Neoverse-N2 erratum 2388450 is a cat B erratum that applies to
revision r0p0 and is fixed in r0p1. The workaround is to set
bit[40] of CPUACTLR2_EL1 to disable folding of demand requests into
older prefetches with L2 miss requests outstanding.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Change-Id: I6dd949c79cea8dbad322e569aa5de86cf8cf9639
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
while sbsa maintainers upstream decide whether new cpus types
should be in, add fujitsu a64fx cpu type in advance
Signed-off-by: Itaru Kitayama <itaru.kitayama@fujitsu.com>
Change-Id: I521a62f1233f3fe6e92f040edaff2cc60a1bd874
Due to their interrelationship in the architecture the SVE and SME
features in TF-A are mutually exclusive. This means that a single binary
can't be shared between systems with and without SME if the system
without SME does support SVE, SVE will not be initialised so lower ELs
will run into trouble trying to use it. This unusual behaviour for TF-A
which normally gracefully handles situations where features are enabled
but not supported on the current hardware.
Address this by calling the SVE enable and disable functions if SME is
not supported rather than immediately exiting, these perform their own
feature checks so if neither SVE nor SME is supported behaviour is
unchanged.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I2c606202fa6c040069f44e29d36b5abb48391874
For OP-TEE without pager, the paged image may not be present in OP-TEE
header. We could then pass NULL for paged_image_info to the function
parse_optee_header(). It avoids creating a useless struct for that
non existing image. But we should then avoid assigning header_ep args
that depend on paged_image_info.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I4fdb45a91ac1ba6f912d6130813f5215c7e28c8b
Cortex-A77 erratum 2356587 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1152370/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I243cfd587bca06ffd2a7be5bce28f8d2c5e68230
Neoverse-V1 erratum 2372203 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[40] of
CPUACTLR2_EL1 to disable folding of demand requests into older
prefetches with L2 miss requests outstanding.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ice8c2e5a0152972a35219c8245a2e07e646d0557
Most traces displayed by log_measurement() use the INFO verbosity
level. Only the digests are unconditionally printed, regardless of
the verbosity level. As a result, when the verbosity level is set
lower than INFO (typically in release mode), only the digests are
printed, which look weird and out of context.
Change-Id: I0220977c35dcb636f1510d8a7a0a9e3d92548bdc
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Neoverse-V1 erratum 2294912 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ia7afb4c42fe66b36fdf38a7d4281a0d168f68354
This patch splits the el2_sysregs_context_save/restore functions
into multiple functions based on features. This will allow us to
selectively save and restore EL2 context registers based on
features enabled for a particular configuration.
For now feature build flags are used to decide which registers
to save and restore. The long term plan is to dynamically check
for features that are enabled and then save/restore registers
accordingly. Splitting el2_sysregs_context_save/restore functions
into smaller assembly functions makes that task easier. For more
information please take a look at:
https://trustedfirmware-a.readthedocs.io/en/latest/design_documents/context_mgmt_rework.html
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I1819a9de8b70fa35c8f45568908025f790c4808c
This change adds "FEAT_TRBE" to be part of feature detection mechanism.
Previously feature enablement flags were of boolean type, containing
either 0 or 1. With the introduction of feature detection procedure
we now support three states for feature enablement build flags(0 to 2).
Accordingly, "ENABLE_TRBE_FOR_NS" flag is now modified from boolean
to numeric type to align with the feature detection.
Change-Id: I53d3bc8dc2f6eac63feef22dfd627f3a48480afc
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
This change adds "FEAT_BRBE" to be part of feature detection mechanism.
Previously feature enablement flags were of boolean type, possessing
either 0 or 1. With the introduction of feature detection procedure
we now support three states for feature enablement build flags(0 to 2).
Accordingly, "ENABLE_BRBE_FOR_NS" flag is now modified from boolean
to numeric type to align with the feature detection.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I1eb52863b4afb10b808e2f0b6584a8a210d0f38c
Denver CPUs use the same workaround for CVE-2017-5715 and CVE-2022-23960
vulnerabilities. The workaround for CVE-2017-5715 is always enabled, so
all Denver variants use CPU_NO_EXTRA3_FUNC as a placeholder for the
mitigation for CVE-2022-23960. This patch implements the approach.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I0863541ce19b6b3b6d1b2f901d3fb6a77f315189
Fixing possible Null pointer dereference error, found
by Coverity scan.
Change-Id: If60b7f7e13ecbc3c01e3a9c5005c480260bbabdd
Signed-off-by: David Vincze <david.vincze@arm.com>
When SPMC is present at S-EL2, EL1 context registers don't need to be
initialized for Secure state. This patch makes sure that EL1 context
registers are initialized only for Non-secure state, and when SPMC is
not present at S-EL2
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I4a60b258c31ce5f6472a243e2687159cc495259b
Implements the loop workaround for Cortex Makalu/Makalu-ELP/Hunter
and Neoverse Demeter/Poseidon.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: If5f6689b662ecac92491e0c0902df4270051ce5b
DSU-110 erratum 2313941 is a Cat B erratum and applies to revisions
r0p0, r1p0, r2p0, r2p1, r3p0, r3p1 and is still open.
The workaround sets IMP_CLUSTERACTLR_EL1[16:15] bits to 0b11 to disable
clock gating of the SCLK domain. This will increase the idle power
consumption.
This patch applies the fix for Cortex-X2/A510/A710 and Neoverse N2.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1781796/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I54d948b23e8e01aaf1898ed9fe4e2255dd209318
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Introduce PLAT_RSS_NOT_SUPPORTED build config to
provide a mocked version of PSA APIs. The goal is
to test the RSS backend based measured boot and
attestation token request integration on such
a platform (AEM FVP) where RSS is otherwise
unsupported. The mocked PSA API version does
not send a request to the RSS, it only returns
with success and hard-coded values.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ice8d174adf828c1df08fc589f0e17abd1e382a4d
Supports:
- Get Platform Attestation token from secure enclave
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Icaeb7b4eaff08e10f449fbf752068de3ac7974bf
A secure enclave could provide an alternate
backend for measured boot. This API can be used
to store measurements in a secure enclave, which
provides the measured boot runtime service.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I2448e324e7ece6b318403c5937dfe7abea53d0f3
This patch adds workarounds for following cortex-x1 errata:
- 1821534 (CatB)
- 1688305 (CatB)
- 1827429 (CatB)
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401782/latest
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I10ebe8d5c56a6d273820bb2c682f21bf98daa7a5
This patch adds basic CPU library code to support Cortex-X1 CPU in TF-A.
Follow-up patches will add selected errata workarounds for this CPU.
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I4a3d50a98bf55a555bfaefeed5c7b88a35e3bc21
Add long, long long and size_t length specifiers to
snprintf similar to vprintf. This will help capturing
all the UART logs into a logbuffer and makes snprintf
functionally equivalent to vprintf.
Change-Id: Ib9bd20e2b040c9b8755cf7ed7c9b4da555604810
Signed-off-by: Channagoud kadabi <kadabi@google.com>
Cortex-A78 erratum 2395406 is a cat B erratum that applies to revisions
r0p0 - r1p2 and is still open. The workaround is to set bit[40] of
CPUACTLR2 which will disable folding of demand requests into older
prefetches with L2 miss requests outstanding.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401784
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If06f988f05f925c2a4bed3e6a9414b6acdfec894
Cortex-A710 erratum 2008768 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to clear
the ED bit in each ERXCTLR_EL1 register before setting the PWRDN bit in
CPUPWRCTLR_EL1.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ib2171c06da762dd4155b02c03d86766f1616381d
Cortex-A78 erratum 2376745 is a cat B erratum that applies to revisions
r0p0 - r1p2 and is still open. The workaround is to set bit[0] of
CPUACTLR2 which will force PLDW/PFRM ST to behave like PLD/PRFM LD and
not cause invalidation to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401784
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I6f1a3a7d613c5ed182a7028f912e0f6ae3aa7f98
In cm_prepare_el3_exit_ns, SCR_EL3.NS bit change (to non-secure) is not
committed before the EL2 restoration sequence happens.
At ICC_SRE_EL2 write in cm_el2_sysregs_context_restore, NS is still 0
from CPU perspective (with EEL2=0) which is an invalid condition and
triggers a fault. By adding ISB, SCR_EL3 gets synced with NS=1/EEL2=0
before ICC_SRE_EL2 write.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ie72a6152aa7729e66b3344c1b7b0749f54cafb6f
This patch enables access to the branch record buffer control registers
in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS.
It is disabled for all secure world, and cannot be used with ENABLE_RME.
This option is disabled by default, however, the FVP platform makefile
enables it for FVP builds.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I576a49d446a8a73286ea6417c16bd0b8de71fca0
Since there is no product deployed running EL3 in AArch32 mode for
Cortex-A57 and Cortex-A72, report the workaround for CVE 2022 23960
as missing on these cores.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I14d202c1179707257086ad0c4795c397e566b3e6
Cortex-A15 does not support FEAT_CSV2 so the existing workaround for
Spectre V2 is sufficient to mitigate against Spectre BHB attacks,
however the code needed to be updated to work with the new build flag.
Also, some code was refactored several years ago and not updated in
the Cortex-A15 library file so this patch fixes that as well.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I768c88a38c561c91019b038ac6c22b291955f18e
Previously the SCR_EL3.AMVOFFEN bit was set for all contexts, this
behavior is incorrect as it allows secure world to access the virtual
offset registers when it should not be able to. This patch only sets
AMVOFFEN for non-secure world.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I2c61fe0a8a0092df089f1cb2c0d8a45c8c8ad0d3
The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved for that purpose. In addition, the function has a
weak definition which is not encouraged in TF-A.
Henceforth, removing the weak API with a configurable macro "TWED_DELAY"
of numeric data type in generic code and simplifying the implementation.
By default "TWED_DELAY" is defined to zero, and the delay value need to
be explicitly set by the platforms during buildtime.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I25cd6f628e863dc40415ced3a82d0662fdf2d75a
If using the EL3 SPMC ensure that we don't mark the translation
tables as read only. The SPMC requires the ability to map and
unmap a partitions RX/TX buffers at runtime.
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ibb78a6a2e3847ce4ec74ce81a9bb61ce34fec24c
As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' function. The function is
a wrapper to 'cm_prepare_el3_exit' function for Non-secure state.
When EL2 sysregs context exists (CTX_INCLUDE_EL2_REGS is
enabled) EL1 and EL2 sysreg values are restored from the context
instead of directly updating the registers.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9b071030576bb05500d54090e2a03b3f125d1653
The patch removes initialization of MPAM EL2 registers when an EL2
software exists. The patch assumes the EL2 software will perform
the necessary initializations of the registers.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I5bed81bc22f417bc3e3cbbcd860a8553cd4307cd
This patch splits the function 'cm_setup_context' into four
functions to make it more readable and easier to maintain.
The function is split into the following functions based on
the security state of the context.
- setup_context_common - performs common initializations
- setup_secure_context - performs Secure state specific
initializations
- setup_realm_context - performs Realm state specific
initializations
- setup_ns_context - performs Non-secure state specific
initializations
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ie14a1c2fc6586087e7aa36537cf9064c80802f8f
The following registers are only accessible from secure state,
therefore don't need to be saved/restored during world switch.
- SDER32_EL2
- VSTCR_EL2
- VSTTBR_EL2
This patch removes these registers from EL2 context.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I24d08aacb1b6def261c7b37d3e1265bb76adafdc
Cortex-X2 erratum 2147715 is a Cat B erratum that applies to revision
r2p0 and is fixed in r2p1. The workaround is to set CPUACTLR_EL1[22]=1,
which will cause the CFP instruction to invalidate all branch predictor
resources regardless of context.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775100/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I2d81867486d9130f2c36cd4554ca9a8f37254b57
is_lock_acquired() function is only used in assert() statements, so when
compiling without asserts, e.g. with DEBUG=0, the function is unused.
this is okay when compiling with gcc because the function is marked as
inline but that doesn't work for clang. let's mark this as __unused to
avoid -Wunused-function warning-as-error.
Change-Id: I93f808fd15f715a65d1bd4f7592affb7997c4bad
Signed-off-by: Okash Khawaja <okash@google.com>
Replacing ARM_ARCH_AT_LEAST macro with feature specific build options
to prevent unconditional accesses to the registers during context save
and restore routines.
Registers are tightly coupled with features more than architecture
versions. Henceforth having a feature-specific build flag guarding the
respective registers, will restrict any undefined actions.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I809774df580530803c8a6e05a62d8d4de0910e02
Cortex A78 AE erratum 2395408 is a Cat B erratum that applies
to revisions <= r0p1. It is still open.
This erratum states, "A translation table walk that matches an
existing L1 prefetch with a read request outstanding on CHI might
fold into the prefetch, which might lead to data corruption for
a future instruction fetch"
This erratum is avoided by setting CPUACTLR2_EL1[40] to 1 to
disable folding of demand requests into older prefetches with
L2 miss requests outstanding.
SDEN is available at https://developer.arm.com/documentation/SDEN-1707912
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ic17968987ca3c67fa7f64211bcde6dfcb35ed5d6
Cortex A78 AE erratum 2376748 is a Cat B erratum that applies
to revisions <= r0p1. It is still open.
The erratum states, "A PE executing a PLDW or PRFM PST instruction
that lies on a mispredicted branch path might cause a second PE
executing a store exclusive to the same cache line address to fail
continuously."
The erratum is avoided by setting CPUACTLR2_EL1[0] to 1 to force
PLDW/PFRM ST to behave like PLD/PRFM LD and not cause invalidations
to other PE caches. There might be a small performance degradation
to this workaround for certain workloads that share data.
SDEN is available at https://developer.arm.com/documentation/SDEN-1707912
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I93bd392a870d4584f3e12c8e4626dbe5a3a40a4d
Implements the loop workaround for Cortex-A76AE, Cortex-A78AE and
Cortex-A78C.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I5c838f5b9d595ed3c461a7452bd465bd54acc548
This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new SMCCC_ARCH_WORKAROUND_3 and enables necessary discovery
hooks for Coxtex-A72, Cortex-A57, Cortex-A73 and Cortex-A75 to
enable discovery of this SMC via SMC_FEATURES. SMCCC_ARCH_WORKAROUND_3
is implemented for A57/A72 because some revisions are affected by both
CVE-2022-23960 and CVE-2017-5715 and this allows callers to replace
SMCCC_ARCH_WORKAROUND_1 calls with SMCCC_ARCH_WORKAROUND_3. For details
of SMCCC_ARCH_WORKAROUND_3, please refer SMCCCv1.4 specification.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifa6d9c7baa6764924638efe3c70468f98d60ed7c
Implements mitigation for Cortex-A72 CPU versions that support
the CSV2 feature(from r1p0). It also applies the mitigation for
Cortex-A57 CPU.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I7cfcf06537710f144f6e849992612033ddd79d33
Retrieved the NS load address of configs from FW_CONFIG device tree,
and modified the prototype of "set_config_info" to update device tree
information with the retrieved address.
Change-Id: Ic5a98ba65bc7aa0395c70c7d450253ff8d84d02c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Re-factored the prior implementation of workaround for CVE-2018-3639
using branch and link instruction to save vector space to include the
workaround for CVE-2022-23960.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ib3fe949583160429b5de8f0a4a8e623eb91d87d4
The previous delegating/undelegating sequence was incorrect as per the
specification DDI0615, "Architecture Reference Manual Supplement, The
Realm Management Extension (RME), for Armv9-A" Sections A1.1.1 and
A1.1.2
Off topic:
- cleaning the gpt_is_gpi_valid and gpt_check_pass_overlap
Change-Id: Idb64d0a2e6204f1708951137062847938ab5e0ac
Signed-off-by: Robert Wakim <robert.wakim@arm.com>
Daniel Boulby
Itaru Kitayama
Mark Brown
Yann Gautier
Bipin Ravi
Sandrine Bailleux
Zelalem Aweke
Jayanth Dodderi Chidanand
Varun Wadekar
David Vincze
Tamas Ban
Okash Khawaja
kadabi
John Powell
Olivier Deprez
Sayanta Pattanayak
Manish V Badarkhe
Robert Wakim