Bump the certifi package to a later version following an advisory [1]
affecting versions >= 2015.4.28, < 2023.7.22.
[1] https://github.com/advisories/GHSA-xqr8-7jwr-rhp7
Change-Id: Ida6ff7f0b1228728474de8695dca42303de2b305
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
move the gpc reg offset, bit define & macro to a separate header
file for code reuse.
This fixes suspend to mem on i.MX8M Plus too, since the register
layout is different there.
Change-Id: Ibec60c3a68ffa8c378de5334577a7b0e463ca875
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Signed-off-by: Marek Vasut <marex@denx.de> # Upgrade to latest, update commit message
Similar to the FVP and QEMU, the Arm FPGA systems come with different
CPU cores, and gain new features over time.
Add a list of ARMv9.2 features that require TF-A enablement to be usable
from non-secure world. Their existence will be detected at runtime, so
supporting all those features is not required for using the build.
This fixes the Linux kernel booting on a ARMv9.2 FPGA core.
Change-Id: Ie93c32b13ce4f9968081bf38296cd45edad0a928
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Memory reservation in dtb will be done only when TF-A runs from
ddr and dtb load address is provided.
Otherwise prepare_dtb will simply return.
Empty definition of prepare_dtb is removed.
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Change-Id: Ie8a3ec51d60a7389831cfe6a112f722777930623
In absence of definition, PLAT_OCM_BASE is always 0
and IS_TFA_IN_OCM(x) always returns true irrespective
of address passed to it. Reasoning is as mentioned in
Refer section 4.2.3 in
https://gcc.gnu.org/onlinedocs/gcc-3.0.2/cpp_4.html
Due to this,functionality for reservation of TF-A DDR memory in
dtb is never executed.
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Change-Id: Iafb6b7c6aec29bba22f8f7a8395f9caf97548157
Update the memory layout for both BL31 and BL32 FW based on
the 1GB DRAM space of the AST2700 EVB.
Minor:
- Use SZ_xx macro to define size for better readability
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Change-Id: I6d8285bd675321f615bb67cdd27bb4b6cb4c8b16
The generic threat model used to list threats in no particular order.
Reorganize threats so that they are grouped by mitigating entity. For
example, threats mitigated by the boot firmware (i.e. BL1 and BL2) are
now clubbed together, ditto for those mitigated by the runtime EL3
firmware. Note that some generic threats apply to all firmware images
so these get grouped in their own section as well.
The motivations for this refactoring are the following:
- Clarify the scope of the threats.
In particular, as the boot firmware is typically transient, threats
applying to those images can only be exploited during a short
period of time before the runtime firmware starts.
A note has been added to this effect.
- Helping developers implement mitigations in the right place.
- Some vendors have their own solution for booting their device and
only leverage the runtime firmware from the TF-A project. Thus,
they are not interested in the threat model of TF-A's boot
firmware. Isolating the latter in a specific section helps them
focus on what is important for them.
To avoid unnecessary churn, the threats ids have been kept the same.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Id8616fd0e4b37cd400b1ad3372beb3455234d4dc
The fact that RME is out of the generic threat model's scope is just
another assumption we make about the target of evaluation so mention
it there.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I839ec5427f36b085148338030e8b1b85191d4245
To avoid duplicate symbol errors when compiling bootloader images which
pull in the same source file multiple times, sort source files before
generating bootloader image build rules in order to remove duplicates.
Change-Id: I03a60d9f752f8fe85f17ec14e265fd4a6223de32
Signed-off-by: Chris Kay <chris.kay@arm.com>
Similarly to the earlier patch enabling BL-specific additions to include
directories, preprocessor definitions and toolchain flags, this change
allows platforms to add options common to all images.
This is required because some platforms inject dependencies via the
`<platform_def.h>` header, and we don't currently have a clean way to
model that in build system code.
Change-Id: Ib0b38f9236cba6f56745cb3c756dfc81547da8bd
Signed-off-by: Chris Kay <chris.kay@arm.com>
Adding basic CPU library code to support Nevis CPU
Change-Id: I399cc9b7b2d907b02b76ea2a3e5abb54e28fbf6c
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Currently 'pauth_helpers.S' is added if pauth is enabled from main
level makefile.
Change-Id: I33800e280daea6dba6d11e2c494101b369cd8a0b
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
* changes:
refactor(cpus): convert the Cortex-A57 to use cpu helpers
refactor(cpus): convert the Cortex-A57 to use the errata framework
refactor(cpus): reorder Cortex-A57 errata by ascending order
refactor(cpus): add Cortex-A57 errata framework information
refactor(cpus): convert the Cortex-A53 to use cpu helpers
refactor(cpus): convert the Cortex-A53 to use the errata framework
refactor(cpus): reorder Cortex-A53 errata by ascending order
Remove blanket assumption of empty data segment area to avoid
issues while writing descriptors.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: If6ff0426c44c949af1065082ed8a23ed936b5f3e
This involves replacing:
* the reset_func with the standard cpu_reset_func_{start,end} to apply
errata automatically
* the <cpu>_errata_report with the errata_report_shim to report errata
automatically
...and for each erratum:
* the prologue with the workaround_<type>_start to do the checks and
framework registration automatically
* the epilogue with the workaround_<type>_end
* the checker function with the check_erratum_<type> to make it more
descriptive
It is important to note that the errata workaround sequences remain
unchanged and preserve their git blame.
At this point the binary output of all errata was checked with the
script from commit 19136. All reported discrepancies involve errata
with no workaround in the cpu file or errata that did not previously
have a workaround function and now do. The non temporal hint erratum has
been converted to a numeric erratum.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ib321ab01362c5954fe78e7349229c1437b3da847
Errata report order is enforced to be in ascending order. To achieve
this with the errata framework this has to be done at the definition
level.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ia98976797fc0811f30c7dbf714e94b36e3c2263e
Also, convert checker functions of errata which are enabled for all cpu
revisions to report correctly in preparation of the errata ABI.
Although the script from commit 250919 was used to check that errata
code did not change, this CPU only loosely adhered to convention and its
output was not particularly useful. Nevertheless, the discrepancies were
manually verified. All errata have been checked that they get invoked.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I988db6e7b6d1732f1d2258dbdf945cb475781894
This involves replacing:
* the reset_func with the standard cpu_reset_func_{start,end} to apply
errata automatically
* the <cpu>_errata_report with the errata_report_shim to report errata
automatically
...and for each erratum:
* the prologue with the workaround_<type>_start to do the checks and
framework registration automatically
* the epilogue with the workaround_<type>_end
* the checker function with the check_erratum_<type> to make it more
descriptive
It is important to note that the errata workaround and checking
sequences remain unchanged and preserve their git blame.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I30556f438859d17f054cb6bc96f3069b40474b58
Errata report order is enforced to be in ascending order. To achieve
this with the errata framework this has to be done at the definition
level.
Also rename the disable_non_temporal_hint to its erratum number to
conform to convention.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Id474872afebf361ab3d21c454ab3624db8354045
The original powerdown function for Gelas included SME disabling
instructions but did not check for the presence of SME before disabling.
This could lead to unexpected beaviors. This patch adds that check so
the feature is disabled only if it is present.
Change-Id: I582db53a6669317620e4f72a3eac87525897d3d0
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
If AACRH32_SP is not specified, it causes the DEFAULT_LINKER_SCRIPT
variable to be empty, and then the linker takes the variable following
it as if it was the linker script, which is not one. This patch
addresses that issue by requiring the AARCH32_SP variable to be set
before continuing.
Change-Id: I21db7d5bd86b98faaa1a1cd3f985daa592556a2d
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
The refactor caused many APIs to be regressed due to copy paste changes
so fix them.
Fixes: 6688fd7aec ("refactor(ti): refactor ti_sci_{setup,do}_xfer to allow zero size response")
Change-Id: I03a808fa0bf2cbefbc1c9924bdaf4cfb2ad7f2cb
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Pointer authentication requires CTX_INCLUDE_PAUTH_REGS to be defined.
Change-Id: I4ca95d6d9e619e7a7296a2c3ecb799683bf70575
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
* changes:
refactor(qemu): handle SPM_MM builds
refactor(qemu): handle AArch64 flags
refactor(qemu): common cpu features enablement
refactor(qemu): common BL31 sources
refactor(qemu): common BL1/2 sources
refactor(qemu): move CPU definitions into one place
refactor(qemu): move FDT stuff into one place
There are some variables to enable/disable options. Let keep them at top
of file.
Change-Id: I108dd814557b6c713aba0d73a52148c766079c8b
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
There is no need to have two "if" checks for same thing one after
another.
FGT, RNG, SVE, SME are aarch64 only flags.
Change-Id: I6e5850211c859dc7a4ccf6bc8dc6a8d600ffe692
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
dependabot[bot]
Yann Gautier
Sandrine Bailleux
Manish Pandey
Olivier Deprez
Harrison Mutai
Madhukar Pappireddy
Jacky Bai
Marek Vasut
Andre Przywara
Joanna Farley
Amit Nagal
Manish V Badarkhe
Chia-Wei Wang
Chris Kay
Bipin Ravi
Juan Pablo Conde
Govindraj Raja
Rohit Ner
Boyan Karatotev
Manorit Chawdhry
Marcin Juszkiewicz