Merge changes from topic "fvp_trap_rng" into integration
* changes:
feat(fvp): emulate trapped RNDR
feat(el3-runtime): introduce system register trap handler
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index c07a0aa..9311420 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -317,6 +317,10 @@
CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, and r1p2, and
it is still open.
+- ``ERRATA_A78_2772019``: This applies errata 2772019 workaround to Cortex-A78
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, and r1p2, and
+ it is still open.
+
For Cortex-A78 AE, the following errata build flags are defined :
- ``ERRATA_A78_AE_1941500`` : This applies errata 1941500 workaround to
@@ -460,6 +464,10 @@
CPU. This needs to be enabled for revisions r0p0, r1p0 and r1p1 of the CPU.
It is still open.
+- ``ERRATA_V1_2743093``: This applies errata 2743093 workaround to Neoverse-V1
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1 and r1p2 of the
+ CPU. It is still open.
+
For Cortex-A710, the following errata build flags are defined :
- ``ERRATA_A710_1987031``: This applies errata 1987031 workaround to
@@ -566,6 +574,10 @@
CPU. This needs to be enabled for revision r0p0 of the CPU, it is fixed in
r0p1.
+- ``ERRATA_N2_2743089``: This applies errata 2743089 workaround to Neoverse-N2
+ CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2. It is fixed
+ in r0p3.
+
For Cortex-X2, the following errata build flags are defined :
- ``ERRATA_X2_2002765``: This applies errata 2002765 workaround to Cortex-X2
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index d231179..42a0925 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c
@@ -115,7 +115,7 @@
end = (unsigned char *)(p + sig_len);
signature.tag = *p;
rc = mbedtls_asn1_get_bitstring_null(&p, end, &signature.len);
- if (rc != 0) {
+ if ((rc != 0) || ((size_t)(end - p) != signature.len)) {
rc = CRYPTO_ERR_SIGNATURE;
goto end1;
}
@@ -170,12 +170,15 @@
size_t len;
int rc;
- /* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
+ /*
+ * Digest info should be an MBEDTLS_ASN1_SEQUENCE
+ * and consume all bytes.
+ */
p = (unsigned char *)digest_info_ptr;
end = p + digest_info_len;
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0) {
+ if (rc != 0 || ((size_t)(end - p) != len)) {
return CRYPTO_ERR_HASH;
}
@@ -195,9 +198,9 @@
return CRYPTO_ERR_HASH;
}
- /* Hash should be octet string type */
+ /* Hash should be octet string type and consume all bytes */
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
- if (rc != 0) {
+ if ((rc != 0) || ((size_t)(end - p) != len)) {
return CRYPTO_ERR_HASH;
}
diff --git a/drivers/auth/mbedtls/mbedtls_x509_parser.c b/drivers/auth/mbedtls/mbedtls_x509_parser.c
index 993ef12..44b25ba 100644
--- a/drivers/auth/mbedtls/mbedtls_x509_parser.c
+++ b/drivers/auth/mbedtls/mbedtls_x509_parser.c
@@ -85,9 +85,6 @@
p = v3_ext.p;
end = v3_ext.p + v3_ext.len;
- mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
-
while (p < end) {
zeromem(&extn_oid, sizeof(extn_oid));
is_critical = 0; /* DEFAULT FALSE */
@@ -144,8 +141,23 @@
{
int ret, is_critical;
size_t len;
- unsigned char *p, *end, *crt_end;
- mbedtls_asn1_buf sig_alg1, sig_alg2;
+ unsigned char *p, *end, *crt_end, *pk_end;
+ mbedtls_asn1_buf sig_alg1;
+ /*
+ * The unique ASN.1 DER encoding of [0] EXPLICIT INTEGER { v3(2} }.
+ */
+ static const char v3[] = {
+ /* The outer CONTEXT SPECIFIC 0 tag */
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0,
+ /* The number bytes used to encode the inner INTEGER */
+ 3,
+ /* The tag of the inner INTEGER */
+ MBEDTLS_ASN1_INTEGER,
+ /* The number of bytes needed to represent 2 */
+ 1,
+ /* The actual value 2 */
+ 2,
+ };
p = (unsigned char *)img;
len = img_len;
@@ -163,7 +175,7 @@
return IMG_PARSER_ERR_FORMAT;
}
- if (len > (size_t)(end - p)) {
+ if (len != (size_t)(end - p)) {
return IMG_PARSER_ERR_FORMAT;
}
crt_end = p + len;
@@ -181,15 +193,14 @@
tbs.len = end - tbs.p;
/*
- * Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ * Version ::= [0] EXPLICIT INTEGER { v1(0), v2(1), v3(2) }
+ * -- only v3 accepted
*/
- ret = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 0);
- if (ret != 0) {
+ if (((end - p) <= (ptrdiff_t)sizeof(v3)) ||
+ (memcmp(p, v3, sizeof(v3)) != 0)) {
return IMG_PARSER_ERR_FORMAT;
}
- p += len;
+ p += sizeof(v3);
/*
* CertificateSerialNumber ::= INTEGER
@@ -257,9 +268,24 @@
if (ret != 0) {
return IMG_PARSER_ERR_FORMAT;
}
- pk.len = (p + len) - pk.p;
+ pk_end = p + len;
+ pk.len = pk_end - pk.p;
+
+ /* algorithm */
+ ret = mbedtls_asn1_get_tag(&p, pk_end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE);
+ if (ret != 0) {
+ return IMG_PARSER_ERR_FORMAT;
+ }
p += len;
+ /* Key is a BIT STRING and must use all bytes in SubjectPublicKeyInfo */
+ ret = mbedtls_asn1_get_bitstring_null(&p, pk_end, &len);
+ if ((ret != 0) || (p + len != pk_end)) {
+ return IMG_PARSER_ERR_FORMAT;
+ }
+ p = pk_end;
+
/*
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
*/
@@ -290,29 +316,45 @@
/*
* extensions [3] EXPLICIT Extensions OPTIONAL
+ * }
+ *
+ * X.509 and RFC5280 allow omitting the extensions entirely.
+ * However, in TF-A, a certificate with no extensions would
+ * always fail later on, as the extensions contain the
+ * information needed to authenticate the next stage in the
+ * boot chain. Furthermore, get_ext() assumes that the
+ * extensions have been parsed into v3_ext, and allowing
+ * there to be no extensions would pointlessly complicate
+ * the code. Therefore, just reject certificates without
+ * extensions. This is also why version 1 and 2 certificates
+ * are rejected above.
*/
ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC |
MBEDTLS_ASN1_CONSTRUCTED | 3);
- if (ret != 0) {
+ if ((ret != 0) || (len != (size_t)(end - p))) {
return IMG_PARSER_ERR_FORMAT;
}
/*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+ * -- must use all remaining bytes in TBSCertificate
*/
- v3_ext.p = p;
ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
- if (ret != 0) {
+ if ((ret != 0) || (len != (size_t)(end - p))) {
return IMG_PARSER_ERR_FORMAT;
}
- v3_ext.len = (p + len) - v3_ext.p;
+ v3_ext.p = p;
+ v3_ext.len = len;
/*
- * Check extensions integrity
+ * Check extensions integrity. At least one extension is
+ * required: the ASN.1 specifies a minimum size of 1, and at
+ * least one extension is needed to authenticate the next stage
+ * in the boot chain.
*/
- while (p < end) {
+ do {
ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
@@ -340,7 +382,7 @@
return IMG_PARSER_ERR_FORMAT;
}
p += len;
- }
+ } while (p < end);
if (p != end) {
return IMG_PARSER_ERR_FORMAT;
@@ -353,33 +395,22 @@
* -- end of TBSCertificate
*
* signatureAlgorithm AlgorithmIdentifier
+ * -- Does not need to be parsed. Ensuring it is bitwise
+ * -- identical (including the tag!) with the first signature
+ * -- algorithm is sufficient.
*/
- sig_alg2.p = p;
- ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
- if (ret != 0) {
+ if ((sig_alg1.len >= (size_t)(end - p)) ||
+ (0 != memcmp(sig_alg1.p, p, sig_alg1.len))) {
return IMG_PARSER_ERR_FORMAT;
}
- if ((end - p) < 1) {
- return IMG_PARSER_ERR_FORMAT;
- }
- sig_alg2.len = (p + len) - sig_alg2.p;
- p += len;
-
- /* Compare both signature algorithms */
- if (sig_alg1.len != sig_alg2.len) {
- return IMG_PARSER_ERR_FORMAT;
- }
- if (0 != memcmp(sig_alg1.p, sig_alg2.p, sig_alg1.len)) {
- return IMG_PARSER_ERR_FORMAT;
- }
+ p += sig_alg1.len;
memcpy(&sig_alg, &sig_alg1, sizeof(sig_alg));
/*
* signatureValue BIT STRING
*/
signature.p = p;
- ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_BIT_STRING);
+ ret = mbedtls_asn1_get_bitstring_null(&p, end, &len);
if (ret != 0) {
return IMG_PARSER_ERR_FORMAT;
}
diff --git a/drivers/st/crypto/stm32_pka.c b/drivers/st/crypto/stm32_pka.c
index e03cf0f..2bbb31d 100644
--- a/drivers/st/crypto/stm32_pka.c
+++ b/drivers/st/crypto/stm32_pka.c
@@ -254,13 +254,6 @@
static struct stm32_pka_platdata pka_pdata;
-#pragma weak stm32_pka_get_platdata
-
-int stm32_pka_get_platdata(struct stm32_pka_platdata *pdata)
-{
- return -ENODEV;
-}
-
static int stm32_pka_parse_fdt(void)
{
int node;
@@ -583,10 +576,7 @@
err = stm32_pka_parse_fdt();
if (err != 0) {
- err = stm32_pka_get_platdata(&pka_pdata);
- if (err != 0) {
- return err;
- }
+ return err;
}
clk_enable(pka_pdata.clock_id);
diff --git a/drivers/st/crypto/stm32_saes.c b/drivers/st/crypto/stm32_saes.c
index 02baf21..f4da571 100644
--- a/drivers/st/crypto/stm32_saes.c
+++ b/drivers/st/crypto/stm32_saes.c
@@ -139,15 +139,8 @@
#define SET_CHAINING_MODE(mod, cr) \
mmio_clrsetbits_32((cr), _SAES_CR_CHMOD_MASK, _SAES_CR_CHMOD_##mod << _SAES_CR_CHMOD_SHIFT)
-#define pragma weak stm32_saes_get_platdata
-
static struct stm32_saes_platdata saes_pdata;
-int stm32_saes_get_platdata(struct stm32_saes_platdata *pdata)
-{
- return -ENODEV;
-}
-
static int stm32_saes_parse_fdt(struct stm32_saes_platdata *pdata)
{
int node;
@@ -389,10 +382,7 @@
err = stm32_saes_parse_fdt(&saes_pdata);
if (err != 0) {
- err = stm32_saes_get_platdata(&saes_pdata);
- if (err != 0) {
- return err;
- }
+ return err;
}
clk_enable(saes_pdata.clock_id);
diff --git a/fdts/tc.dts b/fdts/tc.dts
index 5a8792e..fdde015 100644
--- a/fdts/tc.dts
+++ b/fdts/tc.dts
@@ -214,8 +214,8 @@
};
optee@0xfce00000 {
+ compatible = "restricted-dma-pool";
reg = <0x00000000 0xfce00000 0 0x00200000>;
- no-map;
};
};
@@ -463,17 +463,18 @@
interrupt-names = "JOB", "MMU", "GPU";
clocks = <&soc_refclk100mhz>;
clock-names = "clk_mali";
+ iommus = <&smmu_700 0x200>;
operating-points = <
/* KHz uV */
50000 820000
>;
};
- smmu: smmu@2ce00000 {
+ smmu_700: smmu_700@3f000000 {
#iommu-cells = <1>;
compatible = "arm,smmu-v3";
- reg = <0x0 0x2ce00000 0x0 0x20000>;
- status = "okay";
+ reg = <0x0 0x3f000000 0x0 0x5000000>;
+ dma-coherent;
};
dp0: display@2cc00000 {
@@ -485,9 +486,7 @@
interrupt-names = "DPU";
clocks = <&scmi_clk 0>;
clock-names = "aclk";
- iommus = <&smmu 0>, <&smmu 1>, <&smmu 2>, <&smmu 3>,
- <&smmu 4>, <&smmu 5>, <&smmu 6>, <&smmu 7>,
- <&smmu 8>, <&smmu 9>;
+ iommus = <&smmu_700 0x100>;
pl0: pipeline@0 {
reg = <0>;
clocks = <&scmi_clk 1>;
diff --git a/lib/cpus/aarch64/cortex_a78.S b/lib/cpus/aarch64/cortex_a78.S
index dd3487a..38f58bb 100644
--- a/lib/cpus/aarch64/cortex_a78.S
+++ b/lib/cpus/aarch64/cortex_a78.S
@@ -326,6 +326,31 @@
b cpu_rev_var_ls
endfunc check_errata_2395406
+/* ----------------------------------------------------
+ * Errata Workaround for Cortex-A78 Errata 2772019
+ * This applies to revisions <= r1p2 and is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * ----------------------------------------------------
+ */
+func errata_a78_2772019_wa
+ mov x17, x30
+ bl check_errata_2772019
+ cbz x0, 1f
+
+
+ /* dsb before isb of power down sequence */
+ dsb sy
+1:
+ ret x17
+endfunc errata_a78_2772019_wa
+
+func check_errata_2772019
+ /* Applies to all revisions <= r1p2 */
+ mov x1, #0x12
+ b cpu_rev_var_ls
+endfunc check_errata_2772019
+
func check_errata_cve_2022_23960
#if WORKAROUND_CVE_2022_23960
mov x0, #ERRATA_APPLIES
@@ -434,6 +459,12 @@
mrs x0, CORTEX_A78_CPUPWRCTLR_EL1
orr x0, x0, #CORTEX_A78_CPUPWRCTLR_EL1_CORE_PWRDN_EN_BIT
msr CORTEX_A78_CPUPWRCTLR_EL1, x0
+#if ERRATA_A78_2772019
+ mov x15, x30
+ bl cpu_get_rev_var
+ bl errata_a78_2772019_wa
+ mov x30, x15
+#endif /* ERRATA_A78_2772019 */
isb
ret
endfunc cortex_a78_core_pwr_dwn
@@ -461,6 +492,7 @@
report_errata ERRATA_A78_2242635, cortex_a78, 2242635
report_errata ERRATA_A78_2376745, cortex_a78, 2376745
report_errata ERRATA_A78_2395406, cortex_a78, 2395406
+ report_errata ERRATA_A78_2772019, cortex_a78, 2772019
report_errata WORKAROUND_CVE_2022_23960, cortex_a78, cve_2022_23960
ldp x8, x30, [sp], #16
diff --git a/lib/cpus/aarch64/neoverse_n2.S b/lib/cpus/aarch64/neoverse_n2.S
index 5861dec..dbf5941 100644
--- a/lib/cpus/aarch64/neoverse_n2.S
+++ b/lib/cpus/aarch64/neoverse_n2.S
@@ -428,6 +428,30 @@
b cpu_rev_var_ls
endfunc check_errata_2388450
+/* -------------------------------------------------------
+ * Errata Workaround for Neoverse N2 Erratum 2743089.
+ * This applies to revisions <= r0p2 and is fixed in r0p3.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * -------------------------------------------------------
+ */
+func errata_n2_2743089_wa
+ mov x17, x30
+ bl check_errata_2743089
+ cbz x0, 1f
+
+ /* dsb before isb of power down sequence */
+ dsb sy
+1:
+ ret x17
+endfunc errata_n2_2743089_wa
+
+func check_errata_2743089
+ /* Applies to all revisions <= r0p2 */
+ mov x1, #0x02
+ b cpu_rev_var_ls
+endfunc check_errata_2743089
+
func check_errata_cve_2022_23960
#if WORKAROUND_CVE_2022_23960
mov x0, #ERRATA_APPLIES
@@ -576,6 +600,12 @@
mrs x0, NEOVERSE_N2_CPUPWRCTLR_EL1
orr x0, x0, #NEOVERSE_N2_CORE_PWRDN_EN_BIT
msr NEOVERSE_N2_CPUPWRCTLR_EL1, x0
+#if ERRATA_N2_2743089
+ mov x15, x30
+ bl cpu_get_rev_var
+ bl errata_n2_2743089_wa
+ mov x30, x15
+#endif /* ERRATA_N2_2743089 */
isb
ret
endfunc neoverse_n2_core_pwr_dwn
@@ -607,6 +637,7 @@
report_errata ERRATA_N2_2326639, neoverse_n2, 2326639
report_errata ERRATA_N2_2376738, neoverse_n2, 2376738
report_errata ERRATA_N2_2388450, neoverse_n2, 2388450
+ report_errata ERRATA_N2_2743089, neoverse_n2, 2743089
report_errata WORKAROUND_CVE_2022_23960, neoverse_n2, cve_2022_23960
report_errata ERRATA_DSU_2313941, neoverse_n2, dsu_2313941
diff --git a/lib/cpus/aarch64/neoverse_v1.S b/lib/cpus/aarch64/neoverse_v1.S
index 3282fbc..c3a70ca 100644
--- a/lib/cpus/aarch64/neoverse_v1.S
+++ b/lib/cpus/aarch64/neoverse_v1.S
@@ -462,6 +462,30 @@
b cpu_rev_var_ls
endfunc check_errata_2372203
+ /* ----------------------------------------------------
+ * Errata Workaround for Neoverse V1 Errata #2743093.
+ * This applies to revisions <= r1p2 and is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * ----------------------------------------------------
+ */
+func errata_neoverse_v1_2743093_wa
+ mov x17, x30
+ bl check_errata_2743093
+ cbz x0, 1f
+
+ /* dsb before isb of power down sequence */
+ dsb sy
+1:
+ ret x17
+endfunc errata_neoverse_v1_2743093_wa
+
+func check_errata_2743093
+ /* Applies to all revisions <= r1p2 */
+ mov x1, #0x12
+ b cpu_rev_var_ls
+endfunc check_errata_2743093
+
func check_errata_cve_2022_23960
#if WORKAROUND_CVE_2022_23960
mov x0, #ERRATA_APPLIES
@@ -483,6 +507,12 @@
mrs x0, NEOVERSE_V1_CPUPWRCTLR_EL1
orr x0, x0, #NEOVERSE_V1_CPUPWRCTLR_EL1_CORE_PWRDN_BIT
msr NEOVERSE_V1_CPUPWRCTLR_EL1, x0
+#if ERRATA_V1_2743093
+ mov x15, x30
+ bl cpu_get_rev_var
+ bl errata_neoverse_v1_2743093_wa
+ mov x30, x15
+#endif /* ERRATA_V1_2743093 */
isb
ret
endfunc neoverse_v1_core_pwr_dwn
@@ -513,6 +543,7 @@
report_errata ERRATA_V1_2216392, neoverse_v1, 2216392
report_errata ERRATA_V1_2294912, neoverse_v1, 2294912
report_errata ERRATA_V1_2372203, neoverse_v1, 2372203
+ report_errata ERRATA_V1_2743093, neoverse_v1, 2743093
report_errata WORKAROUND_CVE_2022_23960, neoverse_v1, cve_2022_23960
ldp x8, x30, [sp], #16
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 527a82f..b1f7d27 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -357,6 +357,11 @@
# to revisions r0p0, r1p0, r1p1, and r1p2 of the A78 cpu. It is still open.
ERRATA_A78_2395406 ?=0
+# Flag to apply erratum 2772019 workaround during powerdown. This erratum
+# applies to revisions r0p0, r1p0, r1p1 and r1p2 of the A78 cpu. It is still
+# open.
+ERRATA_A78_2772019 ?=0
+
# Flag to apply erratum 1941500 workaround during reset. This erratum applies
# to revisions r0p0 and r0p1 of the A78 AE cpu. It is still open.
ERRATA_A78_AE_1941500 ?=0
@@ -462,10 +467,6 @@
# applies to all revisions <= r4p1 of the Neoverse N1 cpu and is still open.
ERRATA_N1_2743102 ?=0
-# Flag to apply erratum 2002655 workaround during reset. This erratum applies
-# to revisions r0p0 of the Neoverse-N2 cpu, it is still open.
-ERRATA_N2_2002655 ?=0
-
# Flag to apply erratum 1618635 workaround during reset. This erratum applies
# to revision r0p0 of the Neoverse V1 cpu and was fixed in the revision r1p0.
ERRATA_V1_1618635 ?=0
@@ -516,6 +517,11 @@
# to revisions r0p0, r1p0 and r1p1 of the Neoverse V1 cpu and is still open.
ERRATA_V1_2372203 ?=0
+# Flag to apply erratum 2743093 workaround during powerdown. This erratum
+# applies to revisions r0p0, r1p0, r1p1 and r1p2 of the Neoverse V1 cpu and is
+# still open.
+ERRATA_V1_2743093 ?=0
+
# Flag to apply erratum 1987031 workaround during reset. This erratum applies
# to revisions r0p0, r1p0 and r2p0 of the Cortex-A710 cpu and is still open.
ERRATA_A710_1987031 ?=0
@@ -577,6 +583,10 @@
# still open.
ERRATA_A710_2768515 ?=0
+# Flag to apply erratum 2002655 workaround during reset. This erratum applies
+# to revisions r0p0 of the Neoverse-N2 cpu, it is still open.
+ERRATA_N2_2002655 ?=0
+
# Flag to apply erratum 2067956 workaround during reset. This erratum applies
# to revision r0p0 of the Neoverse N2 cpu and is still open.
ERRATA_N2_2067956 ?=0
@@ -625,6 +635,10 @@
# to revision r0p0 of the Neoverse N2 cpu, it is fixed in r0p1.
ERRATA_N2_2388450 ?=0
+# Flag to apply erratum 2743089 workaround during during powerdown. This erratum
+# applies to all revisions <= r0p2 of the Neoverse N2 cpu, it is fixed in r0p3.
+ERRATA_N2_2743089 ?=0
+
# Flag to apply erratum 2002765 workaround during reset. This erratum applies
# to revisions r0p0, r1p0, and r2p0 of the Cortex-X2 cpu and is still open.
ERRATA_X2_2002765 ?=0
@@ -1006,6 +1020,10 @@
$(eval $(call assert_boolean,ERRATA_A78_2395406))
$(eval $(call add_define,ERRATA_A78_2395406))
+# Process ERRATA_A78_2772019 flag
+$(eval $(call assert_boolean,ERRATA_A78_2772019))
+$(eval $(call add_define,ERRATA_A78_2772019))
+
# Process ERRATA_A78_AE_1941500 flag
$(eval $(call assert_boolean,ERRATA_A78_AE_1941500))
$(eval $(call add_define,ERRATA_A78_AE_1941500))
@@ -1109,10 +1127,6 @@
# Process ERRATA_N1_2743102 flag
$(eval $(call assert_boolean,ERRATA_N1_2743102))
$(eval $(call add_define,ERRATA_N1_2743102))
-#
-# Process ERRATA_N2_2002655 flag
-$(eval $(call assert_boolean,ERRATA_N2_2002655))
-$(eval $(call add_define,ERRATA_N2_2002655))
# Process ERRATA_V1_1618635 flag
$(eval $(call assert_boolean,ERRATA_V1_1618635))
@@ -1162,6 +1176,10 @@
$(eval $(call assert_boolean,ERRATA_V1_2372203))
$(eval $(call add_define,ERRATA_V1_2372203))
+# Process ERRATA_V1_2743093 flag
+$(eval $(call assert_boolean,ERRATA_V1_2743093))
+$(eval $(call add_define,ERRATA_V1_2743093))
+
# Process ERRATA_A710_1987031 flag
$(eval $(call assert_boolean,ERRATA_A710_1987031))
$(eval $(call add_define,ERRATA_A710_1987031))
@@ -1222,6 +1240,10 @@
$(eval $(call assert_boolean,ERRATA_A710_2768515))
$(eval $(call add_define,ERRATA_A710_2768515))
+# Process ERRATA_N2_2002655 flag
+$(eval $(call assert_boolean,ERRATA_N2_2002655))
+$(eval $(call add_define,ERRATA_N2_2002655))
+
# Process ERRATA_N2_2067956 flag
$(eval $(call assert_boolean,ERRATA_N2_2067956))
$(eval $(call add_define,ERRATA_N2_2067956))
@@ -1270,6 +1292,10 @@
$(eval $(call assert_boolean,ERRATA_N2_2388450))
$(eval $(call add_define,ERRATA_N2_2388450))
+# Process ERRATA_N2_2743089 flag
+$(eval $(call assert_boolean,ERRATA_N2_2743089))
+$(eval $(call add_define,ERRATA_N2_2743089))
+
# Process ERRATA_X2_2002765 flag
$(eval $(call assert_boolean,ERRATA_X2_2002765))
$(eval $(call add_define,ERRATA_X2_2002765))
diff --git a/plat/qemu/qemu_sbsa/platform.mk b/plat/qemu/qemu_sbsa/platform.mk
index 5a6b1e1..2393b39 100644
--- a/plat/qemu/qemu_sbsa/platform.mk
+++ b/plat/qemu/qemu_sbsa/platform.mk
@@ -123,5 +123,6 @@
ARM_PRELOADED_DTB_BASE := PLAT_QEMU_DT_BASE
$(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
-# Do not enable SVE
-ENABLE_SVE_FOR_NS := 0
+# Later QEMU versions support SME and SVE.
+ENABLE_SVE_FOR_NS := 1
+ENABLE_SME_FOR_NS := 1
diff --git a/plat/st/common/stm32mp_crypto_lib.c b/plat/st/common/stm32mp_crypto_lib.c
index acfe701..0da0019 100644
--- a/plat/st/common/stm32mp_crypto_lib.c
+++ b/plat/st/common/stm32mp_crypto_lib.c
@@ -79,7 +79,7 @@
}
}
-int get_plain_pk_from_asn1(void *pk_ptr, unsigned int pk_len, void **plain_pk,
+static int get_plain_pk_from_asn1(void *pk_ptr, unsigned int pk_len, void **plain_pk,
unsigned int *len, int *pk_alg)
{
int ret;
diff --git a/plat/st/common/stm32mp_fconf_io.c b/plat/st/common/stm32mp_fconf_io.c
index 0b6cc78..1a59f0b 100644
--- a/plat/st/common/stm32mp_fconf_io.c
+++ b/plat/st/common/stm32mp_fconf_io.c
@@ -28,7 +28,7 @@
#endif
#if (STM32MP_SDMMC || STM32MP_EMMC) && PSA_FWU_SUPPORT
-io_block_spec_t metadata_block_spec = {
+static io_block_spec_t metadata_block_spec = {
.offset = 0, /* To be filled at runtime */
.length = 0, /* To be filled at runtime */
};
diff --git a/plat/st/stm32mp1/plat_image_load.c b/plat/st/stm32mp1/plat_image_load.c
index c4048fc..c455544 100644
--- a/plat/st/stm32mp1/plat_image_load.c
+++ b/plat/st/stm32mp1/plat_image_load.c
@@ -5,6 +5,7 @@
*/
#include <common/desc_image_load.h>
+#include <plat/common/platform.h>
/*******************************************************************************
* This function flushes the data structures so that they are visible
diff --git a/services/std_svc/trng/trng_entropy_pool.c b/services/std_svc/trng/trng_entropy_pool.c
index 30105b3..dd08c5e 100644
--- a/services/std_svc/trng/trng_entropy_pool.c
+++ b/services/std_svc/trng/trng_entropy_pool.c
@@ -66,7 +66,7 @@
bool trng_pack_entropy(uint32_t nbits, uint64_t *out)
{
bool ret = true;
-
+ uint32_t bits_to_discard = nbits;
spin_lock(&trng_pool_lock);
if (!trng_fill_entropy(nbits)) {
@@ -111,9 +111,66 @@
* 5 4 3 2 1 0 7 6
* [e,e,e,e,e,e,e,e]
*/
- out[word_i] = 0;
out[word_i] |= entropy[ENTROPY_WORD_INDEX(word_i)] >> rshift;
+ /**
+ * Discarding the used/packed entropy bits from the respective
+ * words, (word_i) and (word_i+1) as applicable.
+ * In each iteration of the loop, we pack 64bits of entropy to
+ * the output buffer. The bits are picked linearly starting from
+ * 1st word (entropy[0]) till 4th word (entropy[3]) and then
+ * rolls back (entropy[0]). Discarding of bits is managed
+ * similarly.
+ *
+ * The following diagram illustrates the logic:
+ *
+ * |---------entropy pool----------|
+ * C var |--(word_i + 1)-|----word_i-----|
+ * bit idx |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|
+ * [e,e,e,e,e,e,e,e|e,e,0,0,0,0,0,0]
+ * | [e,e,e,e,e,e,e,e] |
+ * | |--out[word_i]--| |
+ * lshift|---| |--rshift---|
+ * |e,e|0,0,0,0,0,0,0,0|0,0,0,0,0,0|
+ * |<== || ==>|
+ * bits_to_discard (from these bytes)
+ *
+ * variable(bits_to_discard): Tracks the amount of bits to be
+ * discarded and is updated accordingly in each iteration.
+ *
+ * It monitors these packed bits from respective word_i and
+ * word_i+1 and overwrites them with zeros accordingly.
+ * It discards linearly from the lowest index and moves upwards
+ * until bits_to_discard variable becomes zero.
+ *
+ * In the above diagram,for example, we pack 2bytes(7th and 6th
+ * from word_i) and 6bytes(0th till 5th from word_i+1), combine
+ * and pack them as 64bit to output buffer out[i].
+ * Depending on the number of bits requested, we discard the
+ * bits from these packed bytes by overwriting them with zeros.
+ */
+
+ /*
+ * If the bits to be discarded is lesser than the amount of bits
+ * copied to the output buffer from word_i, we discard that much
+ * amount of bits only.
+ */
+ if (bits_to_discard < (BITS_PER_WORD - rshift)) {
+ entropy[ENTROPY_WORD_INDEX(word_i)] &=
+ (~0ULL << ((bits_to_discard+rshift) % BITS_PER_WORD));
+ bits_to_discard = 0;
+ } else {
+ /*
+ * If the bits to be discarded is more than the amount of valid
+ * upper bits from word_i, which has been copied to the output
+ * buffer, we just set the entire word_i to 0, as the lower bits
+ * will be already zeros from previous operations, and the
+ * bits_to_discard is updated precisely.
+ */
+ entropy[ENTROPY_WORD_INDEX(word_i)] = 0;
+ bits_to_discard -= (BITS_PER_WORD - rshift);
+ }
+
/*
* Note that a shift of 64 bits is treated as a shift of 0 bits.
* When the shift amount is the same as the BITS_PER_WORD, we
@@ -123,6 +180,35 @@
if (lshift != BITS_PER_WORD) {
out[word_i] |= entropy[ENTROPY_WORD_INDEX(word_i + 1)]
<< lshift;
+ /**
+ * Discarding the remaining packed bits from upperword
+ * (word[i+1]) which was copied to output buffer by
+ * overwriting with zeros.
+ *
+ * If the remaining bits to be discarded is lesser than
+ * the amount of bits from [word_i+1], which has been
+ * copied to the output buffer, we overwrite that much
+ * amount of bits only.
+ */
+ if (bits_to_discard < (BITS_PER_WORD - lshift)) {
+ entropy[ENTROPY_WORD_INDEX(word_i+1)] &=
+ (~0ULL << ((bits_to_discard) % BITS_PER_WORD));
+ bits_to_discard = 0;
+ } else {
+ /*
+ * If bits to discard is more than the bits from word_i+1
+ * which got packed into the output, then we discard all
+ * those copied bits.
+ *
+ * Note: we cannot set the entire word_i+1 to 0, as
+ * there are still some unused valid entropy bits at the
+ * upper end for future use.
+ */
+ entropy[ENTROPY_WORD_INDEX(word_i+1)] &=
+ (~0ULL << ((BITS_PER_WORD - lshift) % BITS_PER_WORD));
+ bits_to_discard -= (BITS_PER_WORD - lshift);
+ }
+
}
}
const uint64_t mask = ~0ULL >> (BITS_PER_WORD - (nbits % BITS_PER_WORD));