- 10 Aug, 2020 1 commit
-
-
Alexei Fedorov authored
This patch fixes the bug when AMUv1 group1 counters was always assumed being implemented without checking for its presence which was causing exception otherwise. The AMU extension code was also modified as listed below: - Added detection of AMUv1 for ARMv8.6 - 'PLAT_AMU_GROUP1_NR_COUNTERS' build option is removed and number of group1 counters 'AMU_GROUP1_NR_COUNTERS' is now calculated based on 'AMU_GROUP1_COUNTERS_MASK' value - Added bit fields definitions and access functions for AMCFGR_EL0/AMCFGR and AMCGCR_EL0/AMCGCR registers - Unification of amu.c Aarch64 and Aarch32 source files - Bug fixes and TF-A coding style compliant changes. Change-Id: I14e407be62c3026ebc674ec7045e240ccb71e1fb Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 12 Jun, 2020 1 commit
-
-
Varun Wadekar authored
This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register accesses from EL1 or EL2 to EL3. RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438
-
- 02 Jun, 2020 2 commits
-
-
Jimmy Brisson authored
Enhanced Counter Virtualization, ECV, is an architecture extension introduced in ARMv8.6. This extension allows the hypervisor, at EL2, to setup self-synchronizing views of the timers for it's EL1 Guests. This patch pokes the control register to enable this extension when booting a hypervisor at EL2. Change-Id: I4e929ecdf400cea17eff1de5cf8704aa7e40973d Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
Jimmy Brisson authored
The Fine Grained Traps (FGT) architecture extension was added to aarch64 in ARMv8.6. This extension primarily allows hypervisors, at EL2, to trap specific instructions in a more fine grained manner, with an enable bit for each instruction. This patch adds support for this extension by enabling the extension when booting an hypervisor at EL2. Change-Id: Idb9013ed118b6a1b7b76287237096de992ca4da3 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
- 26 May, 2020 1 commit
-
-
Alexei Fedorov authored
This patch fixes wrong ID_AA64DFR0_EL1 register read instead of ID_AA64PFR0_EL1 to detect support for MPAM extension. It also implements get_mpam_version() function which returns MPAM version as: 0x00: None Armv8.0 or later; 0x01: v0.1 Armv8.4 or later; 0x10: v1.0 Armv8.2 or later; 0x11: v1.1 Armv8.4 or later; Change-Id: I31d776b1a1b60cb16e5e62296d70adb129d7b760 Reported-by: Matteo Zini <matteozini96@gmail.com> Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 19 May, 2020 1 commit
-
-
johpow01 authored
This patch enables the v8.6 extension to add a delay before WFE traps are taken. A weak hook plat_arm_set_twedel_scr_el3 has been added in plat/common/aarch64/plat_common.c that disables this feature by default but platform-specific code can override it when needed. The only hook provided sets the TWED fields in SCR_EL3, there are similar fields in HCR_EL2, SCTLR_EL2, and SCTLR_EL1 to control WFE trap delays in lower ELs but these should be configured by code running at EL2 and/or EL1 depending on the platform configuration and is outside the scope of TF-A. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: I0a9bb814205efeab693a3d0a0623e62144abba2d
-
- 14 May, 2020 1 commit
-
-
Manish V Badarkhe authored
During context switching from higher EL (EL2 or higher) to lower EL can cause incorrect translation in TLB due to speculative execution of AT instruction using out-of-context translation regime. Workaround is implemented as below during EL's (EL1 or EL2) "context_restore" operation: 1. Disable page table walk using SCTLR.M and TCR.EPD0 & EPD1 bits for EL1 or EL2 (stage1 and stage2 disabled) 2. Save all system registers except TCR and SCTLR (for EL1 and EL2) 3. Do memory barrier operation (isb) to ensure all system register writes are done. 4. Restore TCR and SCTLR registers (for EL1 and EL2) Errata details are available for various CPUs as below: Cortex-A76: 1165522 Cortex-A72: 1319367 Cortex-A57: 1319537 Cortex-A55: 1530923 Cortex-A53: 1530924 More details can be found in mail-chain: https://lists.trustedfirmware.org/pipermail/tf-a/2020-April/000445.html Currently, Workaround is implemented as build option which is default disabled. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: If8545e61f782cb0c2dda7ffbaf50681c825bd2f0
-
- 15 Apr, 2020 1 commit
-
-
Madhukar Pappireddy authored
By writing 0 to CLUSTERPWRDN DSU register bit 0, we send an advisory to the power controller that cluster power is not required when all cores are powered down. The AArch32 CLUSTERPWRDN register is architecturally mapped to the AArch64 CLUSTERPWRDN_EL1 register Change-Id: Ie6e67c1c7d811fa25c51e2e405ca7f59bd20c81b Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 03 Apr, 2020 1 commit
-
-
John Powell authored
Attempts to address MISRA compliance issues in BL1, BL2, and BL31 code. Mainly issues like not using boolean expressions in conditionals, conflicting variable names, ignoring return values without (void), adding explicit casts, etc. Change-Id: If1fa18ab621b9c374db73fa6eaa6f6e5e55c146a Signed-off-by: John Powell <john.powell@arm.com>
-
- 06 Mar, 2020 1 commit
-
-
Alexei Fedorov authored
This patch provides a fix for incorrect crash dump data for lower EL when TF-A is built with HANDLE_EA_EL3_FIRST=1 option which enables routing of External Aborts and SErrors to EL3. Change-Id: I9d5e6775e6aad21db5b78362da6c3a3d897df977 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 03 Mar, 2020 1 commit
-
-
Max Shvetsov authored
This patch adds EL2 registers that are supported up to ARMv8.6. ARM_ARCH_MINOR has to specified to enable save/restore routine. Note: Following registers are still not covered in save/restore. * AMEVCNTVOFF0<n>_EL2 * AMEVCNTVOFF1<n>_EL2 * ICH_AP0R<n>_EL2 * ICH_AP1R<n>_EL2 * ICH_LR<n>_EL2 Change-Id: I4813f3243e56e21cb297b31ef549a4b38d4876e1 Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 02 Mar, 2020 1 commit
-
-
Max Shvetsov authored
NOTE: Not all EL-2 system registers are saved/restored. This subset includes registers recognized by ARMv8.0 Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0 Signed-off-by: Jose Marinho <jose.marinho@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 20 Feb, 2020 1 commit
-
-
Varun Wadekar authored
This patch modifies the delay timer driver to switch to the ARM secure physical timer instead of using Tegra's on-chip uS timer. The secure timer is not accessible to the NS world and so eliminates an important attack vector, where the Tegra timer source gets switched off from the NS world leading to a DoS attack for the trusted world. This timer is shared with the S-EL1 layer for now, but later patches will mark it as exclusive to the EL3 exception mode. Change-Id: I2c00f8cb4c48b25578971c626c314603906ad7cc Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 06 Dec, 2019 2 commits
-
-
Artsem Artsemenka authored
Check that entry point information requesting S-EL2 has AArch64 as an execution state during context setup. Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Change-Id: I447263692fed6e55c1b076913e6eb73b1ea735b7
-
Achin Gupta authored
This patch adds support for enabling S-EL2 if this EL is specified in the entry point information being used to initialise a secure context. It is the caller's responsibility to check if S-EL2 is available on the system before requesting this EL through the entry point information. Signed-off-by: Achin Gupta <achin.gupta@arm.com> Change-Id: I2752964f078ab528b2e80de71c7d2f35e60569e1
-
- 11 Sep, 2019 1 commit
-
-
Justin Chadwell authored
This patch adds support for the Undefined Behaviour sanitizer. There are two types of support offered - minimalistic trapping support which essentially immediately crashes on undefined behaviour and full support with full debug messages. The full support relies on ubsan.c which has been adapted from code used by OPTEE. Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 09 Sep, 2019 1 commit
-
-
Justin Chadwell authored
This patch adds support for the new Memory Tagging Extension arriving in ARMv8.5. MTE support is now enabled by default on systems that support at EL0. To enable it at ELx for both the non-secure and the secure world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving and restoring when necessary in order to prevent register leakage between the worlds. Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 21 Aug, 2019 1 commit
-
-
Alexei Fedorov authored
This patch fixes an issue when secure world timing information can be leaked because Secure Cycle Counter is not disabled. For ARMv8.5 the counter gets disabled by setting MDCR_El3.SCCD bit on CPU cold/warm boot. For the earlier architectures PMCR_EL0 register is saved/restored on secure world entry/exit from/to Non-secure state, and cycle counting gets disabled by setting PMCR_EL0.DP bit. 'include\aarch64\arch.h' header file was tided up and new ARMv8.5-PMU related definitions were added. Change-Id: I6f56db6bc77504634a352388990ad925a69ebbfa Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 16 Aug, 2019 1 commit
-
-
Alexei Fedorov authored
This patch fixes FVP_Base_AEMv8A model hang issue with ARMv8.4+ with cache modelling enabled configuration. Incorrect L1 cache flush operation to PoU, using CLIDR_EL1 LoUIS field, which is required by the architecture to be zero for ARMv8.4-A with ARMv8.4-S2FWB feature is replaced with L1 to L2 and L2 to L3 (if L3 is present) cache flushes. FVP_Base_AEMv8A model can be configured with L3 enabled by setting `cluster0.l3cache-size` and `cluster1.l3cache-size` to non-zero values, and presence of L3 is checked in `aem_generic_core_pwr_dwn` function by reading CLIDR_EL1.Ctype3 field value. Change-Id: If3de3d4eb5ed409e5b4ccdbc2fe6d5a01894a9af Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 24 Jul, 2019 1 commit
-
-
John Tsichritzis authored
This patch introduces an additional precautionary step to further enhance protection against variant 4. During the context initialisation before we enter the various BL stages, the SPSR.SSBS bit is explicitly set to zero. As such, speculative loads/stores are by default disabled for all BL stages when they start executing. Subsequently, each BL stage, can choose to enable speculative loads/stores or keep them disabled. This change doesn't affect the initial execution context of BL33 which is totally platform dependent and, thus, it is intentionally left up to each platform to initialise. For Arm platforms, SPSR.SSBS is set to zero for BL33 too. This means that, for Arm platforms, all BL stages start with speculative loads/stores disabled. Change-Id: Ie47d39c391d3f20fc2852fc59dbd336f8cacdd6c Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 12 Jul, 2019 1 commit
-
-
Soby Mathew authored
This patch enables MTE for Normal world if the CPU suppors it. Enabling MTE for secure world will be done later. Change-Id: I9ef64460beaba15e9a9c20ab02da4fb2208b6f7d Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 10 Jul, 2019 1 commit
-
-
Alexei Fedorov authored
This patch removes incorrect SCTLR_V_BIT definition and adds definitions for ARMv8.3-Pauth EnIB, EnDA and EnDB bits. Change-Id: I1384c0a01f56f3d945833464a827036252c75c2e Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 17 Jun, 2019 1 commit
-
-
Yann Gautier authored
Those defines are used in STM32MP1 clock driver. It is better to put them altogether with already defined registers. Change-Id: I6f8ad8c2477b947af6f76283a4ef5c40212d0027 Signed-off-by: Yann Gautier <yann.gautier@st.com>
-
- 24 May, 2019 1 commit
-
-
Alexei Fedorov authored
This patch adds the functionality needed for platforms to provide Branch Target Identification (BTI) extension, introduced to AArch64 in Armv8.5-A by adding BTI instruction used to mark valid targets for indirect branches. The patch sets new GP bit [50] to the stage 1 Translation Table Block and Page entries to denote guarded EL3 code pages which will cause processor to trap instructions in protected pages trying to perform an indirect branch to any instruction other than BTI. BTI feature is selected by BRANCH_PROTECTION option which supersedes the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication and is disabled by default. Enabling BTI requires compiler support and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0. The assembly macros and helpers are modified to accommodate the BTI instruction. This is an experimental feature. Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3 is now made as an internal flag and BRANCH_PROTECTION flag should be used instead to enable Pointer Authentication. Note. USE_LIBROM=1 option is currently not supported. Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 03 Apr, 2019 1 commit
-
-
Antonio Nino Diaz authored
This gives each Secure Partition complete freedom on its address space. Previously, the memory used by the exception vectors was reserved and couldn't be used. Also, it always had to be mapped, forcing SPM to generate translation tables that included the exception vectors as well as the Partition memory regions. With this change, partitions can reduce their address space size easily. Change-Id: I67fb5e9bdf2870b73347f23bff702fab0a8f8711 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 14 Mar, 2019 1 commit
-
-
John Tsichritzis authored
This patch applies the new MSR instruction to directly set the PSTATE.SSBS bit which controls speculative loads. This new instruction is available at Neoverse N1 core so it's utilised. Change-Id: Iee18a8b042c90fdb72d2b98f364dcfbb17510728 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 28 Feb, 2019 2 commits
-
-
Louis Mayencourt authored
Complete the MPAM enablement in TF-A for lower ELs by enabling the EL2 traps in MPAMHCR_EL2 and MPAM2_EL2.This prevents an MPAM-unaware-hypervisor to be restricted by an MPAM-aware-guest. Change-Id: I47bf3f833fa22baa590f83d49cc0e3f2974e698d Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Ambroise Vincent authored
The workarounds for these errata are so closely related that it is better to only have one patch to make it easier to understand. Change-Id: I0287fa69aefa8b72f884833f6ed0e7775ca834e9 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 27 Feb, 2019 1 commit
-
-
Antonio Nino Diaz authored
ARMv8.3-PAuth adds functionality that supports address authentication of the contents of a register before that register is used as the target of an indirect branch, or as a load. This feature is supported only in AArch64 state. This feature is mandatory in ARMv8.3 implementations. This feature adds several registers to EL1. A new option called CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save them during Non-secure <-> Secure world switches. This option must be enabled if the hardware has the registers or the values will be leaked during world switches. To prevent leaks, this patch also disables pointer authentication in the Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will be trapped in EL3. Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 26 Feb, 2019 1 commit
-
-
Louis Mayencourt authored
Implicit Error Synchronization Barrier (IESB) might not be correctly generated in Cortex-A75 r0p0. To prevent this, IESB are enabled at all expection levels. Change-Id: I2a1a568668a31e4f3f38d0fba1d632ad9939e5ad Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 18 Feb, 2019 1 commit
-
-
Antonio Nino Diaz authored
In a system with ARMv8.5-PMU implemented: - If EL3 is using AArch32, setting MDCR_EL3.SCCD to 1 disables counting in Secure state in PMCCNTR. - If EL3 is using AArch64, setting SDCR.SCCD to 1 disables counting in Secure state in PMCCNTR_EL0. So far this effect has been achieved by setting PMCR_EL0.DP (in AArch64) or PMCR.DP (in AArch32) to 1 instead, but this isn't considered secure as any EL can change that value. Change-Id: I82cbb3e48f2e5a55c44d9c4445683c5881ef1f6f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 30 Jan, 2019 1 commit
-
-
Sathees Balya authored
ARMv8.4-TTST (Small Translation tables) relaxes the lower limit on the size of translation tables by increasing the maximum permitted value of the T1SZ and T0SZ fields in TCR_EL1, TCR_EL2, TCR_EL3, VTCR_EL2 and VSTCR_EL2. This feature is supported in AArch64 state only. This patch adds support for this feature to both versions of the translation tables library. It also removes the static build time checks for virtual address space size checks to runtime assertions. Change-Id: I4e8cebc197ec1c2092dc7d307486616786e6c093 Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
- 11 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
ARMv8.2-TTCNP is mandatory from ARMv8.2 onwards, but it can be implemented in CPUs that don't implement all mandatory 8.2 features (and so have to claim to be a lower version). This patch removes usage of the ARM_ARCH_AT_LEAST() macro and uses system ID registers to detect whether it is needed to set the bit or not. Change-Id: I7bcbf0c7c937590dfc2ca668cfd9267c50f7d52c Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 04 Jan, 2019 2 commits
-
-
Antonio Nino Diaz authored
Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca339 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The architecture dependant header files in include/lib/${ARCH} and include/common/${ARCH} have been moved to /include/arch/${ARCH}. Change-Id: I96f30fdb80b191a51448ddf11b1d4a0624c03394 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 03 Jan, 2019 1 commit
-
-
Sathees Balya authored
This patch enables the Data Independent Timing functionality (DIT) in EL3 if supported by the platform. Change-Id: Ia527d6aa2ee88a9a9fe1c941220404b9ff5567e5 Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
- 18 Dec, 2018 1 commit
-
-
Antonio Nino Diaz authored
Some of the affected macros can only be used from C code. In general, we use arch_helpers.h for any C helpers to access registers. For consistency, the other macros have been moved as well. Also, import some AArch32 helpers from TF-A-Tests. Change-Id: Ie8fe1ddeadba5336c12971ddc39a7883121386b1 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 10 Dec, 2018 1 commit
-
-
Jeenu Viswambharan authored
The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass Safe) bit to mitigate against Variant 4 vulnerabilities. Although an Armv8.5 feature, this can be implemented by CPUs implementing earlier version of the architecture. With this patch, when both PSTATE.SSBS is implemented and DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to indicate that mitigation on the PE is either permanently enabled or not required. When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset of every BL stage. This means that EL3 always executes with mitigation applied. For Cortex A76, if the PE implements SSBS, the existing mitigation (by using a different vector table, and tweaking CPU ACTLR2) is not used. Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 26 Nov, 2018 1 commit
-
-
Antonio Nino Diaz authored
The headers forked at some point in the past and have diverged a lot. In order to make it easier to share code between TF-A-Tests and TF-A, this patch synchronises most of the definitions in the mentioned headers. This is not a complete sync, it has to be followed by more cleanup. This patch also removes the read helpers for the AArch32 instructions ats1cpr and ats1hr (they are write-only). Change-Id: Id13ecd7aeb83bd2318cd47156d71a42f1c9f6ba2 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 16 Oct, 2018 1 commit
-
-
Jeenu Viswambharan authored
Pointer authentication is an Armv8.3 feature that introduces instructions that can be used to authenticate and verify pointers. Pointer authentication instructions are allowed to be accessed from all ELs but only when EL3 explicitly allows for it; otherwise, their usage will trap to EL3. Since EL3 doesn't have trap handling in place, this patch unconditionally disables all related traps to EL3 to avoid potential misconfiguration leading to an unhandled EL3 exception. Fixes ARM-software/tf-issues#629 Change-Id: I9bd2efe0dc714196f503713b721ffbf05672c14d Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-