GitLab

By default the Arm Ethos-N NPU will boot up in secure mode. In this mode
the non-secure world cannot access the registers needed to use the NPU.
To still allow the non-secure world to use the NPU, a SiP service has
been added that can delegate non-secure access to the registers needed
to use it.

Only the HW_CONFIG for the Arm Juno platform has been updated to include
the device tree for the NPU and the platform currently only loads the
HW_CONFIG in AArch64 builds.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I65dfd864042ed43faae0a259dcf319cbadb5f3d2

So far the ARM platform Makefile would require that RESET_TO_BL31 is set
when we ask for the ARM_LINUX_KERNEL_AS_BL33 feature.
There is no real technical reason for that, and the one place in the
code where this was needed has been fixed.

Remove the requirement of those two options to be always enabled
together.
This enables the direct kernel boot feature for the Foundation FVP
(as described in the documentation), which requires a BL1/FIP
combination to boot, so cannot use RESET_TO_BL31.

Change-Id: I6814797b6431b6614d684bab3c5830bfd9481851
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

Implemented a parser which populates the properties of
the CoT descriptors as per the binding document [1].
'COT_DESC_IN_DTB' build option is disabled by default and can
be enabled in future for all Arm platforms by making necessary
changes in the memory map.
Currently, this parser is tested only for FVP platform.

[1]:
https://trustedfirmware-a.readthedocs.io/en/latest/components/cot-binding.html



Change-Id: I2f911206087a1a2942aa728de151d2ac269d27cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

Trace analysis of FVP_Base_AEMv8A 0.0/6063 model
running in Aarch32 mode with the build options
listed below:
TRUSTED_BOARD_BOOT=1 GENERATE_COT=1
ARM_ROTPK_LOCATION=devel_ecdsa KEY_ALG=ecdsa
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem
shows that when auth_signature() gets called
71.99% of CPU execution time is spent in memset() function
written in C using single byte write operations,
see lib\libc\memset.c.
This patch introduces new libc_asm.mk makefile which
replaces C memset() implementation with assembler
version giving the following results:
- for Aarch32 in auth_signature() call memset() CPU time
reduced to 20.56%.
The number of CPU instructions (Inst) executed during
TF-A boot stage before start of BL33 in RELEASE builds
for different versions is presented in the tables below,
where:
- C TF-A: existing TF-A C code;
- C musl: "lightweight code" C "implementation of the
  standard library for Linux-based systems"
https://git.musl-libc.org/cgit/musl/tree/src/string/memset.c
- Asm Opt: assemler version from "Arm Optimized Routines"
  project
https://github.com/ARM-software/optimized-routines/blob/
master/string/arm/memset.S
- Asm Linux: assembler version from Linux kernel
https://github.com/torvalds/linux/blob/master/arch/arm/lib/memset.S


- Asm TF-A: assembler version from this patch

Aarch32:
+-----------+------+------+--------------+----------+
| Variant   | Set  | Size |    Inst 	 |  Ratio   |
+-----------+------+------+--------------+----------+
| C TF-A    | T32  | 16   | 2122110003   | 1.000000 |
| C musl    | T32  | 156  | 1643917668   | 0.774662 |
| Asm Opt   | T32  | 84   | 1604810003   | 0.756233 |
| Asm Linux | A32  | 168  | 1566255018   | 0.738065 |
| Asm TF-A  | A32  | 160  | 1525865101   | 0.719032 |
+-----------+------+------+--------------+----------+

AArch64:
+-----------+------+------------+----------+
| Variant   | Size |    Inst    |  Ratio   |
+-----------+------+------------+----------+
| C TF-A    | 28   | 2732497518 | 1.000000 |
| C musl    | 212  | 1802999999 | 0.659836 |
| Asm TF-A  | 140  | 1680260003 | 0.614917 |
+-----------+------+------------+----------+

This patch modifies 'plat\arm\common\arm_common.mk'
by overriding libc.mk makefile with libc_asm.mk and
does not effect other platforms.

Change-Id: Ie89dd0b74ba1079420733a0d76b7366ad0157c2e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

'EHF' is used by RAS, SDEI, SPM_MM common frameworks.
If platform needs to plug-in specific handlers then
'PLAT_EHF_DESC' can be used to populate platform specific
priority levels.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: I37af7e0e48111f87b6982604bf5c15db3e05755d

This patch adds support for Event Log generation required
for Measured Boot functionality.

Change-Id: I34f05a33565e6659e78499d62cc6fb00b7d6c2dc
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

Fixed build error for dualroot chain of trust.
Build error were thrown as below while compiling the code for
dualroot chain of trust:

aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o:
(.bss.auth_img_flags+0x0): multiple definition of `auth_img_flags';
./build/fvp/debug/bl1/cot.o:(.bss.auth_img_flags+0x0): first defined here

aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o:
(.rodata.cot_desc_size+0x0): multiple definition of `cot_desc_size';
./build/fvp/debug/bl1/cot.o:(.rodata.cot_desc_size+0x0): first defined here

aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o:
(.rodata.cot_desc_ptr+0x0): multiple definition of `cot_desc_ptr';
./build/fvp/debug/bl1/cot.o:(.rodata.cot_desc_ptr+0x0): first defined here
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I1a426c4e7f5f8013d71dafc176c7467c1b329757

CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c
and tbbr_cot_bl2.c respectively.
Common CoT used across BL1 and BL2 are moved to
tbbr_cot_common.c.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2252ac8a6960b3431bcaafdb3ea4fb2d01b79cf5

This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.

Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

When SPD=spmd and SPMD_SPM_AT_SEL2=0, that is SPMC sits at S-EL1
then there is no need for TF-A to load secure partitions individually.
In this configuration, SPMC handles secure partition loading at
S-EL1/EL0 levels.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I06a0d88a4811274a8c347ce57b56bb5f64e345df

Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.

This patch:
- replace arm_io_storage.c with the content of arm_fconf_io_storage.c
- rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
- use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
- propagate DEFINES when parsing dts.
- use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
- set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
  of fvp stays the same as it was before the introduction of fconf.

Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

Use the firmware configuration framework to retrieve information about
Secure Partitions to facilitate loading them into memory.

To load a SP image we need UUID look-up into FIP and the load address
where it needs to be loaded in memory.

This patch introduces a SP populator function which gets UUID and load
address from firmware config device tree and updates its C data
structure.

Change-Id: I17faec41803df9a76712dcc8b67cadb1c9daf8cd
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>

- Use the development PROTPK if using the dualroot CoT.

  Note that unlike the ROTPK, the PROTPK key hash file is not generated
  from the key file, instead it has to be provided. This might be
  enhanced in the future.

- Define a CoT build flag for the platform code to provide different
  implementations where needed.

Change-Id: Iaaf25183b94e77a99a5d8d875831d90c102a97ea
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

This patch adds support to the build system to include support for the SPM
dispatcher when the SPD configuration option is spmd.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Ic1ae50ecd7403fcbcf1d318abdbd6ebdc642f732

Use the firmware configuration framework to store the io_policies
information inside the configuration device tree instead of the static
structure in the code base.

The io_policies required by BL1 can't be inside the dtb, as this one is
loaded by BL1, and only available at BL2.

This change currently only applies to FVP platform.

Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

Use fconf to retrieve the `disable_authentication` property.
Move this access from arm dynamic configuration to bl common.

Change-Id: Ibf184a5c6245d04839222f5457cf5e651f252b86
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

Introduce the Firmware CONfiguration Framework (fconf).

The fconf is an abstraction layer for platform specific data, allowing
a "property" to be queried and a value retrieved without the requesting
entity knowing what backing store is being used to hold the data.

The default backing store used is C structure. If another backing store
has to be used, the platform integrator needs to provide a "populate()"
function to fill the corresponding C structure.
The "populate()" function must be registered to the fconf framework with
the "FCONF_REGISTER_POPULATOR()". This ensures that the function would
be called inside the "fconf_populate()" function.

A two level macro is used as getter:
- the first macro takes 3 parameters and converts it to a function
  call: FCONF_GET_PROPERTY(a,b,c) -> a__b_getter(c).
- the second level defines a__b_getter(c) to the matching C structure,
  variable, array, function, etc..

Ex: Get a Chain of trust property:
    1) FCONF_GET_PROPERY(tbbr, cot, BL2_id) -> tbbr__cot_getter(BL2_id)
    2) tbbr__cot_getter(BL2_id) -> cot_desc_ptr[BL2_id]

Change-Id: Id394001353ed295bc680c3f543af0cf8da549469
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

Allows to select the chain of trust to use when the Trusted Boot feature
is enabled. This affects both the cert_create tool and the firmware
itself.

Right now, the only available CoT is TBBR.

Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
the build to require that ARM_BL31_IN_DRAM is enabled as well.

Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code
cannot be reclaimed to be used for runtime data such as secondary cpu stacks.

Memory map for BL31 NOBITS region also has to be created.

Change-Id: Ibbc8c9499a32e63fd0957a6e254608fbf6fa90c9
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

This reverts commit d433bbdd.

Change-Id: I46c69dce704a1ce1b50452dd4d62425c4a67f7f0

In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
the build to require that ARM_BL31_IN_DRAM is enabled as well.

Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code
cannot be reclaimed to be used for runtime data such as secondary cpu stacks.

Memory map for BL31 NOBITS region also has to be created.

Change-Id: Ibd480f82c1dc74e9cbb54eec07d7a8fecbf25433
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

The Secure Partition Manager (SPM) prototype implementation is
being removed. This is preparatory work for putting in place a
dispatcher component that, in turn, enables partition managers
at S-EL2 / S-EL1.

This patch removes:

- The core service files (std_svc/spm)
- The Resource Descriptor headers (include/services)
- SPRT protocol support and service definitions
- SPCI protocol support and service definitions

Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>

There are two different implementations of Secure Partition
management in TF-A. One is based on the "Management Mode" (MM)
design, the other is based on the Secure Partition Client Interface
(SPCI) specification. Currently there is a dependency between their
build flags that shouldn't exist, making further development
harder than it should be. This patch removes that
dependency, making the two flags function independently.

Before: ENABLE_SPM=1 is required for using either implementation.
        By default, the SPCI-based implementation is enabled and
        this is overridden if SPM_MM=1.

After: ENABLE_SPM=1 enables the SPCI-based implementation.
       SPM_MM=1 enables the MM-based implementation.
       The two build flags are mutually exclusive.

Note that the name of the ENABLE_SPM flag remains a bit
ambiguous - this will be improved in a subsequent patch. For this
patch the intention was to leave the name as-is so that it is
easier to track the changes that were made.

Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>

Ported the pmf asm macros and the asm code in the bl31 entrypoint
necessary for the instrumentation to AArch32.

Since smc dispatch is handled by the bl32 payload on AArch32, we
provide this service only if AARCH32_SP=sp_min is set.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: Id33b7e9762ae86a4f4b40d7f1b37a90e5130c8ac

Switching execution states is only possible if EL3 is AArch64.
As such there is no need to validate the entrypoint on AArch32 builds.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: I3c1eb25b5df296a492870641d274bf65213c6608

Earlier PIE support was enabled for all arm platforms when
RESET_TO_BL31=1, but later on it was restricted only to FVP with patch
SHA d4580d17

 because of n1sdp platform.

Now it has been verified that PIE does work for n1sdp platform also, so
enabling it again for all arm platforms.

Change-Id: I05ad4f1775ef72e7cb578ec9245cde3fbce971a5
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>

This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
  of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
  which returns 128-bit value and uses Generic timer physical counter
  value to increase the randomness of the generated key.
  The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
  generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
  pauth_disable_el1()` and `pauth_disable_el3()` functions disable
  PAuth for EL1 and EL3 respectively;
  `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
  cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
  `save_gp_registers()` and `pauth_context_save()`;
  `restore_gp_pauth_registers()` replaces `pauth_context_restore()`
  and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
  code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
  for 12 uint64_t PAuth registers instead of 10 by removal of macro
  CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
  and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
  in `msr	spsel`  instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.

Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

The new API becomes the default one.

Change-Id: Ic1d602da3dff4f4ebbcc158b885295c902a24fec
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

The BL1 stage setup code for ARM platforms sets up the SP805 watchdog
controller as the secure watchdog. But not all ARM platforms use SP805
as the secure watchdog controller.

So introduce two new ARM platform code specific wrapper functions to
start and stop the secure watchdog. These functions then replace the
calls to SP805 driver in common BL1 setup code. All the ARM platforms
implement these wrapper functions by either calling into SP805 driver
or the SBSA watchdog driver.

Change-Id: I1a9a11b124cf3fac2a84f22ca40acd440a441257
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>

This feature is only supported on FVP.

Change-Id: I4e265610211d92a84bd2773c34acfbe02a1a1826
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Use full include paths like it is done for common includes.

This cleanup was started in commit d40e0e08283a ("Sanitise includes
across codebase"), but it only cleaned common files and drivers. This
patch does the same to Arm platforms.

Change-Id: If982e6450bbe84dceb56d464e282bcf5d6d9ab9b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

The SPM implementation based on MM is going to be kept for the
foreseeable future.

Change-Id: I11e96778a4f52a1aa803e7e048d9a7cb24a53954
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Acked-by: Sumit Garg <sumit.garg@linaro.org>

The patch SHA 55cf015c

 enabled PIE support when RESET_TO_BL31=1 for
all ARM platforms. But it seems n1sdp platform doesn't work with PIE
support yet. Hence restrict the ENABLE_PIE=1 to fvp platform.

Change-Id: If44e42528e4b0b57c69084503f346576fe0748bd
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

This option was removed in v2.0.

Change-Id: I0c929fddb57d60c5eff9e45dd5ee8c636b28e6c3
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Load SP and RD from package instead of relying on RD being already
loaded in memory and the SP being loaded as a BL32 image.

Change-Id: I18d4fbf4597656c6a7e878e1d7c01a8a324f3f8a
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Introduce helpers to create resource description struct, as well as code
to load the information from DTB files.

Change-Id: I0f5bb94eb8b01c6cb53fe807a9db0c05a70d7a43
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

This option allows the Trusted Firmware to directly jump to Linux
kernel for aarch32 without the need of an intermediate loader such
as U-Boot.

Similar to AArch64 ARM_LINUX_KERNEL_AS_BL33 only available with
RESET_TO_SP_MIN=1 as well as BL33 and DTB are preloaded in memory.

Change-Id: I908bc1633696be1caad0ce2f099c34215c8e0633
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>

This patch enabled PIE for FVP when RESET_TO_BL31=1. The references
to BL31_BASE are replaced by BL31_START as being a symbol exported by
the linker, will create a dynamic relocation entry in .rela.dyn and
hence will be fixed up by dynamic linker at runtime. Also, we disable
RECLAIM_INIT_CODE when PIE is enabled as the init section overlay
creates some static relocations which cannot be handled by the
dynamic linker currently.

Change-Id: I86df1b0a8b2a8bbbe7c3f3c0b9a08c86c2963ec0
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

Map the initialization code for BL31 to overlap with the memory
required for the secondary cores stack. Once BL31 has been
initialized the memory can be remapped to RW data so that it can
be used for secondary cores stacks. By moving code from .text to
.text.init the size of the BL31 image is decreased by a page.

Split arm_common.ld.S into two linker scripts, one for tzc_dram
(arm_tzc_dram.ld.S) and one for reclaiming initialization code
(arm_reclaim_init.ld.S) so that platforms can chose which memory
regions they wish to include.

Change-Id: I648e88f3eda1aa71765744cf34343ecda9320b32
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

- Remove references to removed build options.
- Remove support for legacy GIC driver.
- Remove support for LOAD_IMAGE_V2=0.

Change-Id: I72f8c05620bdf4a682765e6e53e2c04ca749a3d5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>