GitLab

The size increase after enabling options related to ARMv8.3-PAuth is:

+----------------------------+-------+-------+-------+--------+
|                            |  text |  bss  |  data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 |  +108 |  +192 |   +0  |   +0   |
|                            |  0.5% |  0.8% |       |        |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1           |  +748 |  +192 |  +16  |   +0   |
|                            |  3.7% |  0.8% |  7.0% |        |
+----------------------------+-------+-------+-------+--------+

Results calculated with the following build configuration:

    make PLAT=fvp SPD=tspd DEBUG=1 \
    SDEI_SUPPORT=1                 \
    EL3_EXCEPTION_HANDLING=1       \
    TSP_NS_INTR_ASYNC_PREEMPT=1    \
    CTX_INCLUDE_PAUTH_REGS=1       \
    ENABLE_PAUTH=1

Change-Id: I3a7d02feb6a6d212be32a01432b0c7c1a261f567
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

This feature is only supported on FVP.

Change-Id: I4e265610211d92a84bd2773c34acfbe02a1a1826
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.

This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.

Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

ARMv8.3-PAuth adds functionality that supports address authentication of
the contents of a register before that register is used as the target of
an indirect branch, or as a load.

This feature is supported only in AArch64 state.

This feature is mandatory in ARMv8.3 implementations.

This feature adds several registers to EL1. A new option called
CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save
them during Non-secure <-> Secure world switches. This option must be
enabled if the hardware has the registers or the values will be leaked
during world switches.

To prevent leaks, this patch also disables pointer authentication in the
Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will
be trapped in EL3.

Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Minor style cleanup.

Change-Id: Ief19dece41a989e2e8157859a265701549f6c585
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

plat: intel: Add BL31 support to Intel Stratix10 SoCFPGA platform

Disable processor Cycle Counting in Secure state

allwinner: A few minor improvements

This adds BL31 support to Intel Stratix10 SoCFPGA platform. BL31 in TF-A
supports:
- PSCI calls to enable 4 CPU cores
- PSCI mailbox calls for FPGA reconfiguration
Signed-off-by: Loh Tien Hock <tien.hock.loh@intel.com>

Update documentation for STM32MP1 and add Cortex-M4 support

Apply official names to new Arm Neoverse cores

Introduce Versatile Express FVP platform to arm-trusted-firmware.

rcar_gen3: plat: Prevent PCIe hang during L1X config access

STM32MP1 chip embeds a dual Cortex-A7 and a Cortex-M4.
The support for Cortex-M4 clocks is added when configuring the clock tree.
Some minimal security features to allow communications between A7 and M4
are also added.

Change-Id: I60417e244a476f60a2758f4969700b2684056665
Signed-off-by: Yann Gautier <yann.gautier@st.com>

A link to st.com page describing STM32MP1 is added.
Add the information about Cortex-M4 embedded in STM32MP1.
Correct typo for u-boot command.

Change-Id: Ie900f6ee59461c5e7ad8a8b06854abaf41fca3ce
Signed-off-by: Yann Gautier <yann.gautier@st.com>

In case the PCIe controller receives a L1_Enter_PM DLLP, it will
disable the internal PLLs. The system software cannot predict it
and can attempt to perform device config space access across the
PCIe link while the controller is in this transitional state. If
such condition happens, the PCIe controller register access will
trigger ARM64 SError exception.

This patch adds checks for which PCIe controller is enabled,
checks whether the PCIe controller is in such a transitional
state and if so, first completes the transition and then restarts
the instruction which caused the SError.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>

docs: Document romlib design

docs: Update documentation about ARMv8.2-TTCNP

This documentation contains information about the boot sequence,
code location and build procedure for fvp_ve platform.

Change-Id: I339903f663cc625cfabc75ed8e4accb8b2c3917c
Signed-off-by: Usama Arif <usama.arif@arm.com>

Cortex A5 doesnt support VFP, Large Page addressing and generic timer
which are addressed in this patch. The device tree for Cortex a5
is also included.

Change-Id: I0722345721b145dfcc80bebd36a1afbdc44bb678
Signed-off-by: Usama Arif <usama.arif@arm.com>

Cortex a5 doesnt support hardware division such as sdiv and udiv commands.
This commit adds a software division function in assembly as well as include
appropriate files for software divison.

The software division algorithm is a modified version obtained from:
http://www.keil.com/support/man/docs/armasm/armasm_dom1359731155623.htm



Change-Id: Ib405a330da5f1cea1e68e07e7b520edeef9e2652
Signed-off-by: Usama Arif <usama.arif@arm.com>

Support 32bit descriptor MMU table. This is required by ARMv7
architectures that do not support the Large Page Address Extensions.

nonlpae_tables.c source file is dumped from the OP-TEE project:
core_mmu_armv7.c and related header files.

Change-Id: If912d66c374290c49c5a1211ce4c5c27b2d7dc60
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Usama Arif <usama.arif@arm.com>

This patch adds support for Versatile express FVP (Fast models).
Versatile express is a family of platforms that are based on ARM v7.
Currently this port has only been tested on Cortex A7, although it
should work with other ARM V7 cores that support LPAE, generic timers,
VFP and hardware divide. Future patches will support other
cores like Cortex A5 that dont support features like LPAE
and hardware divide. This platform is tested on and only expected to
work on single core models.

Change-Id: I10893af65b8bb64da7b3bd851cab8231718e61dd
Signed-off-by: Usama Arif <usama.arif@arm.com>

Change-Id: I2b75be16f452a8ab7c2445ccd519fb057a135812
Co-authored-by: John Tsichritzis <john.tsichritzis@arm.com>
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Commit 2559b2c8

 ("xlat v2: Dynamically detect need for CnP bit")
modified the code to convert the compile-time check for ARMv8.2-TTCNP to
a runtime check, but forgot to update the documentation associated to it.

Change-Id: I6d33a4de389d976dbdcce65d8fdf138959530669
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Change-Id: I1adcf195c0ba739002f3a59e805c782dd292ccba
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Change-Id: I33bdb9df0462b056adbd00922b2e73eb720560b3
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Change-Id: Ideb49011da35f39ff1959be6f5015fa212ca2b6b
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Change-Id: I0bb5aca9bb272332340b5baefc473a01f8a27896
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Update macro to check need for CVE-2017-5715 mitigation

In a system with ARMv8.5-PMU implemented:

- If EL3 is using AArch32, setting MDCR_EL3.SCCD to 1 disables counting
  in Secure state in PMCCNTR.

- If EL3 is using AArch64, setting SDCR.SCCD to 1 disables counting in
  Secure state in PMCCNTR_EL0.

So far this effect has been achieved by setting PMCR_EL0.DP (in AArch64)
or PMCR.DP (in AArch32) to 1 instead, but this isn't considered secure
as any EL can change that value.

Change-Id: I82cbb3e48f2e5a55c44d9c4445683c5881ef1f6f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

The variable is renamed to PLAT_ARM_RUN_UART as
the UART is used outside BL31 as well.

Change-Id: I00e3639dfb2001758b7d24548c11236c6335f64a
Signed-off-by: Usama Arif <usama.arif@arm.com>

fvp: trusty: Move dynamic xlat enable to platform

SPM: Remove unnecessary register save

Series of new patches for STM32MP1

Convert them to take an mpidr instead of a (cluster, core) pair. This
simplifies all of the call sites, and actually makes the functions a bit
smaller.
Signed-off-by: Samuel Holland <samuel@sholland.org>

This maximizes the amount of data protected by the MMU.
Signed-off-by: Samuel Holland <samuel@sholland.org>

docs: Update note about plat/arm in Porting Guide

Since commit 01fc1c24

 ("BL31: Use helper function to save registers
in SMC handler") all the general-purpose registers are saved when
entering EL3. It isn't needed to save them here.

Change-Id: Ic540a5441b89b70888da587ab8fc3b2508cef8cc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Armv8.5 introduces the field CSV2 to register ID_AA64PFR0_EL1. It can
have the following 3 values:

- 0: Branch targets trained in one hardware described context may affect
     speculative execution in a different hardware described context. In
     some CPUs it may be needed to apply mitigations.

- 1: Branch targets trained in one hardware described context can only
     affect speculative execution in a different hardware described
     context in a hard-to-determine way. No mitigation required.

- 2: Same as 1, but the device is also aware of SCXTNUM_ELx register
     contexts. The TF doesn't use the registers, so there is no
     difference with 1.

The field CSV2 was originally introduced in the TRM of the Cortex-A76
before the release of the Armv8.5 architecture. That TRM only mentions
the meaning of values 0 and 1. Because of this, the code only checks if
the field has value 1 to know whether to enable or disable the
mitigations.

This patch makes it aware of value 2 as well. Both values 1 and 2
disable the mitigation, and 0 enables it.

Change-Id: I5af33de25a0197c98173f52c6c8c77b51a51429f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>