Add documentation to build and run TF-A with RMM,
Linux kernel and TFTF Realm Payload.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I951b41a144aabe0fec16eb933d7f005a65f06fb2
Cortex-A710 erratum 2291219 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to set
CPUACTLR2_EL1[36] to 1 before the power down sequence that sets
CORE_PWRDN_EN. This allows the cpu to retry the power down and prevents
the deadlock. TF-A never clears this bit even if it wakes up from the
wfi in the sequence since it is not expected to do anything but retry to
power down after and the bit is cleared on reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I7d3a97dfac0c433c0be386c1f3d2f2e895a3f691
Cortex-X3 erratum 2313909 is a Cat B erratum that applies to revisions
r0p0 and r1p0, and is fixed in r1p1. The workaround is to set
CPUACTLR2_EL1[36] to 1 before the power down sequence that sets
CORE_PWRDN_EN. This allows the cpu to retry the power down and prevents
the deadlock. TF-A never clears this bit even if it wakes up from the
wfi in the sequence since it is not expected to do anything but retry to
power down after and the bit is cleared on reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2055130/latest
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I5935b4bcd1e6712477c0d6eab2acc96d7964a35d
Neoverse-N2 erratum 2326639 is a Cat B erratum that applies to revision
r0p0 and is fixed in r0p1. The workaround is to set CPUACTLR2_EL1[36] to
1 before the power down sequence that sets CORE_PWRDN_EN. This allows
the cpu to retry the power down and prevents the deadlock. TF-A never
clears this bit even if it wakes up from the wfi in the sequence since
it is not expected to do anything but retry to power down after and the
bit is cleared on reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest/
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I9a325c5b9b498798e5efd5c79a4a6d5bed97c619
Platforms which implement pwr_domain_pwr_down_wfi differ substantially
in behaviour. However, different cpus require similar sequences to power
down. This patch tightens the behaviour of these platforms to end on a
wfi loop after performing platform power down. This is required so that
platforms behave more consistently on power down, in cases where the wfi
can fall through.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie29bd3a5e654780bacb4e07a6d123ac6d2467c1f
Threat model for EL3 SPMC.
The mitigations are based on the guidance
provided in FF-A v1.1 EAC0 spec.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I7f4c9370b6eefe6d1a7d1afac27e8b3a7b476072
Add documentation how to build EL3 SPMC,
briefly describes all FF-A interfaces,
SP boot flow, SP Manifest, Power Management,
Boot Info Protocol, Runtime model and state
transition and Interrupt Handling.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I630df1d50a4621b344a09e462563eacc90109de4
The Cortex-X3 cpu port was developed before its public release when it
was known as Makalu ELP. Now that it's released we can use the official
product name.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iebb90cf2f77330ed848a3d61c5f6928942189c5a
Optimised the loop workaround for Spectre_BHB mitigation:
1. use of speculation barrier for cores implementing SB instruction.
2. use str/ldr instead of stp/ldp as the loop uses only X2 register.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I8ac53ea1e42407ad8004c1d59c05f791011f195d
Function imx_system_off() writes SNVS_LPCR register to power off the SoC
without bit masking. This clears other bits like LPWUI_EN and breaks
the function of SoC wake-up using RTC alarm. Fix it by updating poweroff
related bits only.
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
Change-Id: If641af4dc1103c67e1a645c03bb36a5f56665aef
Add missing aeabi_memcpy.S file from llvm compiler-rt library [1]. This
is required for Aarch32 builds with clang.
[1] https://github.com/llvm/llvm-project.git
Change-Id: I7fd6ab1e81dd45d24afef49a3eb8fcdcbc5c082f
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Upgrade the zlib source files to the ones present in the version 1.2.13
of zlib [1]. Since 1.2.11 the use of Arm crc32 instructions has been
introduced so update the files to make use of this.
[1] https://github.com/madler/zlib/tree/v1.2.13
Change-Id: Ideef78c56f05ae7daec390d00dcaa8f66b18729e
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
* changes:
docs(imx8m): update for high assurance boot
feat(imx8m): add support for high assurance boot
feat(imx8mp): add hab and map required memory blocks
feat(imx8mn): add hab and map required memory blocks
feat(imx8mm): add hab and map required memory blocks
Arm has decided to deprecate the sgi575 and rdn1edge platforms.
The development of software and fast models for these platforms
has been discontinued. rdn1edge platform has been superseded by the
rdn2 platform, which is already supported in TF-A and CI work is
underway for this platform.
Change-Id: If2228fb73549b244c3a5b0e5746617b3f24fe771
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The ARMv8 ARM says about the values in the ID register scheme:
==== D17.1.3 Principles of the ID scheme for fields in ID registers ===
The ID fields, which are either signed or unsigned, use increasing
numerical values to indicate increases in functionality. Therefore,
if a value of 0x1 indicates the presence of some instructions, then
the value 0x2 will indicate the presence of those instructions plus
some additional instructions or functionality. This means software
can be written in the form:
if (value >= number) {
// do something that relies on the value of the feature
}
=======================================================================
So to check for the presence of a certain architecture feature, we
should not check against a certain specific value, as it's done right
now in several cases.
Relax the test for Fine Grained Trapping (FGT) to just check against
the field being 0 or not.
This fixes TF-A crashing due to an unhandled exception, when running a
Linux kernel on an FVP enabling ARMv8.9 features. The value of
ID_AA64MMFR0_EL1.FGT went from 0b0001 to 0b0010 there.
Change-Id: Ic3f1625a7650306ed388a0660429ca8823c673c2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The CPU version check was moved wrongly down in N2 and missing in V1.
The patch fixes the issues.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Icb6e5285d6cc97fbe416fe1f0b1ab7afbd8a8809
Add a section into documentation listing the support for High Assurance
Boot (HABv4), note on the DRAM mapping, and reference to the external
documentation.
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Change-Id: Iaca97f4ac2595e35de2664a880394519f96eca07
Introduce support for High Assurance Boot (HABv4), which is used to
establish and extend the Root-of-Trust during FW loading at any given
boot stage.
This commit introduces support for HAB ROM Vector Table (RVT) API, which
is normally used by post-ROM code to authenticate additional boot images
(Kernel, FDT, FIT, etc.) that are taking part in the Root-of-Trust.
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Change-Id: I780d308369824fa4850844eb9e91768e417166a0
In order for HAB to perform operations, memory regions has to be mapped
in TF-A, which HAB ROM code would use internally.
Include those memory blocks for i.MX8M+ SoC. Of a special note, the DRAM
block is mapped with complete size available on the platform and uses
MT_RW attributes, this is required to minimize the size of translation
tables and provide a possibility to exchange the execution results
between EL3 and EL1&2, see details in [1].
Link: [1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/16880
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Change-Id: I986cdce434d1ec9ea8b3c0d5599edde55b9b30f8
In order for HAB to perform operations, memory regions has to be mapped
in TF-A, which HAB ROM code would use internally.
Include those memory blocks for i.MX8MN SoC. Of a special note, the DRAM
block is mapped with complete size available on the platform and uses
MT_RW attributes, this is required to minimize the size of translation
tables and provide a possibility to exchange the execution results
between EL3 and EL1&2, see details in [1].
Link: [1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/16880
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Change-Id: If7a2b718658db452871e1ae56b71a4983e8ef2fe
In order for HAB to perform operations, memory regions has to be mapped
in TF-A, which HAB ROM code would use internally.
Include those memory blocks for i.MX8MM SoC. Of a special note, the DRAM
block is mapped with complete size available on the platform and uses
MT_RW attributes, this is required to minimize the size of translation
tables and provide a possibility to exchange the execution results
between EL3 and EL1&2, see details in [1].
Link: [1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/16880
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Change-Id: I6a3a3d7105b85c2f4ab6ea6cfbca67c9a325eb11
Update the libfdt source files to the upstream commit e37c256 [1].
[1] https://github.com/dgibson/dtc/commit/e37c256
Change-Id: I00e29b467ff6f8c094f68245232a7cedeaa14aef
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
In anticpation of the next Trusted Firmware release update the to newest
2.x Mbed TLS library [1].
Note that the Mbed TLS project published version 3.x some time ago.
However, as this is a major release with API breakages, upgrading to
this one might require some more involved changes in TF-A, which we are
not ready to do. We shall upgrade to Mbed TLS 3.x after the v2.8 release
of TF-A.
[1] https://github.com/Mbed-TLS/mbedtls/tree/v2.28.1
Change-Id: I7594ad062a693d2ecc3b1705e944dce2c3c43bb2
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Code owners have been added for the Arm(R) Ethos(TM)-N NPU driver.
Change-Id: I0bda0d95151cdff5cd3a793c6c0e9ef6a9a5f50b
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
TF-A is reporting that erratum are missing to be enabled.
Enable the Following errata workaround to Cortex-A78 AE CPU for versal_net
ERRATA_A78_AE_1941500
ERRATA_A78_AE_1951502
ERRATA_A78_AE_2376748
ERRATA_A78_AE_2395408
For further information refer to
https://developer.arm.com/documentation/SDEN1707912/1300/
Signed-off-by: Akshay Belsare <Akshay.Belsare@amd.com>
Change-Id: Ib7fc16e035feab1dfbd88c1f8ce128b057eee86d
Right now, the delegated attestation module is not used in TF-A. This
means it's not even getting built and so the CI system cannot detect
build regressions.
Eventually, delegated attestation will be involved in a new runtime
service exposed by BL31 to lower exception levels. We are not there
yet but let's already include it into BL31 image, so we get build
coverage and static analysis on the code. Note that we make sure to
cover both PLAT_RSS_NOT_SUPPORTED=0 and PLAT_RSS_NOT_SUPPORTED=1
configurations.
Delegated attestation is currently made dependent on measured boot
support. This dependency is not at the source code level (attestation
code does not invoke any measured boot interfaces) but it is rather a
logical dependency: attestation without boot measurements is not very
useful...
For now, this is good enough for our purpose but the conditions under
which the attestation code is included might change in the future.
Change-Id: I616715c3dd0418a1bbf1019df3ff9acd8461e705
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
EL3 is configured to trap accesses to SME registers (via
CPTR_EL3.ESM=0). To allow SME instructions, this needs to be temporarily
disabled before changing system registers. If the PE delays the effects
of writes to system registers then accessing the SME registers will trap
without an isb. This patch adds the isb to restore functionality.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I8ee5ecaec978dde2525631daa682a182ad8f7f04
TF-A is reporting that above two erratum are missing to be enabled that's
why enable them by default.
For futher information please refer to
https://developer.arm.com/documentation/epm012079/11/
where
859971 is "Speculative instruction prefetch to Execute-never (XN) memory
could cause deadlock or data integrity issue" and
1319367 is "Speculative AT instruction using out-of-context translation
regime could cause subsequent request to generate an incorrect
translation".
Change-Id: I408706713a169e53db63ac5657751b0b003e646d
Signed-off-by: Michal Simek <michal.simek@amd.com>
Shruti Gupta
Manish Pandey
Manish V Badarkhe
Olivier Deprez
Sandrine Bailleux
Bipin Ravi
Madhukar Pappireddy
Boyan Karatotev
Lauren Wehrmeister
Shawn Guo
Daniel Boulby
Andre Przywara
Joanna Farley
Andrey Zhizhikin
Mikael Olsson
Akshay Belsare
Akram Ahmad
Michal Simek