1. 15 Mar, 2021 1 commit
    • Olivier Deprez's avatar
      SPM: declare third cactus instance as UP SP · e96fc8e7
      Olivier Deprez authored
      
      
      The FF-A v1.0 spec allows two configurations for the number of EC/vCPU
      instantiated in a Secure Partition:
      -A MultiProcessor (MP) SP instantiates as many ECs as the number of PEs.
      An EC is pinned to a corresponding physical CPU.
      -An UniProcessor (UP) SP instantiates a single EC. The EC is migrated to
      the physical CPU from which the FF-A call is originating.
      This change permits exercising the latter case within the TF-A-tests
      framework.
      Signed-off-by: default avatarOlivier Deprez <olivier.deprez@arm.com>
      Change-Id: I7fae0e7b873f349b34e57de5cea496210123aea0
      e96fc8e7
  2. 10 Mar, 2021 1 commit
  3. 01 Mar, 2021 1 commit
  4. 16 Feb, 2021 1 commit
  5. 15 Feb, 2021 1 commit
    • Andre Przywara's avatar
      plat/arm: juno: Condition Juno entropy source with CRC instructions · eb18ce32
      Andre Przywara authored
      
      
      The Juno Trusted Entropy Source has a bias, which makes the generated
      raw numbers fail a FIPS 140-2 statistic test.
      
      To improve the quality of the numbers, we can use the CPU's CRC
      instructions, which do a decent job on conditioning the bits.
      
      This adds a *very* simple version of arm_acle.h, which is typically
      provided by the compiler, and contains the CRC instrinsics definitions
      we need. We need the original version by using -nostdinc.
      
      Change-Id: I83d3e6902d6a1164aacd5060ac13a38f0057bd1a
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      eb18ce32
  6. 11 Feb, 2021 2 commits
    • Andre Przywara's avatar
      plat/arm: juno: Refactor juno_getentropy() · 543f0d8b
      Andre Przywara authored
      
      
      Currently we use the Juno's TRNG hardware entropy source to initialise
      the stack canary. The current function allows to fill a buffer of any
      size, but we will actually only ever request 16 bytes, as this is what
      the hardware implements. Out of this, we only need at most 64 bits for
      the canary.
      
      In preparation for the introduction of the SMCCC TRNG interface, we
      can simplify this Juno specific interface by making it compatible with
      the generic one: We just deliver 64 bits of entropy on each call.
      This reduces the complexity of the code. As the raw entropy register
      readouts seem to be biased, it makes sense to do some conditioning
      inside the juno_getentropy() function already.
      Also initialise the TRNG hardware, if not already done.
      
      Change-Id: I11b977ddc5417d52ac38709a9a7b61499eee481f
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      543f0d8b
    • Vijayenthiran Subramaniam's avatar
      plat/arm/rdn2: update TZC base address · 4e8060d2
      Vijayenthiran Subramaniam authored
      
      
      Update TZC base address to align with the recent changes in the platform
      memory map.
      Signed-off-by: default avatarVijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
      Change-Id: I0d0ad528a2e236607c744979e1ddc5c6d426687a
      4e8060d2
  7. 09 Feb, 2021 2 commits
    • Manish V Badarkhe's avatar
      plat/arm: fvp: Protect GICR frames for fused/unused cores · f98630fb
      Manish V Badarkhe authored
      
      
      Currently, BLs are mapping the GIC memory region as read-write
      for all cores on boot-up.
      
      This opens up the security hole where the active core can write
      the GICR frame of fused/inactive core. To avoid this issue, disable
      the GICR frame of all inactive cores as below:
      
      1. After primary CPU boots up, map GICR region of all cores as
         read-only.
      2. After primary CPU boots up, map its GICR region as read-write
         and initialize its redistributor interface.
      3. After secondary CPU boots up, map its GICR region as read-write
         and initialize its redistributor interface.
      4. All unused/fused core's redistributor regions remain read-only and
         write attempt to such protected regions results in an exception.
      
      As mentioned above, this patch offers only the GICR memory-mapped
      region protection considering there is no facility at the GIC IP
      level to avoid writing the redistributor area.
      
      These changes are currently done in BL31 of Arm FVP and guarded under
      the flag 'FVP_GICR_REGION_PROTECTION'.
      
      As of now, this patch is tested manually as below:
      1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
      2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
         register of core 1’s(fused) redistributor from core 0(active).
      
      Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      f98630fb
    • Manish V Badarkhe's avatar
      plat/arm: fvp: Do not map GIC region in BL1 and BL2 · e0cea783
      Manish V Badarkhe authored
      
      
      GIC memory region is not getting used in BL1 and BL2.
      Hence avoid its mapping in BL1 and BL2 that freed some
      page table entries to map other memory regions in the
      future.
      
      Retains mapping of CCN interconnect region in BL1 and BL2
      overlapped with the GIC memory region.
      
      Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      e0cea783
  8. 08 Feb, 2021 1 commit
  9. 05 Feb, 2021 1 commit
  10. 03 Feb, 2021 1 commit
  11. 02 Feb, 2021 1 commit
  12. 29 Jan, 2021 2 commits
    • Pranav Madhu's avatar
      plat/arm/board: enable AMU for RD-N2 · f7bab276
      Pranav Madhu authored
      
      
      AMU counters are used for monitoring the CPU performance. RD-N2 platform
      has architected AMU available for each core. Enable the use of AMU by
      non-secure OS for supporting the use of counters for processor
      performance control (ACPI CPPC).
      
      Change-Id: I5cc749cf63c18fc5c7563dd754c2f42990a97e23
      Signed-off-by: default avatarPranav Madhu <pranav.madhu@arm.com>
      f7bab276
    • Pranav Madhu's avatar
      plat/arm/board: enable AMU for RD-V1 · c9bf2cf5
      Pranav Madhu authored
      
      
      AMU counters are used for monitoring the CPU performance. RD-V1 platform
      has architected AMU available for each core. Enable the use of AMU by
      non-secure OS for supporting the use of counters for processor
      performance control (ACPI CPPC).
      
      Change-Id: I4003d21407953f65b3ce99eaa8f496d6052546e0
      Signed-off-by: default avatarPranav Madhu <pranav.madhu@arm.com>
      c9bf2cf5
  13. 11 Jan, 2021 2 commits
  14. 07 Jan, 2021 1 commit
    • Pali Rohár's avatar
      Makefile: Do not mark file targets as .PHONY target · a9812206
      Pali Rohár authored
      
      
      Only non-file targets should be set a .PHONY. Otherwise if file target is
      set as .PHONY then targets which depends on those file .PHONY targets would
      be always rebuilt even when their prerequisites are not changed.
      
      File target which needs to be always rebuilt can be specified in Make
      system via having a prerequisite on some .PHONY target, instead of marking
      whole target as .PHONY. In Makefile projects it is common to create empty
      .PHONY target named FORCE for this purpose.
      
      This patch changes all file targets which are set as .PHONY to depends on
      new .PHONY target FORCE, to ensure that these file targets are always
      rebuilt (as before). Basically they are those targets which calls external
      make subprocess.
      
      After FORCE target is specified in main Makefile, remove it from other
      Makefile files to prevent duplicate definitions.
      Signed-off-by: default avatarPali Rohár <pali@kernel.org>
      Change-Id: Iee3b4e0de93879b95eb29a1745a041538412e69e
      a9812206
  15. 16 Dec, 2020 1 commit
  16. 14 Dec, 2020 2 commits
  17. 09 Dec, 2020 3 commits
  18. 08 Dec, 2020 4 commits
  19. 30 Nov, 2020 1 commit
  20. 21 Oct, 2020 1 commit
  21. 20 Oct, 2020 5 commits
  22. 09 Oct, 2020 1 commit
    • Jimmy Brisson's avatar
      Don't return error information from console_flush · 831b0e98
      Jimmy Brisson authored
      
      
      And from crash_console_flush.
      
      We ignore the error information return by console_flush in _every_
      place where we call it, and casting the return type to void does not
      work around the MISRA violation that this causes. Instead, we collect
      the error information from the driver (to avoid changing that API), and
      don't return it to the caller.
      
      Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
      Signed-off-by: default avatarJimmy Brisson <jimmy.brisson@arm.com>
      831b0e98
  23. 06 Oct, 2020 1 commit
    • Usama Arif's avatar
      plat/arm: common: add guard for arm_get_rotpk_info_regs · 3bfcc9d7
      Usama Arif authored
      
      
      Only define arm_get_rotpk_info_regs if ROTPK is in registers,
      i.e. (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID). This will
      allow platform build without definition of TZ_PUB_KEY_HASH_BASE
      if dedicated registers for ROTPK are not available on the platform.
      
      Change-Id: I74ee2d5007f5d876a031a1efca20ebee2dede0c7
      Signed-off-by: default avatarUsama Arif <usama.arif@arm.com>
      3bfcc9d7
  24. 05 Oct, 2020 2 commits
  25. 02 Oct, 2020 1 commit