This issue was triggered by sparse tool:
lib/libc/putchar.c:9:5: warning:
symbol '__putchar' was not declared. Should it be static?
Instead of setting __putchar as static, just remove the function and
directly use putchar() with a weak attribute.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ib35e4ba064f06010851bb860269b08462fe3d3bd
Cortex-A710 erratum 2282622 is a Cat B erratum that applies to
all revisions <=r2p1 and is still open. The workaround was earlier
applied to all revisions <= r2p0, this patch extends it to r2p1.
This was thought to have been fixed in r2p1 which is not the case.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Iad38a7fe57bec3f2d8977995acd601dcd9ae69c0
"endfunc" macro is used to mark the end of a function. It takes the
function label as an argument. For el2_sysregs_context_save_mpam
function, "endfunc" has been called with an assumed typo, "func", along
with the function label. Remove this unwanted param to fix the endfunc
call.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I05f958a285f936df579f01500b6fd7cb2b7753a8
Neoverse N2 erratum 2743089 is a Cat B erratum that applies to
all revisions <=r0p2 and is fixed in r0p3. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Idec862226bd32c91374a8bbd5d73d7ee480a34d9
Cortex-A78 erratum 2772019 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1401784/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I0362da463eca777aa7a385bcdeb39b8549799f02
Neoverse V1 erratum 2743093 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I8ee7c16c14c4fd6ee35d20c855273ecfce0d1b32
SCR_EL3.EA is set to 1 in BL31 initialization and is cleared before
entering to lower ELs(except for RAS FFH case "HANDLE_EA_EL3_FIRST_NS").
The cleared value persist even during run time when execution comes
back to EL3.
When SCR_EL3.EA is 0 and execution state is EL3, Async EAs(delivered
as SErrors) are implicitly masked and hence any Async EA by EL3 will
remain pending and will trap at the exception level EA is targeted
to and unmasked when entering lower EL.
This causes unexpected EA at lower EL. This is a very rare
to get SError in EL3 until unless there is any programming error.
This patch sets SCR_EL3.EA to 1 when entering EL3 from lower EL.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ibb593369edb034f670fd85ee79adc9829b900a83
This patch fixes compilation error for gpt_init_l0_tables()
function in lib/gpt_rme/gpt_rme.c reported by GCC 13.0.0:
"gpt_rme/gpt_rme.c:765:5: error: conflicting types for
'gpt_init_l0_tables' due to enum/integer mismatch;
have 'int(unsigned int, uintptr_t, size_t)'
{aka 'int(unsigned int, long unsigned int, long unsigned int)'}"
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I38f28be290337e7d37d59b52cad7bde5b96b8d51
Cortex-X2 erratum 2768515 is a Cat B erratum that applies to
all revisions <=r2p1 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1775100/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ib02688f7b6dc7f6ec305e68e8895174f6fd577a0
Cortex-A710 erratum 2768515 is a Cat B erratum that applies to
all revisions <=r2p1 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: If17fe04d3fda0dba6b8aabdd837a1c53e1830ed5
Compiling with -Wimplicit-fallthrough=3 (enabled by -Wextra) produces
many warnings about fallthrough comments either missing or being wrong.
Unify the comments so we comply with -Wextra.
Note that Coverity recommends against using the __attribute__ directive.
Also, zlib does not build with a higher value of -Wimplicit-fallthrough.
Finally, compilers strip comments before expanding macros. As such,
checkpatch's fallthrough annotation (or higher levels of the flag) isn't
really possible.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I060cf4f8dc04c02cbb45cf4ceb69569a8369ccee
SCR_EL3 register is restored before esb issued and it is assumed
that EAs are unmasked at that point, which is wrong, as the SCR_EL3
value at that time is restored from the context of the world where
it is returning to.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Id1c7150a70b5f589b0dc7c50c359b4d23ee9f256
Remove the null-terminator of the string-like data items
from the RSS measurement's metadata. The 'version' and
'sw_type' items have an associated length value which
should not include a null-terminator when storing the
measurement.
Change-Id: Ia91ace2fff8b6f75686dd2e1862475268300bbdb
Signed-off-by: David Vincze <david.vincze@arm.com>
This API is added for testing purposes. It makes possible to write test
cases that read measurements back after extending them, and compare
them to expected results.
Change-Id: Iec447d972fdd54a56ab933a065476e0f4d35a6fc
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Cortex-X3 erratum 2615812 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r1p1, and is still open. The workaround is to disable
the use of the Full Retention power mode in the core (setting
WFI_RET_CTRL and WFE_RET_CTRL in CORTEX_X3_IMP_CPUPWRCTLR_EL1 to 0b000).
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2055130/latest
Change-Id: I5ad66df3e18fc85a6b23f6662239494ee001d82f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
We don't need CONDITIONAL_CMO for aarch32 so let's remove it.
Signed-off-by: Okash Khawawja <okash@google.com>
Change-Id: I256959d7005df21a850ff7791c8188ea01f5c53b
plat_can_cmo must not clobber x1 but the doc doesn't mention that. This
patch updates the doc to mention x1. It also adds check for plat_can_cmo
to `dcsw_op_louis` which was missed out in original patch.
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I721376bf3726520d0d5b0df0f33f98ce92257287
disable_auth is defined as uint32_t and must be displayed
as an unsigned int.
lib/fconf/fconf_tbbr_getter.c:
In function ‘fconf_populate_tbbr_dyn_config’:
include/common/debug.h:46:41: error:
format ‘%d’ expects argument of type ‘int’, but argument 3 has
type ‘uint32_t’ {aka ‘unsigned int’} [-Werror=format=]
46 | #define LOG_MARKER_WARNING "\x1e" /* 30 */
| ^~~~~~
include/common/debug.h:77:32: note:
in expansion of macro ‘LOG_MARKER_WARNING’
77 | # define WARN(...) tf_log(LOG_MARKER_WARNING __VA_ARGS__)
| ^~~~~~~~~~~~~~~~~~
lib/fconf/fconf_tbbr_getter.c:47:17: note:
in expansion of macro ‘WARN’
47 | WARN("Invalid value for `%s` cell %d\n",
| ^~~~
include/common/debug.h:48:41: error:
format ‘%d’ expects argument of type ‘int’, but argument 5 has
type ‘uint32_t’ {aka ‘unsigned int’} [-Werror=format=]
48 | #define LOG_MARKER_VERBOSE "\x32" /* 50 */
| ^~~~~~
include/common/debug.h:58:32: note:
in definition of macro ‘no_tf_log’
58 | tf_log(fmt, ##__VA_ARGS__); \
| ^~~
include/common/debug.h:91:35: note:
in expansion of macro ‘LOG_MARKER_VERBOSE’
91 | # define VERBOSE(...)
| no_tf_log(LOG_MARKER_VERBOSE __VA_ARGS__)
| ^~~~~~~~~~~~~~~~~~
lib/fconf/fconf_tbbr_getter.c:74:9: note:
in expansion of macro ‘VERBOSE’
74 | VERBOSE("%s%s%s %d\n","FCONF: `tbbr.", "disable_auth",
| ^~~~~~~
cc1: all warnings being treated as errors
Change-Id: I0164ddfe511406cc1a8d014a368ef3e3c5f8cd27
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
When TF-A is set to save and restore EL2 registers it initially zeroes
all of them so that it does not leak any information. However,
MDCR_EL2.HPMN of 0 is poorly defined when FEAT_HPMN0 is not implemented.
Set it to its hardware reset value so that lower ELs don't inherit a
wrong value.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I8055005ef9b6eaafefa13b62a0b41289079fdd23
Cortex-A77 erratum 2743100 is a Cat B erratum that applies to revisions
r0p0, r1p0, r1p1, and is still open. The workaround is to insert a dsb
before the isb in the power down sequence.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1152370/latest
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I8e49a2dac8611f31ace249a17ae7a90cd60e742a
When a core is in debug recovery mode its caches are not invalidated
upon reset, so the L1 and L2 cache contents from before reset are
observable after reset. Similarly, debug recovery mode of DynamIQ
cluster ensures that contents of the shared L3 cache are also not
invalidated upon transition to On mode.
Booting cores in debug recovery mode means booting with caches disabled
and preserving the caches until a point where software can dump the
caches and retrieve their contents. TF-A however unconditionally cleans
and invalidates caches at multiple points during boot. This can lead to
memory corruption as well as loss of cache contents to be used for
debugging.
This patch fixes this by calling a platform hook before performing CMOs
in helper routines in cache_helpers.S. The platform hook plat_can_cmo is
an assembly routine which must not clobber x2 and x3, and avoid using
stack. The whole checking is conditional upon `CONDITIONAL_CMO` which
can be set at compile time.
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I172e999e4acd0f872c24056e647cc947ee54b193
Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To make the current design of RAS explicit, rename this macro
to HANDLE_EA_EL3_FIRST_NS and set EA bit in scr_el3 only when
switching to NS world.
Note: I am unaware of any platform which traps errors originating in
Secure world to EL3, if there is any such platform then it need to
be explicitly implemented in TF-A
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If58eb201d8fa792c16325c85c26056e9b409b750
Cortex-A76 erratum 2743102 is a Cat B erratum that applies to
all revisions <=r4p1 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN885749/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ie2cd73bd91417d30b5633d80b2fbee32944bc2de
Neoverse N1 erratum 2743102 is a Cat B erratum that applies to
all revisions <=r4p1 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN885747/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I81a8793c1a118764df3ac97b67f5e088f56f6a20
Cortex-A710 erratum 2291219 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to set
CPUACTLR2_EL1[36] to 1 before the power down sequence that sets
CORE_PWRDN_EN. This allows the cpu to retry the power down and prevents
the deadlock. TF-A never clears this bit even if it wakes up from the
wfi in the sequence since it is not expected to do anything but retry to
power down after and the bit is cleared on reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I7d3a97dfac0c433c0be386c1f3d2f2e895a3f691
Cortex-X3 erratum 2313909 is a Cat B erratum that applies to revisions
r0p0 and r1p0, and is fixed in r1p1. The workaround is to set
CPUACTLR2_EL1[36] to 1 before the power down sequence that sets
CORE_PWRDN_EN. This allows the cpu to retry the power down and prevents
the deadlock. TF-A never clears this bit even if it wakes up from the
wfi in the sequence since it is not expected to do anything but retry to
power down after and the bit is cleared on reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2055130/latest
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I5935b4bcd1e6712477c0d6eab2acc96d7964a35d
Neoverse-N2 erratum 2326639 is a Cat B erratum that applies to revision
r0p0 and is fixed in r0p1. The workaround is to set CPUACTLR2_EL1[36] to
1 before the power down sequence that sets CORE_PWRDN_EN. This allows
the cpu to retry the power down and prevents the deadlock. TF-A never
clears this bit even if it wakes up from the wfi in the sequence since
it is not expected to do anything but retry to power down after and the
bit is cleared on reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest/
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I9a325c5b9b498798e5efd5c79a4a6d5bed97c619
The Cortex-X3 cpu port was developed before its public release when it
was known as Makalu ELP. Now that it's released we can use the official
product name.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iebb90cf2f77330ed848a3d61c5f6928942189c5a
Optimised the loop workaround for Spectre_BHB mitigation:
1. use of speculation barrier for cores implementing SB instruction.
2. use str/ldr instead of stp/ldp as the loop uses only X2 register.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I8ac53ea1e42407ad8004c1d59c05f791011f195d
Add missing aeabi_memcpy.S file from llvm compiler-rt library [1]. This
is required for Aarch32 builds with clang.
[1] https://github.com/llvm/llvm-project.git
Change-Id: I7fd6ab1e81dd45d24afef49a3eb8fcdcbc5c082f
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Upgrade the zlib source files to the ones present in the version 1.2.13
of zlib [1]. Since 1.2.11 the use of Arm crc32 instructions has been
introduced so update the files to make use of this.
[1] https://github.com/madler/zlib/tree/v1.2.13
Change-Id: Ideef78c56f05ae7daec390d00dcaa8f66b18729e
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
The CPU version check was moved wrongly down in N2 and missing in V1.
The patch fixes the issues.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Icb6e5285d6cc97fbe416fe1f0b1ab7afbd8a8809
Update the libfdt source files to the upstream commit e37c256 [1].
[1] https://github.com/dgibson/dtc/commit/e37c256
Change-Id: I00e29b467ff6f8c094f68245232a7cedeaa14aef
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
EL3 is configured to trap accesses to SME registers (via
CPTR_EL3.ESM=0). To allow SME instructions, this needs to be temporarily
disabled before changing system registers. If the PE delays the effects
of writes to system registers then accessing the SME registers will trap
without an isb. This patch adds the isb to restore functionality.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I8ee5ecaec978dde2525631daa682a182ad8f7f04
Fix a syntax error in the delegated attestation service code.
Unfortunately, this build failure was not caught by the CI system
because right now lib/psa/delegated_attestation.c file is not getting
pulled in by any upstream platform. This will be addressed in a
separate patch.
Change-Id: Idb84f62aabc5008396213023fc40547097925860
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Reinstate the workaround introduced in commit
9bbc03a6e0. The cited change to the SDEN
could not be found and there are no known problems with the workaround.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iec9938f173e7565024aca798f224df339de90806
Add basic CPU library code to support the Hunter ELP CPU in TF-A.
Hunter-ELP adds v9.2 architecture support and is derived from
Makalu-ELP. As such, the library code is adapted from the
Makalu-ELP support library.
Change-Id: I7e93b9af6b1f0bc4d08c3cf5caf071d2cbdbc89f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Print all the params of
rss_measured_boot_extend_measurement() to
the console to check parameter healthiness.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I072fe5fef72c67e615ab64e06a9e1f6add5e9cfc
The attestation key derivation and platform attestation token
creation functionality is provided by the Delegated Attestation
partition in RSS.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I2d8c0e6589d11e7c81c698adf75ee2a993e3a0c6
The measured boot API is available in the tf-m-extras
repo:
partitions/measured_boot/interface/src/measured_boot_api.c
This change make the API behavior align with
the original implementation.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ie4af38b859f942b2ef090e92da64d75811b5b49b
Delegated attestation is a service provided by RSS to:
- Derive a delegated attestation key: Realm Attestation Key
- Query the platform attestation token
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I3edf09fcbef24bca7c8a000ffac8c1ab64dfb812
Moving putchar() out of libc and adding a weak dummy
implementation in libc.
This is to remove libc's dependencies to the platform
driver.
Signed-off-by: Claus Pedersen <claustbp@google.com>
Change-Id: Ib7fefaec0babb783def614ea23521f482fa4a28a
Neoverse Demeter CPU has been renamed to Neoverse V2 CPU.
Correspondingly, update the CPU library, file names and other
references to use the updated IP name.
Signed-off-by: Joel Goddard <joel.goddard@arm.com>
Change-Id: Ia4bf45bf47807c06f4c966861230faea420d088f
This patch adds a news scope for FEAT_PMUV3, alongside
updating the existing comments related to the saving of
PMCR_EL0 register routine for better understanding.
Change-Id: Ib150244ce94cfcbbe5d12fdae56327c3d72bda0b
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
"psci_is_last_on_cpu" and "psci_is_last_on_cpu_safe" modules perform
mostly similar functionalities, verifying whether the current CPU
is the only active core and other cores have been turned off.
However, psci_is_last_on_cpu_safe function differs from the other with:
1. Safe API locks the power domain
This patch removes the section duplicating the functionality
and ensures that "psci_is_last_on_cpu api",is reused in
"psci_is_last_on_cpu_safe" procedure.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: Ie372519e423898d7afa5427cdd77a7f9d3369587
RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error
record registers (RAS ERR* & RAS ERX*) from lower EL's in any security
state. To give more fine grain control per world basis re-purpose this
macro to RAS_TRAP_NS_ERR_REC_ACCESS, which will enable the trap only
if Error record registers are accessed from NS.
This will also help in future scenarios when RAS handling(in Firmware
first handling paradigm)can be offloaded to a secure partition.
This is first patch in series to refactor RAS framework in TF-A.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ifa7f60bc8c82c9960adf029001bc36c443016d5d
The code checks that the semihosting seek call return value is not
zero instead of a negative value when there is an error condition.
This defect has been fixed.
In [1], possible return values for semihosting seek calls are
mentioned.
[1]: https://github.com/ARM-software/abi-aa/blob/main/semihosting/
semihosting.rst#sys-seek-0x0a
Change-Id: I70f09e98323e9c5bf4eeda322ac065e855e256fc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
stddef.h is needed for the definition of size_t
stdio.h is needed for the declaration of putchar
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: I72dac843dbbfc440cff0f9e9d13669b78a812abc
Yann Gautier
Bipin Ravi
Rohit Mathew
Manish Pandey
AlexeiFedorov
Boyan Karatotev
David Vincze
Mate Toth-Pal
Harrison Mutai
Okash Khawaja
Lionel Debieve
Daniel Boulby
Akram Ahmad
Sandrine Bailleux
Tamas Ban
Claus Pedersen
Joel Goddard
Jayanth Dodderi Chidanand
Manish V Badarkhe
Jorge Troncoso