- 28 Feb, 2019 1 commit
-
-
Antonio Nino Diaz authored
Fix some typos and clarify some sentences. Change-Id: Id276d1ced9a991b4eddc5c47ad9a825e6b29ef74 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 27 Feb, 2019 3 commits
-
-
Antonio Nino Diaz authored
The previous commit added the infrastructure to load and save ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but didn't actually enable pointer authentication in the firmware. This patch adds the functionality needed for platforms to provide authentication keys for the firmware, and a new option (ENABLE_PAUTH) to enable pointer authentication in the firmware itself. This option is disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be enabled. Change-Id: I35127ec271e1198d43209044de39fa712ef202a5 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
ARMv8.3-PAuth adds functionality that supports address authentication of the contents of a register before that register is used as the target of an indirect branch, or as a load. This feature is supported only in AArch64 state. This feature is mandatory in ARMv8.3 implementations. This feature adds several registers to EL1. A new option called CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save them during Non-secure <-> Secure world switches. This option must be enabled if the hardware has the registers or the values will be leaked during world switches. To prevent leaks, this patch also disables pointer authentication in the Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will be trapped in EL3. Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Minor style cleanup. Change-Id: Ief19dece41a989e2e8157859a265701549f6c585 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 23 May, 2018 1 commit
-
-
Dimitris Papastamos authored
Some CPUS may benefit from using a dynamic mitigation approach for CVE-2018-3639. A new SMC interface is defined to allow software executing in lower ELs to enable or disable the mitigation for their execution context. It should be noted that regardless of the state of the mitigation for lower ELs, code executing in EL3 is always mitigated against CVE-2018-3639. NOTE: This change is a compatibility break for any platform using the declare_cpu_ops_workaround_cve_2017_5715 macro. Migrate to the declare_cpu_ops_wa macro instead. Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 04 May, 2018 2 commits
-
-
Jeenu Viswambharan authored
RAS extensions are mandatory for ARMv8.2 CPUs, but are also optional extensions to base ARMv8.0 architecture. This patch adds build system support to enable RAS features in ARM Trusted Firmware. A boolean build option RAS_EXTENSION is introduced for this. With RAS_EXTENSION, an Exception Synchronization Barrier (ESB) is inserted at all EL3 vector entry and exit. ESBs will synchronize pending external aborts before entering EL3, and therefore will contain and attribute errors to lower EL execution. Any errors thus synchronized are detected via. DISR_EL1 register. When RAS_EXTENSION is set to 1, HANDLE_EL3_EA_FIRST must also be set to 1. Change-Id: I38a19d84014d4d8af688bd81d61ba582c039383a Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
At present, the function that restores general purpose registers also does ERET. Refactor the restore code to restore general purpose registers without ERET to complement the save function. The macro save_x18_to_x29_sp_el0 was used only once, and is therefore removed, and its contents expanded inline for readability. No functional changes, but with this patch: - The SMC return path will incur an branch-return and an additional register load. - The unknown SMC path restores registers x0 to x3. Change-Id: I7a1a63e17f34f9cde810685d70a0ad13ca3b7c50 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 20 Nov, 2017 1 commit
-
-
Dimitris Papastamos authored
Factor out SPE operations in a separate file. Use the publish subscribe framework to drain the SPE buffers before entering secure world. Additionally, enable SPE before entering normal world. A side effect of this change is that the profiling buffers are now only drained when a transition from normal world to secure world happens. Previously they were drained also on return from secure world, which is unnecessary as SPE is not supported in S-EL1. Change-Id: I17582c689b4b525770dbb6db098b3a0b5777b70a Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 15 Nov, 2017 1 commit
-
-
David Cunado authored
The FPEXC32_EL2 register controls SIMD and FP functionality when the lower ELs are executing in AArch32 mode. It is architecturally mapped to AArch32 system register FPEXC. This patch removes FPEXC32_EL2 register from the System Register context and adds it to the floating-point context. EL3 only saves / restores the floating-point context if the build option CTX_INCLUDE_FPREGS is set to 1. The rationale for this change is that if the Secure world is using FP functionality and EL3 is not managing the FP context, then the Secure world will save / restore the appropriate FP registers. NOTE - this is a break in behaviour in the unlikely case that CTX_INCLUDE_FPREGS is set to 0 and the platform contains an AArch32 Secure Payload that modifies FPEXC, but does not save and restore this register Change-Id: Iab80abcbfe302752d52b323b4abcc334b585c184 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 13 Oct, 2017 1 commit
-
-
David Cunado authored
Currently TF does not initialise the PMCR_EL0 register in the secure context or save/restore the register. In particular, the DP field may not be set to one to prohibit cycle counting in the secure state, even though event counting generally is prohibited via the default setting of MDCR_EL3.SMPE to 0. This patch initialises PMCR_EL0.DP to one in the secure state to prohibit cycle counting and also initialises other fields that have an architectually UNKNOWN reset value. Additionally, PMCR_EL0 is added to the list of registers that are saved and restored during a world switch. Similar changes are made for PMCR for the AArch32 execution state. NOTE: secure world code at lower ELs that assume other values in PMCR_EL0 will be impacted. Change-Id: Iae40e8c0a196d74053accf97063ebc257b4d2f3a Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 22 Jun, 2017 1 commit
-
-
dp-arm authored
SPE is only supported in non-secure state. Accesses to SPE specific registers from SEL1 will trap to EL3. During a world switch, before `TTBR` is modified the SPE profiling buffers are drained. This is to avoid a potential invalid memory access in SEL1. SPE is architecturally specified only for AArch64. Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 18 Jul, 2016 1 commit
-
-
Soby Mathew authored
This patch moves the PSCI services and BL31 frameworks like context management and per-cpu data into new library components `PSCI` and `el3_runtime` respectively. This enables PSCI to be built independently from BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant PSCI library sources and gets included by `bl31.mk`. Other changes which are done as part of this patch are: * The runtime services framework is now moved to the `common/` folder to enable reuse. * The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture specific folder. * The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder to `plat/common` folder. The original file location now has a stub which just includes the file from new location to maintain platform compatibility. Most of the changes wouldn't affect platform builds as they just involve changes to the generic bl1.mk and bl31.mk makefiles. NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION. Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
-
- 03 Jun, 2016 1 commit
-
-
Soby Mathew authored
The system registers that are saved and restored in CPU context include AArch32 systems registers like SPSR_ABT, SPSR_UND, SPSR_IRQ, SPSR_FIQ, DACR32_EL2, IFSR32_EL2 and FPEXC32_EL2. Accessing these registers on an AArch64-only (i.e. on hardware that does not implement AArch32, or at least not at EL1 and higher ELs) platform leads to an exception. This patch introduces the build option `CTX_INCLUDE_AARCH32_REGS` to specify whether to include these AArch32 systems registers in the cpu context or not. By default this build option is set to 1 to ensure compatibility. AArch64-only platforms must set it to 0. A runtime check is added in BL1 and BL31 cold boot path to verify this. Fixes ARM-software/tf-issues#386 Change-Id: I720cdbd7ed7f7d8516635a2ec80d025f478b95ee
-
- 21 Dec, 2015 1 commit
-
-
Sandrine Bailleux authored
Change-Id: I6f49bd779f2a4d577c6443dd160290656cdbc59b
-
- 09 Dec, 2015 2 commits
-
-
Yatharth Kochar authored
The upcoming Firmware Update feature needs transitioning across Secure/Normal worlds to complete the FWU process and hence requires context management code to perform this task. Currently context management code is part of BL31 stage only. This patch moves the code from (include)/bl31 to (include)/common. Some function declarations/definitions and macros have also moved to different files to help code sharing. Change-Id: I3858b08aecdb76d390765ab2b099f457873f7b0c
-
Soby Mathew authored
The `fpregs_context_restore()` function used to restore the floating point regsiter context had a typo error wherein it was doing `str` instead of `ldr` for a register. This issue remained undetected becuase none of the ARM Standard development platforms save and restore the floating point register context when a context switch is done. This patch corrects the issue. Change-Id: Id178e0ba254a5e0a4a844f54b39d71dc34e0f6ea
-
- 08 Apr, 2015 1 commit
-
-
Kévin Petit authored
In order for the symbol table in the ELF file to contain the size of functions written in assembly, it is necessary to report it to the assembler using the .size directive. To fulfil the above requirements, this patch introduces an 'endfunc' macro which contains the .endfunc and .size directives. It also adds a .func directive to the 'func' assembler macro. The .func/.endfunc have been used so the assembler can fail if endfunc is omitted. Fixes ARM-Software/tf-issues#295 Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc Signed-off-by: Kévin Petit <kevin.petit@arm.com>
-
- 27 Aug, 2014 1 commit
-
-
Sandrine Bailleux authored
This patch gathers miscellaneous minor fixes to the documentation, and comments in the source code. Change-Id: I631e3dda5abafa2d90f464edaee069a1e58b751b Co-Authored-By: Soby Mathew <soby.mathew@arm.com> Co-Authored-By: Dan Handley <dan.handley@arm.com>
-
- 31 Jul, 2014 1 commit
-
-
Soby Mathew authored
This patch further optimizes the EL3 register state stored in cpu_context. The 2 registers which are removed from cpu_context are: * cntfrq_el0 is the system timer register which is writable only in EL3 and it can be programmed during cold/warm boot. Hence it need not be saved to cpu_context. * cptr_el3 controls access to Trace, Floating-point, and Advanced SIMD functionality and it is programmed every time during cold and warm boot. The current BL3-1 implementation does not need to modify the access controls during normal execution and hence they are expected to remain static. Fixes ARM-software/tf-issues#197 Change-Id: I599ceee3b73a7dcfd37069fd41b60e3d397a7b18
-
- 19 Jul, 2014 1 commit
-
-
Achin Gupta authored
This patch uses stacks allocated in normal memory to enable the MMU early in the warm boot path thus removing the dependency on stacks allocated in coherent memory. Necessary cache and stack maintenance is performed when a cpu is being powered down and up. This avoids any coherency issues that can arise from reading speculatively fetched stale stack memory from another CPUs cache. These changes affect the warm boot path in both BL3-1 and BL3-2. The EL3 system registers responsible for preserving the MMU state are not saved and restored any longer. Static values are used to program these system registers when a cpu is powered on or resumed from suspend. Change-Id: I8357e2eb5eb6c5f448492c5094b82b8927603784
-
- 10 Jul, 2014 1 commit
-
-
Juan Castillo authored
CTX_INCLUDE_FPREGS make variable allows us to include or exclude FP registers from context structure, in case FP is not used by TSPD. Fixes ARM-software/tf-issues#194 Change-Id: Iee41af382d691340c7ae21830ad1bbf95dad1f4b
-
- 23 Jun, 2014 1 commit
-
-
Andrew Thoelke authored
Consolidate all BL3-1 CPU context initialization for cold boot, PSCI and SPDs into two functions: * The first uses entry_point_info to initialize the relevant cpu_context for first entry into a lower exception level on a CPU * The second populates the EL1 and EL2 system registers as needed from the cpu_context to ensure correct entry into the lower EL This patch alters the way that BL3-1 determines which exception level is used when first entering EL1 or EL2 during cold boot - this is now fully determined by the SPSR value in the entry_point_info for BL3-3, as set up by the platform code in BL2 (or otherwise provided to BL3-1). In the situation that EL1 (or svc mode) is selected for a processor that supports EL2, the context management code will now configure all essential EL2 register state to ensure correct execution of EL1. This allows the platform code to run non-secure EL1 payloads directly without requiring a small EL2 stub or OS loader. Change-Id: If9fbb2417e82d2226e47568203d5a369f39d3b0f
-
- 16 May, 2014 1 commit
-
-
Jeenu Viswambharan authored
At present, non-secure timer register contents are saved and restored as part of world switch by BL3-1. This effectively means that the non-secure timer stops, and non-secure timer interrupts are prevented from asserting until BL3-1 switches back, introducing latency for non-secure services. Often, secure world might depend on alternate sources for secure interrupts (secure timer or platform timer) instead of non-secure timers, in which case this save and restore is unnecessary. This patch introduces a boolean build-time configuration NS_TIMER_SWITCH to choose whether or not to save and restore non-secure timer registers upon world switch. The default choice is made not to save and restore them. Fixes ARM-software/tf-issues#148 Change-Id: I1b9d623606acb9797c3e0b02fb5ec7c0a414f37e
-
- 06 May, 2014 1 commit
-
-
Dan Handley authored
Reduce the number of header files included from other header files as much as possible without splitting the files. Use forward declarations where possible. This allows removal of some unnecessary "#ifndef __ASSEMBLY__" statements. Also, review the .c and .S files for which header files really need including and reorder the #include statements alphabetically. Fixes ARM-software/tf-issues#31 Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
-
- 26 Mar, 2014 1 commit
-
-
Andrew Thoelke authored
This extends the --gc-sections behaviour to the many assembler support functions in the firmware images by placing each function into its own code section. This is achieved by creating a 'func' macro used to declare each function label. Fixes ARM-software/tf-issues#80 Change-Id: I301937b630add292d2dec6d2561a7fcfa6fec690
-
- 17 Feb, 2014 1 commit
-
-
Achin Gupta authored
This patch introduces functions for saving and restoring shared system registers between secure and non-secure EL1 exception levels, VFP registers and essential EL3 system register and other state. It also defines the 'cpu_context' data structure which will used for saving and restoring execution context for a given security state. These functions will allow runtime services like PSCI and Secure payload dispatcher to implement logic for switching between the secure and non-secure states. The save and restore functions follow AArch64 PCS and only use caller-saved temporary registers. Change-Id: I8ee3aaa061d3caaedb28ae2c5becb9a206b6fd74
-