commits

Merge pull request #1202 from antonio-nino-diaz-arm/an/spm-secondary-cores · 77796fb7
davidcunado-arm authored Jan 08, 2018
```
SPM: Allow secondary CPUs to use the Secure Partition
```
77796fb7

SPM: Allow secondary CPUs to use the Secure Partition · a43c85db

Antonio Nino Diaz authored Jan 08, 2018



The Secure Partition should be able to be used from any CPU, not just
the lead one. This patch point the secure contexts of all secondary
CPUs to the same one used by the lead CPU for the Secure Partition. This
way, they can also use it.

In order to prevent more than one CPU from using the Secure Partition at
the same time, a lock has been added.

Change-Id: Ica76373127c3626498b06c558a4874ce72201ff7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

a43c85db

SPM: Move initialization flag to context struct · 26bd5f82

Antonio Nino Diaz authored Dec 18, 2017



Whether a Secure Partition is being initialized or not is something
related to that specific partition, so it should be saved with the
rest of the information related to it.

Change-Id: Ie8a780f70df83fb03ef9c01ba37960208d9b5319
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

26bd5f82

03 Jan, 2018 6 commits

Merge pull request #1204 from davidcunado-arm/rv/fip_tool · 6ef96ab4
davidcunado-arm authored Jan 03, 2018
```
Add padding at the end of the last entry
```
6ef96ab4
Merge pull request #1206 from davidcunado-arm/dc/update_userguide · 86188567
davidcunado-arm authored Jan 03, 2018
```
Update dependencies for ARM TF
```
86188567

docs: Update the ToC end marker description in the document · 4069fb5f

Jett Zhou authored Nov 24, 2017



Change-Id: I2e29a63f08aed3b8ea0bb10170a3d55b8d033e62
Signed-off-by: Jett Zhou <jett.zhou@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>

4069fb5f

Add padding at the end of the last entry · 880b9e8b

Roberto Vargas authored Dec 19, 2017



This patch adds padding bytes at the end of the last image in the
fip to be able to transfer by DMA the last image.

Change-Id: I8c6f07dee389cb3d1dc919936d9d52841d7e5723
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>

880b9e8b

Merge pull request #1212 from dp-arm/dp/tsp_dram · 34c2b9c2
davidcunado-arm authored Jan 03, 2018
```
Move TSP to TZC secured DRAM
```
34c2b9c2

Move TSP to TZC secured DRAM · 66db10ca

Dimitris Papastamos authored Jan 02, 2018



To allow BL31 to grow in SRAM, move TSP in TZC secured DRAM
by default.

Increase the BL31 max limit by one page.

Change-Id: Idd3479be02f0f9bafac2f275376d7db0c2015431
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

66db10ca

24 Dec, 2017 3 commits
- Merge pull request #1203 from masahir0y/uniphier · 9a2a38a2
  davidcunado-arm authored Dec 24, 2017
```
uniphier: a bundle of fixes
```
  9a2a38a2
- Build: specify check_* targets as .PHONY · 87ebd20d
  Masahiro Yamada authored Dec 24, 2017
```
check_* targets just check necessary command line argument, not
build any images.  They should be specified as .PHONY.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
```
  87ebd20d
- Merge pull request #1201 from jeenu-arm/sdei-plat-events · ac4626dc
  davidcunado-arm authored Dec 24, 2017
```
ARM platforms: Allow platforms to define SDEI events
```
  ac4626dc
23 Dec, 2017 1 commit

Build: update comment lines for macros · 1e0c0784

Masahiro Yamada authored Dec 23, 2017

Commit 8f0617ef

 ("Apply TBBR naming convention to the fip_create
options") changed fiptool command options.  We often forget to update
documentation.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

1e0c0784

21 Dec, 2017 1 commit

Update dependencies for ARM TF · fa05efb3

David Cunado authored Dec 19, 2017



ARM TF has been tested as part of its CI system with the following
dependencies updated:

- Linaro binaries:    17.04 --> 17.10
- mbed TLS library:   2.4.2 --> 2.6.0

The version of AEM, Cortex-A and Foundation models that ARM TF is
tested on has also been updated:

- v11.1 build 11.1:22 --> v11.2 build 11.2:33
- v8.9 build 0.8:8805 --> v9.0 build 0.8:9005

This patch updates the user guide documentation to reflect these
changes to the dependencies.

Additionally, links to Linaro resources have been updated.

Change-Id: I9ea5cb76e7443c9dbb0c9525069f450a02f59e58
Signed-off-by: David Cunado <david.cunado@arm.com>

fa05efb3

20 Dec, 2017 4 commits

Merge pull request #1198 from antonio-nino-diaz-arm/an/spm-doc · 3c95ea01
davidcunado-arm authored Dec 20, 2017
```
Add Secure Partition Manager (SPM) design document
```
3c95ea01

uniphier: fix alignment of build log · 9d32b55c

Masahiro Yamada authored Dec 20, 2017



The build log should be indented with two spaces for correct alignment.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

9d32b55c

uniphier: fix base address of IO block buffer · fe458325

Masahiro Yamada authored Dec 20, 2017



The current IO block buffer overlaps with BL2 image location.
So, BL2 may corrupt itself.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

fe458325

doc: uniphier: reformat reStructuredText manually · 58b6fccf

Masahiro Yamada authored Dec 19, 2017

Commit 6f625747

 ("Convert documentation to reStructuredText")
automatically converted all documents by a tool.  I see some parts
were converted in an ugly way (or, at least, it is not my intention).
Also, the footnote is apparently broken.

I checked this document by my eyes, and reformated it so that it looks
nicer both in plain text and reST form.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

58b6fccf

19 Dec, 2017 5 commits
- Merge pull request #1196 from antonio-nino-diaz-arm/an/zero-pad · 1e49e906
  davidcunado-arm authored Dec 19, 2017
```
Add support to left-pad with zeroes in tf_printf
```
  1e49e906
- Merge pull request #1195 from davidcunado-arm/dc/fix_pie · 9f36f4c4
  davidcunado-arm authored Dec 19, 2017
```
Disable PIE compilation option
```
  9f36f4c4
- Merge pull request #1194 from robertovargas-arm/io-fix · dced20e1
  davidcunado-arm authored Dec 19, 2017
```
io: block: fix block_read/write may read/write overlap buffer
```
  dced20e1
- Merge pull request #1192 from sandrine-bailleux-arm/sb/fix-mm-communicate · 468c5577
  davidcunado-arm authored Dec 19, 2017
```
SPM: Fix MM_COMMUNICATE_AARCH32/64 parameters
```
  468c5577
- ARM platforms: Allow platforms to define SDEI events · 7bdf0c1f
  Jeenu Viswambharan authored Dec 08, 2017
```
With this patch, ARM platforms are expected to define the macros
PLAT_ARM_SDEI_PRIVATE_EVENTS and PLAT_ARM_SDEI_SHARED_EVENTS as a list
of private and shared events, respectively. This allows for individual
platforms to define their own events.

Change-Id: I66851fdcbff83fd9568c2777ade9eb12df284b49
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
```
  7bdf0c1f
18 Dec, 2017 2 commits
- Merge pull request #1190 from vchong/poplar_hisi_review2 · 725912d8
  davidcunado-arm authored Dec 18, 2017
```
poplar: Add BL32 (OP-TEE) support and misc updates
```
  725912d8
- hikey960: set isp clks as unsecure mode · f7ff1084
  Haojian Zhuang authored Dec 18, 2017
```
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
```
  f7ff1084
15 Dec, 2017 2 commits

Add support to left-pad with zeroes in tf_printf · 84816dcd

Antonio Nino Diaz authored Dec 15, 2017



Add support to formats %i, %d, %p, %x and %u for left-padding numbers
with zeroes (e.g. `%08x`).

Change-Id: Ifd4795a82a8d83da2c00b44b9e482a2d9be797e3
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

84816dcd

Add Secure Partition Manager (SPM) design document · 100ac090

Antonio Nino Diaz authored Dec 15, 2017



This patch adds documentation that describes the design of the Secure
Partition Manager and the specific choices in their current
implementation.

The document "SPM User Guide" has been integrated into the design
document.

Change-Id: I0a4f21a2af631c8aa6c739d97a5b634f3cb39991
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

100ac090