Tree:
0b221603e9
dependabot/npm_and_yarn/word-wrap-1.2.4
dependabot/pip/docs/markdown-it-py-2.2.0
dependabot/pip/requests-2.31.0
dependabot/pip/urllib3-2.0.6
master
arm_cca_v0.1
arm_cca_v0.2
arm_cca_v0.3
for-v0.4-rc0
for-v0.4/05.20
for-v0.4/05.21
for-v0.4/05.22
lts-test
lts-v2.10.1
lts-v2.10.2
lts-v2.10.3
lts-v2.10.4
lts-v2.8-rc0
lts-v2.8.0
lts-v2.8.1
lts-v2.8.10
lts-v2.8.11
lts-v2.8.12
lts-v2.8.13
lts-v2.8.14
lts-v2.8.15
lts-v2.8.16
lts-v2.8.17
lts-v2.8.18
lts-v2.8.2
lts-v2.8.3
lts-v2.8.4
lts-v2.8.5
lts-v2.8.6
lts-v2.8.7
lts-v2.8.8
lts-v2.8.9
sandbox/lts-v2.10.3-20240319T0822
sandbox/lts-v2.10.3-20240319T1236
sandbox/lts-v2.10.3-20240404T0850
sandbox/lts-v2.10.3-20240405T0714
sandbox/lts-v2.10.3-test1
v0.2
v0.3
v0.3-Juno
v0.3-Juno-0.2
v0.3-Juno-0.3
v0.4
v0.4-Juno-0.4
v0.4-Juno-0.4-rc0
v0.4-Juno-0.5
v0.4-Juno-0.5-rc0
v0.4-Juno-0.5-rc1
v0.4-Juno-0.6-rc0
v0.4-Juno-0.6-rc1
v0.4-rc1
v0.4-rc2
v1.0
v1.0-rc0
v1.1
v1.1-Juno-0.1
v1.1-rc0
v1.1-rc1
v1.1-rc2
v1.1-rc3
v1.2
v1.2-rc0
v1.3
v1.3-rc0
v1.3_rc1
v1.3_rc2
v1.4
v1.4-rc0
v1.5
v1.5-rc0
v1.5-rc1
v1.5-rc2
v1.5-rc3
v1.6
v1.6-rc0
v1.6-rc1
v2.0
v2.0-rc0
v2.1
v2.1-rc0
v2.1-rc1
v2.10
v2.10-rc0
v2.10-rc1
v2.10.0
v2.2
v2.2-rc0
v2.2-rc1
v2.2-rc2
v2.3
v2.3-rc0
v2.3-rc1
v2.3-rc2
v2.4
v2.4-rc0
v2.4-rc1
v2.4-rc2
v2.5
v2.5-rc0
v2.5-rc1
v2.6
v2.6-rc0
v2.6-rc1
v2.7
v2.7-rc0
v2.7-rc1
v2.7.0
v2.8
v2.8-rc0
v2.8.0
v2.9
v2.9-rc0
v2.9-rc1
v2.9.0
${ noResults }
9 Commits (0b221603e909cd493feeaab96d9c6f5458c628a8)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Zelalem Aweke
|
6c09af9f8b |
feat(rme): run BL2 in root world when FEAT_RME is enabled
This patch enables BL2 to run in root world (EL3) which is needed as per the security model of RME-enabled systems. Using the existing BL2_AT_EL3 TF-A build option is not convenient because that option assumes TF-A BL1 doesn't exist, which is not the case for RME-enabled systems. For the purposes of RME, we use a normal BL1 image but we also want to run BL2 in EL3 as normally as possible, therefore rather than use the special bl2_entrypoint function in bl2_el3_entrypoint.S, we use a new bl2_entrypoint function (in bl2_rme_entrypoint.S) which doesn't need reset or mailbox initialization code seen in the el3_entrypoint_common macro. The patch also cleans up bl2_el3_entrypoint.S, moving the bl2_run_next_image function to its own file to avoid duplicating code. Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com> Change-Id: I99821b4cd550cadcb701f4c0c4dc36da81c7ef55 |
3 years ago |
Masahiro Yamada
|
69af7fcf99 |
BL2_AT_EL3: add PIE support
This implementation simply mimics that of BL31. I did not implement the ENABLE_PIE support for BL2_IN_XIP_MEM=1 case. It would make the linker script a bit uglier. Change-Id: If3215abd99f2758dfb232e44b50320d04eba808b Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
5 years ago |
Anthony Steinhauser
|
f461fe346b |
Prevent speculative execution past ERET
Even though ERET always causes a jump to another address, aarch64 CPUs speculatively execute following instructions as if the ERET instruction was not a jump instruction. The speculative execution does not cross privilege-levels (to the jump target as one would expect), but it continues on the kernel privilege level as if the ERET instruction did not change the control flow - thus execution anything that is accidentally linked after the ERET instruction. Later, the results of this speculative execution are always architecturally discarded, however they can leak data using microarchitectural side channels. This speculative execution is very reliable (seems to be unconditional) and it manages to complete even relatively performance-heavy operations (e.g. multiple dependent fetches from uncached memory). This was fixed in Linux, FreeBSD, OpenBSD and Optee OS: |
5 years ago |
Manish Pandey
|
da90359b78 |
PIE: make call to GDT relocation fixup generalized
When a Firmware is complied as Position Independent Executable it needs
to request GDT fixup by passing size of the memory region to
el3_entrypoint_common macro.
The Global descriptor table fixup will be done early on during cold boot
process of primary core.
Currently only BL31 supports PIE, but in future when BL2_AT_EL3 will be
compiled as PIE, it can simply pass fixup size to the common el3
entrypoint macro to fixup GDT.
The reason for this patch was to overcome the bug introduced by SHA
|
5 years ago |
Alexei Fedorov
|
ed108b5605 |
Refactor ARMv8.3 Pointer Authentication support code
This patch provides the following features and makes modifications listed below: - Individual APIAKey key generation for each CPU. - New key generation on every BL31 warm boot and TSP CPU On event. - Per-CPU storage of APIAKey added in percpu_data[] of cpu_data structure. - `plat_init_apiakey()` function replaced with `plat_init_apkey()` which returns 128-bit value and uses Generic timer physical counter value to increase the randomness of the generated key. The new function can be used for generation of all ARMv8.3-PAuth keys - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`. - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively; pauth_disable_el1()` and `pauth_disable_el3()` functions disable PAuth for EL1 and EL3 respectively; `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from cpu-data structure. - Combined `save_gp_pauth_registers()` function replaces calls to `save_gp_registers()` and `pauth_context_save()`; `restore_gp_pauth_registers()` replaces `pauth_context_restore()` and `restore_gp_registers()` calls. - `restore_gp_registers_eret()` function removed with corresponding code placed in `el3_exit()`. - Fixed the issue when `pauth_t pauth_ctx` structure allocated space for 12 uint64_t PAuth registers instead of 10 by removal of macro CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h` and assigning its value to CTX_PAUTH_REGS_END. - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions in `msr spsel` instruction instead of hard-coded values. - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI. Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com> |
5 years ago |
|
Alexei Fedorov
|
9fc59639e6 |
Add support for Branch Target Identification
This patch adds the functionality needed for platforms to provide Branch Target Identification (BTI) extension, introduced to AArch64 in Armv8.5-A by adding BTI instruction used to mark valid targets for indirect branches. The patch sets new GP bit [50] to the stage 1 Translation Table Block and Page entries to denote guarded EL3 code pages which will cause processor to trap instructions in protected pages trying to perform an indirect branch to any instruction other than BTI. BTI feature is selected by BRANCH_PROTECTION option which supersedes the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication and is disabled by default. Enabling BTI requires compiler support and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0. The assembly macros and helpers are modified to accommodate the BTI instruction. This is an experimental feature. Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3 is now made as an internal flag and BRANCH_PROTECTION flag should be used instead to enable Pointer Authentication. Note. USE_LIBROM=1 option is currently not supported. Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com> |
6 years ago |
Antonio Nino Diaz
|
dcbfa11bd9 |
BL2_AT_EL3: Enable pointer authentication support
The size increase after enabling options related to ARMv8.3-PAuth is:
+----------------------------+-------+-------+-------+--------+
| | text | bss | data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 | +44 | +0 | +0 | +0 |
| | 0.2% | | | |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1 | +712 | +0 | +16 | +0 |
| | 3.1% | | 0.9% | |
+----------------------------+-------+-------+-------+--------+
The results are valid for the following build configuration:
make PLAT=fvp SPD=tspd DEBUG=1 \
BL2_AT_EL3=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
ENABLE_PAUTH=1
Change-Id: I1c0616e7dea30962a92b4fd113428bc30a018320
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
6 years ago |
|
Antonio Nino Diaz
|
09d40e0e08 |
Sanitise includes across codebase
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way:
|
6 years ago |
Roberto Vargas
|
b1d27b484f |
bl2-el3: Add BL2_EL3 image
This patch enables BL2 to execute at the highest exception level without any dependancy on TF BL1. This enables platforms which already have a non-TF Boot ROM to directly load and execute BL2 and subsequent BL stages without need for BL1. This is not currently possible because BL2 executes at S-EL1 and cannot jump straight to EL3. Change-Id: Ief1efca4598560b1b8c8e61fbe26d1f44e929d69 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com> |
7 years ago |