Skip to content

GitLab

Switch branch/tag
  1. 11 Jul, 2018 2 commits
    • Roberto Vargas's avatar
      Remove integrity check in declare_cpu_ops_base · 9fdad699
      Roberto Vargas authored 
      

This check was added to ensure the correct behaviour of fill_constants
macro. This macro has been verified and it is known his correct
behaviour. The check generates an error when the clang assembler is
used, so it is better to remove the check.

Change-Id: I3447ff9e9e5ee5cf0502f65e53c3d105d9396b8b
Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      9fdad699
    • Roberto Vargas's avatar
      Remove .struct directive · f21b9f6d
      Roberto Vargas authored 
      

This directive is not implemented by clang assembler. The traditional
way to implement structs in assembly is using two macros for every field,
one for the offset, and another one for the size. For every field, the
offset can be calculated using the size and offset of the previous field.

Change-Id: Iacc6781e8f302fb925898737b8e85ab4e88a51cc
Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      f21b9f6d
  3. 08 Jun, 2018 4 commits
  5. 23 May, 2018 4 commits
    • Dimitris Papastamos's avatar
      Add support for dynamic mitigation for CVE-2018-3639 · fe007b2e
      Dimitris Papastamos authored 
      

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639.  A new SMC interface is defined to allow software
executing in lower ELs to enable or disable the mitigation for their
execution context.

It should be noted that regardless of the state of the mitigation for
lower ELs, code executing in EL3 is always mitigated against
CVE-2018-3639.

NOTE: This change is a compatibility break for any platform using
the declare_cpu_ops_workaround_cve_2017_5715 macro.  Migrate to
the declare_cpu_ops_wa macro instead.

Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      fe007b2e
    • Dimitris Papastamos's avatar
      aarch32: Implement static workaround for CVE-2018-3639 · e0865708
      Dimitris Papastamos authored 
      

Implement static mitigation for CVE-2018-3639 on
Cortex A57 and A72.

Change-Id: I83409a16238729b84142b19e258c23737cc1ddc3
Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      e0865708
    • Dimitris Papastamos's avatar
      Implement static workaround for CVE-2018-3639 · b8a25bbb
      Dimitris Papastamos authored 
      For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.

This approach permanently mitigates the entire software stack and no
additional mitigation code is required in other software components.

TF-A implements this approach for the following affected CPUs:

*   Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
    `CPUACTLR_EL1` (`S3_1_C15_C2_0`).

*   Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
    Technical Reference Manual (TRM)).

*   Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
    (`S3_0_C15_C1_0`).

Additionally, a new SMC interface is implemented to allow software
executing in lower ELs to discover whether the system is mitigated
against CVE-2018-3639.

Refer to "Firmware interfaces for mitigating cache speculation
vulnerabilities System Software on Arm Systems"[0] for more
information.

[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification



Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      b8a25bbb
    • Dimitris Papastamos's avatar
      Rename symbols and files relating to CVE-2017-5715 · 2c3a1078
      Dimitris Papastamos authored 
      

This patch renames symbols and files relating to CVE-2017-5715 to make
it easier to introduce new symbols and files for new CVE mitigations.

Change-Id: I24c23822862ca73648c772885f1690bed043dbc7
Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      2c3a1078
  7. 12 Apr, 2018 1 commit
  9. 14 Mar, 2018 2 commits
  11. 28 Feb, 2018 1 commit
  13. 27 Feb, 2018 3 commits
  15. 18 Jan, 2018 2 commits
    • Dimitris Papastamos's avatar
      Workaround for CVE-2017-5715 for Cortex A9, A15 and A17 · e4b34efa
      Dimitris Papastamos authored 
      

A per-cpu vbar is installed that implements the workaround by
invalidating the branch target buffer (BTB) directly in the case of A9
and A17 and indirectly by invalidating the icache in the case of A15.

For Cortex A57 and A72 there is currently no workaround implemented
when EL3 is in AArch32 mode so report it as missing.

For other vulnerable CPUs (e.g. Cortex A73 and Cortex A75), there are
no changes since there is currently no upstream AArch32 EL3 support
for these CPUs.

Change-Id: Ib42c6ef0b3c9ff2878a9e53839de497ff736258f
Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      e4b34efa
    • Roberto Vargas's avatar
      bl2-el3: Add BL2_EL3 image · b1d27b48
      Roberto Vargas authored 
      

This patch enables BL2 to execute at the highest exception level
without any dependancy on TF BL1. This enables platforms which already
have a non-TF Boot ROM to directly load and execute BL2 and subsequent BL
stages without need for BL1.  This is not currently possible because
BL2 executes at S-EL1 and cannot jump straight to EL3.

Change-Id: Ief1efca4598560b1b8c8e61fbe26d1f44e929d69
Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      b1d27b48
  17. 11 Jan, 2018 1 commit
  19. 29 Nov, 2017 1 commit
  21. 08 Nov, 2017 6 commits
  23. 07 Sep, 2017 2 commits
  25. 29 Aug, 2017 2 commits
  27. 20 Jun, 2017 2 commits
  29. 15 Jun, 2017 1 commit
  31. 14 Jun, 2017 1 commit
  33. 01 Jun, 2017 1 commit
  35. 24 May, 2017 1 commit
  37. 03 May, 2017 1 commit
  39. 29 Apr, 2017 1 commit
    • Scott Branden's avatar
      Move defines in utils.h to utils_def.h to fix shared header compile issues · 53d9c9c8
      Scott Branden authored 
      

utils.h is included in various header files for the defines in it.
Some of the other header files only contain defines.  This allows the
header files to be shared between host and target builds for shared defines.

Recently types.h has been included in utils.h as well as some function
prototypes.

Because of the inclusion of types.h conflicts exist building host tools
abd these header files now.  To solve this problem,
move the defines to utils_def.h and have this included by utils.h and
change header files to only include utils_def.h and not pick up the new
types.h being introduced.

Fixes ARM-software/tf-issues#461
Signed-off-by: default avatarScott Branden <scott.branden@broadcom.com>

Remove utils_def.h from utils.h

This patch removes utils_def.h from utils.h as it is not required.
And also makes a minor change to ensure Juno platform compiles.

Change-Id: I10cf1fb51e44a8fa6dcec02980354eb9ecc9fa29
      53d9c9c8
  41. 20 Apr, 2017 1 commit