1. 31 Jan, 2018 2 commits
  2. 18 Jan, 2018 1 commit
    • Dimitris Papastamos's avatar
      sp_min: Implement workaround for CVE-2017-5715 · 7343505d
      Dimitris Papastamos authored
      
      
      This patch introduces two workarounds for ARMv7 systems.  The
      workarounds need to be applied prior to any `branch` instruction in
      secure world.  This is achieved using a custom vector table where each
      entry is an `add sp, sp, #1` instruction.
      
      On entry to monitor mode, once the sequence of `ADD` instructions is
      executed, the branch target buffer (BTB) is invalidated.  The bottom
      bits of `SP` are then used to decode the exception entry type.
      
      A side effect of this change is that the exception vectors are
      installed before the CPU specific reset function.  This is now
      consistent with how it is done on AArch64.
      
      Note, on AArch32 systems, the exception vectors are typically tightly
      integrated with the secure payload (e.g. the Trusted OS).  This
      workaround will need porting to each secure payload that requires it.
      
      The patch to modify the AArch32 per-cpu vbar to the corresponding
      workaround vector table according to the CPU type will be done in a
      later patch.
      
      Change-Id: I5786872497d359e496ebe0757e8017fa98f753fa
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      7343505d
  3. 29 Nov, 2017 1 commit
  4. 08 Nov, 2017 1 commit
  5. 16 Oct, 2017 1 commit
  6. 13 Oct, 2017 1 commit
    • David Cunado's avatar
      Init and save / restore of PMCR_EL0 / PMCR · 3e61b2b5
      David Cunado authored
      
      
      Currently TF does not initialise the PMCR_EL0 register in
      the secure context or save/restore the register.
      
      In particular, the DP field may not be set to one to prohibit
      cycle counting in the secure state, even though event counting
      generally is prohibited via the default setting of MDCR_EL3.SMPE
      to 0.
      
      This patch initialises PMCR_EL0.DP to one in the secure state
      to prohibit cycle counting and also initialises other fields
      that have an architectually UNKNOWN reset value.
      
      Additionally, PMCR_EL0 is added to the list of registers that are
      saved and restored during a world switch.
      
      Similar changes are made for PMCR for the AArch32 execution state.
      
      NOTE: secure world code at lower ELs that assume other values in PMCR_EL0
      will be impacted.
      
      Change-Id: Iae40e8c0a196d74053accf97063ebc257b4d2f3a
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      3e61b2b5
  7. 11 Sep, 2017 1 commit
  8. 24 Aug, 2017 1 commit
    • Isla Mitchell's avatar
      Enable CnP bit for ARMv8.2 CPUs · 9fce2725
      Isla Mitchell authored
      
      
      This patch enables the CnP (Common not Private) bit for secure page
      tables so that multiple PEs in the same Inner Shareable domain can use
      the same translation table entries for a given stage of translation in
      a particular translation regime. This only takes effect when ARM
      Trusted Firmware is built with ARM_ARCH_MINOR >= 2.
      
      ARM Trusted Firmware Design has been updated to include a description
      of this feature usage.
      
      Change-Id: I698305f047400119aa1900d34c65368022e410b8
      Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      9fce2725
  9. 21 Jun, 2017 1 commit
    • David Cunado's avatar
      Fully initialise essential control registers · 18f2efd6
      David Cunado authored
      
      
      This patch updates the el3_arch_init_common macro so that it fully
      initialises essential control registers rather then relying on hardware
      to set the reset values.
      
      The context management functions are also updated to fully initialise
      the appropriate control registers when initialising the non-secure and
      secure context structures and when preparing to leave EL3 for a lower
      EL.
      
      This gives better alignement with the ARM ARM which states that software
      must initialise RES0 and RES1 fields with 0 / 1.
      
      This patch also corrects the following typos:
      
      "NASCR definitions" -> "NSACR definitions"
      
      Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      18f2efd6
  10. 03 May, 2017 1 commit
  11. 20 Apr, 2017 2 commits
  12. 27 Mar, 2017 1 commit
    • Summer Qin's avatar
      ARM platforms: Add support for MT bit in MPIDR · d8d6cf24
      Summer Qin authored
      
      
      This patch modifies some of the functions in ARM platform layer to cater
      for the case when multi-threading `MT` is set in MPIDR. A new build flag
      `ARM_PLAT_MT` is added, and when enabled, the functions accessing MPIDR
      now assume that the `MT` bit is set for the platform and access the bit
      fields accordingly.
      
      Also, a new API plat_arm_get_cpu_pe_count is added when `ARM_PLAT_MT` is
      enabled, returning the PE count within the physical cpu corresponding to
      `mpidr`.
      
      Change-Id: I04ccf212ac3054a60882761f4087bae299af13cb
      Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
      d8d6cf24
  13. 08 Mar, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Add dynamic region support to xlat tables lib v2 · 0b64f4ef
      Antonio Nino Diaz authored
      
      
      Added APIs to add and remove regions to the translation tables
      dynamically while the MMU is enabled. Only static regions are allowed
      to overlap other static ones (for backwards compatibility).
      
      A new private attribute (MT_DYNAMIC / MT_STATIC) has been added to
      flag each region as such.
      
      The dynamic mapping functionality can be enabled or disabled when
      compiling by setting the build option PLAT_XLAT_TABLES_DYNAMIC to 1
      or 0. This can be done per-image.
      
      TLB maintenance code during dynamic table mapping and unmapping has
      also been added.
      
      Fixes ARM-software/tf-issues#310
      
      Change-Id: I19e8992005c4292297a382824394490c5387aa3b
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      0b64f4ef
  14. 15 Feb, 2017 1 commit
    • dp-arm's avatar
      Disable secure self-hosted debug via MDCR_EL3/SDCR · 85e93ba0
      dp-arm authored
      
      
      Trusted Firmware currently has no support for secure self-hosted
      debug.  To avoid unexpected exceptions, disable software debug
      exceptions, other than software breakpoint instruction exceptions,
      from all exception levels in secure state.  This applies to both
      AArch32 and AArch64 EL3 initialization.
      
      Change-Id: Id097e54a6bbcd0ca6a2be930df5d860d8d09e777
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      85e93ba0
  15. 01 Dec, 2016 1 commit
    • David Cunado's avatar
      Reset EL2 and EL3 configurable controls · 939f66d6
      David Cunado authored
      
      
      This patch resets EL2 and EL3 registers that have architecturally
      UNKNOWN values on reset and that also provide EL2/EL3 configuration
      and trap controls.
      
      Specifically, the EL2 physical timer is disabled to prevent timer
      interrups into EL2 - CNTHP_CTL_EL2 and CNTHP_CTL for AArch64 and AArch32,
      respectively.
      
      Additionally, for AArch64, HSTR_EL2 is reset to avoid unexpected traps of
      non-secure access to certain system registers at EL1 or lower.
      
      For AArch32, the patch also reverts the reset to SDCR which was
      incorrectly added in a previous change.
      
      Change-Id: If00eaa23afa7dd36a922265194ccd6223187414f
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      939f66d6
  16. 09 Nov, 2016 1 commit
    • David Cunado's avatar
      Reset debug registers MDCR-EL3/SDCR and MDCR_EL2/HDCR · 495f3d3c
      David Cunado authored
      
      
      In order to avoid unexpected traps into EL3/MON mode, this patch
      resets the debug registers, MDCR_EL3 and MDCR_EL2 for AArch64,
      and SDCR and HDCR for AArch32.
      
      MDCR_EL3/SDCR is zero'ed when EL3/MON mode is entered, at the
      start of BL1 and BL31/SMP_MIN.
      
      For MDCR_EL2/HDCR, this patch zero's the bits that are
      architecturally UNKNOWN values on reset. This is done when
      exiting from EL3/MON mode but only on platforms that support
      EL2/HYP mode but choose to exit to EL1/SVC mode.
      
      Fixes ARM-software/tf-issues#430
      
      Change-Id: Idb992232163c072faa08892251b5626ae4c3a5b6
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      495f3d3c
  17. 14 Oct, 2016 1 commit
    • Soby Mathew's avatar
      Unify SCTLR initialization for AArch32 normal world · b7b0787d
      Soby Mathew authored
      
      
      The values of CP15BEN, nTWI & nTWE bits in SCTLR_EL1 are architecturally
      unknown if EL3 is AARCH64 whereas they reset to 1 if EL3 is AArch32. This
      might be a compatibility break for legacy AArch32 normal world software if
      these bits are not set to 1 when EL3 is AArch64. This patch enables the
      CP15BEN, nTWI and nTWE bits in the SCTLR_EL1 if the lower non-secure EL is
      AArch32. This unifies the SCTLR settings for lower non-secure EL in AArch32
      mode for both AArch64 and AArch32 builds of Trusted Firmware.
      
      Fixes ARM-software/tf-issues#428
      
      Change-Id: I3152d1580e4869c0ea745c5bd9da765f9c254947
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      b7b0787d
  18. 21 Sep, 2016 1 commit
    • Yatharth Kochar's avatar
      AArch32: Common changes needed for BL1/BL2 · 1a0a3f06
      Yatharth Kochar authored
      This patch adds common changes to support AArch32 state in
      BL1 and BL2. Following are the changes:
      
      * Added functions for disabling MMU from Secure state.
      * Added AArch32 specific SMC function.
      * Added semihosting support.
      * Added reporting of unhandled exceptions.
      * Added uniprocessor stack support.
      * Added `el3_entrypoint_common` macro that can be
        shared by BL1 and BL32 (SP_MIN) BL stages. The
        `el3_entrypoint_common` is similar to the AArch64
        counterpart with the main difference in the assembly
        instructions and the registers that are relevant to
        AArch32 execution state.
      * Enabled `LOAD_IMAGE_V2` flag in Makefile for
        `ARCH=aarch32` and added check to make sure that
        platform has not overridden to disable it.
      
      Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
      1a0a3f06
  19. 23 Aug, 2016 1 commit
    • Antonio Nino Diaz's avatar
      Automatically select initial xlation lookup level · e8719552
      Antonio Nino Diaz authored
      Instead of hardcoding a level 1 table as the base translation level
      table, let the code decide which level is the most appropriate given
      the virtual address space size.
      
      As the table granularity is 4 KB, this allows the code to select
      level 0, 1 or 2 as base level for AArch64. This way, instead of
      limiting the virtual address space width to 39-31 bits, widths of
      48-25 bit can be used.
      
      For AArch32, this change allows the code to select level 1 or 2
      as the base translation level table and use virtual address space
      width of 32-25 bits.
      
      Also removed some unused definitions related to translation tables.
      
      Fixes ARM-software/tf-issues#362
      
      Change-Id: Ie3bb5d6d1a4730a26700b09827c79f37ca3cdb65
      e8719552
  20. 10 Aug, 2016 1 commit
    • Soby Mathew's avatar
      AArch32: Add essential Arch helpers · 031dbb12
      Soby Mathew authored
      This patch adds the essential AArch32 architecture helpers
      arch.h and arch_helpers.h and modifies `_types.h` to add AArch32
      support.
      
      A new build option `ARCH` is defined in the top level makefile to
      enable the component makefiles to choose the right files based on the
      Architecture it is being build for. Depending on this flag, either
      `AARCH32` or `AARCH64` flag is defined by the Makefile. The default
      value of `ARCH` flag is `aarch64`. The AArch32 build support will be
      added in a later patch.
      
      Change-Id: I405e5fac02db828a55cd25989b572b64cb005241
      031dbb12