It is useful to have a single build for the FVP that includes as much
stuff as possible. Such a build allows a single TF-A build to be used on
a wide variety of fvp command lines. Unfortunately, the fvp also has a
(somewhat arbitrary) SRAM limit and enabling a bunch of stuff overruns
what is available.
To workaround this limit, don't enable everything for all
configurations. The offending configuration is when tsp is enabled, so
try to slim the binary down only when building with it.
As this doesn't solve the issue of running out of space for BL31, update
the linker error to give some clue as to what has (likely) caused it
while more permanent fixes are found.
Also add FEAT_RNG to the mix as it got missed in the commotion.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Icb27cc837c2d90ca182693e9b3121b51383d51fd
Add support for runtime detection (ENABLE_SVE_FOR_NS=2), by splitting
sve_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SVE specific setup.
Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.
Change-Id: I1caaba2216e8e2a651452254944a003607503216
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Add support for runtime detection (ENABLE_SME_FOR_NS=2), by splitting
feat_sme_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SME specific setup.
Change the FVP platform default to the now supported dynamic option
(=2),so the right decision can be made by the code at runtime.
Change-Id: Ida9ccf737db5be20865b84f42b1f9587be0626ab
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
So far we have the ENABLE_AMU build option to include AMU register
handling code for enabling and context switch. There is also an
ENABLE_FEAT_AMUv1 option, solely to protect the HAFGRTR_EL2 system
register handling. The latter needs some alignment with the new feature
scheme, but it conceptually overlaps with the ENABLE_AMU option.
Since there is no real need for two separate options, unify both into a
new ENABLE_FEAT_AMU name in a first step. This is mostly just renaming at
this point, a subsequent patch will make use of the new feature handling
scheme.
Change-Id: I97d8a55bdee2ed1e1509fa9f2b09fd0bdd82736e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support access to the trace unit by system
registers (SYS_REG_TRACE) to be either unconditionally compiled in, or
to be not supported at all.
Add support for runtime detection (ENABLE_SYS_REG_TRACE_FOR_NS=2), by
adding is_feat_sys_reg_trace_supported(). That function considers both
build time settings and runtime information (if needed), and is used
before we access SYS_REG_TRACE related registers.
The FVP platform decided to compile in support unconditionally (=1),
even though this is an optional feature, so it is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: I450a574a4f6bd9fc269887037049c94c906f54b2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_MPAM to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_MPAM_FOR_LOWER_ELS=2), by
splitting get_mpam_version() into an ID register reading
function and a second function to report the support status. That
function considers both build time settings and runtime information (if
needed), and is used before we access MPAM related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_mpam_supported() function to guard its execution.
ENABLE_MPAM_FOR_LOWER_ELS defaults to 0, so add a stub enable function
to cover builds with compiler optimisations turned off. The unused
mpam_enable() function call will normally be optimised away (because it
would never be called), but with -O0 the compiler will leave the symbol
in the object file.
Change-Id: I531d87cb855a7c43471f861f625b5a6d4bc61313
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_SPE_FOR_NS=2), by splitting
is_armv8_2_feat_spe_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access SPE related registers.
Previously SPE was enabled unconditionally for all platforms, change
this now to the runtime detection version.
Change-Id: I830c094107ce6a398bf1f4aef7ffcb79d4f36552
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL2.E2PB accordingly.
This should be reflected in the feature selection symbol, so rename that
to ENABLE_SPE_FOR_NS, to make it clearer that SPE is not supported in
the secure world.
Change-Id: I3f9b48eab1a45d6ccfcbb9c90a11eeb66867ad9a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
As per SMCCC spec Table 2.1 bit 23:17 must be zero (MBZ),
for all Fast Calls, when bit[31] == 1.
Adding this check to ensure SMC FIDs when get to the SMC handler
have these bits (23:17) cleared, if not capture and report them
as an unknown SMCs at the core.
Also the C runtime stack is copied to the stackpointer well in
advance, to leverage the existing el3_exit routine for unknown SMC.
Change-Id: I9972216db5ac164815011177945fb34dadc871b0
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
It was assumed that BL31 is the first bootloader to run so there's
no argument to relay from a previous bootloader in RESET_TO_BL31
case, however this is not true for every platform with a non-TF-A
bootloader that might get executed before BL31 while compiling in
RESET_TO_BL31 feature.
Thus, by avoiding zeroing registers, the arguments passed from the
previous bootloader to BL31 are preserved.
Change-Id: I7bb66a10d1fd551ba3fd59a7a38ab5bde3197f72
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Adopted RESET_TO_BL31_WITH_PARAMS functionality in RESET_TO_BL31
in the subsequent patches hence reverted this patch.
This reverts commit 25844ff728.
Change-Id: Ia0bfa22fc45754f15c82638662dde93f604992c3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
At the moment we only support FEAT_TRF to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_TRF_FOR_NS=2), by splitting
is_feat_trf_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access TRF related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_trf_supported() function to guard its execution.
The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_TRF is an ARMv8.4 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: Ia97b01adbe24970a4d837afd463dc5506b7295a3
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_BRBE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_BRBE_FOR_NS=2), by splitting
is_feat_brbe_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access BRBE related registers.
The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_BRBE is an ARMv9 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: I5f2e2c9648300f65f0fa9a5f8e2f34e73529d053
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we only support FEAT_TRBE to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_TRBE_FOR_NS=2), by splitting
is_feat_trbe_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access TRBE related registers.
The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_TRBE is an ARMv9 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.
Change-Id: Iee7f88ea930119049543a8a4a105389997e7692c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When we reach sysreg_handler64 from any trap handling we are entering
this path from lower EL and thus we should be calling lower_el_panic
reporting mechanism to print panic report.
Make report_elx_panic available through assembly func elx_panic which
could be used for reporting any lower_el_panic.
Change-Id: Ieb260cf20ea327a59db84198b2c6a6bfc9ca9537
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Current panic call invokes do_panic which calls el3_panic, but now panic
handles only panic from EL3 anid clear separation to use lower_el_panic()
which handles panic from lower ELs.
So now we can remove do_panic and just call el3_panic for all panics.
Change-Id: I739c69271b9fb15c1176050877a9b0c0394dc739
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Cleanup weak links to el3_panic and restrict crash_reporting usage
to bl31.
Crash reporting is not used with bl1, bl2 and weak linkage to el3_panic
is used, this can cause ambiguity in understanding the code so remove
this weak linkage and introduce funcs that should be used when we have
crash reporting for el3 panics.
Change-Id: Ic5c711143ba36898ef9574a078b8fa02effceb12
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Currently we call el3_panic for panics from EL3 and elx_panic for
panics from lower ELs.
When we boot into a rich OS environment and interact with BL31 using
SMC/ABI calls and we can also decide to handle any lower EL panics in
EL3. Panic can occur in lower EL from rich OS or during SMC/ABI calls
after context switch to EL3.
But after booting into any rich OS we may land in panic either from
rich OS or while servicing any SMC call, here the logic to use
el3_panic or elx_panic is flawed as spsr_el3[3:0] is always EL3h
and end up in elx_panic even if panic occurred from EL3 during
SMC handling.
We try to decouple the elx_panic usage for its intended purpose,
introduce lower_el_panic which would call elx_panic, currently
lower_el_panic is called from default platform_ea_handle which
would be called due to panic from any of the lower ELs.
Also remove the weak linkage for elx_panic and rename it to
report_elx_panic which could be used with lower_el_panic.
Change-Id: I268bca89c01c60520d127ef6c7ba851460edc747
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Some of our specialized sections are not prefixed with the conventional
period. The compiler uses input section names to derive certain other
section names (e.g. `.rela.text`, `.relacpu_ops`), and these can be
difficult to select in linker scripts when there is a lack of a
delimiter.
This change introduces the period prefix to all specialized section
names.
BREAKING-CHANGE: All input and output linker section names have been
prefixed with the period character, e.g. `cpu_ops` -> `.cpu_ops`.
Change-Id: I51c13c5266d5975fbd944ef4961328e72f82fc1c
Signed-off-by: Chris Kay <chris.kay@arm.com>
handle_lower_el_async_ea and enter_lower_el_async_ea are same except for
saving x30 register, with previous patch x30 is now freed before calling
these function we don't need both of them.
This patch also unifies the naming convention, now we have 3 handlers
- handle_lower_el_ea_esb
- handle_lower_el_sync_ea
- handle_lower_el_async_ea
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I63b584cf059bac80195aa334981d50fa6272cf49
Most of the macros/routine in vector entry need a free scratch register.
Introduce a macro "save_x30" and call it right at the begining of vector
entries where x30 is used. It is more exlicit and less error prone
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I617f3d41a120739e5e3fe1c421c79ceb70c1188e
The following build system variables have been renamed:
- `LINKERFILE` -> `DEFAULT_LINKER_SCRIPT`
- `BL_LINKERFILE` -> `DEFAULT_LINKER_SCRIPT_SOURCE`
- `<IMAGE>_LINKERFILE` -> `<IMAGE>_DEFAULT_LINKER_SCRIPT_SOURCE`
These new names better reflect how each variable is used:
1. the default linker script is passed via `-dT` instead of `-T`
2. linker script source files are first preprocessed
Additionally, linker scripts are now placed in the build directory
relative to where they exist in the source directory. For example,
the `bl32/sp_min/sp_min.ld.S` would now preprocess to
`sp_min/sp_min.ld` instead of just `bl32.ld`
BREAKING-CHANGE: The `LINKERFILE`, `BL_LINKERFILE` and
`<IMAGE_LINKERFILE>` build system variables have been renamed. See the
commit message for more information.
Change-Id: If8cef65dcb8820e8993736702c8741e97a66e6cc
Signed-off-by: Chris Kay <chris.kay@arm.com>
There are a variety of code styles used by the various linker scripts
around the code-base. This change brings them in line with one another
and attempts to make the scripts more friendly for skim-readers.
Change-Id: Ibee2afad0d543129c9ba5a8a22e3ec17d77e36ea
Signed-off-by: Chris Kay <chris.kay@arm.com>
At the moment we save and restore the HCRX_EL2 register in assembly, and
just depend on the build time flags.
To allow runtime checking, and to avoid too much code in assembly, move
that over to C, and use the new combined build/runtime feature check.
This also allows to drop the assert, since this should now be covered by
the different FEAT_STATE_x options.
Change-Id: I3e20b9ba17121d423cd08edc20bbf4e7ae7c0178
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Use the generic check function in feat_detect.c, and split the feature
check into two functions, as done for FEAT_FGT before.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I0a4f973427c10d5d15c414ff5e12b18b7e645fae
Following macros removed
- handle_async_ea : It duplicates "check_and_unmask_ea" functionality
- check_if_serror_from_EL3: This macro is small and called only once,
replace this macro with instructions at the caller.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Id7eec6263ec23cc8792139f491c563f616fd3618
When a platform decides to use FEAT_RNG_TRAP, every RNDR or RNDRSS read
will trap into EL3. The platform can then emulate those instructions, by
either executing the real CPU instructions, potentially conditioning the
results, or use rate-limiting or filtering to protect the hardware
entropy pool. Another possiblitiy would be to use some platform specific
TRNG device to get entropy and returning this.
To demonstrate platform specific usage, add a demo implementation for the
FVP: It will execute the actual CPU instruction and just return the
result. This should serve as reference code to implement platform specific
policies.
We change the definition of read_rndr() and read_rndrrs() to use the
alternative sysreg encoding, so that all assemblers can handle that.
Add documentation about the new platform specific RNG handler function.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ibce817b3b06ad20129d15531b81402e3cc3e9a9e
At the moment we only handle SMC traps from lower ELs, but ignore any
other synchronous traps and just panic.
To cope with system register traps, which we might need to emulate,
introduce a C function to handle those traps, and wire that up in the
exception handler to be called.
We provide a dispatcher function (in C), that will call platform
specific implementation for certain (classes of) system registers.
For now this is empty.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: If147bcb49472eb02791498700300926afbcf75ff
scr_el3 registers cannot be modified in lower ELs which means it retains
the same value which is stored in the EL3 cpu context structure for the
given world. So, we should not save the register when entering to EL3
from lower EL as we have the copy of it present in cpu context.
During EL3 execution SCR_EL3 value can be modifed for following cases
1. Changes which is required for EL3 execution, this change is temp
and do not need to be saved.
2. Changes which affects lower EL execution, these changes need to be
written to cpu context as well and will be retrieved when scr_el3
is restored as part of exiting EL3
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I9cc984ddf50e27d09e361bd83b1b3c9f068cf2fd
SMCCCv1.3 introduces the SVE hint bit added to the SMC FID (bit 16)
denoting that the world issuing an SMC doesn't expect the callee to
preserve the SVE state (FFR, predicates, Zn vector bits greater than
127). Update the generic SMC handler to copy the SVE hint bit state
to SMC flags and mask out the bit by default for the services called
by the standard dispatcher. It is permitted by the SMCCC standard to
ignore the bit as long as the SVE state is preserved. In any case a
callee must preserve the NEON state (FPCR/FPSR, Vn 128b vectors)
whichever the SVE hint bit state.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2b163ed83dc311b8f81f96b23c942829ae9fa1b5
Following hardening done around ESR_EL3 register usage
- Panic if exception is anyting other than SError
- AET bit is only valid if DFSC is 0x11, move DFSC check before AET.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib15159920f6cad964332fd40f88943aee2bc73b4
Added remediation driver for DRTM to set/get the error
from non-volatile memory
Change-Id: I8f0873dcef4936693e0f39a3c95096cb689c04b7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Added Event Log driver support for DRTM. This driver
is responsible for the doing the hash measurement of
various DRTM components as per [1], and putting these
measurements in the Event Log buffer.
[1]: https://developer.arm.com/documentation/den0113/a, section 3.16
Change-Id: I9892c313cf6640b82e261738116fe00f7975ee12
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added platform hooks to retrieve DRTM features and
address map.
Additionally, implemented these hooks for the FVP platform.
Signed-off-by: John Powell <john.powell@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I5621cc9807ffff8139ae8876250147f7b2c76759
Updated DRTM setup functionality that mainly does below 2 things
1. Initialise the DRTM DMA protection, this function assumes the
platform must support complete DMA protection.
2. Initialise the Crypto module that will be useful to calculate
the hash of various DRTM element involved.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I3d6e4d534686d391fa7626094d2b2535dac74e00
Updated mbedTLS driver to include mbedTLS functions necessary for a
DRTM supported build.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: If0120374a971519cf84f93e0c59e1a320a72cd97
Added a dummy DRTM setup function and also, introduced DRTM SMCs
handling as per DRTM spec [1]. Few basic SMCs are handled in this
change such as ARM_DRTM_SVC_VERSION and ARM_DRTM_SVC_FEATURES
that returns DRTM version and functions ids supported respectively,
and others are dummy for now.
[1]: https://developer.arm.com/documentation/den0113/latest
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I8c7afe920c78e064cbab2298f59e6837c70ba8ff
Currently, when SPMC at S-EL2 is used, we cannot use the RAS framework
to handle Group 0 interrupts. This is required on platforms where first
level of triaging needs to occur at EL3, before forwarding RAS handling
to a secure partition running atop an SPMC (hafnium).
The RAS framework depends on EHF and EHF registers for Group 0
interrupts to be trapped to EL3 when execution is both in secure world
and normal world. However, an FF-A compliant SPMC requires secure
interrupts to be trapped by the SPMC when execution is in S-EL0/S-EL1.
Consequently, the SPMC (hafnium) is incompatible with EHF, since it is
not re-entrant, and a Group 0 interrupt trapped to EL3 when execution is
in secure world, cannot be forwarded to an SP running atop SPMC.
This patch changes EHF to only register for Group 0 interrupts to be
trapped to EL3 when execution is in normal world and also makes it a
valid routing model to do so, when EL3_EXCEPTION_HANDLING is set (when
enabling the RAS framework).
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I72d4cf4d8ecc549a832d1c36055fbe95866747fe
Some linker sections are discarded since 511046eaa2 ("BL31: discard
.dynsym .dynstr .hash sections to make ENABLE_PIE work"). However, that
logic was placed inside a preprocessor condition, so it only applied to
the !SEPARATE_NOBITS_REGION case. Move the /DISCARD/ block down so it
applies in all cases.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I6604609f2321a2a9c32a25721a697c320108a974
The purpose of including vendor extend plat.ld.rodata.inc
linker script is for compactly collecting vendor rodata in
intrinsic rodata section.
If vendors define a standalone section and assign the section
placed after __RW_END__, the raw bindry(bl31.bin) will include
bss section with zero value and increase binary size.
Signed-off-by: Leon Chen <leon.chen@mediatek.com>
Change-Id: I46dd8b02bfb26af1dcca27f61b3ea29ca74bbbd6
During a synchronous exception, the 'enter_lower_el_sync_ea' handler
tests the ESR_EL3 EA bit and calls 'report_unhandled_exception', if
it is not set.
EA = 0 and IFSC = SEA, seems to be a contradiction. EA provides further
classification of a synchronous abort. A synchronous abort is determined
by the IFSC value on an instruction fetch synchronous abort. As a result,
EA will never be set to 1 on an instruction fetch synchronous abort and
'report_unhandled_exception' should not be called.
This patch removes this behavior to allow the platform to handle the
exception.
Signed-off-by: Nicolas Benech <nbenech@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I3f004447ad4316d81649063e1ffb3ac644c83ede
This patch enables access to the branch record buffer control registers
in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS.
It is disabled for all secure world, and cannot be used with ENABLE_RME.
This option is disabled by default, however, the FVP platform makefile
enables it for FVP builds.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I576a49d446a8a73286ea6417c16bd0b8de71fca0
It is not always the case that RESET_TO_BL31 enabled platforms don't
execute a bootloader before BL31.
For those use cases, being able to receive arguments from that first
loader (i.e: a DTB with TPM logs) might be necessary feature.
This code has been validated on iMX8mm.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Change-Id: Ibf00c3867cb1d1012b8b376e64ccaeca1c9d2bff
Introduce build flag for enabling the secure partition
manager core, SPMC_AT_EL3. When enabled, the SPMC module
will be included into the BL31 image. By default the
flag is disabled.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I5ea1b953e5880a07ffc91c4dea876a375850cf2a
As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' function. The function is
a wrapper to 'cm_prepare_el3_exit' function for Non-secure state.
When EL2 sysregs context exists (CTX_INCLUDE_EL2_REGS is
enabled) EL1 and EL2 sysreg values are restored from the context
instead of directly updating the registers.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9b071030576bb05500d54090e2a03b3f125d1653
In preparation for adding the EL3 SPMC configuration as defined in
the FF-A specification, restructure the existing SPM_MM code.
With this restructuring of the code, the 'spm_mm' directory is
renamed as 'spm' and the code inside has been split into two
sub-directories named 'common' and 'spm_mm'. The code in 'spm_mm'
directory contains the code that implements the MM interface.
In subsequent patches, the 'spmc' directory will be introduced
under the 'spm' directory providing the code that implements
the 'FF-A' interface.
Currently the common functionality for S-EL1 partitions is
limited to assembler functions to enter and exit an SP
synchronously.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I37739b9b53bc68e151ab5c1c0c6a15b3ee362241
This patch adds architectural features detection procedure to ensure
features enabled are present in the given hardware implementation.
It verifies whether the architecture build flags passed during
compilation match the respective features by reading their ID
registers. It reads through all the enabled feature specific ID
registers at once and panics in case of mismatch(feature enabled
but not implemented in PE).
Feature flags are used at sections (context_management,
save and restore routines of registers) during context switch.
If the enabled feature flag is not supported by the PE, it causes an
exception while saving or restoring the registers guarded by them.
With this mechanism, the build flags are validated at an early
phase prior to their usage, thereby preventing any undefined action
under their control.
This implementation is based on tristate approach for each feature and
currently FEAT_STATE=0 and FEAT_STATE=1 are covered as part of this
patch. FEAT_STATE=2 is planned for phase-2 implementation and will be
taken care separately.
The patch has been explicitly tested, by adding a new test_config
with build config enabling majority of the features and detected
all of them under FVP launched with parameters enabling v8.7 features.
Note: This is an experimental procedure and the mechanism itself is
guarded by a macro "FEATURE_DETECTION", which is currently being
disabled by default.
The "FEATURE_DETECTION" macro is documented and the platforms are
encouraged to make use of this diagnostic tool by enabling this
"FEATURE_DETECTION" flag explicitly and get used to its behaviour
during booting before the procedure gets mandated.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: Ia23d95430fe82d417a938b672bfb5edc401b0f43
During a transition to a higher EL some of the PSTATE bits are not set
by hardware, this means that their state may be leaked from lower ELs.
This patch sets those bits to a default value upon entry to EL3.
This patch was tested using a debugger to check the PSTATE values
are correctly set. As well as adding a test in the next patch to
ensure the PSTATE in lower ELs is still maintained after this change.
Change-Id: Ie546acbca7b9aa3c86bd68185edded91b2a64ae5
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
In the next patch we add an extra step of setting the PSTATE
registers to a known state on el3 entry. In this patch we create
the function prepare_el3_entry to wrap the steps needed for before
el3 entry. For now this is only save_gp_pmcr_pauth_regs.
Change-Id: Ie26dc8d89bfaec308769165d2649e84d41be196c
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
This patch adds two new compile time options to enable SME in TF-A:
ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and
secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable
SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions
in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these
traps, but support for SME context management does not yet exist in
SPM so building with SPD=spmd will fail.
The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot
be used with SME as it is a superset of SVE and will enable SVE and
FPU/SIMD along with SME.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
Boyan Karatotev
Jayanth Dodderi Chidanand
Andre Przywara
Manish V Badarkhe
Govindraj Raja
Chris Kay
Manish Pandey
Olivier Deprez
johpow01
Raghu Krishnamurthy
Samuel Holland
Leon Chen
Varun Wadekar
Jorge Ramirez-Ortiz
Marc Bonnici
Zelalem Aweke
Daniel Boulby