- 19 Jun, 2018 1 commit
-
-
Dimitris Papastamos authored
Change-Id: I18a41bb9fedda635c3c002a7f112578808410ef6 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 23 May, 2018 3 commits
-
-
Dimitris Papastamos authored
Some CPUS may benefit from using a dynamic mitigation approach for CVE-2018-3639. A new SMC interface is defined to allow software executing in lower ELs to enable or disable the mitigation for their execution context. It should be noted that regardless of the state of the mitigation for lower ELs, code executing in EL3 is always mitigated against CVE-2018-3639. NOTE: This change is a compatibility break for any platform using the declare_cpu_ops_workaround_cve_2017_5715 macro. Migrate to the declare_cpu_ops_wa macro instead. Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
For affected CPUs, this approach enables the mitigation during EL3 initialization, following every PE reset. No mechanism is provided to disable the mitigation at runtime. This approach permanently mitigates the entire software stack and no additional mitigation code is required in other software components. TF-A implements this approach for the following affected CPUs: * Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of `CPUACTLR_EL1` (`S3_1_C15_C2_0`). * Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the Technical Reference Manual (TRM)). * Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1` (`S3_0_C15_C1_0`). Additionally, a new SMC interface is implemented to allow software executing in lower ELs to discover whether the system is mitigated against CVE-2018-3639. Refer to "Firmware interfaces for mitigating cache speculation vulnerabilities System Software on Arm Systems"[0] for more information. [0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
This patch renames symbols and files relating to CVE-2017-5715 to make it easier to introduce new symbols and files for new CVE mitigations. Change-Id: I24c23822862ca73648c772885f1690bed043dbc7 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 14 Mar, 2018 2 commits
-
-
Dimitris Papastamos authored
When querying `SMCCC_ARCH_WORKAROUND_1` through `SMCCC_ARCH_FEATURES`, return either: * -1 to indicate the PE on which `SMCCC_ARCH_FEATURES` is called requires firmware mitigation for CVE-2017-5715 but the mitigation is not compiled in. * 0 to indicate that firmware mitigation is required, or * 1 to indicate that no firmware mitigation is required. This patch complies with v1.2 of the firmware interfaces specification (ARM DEN 0070A). Change-Id: Ibc32d6620efdac6c340758ec502d95554a55f02a Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
If the CSV2 field reads as 1 then branch targets trained in one context cannot affect speculative execution in a different context. In that case skip the workaround on Cortex A72 and A73. Change-Id: Ide24fb6efc77c548e4296295adc38dca87d042ee Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 18 Jan, 2018 1 commit
-
-
Dimitris Papastamos authored
Even though the workaround for CVE-2017-5715 is not a CPU erratum, the code is piggybacking on the errata framework to print whether the workaround was applied, missing or not needed. Change-Id: I821197a4b8560c73fd894cd7cd9ecf9503c72fa3 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 11 Jan, 2018 1 commit
-
-
Dimitris Papastamos authored
Invalidate the Branch Target Buffer (BTB) on entry to EL3 by temporarily dropping into AArch32 Secure-EL1 and executing the `BPIALL` instruction. This is achieved by using 3 vector tables. There is the runtime vector table which is used to handle exceptions and 2 additional tables which are required to implement this workaround. The additional tables are `vbar0` and `vbar1`. The sequence of events for handling a single exception is as follows: 1) Install vector table `vbar0` which saves the CPU context on entry to EL3 and sets up the Secure-EL1 context to execute in AArch32 mode with the MMU disabled and I$ enabled. This is the default vector table. 2) Before doing an ERET into Secure-EL1, switch vbar to point to another vector table `vbar1`. This is required to restore EL3 state when returning from the workaround, before proceeding with normal EL3 exception handling. 3) While in Secure-EL1, the `BPIALL` instruction is executed and an SMC call back to EL3 is performed. 4) On entry to EL3 from Secure-EL1, the saved context from step 1) is restored. The vbar is switched to point to `vbar0` in preparation to handle further exceptions. Finally a branch to the runtime vector table entry is taken to complete the handling of the original exception. This workaround is enabled by default on the affected CPUs. NOTE ==== There are 4 different stubs in Secure-EL1. Each stub corresponds to an exception type such as Sync/IRQ/FIQ/SError. Each stub will move a different value in `R0` before doing an SMC call back into EL3. Without this piece of information it would not be possible to know what the original exception type was as we cannot use `ESR_EL3` to distinguish between IRQs and FIQs. Change-Id: I90b32d14a3735290b48685d43c70c99daaa4b434 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 15 Dec, 2016 1 commit
-
-
Jeenu Viswambharan authored
Various CPU drivers in ARM Trusted Firmware register functions to handle power-down operations. At present, separate functions are registered to power down individual cores and clusters. This scheme operates on the basis of core and cluster, and doesn't cater for extending the hierarchy for power-down operations. For example, future CPUs might support multiple threads which might need powering down individually. This patch therefore reworks the CPU operations framework to allow for registering power down handlers on specific level basis. Henceforth: - Generic code invokes CPU power down operations by the level required. - CPU drivers explicitly mention CPU_NO_RESET_FUNC when the CPU has no reset function. - CPU drivers register power down handlers as a list: a mandatory handler for level 0, and optional handlers for higher levels. All existing CPU drivers are adapted to the new CPU operations framework without needing any functional changes within. Also update firmware design guide. Change-Id: I1826842d37a9e60a9e85fdcee7b4b8f6bc1ad043 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 12 Jul, 2016 1 commit
-
-
Naga Sureshkumar Relli authored
This patch adds cpumerrsr_el1 and l2merrsr_el1 to the register dump on error for applicable CPUs. These registers hold the ECC errors on L1 and L2 caches. This patch updates the A53, A57, A72, A73 (l2merrsr_el1 only) CPU libraries. Signed-off-by: Naga Sureshkumar Relli <nagasure@xilinx.com>
-
- 01 Jun, 2016 1 commit
-
-
Yatharth Kochar authored
This patch adds ARM Cortex-A73 MPCore Processor support in the CPU specific operations framework. It also includes this support for the Base FVP port. Change-Id: I0e26b594f2ec1d28eb815db9810c682e3885716d
-
- 08 Feb, 2016 1 commit
-
-
Sandrine Bailleux authored
In the Cortex-A35/A53/A57 CPUs library code, some of the CPU specific reset operations are skipped if they have already been applied in a previous invocation of the reset handler. This precaution is not required, as all these operations can be reapplied safely. This patch removes the unneeded test-before-set instructions in the reset handler for these CPUs. Change-Id: Ib175952c814dc51f1b5125f76ed6c06a22b95167
-
- 12 Jan, 2016 1 commit
-
-
Sandrine Bailleux authored
This patch adds support for ARM Cortex-A35 processor in the CPU specific framework, as described in the Cortex-A35 TRM (r0p0). Change-Id: Ief930a0bdf6cd82f6cb1c3b106f591a71c883464
-
- 05 Aug, 2015 1 commit
-
-
Jimmy Huang authored
- Apply a53 errata #826319 to revision <= r0p2 - Apply a53 errata #836870 to revision <= r0p3 - Update docs/cpu-specific-build-macros.md for newly added errata build flags Change-Id: I44918e36b47dca1fa29695b68700ff9bf888865e Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
-
- 08 Apr, 2015 1 commit
-
-
Kévin Petit authored
In order for the symbol table in the ELF file to contain the size of functions written in assembly, it is necessary to report it to the assembler using the .size directive. To fulfil the above requirements, this patch introduces an 'endfunc' macro which contains the .endfunc and .size directives. It also adds a .func directive to the 'func' assembler macro. The .func/.endfunc have been used so the assembler can fail if endfunc is omitted. Fixes ARM-Software/tf-issues#295 Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc Signed-off-by: Kévin Petit <kevin.petit@arm.com>
-
- 30 Jan, 2015 1 commit
-
-
Soby Mathew authored
The CPU specific reset handlers no longer have the freedom of using any general purpose register because it is being invoked by the BL3-1 entry point in addition to BL1. The Cortex-A57 CPU specific reset handler was overwriting x20 register which was being used by the BL3-1 entry point to save the entry point information. This patch fixes this bug by reworking the register allocation in the Cortex-A57 reset handler to avoid using x20. The patch also explicitly mentions the register clobber list for each of the callee functions invoked by the reset handler Change-Id: I28fcff8e742aeed883eaec8f6c4ee2bd3fce30df
-
- 26 Jan, 2015 1 commit
-
-
Yatharth Kochar authored
This patch adds support to call the reset_handler() function in BL3-1 in the cold and warm boot paths when another Boot ROM reset_handler() has already run. This means the BL1 and BL3-1 versions of the CPU and platform specific reset handlers may execute different code to each other. This enables a developer to perform additional actions or undo actions already performed during the first call of the reset handlers e.g. apply additional errata workarounds. Typically, the reset handler will be first called from the BL1 Boot ROM. Any additional functionality can be added to the reset handler when it is called from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used to identify whether this is the first version of the reset handler code to be executed or an overridden version of the code. The Cortex-A57 errata workarounds are applied only if they have not already been applied. Fixes ARM-software/tf-issue#275 Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053
-
- 29 Oct, 2014 1 commit
-
-
Soby Mathew authored
This patch adds level specific cache maintenance functions to cache_helpers.S. The new functions 'dcsw_op_levelx', where '1 <= x <= 3', allow to perform cache maintenance by set/way for that particular level of cache. With this patch, functions to support cache maintenance upto level 3 have been implemented since it is the highest cache level for most ARM SoCs. These functions are now utilized in CPU specific power down sequences to implement them as mandated by processor specific technical reference manual. Change-Id: Icd90ce6b51cff5a12863bcda01b93601417fd45c
-
- 20 Aug, 2014 3 commits
-
-
Soby Mathew authored
This patch adds handlers for dumping Cortex-A57 and Cortex-A53 specific register state to the CPU specific operations framework. The contents of CPUECTLR_EL1 are dumped currently. Change-Id: I63d3dbfc4ac52fef5e25a8cf6b937c6f0975c8ab
-
Soby Mathew authored
This patch adds CPU core and cluster power down sequences to the CPU specific operations framework introduced in a earlier patch. Cortex-A53, Cortex-A57 and generic AEM sequences have been added. The latter is suitable for the Foundation and Base AEM FVPs. A pointer to each CPU's operations structure is saved in the per-cpu data so that it can be easily accessed during power down seqeunces. An optional platform API has been introduced to allow a platform to disable the Accelerator Coherency Port (ACP) during a cluster power down sequence. The weak definition of this function (plat_disable_acp()) does not take any action. It should be overriden with a strong definition if the ACP is present on a platform. Change-Id: I8d09bd40d2f528a28d2d3f19b77101178778685d
-
Soby Mathew authored
This patch introduces a framework which will allow CPUs to perform implementation defined actions after a CPU reset, during a CPU or cluster power down, and when a crash occurs. CPU specific reset handlers have been implemented in this patch. Other handlers will be implemented in subsequent patches. Also moved cpu_helpers.S to the new directory lib/cpus/aarch64/. Change-Id: I1ca1bade4d101d11a898fb30fea2669f9b37b956
-
- 07 May, 2014 2 commits
-
-
Andrew Thoelke authored
Instead of using the system register helper functions to read or write system registers, assembler coded functions should use MRS/MSR instructions. This results in faster and more compact code. This change replaces all usage of the helper functions with direct register accesses. Change-Id: I791d5f11f257010bb3e6a72c6c5ab8779f1982b3
-
Andrew Thoelke authored
The current code does not always use data and instruction barriers as required by the architecture and frequently uses barriers excessively due to their inclusion in all of the write_*() helper functions. Barriers should be used explicitly in assembler or C code when modifying processor state that requires the barriers in order to enable review of correctness of the code. This patch removes the barriers from the helper functions and introduces them as necessary elsewhere in the code. PORTING NOTE: check any port of Trusted Firmware for use of system register helper functions for reliance on the previous barrier behaviour and add explicit barriers as necessary. Fixes ARM-software/tf-issues#92 Change-Id: Ie63e187404ff10e0bdcb39292dd9066cb84c53bf
-
- 06 May, 2014 1 commit
-
-
Dan Handley authored
Move almost all system include files to a logical sub-directory under ./include. The only remaining system include directories not under ./include are specific to the platform. Move the corresponding source files to match the include directory structure. Also remove pm.h as it is no longer used. Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
-
- 26 Mar, 2014 1 commit
-
-
Andrew Thoelke authored
This extends the --gc-sections behaviour to the many assembler support functions in the firmware images by placing each function into its own code section. This is achieved by creating a 'func' macro used to declare each function label. Fixes ARM-software/tf-issues#80 Change-Id: I301937b630add292d2dec6d2561a7fcfa6fec690
-
- 17 Jan, 2014 2 commits
-
-
Jeenu Viswambharan authored
Ctags seem to have a problem with generating tags for assembler symbols when a comment immediately follows an assembly label. This patch inserts a single space character between the label definition and the following comments to help ctags. The patch is generated by the command: git ls-files -- \*.S | xargs sed -i 's/^\([^:]\+\):;/\1: ;/1' Change-Id: If7a3c9d0f51207ea033cc8b8e1b34acaa0926475
-
Dan Handley authored
Change-Id: Ic7fb61aabae1d515b9e6baf3dd003807ff42da60
-
- 05 Dec, 2013 2 commits
-
-
Dan Handley authored
- Add instructions for contributing to ARM Trusted Firmware. - Update copyright text in all files to acknowledge contributors. Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
-
Sandrine Bailleux authored
- Check at link-time that bootloader images will fit in memory at run time and that they won't overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
-
- 27 Nov, 2013 1 commit
-
-
Sandrine Bailleux authored
blx_plat_arch_setup() should only perform platform-specific architectural setup, e.g. enabling the MMU. This patch moves generic architectural setup code out of blx_plat_arch_setup(). Change-Id: I4ccf56b8c4a2fa84909817779a2d97a14aaafab6
-
- 25 Oct, 2013 1 commit
-
-
Achin Gupta authored
-