1. 19 Jun, 2018 1 commit
  2. 23 May, 2018 3 commits
    • Dimitris Papastamos's avatar
      Add support for dynamic mitigation for CVE-2018-3639 · fe007b2e
      Dimitris Papastamos authored
      
      
      Some CPUS may benefit from using a dynamic mitigation approach for
      CVE-2018-3639.  A new SMC interface is defined to allow software
      executing in lower ELs to enable or disable the mitigation for their
      execution context.
      
      It should be noted that regardless of the state of the mitigation for
      lower ELs, code executing in EL3 is always mitigated against
      CVE-2018-3639.
      
      NOTE: This change is a compatibility break for any platform using
      the declare_cpu_ops_workaround_cve_2017_5715 macro.  Migrate to
      the declare_cpu_ops_wa macro instead.
      
      Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      fe007b2e
    • Dimitris Papastamos's avatar
      Implement static workaround for CVE-2018-3639 · b8a25bbb
      Dimitris Papastamos authored
      For affected CPUs, this approach enables the mitigation during EL3
      initialization, following every PE reset. No mechanism is provided to
      disable the mitigation at runtime.
      
      This approach permanently mitigates the entire software stack and no
      additional mitigation code is required in other software components.
      
      TF-A implements this approach for the following affected CPUs:
      
      *   Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
          `CPUACTLR_EL1` (`S3_1_C15_C2_0`).
      
      *   Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
          Technical Reference Manual (TRM)).
      
      *   Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
          (`S3_0_C15_C1_0`).
      
      Additionally, a new SMC interface is implemented to allow software
      executing in lower ELs to discover whether the system is mitigated
      against CVE-2018-3639.
      
      Refer to "Firmware interfaces for mitigating cache speculation
      vulnerabilities System Software on Arm Systems"[0] for more
      information.
      
      [0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
      
      
      
      Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      b8a25bbb
    • Dimitris Papastamos's avatar
      Rename symbols and files relating to CVE-2017-5715 · 2c3a1078
      Dimitris Papastamos authored
      
      
      This patch renames symbols and files relating to CVE-2017-5715 to make
      it easier to introduce new symbols and files for new CVE mitigations.
      
      Change-Id: I24c23822862ca73648c772885f1690bed043dbc7
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      2c3a1078
  3. 14 Mar, 2018 2 commits
  4. 18 Jan, 2018 1 commit
  5. 11 Jan, 2018 1 commit
    • Dimitris Papastamos's avatar
      Workaround for CVE-2017-5715 on Cortex A73 and A75 · a1781a21
      Dimitris Papastamos authored
      
      
      Invalidate the Branch Target Buffer (BTB) on entry to EL3 by
      temporarily dropping into AArch32 Secure-EL1 and executing the
      `BPIALL` instruction.
      
      This is achieved by using 3 vector tables.  There is the runtime
      vector table which is used to handle exceptions and 2 additional
      tables which are required to implement this workaround.  The
      additional tables are `vbar0` and `vbar1`.
      
      The sequence of events for handling a single exception is
      as follows:
      
      1) Install vector table `vbar0` which saves the CPU context on entry
         to EL3 and sets up the Secure-EL1 context to execute in AArch32 mode
         with the MMU disabled and I$ enabled.  This is the default vector table.
      
      2) Before doing an ERET into Secure-EL1, switch vbar to point to
         another vector table `vbar1`.  This is required to restore EL3 state
         when returning from the workaround, before proceeding with normal EL3
         exception handling.
      
      3) While in Secure-EL1, the `BPIALL` instruction is executed and an
         SMC call back to EL3 is performed.
      
      4) On entry to EL3 from Secure-EL1, the saved context from step 1) is
         restored.  The vbar is switched to point to `vbar0` in preparation to
         handle further exceptions.  Finally a branch to the runtime vector
         table entry is taken to complete the handling of the original
         exception.
      
      This workaround is enabled by default on the affected CPUs.
      
      NOTE
      ====
      
      There are 4 different stubs in Secure-EL1.  Each stub corresponds to
      an exception type such as Sync/IRQ/FIQ/SError.  Each stub will move a
      different value in `R0` before doing an SMC call back into EL3.
      Without this piece of information it would not be possible to know
      what the original exception type was as we cannot use `ESR_EL3` to
      distinguish between IRQs and FIQs.
      
      Change-Id: I90b32d14a3735290b48685d43c70c99daaa4b434
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      a1781a21
  6. 03 May, 2017 1 commit
  7. 15 Dec, 2016 1 commit
    • Jeenu Viswambharan's avatar
      Add provision to extend CPU operations at more levels · 5dd9dbb5
      Jeenu Viswambharan authored
      
      
      Various CPU drivers in ARM Trusted Firmware register functions to handle
      power-down operations. At present, separate functions are registered to
      power down individual cores and clusters.
      
      This scheme operates on the basis of core and cluster, and doesn't cater
      for extending the hierarchy for power-down operations. For example,
      future CPUs might support multiple threads which might need powering
      down individually.
      
      This patch therefore reworks the CPU operations framework to allow for
      registering power down handlers on specific level basis. Henceforth:
      
        - Generic code invokes CPU power down operations by the level
          required.
      
        - CPU drivers explicitly mention CPU_NO_RESET_FUNC when the CPU has no
          reset function.
      
        - CPU drivers register power down handlers as a list: a mandatory
          handler for level 0, and optional handlers for higher levels.
      
      All existing CPU drivers are adapted to the new CPU operations framework
      without needing any functional changes within.
      
      Also update firmware design guide.
      
      Change-Id: I1826842d37a9e60a9e85fdcee7b4b8f6bc1ad043
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      5dd9dbb5
  8. 12 Jul, 2016 1 commit
  9. 01 Jun, 2016 1 commit
    • Yatharth Kochar's avatar
      Add support for ARM Cortex-A73 MPCore Processor · 2460ac18
      Yatharth Kochar authored
      This patch adds ARM Cortex-A73 MPCore Processor support
      in the CPU specific operations framework. It also includes
      this support for the Base FVP port.
      
      Change-Id: I0e26b594f2ec1d28eb815db9810c682e3885716d
      2460ac18
  10. 08 Feb, 2016 1 commit
    • Sandrine Bailleux's avatar
      Cortex-Axx: Unconditionally apply CPU reset operations · c66fad93
      Sandrine Bailleux authored
      In the Cortex-A35/A53/A57 CPUs library code, some of the CPU specific
      reset operations are skipped if they have already been applied in a
      previous invocation of the reset handler. This precaution is not
      required, as all these operations can be reapplied safely.
      
      This patch removes the unneeded test-before-set instructions in
      the reset handler for these CPUs.
      
      Change-Id: Ib175952c814dc51f1b5125f76ed6c06a22b95167
      c66fad93
  11. 12 Jan, 2016 1 commit
  12. 05 Aug, 2015 1 commit
  13. 08 Apr, 2015 1 commit
    • Kévin Petit's avatar
      Add support to indicate size and end of assembly functions · 8b779620
      Kévin Petit authored
      
      
      In order for the symbol table in the ELF file to contain the size of
      functions written in assembly, it is necessary to report it to the
      assembler using the .size directive.
      
      To fulfil the above requirements, this patch introduces an 'endfunc'
      macro which contains the .endfunc and .size directives. It also adds
      a .func directive to the 'func' assembler macro.
      
      The .func/.endfunc have been used so the assembler can fail if
      endfunc is omitted.
      
      Fixes ARM-Software/tf-issues#295
      
      Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc
      Signed-off-by: default avatarKévin Petit <kevin.petit@arm.com>
      8b779620
  14. 30 Jan, 2015 1 commit
    • Soby Mathew's avatar
      Fix the Cortex-A57 reset handler register usage · 683f788f
      Soby Mathew authored
      The CPU specific reset handlers no longer have the freedom
      of using any general purpose register because it is being invoked
      by the BL3-1 entry point in addition to BL1. The Cortex-A57 CPU
      specific reset handler was overwriting x20 register which was being
      used by the BL3-1 entry point to save the entry point information.
      This patch fixes this bug by reworking the register allocation in the
      Cortex-A57 reset handler to avoid using x20. The patch also
      explicitly mentions the register clobber list for each of the
      callee functions invoked by the reset handler
      
      Change-Id: I28fcff8e742aeed883eaec8f6c4ee2bd3fce30df
      683f788f
  15. 26 Jan, 2015 1 commit
    • Yatharth Kochar's avatar
      Call reset handlers upon BL3-1 entry. · 79a97b2e
      Yatharth Kochar authored
      This patch adds support to call the reset_handler() function in BL3-1 in the
      cold and warm boot paths when another Boot ROM reset_handler() has already run.
      
      This means the BL1 and BL3-1 versions of the CPU and platform specific reset
      handlers may execute different code to each other. This enables a developer to
      perform additional actions or undo actions already performed during the first
      call of the reset handlers e.g. apply additional errata workarounds.
      
      Typically, the reset handler will be first called from the BL1 Boot ROM. Any
      additional functionality can be added to the reset handler when it is called
      from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used
      to identify whether this is the first version of the reset handler code to be
      executed or an overridden version of the code.
      
      The Cortex-A57 errata workarounds are applied only if they have not already been
      applied.
      
      Fixes ARM-software/tf-issue#275
      
      Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053
      79a97b2e
  16. 29 Oct, 2014 1 commit
    • Soby Mathew's avatar
      Add support for level specific cache maintenance operations · 8e857916
      Soby Mathew authored
      This patch adds level specific cache maintenance functions
      to cache_helpers.S. The new functions 'dcsw_op_levelx',
      where '1 <= x <= 3', allow to perform cache maintenance by
      set/way for that particular level of cache.  With this patch,
      functions to support cache maintenance upto level 3 have
      been implemented since it is the highest cache level for
      most ARM SoCs.
      
      These functions are now utilized in CPU specific power down
      sequences to implement them as mandated by processor specific
      technical reference manual.
      
      Change-Id: Icd90ce6b51cff5a12863bcda01b93601417fd45c
      8e857916
  17. 20 Aug, 2014 3 commits
    • Soby Mathew's avatar
      Add CPU specific crash reporting handlers · d3f70af6
      Soby Mathew authored
      This patch adds handlers for dumping Cortex-A57 and Cortex-A53 specific register
      state to the CPU specific operations framework. The contents of CPUECTLR_EL1 are
      dumped currently.
      
      Change-Id: I63d3dbfc4ac52fef5e25a8cf6b937c6f0975c8ab
      d3f70af6
    • Soby Mathew's avatar
      Add CPU specific power management operations · add40351
      Soby Mathew authored
      This patch adds CPU core and cluster power down sequences to the CPU specific
      operations framework introduced in a earlier patch. Cortex-A53, Cortex-A57 and
      generic AEM sequences have been added. The latter is suitable for the
      Foundation and Base AEM FVPs. A pointer to each CPU's operations structure is
      saved in the per-cpu data so that it can be easily accessed during power down
      seqeunces.
      
      An optional platform API has been introduced to allow a platform to disable the
      Accelerator Coherency Port (ACP) during a cluster power down sequence. The weak
      definition of this function (plat_disable_acp()) does not take any action. It
      should be overriden with a strong definition if the ACP is present on a
      platform.
      
      Change-Id: I8d09bd40d2f528a28d2d3f19b77101178778685d
      add40351
    • Soby Mathew's avatar
      Introduce framework for CPU specific operations · 9b476841
      Soby Mathew authored
      This patch introduces a framework which will allow CPUs to perform
      implementation defined actions after a CPU reset, during a CPU or cluster power
      down, and when a crash occurs. CPU specific reset handlers have been implemented
      in this patch. Other handlers will be implemented in subsequent patches.
      
      Also moved cpu_helpers.S to the new directory lib/cpus/aarch64/.
      
      Change-Id: I1ca1bade4d101d11a898fb30fea2669f9b37b956
      9b476841
  18. 07 May, 2014 2 commits
    • Andrew Thoelke's avatar
      Access system registers directly in assembler · 7935d0a5
      Andrew Thoelke authored
      Instead of using the system register helper functions to read
      or write system registers, assembler coded functions should
      use MRS/MSR instructions. This results in faster and more
      compact code.
      
      This change replaces all usage of the helper functions with
      direct register accesses.
      
      Change-Id: I791d5f11f257010bb3e6a72c6c5ab8779f1982b3
      7935d0a5
    • Andrew Thoelke's avatar
      Correct usage of data and instruction barriers · 8cec598b
      Andrew Thoelke authored
      The current code does not always use data and instruction
      barriers as required by the architecture and frequently uses
      barriers excessively due to their inclusion in all of the
      write_*() helper functions.
      
      Barriers should be used explicitly in assembler or C code
      when modifying processor state that requires the barriers in
      order to enable review of correctness of the code.
      
      This patch removes the barriers from the helper functions and
      introduces them as necessary elsewhere in the code.
      
      PORTING NOTE: check any port of Trusted Firmware for use of
      system register helper functions for reliance on the previous
      barrier behaviour and add explicit barriers as necessary.
      
      Fixes ARM-software/tf-issues#92
      
      Change-Id: Ie63e187404ff10e0bdcb39292dd9066cb84c53bf
      8cec598b
  19. 06 May, 2014 1 commit
    • Dan Handley's avatar
      Move include and source files to logical locations · 4ecca339
      Dan Handley authored
      Move almost all system include files to a logical sub-directory
      under ./include. The only remaining system include directories
      not under ./include are specific to the platform. Move the
      corresponding source files to match the include directory
      structure.
      
      Also remove pm.h as it is no longer used.
      
      Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
      4ecca339
  20. 26 Mar, 2014 1 commit
    • Andrew Thoelke's avatar
      Place assembler functions in separate sections · 0a30cf54
      Andrew Thoelke authored
      This extends the --gc-sections behaviour to the many assembler
      support functions in the firmware images by placing each function
      into its own code section. This is achieved by creating a 'func'
      macro used to declare each function label.
      
      Fixes ARM-software/tf-issues#80
      
      Change-Id: I301937b630add292d2dec6d2561a7fcfa6fec690
      0a30cf54
  21. 17 Jan, 2014 2 commits
    • Jeenu Viswambharan's avatar
      Change comments in assembler files to help ctags · 3a4cae05
      Jeenu Viswambharan authored
      Ctags seem to have a problem with generating tags for assembler symbols
      when a comment immediately follows an assembly label.
      
      This patch inserts a single space character between the label
      definition and the following comments to help ctags.
      
      The patch is generated by the command:
      
        git ls-files -- \*.S | xargs sed -i 's/^\([^:]\+\):;/\1: ;/1'
      
      Change-Id: If7a3c9d0f51207ea033cc8b8e1b34acaa0926475
      3a4cae05
    • Dan Handley's avatar
      Update year in copyright text to 2014 · e83b0cad
      Dan Handley authored
      Change-Id: Ic7fb61aabae1d515b9e6baf3dd003807ff42da60
      e83b0cad
  22. 05 Dec, 2013 2 commits
    • Dan Handley's avatar
      Enable third party contributions · ab2d31ed
      Dan Handley authored
      - Add instructions for contributing to ARM Trusted Firmware.
      
      - Update copyright text in all files to acknowledge contributors.
      
      Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
      ab2d31ed
    • Sandrine Bailleux's avatar
      Various improvements/cleanups on the linker scripts · 8d69a03f
      Sandrine Bailleux authored
        - Check at link-time that bootloader images will fit in memory
          at run time and that they won't overlap each other.
        - Remove text and rodata orphan sections.
        - Define new linker symbols to remove the need for platform setup
          code to know the order of sections.
        - Reduce the size of the raw binary images by cutting some sections
          out of the disk image and allocating them at load time, whenever
          possible.
        - Rework alignment constraints on sections.
        - Remove unused linker symbols.
        - Homogenize linker symbols names across all BLs.
        - Add some comments in the linker scripts.
      
      Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
      8d69a03f
  23. 27 Nov, 2013 1 commit
  24. 25 Oct, 2013 1 commit