- 20 Aug, 2020 1 commit
-
-
Olivier Deprez authored
This patch provides a helper to get the entry_point_info structure used by the boot CPU as it is used to initialise the SPMC context on secondary CPUs. Change-Id: I99087dc7a86a7258e545d24a2ff06aa25170f00c Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
-
- 18 Aug, 2020 1 commit
-
-
Manish V Badarkhe authored
In case of AT speculative workaround applied, page table walk is disabled for lower ELs (EL1 and EL0) in EL3. Hence added a wrapper function which temporarily enables page table walk to execute AT instruction for lower ELs and then disables page table walk. Execute AT instructions directly for lower ELs (EL1 and EL0) assuming page table walk is enabled always when AT speculative workaround is not applied. Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 26 Jul, 2020 1 commit
-
-
Manish V Badarkhe authored
Currently, 'SMCCC_ARCH_FEATURES' SMC call handler unconditionally returns 'SMC_OK' for 'SMCCC_ARCH_SOC_ID' function. This seems to be not correct for the platform which doesn't implement soc-id functionality i.e. functions to retrieve both soc-version and soc-revision. Hence introduced a platform function which will check whether SMCCC feature is available for the platform. Also, updated porting guide for the newly added platform function. Change-Id: I389f0ef6b0837bb24c712aa995b7176117bc7961 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 23 Jun, 2020 1 commit
-
-
J-Alves authored
Change handler of FFA version interface: - Return SPMD's version if the origin of the call is secure; - Return SPMC's version if origin is non-secure. Signed-off-by: J-Alves <joao.alves@arm.com> Change-Id: I0d1554da79b72b1e02da6cc363a2288119c32f44
-
- 02 Jun, 2020 1 commit
-
-
Masahisa Kojima authored
Core spm_mm code expects the translation tables are located in the inner & outer WBWA & shareable memory. REGISTER_XLAT_CONTEXT2 macro is used to specify the translation table section in spm_mm. In the commit 363830df (xlat_tables_v2: merge REGISTER_XLAT_CONTEXT_{FULL_SPEC,RO_BASE_TABLE}), REGISTER_XLAT_CONTEXT2 macro explicitly specifies the base xlat table goes into .bss by default. This change affects the existing SynQuacer spm_mm implementation. plat/socionext/synquacer/include/plat.ld.S linker script intends to locate ".bss.sp_base_xlat_table" into "sp_xlat_table" section, but this implementation is no longer available. This patch adds the base table section name parameter for REGISTER_XLAT_CONTEXT2 so that platform can specify the inner & outer WBWA & shareable memory for spm_mm base xlat table. If PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME is not defined, base xlat table goes into .bss by default, the result is same as before. Change-Id: Ie0e1a235e5bd4288dc376f582d6c44c5df6d31b2 Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
-
- 25 May, 2020 1 commit
-
-
J-Alves authored
SPCI is renamed as PSA FF-A which stands for Platform Security Architecture Firmware Framework for A class processors. This patch replaces the occurrence of SPCI with PSA FF-A(in documents) or simply FFA(in code). Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760 Signed-off-by: J-Alves <joao.alves@arm.com>
-
- 15 May, 2020 1 commit
-
-
Balint Dobszay authored
This patch introduces dynamic configuration for SDEI setup and is supported when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays and processing the configuration at compile time, the config is moved to dts files. It will be retrieved at runtime during SDEI init, using the fconf layer. Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31 Signed-off-by: Balint Dobszay <balint.dobszay@arm.com> Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 13 May, 2020 2 commits
-
-
Olivier Deprez authored
Currently BL2 passes TOS_FW_CONFIG address and size through registers to BL31. This corresponds to SPMC manifest load address and size. The SPMC manifest is mapped in BL31 by dynamic mapping. This patch removes BL2 changes from generic code (which were enclosed by SPD=spmd) and retrieves SPMC manifest size directly from within SPMD. The SPMC manifest load address is still passed through a register by generic code. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I35c5abd95c616ae25677302f0b1d0c45c51c042f
-
Olivier Deprez authored
As a follow-up to bdd2596d , and related to SPM Dispatcher EL3 component and SPM Core S-EL2/S-EL1 component: update with cosmetic and coding rules changes. In addition: -Add Armv8.4-SecEL2 arch detection helper. -Add an SPMC context (on current core) get helper. -Return more meaningful error return codes. -Remove complexity in few spmd_smc_handler switch-cases. -Remove unused defines and structures from spmd_private.h Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I99e642450b0dafb19d3218a2f0e2d3107e8ca3fe
-
- 05 May, 2020 1 commit
-
-
Manish V Badarkhe authored
Commit 0e753437 ("Implement SMCCC_ARCH_SOC_ID SMC call") executes and return the result of SMCCC_ARCH_SOC_ID(soc_id_type) to the SMCCC_ARCH_FEATURES(SMCCC_ARCH_SOC_ID) itself. Moreover it expect to pass soc_id_type for SMCCC_ARCH_FEATURES(SMCCC_ARCH_SOC_ID) which is incorrect. Fix the implementation by returning SMC_OK for SMCCC_ARCH_FEATURES(SMCCC_ARCH_SOC_ID) always and move the current implementation under "smccc_arch_id" function which gets called from SMC handler on receiving "SMCCC_ARCH_SOC_ID" command. This change is tested over linux operating system Change-Id: I61a980045081eae786b907d408767ba9ecec3468 Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 22 Mar, 2020 1 commit
-
-
Mustafa Yigit Bilgen authored
This patch adds support to handle following TLK SMCs: {TLK_SET_BL_VERSION, TLK_LOCK_BL_INTERFACE, TLK_BL_RPMB_SERVICE} These SMCs need to be supported in ATF in order to forward them to TLK. Otherwise, these functionalities won't work. Brief: TLK_SET_BL_VERSION: This SMC is issued by the bootloader to supply its version to TLK. TLK can use this to prevent rollback attacks. TLK_LOCK_BL_INTERFACE: This SMC is issued by bootloader before handing off execution to the OS. This allows preventing sensitive SMCs being used by the OS. TLK_BL_RPMB_SERVICE: bootloader issues this SMC to sign or verify RPMB frames. Tested by: Tests TLK can receive the new SMCs issued by bootloader Change-Id: I57c2d189a5f7a77cea26c3f8921866f2a6f0f944 Signed-off-by: Mustafa Yigit Bilgen <mbilgen@nvidia.com>
-
- 19 Mar, 2020 2 commits
-
-
Varun Wadekar authored
TLK does not participate in the system off/reset process and so has no use for the SYSTEM_OFF/RESET notifications. This patch removes the system off/reset handlers as a result. Change-Id: Icf1430b1400cea88000e6d54426eb604a43cbe6c Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
Platforms that do not support Trusty, usually see error messages from the Trusty SPD, during boot. This can be interpreted as a boot failure. This patch lowers the logging level for those error messages to avoid confusion. Change-Id: I931baa2c6db0de1aee17383039bc29ed229a1f25 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 17 Mar, 2020 1 commit
-
-
Manish V Badarkhe authored
Implemented SMCCC_ARCH_SOC_ID call in order to get below SOC information: 1. SOC revision 2. SOC version Implementation done using below SMCCC specification document: https://developer.arm.com/docs/den0028/c Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: Ie0595f1c345a6429a6fb4a7f05534a0ca9c9a48b
-
- 12 Mar, 2020 1 commit
-
-
Max Shvetsov authored
This patch introduces the `SPCI_ID_GET` interface which will return the ID of the calling SPCI component. Returns 0 for requests from the non-secure world and the SPCI component ID as specified in the manifest for secure world requests. Change-Id: Icf81eb1d0e1d7d5c521571e04972b6e2d356e0d1 Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com> Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
-
- 11 Mar, 2020 1 commit
-
-
Varun Wadekar authored
This patch adds an interrupt handler for TLK. On receiving an interrupt, the source of the interrupt is determined and the interrupt is marked complete. The IRQ number is passed to TLK along with a special SMC function ID. TLK issues an SMC to notify completion of the interrupt handler in the S-EL1 world. Change-Id: I76f28cee6537245c5e448d2078f86312219cea1a Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 03 Mar, 2020 4 commits
-
-
Max Shvetsov authored
Added SPMD_SPM_AT_SEL2 build command line parameter. Set to 1 to run SPM at S-EL2. Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled). Removed runtime EL from SPM core manifest. Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0 Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
Olivier Deprez authored
Change-Id: Icc8f73660453a2cbb2241583684b615d5d1af9d4 Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
-
Max Shvetsov authored
Change-Id: I8881d489994aea667e3dd59932ab4123f511d6ba Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
Max Shvetsov authored
This patch adds EL2 registers that are supported up to ARMv8.6. ARM_ARCH_MINOR has to specified to enable save/restore routine. Note: Following registers are still not covered in save/restore. * AMEVCNTVOFF0<n>_EL2 * AMEVCNTVOFF1<n>_EL2 * ICH_AP0R<n>_EL2 * ICH_AP1R<n>_EL2 * ICH_LR<n>_EL2 Change-Id: I4813f3243e56e21cb297b31ef549a4b38d4876e1 Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 02 Mar, 2020 1 commit
-
-
Max Shvetsov authored
NOTE: Not all EL-2 system registers are saved/restored. This subset includes registers recognized by ARMv8.0 Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0 Signed-off-by: Jose Marinho <jose.marinho@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 20 Feb, 2020 1 commit
-
-
Manish V Badarkhe authored
Removed duplicate error code present for SMCCC and used proper error code for "SMCCC_ARCH_WORKAROUND_2" call. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I76fc7c88095f78a7e2c3d205838f8eaf3132ed5c
-
- 18 Feb, 2020 1 commit
-
-
Zelalem authored
Fixes for the following MISRA violations: - Missing explicit parentheses on sub-expression - An identifier or macro name beginning with an underscore, shall not be declared - Type mismatch in BL1 SMC handlers and tspd_main.c Change-Id: I7a92abf260da95acb0846b27c2997b59b059efc4 Signed-off-by: Zelalem <zelalem.aweke@arm.com>
-
- 12 Feb, 2020 3 commits
-
-
Arve Hjønnevåg authored
Add SMC_GET_GIC_BASE_GICR option to SMC_FC_GET_REG_BASE and SMC_FC64_GET_REG_BASE calls for returning the base address of the gic redistributor added in gic version 3. Bug: 122357256 Change-Id: Ia7c287040656515bab262588163e0c5fc8f13a21 Signed-off-by: Arve Hjønnevåg <arve@android.com>
-
Arve Hjønnevåg authored
Some platforms define GICD_BASE instead of PLAT_ARM_GICD_BASE but the meaning is the same. Change-Id: I1bb04bb49fdab055b365b1d70a4d48d2058e49df Signed-off-by: Arve Hjønnevåg <arve@android.com>
-
Arve Hjønnevåg authored
Some platforms define BL32_MEM_SIZE instead of TSP_SEC_MEM_SIZE, but the meaning is the same. Change-Id: I93d96dca442e653435cae6a165b1955efe2d2b75 Signed-off-by: Arve Hjønnevåg <arve@android.com>
-
- 10 Feb, 2020 2 commits
-
-
Achin Gupta authored
This patch adds support to initialise the SPM dispatcher as a standard secure service. It also registers a handler for SPCI SMCs exported by the SPM dispatcher. Signed-off-by: Achin Gupta <achin.gupta@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Change-Id: I2183adf826d08ff3fee9aee75f021021162b6477
-
Achin Gupta authored
This patch adds a rudimentary SPM dispatcher component in EL3. It does the following: - Consumes the TOS_FW_CONFIG to determine properties of the SPM core component - Initialises the SPM core component which resides in the BL32 image - Implements a handler for SPCI calls from either security state. Some basic validation is done for each call but in most cases it is simply forwarded as-is to the "other" security state. Signed-off-by: Achin Gupta <achin.gupta@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Change-Id: I7d116814557f7255f4f4ebb797d1619d4fbab590
-
- 22 Jan, 2020 1 commit
-
-
Anthony Steinhauser authored
Even though ERET always causes a jump to another address, aarch64 CPUs speculatively execute following instructions as if the ERET instruction was not a jump instruction. The speculative execution does not cross privilege-levels (to the jump target as one would expect), but it continues on the kernel privilege level as if the ERET instruction did not change the control flow - thus execution anything that is accidentally linked after the ERET instruction. Later, the results of this speculative execution are always architecturally discarded, however they can leak data using microarchitectural side channels. This speculative execution is very reliable (seems to be unconditional) and it manages to complete even relatively performance-heavy operations (e.g. multiple dependent fetches from uncached memory). This was fixed in Linux, FreeBSD, OpenBSD and Optee OS: https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8 https://github.com/freebsd/freebsd/commit/29fb48ace4186a41c409fde52bcf4216e9e50b61 https://github.com/openbsd/src/commit/3a08873ece1cb28ace89fd65e8f3c1375cc98de2 https://github.com/OP-TEE/optee_os/commit/abfd092aa19f9c0251e3d5551e2d68a9ebcfec8a It is demonstrated in a SafeSide example: https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c Signed-off-by: Anthony Steinhauser <asteinhauser@google.com> Change-Id: Iead39b0b9fb4b8d8b5609daaa8be81497ba63a0f
-
- 20 Dec, 2019 10 commits
-
-
Paul Beesley authored
Change-Id: I2bab67f319758dd033aa689d985227cad796cdea Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
Change-Id: I851be04fc5de8a95ea11270996f8ca33f0fccadb Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
Change-Id: I575188885ebed8c5f0682ac6e0e7dd159155727f Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
Change-Id: Ie47009158032c2e8f35febd7bf5458156f334ead Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
Change-Id: Idcd2a35cd2b30d77a7ca031f7e0172814bdb8cab Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
The contents of this header have been merged into the spm_mm_svc.h header file. Change-Id: I01530b2e4ec1b4c091ce339758025e2216e740a4 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
Change-Id: I91c192924433226b54d33e57d56d146c1c6df81b Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
Before adding any new SPM-related components we should first do some cleanup around the existing SPM-MM implementation. The aim is to make sure that any SPM-MM components have names that clearly indicate that they are MM-related. Otherwise, when adding new SPM code, it could quickly become confusing as it would be unclear to which component the code belongs. The secure_partition.h header is a clear example of this, as the name is generic so it could easily apply to any SPM-related code, when it is in fact SPM-MM specific. This patch renames the file and the two structures defined within it, and then modifies any references in files that use the header. Change-Id: I44bd95fab774c358178b3e81262a16da500fda26 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
The Secure Partition Manager (SPM) prototype implementation is being removed. This is preparatory work for putting in place a dispatcher component that, in turn, enables partition managers at S-EL2 / S-EL1. This patch removes: - The core service files (std_svc/spm) - The Resource Descriptor headers (include/services) - SPRT protocol support and service definitions - SPCI protocol support and service definitions Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426 Signed-off-by: Paul Beesley <paul.beesley@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
-
Paul Beesley authored
There are two different implementations of Secure Partition management in TF-A. One is based on the "Management Mode" (MM) design, the other is based on the Secure Partition Client Interface (SPCI) specification. Currently there is a dependency between their build flags that shouldn't exist, making further development harder than it should be. This patch removes that dependency, making the two flags function independently. Before: ENABLE_SPM=1 is required for using either implementation. By default, the SPCI-based implementation is enabled and this is overridden if SPM_MM=1. After: ENABLE_SPM=1 enables the SPCI-based implementation. SPM_MM=1 enables the MM-based implementation. The two build flags are mutually exclusive. Note that the name of the ENABLE_SPM flag remains a bit ambiguous - this will be improved in a subsequent patch. For this patch the intention was to leave the name as-is so that it is easier to track the changes that were made. Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 19 Nov, 2019 1 commit
-
-
Justin Chadwell authored
Variable shadowing is, according to the C standard, permitted and valid behaviour. However, allowing a local variable to take the same name as a global one can cause confusion and can make refactoring and bug hunting more difficult. This patch moves -Wshadow from WARNING2 into the general warning group so it is always used. It also fixes all warnings that this introduces by simply renaming the local variable to a new name Change-Id: I6b71bdce6580c6e58b5e0b41e4704ab0aa38576e Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-