diff --git a/.commitlintrc.js b/.commitlintrc.js index 3bd68bb..cfafbed 100644 --- a/.commitlintrc.js +++ b/.commitlintrc.js
@@ -8,26 +8,44 @@ "use strict"; -const cz = require("./.cz.json"); +const fs = require("fs"); +const yaml = require("js-yaml"); + const { "trailer-exists": trailerExists } = require("@commitlint/rules").default; /* - * Recursively fetch the project's supported scopes from the Commitizen configuration file. We use - * permit only the blessed scope for each section to encourage developers to use a consistent scope - * scheme. + * The types and scopes accepted by both Commitlint and Commitizen are defined by the changelog + * configuration file - `changelog.yaml` - as they decide which section of the changelog commits + * with a given type and scope are placed in. */ -function getScopes(sections) { - return sections.flatMap(section => { - const scopes = section.scopes; - const subscopes = getScopes(section.sections || []); - const scope = scopes ? [ scopes[0] ] : []; /* Only use the blessed scope */ +let changelog; + +try { + const contents = fs.readFileSync("changelog.yaml", "utf8"); + + changelog = yaml.load(contents); +} catch (err) { + console.log(err); + + throw err; +} + +function getTypes(sections) { + return sections.map(section => section.type) +} + +function getScopes(subsections) { + return subsections.flatMap(subsection => { + const scope = subsection.scope ? [ subsection.scope ] : []; + const subscopes = getScopes(subsection.subsections || []); return scope.concat(subscopes); }) }; -const scopes = getScopes(cz.sections); /* Contains every blessed scope */ +const types = getTypes(changelog.sections).sort(); /* Sort alphabetically */ +const scopes = getScopes(changelog.subsections).sort(); /* Sort alphabetically */ module.exports = { extends: ["@commitlint/config-conventional"], @@ -40,13 +58,16 @@ }, ], rules: { - "body-max-line-length": [1, "always", cz.maxLineWidth], /* Warning */ - "header-max-length": [1, "always", cz.maxHeaderWidth], /* Warning */ + "header-max-length": [1, "always", 50], /* Warning */ + "body-max-line-length": [1, "always", 72], /* Warning */ "change-id-exists": [1, "always", "Change-Id:"], /* Warning */ "signed-off-by-exists": [1, "always", "Signed-off-by:"], /* Warning */ - "scope-case": [2, "always", "kebab-case"], /* Error */ + "type-case": [2, "always", "lower-case" ], /* Error */ + "type-enum": [2, "always", types], /* Error */ + + "scope-case": [2, "always", "lower-case"], /* Error */ "scope-enum": [1, "always", scopes] /* Warning */ }, };
diff --git a/.cz.json b/.cz.json index 5447f17..556c39f 100644 --- a/.cz.json +++ b/.cz.json
@@ -1,826 +1,3 @@ { - "path": "./node_modules/cz-conventional-changelog", - "maxHeaderWidth": 50, - "maxLineWidth": 72, - "types": [ - { - "type": "feat", - "title": "New Features", - "description": "A new feature" - }, - { - "type": "fix", - "title": "Resolved Issues", - "description": "A bug fix" - }, - { - "type": "build", - "title": "Build System", - "description": "Changes that affect the build system or external dependencies", - "hidden": true - }, - { - "type": "ci", - "title": "Continuous Integration", - "description": "Changes to our CI configuration files and scripts", - "hidden": true - }, - { - "type": "docs", - "title": "Build System", - "description": "Documentation-only changes", - "hidden": true - }, - { - "type": "perf", - "title": "Performance Improvements", - "description": "A code change that improves performance", - "hidden": true - }, - { - "type": "refactor", - "title": "Code Refactoring", - "description": "A code change that neither fixes a bug nor adds a feature", - "hidden": true - }, - { - "type": "revert", - "title": "Reverted Changes", - "description": "Changes that revert a previous change", - "hidden": true - }, - { - "type": "style", - "title": "Style", - "description": "Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)", - "hidden": true - }, - { - "type": "test", - "title": "Tests", - "description": "Adding missing tests or correcting existing tests", - "hidden": true - }, - { - "type": "chore", - "title": "Miscellaneous", - "description": "Any other change", - "hidden": true - } - ], - "sections": [ - { - "title": "Architecture", - "sections": [ - { - "title": "Activity Monitors Extension (FEAT_AMU)", - "scopes": ["amu"] - }, - { - "title": "Support for the `HCRX_EL2` register (FEAT_HCX)", - "scopes": ["hcx"] - }, - { - "title": "Memory Partitioning and Monitoring (MPAM) Extension (FEAT_MPAM)", - "scopes": ["mpam"] - }, - { - "title": "Scalable Matrix Extension (FEAT_SME)", - "scopes": ["sme"] - }, - { - "title": "Scalable Vector Extension (FEAT_SVE)", - "scopes": ["sve"] - }, - { - "title": "Trace Buffer Extension (FEAT_TRBE)", - "scopes": ["trbe"] - }, - { - "title": "Self-hosted Trace Extensions (FEAT_TRF)", - "scopes": ["trf", "sys_reg_trace"] - } - ] - }, - { - "title": "Platforms", - "sections": [ - { - "title": "Allwinner", - "scopes": ["allwinner", "plat/allwinner"] - }, - { - "title": "Arm", - "scopes": ["arm", "plat/arm"], - "sections": [ - { - "title": "FPGA", - "scopes": ["fpga", "arm_fgpa", "arm_fpga", "plat/arm_fpga"] - }, - { - "title": "FVP", - "scopes": ["fvp", "plat/fvp"] - }, - { - "title": "FVP-R", - "scopes": ["fvp-r", "fvp_r"] - }, - { - "title": "Juno", - "scopes": ["juno"] - }, - { - "title": "Morello", - "scopes": ["morello"] - }, - { - "title": "RD", - "scopes": ["rd"], - "sections": [ - { - "title": "RD-N2", - "scopes": ["rdn2", "board/rdn2"] - } - ] - }, - { - "title": "SGI", - "scopes": ["sgi", "plat/sgi", "plat/arm/sgi" ] - }, - { - "title": "TC", - "scopes": ["tc"], - "sections": [ - { - "title": "TC0", - "scopes": ["tc0", "plat/tc0"] - } - ] - } - ] - }, - { - "title": "Marvell", - "scopes": ["marvell", "plat/marvell"], - "sections": [ - { - "title": "Armada", - "scopes": ["armada", "plat/marvell/armada"], - "sections": [ - { - "title": "A3K", - "scopes": ["a3k", "plat/marvell/a3k"] - }, - { - "title": "A8K", - "scopes": ["a8k", "plat/marvell/a8k"] - } - ] - } - ] - }, - { - "title": "MediaTek", - "scopes": ["mediatek", "plat/mediatek/common", "plat/mediatek"], - "sections": [ - { - "title": "MT8183", - "scopes": ["mt8183", "plat/mediatek/mt8183"] - }, - { - "title": "MT8192", - "scopes": ["mt8192", "plat/mdeiatek/mt8192"] - }, - { - "title": "MT8195", - "scopes": ["mt8195", "plat/mediatek/me8195", "plat/mediatek/mt8195", "plat/mdeiatek/mt8195"] - } - ] - }, - { - "title": "NVIDIA", - "scopes": ["nvidia"], - "sections": [ - { - "title": "Tegra", - "scopes": ["tegra", "plat/tegra"], - "sections": [ - { - "title": "Tegra 132", - "scopes": ["tegra132"] - } - ] - } - ] - }, - { - "title": "NXP", - "scopes": ["nxp", "plat/nxp", "plat/nxp/common"], - "sections": [ - { - "title": "i.MX", - "scopes": ["imx", "plat/imx", "plat/imx/imx"], - "sections": [ - { - "title": "i.MX 8M", - "scopes": ["imx8m", "plat/imx8m", "plat/imx/imx8m"], - "sections": [ - { - "title": "i.MX 8M Mini", - "scopes": ["imx8mm", "plat/imx/imx8m/imx8mm"] - }, - { - "title": "i.MX 8M Plus", - "scopes": ["imx8mp", "plat/imx/imx8m/imx8mp"] - } - ] - } - ] - }, - { - "title": "Layerscape", - "scopes": ["layerscape", "docs/nxp/layerscape"], - "sections": [ - { - "title": "LX2", - "scopes": ["lx2", "plat/nxp/lx2"], - "sections": [ - { - "title": "LX216", - "scopes": ["lx216", "plat/nxp/lx216x"], - "sections": [ - { - "title": "LX2160", - "scopes": ["lx2160", "plat/soc-lx2160"] - } - ] - }, - { - "title": "LS1028A", - "scopes": ["ls1028a", "plat/nxp/ls1028a"], - "sections": [ - { - "title": "LS1028ARDB", - "scopes": ["ls1028ardb", "plat/nxp/ls1028ardb"] - } - ] - } - ] - } - ] - } - ] - }, - { - "title": "QEMU", - "scopes": ["qemu", "plat/qemu"] - }, - { - "title": "QTI", - "scopes": ["qti"], - "sections": [ - { - "title": "SC1780", - "scopes": ["sc7180", "plat/qti/sc7180"] - }, - { - "title": "SC7280", - "scopes": ["sc7280", "plat/qti/sc7280"] - } - ] - }, - { - "title": "Raspberry Pi", - "scopes": ["rpi"], - "sections": [ - { - "title": "Raspberry Pi 4", - "scopes": ["rpi4"] - } - ] - }, - { - "title": "Renesas", - "scopes": ["renesas"], - "sections": [ - { - "title": "R-Car", - "scopes": ["rcar", "plat/rcar"], - "sections": [ - { - "title": "R-Car 3", - "scopes": ["rcar3", "plat/rcar3"] - } - ] - } - ] - }, - { - "title": "Rockchip", - "scopes": ["rockchip"], - "sections": [ - { - "title": "RK3399", - "scopes": ["rk3399", "rockchip/rk3399", "rk3399/suspend"] - } - ] - }, - { - "title": "Socionext", - "scopes": ["socionext"], - "sections": [ - { - "title": "Synquacer", - "scopes": ["synquacer", "plat/synquacer"] - } - ] - }, - { - "title": "ST", - "scopes": ["st", "plat/st"], - "sections": [ - { - "title": "ST32MP1", - "scopes": ["stm32mp1", "plat/st/stm32mp1"] - } - ] - }, - { - "title": "Xilinx", - "scopes": ["xilinx", "plat/xilinx"], - "sections": [ - { - "title": "Versal", - "scopes": ["versal", "plat/xilinx/versal/include", "plat/xilinx/versal", "plat/versal"] - }, - { - "title": "ZynqMP", - "scopes": ["zynqmp", "plat/zynqmp", "plat/xilinx/zynqmp"] - } - ] - } - ] - }, - { - "title": "Bootloader Images", - "scopes": ["bl", "bl_common"], - "sections": [ - { - "title": "BL1", - "scopes": ["bl1"] - }, - { - "title": "BL2", - "scopes": ["bl2"] - } - ] - }, - { - "title": "Services", - "scopes": ["services"], - "sections": [ - { - "title": "FF-A", - "scopes": ["ffa", "ff-a"] - }, - { - "title": "RME", - "scopes": ["rme"] - }, - { - "title": "SPM", - "scopes": ["spm", "spmc", "spmd", "SPMD", "spm_mm"] - } - ] - }, - { - "title": "Libraries", - "sections": [ - { - "title": "CPU Support", - "scopes": ["cpus", "cpu", "errata", "errata_report"] - }, - { - "title": "EL3 Runtime", - "scopes": ["el3-runtime", "el3_runtime"] - }, - { - "title": "FCONF", - "scopes": ["fconf"] - }, - { - "title": "MPMM", - "scopes": ["mpmm"] - }, - { - "title": "OP-TEE", - "scopes": ["optee", "lib/optee"] - }, - { - "title": "PSCI", - "scopes": ["psci"] - }, - { - "title": "GPT", - "scopes": ["gpt", "gpt_rme"] - }, - { - "title": "SMCCC", - "scopes": ["smccc"] - }, - { - "title": "Translation Tables", - "scopes": ["xlat"] - } - ] - }, - { - "title": "Drivers", - "sections": [ - { - "title": "Authentication", - "scopes": ["auth", "driver/auth"], - "sections": [ - { - "title": "CryptoCell-713", - "scopes": ["cc-713"] - } - ] - }, - { - "title": "FWU", - "scopes": ["fwu", "fwu_metadata"] - }, - { - "title": "I/O", - "scopes": ["io"], - "sections": [ - { - "title": "MTD", - "scopes": ["mtd", "io_mtd"] - } - ] - }, - { - "title": "Measured Boot", - "scopes": ["measured-boot", "measured boot", "measured_boot"] - }, - { - "title": "MMC", - "scopes": ["mmc", "drivers/mmc"] - }, - { - "title": "MTD", - "scopes": ["mtd", "drivers/mtd"], - "sections": [ - { - "title": "NAND", - "scopes": ["nand"], - "sections": [ - { - "title": "SPI NAND", - "scopes": ["spi-nand", "spi_nand"] - } - ] - } - ] - }, - { - "title": "SCMI", - "scopes": ["scmi", "scmi_common", "drivers/scmi-msg"] - }, - { - "title": "UFS", - "scopes": ["ufs"] - }, - { - "title": "Arm", - "scopes": ["arm-drivers"], - "sections": [ - { - "title": "Ethos-N", - "scopes": ["ethos-n", "drivers/arm/ethosn"] - }, - { - "title": "GIC", - "scopes": ["gic"], - "sections": [ - { - "title": "GICv3", - "scopes": ["gicv3"], - "sections": [ - { - "title": "GIC-600AE", - "scopes": ["gic600ae"] - } - ] - } - ] - }, - { - "title": "TZC", - "scopes": ["tzc"], - "sections": [ - { - "title": "TZC-400", - "scopes": ["tzc400", "drivers/tzc400"] - } - ] - } - ] - }, - { - "title": "Marvell", - "scopes": ["marvell-drivers"], - "sections": [ - { - "title": "COMPHY", - "scopes": ["marvell-comphy", "drivers/marvell/comphy"], - "sections": [ - { - "title": "Armada 3700", - "scopes": ["marvell-comphy-3700", "drivers/marvell/comphy-3700"] - }, - { - "title": "CP110", - "scopes": ["marvell-comphy-cp110", "drivers/marvell/comphy-cp110"] - } - ] - }, - { - "title": "UART", - "scopes": ["marvell-uart", "plat/marvell/uart"] - }, - { - "title": "Armada", - "scopes": ["armada-drivers"], - "sections": [ - { - "title": "A3K", - "scopes": ["a3k-drivers"], - "sections": [ - { - "title": "A3720", - "scopes": ["a3720-uart", "plat/marvell/a3720/uart"] - } - ] - } - ] - } - ] - }, - { - "title": "MediaTek", - "scopes": ["mediatek-drivers"], - "sections": [ - { - "title": "APU", - "scopes": ["mediatek-apu", "plat/mediatek/apu"] - }, - { - "title": "EMI MPU", - "scopes": ["mediatek-emi-mpu", "plat/mediatek/mpu"] - }, - { - "title": "PMIC Wrapper", - "scopes": ["mediatek-pmic-wrapper", "plat/mediatek/pmic_wrap"] - }, - { - "title": "MT8192", - "scopes": ["mt8192-drivers"], - "sections": [ - { - "title": "SPM", - "scopes": ["mt8192-spm", "mediatek/mt8192/spm"] - } - ] - } - ] - }, - { - "title": "NXP", - "scopes": ["nxp-drivers"], - "sections": [ - { - "title": "DCFG", - "scopes": ["nxp-dcfg", "driver/nxp/dcfg"] - }, - { - "title": "FLEXSPI", - "scopes": ["flexspi", "include/drivers/flexspi", "driver/nxp/xspi"] - }, - { - "title": "SCFG", - "scopes": ["nxp-scfg", "nxp/scfg"] - }, - { - "title": "SFP", - "scopes": ["nxp-sfp", "drivers/nxp/sfp"] - } - ] - }, - { - "title": "Renesas", - "scopes": ["renesas-drivers"], - "sections": [ - { - "title": "R-Car3", - "scopes": ["rcar3-drivers", "drivers/rcar3"] - } - ] - }, - { - "title": "ST", - "scopes": ["st-drivers", "drivers/st"], - "sections": [ - { - "title": "Clock", - "scopes": ["st-clock", "stm32mp_clk", "drivers/st/clk", "stm32mp1_clk"] - }, - { - "title": "I/O", - "scopes": ["st-io-drivers"], - "sections": [ - { - "title": "STM32 Image", - "scopes": ["st-io-stm32image", "io-stm32image", "io_stm32image"] - } - ] - }, - { - "title": "SDMMC2", - "scopes": ["st-sdmmc2", "stm32_sdmmc2"] - }, - { - "title": "ST PMIC", - "scopes": ["st-pmic", "drivers/st/pmic"] - }, - { - "title": "STPMIC1", - "scopes": ["stpmic1"] - }, - { - "title": "UART", - "scopes": ["st-uart"], - "sections": [ - { - "title": "STM32 Console", - "scopes": ["stm32-console", "stm32_console"] - } - ] - }, - { - "title": "USB", - "scopes": ["st-usb", "drivers/st/usb"] - } - ] - }, - { - "title": "USB", - "scopes": ["usb", "drivers/usb"] - } - ] - }, - { - "title": "Miscellaneous", - "sections": [ - { - "title": "AArch64", - "scopes": ["aarch64"] - }, - { - "title": "Debug", - "scopes": ["debug", "common/debug"] - }, - { - "title": "CRC32", - "scopes": ["crc32"], - "sections": [ - { - "title": "Hardware CRC32", - "scopes": ["hw-crc32", "hw_crc", "hw_crc32"] - }, - { - "title": "Software CRC32", - "scopes": ["sw-crc32", "sw_crc32"] - } - ] - }, - { - "title": "DT Bindings", - "scopes": ["dt-bindings"] - }, - { - "title": "FDT Wrappers", - "scopes": ["fdt-wrappers"] - }, - { - "title": "FDTs", - "scopes": ["fdts", "fdt"], - "sections": [ - { - "title": "Morello", - "scopes": ["morello-fdts", "fdts/morello"] - }, - { - "title": "STM32MP1", - "scopes": ["stm32mp1-fdts", "fdts stm32mp1"] - } - ] - }, - { - "title": "PIE", - "scopes": ["pie"] - }, - { - "title": "Security", - "scopes": ["security"] - }, - { - "title": "SDEI", - "scopes": ["sdei"] - }, - { - "title": "TBBR", - "scopes": ["tbbr"] - }, - { - "title": "NXP", - "sections": [ - { - "title": "OCRAM", - "scopes": ["nxp-ocram", "nxp/common/ocram"] - }, - { - "title": "PSCI", - "scopes": ["nxp-psci", "plat/nxp/common/psci"] - } - ] - } - ] - }, - { - "title": "Documentation", - "scopes": ["docs", "doc"], - "sections": [ - { - "title": "Changelog", - "scopes": ["changelog"] - }, - { - "title": "Commit Style", - "scopes": ["commit-style"] - }, - { - "title": "Contribution Guidelines", - "scopes": ["contributing", "contribution-guidelines", "docs-contributing.rst"] - }, - { - "title": "Maintainers", - "scopes": ["maintainers"] - }, - { - "title": "Prerequisites", - "scopes": ["prerequisites"] - } - ] - }, - { - "title": "Build System", - "scopes": ["build", "makefile", "Makefile"], - "sections": [ - { - "title": "Git Hooks", - "scopes": ["hooks"] - } - ] - }, - { - "title": "Tools", - "sections": [ - { - "title": "STM32 Image", - "scopes": ["stm32image", "tools/stm32image"] - } - ] - }, - { - "title": "Dependencies", - "scopes": ["deps"], - "sections": [ - { - "title": "checkpatch", - "scopes": ["checkpatch"] - }, - { - "title": "libfdt", - "scopes": ["libfdt"] - }, - { - "title": "Node Package Manager (NPM)", - "scopes": ["npm"] - } - ] - } - ] + "path": "@commitlint/cz-commitlint" }
diff --git a/.gitignore b/.gitignore index f524658..b005fab 100644 --- a/.gitignore +++ b/.gitignore
@@ -30,8 +30,7 @@ tools/stm32image/*.o tools/stm32image/stm32image tools/stm32image/stm32image.exe -tools/sptool/sptool -tools/sptool/sptool.exe +tools/sptool/__pycache__/ # GNU GLOBAL files GPATH
diff --git a/.versionrc.js b/.versionrc.js index 1046b28..f699a07 100644 --- a/.versionrc.js +++ b/.versionrc.js
@@ -8,40 +8,87 @@ "use strict"; -const cz = require("./.cz.json"); +const fs = require("fs"); +const yaml = require("js-yaml"); /* - * Convert the Commitizen types array into the format accepted by the Conventional Changelog - * Conventional Commits plugin (which our own plugin extends). + * The types and scopes accepted by both Commitlint and Commitizen are defined by the changelog + * configuration file - `changelog.yaml` - as they decide which section of the changelog commits + * with a given type and scope are placed in. */ -const types = cz.types.map(type => { - if (!type.hidden) { - /* - * Conventional Changelog prevents each section from appearing only if it has no designated - * title, regardless of the value of the `hidden` flag. - */ - type.section = type.title; - } - delete type.title; - delete type.description; +let changelog; - return type; -}); +try { + const contents = fs.readFileSync("changelog.yaml", "utf8"); + + changelog = yaml.load(contents); +} catch (err) { + console.log(err); + + throw err; +} + +/* + * The next couple of functions are just used to transform the changelog YAML configuration + * structure into one accepted by the Conventional Changelog adapter (conventional-changelog-tf-a). + */ + +function getTypes(sections) { + return sections.map(section => { + return { + "type": section.type, + "section": section.hidden ? undefined : section.title, + "hidden": section.hidden || false, + }; + }) +} + +function getSections(subsections) { + return subsections.flatMap(subsection => { + const scope = subsection.scope ? [ subsection.scope ] : []; + + return { + "title": subsection.title, + "sections": getSections(subsection.subsections || []), + "scopes": scope.concat(subsection.deprecated || []), + }; + }) +}; + +const types = getTypes(changelog.sections); +const sections = getSections(changelog.subsections); module.exports = { "header": "# Change Log & Release Notes\n\nThis document contains a summary of the new features, changes, fixes and known\nissues in each release of Trusted Firmware-A.\n", "preset": { "name": "tf-a", "commitUrlFormat": "https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/{{hash}}", - "compareUrlFormat": "https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/{{previousTag}}..{{currentTag}}", + "compareUrlFormat": "https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/{{previousTag}}..refs/tags/{{currentTag}}", "userUrlFormat": "https://github.com/{{user}}", "types": types, - "sections": cz.sections, + "sections": sections, + }, + "infile": "docs/change-log.md", + "skip": { + "commit": true, + "tag": true }, "bumpFiles": [ { + "filename": "package.json", + "type": "json" + }, + { + "filename": "package-lock.json", + "type": "json" + }, + { + "filename": "tools/conventional-changelog-tf-a/package.json", + "type": "json" + }, + { "filename": "Makefile", "updater": { "readVersion": function (contents) {
diff --git a/Makefile b/Makefile index 73007b4..3941f86 100644 --- a/Makefile +++ b/Makefile
@@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved. +# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -8,7 +8,7 @@ # Trusted Firmware Version # VERSION_MAJOR := 2 -VERSION_MINOR := 6 +VERSION_MINOR := 7 # Default goal is build all images .DEFAULT_GOAL := all @@ -135,6 +135,10 @@ ifneq (${ENABLE_PIE},0) $(error ENABLE_RME does not support PIE) endif +# RME doesn't support BRBE +ifneq (${ENABLE_BRBE_FOR_NS},0) + $(error ENABLE_RME does not support BRBE.) +endif # RME requires AARCH64 ifneq (${ARCH},aarch64) $(error ENABLE_RME requires AArch64) @@ -263,28 +267,24 @@ # Determine if FEAT_SB is supported ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0) -ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" -ENABLE_FEAT_SB = 1 -endif +ifneq ($(findstring clang,$(notdir $(CC))),) + ifneq ($(findstring armclang,$(notdir $(CC))),) + TF_CFLAGS_aarch32 := -target arm-arm-none-eabi $(march32-directive) + TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi $(march64-directive) + LD := $(LINKER) + else + TF_CFLAGS_aarch32 := $(target32-directive) $(march32-directive) + TF_CFLAGS_aarch64 := -target aarch64-elf $(march64-directive) + LD := $(shell $(CC) --print-prog-name ld.lld) -ifneq ($(findstring armclang,$(notdir $(CC))),) -TF_CFLAGS_aarch32 = -target arm-arm-none-eabi $(march32-directive) -TF_CFLAGS_aarch64 = -target aarch64-arm-none-eabi $(march64-directive) -LD = $(LINKER) -AS = $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) -CPP = $(CC) -E $(TF_CFLAGS_$(ARCH)) -PP = $(CC) -E $(TF_CFLAGS_$(ARCH)) -else ifneq ($(findstring clang,$(notdir $(CC))),) -CLANG_CCDIR = $(if $(filter-out ./,$(dir $(CC))),$(dir $(CC)),) -TF_CFLAGS_aarch32 = $(target32-directive) $(march32-directive) -TF_CFLAGS_aarch64 = -target aarch64-elf $(march64-directive) -LD = $(CLANG_CCDIR)ld.lld -ifeq (, $(shell which $(LD))) -$(error "No $(LD) in PATH, make sure it is installed or set LD to a different linker") -endif -AS = $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) -CPP = $(CC) -E -PP = $(CC) -E + AR := $(shell $(CC) --print-prog-name llvm-ar) + OD := $(shell $(CC) --print-prog-name llvm-objdump) + OC := $(shell $(CC) --print-prog-name llvm-objcopy) + endif + + CPP := $(CC) -E $(TF_CFLAGS_$(ARCH)) + PP := $(CC) -E $(TF_CFLAGS_$(ARCH)) + AS := $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) else ifneq ($(findstring gcc,$(notdir $(CC))),) TF_CFLAGS_aarch32 = $(march32-directive) TF_CFLAGS_aarch64 = $(march64-directive) @@ -307,13 +307,8 @@ $(eval $(call add_define,DEBUG)) ifneq (${DEBUG}, 0) BUILD_TYPE := debug - TF_CFLAGS += -g - - ifneq ($(findstring clang,$(notdir $(CC))),) - ASFLAGS += -g - else - ASFLAGS += -g -Wa,--gdwarf-2 - endif + TF_CFLAGS += -g -gdwarf-4 + ASFLAGS += -g -Wa,-gdwarf-4 # Use LOG_LEVEL_INFO by default for debug builds LOG_LEVEL := 40 @@ -453,13 +448,10 @@ DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \ -x assembler-with-cpp $(DEFINES) -ifeq ($(MEASURED_BOOT),1) -DTC_CPPFLAGS += -DMEASURED_BOOT -DBL2_HASH_SIZE=${TCG_DIGEST_SIZE} -endif - ################################################################################ # Common sources and include directories ################################################################################ +include ${MAKE_HELPERS_DIRECTORY}arch_features.mk include lib/compiler-rt/compiler-rt.mk BL_COMMON_SOURCES += common/bl_common.c \ @@ -530,6 +522,9 @@ ifeq ($(CTX_INCLUDE_EL2_REGS),0) $(error SPMD with SPM at S-EL2 requires CTX_INCLUDE_EL2_REGS option) endif + ifeq ($(SPMC_AT_EL3),1) + $(error SPM cannot be enabled in both S-EL2 and EL3.) + endif endif ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) @@ -580,6 +575,9 @@ ifneq (${ARCH},aarch64) $(error ENABLE_RME requires AArch64) endif +ifeq ($(SPMC_AT_EL3),1) + $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) +endif include services/std_svc/rmmd/rmmd.mk $(warning "RME is an experimental feature") endif @@ -726,6 +724,12 @@ endif endif +ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT}),) + CRYPTO_SUPPORT := 1 +else + CRYPTO_SUPPORT := 0 +endif + # SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) $(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") @@ -752,19 +756,14 @@ endif endif -# Trusted Boot is a prerequisite for Measured Boot. It provides trust that the -# code taking the measurements and recording them has not been tampered -# with. This is referred to as the Root of Trust for Measurement. -ifeq ($(MEASURED_BOOT),1) - ifneq (${TRUSTED_BOARD_BOOT},1) - $(error MEASURED_BOOT requires TRUSTED_BOARD_BOOT=1) - endif -endif - ifeq ($(PSA_FWU_SUPPORT),1) $(info PSA_FWU_SUPPORT is an experimental feature) endif +ifeq ($(FEATURE_DETECTION),1) + $(info FEATURE_DETECTION is an experimental feature) +endif + ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) ifeq (${ALLOW_RO_XLAT_TABLES}, 1) $(error "ALLOW_RO_XLAT_TABLES requires translation tables library v2") @@ -777,17 +776,23 @@ endif endif -# SME/SVE only supported on AArch64 +# Ensure that no Aarch64-only features are enabled in Aarch32 build ifeq (${ARCH},aarch32) + + # SME/SVE only supported on AArch64 ifeq (${ENABLE_SME_FOR_NS},1) $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") endif ifeq (${ENABLE_SVE_FOR_NS},1) # Warning instead of error due to CI dependency on this - $(warning "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") - $(warning "Forced ENABLE_SVE_FOR_NS=0") - override ENABLE_SVE_FOR_NS := 0 + $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") endif + + # BRBE is not supported in Aarch32 + ifeq (${ENABLE_BRBE_FOR_NS},1) + $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") + endif + endif # Ensure ENABLE_RME is not used with SME @@ -823,6 +828,10 @@ endif endif +ifeq ($(DRTM_SUPPORT),1) + $(info DRTM_SUPPORT is an experimental feature) +endif + ################################################################################ # Process platform overrideable behaviour ################################################################################ @@ -920,7 +929,7 @@ # Variables for use with sptool SPTOOLPATH ?= tools/sptool -SPTOOL ?= ${SPTOOLPATH}/sptool${BIN_EXT} +SPTOOL ?= ${SPTOOLPATH}/sptool.py SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py # Variables for use with ROMLIB @@ -936,6 +945,9 @@ # Variables for use with documentation build using Sphinx tool DOCS_PATH ?= docs +# Defination of SIMICS flag +SIMICS_BUILD ?= 0 + ################################################################################ # Include BL specific makefiles ################################################################################ @@ -968,10 +980,7 @@ CREATE_KEYS \ CTX_INCLUDE_AARCH32_REGS \ CTX_INCLUDE_FPREGS \ - CTX_INCLUDE_PAUTH_REGS \ - CTX_INCLUDE_MTE_REGS \ CTX_INCLUDE_EL2_REGS \ - CTX_INCLUDE_NEVE_REGS \ DEBUG \ DISABLE_MTPMU \ DYN_DISABLE_AUTH \ @@ -981,11 +990,9 @@ ENABLE_AMU_FCONF \ AMU_RESTRICT_COUNTERS \ ENABLE_ASSERTIONS \ - ENABLE_MPAM_FOR_LOWER_ELS \ ENABLE_PIE \ ENABLE_PMF \ ENABLE_PSCI_STAT \ - ENABLE_RME \ ENABLE_RUNTIME_INSTRUMENTATION \ ENABLE_SME_FOR_NS \ ENABLE_SME_FOR_SWD \ @@ -1000,20 +1007,25 @@ HW_ASSISTED_COHERENCY \ INVERTED_MEMMAP \ MEASURED_BOOT \ + DRTM_SUPPORT \ NS_TIMER_SWITCH \ OVERRIDE_LIBC \ PL011_GENERIC_UART \ + PLAT_RSS_NOT_SUPPORTED \ PROGRAMMABLE_RESET_ADDRESS \ PSCI_EXTENDED_STATE_ID \ - RAS_EXTENSION \ RESET_TO_BL31 \ + RESET_TO_BL31_WITH_PARAMS \ SAVE_KEYS \ SEPARATE_CODE_AND_RODATA \ + SEPARATE_BL2_NOLOAD_REGION \ SEPARATE_NOBITS_REGION \ SPIN_ON_BL1_EXIT \ SPM_MM \ + SPMC_AT_EL3 \ SPMD_SPM_AT_SEL2 \ TRUSTED_BOARD_BOOT \ + CRYPTO_SUPPORT \ USE_COHERENT_MEM \ USE_DEBUGFS \ ARM_IO_IN_DTB \ @@ -1032,15 +1044,14 @@ RAS_TRAP_LOWER_EL_ERR_ACCESS \ COT_DESC_IN_DTB \ USE_SP804_TIMER \ - ENABLE_FEAT_RNG \ - ENABLE_FEAT_SB \ PSA_FWU_SUPPORT \ + ENABLE_BRBE_FOR_NS \ ENABLE_TRBE_FOR_NS \ ENABLE_SYS_REG_TRACE_FOR_NS \ - ENABLE_TRF_FOR_NS \ - ENABLE_FEAT_HCX \ ENABLE_MPMM \ ENABLE_MPMM_FCONF \ + SIMICS_BUILD \ + FEATURE_DETECTION \ ))) $(eval $(call assert_numerics,\ @@ -1048,9 +1059,32 @@ ARM_ARCH_MAJOR \ ARM_ARCH_MINOR \ BRANCH_PROTECTION \ + CTX_INCLUDE_PAUTH_REGS \ + CTX_INCLUDE_MTE_REGS \ + CTX_INCLUDE_NEVE_REGS \ + ENABLE_BTI \ + ENABLE_PAUTH \ + ENABLE_FEAT_AMUv1 \ + ENABLE_FEAT_AMUv1p1 \ + ENABLE_FEAT_CSV2_2 \ + ENABLE_FEAT_DIT \ + ENABLE_FEAT_ECV \ + ENABLE_FEAT_FGT \ + ENABLE_FEAT_HCX \ + ENABLE_FEAT_PAN \ + ENABLE_FEAT_RNG \ + ENABLE_FEAT_SB \ + ENABLE_FEAT_SEL2 \ + ENABLE_FEAT_VHE \ + ENABLE_MPAM_FOR_LOWER_ELS \ + ENABLE_RME \ + ENABLE_TRF_FOR_NS \ FW_ENC_STATUS \ NR_OF_FW_BANKS \ NR_OF_IMAGES_IN_FW_BANK \ + RAS_EXTENSION \ + TWED_DELAY \ + ENABLE_FEAT_TWED \ ))) ifdef KEY_SIZE @@ -1110,21 +1144,27 @@ HW_ASSISTED_COHERENCY \ LOG_LEVEL \ MEASURED_BOOT \ + DRTM_SUPPORT \ NS_TIMER_SWITCH \ PL011_GENERIC_UART \ PLAT_${PLAT} \ + PLAT_RSS_NOT_SUPPORTED \ PROGRAMMABLE_RESET_ADDRESS \ PSCI_EXTENDED_STATE_ID \ RAS_EXTENSION \ RESET_TO_BL31 \ + RESET_TO_BL31_WITH_PARAMS \ SEPARATE_CODE_AND_RODATA \ + SEPARATE_BL2_NOLOAD_REGION \ SEPARATE_NOBITS_REGION \ RECLAIM_INIT_CODE \ SPD_${SPD} \ SPIN_ON_BL1_EXIT \ SPM_MM \ + SPMC_AT_EL3 \ SPMD_SPM_AT_SEL2 \ TRUSTED_BOARD_BOOT \ + CRYPTO_SUPPORT \ TRNG_SUPPORT \ USE_COHERENT_MEM \ USE_DEBUGFS \ @@ -1144,15 +1184,29 @@ USE_SP804_TIMER \ ENABLE_FEAT_RNG \ ENABLE_FEAT_SB \ + ENABLE_FEAT_DIT \ NR_OF_FW_BANKS \ NR_OF_IMAGES_IN_FW_BANK \ PSA_FWU_SUPPORT \ + ENABLE_BRBE_FOR_NS \ ENABLE_TRBE_FOR_NS \ ENABLE_SYS_REG_TRACE_FOR_NS \ ENABLE_TRF_FOR_NS \ ENABLE_FEAT_HCX \ ENABLE_MPMM \ ENABLE_MPMM_FCONF \ + ENABLE_FEAT_FGT \ + ENABLE_FEAT_AMUv1 \ + ENABLE_FEAT_ECV \ + SIMICS_BUILD \ + ENABLE_FEAT_AMUv1p1 \ + ENABLE_FEAT_SEL2 \ + ENABLE_FEAT_VHE \ + ENABLE_FEAT_CSV2_2 \ + ENABLE_FEAT_PAN \ + FEATURE_DETECTION \ + TWED_DELAY \ + ENABLE_FEAT_TWED \ ))) ifeq (${SANITIZE_UB},trap) @@ -1299,8 +1353,7 @@ ifeq (${NEED_SP_PKG},yes) $(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT} ${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} -sp: $(SPTOOL) $(DTBS) $(BUILD_PLAT)/sp_gen.mk - ${Q}$(SPTOOL) $(SPTOOL_ARGS) +sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) @${ECHO_BLANK_LINE} @echo "Built SP Images successfully" @${ECHO_BLANK_LINE} @@ -1340,8 +1393,7 @@ # to pass the gnumake flags to nmake. ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) realclean endif - ${Q}${MAKE} --no-print-directory -C ${SPTOOLPATH} clean - ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean + ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean @@ -1427,17 +1479,13 @@ ${FIPTOOL}: FORCE ifdef UNIX_MK - ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} --no-print-directory -C ${FIPTOOLPATH} + ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} --no-print-directory -C ${FIPTOOLPATH} else # Clear the MAKEFLAGS as we do not want # to pass the gnumake flags to nmake. ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) endif -sptool: ${SPTOOL} -${SPTOOL}: FORCE - ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" SPTOOL=${SPTOOL} --no-print-directory -C ${SPTOOLPATH} - romlib.bin: libraries FORCE ${Q}${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES='${INCLUDES}' DEFINES='${DEFINES}' --no-print-directory -C ${ROMLIBPATH} all
diff --git a/bl1/aarch32/bl1_exceptions.S b/bl1/aarch32/bl1_exceptions.S index 493d2ca..4a6815f 100644 --- a/bl1/aarch32/bl1_exceptions.S +++ b/bl1/aarch32/bl1_exceptions.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -118,6 +118,14 @@ mov r0, #DISABLE_DCACHE bl enable_mmu_svc_mon + /* + * Invalidate `smc_ctx_t` in data cache to prevent dirty data being + * used. + */ + mov r0, r6 + mov r1, #SMC_CTX_SIZE + bl inv_dcache_range + /* Enable the data cache. */ ldcopr r9, SCTLR orr r9, r9, #SCTLR_C_BIT
diff --git a/bl1/aarch64/bl1_exceptions.S b/bl1/aarch64/bl1_exceptions.S index 9dc9e6c..c54219f 100644 --- a/bl1/aarch64/bl1_exceptions.S +++ b/bl1/aarch64/bl1_exceptions.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -224,7 +224,7 @@ * TODO: Revisit to store only SMCCC specified registers. * ----------------------------------------------------- */ - bl save_gp_pmcr_pauth_regs + bl prepare_el3_entry #if ENABLE_PAUTH /* -----------------------------------------------------
diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c index 663ec64..7399bc8 100644 --- a/bl1/bl1_main.c +++ b/bl1/bl1_main.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -15,6 +15,7 @@ #include <common/bl_common.h> #include <common/debug.h> #include <drivers/auth/auth_mod.h> +#include <drivers/auth/crypto_mod.h> #include <drivers/console.h> #include <lib/cpus/errata_report.h> #include <lib/utils.h> @@ -121,10 +122,10 @@ /* Perform remaining generic architectural setup from EL3 */ bl1_arch_setup(); -#if TRUSTED_BOARD_BOOT + crypto_mod_init(); + /* Initialize authentication module */ auth_mod_init(); -#endif /* TRUSTED_BOARD_BOOT */ /* Initialize the measured boot */ bl1_plat_mboot_init();
diff --git a/bl2/bl2_el3.ld.S b/bl2/bl2_el3.ld.S index bc1794c..c95706c 100644 --- a/bl2/bl2_el3.ld.S +++ b/bl2/bl2_el3.ld.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -18,6 +18,11 @@ #else RAM (rwx): ORIGIN = BL2_BASE, LENGTH = BL2_LIMIT - BL2_BASE #endif +#if SEPARATE_BL2_NOLOAD_REGION + RAM_NOLOAD (rw!a): ORIGIN = BL2_NOLOAD_START, LENGTH = BL2_NOLOAD_LIMIT - BL2_NOLOAD_START +#else +#define RAM_NOLOAD RAM +#endif } #if !BL2_IN_XIP_MEM @@ -106,9 +111,18 @@ __DATA_RAM_END__ = __DATA_END__; RELA_SECTION >RAM - STACK_SECTION >RAM - BSS_SECTION >RAM - XLAT_TABLE_SECTION >RAM +#if SEPARATE_BL2_NOLOAD_REGION + SAVED_ADDR = .; + . = BL2_NOLOAD_START; + __BL2_NOLOAD_START__ = .; +#endif + STACK_SECTION >RAM_NOLOAD + BSS_SECTION >RAM_NOLOAD + XLAT_TABLE_SECTION >RAM_NOLOAD +#if SEPARATE_BL2_NOLOAD_REGION + __BL2_NOLOAD_END__ = .; + . = SAVED_ADDR; +#endif #if USE_COHERENT_MEM /*
diff --git a/bl2/bl2_image_load_v2.c b/bl2/bl2_image_load_v2.c index 48c9bec..dee3fc2 100644 --- a/bl2/bl2_image_load_v2.c +++ b/bl2/bl2_image_load_v2.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,17 +7,16 @@ #include <assert.h> #include <stdint.h> -#include <platform_def.h> - #include <arch.h> #include <arch_helpers.h> +#include "bl2_private.h" #include <common/bl_common.h> #include <common/debug.h> #include <common/desc_image_load.h> #include <drivers/auth/auth_mod.h> #include <plat/common/platform.h> -#include "bl2_private.h" +#include <platform_def.h> /******************************************************************************* * This function loads SCP_BL2/BL3x images and returns the ep_info for @@ -66,16 +65,16 @@ if ((bl2_node_info->image_info->h.attr & IMAGE_ATTRIB_SKIP_LOADING) == 0U) { - INFO("BL2: Loading image id %d\n", bl2_node_info->image_id); + INFO("BL2: Loading image id %u\n", bl2_node_info->image_id); err = load_auth_image(bl2_node_info->image_id, bl2_node_info->image_info); if (err != 0) { - ERROR("BL2: Failed to load image id %d (%i)\n", + ERROR("BL2: Failed to load image id %u (%i)\n", bl2_node_info->image_id, err); plat_error_handler(err); } } else { - INFO("BL2: Skip loading image id %d\n", bl2_node_info->image_id); + INFO("BL2: Skip loading image id %u\n", bl2_node_info->image_id); } /* Allow platform to handle image information. */
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c index 90fe39b..5da8037 100644 --- a/bl2/bl2_main.c +++ b/bl2/bl2_main.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -13,6 +13,7 @@ #include <common/bl_common.h> #include <common/debug.h> #include <drivers/auth/auth_mod.h> +#include <drivers/auth/crypto_mod.h> #include <drivers/console.h> #include <drivers/fwu/fwu.h> #include <lib/extensions/pauth.h> @@ -89,10 +90,10 @@ fwu_init(); #endif /* PSA_FWU_SUPPORT */ -#if TRUSTED_BOARD_BOOT + crypto_mod_init(); + /* Initialize authentication module */ auth_mod_init(); -#endif /* TRUSTED_BOARD_BOOT */ /* Initialize the Measured Boot backend */ bl2_plat_mboot_init();
diff --git a/bl31/aarch64/bl31_entrypoint.S b/bl31/aarch64/bl31_entrypoint.S index ed05864..b0c46dc 100644 --- a/bl31/aarch64/bl31_entrypoint.S +++ b/bl31/aarch64/bl31_entrypoint.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -67,6 +67,7 @@ _exception_vectors=runtime_exceptions \ _pie_fixup_size=BL31_LIMIT - BL31_BASE +#if !RESET_TO_BL31_WITH_PARAMS /* --------------------------------------------------------------------- * For RESET_TO_BL31 systems, BL31 is the first bootloader to run so * there's no argument to relay from a previous bootloader. Zero the @@ -77,6 +78,7 @@ mov x21, 0 mov x22, 0 mov x23, 0 +#endif /* RESET_TO_BL31_WITH_PARAMS */ #endif /* RESET_TO_BL31 */ /* --------------------------------------------------------------------
diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S index f9c789f..fa6ede82 100644 --- a/bl31/aarch64/ea_delegate.S +++ b/bl31/aarch64/ea_delegate.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -92,8 +92,9 @@ * Save general purpose and ARMv8.3-PAuth registers (if enabled). * If Secure Cycle Counter is not disabled in MDCR_EL3 when * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter. + * Also set the PSTATE to a known state. */ - bl save_gp_pmcr_pauth_regs + bl prepare_el3_entry #if ENABLE_PAUTH /* Load and program APIAKey firmware key */ @@ -139,8 +140,9 @@ * Save general purpose and ARMv8.3-PAuth registers (if enabled). * If Secure Cycle Counter is not disabled in MDCR_EL3 when * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter. + * Also set the PSTATE to a known state. */ - bl save_gp_pmcr_pauth_regs + bl prepare_el3_entry #if ENABLE_PAUTH /* Load and program APIAKey firmware key */
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S index 0d0a12d..bf5bd8d 100644 --- a/bl31/aarch64/runtime_exceptions.S +++ b/bl31/aarch64/runtime_exceptions.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -71,8 +71,9 @@ * Save general purpose and ARMv8.3-PAuth registers (if enabled). * If Secure Cycle Counter is not disabled in MDCR_EL3 when * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter. + * Also set the PSTATE to a known state. */ - bl save_gp_pmcr_pauth_regs + bl prepare_el3_entry bl handle_lower_el_ea_esb @@ -209,8 +210,9 @@ * Save general purpose and ARMv8.3-PAuth registers (if enabled). * If Secure Cycle Counter is not disabled in MDCR_EL3 when * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter. + * Also set the PSTATE to a known state. */ - bl save_gp_pmcr_pauth_regs + bl prepare_el3_entry #if ENABLE_PAUTH /* Load and program APIAKey firmware key */ @@ -462,8 +464,9 @@ * Save general purpose and ARMv8.3-PAuth registers (if enabled). * If Secure Cycle Counter is not disabled in MDCR_EL3 when * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter. + * Also set the PSTATE to a known state. */ - bl save_gp_pmcr_pauth_regs + bl prepare_el3_entry #if ENABLE_PAUTH /* Load and program APIAKey firmware key */
diff --git a/bl31/bl31.mk b/bl31/bl31.mk index e751824..3964469 100644 --- a/bl31/bl31.mk +++ b/bl31/bl31.mk
@@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -18,12 +18,21 @@ $(error EL3_EXCEPTION_HANDLING must be 1 for SPM-MM support) else $(info Including SPM Management Mode (MM) makefile) - include services/std_svc/spm_mm/spm_mm.mk + include services/std_svc/spm/common/spm.mk + include services/std_svc/spm/spm_mm/spm_mm.mk endif endif include lib/extensions/amu/amu.mk include lib/mpmm/mpmm.mk + +ifeq (${SPMC_AT_EL3},1) + $(warning "EL3 SPMC is an experimental feature") + $(info Including EL3 SPMC makefile) + include services/std_svc/spm/common/spm.mk + include services/std_svc/spm/el3_spmc/spmc.mk +endif + include lib/psci/psci_lib.mk BL31_SOURCES += bl31/bl31_main.c \ @@ -40,6 +49,8 @@ services/std_svc/std_svc_setup.c \ ${PSCI_LIB_SOURCES} \ ${SPMD_SOURCES} \ + ${SPM_MM_SOURCES} \ + ${SPMC_SOURCES} \ ${SPM_SOURCES} ifeq (${DISABLE_MTPMU},1) @@ -104,6 +115,10 @@ BL31_SOURCES += lib/extensions/trbe/trbe.c endif +ifeq (${ENABLE_BRBE_FOR_NS},1) +BL31_SOURCES += lib/extensions/brbe/brbe.c +endif + ifeq (${ENABLE_SYS_REG_TRACE_FOR_NS},1) BL31_SOURCES += lib/extensions/sys_reg_trace/aarch64/sys_reg_trace.c endif @@ -128,6 +143,10 @@ ${RMMD_SOURCES} endif +ifeq ($(FEATURE_DETECTION),1) +BL31_SOURCES += common/feat_detect.c +endif + BL31_LINKERFILE := bl31/bl31.ld.S # Flag used to indicate if Crash reporting via console should be included
diff --git a/bl31/bl31_main.c b/bl31/bl31_main.c index 9ac10e2..2a3d838 100644 --- a/bl31/bl31_main.c +++ b/bl31/bl31_main.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -14,6 +14,7 @@ #include <bl31/ehf.h> #include <common/bl_common.h> #include <common/debug.h> +#include <common/feat_detect.h> #include <common/runtime_svc.h> #include <drivers/console.h> #include <lib/el3_runtime/context_mgmt.h> @@ -123,6 +124,11 @@ NOTICE("BL31: %s\n", version_string); NOTICE("BL31: %s\n", build_message); +#if FEATURE_DETECTION + /* Detect if features enabled during compilation are supported by PE. */ + detect_arch_features(); +#endif /* FEATURE_DETECTION */ + #ifdef SUPPORT_UNKNOWN_MPID if (unsupported_mpid_flag == 0) { NOTICE("Unsupported MPID detected!\n"); @@ -253,7 +259,16 @@ (image_type == SECURE) ? "secure" : "normal"); print_entry_point_info(next_image_info); cm_init_my_context(next_image_info); - cm_prepare_el3_exit(image_type); + + /* + * If we are entering the Non-secure world, use + * 'cm_prepare_el3_exit_ns' to exit. + */ + if (image_type == NON_SECURE) { + cm_prepare_el3_exit_ns(); + } else { + cm_prepare_el3_exit(image_type); + } } /*******************************************************************************
diff --git a/bl32/sp_min/sp_min.mk b/bl32/sp_min/sp_min.mk index 590b032..ab1287d 100644 --- a/bl32/sp_min/sp_min.mk +++ b/bl32/sp_min/sp_min.mk
@@ -1,5 +1,5 @@ # -# Copyright (c) 2016-2021, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2016-2022, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -35,6 +35,10 @@ ifeq (${WORKAROUND_CVE_2017_5715},1) BL32_SOURCES += bl32/sp_min/wa_cve_2017_5715_bpiall.S \ bl32/sp_min/wa_cve_2017_5715_icache_inv.S +else +ifeq (${WORKAROUND_CVE_2022_23960},1) +BL32_SOURCES += bl32/sp_min/wa_cve_2017_5715_icache_inv.S +endif endif ifeq (${TRNG_SUPPORT},1)
diff --git a/bl32/tsp/tsp_main.c b/bl32/tsp/tsp_main.c index 55e1532..522c1b4 100644 --- a/bl32/tsp/tsp_main.c +++ b/bl32/tsp/tsp_main.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -370,6 +370,7 @@ uint64_t service_arg1; uint64_t results[2]; uint32_t linear_id = plat_my_core_pos(); + u_register_t dit; /* Update this cpu's statistics */ tsp_stats[linear_id].smc_count++; @@ -424,6 +425,23 @@ results[0] /= service_arg0 ? service_arg0 : 1; results[1] /= service_arg1 ? service_arg1 : 1; break; + case TSP_CHECK_DIT: + if (!is_armv8_4_dit_present()) { +#if LOG_LEVEL >= LOG_LEVEL_ERROR + spin_lock(&console_lock); + ERROR("DIT not supported\n"); + spin_unlock(&console_lock); +#endif + results[0] = 0; + results[1] = 0xffff; + break; + } + dit = read_dit(); + results[0] = dit == service_arg0; + results[1] = dit; + /* Toggle the dit bit */ + write_dit(service_arg0 != 0U ? 0 : DIT_BIT); + break; default: break; }
diff --git a/changelog.yaml b/changelog.yaml new file mode 100644 index 0000000..1a11c9b --- /dev/null +++ b/changelog.yaml
@@ -0,0 +1,1140 @@ +# +# Copyright (c) 2021-2022, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# + +# +# The following block describes the top-level sections of the changelog. Commits are categorized +# into these top-level sections based on the commit message "type": +# +# feat(xyz): add the xyz feature +# ^^^^ +# + +sections: + - title: New Features + description: A new feature + type: feat + + - title: Resolved Issues + description: A bug fix + type: fix + + - title: Build System + description: Changes that affect the build system or external dependencies + type: build + hidden: true + + - title: Continuous Integration + description: Changes to our CI configuration files and scripts + type: ci + hidden: true + + - title: Build System + description: Documentation-only changes + type: docs + hidden: true + + - title: Performance Improvements + description: A code change that improves performance + type: perf + hidden: true + + - title: Code Refactoring + description: A code change that neither fixes a bug nor adds a feature + type: refactor + hidden: true + + - title: Reverted Changes + description: Changes that revert a previous change + type: revert + hidden: true + + - title: Style + description: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.) + type: style + hidden: true + + - title: Tests + description: Adding missing tests or correcting existing tests + type: test + hidden: true + + - title: Miscellaneous + description: Any other change + type: chore + hidden: true + +# +# The following block describes the sub-sections of the changelog. These sub-sections may appear in +# any of the top-level sections, and describe the individual components that a change may relate to. +# +# Sub-sections have an optional associated commit message "scope": +# +# feat(xyz): add the xyz feature +# ^^^ +# +# This file also describes deprecated scopes, which are scopes that were used before we introduced +# scope enforcement. These will not pass CI checks when used, but they will be used to generate the +# changelog. +# +# Please note that new scopes should be kebab-case: https://en.wiktionary.org/wiki/kebab_case +# + +subsections: + - title: Architecture + + subsections: + - title: Activity Monitors Extension (FEAT_AMU) + scope: amu + + - title: Support for the `HCRX_EL2` register (FEAT_HCX) + scope: hcx + + - title: Memory Partitioning and Monitoring (MPAM) Extension (FEAT_MPAM) + scope: mpam + + - title: Scalable Matrix Extension (FEAT_SME) + scope: sme + + - title: Scalable Vector Extension (FEAT_SVE) + scope: sve + + - title: System Register Trace Extensions (FEAT_ETMv4, FEAT_ETE and FEAT_ETEv1.1) + scope: sys-reg-trace + + deprecated: + - sys_reg_trace + + - title: Trace Buffer Extension (FEAT_TRBE) + scope: trbe + + - title: Self-hosted Trace Extensions (FEAT_TRF) + scope: trf + + - title: Statistical profiling Extension (FEAT_SPE) + scope: spe + + - title: Branch Record Buffer Extension (FEAT_BRBE) + scope: brbe + + - title: Extended Cache Index (FEAT_CCIDX) + scope: ccidx + + - title: Platforms + + subsections: + - title: Allwinner + scope: allwinner + + deprecated: + - plat/allwinner + + - title: Arm + scope: arm + + deprecated: + - plat/arm + + subsections: + - title: FPGA + scope: fpga + + deprecated: + - arm_fgpa + - arm_fpga + - plat/arm_fpga + + - title: FVP + scope: fvp + + deprecated: + - plat/fvp + + - title: FVP-R + scope: fvp-r + + deprecated: + - fvp_r + + - title: Juno + scope: juno + + - title: Morello + scope: morello + + - title: N1SDP + scope: n1sdp + + - title: RD + scope: rd + + subsections: + - title: RD-N2 + scope: rdn2 + + deprecated: + - board/rdn2 + + - title: SGI + scope: sgi + + deprecated: + - plat/sgi + - plat/arm/sgi + + - title: TC + scope: tc + + subsections: + - title: TC0 + scope: tc0 + + deprecated: + - plat/tc0 + + - title: Corstone-1000 + scope: corstone-1000 + + - title: Broadcom + scope: brcm + + - title: Intel + scope: intel + + subsections: + - title: SoC + scope: soc + + - title: Marvell + scope: marvell + + deprecated: + - plat/marvell + + subsections: + - title: Armada + scope: armada + + deprecated: + - plat/marvell/armada + + subsections: + - title: A3K + scope: a3k + + deprecated: + - plat/marvell/a3k + + - title: A8K + scope: a8k + + deprecated: + - plat/marvell/a8k + + - title: MediaTek + scope: mediatek + + deprecated: + - plat/mediatek/common + - plat/mediatek + + subsections: + - title: MT8183 + scope: mt8183 + + deprecated: + - plat/mediatek/mt8183 + + - title: MT8192 + scope: mt8192 + + deprecated: + - plat/mdeiatek/mt8192 + + - title: MT8195 + scope: mt8195 + + deprecated: + - plat/mediatek/me8195 + - plat/mediatek/mt8195 + - plat/mdeiatek/mt8195 + + - title: MT8186 + scope: mt8186 + + deprecated: + - plat/mediatek/mt8186 + + - title: NVIDIA + scope: nvidia + + subsections: + - title: Tegra + scope: tegra + + deprecated: + - plat/tegra + + subsections: + - title: Tegra 132 + scope: tegra132 + + - title: Tegra 194 + scope: tegra194 + + - title: NXP + scope: nxp + + deprecated: + - plat/nxp + - plat/nxp/common + + subsections: + - title: i.MX + scope: imx + + deprecated: + - plat/imx + - plat/imx/imx + + subsections: + - title: i.MX 8M + scope: imx8m + + deprecated: + - plat/imx8m + - plat/imx/imx8m + + subsections: + - title: i.MX 8M Nano + scope: imx8mn + + deprecated: + - plat/imx/imx8m/imx8mn + + - title: i.MX 8M Mini + scope: imx8mm + + deprecated: + - plat/imx/imx8m/imx8mm + + - title: i.MX 8M Plus + scope: imx8mp + + deprecated: + - plat/imx/imx8m/imx8mp + + - title: i.MX 8Q + scope: imx8mq + + deprecated: + - plat/imx/imx8m/imx8mq + + - title: Layerscape + scope: layerscape + + deprecated: + - docs/nxp/layerscape + + subsections: + - title: LS1028A + scope: ls1028a + + deprecated: + - plat/nxp/ls1028a + + subsections: + - title: LS1028ARDB + scope: ls1028ardb + + deprecated: + - plat/nxp/ls1028ardb + + - title: LS1043A + scope: ls1043a + + deprecated: + - plat/nxp/ls1043a + + subsections: + - title: LS1043ARDB + scope: ls1043ardb + + deprecated: + - plat/nxp/ls1043ardb + + - title: LX2 + scope: lx2 + + deprecated: + - plat/nxp/lx2 + + subsections: + - title: LX216 + scope: lx216 + + deprecated: + - plat/nxp/lx216x + + subsections: + - title: LX2160 + scope: lx2160 + + deprecated: + - plat/soc-lx2160 + + - title: LS1046A + scope: ls1046a + + subsections: + - title: LS1046ARDB + scope: ls1046ardb + + - title: LS1046AFRWY + scope: ls1046afrwy + + - title: LS1046AQDS + scope: ls1046aqds + + - title: LS1088A + scope: ls1088a + + subsections: + - title: LS1088ARDB + scope: ls1088ardb + + - title: LS1088AQDS + scope: ls1088aqds + + - title: QEMU + scope: qemu + + deprecated: + - plat/qemu + + - title: QTI + scope: qti + + subsections: + - title: SC1780 + scope: sc7180 + + deprecated: + - plat/qti/sc7180 + + - title: SC7280 + scope: sc7280 + + deprecated: + - plat/qti/sc7280 + + - title: MSM8916 + scope: msm8916 + + - title: Raspberry Pi + scope: rpi + + subsections: + - title: Raspberry Pi 4 + scope: rpi4 + + - title: Renesas + scope: renesas + + subsections: + - title: R-Car + scope: rcar + + deprecated: + - plat/rcar + + subsections: + - title: R-Car 3 + scope: rcar3 + + deprecated: + - plat/rcar3 + + - title: Rockchip + scope: rockchip + + subsections: + - title: RK3399 + scope: rk3399 + + deprecated: + - rockchip/rk3399 + - rk3399/suspend + + - title: Socionext + scope: socionext + + subsections: + - title: Synquacer + scope: synquacer + + deprecated: + - plat/synquacer + + - title: ST + scope: st + + deprecated: + - plat/st + + subsections: + - title: ST32MP1 + scope: stm32mp1 + + deprecated: + - plat/st/stm32mp1 + + - title: Texas Instruments + scope: ti + + subsections: + - title: K3 + scope: k3 + + - title: Xilinx + scope: xilinx + + deprecated: + - plat/xilinx + + subsections: + - title: Versal + scope: versal + + deprecated: + - plat/xilinx/versal/include + - plat/xilinx/versal + - plat/versal + + - title: ZynqMP + scope: zynqmp + + deprecated: + - plat/zynqmp + - plat/xilinx/zynqmp + + - title: Bootloader Images + scope: bl + + deprecated: + - bl_common + + subsections: + - title: BL1 + scope: bl1 + + - title: BL2 + scope: bl2 + + - title: BL31 + scope: bl31 + + - title: Services + scope: services + + subsections: + - title: FF-A + scope: ff-a + + deprecated: + - ffa + + - title: RME + scope: rme + + subsections: + - title: TRP + scope: trp + + - title: SPM + scope: spm + + subsections: + - title: EL3 SPMC + scope: el3-spmc + + - title: SPMD + scope: spmd + + - title: SPM MM + scope: spm-mm + + - title: Libraries + + subsections: + - title: CPU Support + scope: cpus + + deprecated: + - cpu + - errata + - errata_report + + - title: EL3 Runtime + scope: el3-runtime + + deprecated: + - el3_runtime + + subsections: + - title: Context Management + scope: cm + + - title: FCONF + scope: fconf + + - title: MPMM + scope: mpmm + + - title: OP-TEE + scope: optee + + deprecated: + - lib/optee + + - title: PSCI + scope: psci + + - title: GPT + scope: gpt + + deprecated: + - gpt_rme + + - title: SMCCC + scope: smccc + + - title: Translation Tables + scope: xlat + + - title: C Standard Library + scope: libc + + - title: Locks + scope: locks + + - title: PSA + scope: psa + + - title: Drivers + + subsections: + - title: Authentication + scope: auth + + deprecated: + - driver/auth + + subsections: + - title: CryptoCell-713 + scope: cc-713 + + - title: Generic Clock + scope: clk + + - title: FWU + scope: fwu + + deprecated: + - fwu_metadata + + - title: I/O + scope: io + + subsections: + - title: MTD + scope: mtd + + deprecated: + - io_mtd + + - title: Measured Boot + scope: measured-boot + + deprecated: + - measured boot + - measured_boot + + - title: MMC + scope: mmc + + deprecated: + - drivers/mmc + + - title: MTD + scope: mtd + + deprecated: + - drivers/mtd + + subsections: + - title: NAND + scope: nand + + subsections: + - title: SPI NAND + scope: spi-nand + + deprecated: + - spi_nand + + - title: GUID Partition Tables Support + scope: guid-partition + + - title: SCMI + scope: scmi + + deprecated: + - scmi_common + - drivers/scmi-msg + + - title: UFS + scope: ufs + + - title: Arm + scope: arm-drivers + + subsections: + - title: Ethos-N + scope: ethos-n + + deprecated: + - drivers/arm/ethosn + + - title: GIC + scope: gic + + subsections: + - title: GICv3 + scope: gicv3 + + subsections: + - title: GIC-600AE + scope: gic600ae + + - title: SMMU + scope: smmu + + - title: MHU + scope: mhu + + deprecated: + - drivers/arm/mhu + + - title: RSS + scope: rss + + deprecated: + - drivers/arm/rss + + - title: TZC + scope: tzc + + subsections: + - title: TZC-400 + scope: tzc400 + + deprecated: + - drivers/tzc400 + + - title: TZC-380 + scope: tzc380 + + deprecated: + - drivers/tzc380 + + - title: Marvell + scope: marvell-drivers + + subsections: + - title: COMPHY + scope: marvell-comphy + + deprecated: + - drivers/marvell/comphy + + subsections: + - title: Armada 3700 + scope: marvell-comphy-3700 + + deprecated: + - drivers/marvell/comphy-3700 + + - title: CP110 + scope: marvell-comphy-cp110 + + deprecated: + - drivers/marvell/comphy-cp110 + + - title: UART + scope: marvell-uart + + deprecated: + - plat/marvell/uart + + - title: Armada + scope: armada-drivers + + subsections: + - title: A3K + scope: a3k-drivers + + subsections: + - title: A3720 + scope: a3720-uart + + deprecated: + - plat/marvell/a3720/uart + + - title: MediaTek + scope: mediatek-drivers + + subsections: + - title: APU + scope: mediatek-apu + + deprecated: + - plat/mediatek/apu + + - title: EMI MPU + scope: mediatek-emi-mpu + + deprecated: + - plat/mediatek/mpu + + - title: PMIC Wrapper + scope: mediatek-pmic-wrapper + + deprecated: + - plat/mediatek/pmic_wrap + + - title: MT8192 + scope: mt8192-drivers + + subsections: + - title: SPM + scope: mt8192-spm + + deprecated: + - mediatek/mt8192/spm + + - title: NXP + scope: nxp-drivers + + subsections: + - title: DCFG + scope: nxp-dcfg + + deprecated: + - driver/nxp/dcfg + + - title: FLEXSPI + scope: flexspi + + deprecated: + - include/drivers/flexspi + - driver/nxp/xspi + + - title: SCFG + scope: nxp-scfg + + deprecated: + - nxp/scfg + + - title: SFP + scope: nxp-sfp + + deprecated: + - drivers/nxp/sfp + + - title: QSPI + scope: nxp-qspi + + - title: NXP Crypto + scope: nxp-crypto + + - title: DDR + scope: nxp-ddr + + - title: GIC + scope: nxp-gic + + - title: CSU + scope: nxp-csu + + - title: IFC NAND + scope: nxp-ifc-nand + + - title: IFC NOR + scope: nxp-ifc-nor + + - title: TZC-380 + scope: nxp-tzc380 + + - title: Renesas + scope: renesas-drivers + + subsections: + - title: R-Car3 + scope: rcar3-drivers + + deprecated: + - drivers/rcar3 + + - title: ST + scope: st-drivers + + deprecated: + - drivers/st + + subsections: + - title: BSEC + scope: st-bsec + + - title: Clock + scope: st-clock + + deprecated: + - stm32mp_clk + - drivers/st/clk + - stm32mp1_clk + + - title: Crypto + scope: st-crypto + + - title: DDR + scope: st-ddr + + - title: I/O + scope: st-io-drivers + + subsections: + - title: STM32 Image + scope: st-io-stm32image + + deprecated: + - io-stm32image + - io_stm32image + + - title: I2C + scope: st-i2c + + - title: FMC + scope: st-fmc + + - title: GPIO + scope: st-gpio + + - title: SDMMC2 + scope: st-sdmmc2 + + deprecated: + - stm32_sdmmc2 + + - title: ST PMIC + scope: st-pmic + + deprecated: + - drivers/st/pmic + + - title: STPMIC1 + scope: stpmic1 + + - title: Regulator + scope: st-regulator + + - title: Reset + scope: st-reset + + - title: SPI + scope: st-spi + + - title: UART + scope: st-uart + + subsections: + - title: STM32 Console + scope: stm32-console + + deprecated: + - stm32_console + + - title: USB + scope: st-usb + + deprecated: + - drivers/st/usb + + - title: Watchdog + scope: st-iwdg + + - title: USB + scope: usb + + deprecated: + - drivers/usb + + - title: Miscellaneous + + subsections: + - title: AArch64 + scope: aarch64 + + - title: Debug + scope: debug + + deprecated: + - common/debug + + - title: CRC32 + scope: crc32 + + subsections: + - title: Hardware CRC32 + scope: hw-crc32 + + deprecated: + - hw_crc + - hw_crc32 + + - title: Software CRC32 + scope: sw-crc32 + + deprecated: + - sw_crc32 + + - title: DT Bindings + scope: dt-bindings + + - title: FDT Wrappers + scope: fdt-wrappers + + - title: FDTs + scope: fdts + + deprecated: + - fdt + + subsections: + - title: Morello + scope: morello-fdts + + deprecated: + - fdts/morello + + - title: STM32MP1 + scope: stm32mp1-fdts + + deprecated: + - fdts stm32mp1 + + - title: PIE + scope: pie + + - title: Security + scope: security + + - title: SDEI + scope: sdei + + - title: TBBR + scope: tbbr + + - title: NXP + + subsections: + - title: OCRAM + scope: nxp-ocram + + deprecated: + - nxp/common/ocram + + - title: PSCI + scope: nxp-psci + + deprecated: + - plat/nxp/common/psci + + - title: Documentation + scope: docs + + deprecated: + - doc + + subsections: + - title: Changelog + scope: changelog + + - title: Commit Style + scope: commit-style + + - title: Contribution Guidelines + scope: contributing + + deprecated: + - contribution-guidelines + - docs-contributing.rst + + - title: Maintainers + scope: maintainers + + - title: Prerequisites + scope: prerequisites + + - title: Threat Model + scope: threat-model + + - title: Build System + scope: build + + deprecated: + - makefile + - Makefile + + subsections: + - title: Git Hooks + scope: hooks + + - title: Tools + + subsections: + - title: STM32 Image + scope: stm32image + + deprecated: + - tools/stm32image + + - title: NXP Tools + scope: nxp-tools + + - title: Firmware Image Package Tool + scope: fiptool + + - title: Secure Partition Tool + scope: sptool + + - title: Certificate Creation Tool + scope: cert-create + + - title: Dependencies + scope: deps + + subsections: + - title: checkpatch + scope: checkpatch + + - title: commitlint + scope: commitlint + + - title: libfdt + scope: libfdt + + - title: Node Package Manager (NPM) + scope: npm
diff --git a/common/bl_common.c b/common/bl_common.c index eb2352a..9bfaafd 100644 --- a/common/bl_common.c +++ b/common/bl_common.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -143,25 +143,6 @@ return io_result; } -/* - * Load an image and flush it out to main memory so that it can be executed - * later by any CPU, regardless of cache and MMU state. - */ -static int load_image_flush(unsigned int image_id, - image_info_t *image_data) -{ - int rc; - - rc = load_image(image_id, image_data); - if (rc == 0) { - flush_dcache_range(image_data->image_base, - image_data->image_size); - } - - return rc; -} - - #if TRUSTED_BOARD_BOOT /* * This function uses recursion to authenticate the parent images up to the root @@ -202,30 +183,6 @@ return -EAUTH; } - if (is_parent_image == 0) { - /* - * Measure the image. - * We do not measure its parents because these only play a role - * in authentication, which is orthogonal to measured boot. - * - * TODO: Change this code if we change our minds about measuring - * certificates. - */ - rc = plat_mboot_measure_image(image_id, image_data); - if (rc != 0) { - return rc; - } - - /* - * Flush the image to main memory so that it can be executed - * later by any CPU, regardless of cache and MMU state. This - * is only needed for child images, not for the parents - * (certificates). - */ - flush_dcache_range(image_data->image_base, - image_data->image_size); - } - return 0; } #endif /* TRUSTED_BOARD_BOOT */ @@ -239,7 +196,7 @@ } #endif - return load_image_flush(image_id, image_data); + return load_image(image_id, image_data); } /******************************************************************************* @@ -266,6 +223,25 @@ } while ((err != 0) && (plat_try_next_boot_source() != 0)); #endif /* PSA_FWU_SUPPORT */ + if (err == 0) { + /* + * If loading of the image gets passed (along with its + * authentication in case of Trusted-Boot flow) then measure + * it (if MEASURED_BOOT flag is enabled). + */ + err = plat_mboot_measure_image(image_id, image_data); + if (err != 0) { + return err; + } + + /* + * Flush the image to main memory so that it can be executed + * later by any CPU, regardless of cache and MMU state. + */ + flush_dcache_range(image_data->image_base, + image_data->image_size); + } + return err; }
diff --git a/common/fdt_fixup.c b/common/fdt_fixup.c index de02b46..b1d628c 100644 --- a/common/fdt_fixup.c +++ b/common/fdt_fixup.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -394,6 +394,110 @@ return offs; } +/******************************************************************************* + * fdt_add_cpu_idle_states() - add PSCI CPU idle states to cpu nodes in the DT + * @dtb: pointer to the device tree blob in memory + * @states: array of idle state descriptions, ending with empty element + * + * Add information about CPU idle states to the devicetree. This function + * assumes that CPU idle states are not already present in the devicetree, and + * that all CPU states are equally applicable to all CPUs. + * + * See arm/idle-states.yaml and arm/psci.yaml in the (Linux kernel) DT binding + * documentation for more details. + * + * Return: 0 on success, a negative error value otherwise. + ******************************************************************************/ +int fdt_add_cpu_idle_states(void *dtb, const struct psci_cpu_idle_state *state) +{ + int cpu_node, cpus_node, idle_states_node, ret; + uint32_t count, phandle; + + ret = fdt_find_max_phandle(dtb, &phandle); + phandle++; + if (ret < 0) { + return ret; + } + + cpus_node = fdt_path_offset(dtb, "/cpus"); + if (cpus_node < 0) { + return cpus_node; + } + + /* Create the idle-states node and its child nodes. */ + idle_states_node = fdt_add_subnode(dtb, cpus_node, "idle-states"); + if (idle_states_node < 0) { + return idle_states_node; + } + + ret = fdt_setprop_string(dtb, idle_states_node, "entry-method", "psci"); + if (ret < 0) { + return ret; + } + + for (count = 0U; state->name != NULL; count++, phandle++, state++) { + int idle_state_node; + + idle_state_node = fdt_add_subnode(dtb, idle_states_node, + state->name); + if (idle_state_node < 0) { + return idle_state_node; + } + + fdt_setprop_string(dtb, idle_state_node, "compatible", + "arm,idle-state"); + fdt_setprop_u32(dtb, idle_state_node, "arm,psci-suspend-param", + state->power_state); + if (state->local_timer_stop) { + fdt_setprop_empty(dtb, idle_state_node, + "local-timer-stop"); + } + fdt_setprop_u32(dtb, idle_state_node, "entry-latency-us", + state->entry_latency_us); + fdt_setprop_u32(dtb, idle_state_node, "exit-latency-us", + state->exit_latency_us); + fdt_setprop_u32(dtb, idle_state_node, "min-residency-us", + state->min_residency_us); + if (state->wakeup_latency_us) { + fdt_setprop_u32(dtb, idle_state_node, + "wakeup-latency-us", + state->wakeup_latency_us); + } + fdt_setprop_u32(dtb, idle_state_node, "phandle", phandle); + } + + if (count == 0U) { + return 0; + } + + /* Link each cpu node to the idle state nodes. */ + fdt_for_each_subnode(cpu_node, dtb, cpus_node) { + const char *device_type; + fdt32_t *value; + + /* Only process child nodes with device_type = "cpu". */ + device_type = fdt_getprop(dtb, cpu_node, "device_type", NULL); + if (device_type == NULL || strcmp(device_type, "cpu") != 0) { + continue; + } + + /* Allocate space for the list of phandles. */ + ret = fdt_setprop_placeholder(dtb, cpu_node, "cpu-idle-states", + count * sizeof(phandle), + (void **)&value); + if (ret < 0) { + return ret; + } + + /* Fill in the phandles of the idle state nodes. */ + for (uint32_t i = 0U; i < count; ++i) { + value[i] = cpu_to_fdt32(phandle - count + i); + } + } + + return 0; +} + /** * fdt_adjust_gic_redist() - Adjust GICv3 redistributor size * @dtb: Pointer to the DT blob in memory
diff --git a/common/fdt_wrappers.c b/common/fdt_wrappers.c index 2a9673f..1b065b1 100644 --- a/common/fdt_wrappers.c +++ b/common/fdt_wrappers.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -618,3 +618,24 @@ return ret; } + +/* + * Find a given node in device tree. If not present, add it. + * Returns offset of node found/added on success, and < 0 on error. + */ +int fdtw_find_or_add_subnode(void *fdt, int parentoffset, const char *name) +{ + int offset; + + offset = fdt_subnode_offset(fdt, parentoffset, name); + + if (offset == -FDT_ERR_NOTFOUND) { + offset = fdt_add_subnode(fdt, parentoffset, name); + } + + if (offset < 0) { + ERROR("%s: %s: %s\n", __func__, name, fdt_strerror(offset)); + } + + return offset; +}
diff --git a/common/feat_detect.c b/common/feat_detect.c new file mode 100644 index 0000000..8f98876 --- /dev/null +++ b/common/feat_detect.c
@@ -0,0 +1,299 @@ +/* + * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <common/feat_detect.h> + +/******************************************************************************* + * This section lists the wrapper modules for each feature to evaluate the + * feature states (FEAT_STATE_1 and FEAT_STATE_2) and perform necessary action + * as below: + * + * It verifies whether the FEAT_XXX (eg: FEAT_SB) is supported by the PE or not. + * Without this check an exception would occur during context save/restore + * routines, if the feature is enabled but not supported by PE. + ******************************************************************************/ + +/****************************************** + * Feature : FEAT_SB (Speculation Barrier) + *****************************************/ +static void read_feat_sb(void) +{ +#if (ENABLE_FEAT_SB == FEAT_STATE_1) + feat_detect_panic(is_armv8_0_feat_sb_present(), "SB"); +#endif +} + +/****************************************************** + * Feature : FEAT_CSV2_2 (Cache Speculation Variant 2) + *****************************************************/ +static void read_feat_csv2_2(void) +{ +#if (ENABLE_FEAT_CSV2_2 == FEAT_STATE_1) + feat_detect_panic(is_armv8_0_feat_csv2_2_present(), "CSV2_2"); +#endif +} + +/*********************************************** + * Feature : FEAT_PAN (Privileged Access Never) + **********************************************/ +static void read_feat_pan(void) +{ +#if (ENABLE_FEAT_PAN == FEAT_STATE_1) + feat_detect_panic(is_armv8_1_pan_present(), "PAN"); +#endif +} + +/****************************************************** + * Feature : FEAT_VHE (Virtualization Host Extensions) + *****************************************************/ +static void read_feat_vhe(void) +{ +#if (ENABLE_FEAT_VHE == FEAT_STATE_1) + feat_detect_panic(is_armv8_1_vhe_present(), "VHE"); +#endif +} + +/******************************************************************************* + * Feature : FEAT_RAS (Reliability, Availability, and Serviceability Extension) + ******************************************************************************/ +static void read_feat_ras(void) +{ +#if (RAS_EXTENSION == FEAT_STATE_1) + feat_detect_panic(is_armv8_2_feat_ras_present(), "RAS"); +#endif +} + +/************************************************ + * Feature : FEAT_PAUTH (Pointer Authentication) + ***********************************************/ +static void read_feat_pauth(void) +{ +#if (ENABLE_PAUTH == FEAT_STATE_1) || (CTX_INCLUDE_PAUTH_REGS == FEAT_STATE_1) + feat_detect_panic(is_armv8_3_pauth_present(), "PAUTH"); +#endif +} + +/************************************************************ + * Feature : FEAT_DIT (Data Independent Timing Instructions) + ***********************************************************/ +static void read_feat_dit(void) +{ +#if (ENABLE_FEAT_DIT == FEAT_STATE_1) + feat_detect_panic(is_armv8_4_feat_dit_present(), "DIT"); +#endif +} + +/********************************************************* + * Feature : FEAT_AMUv1 (Activity Monitors Extensions v1) + ********************************************************/ +static void read_feat_amuv1(void) +{ +#if (ENABLE_FEAT_AMUv1 == FEAT_STATE_1) + feat_detect_panic(is_armv8_4_feat_amuv1_present(), "AMUv1"); +#endif +} + +/**************************************************************************** + * Feature : FEAT_MPAM (Memory Partitioning and Monitoring (MPAM) Extension) + ***************************************************************************/ +static void read_feat_mpam(void) +{ +#if (ENABLE_MPAM_FOR_LOWER_ELS == FEAT_STATE_1) + feat_detect_panic(get_mpam_version() != 0U, "MPAM"); +#endif +} + +/************************************************************** + * Feature : FEAT_NV2 (Enhanced Nested Virtualization Support) + *************************************************************/ +static void read_feat_nv2(void) +{ +#if (CTX_INCLUDE_NEVE_REGS == FEAT_STATE_1) + unsigned int nv = get_armv8_4_feat_nv_support(); + + feat_detect_panic((nv == ID_AA64MMFR2_EL1_NV2_SUPPORTED), "NV2"); +#endif +} + +/*********************************** + * Feature : FEAT_SEL2 (Secure EL2) + **********************************/ +static void read_feat_sel2(void) +{ +#if (ENABLE_FEAT_SEL2 == FEAT_STATE_1) + feat_detect_panic(is_armv8_4_sel2_present(), "SEL2"); +#endif +} + +/**************************************************** + * Feature : FEAT_TRF (Self-hosted Trace Extensions) + ***************************************************/ +static void read_feat_trf(void) +{ +#if (ENABLE_TRF_FOR_NS == FEAT_STATE_1) + feat_detect_panic(is_arm8_4_feat_trf_present(), "TRF"); +#endif +} + +/************************************************ + * Feature : FEAT_MTE (Memory Tagging Extension) + ***********************************************/ +static void read_feat_mte(void) +{ +#if (CTX_INCLUDE_MTE_REGS == FEAT_STATE_1) + unsigned int mte = get_armv8_5_mte_support(); + + feat_detect_panic((mte != MTE_UNIMPLEMENTED), "MTE"); +#endif +} + +/*********************************************** + * Feature : FEAT_RNG (Random Number Generator) + **********************************************/ +static void read_feat_rng(void) +{ +#if (ENABLE_FEAT_RNG == FEAT_STATE_1) + feat_detect_panic(is_armv8_5_rng_present(), "RNG"); +#endif +} + +/**************************************************** + * Feature : FEAT_BTI (Branch Target Identification) + ***************************************************/ +static void read_feat_bti(void) +{ +#if (ENABLE_BTI == FEAT_STATE_1) + feat_detect_panic(is_armv8_5_bti_present(), "BTI"); +#endif +} + +/**************************************** + * Feature : FEAT_FGT (Fine Grain Traps) + ***************************************/ +static void read_feat_fgt(void) +{ +#if (ENABLE_FEAT_FGT == FEAT_STATE_1) + feat_detect_panic(is_armv8_6_fgt_present(), "FGT"); +#endif +} + +/*********************************************** + * Feature : FEAT_AMUv1p1 (AMU Extensions v1.1) + **********************************************/ +static void read_feat_amuv1p1(void) +{ +#if (ENABLE_FEAT_AMUv1p1 == FEAT_STATE_1) + feat_detect_panic(is_armv8_6_feat_amuv1p1_present(), "AMUv1p1"); +#endif +} + +/******************************************************* + * Feature : FEAT_ECV (Enhanced Counter Virtualization) + ******************************************************/ +static void read_feat_ecv(void) +{ +#if (ENABLE_FEAT_ECV == FEAT_STATE_1) + unsigned int ecv = get_armv8_6_ecv_support(); + + feat_detect_panic(((ecv == ID_AA64MMFR0_EL1_ECV_SUPPORTED) || + (ecv == ID_AA64MMFR0_EL1_ECV_SELF_SYNCH)), "ECV"); +#endif +} + +/*********************************************************** + * Feature : FEAT_TWED (Delayed Trapping of WFE Instruction) + **********************************************************/ +static void read_feat_twed(void) +{ +#if (ENABLE_FEAT_TWED == FEAT_STATE_1) + feat_detect_panic(is_armv8_6_twed_present(), "TWED"); +#endif +} + +/****************************************************************** + * Feature : FEAT_HCX (Extended Hypervisor Configuration Register) + *****************************************************************/ +static void read_feat_hcx(void) +{ +#if (ENABLE_FEAT_HCX == FEAT_STATE_1) + feat_detect_panic(is_feat_hcx_present(), "HCX"); +#endif +} + +/************************************************** + * Feature : FEAT_RME (Realm Management Extension) + *************************************************/ +static void read_feat_rme(void) +{ +#if (ENABLE_RME == FEAT_STATE_1) + feat_detect_panic((get_armv9_2_feat_rme_support() != + ID_AA64PFR0_FEAT_RME_NOT_SUPPORTED), "RME"); +#endif +} + +/*********************************************************************************** + * TF-A supports many Arm architectural features starting from arch version + * (8.0 till 8.7+). These features are mostly enabled through build flags. This + * mechanism helps in validating these build flags in the early boot phase + * either in BL1 or BL31 depending on the platform and assists in identifying + * and notifying the features which are enabled but not supported by the PE. + * + * It reads all the enabled features ID-registers and ensures the features + * are supported by the PE. + * In case if they aren't it stops booting at an early phase and logs the error + * messages, notifying the platforms about the features that are not supported. + * + * Further the procedure is implemented with a tri-state approach for each feature: + * ENABLE_FEAT_xxx = 0 : The feature is disabled statically at compile time + * ENABLE_FEAT_xxx = 1 : The feature is enabled and must be present in hardware. + * There will be panic if feature is not present at cold boot. + * ENABLE_FEAT_xxx = 2 : The feature is enabled but dynamically enabled at runtime + * depending on hardware capability. + * + * For better readability, state values are defined with macros namely: + * { FEAT_STATE_0, FEAT_STATE_1, FEAT_STATE_2 } taking values as their naming. + **********************************************************************************/ +void detect_arch_features(void) +{ + /* v8.0 features */ + read_feat_sb(); + read_feat_csv2_2(); + + /* v8.1 features */ + read_feat_pan(); + read_feat_vhe(); + + /* v8.2 features */ + read_feat_ras(); + + /* v8.3 features */ + read_feat_pauth(); + + /* v8.4 features */ + read_feat_dit(); + read_feat_amuv1(); + read_feat_mpam(); + read_feat_nv2(); + read_feat_sel2(); + read_feat_trf(); + + /* v8.5 features */ + read_feat_mte(); + read_feat_rng(); + read_feat_bti(); + + /* v8.6 features */ + read_feat_amuv1p1(); + read_feat_fgt(); + read_feat_ecv(); + read_feat_twed(); + + /* v8.7 features */ + read_feat_hcx(); + + /* v9.2 features */ + read_feat_rme(); +}
diff --git a/common/uuid.c b/common/uuid.c index ac6db50..3e47eb4 100644 --- a/common/uuid.c +++ b/common/uuid.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -132,3 +132,27 @@ return 0; } +/* + * Helper function to check if 2 UUIDs match. + */ +bool uuid_match(uint32_t *uuid1, uint32_t *uuid2) +{ + return !memcmp(uuid1, uuid2, sizeof(uint32_t) * 4); +} + +/* + * Helper function to copy from one UUID struct to another. + */ +void copy_uuid(uint32_t *to_uuid, uint32_t *from_uuid) +{ + to_uuid[0] = from_uuid[0]; + to_uuid[1] = from_uuid[1]; + to_uuid[2] = from_uuid[2]; + to_uuid[3] = from_uuid[3]; +} + +bool is_null_uuid(uint32_t *uuid) +{ + return (uuid[0] == 0 && uuid[1] == 0 && + uuid[2] == 0 && uuid[3] == 0); +}
diff --git a/docs/about/contact.rst b/docs/about/contact.rst index 4440a37..4f482bd 100644 --- a/docs/about/contact.rst +++ b/docs/about/contact.rst
@@ -47,10 +47,10 @@ via their partner managers. .. _`issue tracker`: https://developer.trustedfirmware.org -.. _`TF-A development`: https://lists.trustedfirmware.org/pipermail/tf-a/ -.. _`TF-A-Tests development`: https://lists.trustedfirmware.org/pipermail/tf-a-tests/ -.. _`summary of all the lists`: https://lists.trustedfirmware.org +.. _`TF-A development`: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/ +.. _`TF-A-Tests development`: https://lists.trustedfirmware.org/mailman3/lists/tf-a-tests.lists.trustedfirmware.org/ +.. _`summary of all the lists`: https://lists.trustedfirmware.org/mailman3/lists/ -------------- -*Copyright (c) 2019-2020, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2022, Arm Limited. All rights reserved.*
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst index 680683d..871afe3 100644 --- a/docs/about/maintainers.rst +++ b/docs/about/maintainers.rst
@@ -75,8 +75,6 @@ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Mark Dykes <mark.dykes@arm.com> :|G|: `mardyk01`_ -:|M|: John Powell <john.powell@arm.com> -:|G|: `john-powell-arm`_ :|F|: services/std_svc/sdei/ Trusted Boot @@ -89,8 +87,14 @@ :|G|: `ManishVB-Arm`_ :|F|: drivers/auth/ -Secure Partition Manager (SPM) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Secure Partition Manager Core (EL3 FF-A SPMC) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +:|M|: Marc Bonnici <marc.bonnici@arm.com> +:|G|: `marcbonnici`_ +:|F|: services/std_svc/spm/el3_spmc/\* + +Secure Partition Manager Dispatcher (SPMD) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Olivier Deprez <olivier.deprez@arm.com> :|G|: `odeprez`_ :|M|: Manish Pandey <manish.pandey2@arm.com> @@ -99,14 +103,12 @@ :|G|: `max-shvetsov`_ :|M|: Joao Alves <Joao.Alves@arm.com> :|G|: `J-Alves`_ -:|F|: services/std_svc/spm\* +:|F|: services/std_svc/spmd/\* Exception Handling Framework (EHF) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Manish Badarkhe <manish.badarkhe@arm.com> :|G|: `ManishVB-Arm`_ -:|M|: John Powell <john.powell@arm.com> -:|G|: `john-powell-arm`_ :|F|: bl31/ehf.c Realm Management Extension (RME) @@ -115,8 +117,6 @@ :|G|: `bipinravi-arm`_ :|M|: Mark Dykes <mark.dykes@arm.com> :|G|: `mardyk01`_ -:|M|: John Powell <john.powell@arm.com> -:|G|: `john-powell-arm`_ :|M|: Zelalem Aweke <Zelalem.Aweke@arm.com> :|G|: `zelalem-aweke`_ @@ -193,16 +193,12 @@ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Joao Alves <Joao.Alves@arm.com> :|G|: `J-Alves`_ -:|M|: Jimmy Brisson <Jimmy.Brisson@arm.com> -:|G|: `theotherjimmy`_ :|F|: lib/pmf/ Arm CPU libraries ^^^^^^^^^^^^^^^^^ :|M|: Lauren Wehrmeister <Lauren.Wehrmeister@arm.com> :|G|: `laurenw-arm`_ -:|M|: John Powell <john.powell@arm.com> -:|G|: `john-powell-arm`_ :|F|: lib/cpus/ Reliability Availability Serviceabilty (RAS) framework @@ -225,8 +221,6 @@ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Zelalem Aweke <Zelalem.Aweke@arm.com> :|G|: `zelalem-aweke`_ -:|M|: Jimmy Brisson <Jimmy.Brisson@arm.com> -:|G|: `theotherjimmy`_ :|F|: lib/extensions/mpam/ Pointer Authentication (PAuth) and Branch Target Identification (BTI) extensions @@ -241,22 +235,12 @@ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Zelalem Aweke <Zelalem.Aweke@arm.com> :|G|: `zelalem-aweke`_ -:|M|: Jimmy Brisson <Jimmy.Brisson@arm.com> -:|G|: `theotherjimmy`_ :|F|: lib/extensions/spe/ -Scalable Vector Extension (SVE) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -:|M|: Jimmy Brisson <Jimmy.Brisson@arm.com> -:|G|: `theotherjimmy`_ -:|F|: lib/extensions/sve/ - Standard C library ^^^^^^^^^^^^^^^^^^ :|M|: Alexei Fedorov <Alexei.Fedorov@arm.com> :|G|: `AlexeiFedorov`_ -:|M|: John Powell <john.powell@arm.com> -:|G|: `john-powell-arm`_ :|F|: lib/libc/ Library At ROM (ROMlib) @@ -293,6 +277,20 @@ :|G|: `odeprez`_ :|F|: drivers/arm/gic/ +Message Handling Unit (MHU) driver +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +:|M|: David Vincze <david.vincze@arm.com> +:|G|: `davidvincze`_ +:|F|: include/drivers/arm/mhu.h +:|F|: drivers/arm/mhu + +Runtime Security Subsystem (RSS) comms driver +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +:|M|: David Vincze <david.vincze@arm.com> +:|G|: `davidvincze`_ +:|F|: include/drivers/arm/rss_comms.h +:|F|: drivers/arm/rss + Libfdt wrappers ^^^^^^^^^^^^^^^ :|M|: Madhukar Pappireddy <Madhukar.Pappireddy@arm.com> @@ -315,9 +313,28 @@ :|G|: `AlexeiFedorov`_ :|M|: Javier Almansa Sobrino <Javier.AlmansaSobrino@arm.com> :|G|: `javieralso-arm`_ +:|M|: Sandrine Bailleux <sandrine.bailleux@arm.com> +:|G|: `sandrine-bailleux-arm`_ :|F|: drivers/measured_boot :|F|: include/drivers/measured_boot -:|F|: plat/arm/board/fvp/fvp_measured_boot.c +:|F|: docs/components/measured_boot +:|F|: plat/arm/board/fvp/fvp\*_measured_boot.c + +PSA Firmware Update +^^^^^^^^^^^^^^^^^^^ +:|M|: Manish Badarkhe <manish.badarkhe@arm.com> +:|G|: `ManishVB-Arm`_ +:|M|: Sandrine Bailleux <sandrine.bailleux@arm.com> +:|G|: `sandrine-bailleux-arm`_ +:|F|: drivers/fwu +:|F|: include/drivers/fwu + +Platform Security Architecture (PSA) APIs +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +:|M|: Sandrine Bailleux <sandrine.bailleux@arm.com> +:|G|: `sandrine-bailleux-arm`_ +:|F|: include/lib/psa +:|F|: lib/psa System Control and Management Interface (SCMI) Server ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -339,8 +356,6 @@ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Mark Dykes <mark.dykes@arm.com> :|G|: `mardyk01`_ -:|M|: John Powell <john.powell@arm.com> -:|G|: `john-powell-arm`_ :|F|: lib/gpt_rme :|F|: include/lib/gpt_rme @@ -427,7 +442,7 @@ :|G|: `vishnu-banavath`_ :|F|: plat/arm/board/corstone700 :|F|: plat/arm/board/a5ds -:|F|: plat/arm/board/diphda +:|F|: plat/arm/board/corstone1000 Arm Reference Design platform ports ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -469,17 +484,20 @@ Intel SocFPGA platform ports ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -:|M|: Tien Hock Loh <tien.hock.loh@intel.com> -:|G|: `thloh85-intel`_ -:|M|: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> -:|G|: mabdulha -:|F|: plat/intel/soc +:|M|: Sieu Mun Tang <sieu.mun.tang@intel.com> +:|G|: `sieumunt`_ +:|M|: Benjamin Jit Loon Lim <jit.loon.lim@intel.com> +:|G|: `BenjaminLimJL`_ +:|F|: plat/intel/soc/ :|F|: drivers/intel/soc/ MediaTek platform ports ^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Rex-BC Chen <rex-bc.chen@mediatek.com> :|G|: `mtk-rex-bc-chen`_ +:|M|: Leon Chen <leon.chen@mediatek.com> +:|G|: `leon-chen-mtk`_ +:|F|: docs/plat/mt\*.rst :|F|: plat/mediatek/ Marvell platform ports and SoC drivers @@ -500,13 +518,6 @@ :|F|: lib/cpus/aarch64/denver.S :|F|: plat/nvidia/ -NXP QorIQ Layerscape platform ports -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -:|M|: Jiafei Pan <jiafei.pan@nxp.com> -:|G|: `qoriq-open-source`_ -:|F|: docs/plat/ls1043a.rst -:|F|: plat/layerscape/ - NXP i.MX 7 WaRP7 platform port and SoC drivers ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Bryan O'Donoghue <bryan.odonoghue@linaro.org> @@ -538,6 +549,8 @@ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Pankaj Gupta <pankaj.gupta@nxp.com> :|G|: `pangupta`_ +:|M|: Jiafei Pan <jiafei.pan@nxp.com> +:|G|: `JiafeiPan`_ :|F|: docs/plat/nxp/ :|F|: plat/nxp/ :|F|: drivers/nxp/ @@ -552,6 +565,37 @@ :|F|: plat/nxp/soc-lx2160a/lx2160aqds :|F|: plat/nxp/soc-lx2160a/lx2160ardb +NXP SoC Part LS1028A and its platform port +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +:|M|: Jiafei Pan <jiafei.pan@nxp.com> +:|G|: `JiafeiPan`_ +:|F|: plat/nxp/soc-ls1028a +:|F|: plat/nxp/soc-ls1028a/ls1028ardb + +NXP SoC Part LS1043A and its platform port +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +:|M|: Jiafei Pan <jiafei.pan@nxp.com> +:|G|: `JiafeiPan`_ +:|F|: plat/nxp/soc-ls1043a +:|F|: plat/nxp/soc-ls1043a/ls1043ardb + +NXP SoC Part LS1046A and its platform port +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +:|M|: Jiafei Pan <jiafei.pan@nxp.com> +:|G|: `JiafeiPan`_ +:|F|: plat/nxp/soc-ls1046a +:|F|: plat/nxp/soc-ls1046a/ls1046ardb +:|F|: plat/nxp/soc-ls1046a/ls1046afrwy +:|F|: plat/nxp/soc-ls1046a/ls1046aqds + +NXP SoC Part LS1088A and its platform port +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +:|M|: Jiafei Pan <jiafei.pan@nxp.com> +:|G|: `JiafeiPan`_ +:|F|: plat/nxp/soc-ls1088a +:|F|: plat/nxp/soc-ls1088a/ls1088ardb +:|F|: plat/nxp/soc-ls1088a/ls1088aqds + QEMU platform port ^^^^^^^^^^^^^^^^^^ :|M|: Jens Wiklander <jens.wiklander@linaro.org> @@ -571,6 +615,15 @@ :|F|: docs/plat/qti.rst :|F|: plat/qti/ +QTI MSM8916 platform port +^^^^^^^^^^^^^^^^^^^^^^^^^ +:|M|: Stephan Gerhold <stephan@gerhold.net> +:|G|: `stephan-gh`_ +:|M|: Nikita Travkin <nikita@trvn.ru> +:|G|: `TravMurav`_ +:|F|: docs/plat/qti-msm8916.rst +:|F|: plat/qti/msm8916/ + Raspberry Pi 3 platform port ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> @@ -682,16 +735,26 @@ :|F|: docs/components/spd/optee-dispatcher.rst :|F|: services/spd/opteed/ -TLK/Trusty secure payloads +TLK ^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Varun Wadekar <vwadekar@nvidia.com> :|G|: `vwadekar`_ :|F|: docs/components/spd/tlk-dispatcher.rst -:|F|: docs/components/spd/trusty-dispatcher.rst :|F|: include/bl32/payloads/tlk.h :|F|: services/spd/tlkd/ + +Trusty secure payloads +^^^^^^^^^^^^^^^^^^^^^^^^^^ +:|M|: Arve Hjønnevåg <arve@android.com> +:|G|: `arve-android`_ +:|M|: Marco Nelissen <marcone@google.com> +:|G|: `marcone`_ +:|M|: Varun Wadekar <vwadekar@nvidia.com> +:|G|: `vwadekar`_ +:|F|: docs/components/spd/trusty-dispatcher.rst :|F|: services/spd/trusty/ + Test Secure Payload (TSP) ^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Manish Badarkhe <manish.badarkhe@arm.com> @@ -724,6 +787,8 @@ ^^^^^^ :|M|: Manish Pandey <manish.pandey2@arm.com> :|G|: `manish-pandey-arm`_ +:|M|: Joao Alves <Joao.Alves@arm.com> +:|G|: `J-Alves`_ :|F|: tools/sptool/ Build system @@ -761,6 +826,7 @@ .. _b49020: https://github.com/b49020 .. _carlocaione: https://github.com/carlocaione .. _danh-arm: https://github.com/danh-arm +.. _davidvincze: https://github.com/davidvincze .. _etienne-lms: https://github.com/etienne-lms .. _glneo: https://github.com/glneo .. _grandpaul: https://github.com/grandpaul @@ -777,10 +843,10 @@ .. _mmind: https://github.com/mmind .. _MrVan: https://github.com/MrVan .. _mtk-rex-bc-chen: https://github.com/mtk-rex-bc-chen +.. _leon-chen-mtk: https://github.com/leon-chen-mtk .. _niej: https://github.com/niej .. _npoushin: https://github.com/npoushin .. _prabhakarlad: https://github.com/prabhakarlad -.. _qoriq-open-source: https://github.com/qoriq-open-source .. _remi-triplefault: https://github.com/repk .. _rockchip-linux: https://github.com/rockchip-linux .. _sandrine-bailleux-arm: https://github.com/sandrine-bailleux-arm @@ -789,9 +855,12 @@ .. _smaeul: https://github.com/smaeul .. _soby-mathew: https://github.com/soby-mathew .. _sreekare: https://github.com/sreekare -.. _thloh85-intel: https://github.com/thloh85-intel +.. _stephan-gh: https://github.com/stephan-gh +.. _sieumunt: https://github.com/sieumunt +.. _BenjaminLimJL: https://github.com/BenjaminLimJL .. _thomas-arm: https://github.com/thomas-arm .. _TonyXie06: https://github.com/TonyXie06 +.. _TravMurav: https://github.com/TravMurav .. _vwadekar: https://github.com/vwadekar .. _venkatesh: https://github.com/vabbarap .. _Yann-lms: https://github.com/Yann-lms @@ -805,10 +874,8 @@ .. _javieralso-arm: https://github.com/javieralso-arm .. _laurenw-arm: https://github.com/laurenw-arm .. _zelalem-aweke: https://github.com/zelalem-aweke -.. _theotherjimmy: https://github.com/theotherjimmy .. _J-Alves: https://github.com/J-Alves .. _madhukar-Arm: https://github.com/madhukar-Arm -.. _john-powell-arm: https://github.com/john-powell-arm .. _raghuncstate: https://github.com/raghuncstate .. _CJKay: https://github.com/cjkay .. _nmenon: https://github.com/nmenon @@ -820,5 +887,9 @@ .. _arugan02: https://github.com/arugan02 .. _uarif1: https://github.com/uarif1 .. _pangupta: https://github.com/pangupta +.. _JiafeiPan: https://github.com/JiafeiPan +.. _arve-android: https://github.com/arve-android +.. _marcone: https://github.com/marcone +.. _marcbonnici: https://github.com/marcbonnici .. _Project Maintenance Process: https://developer.trustedfirmware.org/w/collaboration/project-maintenance-process/
diff --git a/docs/about/release-information.rst b/docs/about/release-information.rst index b65571d..e9eaa80 100644 --- a/docs/about/release-information.rst +++ b/docs/about/release-information.rst
@@ -48,6 +48,10 @@ +-----------------+---------------------------+------------------------------+ | v2.6 | 4th week of Nov '21 | 2nd week of Nov '21 | +-----------------+---------------------------+------------------------------+ +| v2.7 | 5th week of May '22 | 3rd week of May '22 | ++-----------------+---------------------------+------------------------------+ +| v2.8 | 5th week of Nov '22 | 3rd week of Nov '22 | ++-----------------+---------------------------+------------------------------+ Removal of Deprecated Interfaces -------------------------------- @@ -61,7 +65,7 @@ | | Date | after | | | | | Release | | +================================+=============+=========+=========================================================+ -| | | | | +| STM32MP_USE_STM32IMAGE macro | Dec '21 | 2.7 | FIP is the recommended boot method for STM32MP | +--------------------------------+-------------+---------+---------------------------------------------------------+ --------------
diff --git a/docs/change-log.md b/docs/change-log.md index f0cb352..1a65700 100644 --- a/docs/change-log.md +++ b/docs/change-log.md
@@ -3,7 +3,1197 @@ This document contains a summary of the new features, changes, fixes and known issues in each release of Trusted Firmware-A. -## 2.6 (2021-11-22) +## [2.7.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.6.0..refs/tags/v2.7.0) (2022-05-20) + +### New Features + +- **Architecture** + + - **Statistical profiling Extension (FEAT_SPE)** + + - add support for FEAT_SPEv1p2 ([f20eb89](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f20eb893a072bb9b404eedb886e8c65fe76ffb45)) + + - **Branch Record Buffer Extension (FEAT_BRBE)** + + - add BRBE support for NS world ([744ad97](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/744ad97445ce7aa65adaef376d0b5bafc12a90d3)) + + - **Extended Cache Index (FEAT_CCIDX)** + + - update the do_dcsw_op function to support FEAT_CCIDX ([d0ec1cc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d0ec1cc437c59e64ecba44710dbce82a04ff892d)) + +- **Platforms** + + - add SZ_* macros ([1af59c4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1af59c457010e6e3e6536752736eb02115bca543)) + + - **Allwinner** + + - add SMCCC SOCID support ([436cd75](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/436cd754f2b0f9c0ce3094961bd1e179eeff2fc1)) + - allow to skip PMIC regulator setup ([67412e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/67412e4d7ae3defaac78ef5e351c63e06cfd907a)) + - apx803: add aldo1 regulator ([a29f6e7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a29f6e76cbf76d509c00f84f068b59864d210dfd)) + - choose PSCI states to avoid translation ([159c36f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/159c36fd2fc5afbe979e5028b9e845ed4b7a40f1)) + - provide CPU idle states to the rich OS ([e2b1877](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e2b18771fc2a0528dda18dbdaac08dd8530df25a)) + - simplify CPU_SUSPEND power state encoding ([52466ec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/52466ec38ef312da62ad062720a03a183329f831)) + + - **Arm** + + - **FVP** + + - measure critical data ([cf21064](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cf21064ec8a1889f64de48e30e38285227d27745)) + - update HW_CONFIG DT loading mechanism ([39f0b86](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/39f0b86a76534d0b7c71dd0c8b34f1a74480386b)) + - enable RSS backend based measured boot ([c44e50b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c44e50b72567205650c6455f3a258f36af0c84dd)) + + - **Morello** + + - add changes to enable TBBR boot ([4af5397](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4af53977533bee7b5763d3efad1448545c2ebef7)) + - add DTS for Morello SoC platform ([572c8ce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/572c8ce255397f7cff9640676e510817a8e4c6a3)) + - add support for nt_fw_config ([6ad6465](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6ad6465e5ce452688cac079f16d26f64e9f4ce3c)) + - add TARGET_PLATFORM flag ([8840711](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8840711f33131969ec6b62ca3da079cf0573ac8b)) + - configure DMC-Bing mode ([9b8c431](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9b8c431e2b2d656da7f8c4158e3d32e104446fec)) + - expose scmi protocols in fdts ([87639aa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/87639aab0b6a30d4f49d069c0ea06900b11072a6)) + - split platform_info sds struct ([4a7a9da](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4a7a9dafbc953089957a0cc1a7183731a5b003e1)) + - zero out the DDR memory space ([2d39b39](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2d39b39704c1e4f2a189543ac4ff05ae58e5f5c8)) + + - **N1SDP** + + - add support for nt_fw_config ([cf85030](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cf85030efe73439e06295f8185b0a6bebf7b5eae)) + - enable trusted board boot on n1sdp ([fe2b37f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fe2b37f6858168a56c3d393bc72f560468d02165)) + + - **RD** + + - **RD-N2** + + - add board support for rdn2cfg2 variant ([efeb438](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/efeb43808d2e3ed23e1d51d5e86460db92971e96)) + - add support for rdedmunds variant ([ef515f0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ef515f0d3466a8beded4fd662718abbd97391b13)) + + - **SGI** + + - add page table translation entry for secure uart ([33d10ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/33d10ac8bf134519f303fd7ce5fb5d583be2f515)) + - deviate from arm css common uart related definitions ([f2cccca](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f2ccccaa81ec14a80fedb48c37226e5d852ada7a)) + - enable fpregs context save and restore ([18fa43f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/18fa43f753b79cfc3cc5426a3ef50b04efbf6206)) + - route TF-A logs via secure uart ([987e2b7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/987e2b7c20eb4ab4215ff5289b715300f5cec054)) + + - **TC** + + - add reserved memory region for Gralloc ([ad60a42](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ad60a42cd79713984065dca8540c091c49755f32)) + - enable CI-700 PMU for profiling ([fbfc598](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fbfc59840f9cd0ea53921c7f6fb9f4850a3b42ee)) + - enable GPU ([82117bb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/82117bb48180175c25936b0ff9e33563e25e18f4)) + - enable SMMU for DPU ([4a6ebee](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4a6ebeeca37ece34a58982c8b6ebdc8cfd70814b)) + - enable tracing ([59da207](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/59da207e2f2f028c9051c89bc5a05e95d996c18c)) + + - **Corstone-1000** + + - identify bank to load fip ([cf89fd5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cf89fd57ed3286d7842eef41cd72a3977eb6d317)) + - implement platform specific psci reset ([a599c80](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a599c80d063975cbeedbc86cfb619fca8545c487)) + - made changes to accommodate 3MB for optee ([854d1c1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/854d1c103a9b73bbde7ef1b89b06b29e3cc053bb)) + + - **Intel** + + - add macro to switch between different UART PORT ([447e699](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/447e699f70f1a1d1b85a8136b445eba689166c5d)) + - add RSU 'Max Retry' SiP SMC services ([4c26957](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4c26957be253a7ab3acb316f42bf3ee10c409ed2)) + - add SiP service for DCMF status ([984e236](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/984e236e0dee46708534a23c637271a931ceb67e)) + - add SMC for enquiring firmware version ([c34b2a7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c34b2a7a1a38dba88b6b668a81bd07c757525830)) + - add SMC support for Get USERCODE ([93a5b97](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/93a5b97ec9e97207769db18ae34886e6b8bf2ea4)) + - add SMC support for HWMON voltage and temp sensor ([52cf9c2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/52cf9c2cd4882534d02e8996e4ff1143ee59290e)) + - add SMC support for ROM Patch SHA384 mailbox ([77902fc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/77902fca8fe7449473b09198e1fe197f7b4765d7)) + - add SMC/PSCI services for DCMF version support ([44eb782](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/44eb782e15c9af532f2455b37bd53ca93830f6e2)) + - add SMPLSEL and DRVSEL setup for Stratix 10 MMC ([bb0fcc7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bb0fcc7e011ec4319a79734ba44353015860e39f)) + - add support for F2S and S2F bridge SMC with mask to enable, disable and reset bridge ([11f4f03](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/11f4f03043ef05762f4d6337804c39dc8f9af54f)) + - allow to access all register addresses if DEBUG=1 ([7e954df](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e954dfc2ba83262f7596dd0f17de75163e49e5e)) + - create source file for firewall configuration ([afa0b1a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/afa0b1a82a404c616da2da8f52cdcd587938955f)) + - enable firewall for OCRAM in BL31 ([ae19fef](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ae19fef33707700a91b0b672aa784e084a6ca500)) + - enable SMC SoC FPGA bridges enable/disable ([b7f3044](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b7f3044e8725d9af997999547630892cf9e2f0ad)) + - extend attestation service to Agilex family ([581182c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/581182c1916df03860744d8e32941c72b2cc3fda)) + - implement timer init divider via cpu frequency. ([#1](https://review.trustedfirmware.org:29418/TF-A/trusted-firmware-a/issues/1)) ([f65bdf3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f65bdf3a54eed8f7651761c25bf6cc7437f4474b)) + - initial commit for attestation service ([d174083](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d17408316db10db611e23716e8a5b9b9f53ad509)) + - single certificate feature enablement ([7facace](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7facacec6328e505b243a4974d045d45fe068afd)) + - support AES Crypt Service ([6726390](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6726390eb02e9659cfaf2d3598be9bf12fbc5901)) + - support crypto service key operation ([342a061](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/342a0618c7ff89327ac5b34dc0713509ffae609b)) + - support crypto service session ([6dc00c2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6dc00c24ab0100a2aae0f416c72470f8ed17e149)) + - support ECDH request ([4944686](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/49446866a515c2db855d456f39df3d586b2084b7)) + - support ECDSA Get Public Key ([d2fee94](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d2fee94afa6ba7e76508e6bead7eb2936c5eafb8)) + - support ECDSA HASH Signing ([6925410](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/692541051b8cb0f435ae46c5d7351231ee292319)) + - support ECDSA HASH Verification ([7e25eb8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e25eb87016ba8355cf0a3a5f71fb8b8785de044)) + - support ECDSA SHA-2 Data Signature Verification ([5830506](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/583050607e43cef8b544a5700386a019e54c422f)) + - support ECDSA SHA-2 Data Signing ([07912da](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/07912da1b7663451493fb5e40e4c33deeb18a639)) + - support extended random number generation ([24f9dc8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/24f9dc8a43fea350416ca9312a78ab4e786da8ad)) + - support HMAC SHA-2 MAC verify request ([c05ea29](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c05ea2969070be90a7dbb2d0344c66d89401edf6)) + - support session based SDOS encrypt and decrypt ([537ff05](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/537ff052579862a4865d36d06940feaa796d16da)) + - support SHA-2 hash digest generation on a blob ([7e8249a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e8249a2dbacfa751990c47644f0403311c6e260)) + - support SiP SVC version ([f0c40b8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f0c40b897f8a25bc50c53239dcf750dd395ebabf)) + - support version 2 SiP SVC SMC function ID for mailbox commands ([c436707](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c436707bc6eed31ab61408ef40db6063d05f0912)) + - support version 2 SiP SVC SMC function ID for non-mailbox commands ([ad47f14](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ad47f1422f3f9aa4a622e08b71fc8f5caab98a98)) + - update to support maximum response data size ([b703fac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b703facaaae1e3fe5afa4742b436bb07e065b5e9)) + + - **Marvell** + + - **Armada** + + - **A3K** + + - add north and south bridge reset registers ([a4d35ff](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a4d35ff381c625d61bcc22f9f9a1a45d8663b19d)) + + - **MediaTek** + + - introduce mtk makefile ([500d40d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/500d40d877617653d347fb6308144973d4297ab9)) + + - **MT8195** + + - apply erratas of CA78 for MT8195 ([c21a736](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c21a736d6f3fa9fb0647bff404b0174ebf1acd91)) + - add EMI MPU surppot for SCP and DSP ([690cb12](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/690cb1265ea84851bd6405a0a6a57d2f1c9f03a3)) + - dump EMI MPU configurations ([20ef588](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/20ef588e86ad8f3cf13382c164463046db261feb)) + - improve SPM wakeup log ([ab45305](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ab45305062f50f81e5c3f800ef4c6cef5097cb04)) + + - **MT8186** + + - add DFD control in SiP service ([e46e9df](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e46e9df0d0e05f2aaee613fc4f697fcc8d79c0b3)) + - add SPM suspend driver ([7ac6a76](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7ac6a76c47d429778723aa804b64c48220a10f11)) + - add Vcore DVFS driver ([635e6b1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/635e6b108e773daf37c00f46e6fbb1cae4e78f96)) + - disable 26MHz clock while suspending ([9457cec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9457cec8c02f78ba56fd9298dd795766c89281a2)) + - initialize platform for MediaTek MT8186 ([27132f1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/27132f13ca871dc3cf1aa6938995284cf5016e00)) + - add power-off function for PSCI ([a68346a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a68346a772859ee6971ec14c6473d2a853e9c66f)) + - add CPU hotplug ([1da57e5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1da57e54b2270b3b49710afa6fd947b01d61b261)) + - add DCM driver ([95ea87f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/95ea87ffc2445c77f070e6a2f78ffa424810faed)) + - add EMI MPU basic driver ([1b17e34](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1b17e34c5d7740a357b2027d88aef7760b346616)) + - add MCDI drivers ([06cb65e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/06cb65ef079941d0525dca75dd0e110e9330906d)) + - add pinctrl support ([af5a0c4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/af5a0c40aff21c4b8771365f19dcb01d6086b30d)) + - add pwrap and pmic driver ([5bc88ec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5bc88ec61c75ed42b41d84817aa4d6ee68a2efc8)) + - add reboot function for PSCI ([24dd5a7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/24dd5a7b71544c503446e58cb23c0cfd09245a3c)) + - add RTC drivers ([6e5d76b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6e5d76bac8786120d037953f5a6fd67aaff035c1)) + - add SiP service ([5aab27d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5aab27dc4294110a6c0b69bf5ec5343e7df883a7)) + - add sys_cirq support ([109b91e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/109b91e38c8d4f73941c8574759560a1f1636d05)) + - apply erratas for MT8186 ([572f8ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/572f8adbb062c36835fbb82944dd2ed772134bfd)) + - initialize delay_timer ([d73e15e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d73e15e66a33398c8fc51c83f975a3f35494faf5)) + - initialize GIC ([206f125](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/206f125cc177bc110eb87d40ffc7fa18b28c01ce)) + - initialize systimer ([a6a0af5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a6a0af57c3369dfc6fc2f25877d812a24e9be311)) + + - **NXP** + + - add SoC erratum a008850 ([3d14a30](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3d14a30b88762e901e134acc89c6ac4fa9e3f321)) + - add ifc nor and nand as io devices ([b759727](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b759727f5936a687314168dd8912d30897a8c6be)) + - add RCPM2 registers definition ([d374060](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d374060abe9b63296f63f1e3c811aeeddb7a093c)) + - add CORTEX A53 helper functions ([3ccc8ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3ccc8ac3e5da48819a2fc90ec48a175515de38cb)) + + - **i.MX** + + - **i.MX 8M** + + - add a simple csu driver for imx8m family ([71c40d3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/71c40d3bb7c90a6c36d5c49d0830ca95aba65a2f)) + - add imx csu/rdc enum type defines for imx8m ([0c6dfc4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0c6dfc47847608b6ade0c00716e93afc6725362c)) + - enable conditional build for SDEI ([d2a339d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d2a339dfa1665edf87a30a4318af954e764c205c)) + - enable the coram_s tz by default on imx8mn/mp ([d5ede92](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d5ede92d78c829d8a3adad0759219b79e0dc0707)) + - enable the csu init on imx8m ([0a76495](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0a76495bc2cb0c5291027020a3cd2d3adf31c8ed)) + - do not release JR0 to NS if HAB is using it ([77850c9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/77850c96f23bcdc76ecb0ecd27a982c00fde5d9d)) + - switch to xlat_tables_v2 ([4f8d5b0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4f8d5b018efc42d1ffa76fca8efb0d16a57f5edd)) + + - **i.MX 8M Mini** + + - enable optee fdt overlay support ([9d0eed1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9d0eed111cb1294605b6d82291fef16a51d35e46)) + - enable Trusty OS on imx8mm ([ff3acfe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ff3acfe3cc1658917376152913a9d1b5b9b8de34)) + - add support for measured boot ([cb2c4f9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cb2c4f93c18b948fbfde9d50ab7d30362be0e00a)) + + - **i.MX 8M Plus** + + - add trusty for imx8mp ([8b9c21b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8b9c21b480dd5c3265be1105a9462b3f5657a6b1)) + - enable BL32 fdt overlay support on imx8mp ([aeff146](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aeff14640a91f6d33bfdbc0dc7b0e920f6d14b91)) + + - **i.MX 8M Nano** + + - enable optee fdt overlay support ([2612891](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/26128912884b26fab67bce9d87ba0e1c85a0be1e)) + - enable Trusty OS for imx8mn ([99349c8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/99349c8ecba910dabbaa72b9be91f3ed762036f5)) + + - **i.MX 8M Q** + + - enable optee fdt overlay support ([023750c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/023750c6a898e77c185839f5e56f8e23538f718a)) + - enable trusty for imx8mq ([a18e393](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a18e393339e1d481f4fdf0d621fe4f39ce93a4fe)) + + - **Layerscape** + + - add CHASSIS 3 support for tbbr ([9550ce9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9550ce9ddd7729a961f51ed61ea4b2030e284dcb)) + - add new soc errata a009660 support ([785ee93](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/785ee93cc3bd9b43d88fee5acefbd131bf6f2756)) + - add new soc errata a010539 support ([85bd092](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85bd0929433875e0b84fdc2046d9ec2cf0164903)) + - add soc helper macro definition for chassis 3 ([602cf53](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/602cf53b6f507cea88f4af5c07bed9325bc7a9b8)) + - define more chassis 3 hardware address ([0d396d6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0d396d6455a659c4e679f02fae1f9043713474b0)) + - print DDR errata information ([3412716](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3412716b30260958b30d1fa2e1c6d8cce195cd7d)) + + - **LS1043A** + + - add ls1043a soc support ([3b0de91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3b0de9182501fae9de372efd1faaf35a7bf74f68)) + + - **LS1043ARDB** + + - add ls1043ardb board support ([e4bd65f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e4bd65fed8a12d06181c1343cf786ac91badb6b0) + + - **LX2** + + - enable DDR erratas for lx2 platforms ([cd960f5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cd960f5009ee062bba9c479505caee6bbe644649)) + + - **LS1046A** + + - add new SoC platform ls1046a ([cc70859](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cc708597fa72094c5a01df60e6538e4a7429c2a0)) + + - **LS1046ARDB** + + - add ls1046ardb board support ([bb52f75](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bb52f7560b62043ed08a753f399dc80e8c1582d3)) + + - **LS1046AFRWY** + + - add ls1046afrwy board support ([b51dc56](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b51dc56ab9ea79e4709f0d0ce965525d0d3da918)) + + - **LS1046AQDS** + + - add board ls1046aqds support ([16662dc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/16662dc40dd2578d3000528ece090ed39ed18b9c)) + + - **LS1088A** + + - add new SoC platform ls1088a ([9df5ba0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9df5ba05b4fe4cd44157363a897b73553ba6e2f1)) + + - **LS1088ARDB** + + - add ls1088ardb board support ([2771dd0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2771dd0293b6cda6811e8bed95f2354a3ee0124e)) + + - **LS1088AQDS** + + - add ls1088aqds board support ([0b0e676](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0b0e67669814139c6818e61e03d0d0e3314fdc99)) + + - **QEMU** + + - add SPMD support with SPMC at S-EL1 ([f58237c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f58237ccd9fd2350730d60ab7de59b5c376bfb35)) + - add support for measured boot ([5e69026](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5e690269d579d9461be3c5f5e3f59d4c666863a0)) + + - **QTI** + + - **MSM8916** + + - allow booting secondary CPU cores ([a758c0b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a758c0b65c6730fb07846899d6436ba257484d34)) + - initial platform port ([dddba19](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dddba19a6a3cb7a1039beaffc3169c4eb3291afd)) + - setup hardware for non-secure world ([af64473](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/af6447315c8534331513ca6b6556af661e0ba88b)) + + - **Renesas** + + - **R-Car** + + - **R-Car 3** + + - modify sequence for update value for WUPMSKCA57/53 ([d9912cf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d9912cf3d1022fc6d38a6059290040985de56e63)) + - modify type for Internal function argument ([ffb725b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ffb725be98ffd010c851629a6da75bf57f770c7f)) + - update IPL and Secure Monitor Rev.3.0.3 ([14d9727](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/14d9727e334300b3f5f57e76a9f6e21431e6c6b5)) + + - **ST** + + - add a function to configure console ([53612f7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/53612f72938f37244a5f10ae7c57abe7358c221f)) + - add STM32CubeProgrammer support on UART ([fb3e798](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fb3e7985c9b657c535c02b722ecc413f643e671e)) + - add STM32MP_UART_PROGRAMMER target ([9083fa1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9083fa11ead67272b94329e8f84257de6658620d)) + - add early console in BL2 ([c768b2b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c768b2b22f4fb16cf8be8b4815a1984b29918c20)) + - disable authentication based on part_number ([49abdfd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/49abdfd8cececb91a4bc7e7b29a30c09dce461c7)) + - get pin_count from the gpio-ranges property ([d0f2cf3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d0f2cf3b148df75d5cbbd42dfa18012043e5d1f4)) + - map 2MB for ROM code ([1697ad8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1697ad8cc81307972d31cec3b27d58f589eeeb3f)) + - protect UART during platform init ([acf28c2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/acf28c267b3679a0770b2010f2ec3fb3c2d19975)) + - update stm32image tool for header v2 ([2d8886a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2d8886aceed613b9be25f20900914cacc8bb0fb9)) + - update the security based on new compatible ([812daf9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/812daf916c9c977a4f6d7d745d22b90c8492fc71)) + - use newly introduced clock framework ([33667d2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/33667d299bd5398ca549f542345e0f321b483d17)) + + - **ST32MP1** + + - adaptations for STM32MP13 image header ([a530874](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a5308745ee3ab3b77ca942052e60968bcc01340d)) + - add "Boot mode" management for STM32MP13 ([296ac80](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/296ac8012b77ea84079b38cc60ee786a5f91857f)) + - add a second fixed regulator ([225ce48](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/225ce4822ccf2e7c7c1fca6cf3918d4399158613)) + - add GUID values for updatable images ([8d6b476](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8d6b4764f3e54431c3d01342d39d1efa70c3dbf9)) + - add GUID's for identifying firmware images to be booted ([41bd8b9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/41bd8b9e2ad3b755505684601f07d4f7f8ec04c4)) + - add helper to enable high speed mode in low voltage ([dea02f4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dea02f4eaed855c2f05d8a1d7eefca313e98e5b4)) + - add logic to pass the boot index to the Update Agent ([ba02add](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ba02add9ea8fb9a8b0a533c1065a77c7dda4f2a6)) + - add logic to select the images to be booted ([8dd7553](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8dd755314fdfa077465bd6cd5e248be392d90378)) + - add NVMEM layout compatibility definition ([dfbdbd0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dfbdbd0625990267c6742268118ea748e77c6123)) + - add part numbers for STM32MP13 ([30eea11](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/30eea116cdd66b3fa1e1208e185eb7285a83d898)) + - add regulator framework compilation ([bba9fde](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bba9fdee589fb9a7aca5963f53b7ce67c30520b3)) + - add sdmmc compatible in platform define ([3331d36](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3331d3637c295993a78f22afe7463cf1c334d329)) + - add sign-compare warning ([c10f3a4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c10f3a4559ebf7a654a9719fec619e81e6ee1d69)) + - add stm32_get_boot_interface function ([a6bfa75](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a6bfa75cf25241a486ab371ae105ea7ebf2d34d8)) + - add support for building the FWU feature ([ad216c1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ad216c106682f1d2565b2a08e11a601b418dc8a4)) + - add support for reading the metadata partition ([0ca180f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0ca180f6416160a523ff442f1ad0b768a9a3a948)) + - add timeout in IO compensation ([de02e9b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/de02e9b0ec29548b8ce5ef6ee9adcd9c5edb0518)) + - allow configuration of DDR AXI ports number ([88f4fb8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/88f4fb8fa759b1761954067346ee674b454bdfde)) + - call pmic_voltages_init() in platform init ([ffd1b88](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ffd1b889225a8aec124df9e330f41dc638fd7180)) + - chip rev. Z is 0x1001 on STM32MP13 ([ef0b8a6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ef0b8a6c1b1a0eab3626041f3168f82bdb410836)) + - enable BL2_IN_XIP_MEM to remove relocation sections ([d958d10](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d958d10eb360024e15f3c921dc3863a0cee98830)) + - enable format-signedness warning ([cff26c1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cff26c19169dd94857e8180cc46b7aa4ccac574a)) + - get CPU info from SYSCFG on STM32MP13 ([6512c3a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6512c3a62a4a7baaf32597284b242bc7172b7e26)) + - introduce new flag for STM32MP13 ([bdec516](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bdec516ee862bfadc25a4d0c02a3b8d859c1fa25)) + - manage HSLV on STM32MP13 ([fca10a8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fca10a8f1b47231ef92634a0adf1a26cbfc97c2a)) + - manage monotonic counter ([f5a3688](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f5a3688b8608df0f269a0b6df18632ebb9e26a01)) + - new way to access platform OTP ([ae3ce8b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ae3ce8b28eac73e9a41fdb28424d9f0f4b5f200e)) + - preserve the PLL4 settings for USB boot ([bf1af15](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bf1af154db2c89028a8a551c18885add35d38966)) + - register fixed regulator ([967a8e6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/967a8e63c33822680e3a4631430dcd9a4a64becd)) + - remove unsupported features on STM32MP13 ([111a384](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/111a384c90afc629e644e7a8284abbd4311cc6b3)) + - retry 3 times FWU trial boot ([f87de90](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f87de907c87e5b2091592c131c4d3d2f737bef01)) + - select platform compilation either by flag or DT ([99a5d8d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/99a5d8d01d38474b056766651bd746a4fe93ab20)) + - skip TOS_FW_CONFIG if not in FIP ([b706608](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b7066086424c2f6fd04880db852306d6f487962e)) + - stm32mp_is_single_core() for STM32MP13 ([7b48a9f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7b48a9f3286b8f174acf8821fec48fd2e4771514)) + - update BACKUP_BOOT_MODE for STM32MP13 ([4b031ab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4b031ab4c50d0b9f7127daa7f4eec634f39de970)) + - update boot API for header v2.0 ([5f52eb1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5f52eb15970e57d2777d114948fc1110e3dd3f6c)) + - update CFG0 OTP for STM32MP13 ([1c37d0c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1c37d0c1d378769249c797de5b13d73cf6f17a53)) + - update console management for SP_min ([aafff04](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aafff0435448c8409935132be41758e0031f0822)) + - update IO compensation on STM32MP13 ([8e07ab5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8e07ab5f705b213af28831f7c3e9878154e07df0)) + - update IP addresses for STM32MP13 ([52ac998](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/52ac9983d67522b6b821391941c8b0d01fd68941)) + - update memory mapping for STM32MP13 ([48ede66](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/48ede6615168118c674288f2e4f8ee1b11d2fa02)) + - updates for STM32MP13 device tree compilation ([d38eaf9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d38eaf99d327bc1400f51c87b6d8a2f92cd828c6)) + - usb descriptor update for STM32MP13 ([d59b9d5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d59b9d53b9cfb2443575c62c6716eb5508374a7b)) + - use clk_enable/disable functions ([c7a66e7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c7a66e720ae1a1a5ef98eaf9ff327cd352549010)) + - use only one filter for TZC400 on STM32MP13 ([b7d0058](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b7d0058a3a9153a3863cf76a6763ea751b3ab48d)) + - warn when debug enabled on secure chip ([ac4b8b0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ac4b8b06eb23134d2a9002834541d33f8d43661b)) + + - **Texas Instruments** + + - add enter sleep method ([cf5868b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cf5868b8cd7239dee69bdf6ba3ab87bd06bf15f5)) + - add gic save and restore calls ([b40a467](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b40a467783e5911f97d6e92ebdeb34ca2f005552)) + - add PSCI handlers for system suspend ([2393c27](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2393c27680a1ec636e413051e87e986df5a866fe)) + - allow build config of low power mode support ([a9f46fa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a9f46fad82b807a9f0a967245e3ac10ee8dd0ef1)) + - increase SEC_SRAM_SIZE to 128k ([38164e6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/38164e64bd853a8329475e9168c5fcb94ecc528b)) + + - **Xilinx** + + - **Versal** + + - add SPP/EMU platform support for versal ([be73459](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/be73459a945d8fa781fcc864943ccd0a8d92421c)) + - add common interfaces to handle EEMI commands ([1397967](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1397967490c9f0ebff0d20a566260d1475fe065e)) + - add SMCCC call TF_A_PM_REGISTER_SGI ([fcf6f46](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fcf6f469318d693a024d42ae2d0f4afb26c1e85d)) + - add support to reset SGI ([bf70449](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bf70449ba2d1ffd20b01741c491dc0f565009b3d)) + - add UART1 as console ([2c79149](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2c791499c26b40c31ce7f68c3bf0dca777fc62de)) + - enhance PM_IOCTL EEMI API to support additional arg ([d34a5db](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d34a5db8a76abdfc8fa68f43b24b971699086a06)) + - get version for ATF related EEMI APIs ([da6e654](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/da6e654bc8b03ee784d0e96a71c4e591e63930f2)) + - remove the time stamp configuration ([18e2a79](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/18e2a79f8a5eaa72a2a7e641c2481beb9f827dce)) + + - **ZynqMP** + + - disable the -mbranch-protection flag ([67abd47](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/67abd4762bd563be94e734bb0fe4087e88d5d446)) + - fix section `coherent_ram' will not fit in region `RAM' ([9b4ed0a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9b4ed0af02a8ff1fd9a81af5213fde16d3eb8d92)) + - add feature check support ([223a628](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/223a6284b8a0a3ead884a7f0cf333a464d32e319)) + - add support to get info of xilfpga ([cc077c2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cc077c22273075db328bd30fa12c28abf9eef052)) + - add uart1 as console ([ea66e4a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ea66e4af0baf5d5b905e72f824a672f16a6e0f98)) + - increase the max xlat tables when debug build is enabled ([4c4b961](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4c4b9615b1d9512a4a89aa08e722547cc491a07b)) + - pass ioctl calls to firmware ([76ff8c4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/76ff8c459e9e6d105e614d68648bd6680806f93e)) + - pm_api_clock_get_num_clocks cleanup ([e682d38](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e682d38b56854e1586b25d929dbc83543b4c66e4)) + +- **Bootloader Images** + + - add XLAT tables symbols in linker script ([bb5b942](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bb5b942e6f133198daedcca0b74ec598af260a54)) + + - **BL2** + + - add support to separate no-loadable sections ([96a8ed1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/96a8ed14b74cca33a8caf567d0f0a2d3b2483a3b)) + + - **BL31** + + - aarch64: RESET_TO_BL31_WITH_PARAMS ([25844ff](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/25844ff728e4a0e5430ba2032457aba7b780a701)) + +- **Services** + + - **RME** + + - add dummy platform token to RMMD ([0f9159b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0f9159b7ebb7e784a8ed998869ff21095fa105b1)) + - add dummy realm attestation key to RMMD ([a043510](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a0435105f229a65c7861b5997793f905cf90b823)) + + - **SPM** + + - update ff-a boot protocol documentation ([573ac37](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/573ac37373d3e8b2c31b3aaeed759e4656e060ec)) + + - **EL3 SPMC** + + - allow BL32 specific defines to be used by SPMC_AT_EL3 ([2d65ea1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2d65ea1930d4ce26cc176a8c60e9401d0b4f862a)) + - add plat hook for memory transactions ([a8be4cd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a8be4cd057bce5f0b4ac6af396c0c870474d1ef4)) + - add EL3 SPMC #defines ([44639ab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/44639ab73e43e0b79da834dff8c85266d68e5066)) + - introduce accessor function to obtain datastore ([6a0788b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6a0788bc0e704283e52c80990aa2bb6e047a0cc2)) + - add FF-A secure partition manager core ([5096aeb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5096aeb2ba646548a7a6ab59e975b996e6c9026a)) + - add FFA_FEATURES handler ([55a2963](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/55a296387b9720855df429a08c886f47a4a45057)) + - add FFA_PARTITION_INFO_GET handler ([f74e277](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f74e27723bb54ad1318fa462fbcff70af555b2e6)) + - add FFA_RUN handler ([aad20c8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aad20c85cb6f4bc91318d3c6488cf72a20fdbe96)) + - add FFA_RX_RELEASE handler ([f0c25a0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f0c25a082fc8b891d4d21518028118561caa4735)) + - add function to determine the return path from the SPMC ([20fae0a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/20fae0a7ce7fd407cd3efb7745017ee6ab605159)) + - add helper function to obtain endpoint mailbox ([f16b6ee](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f16b6ee3deac93706efe465f399c9542e12d5eeb)) + - add helper function to obtain hyp structure ([a7c0050](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a7c00505f85684326a223535a319c170d14826f6)) + - add helper to obtain a partitions FF-A version ([c2b1434](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c2b1434369292081f907c548e496f59e197eb2f1)) + - add partition mailbox structs ([e1df600](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e1df6008d9b4a00da25ec08fbdcbd3a5967fdb54)) + - add support for direct req/resp ([9741327](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9741327df577c3f43db42b26bda607429e62af0b)) + - add support for FF-A power mgmt. messages in the EL3 SPMC ([59bd2ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/59bd2ad83c13ed3c84bb9b841032c95927358890)) + - add support for FFA_MSG_WAIT ([c4db76f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c4db76f066f236fe490ebc7a50833a04e08f5151)) + - add support for FFA_SPM_ID_GET ([46872e0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/46872e01f5efb555fef8367595b59e5d2f75cec0)) + - add support for forwarding a secure interrupt to the SP ([729d779](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/729d7793f830781ff8ed44d144c3346c6e4251a3)) + - add support for handling FFA_ERROR ABI ([d663fe7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d663fe7a3002ff028c190eb732278b878e78b7b7)) + - add support for v1.1 FF-A boot protocol ([2e21921](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2e21921502b1317031cf2a2f69c5d47ac88a505d)) + - add support for v1.1 FF-A memory data structures ([7e804f9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e804f9695c48681c91e9e6fc6175eb6997df867)) + - enable building of the SPMC at EL3 ([1d63ae4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1d63ae4d0d8374a732113565be90d58861506e39)) + - enable checking of execution ctx count ([5b0219d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5b0219ddd5da42413f4c2be9302224b5b71295ff)) + - enable handling FF-A RX/TX Mapping ABIs ([1a75224](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1a752245ecae6487844c57667e24b704e6df8079)) + - enable handling FFA_VERSION ABI ([0c7707f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0c7707fdf21fc2a8658f5a4bdfd2f8883d02ada5)) + - enable handling of the NS bit ([0560b53](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0560b53e71ab6daefa8e75665a718605478746a4)) + - enable parsing of messaging methods from manifest ([3de378f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3de378ff8c9430c964cbe9b0c58fa5afc4d237ce)) + - enable parsing of UUID from SP Manifest ([857f579](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/857f5790da3770a9ca52416274eec4e545c9be53)) + - enable the SPMC to pass the linear core ID in a register ([f014300](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f0143004e548582760aacd6f15f5499b18081a69)) + - prevent read only xlat tables with the EL3 SPMC ([70d986d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/70d986ddbbf56a20c7550c079dd4dc9462332594)) + - support FFA_ID_GET ABI ([d5fe923](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d5fe92350cb018ae7083ed26a6a16508ccd82a86)) + - allow forwarding of FFA_FRAG_RX/TX calls ([642db98](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/642db9840712044b9c496e04a7acd60580e54117)) + - enable handling of FF-A SMCs with the SPMC at EL3 ([bb01a67](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bb01a67306f47271adde051e541c760028c1a0f1)) + - update SPMC init flow to use EL3 implementation ([6da7607](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6da76075bf4b953d621aa15c379e62a5f785de3f)) + - add logical partition framework ([7affa25](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7affa25cad400101c016082be2d102be0f4fce80)) + - add FF-A memory management code ([e0b1a6d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e0b1a6d59e57c0dbe87f5b8f8166f1123664f058)) + - prevent duplicated sharing of memory regions ([fef85e1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fef85e1e53fcf44e8d9ed50c89d8a764bf1b7738)) + - support multiple endpoints in memory transactions ([f0244e5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f0244e5dd1b8cbab75ef00c1b9b56eed5b3cad4b)) + + - **SPMD** + + - forward FFA_VERSION from SPMD to SPMC ([9944f55](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9944f55761c4d5cc1feefaf5e33bf7fb83d8f5f3)) + - enable SPMD to forward FFA_VERSION to EL3 SPMC ([9576fa9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9576fa93a2effc23a533b80dce41d7104a8d200b)) + - add FFA_MSG_SEND2 forwarding in SPMD ([c2eba07](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c2eba07c47f8d831629104eeffcec11ed7d3b0a5)) + - add FFA_RX_ACQUIRE forwarding in SPMD ([d555233](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d555233fe5a04dfd99fd6ac30bacc5284285c131)) + + - **SPM MM** + + - add support to save and restore fp regs ([15dd6f1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/15dd6f19da8ee4b20ba525e0a742d0df9e46e071)) + +- **Libraries** + + - **CPU Support** + + - add library support for Poseidon CPU ([1471475](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1471475516cbf1b4a411d5ef853bd92d0edd542e)) + - add support for Cortex-X1 ([6e8eca7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6e8eca78e5db966e10e2fa2737e9be4d5af51fa9)) + - add L1PCTL macro definiton for CPUACTLR_EL1 ([8bbb1d8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8bbb1d80a58dbdf96fcabbdebbfbd21d2d5344a4)) + + - **EL3 Runtime** + + - add arch-features detection mechanism ([6a0da73](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6a0da73647546aea1d10b4b2347bac9d532bcb43)) + - replace ARM_ARCH_AT_LEAST macro with FEAT flags ([0ce220a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0ce220afb24f0511332b251952019d7011ccc282)) + + - **FCONF** + + - add a helper to get image index ([9e3f409](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9e3f409398af447b1d03001dd981007a9bb1617e)) + - add NS load address in configuration DTB nodes ([ed4bf52](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ed4bf52c33b6860d58a2ffc946bd293ec76bbdaa)) + + - **Standard C Library** + + - add support for length specifiers ([701e94b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/701e94b08f382691b0deabd4df882abd87e17ab5)) + + - **PSA** + + - add initial attestation API ([0848565](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/084856513d6730a50a3d65ac9c3bdae465117c40)) + - add measured boot API ([758c647](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/758c64715b691be92de623f81032494e38a43cc8)) + - mock PSA APIs ([0ce2072](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0ce2072d9b9f419bb19595454395a33a5857ca2f)) + +- **Drivers** + + - **Generic Clock** + + - add a minimal clock framework ([847c6bc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/847c6bc8e6d55b1c0f31a52407aa61515cd6c612)) + + - **FWU** + + - add a function to pass metadata structure to platforms ([9adce87](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9adce87efc8acc947b8b49d700c9773a7f071e02)) + - add basic definitions for GUID handling ([19d63df](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/19d63df1af72b312109b827cca793625ba6fcd16)) + - add platform hook for getting the boot index ([40c175e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/40c175e75bc442674a5dc793c601b09681158ab9)) + - pass a const metadata structure to platform routines ([6aaf257](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6aaf257de4a4070ebc233f35a09bce4c39ea038c)) + - simplify the assert to check for fwu init ([40b085b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/40b085bddf60cf8c533b379ccb41e6668c5080dd)) + + - **Measured Boot** + + - add RSS backend ([0442ebd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0442ebd2e9bcf5fa4344d8fa8ef4b69a3b249e33)) + + - **GUID Partition Tables Support** + + - add a function to identify a partition by GUID ([3cb1065](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3cb1065581f6d9a8507af8dbca3779d139aa0ca7)) + - cleanup partition and gpt headers ([2029f93](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2029f930097b0c3b1b1faa660032d16ed01a5c86)) + - copy the partition GUID into the partition structure ([7585ec4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7585ec4d36ebb7e286cfec959b2de084eded8201)) + - make provision to store partition GUID value ([938e8a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/938e8a500a25a949cfd25f0cb79f6c1359c9b40c)) + - verify crc while loading gpt header ([a283d19](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a283d19f82ddb635d9d9fa061e7fd956167ebe60)) + + - **Arm** + + - **GIC** + + - allow overriding GICD_PIDR2_GICV2 address ([a7521bd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a7521bd5d887bfd69d99a55a81416e38ba9ebc97)) + + - **GIC-600AE** + + - disable SMID for unavailable blocks ([3f0094c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3f0094c15d433cd3de413a4633a4ac2b8e1d1f2e)) + - enable all GICD, PPI, ITS SMs ([6a1c17c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6a1c17c770139c00395783e7568220d61264c247)) + - introduce support for RAS error handling ([308dce4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/308dce40679f63db504cd3d746a0c37a2a05f473)) + + - **SMMU** + + - add SMMU abort transaction function ([6c5c532](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6c5c5320511ab8202fb9eccce9e66b4e4e0d9a33)) + - configure SMMU Root interface ([52a314a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/52a314af254966a604e192fcc3326737354f217a)) + + - **MHU** + + - add MHU driver ([af26d7d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/af26d7d6f01068809f17cc2d49a9b3d573c640a9)) + + - **RSS** + + - add RSS communication driver ([ce0c40e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ce0c40edc93aa403cdd2eb6c630ad23e28b01c3e)) + + - **TZC** + + - **TZC-380** + + - add sub-region register definition ([fdafe2b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fdafe2b5ead66a1b5175db77bcc7cedafa14a059)) + + - **Marvell** + + - **Armada** + + - **A3K** + + - **A3720** + + - preserve x1/x2 regs in console_a3700_core_init() ([7c85a75](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7c85a7572960efbaabe20c9db037bcec66be3e98)) + + - **MediaTek** + + - **APU** + + - add mt8195 APU clock and pll SiP call ([296b590](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/296b590206aa6db51e5c82b1a97a4f9707b49c4d)) + - add mt8195 APU iommap regions ([339e492](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/339e4924a7a3fd11bc176e0bf3e01d76133d364c)) + - add mt8195 APU mcu boot and stop SiP call ([88906b4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/88906b443734399be5c07a5bd690b63d3d82cefa)) + + - **NXP** + + - **DCFG** + + - add Chassis 3 support ([df02aee](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/df02aeeec640d2358301e903d9c8c473d455be9e)) + - add gic address align register definition ([3a8c9d7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3a8c9d78d4c65544d789bd64bd005ac10b5b352d)) + - add some macro definition ([1b29fe5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1b29fe534b8732193850fced2da1dc449450bd3b)) + + - **NXP Crypto** + + - add chassis 3 support ([d60364d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d60364d48e31b33b57049d848b7462eb0e0de612)) + + - **DDR** + + - add rawcard 1F support ([f2de48c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f2de48cb143c20ccd7a9c141df3d34cae74049de)) + - add workaround for errata A050958 ([291adf5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/291adf521a54a365e54964bff4dae53d51c65936)) + + - **GIC** + + - add some macros definition for gicv3 ([9755fd2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9755fd2ec2894323136715848910b13053cfe0ce)) + + - **CSU** + + - add bypass bit mask definition ([ec5fc50](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ec5fc501f15922967bf5d8260072ba1f9aec9640)) + + - **IFC NAND** + + - add IFC NAND flash driver ([28279cf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/28279cf2c141caf5e4e7156f874cde6f5a0d271b)) + + - **IFC NOR** + + - add IFC nor flash driver ([e2fdc77](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e2fdc77ba4eee91f0d1490e34f0fff552fc55dc9)) + + - **TZC-380** + + - add tzc380 platform driver support ([de9e57f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/de9e57ff1f3769e770eac44b94127eb7239a63f2)) + + - **ST** + + - introduce fixed regulator driver ([5d6a264](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5d6a2646f7759a5a2b3daed0d8aef4588c552ba4)) + + - **Clock** + + - add clock driver for STM32MP13 ([9be88e7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9be88e75c198b08c508d8e470964720a781294b3)) + - assign clocks to the correct BL ([7418cf3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7418cf397916c97cb4ecf159b1f497a84299b695)) + - check HSE configuration in serial boot ([31e9750](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/31e9750bc17bd472d4f2a3db297461efc301be51)) + - define secure and non-secure gate clocks ([aaa09b7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aaa09b713c6f539fb5b2ee7e2dfd75f2d46875f5)) + - do not refcount on non-secure clocks in bl32 ([3d69149](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3d69149a7e9e9a899d57f48bee26f98614f88935)) + - manage disabled oscillator ([bcccdac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bcccdacc7e7b7b985df942b3fae26cb9038a2574)) + + - **DDR** + + - add read valid training support ([5def13e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5def13eb01ebac5656031bdc388a215d012fdaf8)) + + - **GPIO** + + - allow to set a gpio in output mode ([53584e1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/53584e1d5b2b843ea3bb9e01e3f01ea7c364ee6a)) + - do not apply secure config in BL2 ([fc0aa10](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fc0aa10a2cd3cab887a8baa602891d1f45db2537)) + - add a function to reset a pin ([737ad29](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/737ad29bf992a7a79d538d1e0b47c7f38d9a4b9d)) + + - **SDMMC2** + + - allow compatible to be defined in platform code ([6481a8f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6481a8f1e045ac80f0325b8bfe7089ba23deaf7b)) + - manage cards power cycle ([258bef9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/258bef913aa76ead1b10c257d1695d9c0ef1c79d)) + + - **ST PMIC** + + - add pmic_voltages_init() function ([5278ec3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5278ec3faf2010fd6aea1d8cd4294dd229c5c21d)) + - register the PMIC to regulator framework ([85fb175](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85fb175b5ef854bc4607db98a4cfb5f35d822cee)) + + - **STPMIC1** + + - add new services ([ea552bf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ea552bf5a57b573a6b09e396e3466b3c4af727f0)) + - add USB OTG regulators ([13fbfe0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/13fbfe046e71393961d2c70a4f748a15f9c15f77)) + + - **Regulator** + + - add support for regulator-always-on ([9b4ca70](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9b4ca70d97d9a2556752b511ff9fe52012faff02)) + - add a regulator framework ([d5b4a2c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d5b4a2c4e7fd0bcb9f08584b242e69a2e591fb71)) + + - **UART** + + - manage oversampling by 8 ([1f60d1b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1f60d1bd33d434b0c82a74e276699ee5a2f63833)) + - add uart driver for STM32MP1 ([165ad55](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/165ad5561ef598ea6261ba082610eeff3f208df7)) + +- **Miscellaneous** + + - **Debug** + + - update print_memory_map.py ([d16bfe0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d16bfe0feffe6a20399fb91d86fd8f7282b941dd)) + + - **DT Bindings** + + - add bindings for STM32MP13 ([1b8898e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1b8898eb32c3872a34fc59f4216736f23af0c6ea)) + - add TZC400 bindings for STM32MP13 ([24d3da7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/24d3da76d221390bb47d501c2ed77a1a7d2b42e7)) + + - **FDT Wrappers** + + - add function to find or add a sudnode ([dea8ee0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dea8ee0d3f13f8d1638745b76e86bd7617bf92e7)) + + - **FDTs** + + - add the ability to supply idle state information ([2b2b565](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2b2b565717cc0299e75e8806004d1a3548e9fbf7)) + + - **STM32MP1** + + - add DDR support for STM32MP13 ([e6fddbc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e6fddbc995947d4e5a5dc6607c76cd46fdd840e2)) + - add DT files for STM32MP13 ([3b99ab6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3b99ab6e370a01caec14bc5422a86001eaf291b8)) + - add nvmem_layout node and OTP definitions ([ff8767c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ff8767cbfc2bb851a2f6cc32fbe3693ddbfb7d12)) + - add st-io_policies node for STM32MP13 ([2bea351](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2bea35122d102492f18c427535ce6c9b7016e356)) + - add support for STM32MP13 DK board ([2b7f7b7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2b7f7b751f4b0f7a8a0f4a35407af22cc269e529)) + - update NVMEM nodes ([375b79b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/375b79bb4a773fe6a5dd971272c72bf12155050e)) + +- **Documentation** + + - context management refactor proposal ([3274226](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/327422633bef112a10579d4daeca0f596cd02911)) + + - **Threat Model** + + - Threat Model for TF-A v8-R64 Support ([dc66922](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dc669220d5666c2c808bc11ba81c86a9b071271a)) + +- **Tools** + + - **Secure Partition Tool** + + - add python SpSetupActions framework ([b1e6a41](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b1e6a41572240839e62099aa00298174b18c696a)) + - delete c version of the sptool ([f4ec476](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f4ec47613fef8db8037195147dc2ac6fb6f154ff)) + - python version of the sptool ([2e82874](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2e82874cc9b7922e000dd4d7718e3153e347b1d7) + - use python version of sptool ([822c727](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/822c72791f791d26e233df0c15a655c3dbd8b117)) + +### Resolved Issues + +- **Architecture** + + - **Activity Monitors Extension (FEAT_AMU)** + + - add default value for ENABLE_FEAT_FGT and ENABLE_FEAT_ECV flags ([820371b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/820371b13028a6f620a62cf73a951883d051666b)) + - fault handling on EL2 context switch ([f74cb0b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f74cb0be8ac80eb3072555cb04eb09375d4cb31f)) + - limit virtual offset register access to NS world ([a4c3945](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a4c394561af31ae0417ed9ff3b3152adb7cd5355)) + + - **Scalable Vector Extension (FEAT_SVE)** + + - disable ENABLE_SVE_FOR_NS for AARCH32 ([24ab2c0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/24ab2c0af74be174acf755a36b3ebba867184e60)) + +- **Platforms** + + - **Allwinner** + + - improve DTB patching error handling ([79808f1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/79808f10c32d441572666551b1545846079af15b)) + + - **Arm** + + - fix fvp and juno build with USE_ROMLIB option ([861250c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/861250c3b26d64f859f5f37686e453d5074fa976)) + - increase ARM_BL_REGIONS count ([dcb1959](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dcb1959161935aa58d2bb852f3cef0b96458a4e1)) + - remove reclamation of functions starting with "init" ([6c87abd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6c87abdda400354ebf4f5351086c32a4620475c9)) + - use PLAT instead of TARGET_PLATFORM ([c5f3de8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c5f3de8dabc9b955b6051a6c6116d40b10a84f5d)) + - fix SP count limit without dual root CoT ([9ce15fe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9ce15fe8910580efca46b9f102e117402ce769db)) + + - **FVP** + + - FCONF Trace Not Shown ([0c55c10](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0c55c10305df6217fd978d58ce203dbad3edd4d5)) + - disable reclaiming init code by default ([fdb9166](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fdb9166b9494402eb2da7e0b004c121b322725e0)) + - extend memory map to include all DRAM memory regions ([e803542](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e80354212f591c8813dec27353e8241e03155b4c)) + - fix NULL pointer dereference issue ([a42b426](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a42b426b8548e3304e995f1a49d2470d71072949)) + - op-tee sp manifest doesn't map gicd ([69cde5c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/69cde5cd9563f0c665862f1e405ae8e8d2818c6e)) + + - **Morello** + + - change the AP runtime UART address ([07302a2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/07302a23ec1af856b3d4de0439161a8c23414f84)) + - fix SoC reference clock frequency ([e8b7a80](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e8b7a80436c2bc81c61fc4703d6580f2fe9226a9)) + - include errata workaround for 1868343 ([f94c84b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f94c84baa2a2bad75397b0ec6a0922fe8a475847)) + + - **SGI** + + - disable SVE for NS to support SPM_MM builds ([78d7e81](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/78d7e819798ace643b6e22025dc76aedb199bbd5)) + + - **TC** + + - remove the bootargs node ([68fe3ce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/68fe3cec25bc9ea4e1bafdb1d9f5315e245d650b)) + + - **Corstone-1000** + + - change base address of FIP in the flash ([1559450](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1559450132c5e712f4d6896e53e4f1cb521fa465)) + + - **Broadcom** + + - allow build to specify mbedTLS absolute path ([903d574](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/903d5742953d9d4b224e71d8b1e62635e83f44a9)) + - fix the build failure with mbedTLS config ([95b5c01](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/95b5c0126b802b894ea0177d973978e06b6a254d)) + + - **Intel** + + - add flash dcache after return response for INTEL_SIP_SMC_MBOX_SEND_CMD ([ac097fd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ac097fdf07ad63b567ca751dc518f8445a0baef6)) + - allow non-secure access to FPGA Crypto Services (FCS) ([4837a64](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4837a640934630f8034ceec1bb84cc40673d8a6b)) + - always set doorbell to SDM after sending command ([e93551b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e93551bb3bd8ac43779fa70c7363ee2568da45ca)) + - assert if bl_mem_params is NULL pointer ([35fe7f4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/35fe7f400a7f1d65ff2fee5531d20f6c2f3e6f39)) + - bit-wise configuration flag handling ([276a436](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/276a43663e8e315fa1bf0aa4824051d88705858b)) + - change SMC return arguments for INTEL_SIP_SMC_MBOX_SEND_CMD ([108514f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/108514ff7160a86efb791449a4635ffe0f9fdf2c)) + - configuration status based on start request ([e40910e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e40910e2dc3fa59bcce83ec1cf9a33b3e85012c4)) + - define macros to handle buffer entries ([7db1895](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7db1895f0be2f8c6710bf51d8441d5e53e3ef0fe)) + - enable HPS QSPI access by default ([000267b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/000267be22d3c0077c0fd0a8377ceeed5aada4c3)) + - extend SDM command to return the SDM firmware version ([c026dfe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c026dfe38cfae379457a6ef53130bd5ebc9d7808)) + - extending to support large file size for AES encryption and decryption ([dcb144f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dcb144f1fbcef73ddcc448d5ed6134aa279069b6)) + - extending to support large file size for SHA-2 ECDSA data signing and signature verifying ([1d97dd7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1d97dd74cd128edd7ad45b725603444333c7b262)) + - extending to support large file size for SHA2/HMAC get digest and verifying ([70a7e6a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/70a7e6af958f3541476a8de6baac8e376fcc67f9)) + - fix bit masking issue in intel_secure_reg_update ([c9c0709](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c9c070994caedf123212aad23b6942122c5dd793)) + - fix configuration status based on start request ([673afd6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/673afd6f8e7266900b00a7cbeb275fe1a3d69cce)) + - fix ddr address range checker ([12d71ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/12d71ac6627bb6822a0314e737794a8503df79dd)) + - fix ECC Double Bit Error handling ([c703d75](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c703d752cce4fd101599378e72db66ccf53644fa)) + - fix fpga config write return mechanism ([ef51b09](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ef51b097bfa906bf1cee8ee641a1b7bcc8c5f3c0)) + - flush dcache before sending certificate to mailbox ([49d44ec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/49d44ec5f357b1bcf8eae9e91fbd72aef09e00dd)) + - get config status OK status ([07915a4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/07915a4fd5848fbac69dcbf28f00353eed10a942)) + - introduce a generic response error code ([651841f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/651841f20110ce6fac650e3ac47b0a9cce18e6f3)) + - make FPGA memory configurations platform specific ([f571183](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f571183b066b1a91b7fb178c3aad9d6360d1918c)) + - modify how configuration type is handled ([ec4f28e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ec4f28ecec8887a685d6119c096ad346da1ea53e)) + - null pointer handling for resp_len ([a250c04](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a250c04b0cc807f626df92a7091ff13b3a3aa9ed)) + - refactor NOC header ([bc1a573](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bc1a573d5519f121cb872fce1d88fe2e0db07b2c)) + - reject non 4-byte align request size for FPGA Crypto Service (FCS) ([52ed157](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/52ed157fd66812debb13a792c21f763de01aef70)) + - remove redundant NOC header declarations ([58690cd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/58690cd629b4ccdefe5313f805219598074a3501)) + - remove unused printout ([0d19eda](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0d19eda0dd2ffae27d0551b1f0a06a2b8f96c853)) + - update certificate mask for FPGA Attestation ([fe5637f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fe5637f27aebfdab42915c2ced2c34d8685ee2bb)) + - update encryption and decryption command logic ([02d3ef3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02d3ef333d4a0a07a3e40defb12a8cde3a7cba03)) + - use macro as return value ([e0fc2d1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e0fc2d1907b1c8a062c44a435be77a12ffeed84b)) + + - **Marvell** + + - **Armada** + + - **A3K** + + - change fatal error to warning when CM3 reset is not implemented ([30cdbe7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/30cdbe7043832f7bd96b40294ac062a8fc9c540f)) + - fix comment about BootROM address range ([5a60efa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5a60efa12a57cde98240f861e45609cb9b94d58d)) + + - **Mediatek** + + - **MT8186** + + - remove unused files in drivers/mcdi ([bc714ba](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bc714bafe7ae8ca29075ba9bf3985c0e15ae0f64)) + - extend MMU region size ([0fe7ae9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0fe7ae9c64aa6f6d5b06a80de9c88081057d5dbe)) + + - **NVIDIA** + + - **Tegra** + + - **Tegra 194** + + - remove incorrect erxctlr assert ([e272c61](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e272c61ce8185deb397dcf168ec72bdaa5926a33)) + + - **NXP** + + - fix total dram size checking ([0259a3e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0259a3e8282ed17c1d378a27f820f44b3bebab07)) + - increase soc name maximum length ([3ccd7e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3ccd7e45a2c3ff9fa7794f0284c9d0298e7cb982)) + + - **i.MX** + + - **i.MX 8M** + + - check the validation of domain id ([eb7fb93](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eb7fb938c3ce34ccfb143ae8ba695df899098436)) + + - **i.MX 8M Plus** + + - change the BL31 physical load address ([32d5042](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/32d5042204e8b41caa4c0c1ed5b48bad9f1cb1b5)) + + - **Layerscape** + + - fix build issue of mmap_add_ddr_region_dynamically ([e2818d0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e2818d0afc20a60d302f85f4c915e4ae4cc3cb9c)) + - fix coverity issue ([5161cfd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5161cfde9bfaa3a715d160fcd4870f276adad332)) + - update WA for Errata A-050426 ([72feaad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/72feaad980cdc472868bc95914202bf57ed51b2d)) + + - **LX2** + + - drop erratum A-009810 ([e36b0e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e36b0e4910aea56f90a6ab9b8cf3dc4008220031)) + + - **Renesas** + + - **R-Car** + + - **R-Car 3** + + - change stack size of BL31 ([d544dfc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d544dfcc4959d203b06dbfb85fb0ad895178b379)) + - fix SYSTEM_OFF processing for R-Car D3 ([1b49ba0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1b49ba0fde5eb9e47fe50152c192579101feb718)) + - fix to bit operation for WUPMSKCA57/53 ([82bb6c2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/82bb6c2e88314a5b3f2326c95095c3b20a389947)) + + - **Socionext** + + - **Synquacer** + + - initialise CNTFRQ in Non Secure CNTBaseN ([4d4911d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4d4911d77d4d59c7dd18d7fc3724ddb1fa3582b7)) + + - **ST** + + - add missing header include ([b1391b2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b1391b294ca7803f46bc47048b4a02a15dda9a16)) + - don't try to read boot partition on SD cards ([9492b39](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9492b391a35c66e1e7630e95347259191b28314d)) + - fix NULL pointer dereference issues ([2deff90](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2deff904a953c6a87331ab6830ab80e3889d9e23)) + - manage UART clock and reset only in BL2 ([9e52d45](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9e52d45fdf619561e0a7a833b77aaacc947a4dfd)) + - remove extra chars from dtc version ([03d2077](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/03d20776efc20a04a5191a4f39965079a4d60b3c)) + + - **ST32MP1** + + - add missing debug.h ([356ed96](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/356ed961184847dcd088cfcda44b71eeb0ef2377)) + - correct dtc version check ([429f10e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/429f10e3367748abd33b4f6f9ee362c0ba74dd95)) + - correct include order ([ff7675e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ff7675ebf94999618dbde14bb59741cefb2b2edd)) + - correct types in messages ([43bbdca](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/43bbdca04f5a20bb4e648e18fc63061b6a6e4ecf)) + - deconfigure UART RX pins ([d7176f0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d7176f0319cd399aae9a906e5d78e67b32e183f5)) + - do not reopen debug features ([21cfa45](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/21cfa4531a76a7c3cad00e874400b97e2f68723c)) + - fix enum prints ([ceab2fc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ceab2fc3442dbda1c4beaff3c4fe708a04c02303)) + - include assert.h to fix build failure ([570c71b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/570c71b20a195ade510f5d584c69325d2634c50b)) + - remove interrupt_provider warning for dtc ([ca88c76](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ca88c761d34854ed3e0b16b9c5f39b0790d320ab)) + - restrict DEVICE2 mapping in BL2 ([db3e0ec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/db3e0ece7157181a3529d14172368003eb63dc30)) + - rework switch/case for MISRA ([f7130e8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f7130e81cf9c3682232bb9319b1798184b44920f)) + - set reset pulse duration to 31ms ([9a73a56](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9a73a56c353d32742e03b828647562bdbe2ddbb2)) + + - **Xilinx** + + - fix coding style violations ([bb1768c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bb1768c67ea06ac466e2cdc7e5338c3d23dac79d)) + - fix mismatching function prototype ([81333ea](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/81333eac716b25a9fd112cc4f5990e069f3bdb40)) + + - **Versal** + + - resolve misra R10.1 in pm services ([775bf1b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/775bf1bbd32c2df47f4ff597eb8a452d2983e590)) + - resolve misra R10.3 ([b2bb3ef](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b2bb3efb8f590f31b1205c51d56be1dd6f473fbb)) + - resolve misra R10.3 in pm services ([5d1c211](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5d1c211e225d40d2926bf34483c90f907a6c5dc3)) + - resolve misra R10.6 ([93d4625](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/93d462562727f4f428e6f975a972226dafbfd305)) + - resolve misra R10.6 in pm services ([fa98d7f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fa98d7f2f8752e37f740b43f533547288552a393)) + - resolve misra R14.4 ([a62c40d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a62c40d42703d5f60a8d80938d2cff721ee131bd)) + - resolve misra R15.6 ([b9fa2d9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b9fa2d9fc154feffe78e677ace54b0e34f011439)) + - resolve misra R15.6 in pm services ([4156719](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4156719550ceddf5b1b4a47464fb32f7506e0dca)) + - resolve misra R15.7 ([bc2637e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bc2637e3799dbc9642447ddb719e0262347b1309)) + - resolve misra R16.3 in pm services ([27ae531](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/27ae5310883b0db7d4e2dd4fbc1fd58e675f75b5)) + - resolve misra R17.7 ([526a1fd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/526a1fd1472874561988777f8ecd8b87734a0671)) + - resolve misra R20.7 in pm services ([5dada62](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5dada6227b949ef702bfab7986bc083689afdaf7)) + - resolve misra R7.2 ([0623dce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0623dcea0f6e7a5c9d65413445df8a96a2b40d42)) + - fix coverity scan warnings ([0b15187](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0b15187225a9134e3acbc7693646b21d43617b3b)) + - fix the incorrect log message ([ea04b3f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ea04b3fe183b6661f656b4cc38cb93a73d9bc202)) + + - **ZynqMP** + + - define and enable ARM_XLAT_TABLES_LIB_V1 ([c884c9a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c884c9a55b167383ff3d96d2d0a30ac6842bcc86)) + - query node status to power up APU ([b35b556](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b35b556718b60b78cb5d96b0c137e2fe82eb0086)) + - resolve misra 7.2 warnings ([5bcbd2d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5bcbd2de127292f3ad076217e08468388c6844b0)) + - resolve misra 8.3 warnings ([944e7ea](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/944e7ea94f2594e2b128c671cf7415265302596b)) + - resolve misra R10.3 ([2b57da6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2b57da6c91ebe14588e63e5a24f31ef32711eca2)) + - resolve misra R14.4 warnings ([dd1fe71](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dd1fe7178b578916b1e133b7c65c183e1f994371)) + - resolve misra R15.6 warnings ([eb0d2b1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eb0d2b17722c01a22bf3ec1123f7bed2bf891b09)) + - resolve misra R15.7 warnings ([16de22d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/16de22d037644359ef2a04058134f9c326b36633)) + - resolve misra R16.3 warnings ([e7e5d30](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e7e5d30308ccfb931f7b6d0afa6c5c23971e95c0)) + - resolve misra R8.4 warnings ([610eeac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/610eeac89438d603435bde694eb4ddab07f46e45)) + - update the log message to verbose ([1277af9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1277af9bacca36b46d7aa341187bb3abef84332f)) + - use common interface for eemi apis ([a469c1e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a469c1e1f4c1cd69f98ce45d6e0709de091b8cb3)) + +- **Bootloader Images** + + - **BL1** + + - invalidate SP in data cache during secure SMC ([f1cbbd6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1cbbd6332bb85672dc72cbcc4ac7023323c6936)) + + - **BL2** + + - correct messages with image_id ([e4c77db](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e4c77db9c80d87009611a3079454877e6ce45a04)) + - define RAM_NOLOAD for XIP ([cc562e7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cc562e74101d800b0b0ee3422fb7f4f8321ae2b7)) + +- **Services** + + - **RME** + + - enable/disable SVE/FPU for Realms ([a4cc85c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a4cc85c129d031d9c887cf59b1baeaef18a43010)) + - align RMI and GTSI FIDs with SMCCC ([b9fd2d3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b9fd2d3ce3d4e543a2e04dc237cd4e7ff7765c7a)) + - preserve x4-x7 as per SMCCCv1.1 ([1157830](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/11578303fd04a8da36fddb5e6de44f026bf4d24c)) + + - **TRP** + + - Distinguish between cold and warm boot ([00e8113](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/00e8113145aa12d89db72068bdd3157f08575d14)) + + - **SPM** + + - **EL3 SPMC** + + - fix incorrect FF-A version usage ([25eb2d4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/25eb2d41a6d2ede1e945bbc67ae3f740b92a40bb)) + - fix FF-A memory transaction validation ([3954bc3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3954bc3c03439dbdc7029cf2418c79a037918ce4)) + +- **Libraries** + + - **CPU Support** + + - workaround for Cortex-A710 2282622 ([ef934cd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ef934cd17c30dcc39cd9022a1c4e9523ec8ba617)) + - workaround for Cortex-A710 erratum 2267065 ([cfe1a8f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cfe1a8f7123f0dc8376b2075cc6e8e32b13739b2)) + - workaround for Cortex A78 AE erratum 2376748 ([92e8708](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/92e870843e9bd654fd1041d66f284c19ca9c0d4f)) + - workaround for Cortex A78 AE erratum 2395408 ([3f4d81d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3f4d81dfd26649fbcbbbe993a9f0236f5bb07c8a)) + - workaround for Cortex X2 erratum 2002765 ([34ee76d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/34ee76dbdfeee85f123cb903ea95dbee5e9a44a5)) + - workaround for Cortex X2 erratum 2058056 ([e16045d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e16045de50e8b430e6601ba0e1e47097d8310f3d)) + - workaround for Cortex X2 erratum 2083908 ([1db6cd6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1db6cd60279e2d082876692a65cf9c532f506a69)) + - workaround for Cortex-A510 erratum 1922240 ([8343563](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/83435637bfafbf1ce642a5fabb52e8d7b2819e36)) + - workaround for Cortex-A510 erratum 2041909 ([e72bbe4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e72bbe47ba7f2a0087654fd99ae24b5b7b444943)) + - workaround for Cortex-A510 erratum 2042739 ([d48088a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d48088acbe400133037ae74acf1b722b059119bb)) + - workaround for Cortex-A510 erratum 2172148 ([c0959d2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c0959d2c460cbf7c14e7ba2a57d69ecddae80fd8)) + - workaround for Cortex-A510 erratum 2218950 ([cc79018](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cc79018b71e45acb524fc5d429d394497ad53646)) + - workaround for Cortex-A510 erratum 2250311 ([7f304b0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7f304b02a802b7293d7a8b4f4030c5ff00158404)) + - workaround for Cortex-A510 erratum 2288014 ([d5e2512](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d5e2512c6b86409686f5d1282922ebdf72459fc2)) + - workaround for Cortex-A710 erratum 2008768 ([af220eb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/af220ebbe467aa580e6b9ba554676f78ffec930f)) + - workaround for Cortex-A710 erratum 2136059 ([8a855bd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8a855bd24329e081cf13a257c7d2dc3ab4e5dcca)) + - workaround for Cortex-A78 erratum 2376745 ([5d796b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5d796b3a25150faff68013880f5a9350cbc53889)) + - workaround for Cortex-A78 erratum 2395406 ([3b577ed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3b577ed53d104cfb324390b7519da5e7744d1001)) + - workaround for Cortex-X2 errata 2017096 ([e7ca443](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e7ca4433fa591233e7e2912b689ab56e531f9775)) + - workaround for Cortex-X2 errata 2081180 ([c060b53](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c060b5337a43cd42f55b99d83096bb44b51b5335)) + - workaround for Cortex-X2 erratum 2147715 ([63446c2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/63446c27d11453faacfddecffa44d3880615d412)) + - workaround for Cortex-X2 erratum 2216384 ([4dff759](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4dff7594f94f1e788aef709cc5b3d079693b6242)) + - workaround for DSU-110 erratum 2313941 ([7e3273e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e3273e8e4dca44e7cb88a827b94e662fa8f83e9)) + - workaround for Rainier erratum 1868343 ([a72144f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a72144fb7a30c2782a583a3b0064e741d1fe2c9f)) + - workarounds for cortex-x1 errata ([7b76c20](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7b76c20d8eb4271b381371ce0d510fbe6ad825bf)) + - use CPU_NO_EXTRA3_FUNC for all variants ([b2ed998](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b2ed99894d326993961680fb8e786c267a712400)) + + - **EL3 Runtime** + + - set unset pstate bits to default ([7d33ffe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7d33ffe4c116506ed63e820d5b6edad81680cd11)) + + - **Context Management** + + - add barrier before el3 ns exit ([0482503](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/04825031b2384a08504821f39e98e23bb6f93f11)) + - remove registers accessible only from secure state from EL2 context ([7f41bcc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7f41bcc76d8857b4678c90796ebd85794ff3ee5f)) + - refactor the cm_setup_context function ([2bbad1d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2bbad1d126248435e26f9d0d9f5920d8806148d7)) + - remove initialization of EL2 registers when EL2 is used ([fd5da7a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fd5da7a84731e9687f56c263ff3aa8ebed75075a)) + - add cm_prepare_el3_exit_ns function ([8b95e84](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8b95e8487006ff77a7d84fba5bd20ba7e68d8330)) + - refactor initialization of EL1 context registers ([b515f54](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b515f5414b00a8b7ca9b21363886ea976bd19914)) + + - **FCONF** + + - correct image_id type in messages ([cec2fb2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cec2fb2b1a8359bf1f349a5b8c8a91a1845f4ca1)) + + - **PSCI** + + - correct parent_node type in messages ([b9338ee](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b9338eee7fbcac7f4b55f27b064572e847810422)) + + - **GPT** + + - rework delegating/undelegating sequence ([6a00e9b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6a00e9b0c8c37fc446f83ef63e95a75353e31e8b)) + + - **Translation Tables** + + - fix bug on VERBOSE trace ([956d76f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/956d76f69d0c96829784c5a6d16aa79e4e0ecab1)) + + - **Standard C Library** + + - correct some messages ([a211fde](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a211fde940d4dbd8e95e4f352af2a066a4f89f30)) + - fix snprintf corner cases ([c1f5a09](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c1f5a0925ddf84981d9e176d146bfddb48eb45d1)) + - limit snprintf radix value ([b30dd40](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b30dd4030dcef950eac05393013ee019c3cb3205)) + - snprintf: include stdint.h ([410c925](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/410c925ab31693dc74d654ff9167c8eed3ec5a62)) + + - **Locks** + + - add __unused for clang ([5a030ce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5a030ce4aed271344087bca723903e10fef59ac9)) + +- **Drivers** + + - **FWU** + + - rename is_fwu_initialized ([aae7c96](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aae7c96de63914c954f0fc64cd795844832483fc)) + + - **I/O** + + - **MTD** + + - correct types in messages ([6e86b46](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6e86b462490429fee6db877338a649b0e199b0ec)) + + - **Measured Boot** + + - add RMM entry to event_log_metadata ([f4e3e1e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f4e3e1e85f64d8930e89c1396bc9785512f656bd)) + + - **MTD** + + - correct types in messages ([6e86b46](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6e86b462490429fee6db877338a649b0e199b0ec)) + + - **SCMI** + + - add missing \n in ERROR message ([0dc9f52](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0dc9f52a2a9f0b9686c65dd60c84e0bcca552144)) + - make msg_header variable volatile ([99477f0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/99477f051ef857a1e0600cb98858fc74c007e1ff)) + - use same type for message_id ([2355ebf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2355ebff6f6312086868f44b8ad7f821f6385208)) + + - **UFS** + + - delete call to inv_dcache_range for utrd ([c5ee858](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c5ee8588bf9a36075723e5aacceefa93fd2de8c9)) + - disables controller if enabled ([b3f03b2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b3f03b20135fc5fcd5e6ec7e5ca49f1e59b5602e)) + - don't zero out buf before ufs read ([2ef6b8d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2ef6b8d378e7f7c1b1eb7abe176989c3f996f2dc)) + - don't zero out the write buffer ([cd3ea90](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cd3ea90b200534b8c9d81619731c9ce198478a3c)) + - fix cache maintenance issues ([38a5ecb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/38a5ecb756e217a80ed951747797ab150449ee9b)) + - move nutrs assignment to ufs_init ([0956319](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0956319b580726029ddc4e00cde6c5a348b99052)) + - read and write attribute based on spec ([a475518](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a475518337e15935469543b1cce353e5b337ef52)) + + - **Arm** + + - **GIC** + + - **GICv3** + + - fix iroute value wrong issue ([65bc2d2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/65bc2d224b836c230888796c4eda455997dccd8b)) + + - **TZC** + + - **TZC-400** + + - correct message with filter ([bdc88d2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bdc88d2154448957f452cb472ff95ccec5808ca1)) + + - **Marvell** + + - **COMPHY** + + - change reg_set() / reg_set16() to update semantics ([95c26d6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/95c26d6489bd8b2fc8b8e14bc2da5d2918055acc)) + + - **Armada 3700** + + - drop MODE_REFDIV constant ([9fdecc7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9fdecc72f0fce17ca2cd8e4c3b26c01262166d10)) + - fix comment about COMPHY status register ([4bcfd8c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4bcfd8c02e3e3aa27b55dedeed11fb16bac991a9)) + - fix comments about selector register values ([71183ef](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/71183ef6654c2a485458307a84ce7c473524689a)) + - fix Generation Setting registers names ([e5a2aac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e5a2aac5bbc6dedb20edcc8e7850be2813cb668b)) + - fix PIN_PU_IVREF register name ([c9f138e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c9f138ebfef90d5b7b5651f06efd81bcbc55366b)) + - fix reference clock selection value names ([6ba97f8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6ba97f83dbb314b076588b97415a4078924e1903)) + - fix SerDes frequency register value name ([bdcf44f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bdcf44f1af496e06b693b781fe16bbc2a05fa365)) + - use reg_set() according to update semantics ([4d01bfe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4d01bfe66522b13f0d9042206e986551c94fc01e)) + + - **Armada** + + - **A3K** + + - **A3720** + + - configure UART after TX FIFO reset ([15546db](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/15546dbf40e5ea81a982a1e6d1e5ba729b06ae51)) + - do external reset during initialization ([0ee80f3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0ee80f35a28d651d243a6d56678800f9697d14c0)) + + - **NXP** + + - ddr: corrects mapping of HNFs nodes ([e3a2349](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e3a234971abb2402cbf376eca6fcb657a7709fae)) + + - **QSPI** + + - fix include path for QSPI driver ([ae95b17](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ae95b1782b7a3ab9bbe46ae9ab31f48fb6ebe137)) + + - **NXP Crypto** + + - refine code to avoid hang issue for some of toolchain ([fa7fdfa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fa7fdfabf07d91439b0869ffd8e805f0166294bf)) + + - **DDR** + + - fix coverity issue ([f713e59](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f713e5954e0906443cd20ae97e229ddbb9ab7005)) + + - **ST** + + - **Clock** + + - check _clk_stm32_get_parent return ([b8eab51](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b8eab512bf9d253f96b0333ee0f1bffa1afc3170)) + - correct stm32_clk_parse_fdt_by_name ([7417cda](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7417cda6aeaf6abf48dfbe22dc965b626f61c613)) + - correct types in error messages ([44fb470](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/44fb470b7f298645ac31ada4491553824d77d934)) + - initialize pllcfg table ([175758b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/175758b2777eb6df3c4aefd79448e97e76a15272)) + - print enums as unsigned ([9fa9a0c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9fa9a0c55cc830e609415d2cedd2d34fcbec1008)) + + - **DDR** + + - add missing debug.h ([15ca2c5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/15ca2c5e14abe415e70d08fb595973dd3e3b0af9)) + - correct DDR warnings ([a078134](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a078134e2305ca5695731bc275a5ca892cc38880)) + + - **FMC** + + - fix type in message ([afcdc9d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/afcdc9d8d71e2b60071d3d34704f0e598e67a514)) + + - **SDMMC2** + + - check regulator enable/disable return ([d50e7a7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d50e7a71cb5f8ecfbe2eb69c163d532bab82cbf0)) + - correct cmd_idx type in messages ([bc1c98a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bc1c98a8c79b6f72395123ea8ed857a488746d4b)) + + - **ST PMIC** + + - add static const to pmic_ops ([57e6018](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/57e6018305a97f4e3627d16d8b1886419f274b4a)) + - correct verbose message ([47065ff](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/47065ffe44c701b231322ec7160c8624d50a9deb)) + + - **SPI** + + - always check SR_TCF flags in stm32_qspi_wait_cmd() ([55de583](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/55de58323e458b38b455439a8846cb663deb5508)) + - remove SR_BUSY bit check before sending command ([5993b91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5993b9157fd049d06194083032771ffcf73da086)) + + - **UART** + + - correctly fill BRR register ([af7775a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/af7775ab535138ff49643f749110dca143d4122c)) + + - **USB** + + - correct type in message ([bd9cd63](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bd9cd63ba096cb16161efa4df40f957421660df1)) + +- **Miscellaneous** + + - **AArch64** + + - fix encodings for MPAMVPM* registers ([e926558](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e92655849d0a9e5893eb2d7e5f42cf8b931d4db6)) + + - **FDTs** + + - **STM32MP1** + + - correct memory mapping for STM32MP13 ([99605fb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/99605fb1166794db1dedf1b7280cb184945c229c)) + - remove mmc1 alias if not needed ([a0e9724](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a0e972438b99012da422411c8e504a19bdad44a2)) + + - **PIE** + + - align fixup_gdt_reloc() for aarch64 ([5ecde2a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5ecde2a271ac0f3762c16f5a277a70e55e172f0b)) + - do not skip __RW_END__ address during relocation ([4f1a658](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4f1a658f899a169e702b1c7146b59f7c04b0338b)) + + - **Security** + + - apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57 ([9b2510b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9b2510b69de26cc7f571731b415f6dec82669b6c)) + - loop workaround for CVE-2022-23960 for Cortex-A76 ([a10a5cb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a10a5cb609045de216c01111ec3fcf09a092da0b)) + - report CVE 2022 23960 missing for aarch32 A57 and A72 ([2e5d7a4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2e5d7a4b6b26d9d8b6c8e580c33d877e591b1fb3)) + - update Cortex-A15 CPU lib files for CVE-2022-23960 ([187a617](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/187a61761ef5d59bed0c94cca725bd6f116f64d0)) + - workaround for CVE-2022-23960 ([c2a1521](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c2a15217c3053117f4d39233002cb1830fa96670)) + - workaround for CVE-2022-23960 ([1fe4a9d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1fe4a9d181ead0dcb2bc494e90552d3e7f0aaf4c)) + - workaround for CVE-2022-23960 for A76AE, A78AE, A78C ([5f802c8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5f802c8832f3c5824ca6de17593205ebbf8bf585)) + - workaround for CVE-2022-23960 for Cortex-A57, Cortex-A72 ([be9121f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/be9121fd311ff48c94f3d90fe7efcf84586119e4)) + - workaround for CVE-2022-23960 for Cortex-X1 ([e81e999](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e81e999b9da33ab5d2d3e5185b1ad7c46046329c)) + +- **Tools** + + - **NXP Tools** + + - fix create_pbl print log ([31af441](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/31af441a0445d4a5e88ddcc371c51b3701c25839)) + - fix tool location path for byte_swape ([a89412a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a89412a649020367a3ed0f87658ee131cd3dcd18)) + + - **Firmware Image Package Tool** + + - avoid packing the zero size images in the FIP ([ab556c9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ab556c9c646f1b5f1b500449a5813a4eecdc0302)) + - respect OPENSSL_DIR ([0a956f8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0a956f81805b46b1530f30dd79d16950dc491a7b) + + - **Secure Partition Tool** + + - add leading zeroes in UUID conversion ([b06344a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b06344a3f2c5a0fede3646627f37d1fce3d3d585)) + - update Optee FF-A manifest ([ca0fdbd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ca0fdbd8e0d625ece0f87ca16eacabf13db70921)) + + - **Certificate Creation Tool** + + - let distclean Makefile target remove the cert_create tool ([e15591a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e15591aaf47ab45941f0d7a03abf3e4a830ac1d9)) + +- **Dependencies** + + - **commitlint** + + - change scope-case to lower-case ([804e52e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/804e52e9a770de72913f27b5bc9e7dd965e114c5)) + +## [2.6.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.5..refs/tags/v2.6) (2021-11-22) ### âš BREAKING CHANGES @@ -63,15 +1253,18 @@ - enable SVE for the secure world ([0c5e7d1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0c5e7d1ce376cabcebebc43dbf238fe4482ab2dc)) + - **System Register Trace Extensions (FEAT_ETMv4, FEAT_ETE and FEAT_ETEv1.1)** + + - enable trace system registers access from lower NS ELs ([d4582d3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d4582d30885673987240cf01fd4f5d2e6780e84c)) + - initialize trap settings of trace system registers access ([2031d61](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2031d6166a58623ae59034bc2353fcd2fabe9c30)) + - **Trace Buffer Extension (FEAT_TRBE)** - enable access to trace buffer control registers from lower NS EL ([813524e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/813524ea9d2e4138246b8f77a772299e52fb33bc)) - initialize trap settings of trace buffer control registers access ([40ff907](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/40ff90747098ed9d2a09894d1a886c10ca76cee6)) - - **Self-hosted Trace Extensions (FEAT_TRF)** + - **Self-hosted Trace Extension (FEAT_TRF)** - - enable trace system registers access from lower NS ELs ([d4582d3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d4582d30885673987240cf01fd4f5d2e6780e84c)) - - initialize trap settings of trace system registers access ([2031d61](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2031d6166a58623ae59034bc2353fcd2fabe9c30)) - enable trace filter control register access from lower NS EL ([8fcd3d9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8fcd3d9600bb2cb6809c6fc68f945ce3ad89633d)) - initialize trap settings of trace filter control registers access ([5de20ec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5de20ece38f782c8459f546a08c6a97b9e0f5bc5)) @@ -324,6 +1517,7 @@ - add support for Hayes CPU ([7bd8dfb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7bd8dfb85a8bf5c22d6a39f4538b89cc748090d1)) - add support for Hunter CPU ([fb9e5f7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fb9e5f7bb76e9764b3ecd7973668c851015fa1b4)) + - add support for Demeter CPU ([f4616ef](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f4616efafbc1004f1330f515b898e7617e338875)) - workaround for Cortex A78 AE erratum 1941500 ([47d6f5f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/47d6f5ff16d1f2ad009d630a381054b10fa0a06f)) - workaround for Cortex A78 AE erratum 1951502 ([8913047](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8913047a52e646877812617a2d98cff99494487b)) @@ -979,7 +2173,7 @@ - do not check merge commits ([77a0a7f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/77a0a7f1d96b188849d1d8d8884b3c93857d3f69)) -## 2.5.0 (2021-05-17) +## [2.5.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.4..refs/tags/v2.5) (2021-05-17) ### New Features @@ -1543,7 +2737,7 @@ - Optimized the code to avoid unnecessary attempts to create non-requested certificates -## 2.4.0 (2020-11-17) +## [2.4.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.3..refs/tags/v2.4) (2020-11-17) ### New Features @@ -1968,7 +3162,7 @@ being worked around by disabling the warning for the platform until the underlying issue is resolved in libfdt -## 2.3 (2020-04-20) +## [2.3.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.2..refs/tags/v2.3) (2020-04-20) ### New Features @@ -2343,7 +3537,7 @@ - mediatek/mt6795: This platform does not build in this release -## 2.2 (2019-10-22) +## [2.2.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.1..refs/tags/v2.2) (2019-10-22) ### New Features @@ -2654,7 +3848,7 @@ - mediatek/mt6795: This platform does not build in this release -## 2.1 (2019-03-29) +## [2.1.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.0..refs/tags/v2.1) (2019-03-29) ### New Features @@ -3056,7 +4250,7 @@ - mediatek/mt6795: This platform does not build in this release -## 2.0 (2018-10-02) +## [2.0.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v1.6..refs/tags/v2.0) (2018-10-02) ### New Features @@ -3087,7 +4281,7 @@ to be working after the removal of the deprecated interfaces although they do build. -## 1.6 (2018-09-21) +## [1.6.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v1.5..refs/tags/v1.6) (2018-09-21) ### New Features @@ -3294,7 +4488,7 @@ build process is skipped when running on a Windows host. Known issue from 1.5 version. -## 1.5 (2018-03-20) +## [1.5.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v1.4..refs/tags/v1.5) (2018-03-20) ### New features @@ -3551,7 +4745,7 @@ - DTB creation not supported when building on a Windows host. This step in the build process is skipped when running on a Windows host. -## 1.4 (2017-07-07) +## [1.4.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v1.3..refs/tags/v1.4) (2017-07-07) ### New features @@ -3818,7 +5012,7 @@ platform, please use GCC compiler version of at least 5.0. See [PR#1002] for more details. -## 1.3 (2016-10-13) +## [1.3.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v1.2..refs/tags/v1.3) (2016-10-13) ### New features @@ -4017,7 +5211,7 @@ the TF-A build system interprets as errors. - TBBR is not currently supported when running TF-A in AArch32 state. -## 1.2 (2015-12-22) +## [1.2.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v1.1..refs/tags/v1.2) (2015-12-22) ### New features @@ -4154,7 +5348,7 @@ incomplete for PSCI, the TSP(D) and the Juno platform. - Building TF-A with compiler optimisations disabled (`-O0`) fails. -## 1.1 (2015-02-04) +## [1.1.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v1.0..refs/tags/v1.1) (2015-02-04) ### New features @@ -4293,7 +5487,7 @@ its dispatcher (TSPD) is incomplete. Similarly for the PSCI section. - The Juno-specific firmware design documentation is incomplete. -## 1.0 (2014-08-28) +## [1.0.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v0.4..refs/tags/v1.0) (2014-08-28) ### New features @@ -4439,7 +5633,7 @@ A similar change can be made to the other Cortex-A57-A53 Base FVP variants. -## 0.4 (2014-06-03) +## [0.4.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v0.3..refs/tags/v0.4) (2014-06-03) ### New features @@ -4548,7 +5742,7 @@ - The firmware design documentation for the Test Secure-EL1 Payload (TSP) and its dispatcher (TSPD) is incomplete. Similarly for the PSCI section. -## 0.3 (2014-02-28) +## [0.3.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v0.2..refs/tags/v0.3) (2014-02-28) ### New features @@ -4685,7 +5879,7 @@ - The firmware design documentation for the Test Secure-EL1 Payload (TSP) and its dispatcher (TSPD) is incomplete. Similarly for the PSCI section. -## 0.2 (2013-10-25) +## [0.2.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4b825dc642cb6eb9a060e54bf8d69288fbee4904..refs/tags/v0.2) (2013-10-25) ### New features @@ -4734,7 +5928,7 @@ ______________________________________________________________________ -*Copyright (c) 2013-2020, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.* [mbed tls releases]: https://tls.mbed.org/tech-updates/releases [pr#1002]: https://github.com/ARM-software/arm-trusted-firmware/pull/1002#issuecomment-312650193
diff --git a/docs/components/fconf/fconf_properties.rst b/docs/components/fconf/fconf_properties.rst index 5c28a7a..20cc758 100644 --- a/docs/components/fconf/fconf_properties.rst +++ b/docs/components/fconf/fconf_properties.rst
@@ -30,3 +30,10 @@ - value type: <u32> - Image ID of the configuration. +- ns-load-address [optional] + - value type: <u64> + - Physical loading base address of the configuration in the non-secure + memory. + Only needed by those configuration files which require being loaded + in secure memory (at load-address) as well as in non-secure memory + e.g. HW_CONFIG
diff --git a/docs/components/ffa-manifest-binding.rst b/docs/components/ffa-manifest-binding.rst index df2985c..6d2f905 100644 --- a/docs/components/ffa-manifest-binding.rst +++ b/docs/components/ffa-manifest-binding.rst
@@ -4,11 +4,8 @@ This document defines the nodes and properties used to define a partition, according to the FF-A specification. -Version 1.0 ------------ - Partition Properties -^^^^^^^^^^^^^^^^^^^^ +-------------------- - compatible [mandatory] - value type: <string> @@ -137,20 +134,30 @@ - gp-register-num - value type: <u32> - - Presence of this field indicates that the partition expects the - ffa_init_info structure to be passed in via the specified general purpose - register. - The field specifies the general purpose register number but not its width. + - The field specifies the general purpose register number but not its width. The width is derived from the partition's execution state, as specified in the partition properties. For example, if the number value is 1 then the general-purpose register used will be x1 in AArch64 state and w1 in AArch32 state. + Presence of this field indicates that the partition expects the address of + the FF-A boot information blob to be passed in the specified general purpose + register. - stream-endpoint-ids - value type: <prop-encoded-array> - List of <u32> tuples, identifying the IDs this partition is acting as proxy for. +- power-management-messages + - value type: <u32> + - Specifies which power management messages a partition subscribes to. + A set bit means the partition should be informed of the power event, clear + bit - should not be informed of event: + + - Bit[0]: CPU_OFF + - Bit[1]: CPU_SUSPEND + - Bit[2]: CPU_SUSPEND_RESUME + Memory Regions -------------- @@ -174,13 +181,14 @@ - 0x1: Read - 0x2: Write - 0x4: Execute + - 0x8: Security state - base-address - value type: <u64> - Base address of the region. The address must be aligned to the translation granule size. The address given may be a Physical Address (PA), Virtual Address (VA), or - Intermediate Physical Address (IPA). Refer to the FFA specification for + Intermediate Physical Address (IPA). Refer to the FF-A specification for more information on the restrictions around the address type. If the base address is omitted then the partition manager must map a memory region of the specified size into the partition's translation regime and @@ -198,14 +206,10 @@ - value type: <string> - Name of the device region e.g. for debugging purposes. -- reg [mandatory] - - value type: <prop-encoded-array> - - A (address, num-pages) pair describing the device, where: - - - address: The physical base address <u64> value of the device MMIO - region. - - num-pages: The <u32> number of pages of the region. The total size of - the region is this value multiplied by the translation granule size. +- pages-count [mandatory] + - value type: <u32> + - Count of pages of memory region as a multiple of the translation granule + size - attributes [mandatory] - value type: <u32> @@ -214,6 +218,15 @@ - 0x1: Read - 0x2: Write - 0x4: Execute + - 0x8: Security state + +- base-address [mandatory] + - value type: <u64> + - Base address of the region. The address must be aligned to the translation + granule size. + The address given may be a Physical Address (PA), Virtual Address (VA), or + Intermediate Physical Address (IPA). Refer to the FF-A specification for + more information on the restrictions around the address type. - smmu-id - value type: <u32> @@ -233,14 +246,32 @@ - A list of (id, attributes) pair describing the device interrupts, where: - id: The <u32> interrupt IDs. - - attributes: A <u32> value, - containing the attributes for each interrupt ID: + - attributes: A <u32> value, containing attributes for each interrupt ID: - - Interrupt type: SPI, PPI, SGI - - Interrupt configuration: Edge triggered, Level triggered - - Interrupt security state: Secure, Non-secure - - Interrupt priority value - - Target execution context/vCPU for each SPI + +----------------------+----------+ + |Field | Bit(s) | + +----------------------+----------+ + | Priority | 7:0 | + +----------------------+----------+ + | Security state | 8 | + +----------------------+----------+ + | Config(Edge/Level) | 9 | + +----------------------+----------+ + | Type(SPI/PPI/SGI) | 11:10 | + +----------------------+----------+ + + Security state: + - Secure: 1 + - Non-secure: 0 + + Configuration: + - Edge triggered: 0 + - Level triggered: 1 + + Type: + - SPI: 0b10 + - PPI: 0b01 + - SGI: 0b00 - exclusive-access - value type: <empty> @@ -249,4 +280,4 @@ -------------- -*Copyright (c) 2019-2021, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2019-2022, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/components/index.rst b/docs/components/index.rst index 95fe42c..2f81f23 100644 --- a/docs/components/index.rst +++ b/docs/components/index.rst
@@ -21,7 +21,6 @@ sdei secure-partition-manager secure-partition-manager-mm - ffa-manifest-binding xlat-tables-lib-v2-design cot-binding realm-management-extension
diff --git a/docs/components/realm-management-extension.rst b/docs/components/realm-management-extension.rst index 2c4e0b8..5fa5140 100644 --- a/docs/components/realm-management-extension.rst +++ b/docs/components/realm-management-extension.rst
@@ -154,6 +154,8 @@ git clone --recurse-submodules https://git.trustedfirmware.org/hafnium/hafnium.git cd hafnium + # Use the default prebuilt LLVM/clang toolchain + PATH=$PWD/prebuilts/linux-x64/clang/bin:$PWD/prebuilts/linux-x64/dtc:$PATH make PROJECT=reference The Hafnium binary should be located at @@ -254,6 +256,8 @@ Passed > Test suite 'Realm payload tests' Passed + > Test suite 'Invalid memory access' + Passed ...
diff --git a/docs/components/secure-partition-manager.rst b/docs/components/secure-partition-manager.rst index 4faabf9..18d870b 100644 --- a/docs/components/secure-partition-manager.rst +++ b/docs/components/secure-partition-manager.rst
@@ -3,6 +3,9 @@ .. contents:: +.. toctree:: + ffa-manifest-binding + Acronyms ======== @@ -23,6 +26,8 @@ +--------+--------------------------------------+ | IPA | Intermediate Physical Address | +--------+--------------------------------------+ +| JOP | Jump-Oriented Programming | ++--------+--------------------------------------+ | NWd | Normal World | +--------+--------------------------------------+ | ODM | Original Design Manufacturer | @@ -37,6 +42,8 @@ +--------+--------------------------------------+ | PVM | Primary VM | +--------+--------------------------------------+ +| ROP | Return-Oriented Programming | ++--------+--------------------------------------+ | SMMU | System Memory Management Unit | +--------+--------------------------------------+ | SP | Secure Partition | @@ -63,24 +70,25 @@ Foreword ======== -Two implementations of a Secure Partition Manager co-exist in the TF-A codebase: +Three implementations of a Secure Partition Manager co-exist in the TF-A +codebase: -- SPM based on the FF-A specification `[1]`_. -- SPM based on the MM interface to communicate with an S-EL0 partition `[2]`_. +#. S-EL2 SPMC based on the FF-A specification `[1]`_, enabling virtualization in + the secure world, managing multiple S-EL1 or S-EL0 partitions. +#. EL3 SPMC based on the FF-A specification, managing a single S-EL1 partition + without virtualization in the secure world. +#. EL3 SPM based on the MM specification, legacy implementation managing a + single S-EL0 partition `[2]`_. -Both implementations differ in their architectures and only one can be selected -at build time. +These implementations differ in their respective SW architecture and only one +can be selected at build time. This document: -This document: - -- describes the FF-A implementation where the Secure Partition Manager - resides at EL3 and S-EL2 (or EL3 and S-EL1). +- describes the implementation from bullet 1. when the SPMC resides at S-EL2. - is not an architecture specification and it might provide assumptions on sections mandated as implementation-defined in the specification. -- covers the implications to TF-A used as a bootloader, and Hafnium - used as a reference code base for an S-EL2 secure firmware on - platforms implementing the FEAT_SEL2 (formerly Armv8.4 Secure EL2) - architecture extension. +- covers the implications to TF-A used as a bootloader, and Hafnium used as a + reference code base for an S-EL2/SPMC secure firmware on platforms + implementing the FEAT_SEL2 architecture extension. Terminology ----------- @@ -98,20 +106,23 @@ Support for legacy platforms ---------------------------- -In the implementation, the SPM is split into SPMD and SPMC components. -The SPMD is located at EL3 and mainly relays FF-A messages from -NWd (Hypervisor or OS kernel) to SPMC located either at S-EL1 or S-EL2. +The SPM is split into a dispatcher and a core component (respectively SPMD and +SPMC) residing at different exception levels. To permit the FF-A specification +adoption and a smooth migration, the SPMD supports an SPMC residing either at +S-EL1 or S-EL2: -Hence TF-A supports both cases where the SPMC is located either at: +- The SPMD is located at EL3 and mainly relays the FF-A protocol from NWd + (Hypervisor or OS kernel) to the SPMC. +- The same SPMD component is used for both S-EL1 and S-EL2 SPMC configurations. +- The SPMC exception level is a build time choice. -- S-EL1 supporting platforms not implementing the FEAT_SEL2 architecture +TF-A supports both cases: + +- S-EL1 SPMC for platforms not supporting the FEAT_SEL2 architecture extension. The SPMD relays the FF-A protocol from EL3 to S-EL1. -- or S-EL2 supporting platforms implementing the FEAT_SEL2 architecture +- S-EL2 SPMC for platforms implementing the FEAT_SEL2 architecture extension. The SPMD relays the FF-A protocol from EL3 to S-EL2. -The same TF-A SPMD component is used to support both configurations. -The SPMC exception level is a build time choice. - Sample reference stack ====================== @@ -127,14 +138,18 @@ This section explains the TF-A build options involved in building with support for an FF-A based SPM where the SPMD is located at EL3 and the -SPMC located at S-EL1 or S-EL2: +SPMC located at S-EL1, S-EL2 or EL3: - **SPD=spmd**: this option selects the SPMD component to relay the FF-A protocol from NWd to SWd back and forth. It is not possible to enable another Secure Payload Dispatcher when this option is chosen. - **SPMD_SPM_AT_SEL2**: this option adjusts the SPMC exception - level to being S-EL1 or S-EL2. It defaults to enabled (value 1) when + level to being at S-EL2. It defaults to enabled (value 1) when SPD=spmd is chosen. +- **SPMC_AT_EL3**: this option adjusts the SPMC exception level to being + at EL3. +- If neither ``SPMD_SPM_AT_SEL2`` or ``SPMC_AT_EL3`` are enabled the SPMC + exception level is set to S-EL1. - **CTX_INCLUDE_EL2_REGS**: this option permits saving (resp. restoring) the EL2 system register context before entering (resp. after leaving) the SPMC. It is mandatorily enabled when @@ -144,16 +159,18 @@ providing paths to SP binary images and manifests in DTS format (see `Describing secure partitions`_). It is required when ``SPMD_SPM_AT_SEL2`` is enabled hence when multiple - secure partitions are to be loaded on behalf of the SPMC. + secure partitions are to be loaded by BL2 on behalf of the SPMC. -+---------------+----------------------+------------------+ -| | CTX_INCLUDE_EL2_REGS | SPMD_SPM_AT_SEL2 | -+---------------+----------------------+------------------+ -| SPMC at S-EL1 | 0 | 0 | -+---------------+----------------------+------------------+ -| SPMC at S-EL2 | 1 | 1 (default when | -| | | SPD=spmd) | -+---------------+----------------------+------------------+ ++---------------+----------------------+------------------+-------------+ +| | CTX_INCLUDE_EL2_REGS | SPMD_SPM_AT_SEL2 | SPMC_AT_EL3 | ++---------------+----------------------+------------------+-------------+ +| SPMC at S-EL1 | 0 | 0 | 0 | ++---------------+----------------------+------------------+-------------+ +| SPMC at S-EL2 | 1 | 1 (default when | 0 | +| | | SPD=spmd) | | ++---------------+----------------------+------------------+-------------+ +| SPMC at EL3 | 0 | 0 | 1 | ++---------------+----------------------+------------------+-------------+ Other combinations of such build options either break the build or are not supported. @@ -162,9 +179,8 @@ - Only Arm's FVP platform is supported to use with the TF-A reference software stack. -- The reference software stack uses FEAT_PAuth (formerly Armv8.3-PAuth) and - FEAT_BTI (formerly Armv8.5-BTI) architecture extensions by default at EL3 - and S-EL2. +- When ``SPMD_SPM_AT_SEL2=1``, the reference software stack assumes enablement + of FEAT_PAuth, FEAT_BTI and FEAT_MTE architecture extensions. - The ``CTX_INCLUDE_EL2_REGS`` option provides the generic support for barely saving/restoring EL2 registers from an Arm arch perspective. As such it is decoupled from the ``SPD=spmd`` option. @@ -172,10 +188,10 @@ the Hafnium binary path (built for the secure world) or the path to a TEE binary implementing FF-A interfaces. - BL33 option can specify the TFTF binary or a normal world loader - such as U-Boot or the UEFI framework. + such as U-Boot or the UEFI framework payload. -Sample TF-A build command line when SPMC is located at S-EL1 -(e.g. when the FEAT_EL2 architecture extension is not implemented): +Sample TF-A build command line when the SPMC is located at S-EL1 +(e.g. when the FEAT_SEL2 architecture extension is not implemented): .. code:: shell @@ -188,9 +204,8 @@ PLAT=fvp \ all fip -Sample TF-A build command line for a FEAT_SEL2 enabled system where the SPMC is -located at S-EL2: - +Sample TF-A build command line when FEAT_SEL2 architecture extension is +implemented and the SPMC is located at S-EL2: .. code:: shell make \ @@ -201,13 +216,14 @@ ARM_ARCH_MINOR=5 \ BRANCH_PROTECTION=1 \ CTX_INCLUDE_PAUTH_REGS=1 \ + CTX_INCLUDE_MTE_REGS=1 \ BL32=<path-to-hafnium-binary> \ BL33=<path-to-bl33-binary> \ SP_LAYOUT_FILE=sp_layout.json \ all fip -Same as above with enabling secure boot in addition: - +Sample TF-A build command line when FEAT_SEL2 architecture extension is +implemented, the SPMC is located at S-EL2, and enabling secure boot: .. code:: shell make \ @@ -218,6 +234,7 @@ ARM_ARCH_MINOR=5 \ BRANCH_PROTECTION=1 \ CTX_INCLUDE_PAUTH_REGS=1 \ + CTX_INCLUDE_MTE_REGS=1 \ BL32=<path-to-hafnium-binary> \ BL33=<path-to-bl33-binary> \ SP_LAYOUT_FILE=sp_layout.json \ @@ -229,6 +246,20 @@ GENERATE_COT=1 \ all fip +Sample TF-A build command line when the SPMC is located at EL3: + +.. code:: shell + + make \ + CROSS_COMPILE=aarch64-none-elf- \ + SPD=spmd \ + SPMD_SPM_AT_SEL2=0 \ + SPMC_AT_EL3=1 \ + BL32=<path-to-tee-binary> \ + BL33=<path-to-bl33-binary> \ + PLAT=fvp \ + all fip + FVP model invocation ==================== @@ -250,29 +281,33 @@ | - cluster0.has_branch_target_exception=1 | Implements FEAT_BTI. | | - cluster1.has_branch_target_exception=1 | | +---------------------------------------------------+------------------------------------+ -| - cluster0.restriction_on_speculative_execution=2 | Required by the EL2 context | -| - cluster1.restriction_on_speculative_execution=2 | save/restore routine. | +| - cluster0.has_pointer_authentication=2 | Implements FEAT_PAuth | +| - cluster1.has_pointer_authentication=2 | | ++---------------------------------------------------+------------------------------------+ +| - cluster0.memory_tagging_support_level=2 | Implements FEAT_MTE2 | +| - cluster1.memory_tagging_support_level=2 | | +| - bp.dram_metadata.is_enabled=1 | | +---------------------------------------------------+------------------------------------+ Sample FVP command line invocation: .. code:: shell - <path-to-fvp-model>/FVP_Base_RevC-2xAEMv8A -C pctl.startup=0.0.0.0 + <path-to-fvp-model>/FVP_Base_RevC-2xAEMvA -C pctl.startup=0.0.0.0 \ -C cluster0.NUM_CORES=4 -C cluster1.NUM_CORES=4 -C bp.secure_memory=1 \ -C bp.secureflashloader.fname=trusted-firmware-a/build/fvp/debug/bl1.bin \ -C bp.flashloader0.fname=trusted-firmware-a/build/fvp/debug/fip.bin \ -C bp.pl011_uart0.out_file=fvp-uart0.log -C bp.pl011_uart1.out_file=fvp-uart1.log \ -C bp.pl011_uart2.out_file=fvp-uart2.log \ - -C cluster0.has_arm_v8-5=1 -C cluster1.has_arm_v8-5=1 -C pci.pci_smmuv3.mmu.SMMU_AIDR=2 \ - -C pci.pci_smmuv3.mmu.SMMU_IDR0=0x0046123B -C pci.pci_smmuv3.mmu.SMMU_IDR1=0x00600002 \ - -C pci.pci_smmuv3.mmu.SMMU_IDR3=0x1714 -C pci.pci_smmuv3.mmu.SMMU_IDR5=0xFFFF0472 \ - -C pci.pci_smmuv3.mmu.SMMU_S_IDR1=0xA0000002 -C pci.pci_smmuv3.mmu.SMMU_S_IDR2=0 \ - -C pci.pci_smmuv3.mmu.SMMU_S_IDR3=0 \ - -C cluster0.has_branch_target_exception=1 \ - -C cluster1.has_branch_target_exception=1 \ - -C cluster0.restriction_on_speculative_execution=2 \ - -C cluster1.restriction_on_speculative_execution=2 + -C cluster0.has_arm_v8-5=1 -C cluster1.has_arm_v8-5=1 \ + -C cluster0.has_pointer_authentication=2 -C cluster1.has_pointer_authentication=2 \ + -C cluster0.has_branch_target_exception=1 -C cluster1.has_branch_target_exception=1 \ + -C cluster0.memory_tagging_support_level=2 -C cluster1.memory_tagging_support_level=2 \ + -C bp.dram_metadata.is_enabled=1 \ + -C pci.pci_smmuv3.mmu.SMMU_AIDR=2 -C pci.pci_smmuv3.mmu.SMMU_IDR0=0x0046123B \ + -C pci.pci_smmuv3.mmu.SMMU_IDR1=0x00600002 -C pci.pci_smmuv3.mmu.SMMU_IDR3=0x1714 \ + -C pci.pci_smmuv3.mmu.SMMU_IDR5=0xFFFF0472 -C pci.pci_smmuv3.mmu.SMMU_S_IDR1=0xA0000002 \ + -C pci.pci_smmuv3.mmu.SMMU_S_IDR2=0 -C pci.pci_smmuv3.mmu.SMMU_S_IDR3=0 Boot process ============ @@ -338,11 +373,23 @@ A json-formatted description file is passed to the build flow specifying paths to the SP binary image and associated DTS partition manifest file. The latter is processed by the dtc compiler to generate a DTB fed into the SP package. +Optionally, the partition's json description can contain offsets for both +the image and partition manifest within the SP package. Both offsets need to be +4KB aligned, because it is the translation granule supported by Hafnium SPMC. +These fields can be leveraged to support SPs with S1 translation granules that +differ from 4KB, and to configure the regions allocated within the SP package, +as well as to comply with the requirements for the implementation of the boot +information protocol (see `Passing boot data to the SP`_ for more details). In +case the offsets are absent in their json node, they default to 0x1000 and +0x4000 for the manifest offset and image offset respectively. This file also specifies the SP owner (as an optional field) identifying the signing domain in case of dual root CoT. The SP owner can either be the silicon or the platform provider. The corresponding "owner" field value can either take the value of "SiP" or "Plat". In absence of "owner" field, it defaults to "SiP" owner. +The UUID of the partition can be specified as a field in the description file or +if it does not exist there the UUID is extracted from the DTS partition +manifest. .. code:: shell @@ -350,14 +397,27 @@ "tee1" : { "image": "tee1.bin", "pm": "tee1.dts", - "owner": "SiP" + "owner": "SiP", + "uuid": "1b1820fe-48f7-4175-8999-d51da00b7c9f" }, "tee2" : { "image": "tee2.bin", "pm": "tee2.dts", "owner": "Plat" - } + }, + + "tee3" : { + "image": { + "file": "tee3.bin", + "offset":"0x2000" + }, + "pm": { + "file": "tee3.dts", + "offset":"0x6000" + }, + "owner": "Plat" + }, } SPMC manifest @@ -379,7 +439,7 @@ attribute { spmc_id = <0x8000>; maj_ver = <0x1>; - min_ver = <0x0>; + min_ver = <0x1>; exec_state = <0x0>; load_address = <0x0 0x6000000>; entrypoint = <0x0 0x6000000>; @@ -398,13 +458,13 @@ SPMD (currently matches ``BL32_BASE``) to enter the SPMC. Other nodes in the manifest are consumed by Hafnium in the secure world. -A sample can be found at [7]: +A sample can be found at `[7]`_: - The *hypervisor* node describes SPs. *is_ffa_partition* boolean attribute indicates a FF-A compliant SP. The *load_address* field specifies the load - address at which TF-A loaded the SP package. + address at which BL2 loaded the SP package. - *cpus* node provide the platform topology and allows MPIDR to VMPIDR mapping. - Note the primary core is declared first, then secondary core are declared + Note the primary core is declared first, then secondary cores are declared in reverse order. - The *memory* node provides platform information on the ranges of memory available to the SPMC. @@ -436,7 +496,7 @@ Note this boot flow is an implementation sample on Arm's FVP platform. Platforms not using TF-A's *Firmware CONFiguration* framework would adjust to a -different implementation. +different boot flow. The flow restricts to a maximum of 8 secure partitions. Secure boot ~~~~~~~~~~~ @@ -451,6 +511,8 @@ - SPMC (BL32) and SPMC manifest are signed by the SiP using the S-ROTPK. - BL33 may be signed by the OEM using NS-ROTPK. - An SP may be signed either by SiP (using S-ROTPK) or by OEM (using NS-ROTPK). +- A maximum of 4 partitions can be signed with the S-ROTPK key and 4 partitions + signed with the NS-ROTPK key. Also refer to `Describing secure partitions`_ and `TF-A build options`_ sections. @@ -467,20 +529,23 @@ the secure world. Such portions are isolated in architecture specific files and/or enclosed by a ``SECURE_WORLD`` macro. -Secure partitions CPU scheduling -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Secure partitions scheduling +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The FF-A v1.0 specification `[1]`_ provides two ways to relinquinsh CPU time to +The FF-A specification `[1]`_ provides two ways to relinquinsh CPU time to secure partitions. For this a VM (Hypervisor or OS kernel), or SP invokes one of: - the FFA_MSG_SEND_DIRECT_REQ interface. - the FFA_RUN interface. +Additionally a secure interrupt can pre-empt the normal world execution and give +CPU cycles by transitioning to EL3 and S-EL2. + Platform topology ~~~~~~~~~~~~~~~~~ The *execution-ctx-count* SP manifest field can take the value of one or the -total number of PEs. The FF-A v1.0 specification `[1]`_ recommends the +total number of PEs. The FF-A specification `[1]`_ recommends the following SP types: - Pinned MP SPs: an execution context matches a physical PE. MP SPs must @@ -520,20 +585,56 @@ Passing boot data to the SP --------------------------- -In `[1]`_ , the "Protocol for passing data" section defines a method for passing -boot data to SPs (not currently implemented). +In `[1]`_ , the section "Boot information protocol" defines a method for passing +data to the SPs at boot time. It specifies the format for the boot information +descriptor and boot information header structures, which describe the data to be +exchanged between SPMC and SP. +The specification also defines the types of data that can be passed. +The aggregate of both the boot info structures and the data itself is designated +the boot information blob, and is passed to a Partition as a contiguous memory +region. -Provided that the whole secure partition package image (see -`Secure Partition packages`_) is mapped to the SP secure EL1&0 Stage-2 -translation regime, an SP can access its own manifest DTB blob and extract its -partition manifest properties. +Currently, the SPM implementation supports the FDT type which is used to pass the +partition's DTB manifest. + +The region for the boot information blob is allocated through the SP package. + +.. image:: ../resources/diagrams/partition-package.png + +To adjust the space allocated for the boot information blob, the json description +of the SP (see section `Describing secure partitions`_) shall be updated to contain +the manifest offset. If no offset is provided the manifest offset defaults to 0x1000, +which is the page size in the Hafnium SPMC. + +The configuration of the boot protocol is done in the SPs manifest. As defined by +the specification, the manifest field 'gp-register-num' configures the GP register +which shall be used to pass the address to the partitions boot information blob when +booting the partition. +In addition, the Hafnium SPMC implementation requires the boot information arguments +to be listed in a designated DT node: + +.. code:: shell + + boot-info { + compatible = "arm,ffa-manifest-boot-info"; + ffa_manifest; + }; + +The whole secure partition package image (see `Secure Partition packages`_) is +mapped to the SP secure EL1&0 Stage-2 translation regime. As such, the SP can +retrieve the address for the boot information blob in the designated GP register, +process the boot information header and descriptors, access its own manifest +DTB blob and extract its partition manifest properties. SP Boot order ------------- SP manifests provide an optional boot order attribute meant to resolve dependencies such as an SP providing a service required to properly boot -another SP. +another SP. SPMC boots the SPs in accordance to the boot order attribute, +lowest to the highest value. If the boot order attribute is absent from the FF-A +manifest, the SP is treated as if it had the highest boot order value +(i.e. lowest booting priority). It is possible for an SP to call into another SP through a direct request provided the latter SP has already been booted. @@ -630,29 +731,30 @@ receiver. There are two types of notifications supported: + - Global, which are targeted to a FF-A endpoint and can be handled within any of -its execution contexts, as determined by the scheduler of the system. + its execution contexts, as determined by the scheduler of the system. - Per-vCPU, which are targeted to a FF-A endpoint and to be handled within a -a specific execution context, as determined by the sender. + a specific execution context, as determined by the sender. The type of a notification is set when invoking FFA_NOTIFICATION_BIND to give permissions to the sender. Notification signaling resorts to two interrupts: -- Schedule Receiver Interrupt: Non-secure physical interrupt to be handled by -the FF-A 'transport' driver within the receiver scheduler. At initialization -the SPMC (as suggested by the spec) configures a secure SGI, as non-secure, and -triggers it when there are pending notifications, and the respective receivers -need CPU cycles to handle them. -- Notifications Pending Interrupt: Virtual Interrupt to be handled by the -receiver of the notification. Set when there are pending notifications. For -per-vCPU the NPI is pended at the handling of FFA_NOTIFICATION_SET interface. + +- Schedule Receiver Interrupt: non-secure physical interrupt to be handled by + the FF-A driver within the receiver scheduler. At initialization the SPMC + donates a SGI ID chosen from the secure SGI IDs range and configures it as + non-secure. The SPMC triggers this SGI on the currently running core when + there are pending notifications, and the respective receivers need CPU cycles + to handle them. +- Notifications Pending Interrupt: virtual interrupt to be handled by the + receiver of the notification. Set when there are pending notifications for the + given secure partition. The NPI is pended when the NWd relinquishes CPU cycles + to an SP. The notifications receipt support is enabled in the partition FF-A manifest. -The subsequent section provides more details about the each one of the -FF-A interfaces for notifications support. - Mandatory interfaces -------------------- @@ -674,9 +776,12 @@ - ``FFA_MEM_RETRIEVE_REQ`` - ``FFA_MEM_RETRIEVE_RESP`` - ``FFA_MEM_RELINQUISH`` +- ``FFA_MEM_FRAG_RX`` +- ``FFA_MEM_FRAG_TX`` - ``FFA_MEM_RECLAIM`` +- ``FFA_RUN`` -As part of the support of FF-A v1.1, the following interfaces were added: +As part of the FF-A v1.1 support, the following interfaces were added: - ``FFA_NOTIFICATION_BITMAP_CREATE`` - ``FFA_NOTIFICATION_BITMAP_DESTROY`` @@ -687,6 +792,8 @@ - ``FFA_NOTIFICATION_INFO_GET`` - ``FFA_SPM_ID_GET`` - ``FFA_SECONDARY_EP_REGISTER`` + - ``FFA_MEM_PERM_GET`` + - ``FFA_MEM_PERM_SET`` FFA_VERSION ~~~~~~~~~~~ @@ -814,24 +921,21 @@ FFA_NOTIFICATION_SET/FFA_NOTIFICATION_GET ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -If the notifications set are per-vCPU, the NPI interrupt is set as pending -for a given receiver partition. +FFA_NOTIFICATION_GET retrieves all pending global notifications and +per-vCPU notifications targeted to the current vCPU. -The FFA_NOTIFICATION_GET will retrieve all pending global notifications and all -pending per-vCPU notifications targeted to the current vCPU. - -Hafnium keeps the global counting of the pending notifications, which is -incremented and decremented at the handling of FFA_NOTIFICATION_SET and -FFA_NOTIFICATION_GET, respectively. If the counter reaches zero, prior to SPMC -triggering the SRI, it won't be triggered. +Hafnium maintains a global count of pending notifications which gets incremented +and decremented when handling FFA_NOTIFICATION_SET and FFA_NOTIFICATION_GET +respectively. A delayed SRI is triggered if the counter is non-zero when the +SPMC returns to normal world. FFA_NOTIFICATION_INFO_GET ~~~~~~~~~~~~~~~~~~~~~~~~~ -Hafnium keeps the global counting of pending notifications whose info has been -retrieved by this interface. The counting is incremented and decremented at the -handling of FFA_NOTIFICATION_INFO_GET and FFA_NOTIFICATION_GET, respectively. -It also tracks the notifications whose info has been retrieved individually, +Hafnium maintains a global count of pending notifications whose information +has been retrieved by this interface. The count is incremented and decremented +when handling FFA_NOTIFICATION_INFO_GET and FFA_NOTIFICATION_GET respectively. +It also tracks notifications whose information has been retrieved individually, such that it avoids duplicating returned information for subsequent calls to FFA_NOTIFICATION_INFO_GET. For each notification, this state information is reset when receiver called FFA_NOTIFICATION_GET to retrieve them. @@ -839,18 +943,18 @@ FFA_SPM_ID_GET ~~~~~~~~~~~~~~ -Returns the FF-A ID allocated to the SPM component (which includes SPMC + SPMD). -At initialization, the SPMC queries the SPMD for the SPM ID, using this -same interface, and saves it. +Returns the FF-A ID allocated to an SPM component which can be one of SPMD +or SPMC. -The call emitted at NS and secure physical FF-A instances returns the SPM ID -specified in the SPMC manifest. +At initialization, the SPMC queries the SPMD for the SPMC ID, using the +FFA_ID_GET interface, and records it. The SPMC can also query the SPMD ID using +the FFA_SPM_ID_GET interface at the secure physical FF-A instance. -Secure partitions call this interface at the virtual instance, to which the SPMC -shall return the priorly retrieved SPM ID. +Secure partitions call this interface at the virtual FF-A instance, to which +the SPMC returns the priorly retrieved SPMC ID. -The Hypervisor or OS kernel can issue an FFA_SPM_ID_GET call handled by the -SPMD, which returns the SPM ID. +The Hypervisor or OS kernel can issue the FFA_SPM_ID_GET call handled by the +SPMD, which returns the SPMC ID. FFA_SECONDARY_EP_REGISTER ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -858,7 +962,7 @@ When the SPMC boots, all secure partitions are initialized on their primary Execution Context. -The interface FFA_SECONDARY_EP_REGISTER is to be used by a secure partitions +The FFA_SECONDARY_EP_REGISTER interface is to be used by a secure partition from its first execution context, to provide the entry point address for secondary execution contexts. @@ -875,26 +979,35 @@ - SPMC to SPMD direct request/response uses SMC conduit. - SPMD to SPMC direct request/response uses ERET conduit. +This is used in particular to convey power management messages. + PE MMU configuration -------------------- -With secure virtualization enabled, two IPA spaces are output from the secure -EL1&0 Stage-1 translation (secure and non-secure). The EL1&0 Stage-2 translation -hardware is fed by: +With secure virtualization enabled (``HCR_EL2.VM = 1``) and for S-EL1 +partitions, two IPA spaces (secure and non-secure) are output from the +secure EL1&0 Stage-1 translation. +The EL1&0 Stage-2 translation hardware is fed by: -- A single secure IPA space when the SP EL1&0 Stage-1 MMU is disabled. -- Two IPA spaces (secure and non-secure) when the SP EL1&0 Stage-1 MMU is - enabled. +- A secure IPA when the SP EL1&0 Stage-1 MMU is disabled. +- One of secure or non-secure IPA when the secure EL1&0 Stage-1 MMU is enabled. ``VTCR_EL2`` and ``VSTCR_EL2`` provide configuration bits for controlling the -NS/S IPA translations. -``VSTCR_EL2.SW`` = 0, ``VSTCR_EL2.SA`` = 0,``VTCR_EL2.NSW`` = 0, ``VTCR_EL2.NSA`` = 1: +NS/S IPA translations. The following controls are set up: +``VSTCR_EL2.SW = 0`` , ``VSTCR_EL2.SA = 0``, ``VTCR_EL2.NSW = 0``, +``VTCR_EL2.NSA = 1``: - Stage-2 translations for the NS IPA space access the NS PA space. - Stage-2 translation table walks for the NS IPA space are to the secure PA space. -Secure and non-secure IPA regions use the same set of Stage-2 page tables within -a SP. +Secure and non-secure IPA regions (rooted to by ``VTTBR_EL2`` and ``VSTTBR_EL2``) +use the same set of Stage-2 page tables within a SP. + +The ``VTCR_EL2/VSTCR_EL2/VTTBR_EL2/VSTTBR_EL2`` virtual address space +configuration is made part of a vCPU context. + +For S-EL0 partitions with VHE enabled, a single secure EL2&0 Stage-1 translation +regime is used for both Hafnium and the partition. Interrupt management -------------------- @@ -1091,16 +1204,46 @@ (svc_off) hooks are registered. - The behavior for the cpu on event is described in `Secondary cores boot-up`_. The SPMC is entered through its secondary physical core entry point. -- The cpu off event occurs when the NWd calls PSCI_CPU_OFF. The method by which - the PM event is conveyed to the SPMC is implementation-defined in context of - FF-A v1.0 (`SPMC-SPMD direct requests/responses`_). It consists in a SPMD-to-SPMC - direct request/response conveying the PM event details and SPMC response. +- The cpu off event occurs when the NWd calls PSCI_CPU_OFF. The PM event is + signaled to the SPMC through a power management framework message. + It consists in a SPMD-to-SPMC direct request/response (`SPMC-SPMD direct + requests/responses`_) conveying the event details and SPMC response. The SPMD performs a synchronous entry into the SPMC. The SPMC is entered and updates its internal state to reflect the physical core is being turned off. In the current implementation no SP is resumed as a consequence. This behavior ensures a minimal support for CPU hotplug e.g. when initiated by the NWd linux userspace. +Arm architecture extensions for security hardening +================================================== + +Hafnium supports the following architecture extensions for security hardening: + +- Pointer authentication (FEAT_PAuth): the extension permits detection of forged + pointers used by ROP type of attacks through the signing of the pointer + value. Hafnium is built with the compiler branch protection option to permit + generation of a pointer authentication code for return addresses (pointer + authentication for instructions). The APIA key is used while Hafnium runs. + A random key is generated at boot time and restored upon entry into Hafnium + at run-time. APIA and other keys (APIB, APDA, APDB, APGA) are saved/restored + in vCPU contexts permitting to enable pointer authentication in VMs/SPs. +- Branch Target Identification (FEAT_BTI): the extension permits detection of + unexpected indirect branches used by JOP type of attacks. Hafnium is built + with the compiler branch protection option, inserting land pads at function + prologues that are reached by indirect branch instructions (BR/BLR). + Hafnium code pages are marked as guarded in the EL2 Stage-1 MMU descriptors + such that an indirect branch must always target a landpad. A fault is + triggered otherwise. VMs/SPs can (independently) mark their code pages as + guarded in the EL1&0 Stage-1 translation regime. +- Memory Tagging Extension (FEAT_MTE): the option permits detection of out of + bound memory array accesses or re-use of an already freed memory region. + Hafnium enables the compiler option permitting to leverage MTE stack tagging + applied to core stacks. Core stacks are marked as normal tagged memory in the + EL2 Stage-1 translation regime. A synchronous data abort is generated upon tag + check failure on load/stores. A random seed is generated at boot time and + restored upon entry into Hafnium. MTE system registers are saved/restored in + vCPU contexts permitting MTE usage from VMs/SPs. + SMMUv3 support in Hafnium ========================= @@ -1210,7 +1353,7 @@ - No support for independent peripheral devices. S-EL0 Partition support -========================= +======================= The SPMC (Hafnium) has limited capability to run S-EL0 FF-A partitions using FEAT_VHE (mandatory with ARMv8.1 in non-secure state, and in secure world with ARMv8.4 and FEAT_SEL2). @@ -1273,7 +1416,7 @@ .. _[8]: -[8] https://lists.trustedfirmware.org/pipermail/tf-a/2020-February/000296.html +[8] https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/CFQFGU6H2D5GZYMUYGTGUSXIU3OYZP6U/ .. _[9]: @@ -1281,4 +1424,4 @@ -------------- -*Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst index 9d0dd5e..fbd2cbc 100644 --- a/docs/design/cpu-specific-build-macros.rst +++ b/docs/design/cpu-specific-build-macros.rst
@@ -29,6 +29,10 @@ platform contains at least 1 CPU that requires dynamic mitigation. Defaults to 0. +- ``WORKAROUND_CVE_2022_23960``: Enables mitigation for `CVE-2022-23960`_. + This build option should be set to 1 if the target platform contains at + least 1 CPU that requires this mitigation. Defaults to 1. + .. _arm_cpu_macros_errata_workarounds: CPU Errata Workarounds @@ -292,15 +296,42 @@ CPU. This needs to be enabled for revisions r1p0, r1p1, and r1p2. The issue is present in r0p0 but there is no workaround. It is still open. +- ``ERRATA_A78_2376745``: This applies errata 2376745 workaround to Cortex-A78 + CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, and r1p2, and + it is still open. + +- ``ERRATA_A78_2395406``: This applies errata 2395406 workaround to Cortex-A78 + CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, and r1p2, and + it is still open. + For Cortex-A78 AE, the following errata build flags are defined : -- ``ERRATA_A78_AE_1941500`` : This applies errata 1941500 workaround to Cortex-A78 - AE CPU. This needs to be enabled for revisions r0p0 and r0p1. This erratum is - still open. +- ``ERRATA_A78_AE_1941500`` : This applies errata 1941500 workaround to + Cortex-A78 AE CPU. This needs to be enabled for revisions r0p0 and r0p1. + This erratum is still open. -- ``ERRATA_A78_AE_1951502`` : This applies errata 1951502 workaround to Cortex-A78 - AE CPU. This needs to be enabled for revisions r0p0 and r0p1. This erratum is - still open. +- ``ERRATA_A78_AE_1951502`` : This applies errata 1951502 workaround to + Cortex-A78 AE CPU. This needs to be enabled for revisions r0p0 and r0p1. This + erratum is still open. + +- ``ERRATA_A78_AE_2376748`` : This applies errata 2376748 workaround to + Cortex-A78 AE CPU. This needs to be enabled for revisions r0p0 and r0p1. This + erratum is still open. + +- ``ERRATA_A78_AE_2395408`` : This applies errata 2395408 workaround to + Cortex-A78 AE CPU. This needs to be enabled for revisions r0p0 and r0p1. This + erratum is still open. + +For Cortex-X1 CPU, the following errata build flags are defined: + +- ``ERRATA_X1_1821534`` : This applies errata 1821534 workaround to Cortex-X1 + CPU. This needs to be enabled only for revision <= r1p0 of the CPU. + +- ``ERRATA_X1_1688305`` : This applies errata 1688305 workaround to Cortex-X1 + CPU. This needs to be enabled only for revision <= r1p0 of the CPU. + +- ``ERRATA_X1_1827429`` : This applies errata 1827429 workaround to Cortex-X1 + CPU. This needs to be enabled only for revision <= r1p0 of the CPU. For Neoverse N1, the following errata build flags are defined : @@ -409,6 +440,22 @@ Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0 of the CPU and is still open. +- ``ERRATA_A710_2267065``: This applies errata 2267065 workaround to + Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0 + of the CPU and is fixed in r2p1. + +- ``ERRATA_A710_2136059``: This applies errata 2136059 workaround to + Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0 + of the CPU and is fixed in r2p1. + +- ``ERRATA_A710_2282622``: This applies errata 2282622 workaround to + Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0 + of the CPU and is fixed in r2p1. + +- ``ERRATA_A710_2008768``: This applies errata 2008768 workaround to + Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0 + of the CPU and is fixed in r2p1. + For Neoverse N2, the following errata build flags are defined : - ``ERRATA_N2_2002655``: This applies errata 2002655 workaround to Neoverse-N2 @@ -441,6 +488,67 @@ - ``ERRATA_N2_2280757``: This applies errata 2280757 workaround to Neoverse-N2 CPU. This needs to be enabled for revision r0p0 of the CPU and is still open. +For Cortex-X2, the following errata build flags are defined : + +- ``ERRATA_X2_2002765``: This applies errata 2002765 workaround to Cortex-X2 + CPU. This needs to be enabled for revisions r0p0, r1p0, and r2p0 of the CPU, + it is still open. + +- ``ERRATA_X2_2058056``: This applies errata 2058056 workaround to Cortex-X2 + CPU. This needs to be enabled for revisions r0p0, r1p0, and r2p0 of the CPU, + it is still open. + +- ``ERRATA_X2_2083908``: This applies errata 2083908 workaround to Cortex-X2 + CPU. This needs to be enabled for revision r2p0 of the CPU, it is still open. + +- ``ERRATA_X2_2017096``: This applies errata 2017096 workaround to + Cortex-X2 CPU. This needs to be enabled only for revisions r0p0, r1p0 and + r2p0 of the CPU, it is fixed in r2p1. + +- ``ERRATA_X2_2081180``: This applies errata 2081180 workaround to + Cortex-X2 CPU. This needs to be enabled only for revisions r0p0, r1p0 and + r2p0 of the CPU, it is fixed in r2p1. + +- ``ERRATA_X2_2216384``: This applies errata 2216384 workaround to + Cortex-X2 CPU. This needs to be enabled only for revisions r0p0, r1p0 and + r2p0 of the CPU, it is fixed in r2p1. + +- ``ERRATA_X2_2147715``: This applies errata 2147715 workaround to + Cortex-X2 CPU. This needs to be enabled only for revision r2p0 of the CPU, + it is fixed in r2p1. + +For Cortex-A510, the following errata build flags are defined : + +- ``ERRATA_A510_1922240``: This applies errata 1922240 workaround to + Cortex-A510 CPU. This needs to be enabled only for revision r0p0, it is + fixed in r0p1. + +- ``ERRATA_A510_2288014``: This applies errata 2288014 workaround to + Cortex-A510 CPU. This needs to be enabled only for revisions r0p0, r0p1, + r0p2, r0p3 and r1p0, it is fixed in r1p1. + +- ``ERRATA_A510_2042739``: This applies errata 2042739 workaround to + Cortex-A510 CPU. This needs to be enabled only for revisions r0p0, r0p1 and + r0p2, it is fixed in r0p3. + +- ``ERRATA_A510_2041909``: This applies errata 2041909 workaround to + Cortex-A510 CPU. This needs to be enabled only for revision r0p2 and is fixed + in r0p3. The issue is also present in r0p0 and r0p1 but there is no + workaround for those revisions. + +- ``ERRATA_A510_2250311``: This applies errata 2250311 workaround to + Cortex-A510 CPU. This needs to be enabled for revisions r0p0, r0p1, r0p2, + r0p3 and r1p0, it is fixed in r1p1. This workaround disables MPMM even if + ENABLE_MPMM=1. + +- ``ERRATA_A510_2218950``: This applies errata 2218950 workaround to + Cortex-A510 CPU. This needs to be enabled for revisions r0p0, r0p1, r0p2, + r0p3 and r1p0, it is fixed in r1p1. + +- ``ERRATA_A510_2172148``: This applies errata 2172148 workaround to + Cortex-A510 CPU. This needs to be enabled for revisions r0p0, r0p1, r0p2, + r0p3 and r1p0, it is fixed in r1p1. + DSU Errata Workarounds ---------------------- @@ -468,6 +576,12 @@ r2p0 it is fixed). However, please note that this workaround results in increased DSU power consumption on idle. +- ``ERRATA_DSU_2313941``: This applies errata 2313941 workaround for the + affected DSU configurations. This errata applies for those DSUs with + revisions r0p0, r1p0, r2p0, r2p1, r3p0, r3p1 and is still open. However, + please note that this workaround results in increased DSU power consumption + on idle. + CPU Specific optimizations -------------------------- @@ -516,6 +630,7 @@ .. _CVE-2017-5715: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 .. _CVE-2018-3639: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 +.. _CVE-2022-23960: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960 .. _Cortex-A53 MPCore Software Developers Errata Notice: http://infocenter.arm.com/help/topic/com.arm.doc.epm048406/index.html .. _Cortex-A57 MPCore Software Developers Errata Notice: http://infocenter.arm.com/help/topic/com.arm.doc.epm049219/index.html .. _Cortex-A72 MPCore Software Developers Errata Notice: http://infocenter.arm.com/help/topic/com.arm.doc.epm012079/index.html
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst index 0831dc0..71fdfcb 100644 --- a/docs/design/firmware-design.rst +++ b/docs/design/firmware-design.rst
@@ -131,6 +131,9 @@ - For other BL3x images, if the firmware configuration file is loaded by BL2, then its address is passed in ``arg0`` and if HW_CONFIG is loaded then its address is passed in ``arg1``. + - In case of the Arm FVP platform, FW_CONFIG address passed in ``arg1`` to + BL31/SP_MIN, and the SOC_FW_CONFIG and HW_CONFIG details are retrieved + from FW_CONFIG device tree. BL1 ~~~ @@ -1757,12 +1760,20 @@ DRAM 0xffffffff +----------+ : : - |----------| + 0x82100000 |----------| |HW_CONFIG | - 0x83000000 |----------| (non-secure) + 0x82000000 |----------| (non-secure) | | 0x80000000 +----------+ + Trusted DRAM + 0x08000000 +----------+ + |HW_CONFIG | + 0x07f00000 |----------| + : : + | | + 0x06000000 +----------+ + Trusted SRAM 0x04040000 +----------+ loaded by BL2 +----------------+ | BL1 (rw) | <<<<<<<<<<<<< | | @@ -1790,15 +1801,18 @@ DRAM 0xffffffff +--------------+ : : - |--------------| + 0x82100000 |--------------| | HW_CONFIG | - 0x83000000 |--------------| (non-secure) + 0x82000000 |--------------| (non-secure) | | 0x80000000 +--------------+ - Trusted DRAM + Trusted DRAM 0x08000000 +--------------+ - | BL32 | + | HW_CONFIG | + 0x07f00000 |--------------| + : : + | BL32 | 0x06000000 +--------------+ Trusted SRAM @@ -1829,12 +1843,20 @@ | BL32 | (secure) 0xff000000 +----------+ | | - |----------| + 0x82100000 |----------| |HW_CONFIG | - 0x83000000 |----------| (non-secure) + 0x82000000 |----------| (non-secure) | | 0x80000000 +----------+ + Trusted DRAM + 0x08000000 +----------+ + |HW_CONFIG | + 0x7f000000 |----------| + : : + | | + 0x06000000 +----------+ + Trusted SRAM 0x04040000 +----------+ loaded by BL2 +----------------+ | BL1 (rw) | <<<<<<<<<<<<< | | @@ -2729,7 +2751,7 @@ -------------- -*Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.* .. _Power State Coordination Interface PDD: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf .. _SMCCC: https://developer.arm.com/docs/den0028/latest
diff --git a/docs/design/reset-design.rst b/docs/design/reset-design.rst index 7b10c95..666ee4f 100644 --- a/docs/design/reset-design.rst +++ b/docs/design/reset-design.rst
@@ -141,19 +141,26 @@ Platform initialization ~~~~~~~~~~~~~~~~~~~~~~~ -In this configuration, when the CPU resets to BL31 there are no parameters that -can be passed in registers by previous boot stages. Instead, the platform code -in BL31 needs to know, or be able to determine, the location of the BL32 (if -required) and BL33 images and provide this information in response to the +In this configuration, when the CPU resets to BL31 there should be no parameters +that can be passed in registers by previous boot stages. Instead, the platform +code in BL31 needs to know, or be able to determine, the location of the BL32 +(if required) and BL33 images and provide this information in response to the ``bl31_plat_get_next_image_ep_info()`` function. +.. note:: + Some platforms that configure ``RESET_TO_BL31`` might still be able to + receive parameters in registers depending on their actual boot sequence. On + those occasions, and in addition to ``RESET_TO_BL31``, these platforms should + set ``RESET_TO_BL31_WITH_PARAMS`` to avoid the input registers from being + zeroed before entering BL31. + Additionally, platform software is responsible for carrying out any security initialisation, for example programming a TrustZone address space controller. This might be done by the Trusted Boot Firmware or by platform code in BL31. -------------- -*Copyright (c) 2015-2019, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.* .. |Default reset code flow| image:: ../resources/diagrams/default_reset_code.png .. |Reset code flow with programmable reset address| image:: ../resources/diagrams/reset_code_no_boot_type_check.png
diff --git a/docs/design_documents/context_mgmt_rework.rst b/docs/design_documents/context_mgmt_rework.rst new file mode 100644 index 0000000..59f9d4e --- /dev/null +++ b/docs/design_documents/context_mgmt_rework.rst
@@ -0,0 +1,197 @@ +Enhance Context Management library for EL3 firmware +=================================================== + +:Authors: Soby Mathew & Zelalem Aweke +:Organization: Arm Limited +:Contact: Soby Mathew <soby.mathew@arm.com> & Zelalem Aweke <zelalem.aweke@arm.com> +:Status: RFC + +.. contents:: Table of Contents + +Introduction +------------ +The context management library in TF-A provides the basic CPU context +initialization and management routines for use by different components +in EL3 firmware. The original design of the library was done keeping in +mind the 2 world switch and hence this design pattern has been extended to +keep up with growing requirements of EL3 firmware. With the introduction +of a new Realm world and a separate Root world for EL3 firmware, it is clear +that this library needs to be refactored to cater for future enhancements and +reduce chances of introducing error in code. This also aligns with the overall +goal of reducing EL3 firmware complexity and footprint. + +It is expected that the suggestions below could have legacy implications and +hence we are mainly targeting SPM/RMM based systems. It is expected that these +legacy issues will need to be sorted out as part of implementation on a case +by case basis. + +Design Principles +----------------- +The below section lays down the design principles for re-factoring the context +management library : + +(1) **Decentralized model for context mgmt** + + Both the Secure and Realm worlds have associated dispatcher component in + EL3 firmware to allow management of their respective worlds. Allowing the + dispatcher to own the context for their respective world and moving away + from a centralized policy management by context management library will + remove the world differentiation code in the library. This also means that + the library will not be responsible for CPU feature enablement for + Secure and Realm worlds. See point 3 and 4 for more details. + + The Non Secure world does not have a dispatcher component and hence EL3 + firmware (BL31)/context management library needs to have routines to help + initialize the Non Secure world context. + +(2) **EL3 should only initialize immediate used lower EL** + + Due to the way TF-A evolved, from EL3 interacting with an S-EL1 payload to + SPM in S-EL2, there is some code initializing S-EL1 registers which is + probably redundant when SPM is present in S-EL2. As a principle, EL3 + firmware should only initialize the next immediate lower EL in use. + If EL2 needs to be skipped and is not to be used at runtime, then + EL3 can do the bare minimal EL2 init and init EL1 to prepare for EL3 exit. + It is expected that this skip EL2 configuration is only needed for NS + world to support legacy Android deployments. It is worth removing this + `skip EL2 for Non Secure` config support if this is no longer used. + +(3) **Maintain EL3 sysregs which affect lower EL within CPU context** + + The CPU context contains some EL3 sysregs and gets applied on a per-world + basis (eg: cptr_el3, scr_el3, zcr_el3 is part of the context + because different settings need to be applied between each world). + But this design pattern is not enforced in TF-A. It is possible to directly + modify EL3 sysreg dynamically during the transition between NS and Secure + worlds. Having multiple ways of manipulating EL3 sysregs for different + values between the worlds is flaky and error prone. The proposal is to + enforce the rule that any EL3 sysreg which can be different between worlds + is maintained in the CPU Context. Once the context is initialized the + EL3 sysreg values corresponding to the world being entered will be restored. + +(4) **Allow more flexibility for Dispatchers to select feature set to save and restore** + + The current functions for EL2 CPU context save and restore is a single + function which takes care of saving and restoring all the registers for + EL2. This method is inflexible and it does not allow to dynamically detect + CPU features to select registers to save and restore. It also assumes that + both Realm and Secure world will have the same feature set enabled from + EL3 at runtime and makes it hard to enable different features for each + world. The framework should cater for selective save and restore of CPU + registers which can be controlled by the dispatcher. + + For the implementation, this could mean that there is a separate assembly + save and restore routine corresponding to Arch feature. The memory allocation + within the CPU Context for each set of registers will be controlled by a + FEAT_xxx build option. It is a valid configuration to have + context memory allocated but not used at runtime based on feature detection + at runtime or the platform owner has decided not to enable the feature + for the particular world. + +Context Allocation and Initialization +------------------------------------- + +|context_mgmt_abs| + +.. |context_mgmt_abs| image:: + ../resources/diagrams/context_management_abs.png + +The above figure shows how the CPU context is allocated within TF-A. The +allocation for Secure and Realm world is by the respective dispatcher. In the case +of NS world, the context is allocated by the PSCI lib. This scheme allows TF-A +to be built in various configurations (with or without Secure/Realm worlds) and +will result in optimal memory footprint. The Secure and Realm world contexts are +initialized by invoking context management library APIs which then initialize +each world based on conditional evaluation of the security state of the +context. The proposal here is to move the conditional initialization +of context for Secure and Realm worlds to their respective dispatchers and +have the library do only the common init needed. The library can export +helpers to initialize registers corresponding to certain features but +should not try to do different initialization between the worlds. The library +can also export helpers for initialization of NS CPU Context since there is no +dispatcher for that world. + +This implies that any world specific code in context mgmt lib should now be +migrated to the respective "owners". To maintain compatibility with legacy, the +current functions can be retained in the lib and perhaps define new ones for +use by SPMD and RMMD. The details of this can be worked out during +implementation. + +Introducing Root Context +------------------------ +Till now, we have been ignoring the fact that Root world (or EL3) itself could +have some settings which are distinct from NS/S/Realm worlds. In this case, +Root world itself would need to maintain some sysregs settings for its own +execution and would need to use sysregs of lower EL (eg: PAuth, pmcr) to enable +some functionalities in EL3. The current sequence for context save and restore +in TF-A is as given below: + +|context_mgmt_existing| + +.. |context_mgmt_existing| image:: + ../resources/diagrams/context_mgmt_existing.png + +Note1: The EL3 CPU context is not a homogenous collection of EL3 sysregs but +a collection of EL3 and some other lower EL registers. The save and restore +is also not done homogenously but based on the objective of using the +particular register. + +Note2: The EL1 context save and restore can possibly be removed when switching +to S-EL2 as SPM can take care of saving the incoming NS EL1 context. + +It can be seen that the EL3 sysreg values applied while the execution is in Root +world corresponds to the world it came from (eg: if entering EL3 from NS world, +the sysregs correspond to the values in NS context). There is a case that EL3 +itself may have some settings to apply for various reasons. A good example for +this is the cptr_el3 regsiter. Although FPU traps need to be disabled for +Non Secure, Secure and Realm worlds, the EL3 execution itself may keep the trap +enabled for the sake of robustness. Another example is, if the MTE feature +is enabled for a particular world, this feature will be enabled for Root world +as well when entering EL3 from that world. The firmware at EL3 may not +be expecting this feature to be enabled and may cause unwanted side-effects +which could be problematic. Thus it would be more robust if Root world is not +subject to EL3 sysreg values from other worlds but maintains its own values +which is stable and predictable throughout root world execution. + +There is also the case that when EL3 would like to make use of some +Architectural feature(s) or do some security hardening, it might need +programming of some lower EL sysregs. For example, if EL3 needs to make +use of Pointer Authentication (PAuth) feature, it needs to program +its own PAuth Keys during execution at EL3. Hence EL3 needs its +own copy of PAuth registers which needs to be restored on every +entry to EL3. A similar case can be made for DIT bit in PSTATE, +or use of SP_EL0 for C Runtime Stack at EL3. + +The proposal here is to maintain a separate root world CPU context +which gets applied for Root world execution. This is not the full +CPU_Context, but subset of EL3 sysregs (`el3_sysreg`) and lower EL +sysregs (`root_exc_context`) used by EL3. The save and restore +sequence for this Root context would need to be done in +an optimal way. The `el3_sysreg` does not need to be saved +on EL3 Exit and possibly only some registers in `root_exc_context` +of Root world context would need to be saved on EL3 exit (eg: SP_EL0). + +The new sequence for world switch including Root world context would +be as given below : + +|context_mgmt_proposed| + +.. |context_mgmt_proposed| image:: + ../resources/diagrams/context_mgmt_proposed.png + +Having this framework in place will allow Root world to make use of lower EL +registers easily for its own purposes and also have a fixed EL3 sysreg setting +which is not affected by the settings of other worlds. This will unify the +Root world register usage pattern for its own execution and remove some +of the adhoc usages in code. + +Conclusion +---------- +Of all the proposals, the introduction of Root world context would likely need +further prototyping to confirm the design and we will need to measure the +performance and memory impact of this change. Other changes are incremental +improvements which are thought to have negligible impact on EL3 performance. + +-------------- + +*Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/design_documents/index.rst b/docs/design_documents/index.rst index c82d2ee..257a510 100644 --- a/docs/design_documents/index.rst +++ b/docs/design_documents/index.rst
@@ -7,6 +7,7 @@ :numbered: cmake_framework + context_mgmt_rework measured_boot_poc --------------
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index 7662a14..cfd7201 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst
@@ -174,14 +174,23 @@ registers to be included when saving and restoring the CPU context. Default is 0. -- ``CTX_INCLUDE_NEVE_REGS``: Boolean option that, when set to 1, will cause the - Armv8.4-NV registers to be saved/restored when entering/exiting an EL2 - execution context. Default value is 0. +- ``CTX_INCLUDE_MTE_REGS``: Numeric value to include Memory Tagging Extension + registers in cpu context. This must be enabled, if the platform wants to use + this feature in the Secure world and MTE is enabled at ELX. This flag can + take values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism. + Default value is 0. -- ``CTX_INCLUDE_PAUTH_REGS``: Boolean option that, when set to 1, enables - Pointer Authentication for Secure world. This will cause the ARMv8.3-PAuth - registers to be included when saving and restoring the CPU context as - part of world switch. Default value is 0. +- ``CTX_INCLUDE_NEVE_REGS``: Numeric value, when set will cause the Armv8.4-NV + registers to be saved/restored when entering/exiting an EL2 execution + context. This flag can take values 0 to 2, to align with the + ``FEATURE_DETECTION`` mechanism. Default value is 0. + +- ``CTX_INCLUDE_PAUTH_REGS``: Numeric value to enable the Pointer + Authentication for Secure world. This will cause the ARMv8.3-PAuth registers + to be included when saving and restoring the CPU context as part of world + switch. This flag can take values 0 to 2, to align with ``FEATURE_DETECTION`` + mechanism. Default value is 0. + Note that Pointer Authentication is enabled for Non-secure world irrespective of the value of this flag if the CPU supports it. @@ -246,24 +255,109 @@ builds, but this behaviour can be overridden in each platform's Makefile or in the build command line. -- ``ENABLE_FEAT_HCX``: This option sets the bit SCR_EL3.HXEn in EL3 to allow - access to HCRX_EL2 (extended hypervisor control register) from EL2 as well as - adding HCRX_EL2 to the EL2 context save/restore operations. +- ``ENABLE_FEAT_AMUv1``: Numeric value to enable access to the HAFGRTR_EL2 + (Hypervisor Activity Monitors Fine-Grained Read Trap Register) during EL2 + to EL3 context save/restore operations. This flag can take the values 0 to 2, + to align with the ``FEATURE_DETECTION`` mechanism. It is an optional feature + available on v8.4 and onwards and must be set to either 1 or 2 alongside + ``ENABLE_FEAT_FGT``, to access the HAFGRTR_EL2 register. + Default value is ``0``. + +- ``ENABLE_FEAT_AMUv1p1``: Numeric value to enable the ``FEAT_AMUv1p1`` + extension. ``FEAT_AMUv1p1`` is an optional feature available on Arm v8.6 + onwards. This flag can take the values 0 to 2, to align with the + ``FEATURE_DETECTION`` mechanism. Default value is ``0``. + +- ``ENABLE_FEAT_CSV2_2``: Numeric value to enable the ``FEAT_CSV2_2`` + extension. It allows access to the SCXTNUM_EL2 (Software Context Number) + register during EL2 context save/restore operations. ``FEAT_CSV2_2`` is an + optional feature available on Arm v8.0 onwards. This flag can take values + 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism. + Default value is ``0``. + +- ``ENABLE_FEAT_DIT``: Numeric value to enable ``FEAT_DIT`` (Data Independent + Timing) extension. It allows setting the ``DIT`` bit of PSTATE in EL3. + ``FEAT_DIT`` is a mandatory architectural feature and is enabled from v8.4 + and upwards. This flag can take the values 0 to 2, to align with the + ``FEATURE_DETECTION`` mechanism. Default value is ``0``. + +- ``ENABLE_FEAT_ECV``: Numeric value to enable support for the Enhanced Counter + Virtualization feature, allowing for access to the CNTPOFF_EL2 (Counter-timer + Physical Offset register) during EL2 to EL3 context save/restore operations. + Its a mandatory architectural feature and is enabled from v8.6 and upwards. + This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. Default value is ``0``. + +- ``ENABLE_FEAT_FGT``: Numeric value to enable support for FGT (Fine Grain Traps) + feature allowing for access to the HDFGRTR_EL2 (Hypervisor Debug Fine-Grained + Read Trap Register) during EL2 to EL3 context save/restore operations. + Its a mandatory architectural feature and is enabled from v8.6 and upwards. + This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. Default value is ``0``. + +- ``ENABLE_FEAT_HCX``: Numeric value to set the bit SCR_EL3.HXEn in EL3 to + allow access to HCRX_EL2 (extended hypervisor control register) from EL2 as + well as adding HCRX_EL2 to the EL2 context save/restore operations. Its a + mandatory architectural feature and is enabled from v8.7 and upwards. This + flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. Default value is ``0``. + +- ``ENABLE_FEAT_PAN``: Numeric value to enable the ``FEAT_PAN`` (Privileged + Access Never) extension. ``FEAT_PAN`` adds a bit to PSTATE, generating a + permission fault for any privileged data access from EL1/EL2 to virtual + memory address, accessible at EL0, provided (HCR_EL2.E2H=1). It is a + mandatory architectural feature and is enabled from v8.1 and upwards. This + flag can take values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. Default value is ``0``. + +- ``ENABLE_FEAT_RNG``: Numeric value to enable the ``FEAT_RNG`` extension. + ``FEAT_RNG`` is an optional feature available on Arm v8.5 onwards. This + flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. Default is ``0``. + +- ``ENABLE_FEAT_SB``: Numeric value to enable the ``FEAT_SB`` (Speculation + Barrier) extension allowing access to ``sb`` instruction. ``FEAT_SB`` is an + optional feature and defaults to ``0`` for pre-Armv8.5 CPUs but are mandatory + for Armv8.5 or later CPUs. This flag can take values 0 to 2, to align with + ``FEATURE_DETECTION`` mechanism. It is enabled from v8.5 and upwards and if + needed could be overidden from platforms explicitly. Default value is ``0``. + +- ``ENABLE_FEAT_SEL2``: Numeric value to enable the ``FEAT_SEL2`` (Secure EL2) + extension. ``FEAT_SEL2`` is a mandatory feature available on Arm v8.4. + This flag can take values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. Default is ``0``. + +- ``ENABLE_FEAT_TWED``: Numeric value to enable the ``FEAT_TWED`` (Delayed + trapping of WFE Instruction) extension. ``FEAT_TWED`` is a optional feature + available on Arm v8.6. This flag can take values 0 to 2, to align with the + ``FEATURE_DETECTION`` mechanism. Default is ``0``. + + When ``ENABLE_FEAT_TWED`` is set to ``1``, WFE instruction trapping gets + delayed by the amount of value in ``TWED_DELAY``. + +- ``ENABLE_FEAT_VHE``: Numeric value to enable the ``FEAT_VHE`` (Virtualization + Host Extensions) extension. It allows access to CONTEXTIDR_EL2 register + during EL2 context save/restore operations.``FEAT_VHE`` is a mandatory + architectural feature and is enabled from v8.1 and upwards. It can take + values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism. + Default value is ``0``. - ``ENABLE_LTO``: Boolean option to enable Link Time Optimization (LTO) support in GCC for TF-A. This option is currently only supported for AArch64. Default is 0. -- ``ENABLE_MPAM_FOR_LOWER_ELS``: Boolean option to enable lower ELs to use MPAM +- ``ENABLE_MPAM_FOR_LOWER_ELS``: Numeric value to enable lower ELs to use MPAM feature. MPAM is an optional Armv8.4 extension that enables various memory system components and resources to define partitions; software running at various ELs can assign themselves to desired partition to control their performance aspects. - When this option is set to ``1``, EL3 allows lower ELs to access their own - MPAM registers without trapping into EL3. This option doesn't make use of - partitioning in EL3, however. Platform initialisation code should configure - and use partitions in EL3 as required. This option defaults to ``0``. + This flag can take values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. When this option is set to ``1`` or ``2``, EL3 allows lower ELs to + access their own MPAM registers without trapping into EL3. This option + doesn't make use of partitioning in EL3, however. Platform initialisation + code should configure and use partitions in EL3 as required. This option + defaults to ``0``. - ``ENABLE_MPMM``: Boolean option to enable support for the Maximum Power Mitigation Mechanism supported by certain Arm cores, which allows the SoC @@ -289,9 +383,10 @@ be enabled. If ``ENABLE_PMF`` is set, the residency statistics are tracked in software. -- ``ENABLE_RME``: Boolean option to enable support for the ARMv9 Realm - Management Extension. Default value is 0. This is currently an experimental - feature. +- ``ENABLE_RME``: Numeric value to enable support for the ARMv9 Realm + Management Extension. This flag can take the values 0 to 2, to align with + the ``FEATURE_DETECTION`` mechanism. Default value is 0. This is currently + an experimental feature. - ``ENABLE_RUNTIME_INSTRUMENTATION``: Boolean option to enable runtime instrumentation which injects timestamp collection points into TF-A to @@ -334,8 +429,8 @@ - ``ENABLE_SVE_FOR_SWD``: Boolean option to enable SVE for the Secure world. SVE is an optional architectural feature for AArch64. Note that this option - requires ENABLE_SVE_FOR_NS to be enabled. The default is 0 and it is - automatically disabled when the target architecture is AArch32. + requires ENABLE_SVE_FOR_NS to be enabled. The default is 0 and it + is automatically disabled when the target architecture is AArch32. - ``ENABLE_STACK_PROTECTOR``: String option to enable the stack protection checks in GCC. Allowed values are "all", "strong", "default" and "none". The @@ -381,6 +476,43 @@ This feature is intended for testing purposes only, and is advisable to keep disabled for production images. +- ``FEATURE_DETECTION``: Boolean option to enable the architectural features + detection mechanism. It detects whether the Architectural features enabled + through feature specific build flags are supported by the PE or not by + validating them either at boot phase or at runtime based on the value + possessed by the feature flag (0 to 2) and report error messages at an early + stage. + + This prevents and benefits us from EL3 runtime exceptions during context save + and restore routines guarded by these build flags. Henceforth validating them + before their usage provides more control on the actions taken under them. + + The mechanism permits the build flags to take values 0, 1 or 2 and + evaluates them accordingly. + + Lets consider ``ENABLE_FEAT_HCX``, build flag for ``FEAT_HCX`` as an example: + + :: + + ENABLE_FEAT_HCX = 0: Feature disabled statically at compile time. + ENABLE_FEAT_HCX = 1: Feature Enabled and the flag is validated at boottime. + ENABLE_FEAT_HCX = 2: Feature Enabled and the flag is validated at runtime. + + In the above example, if the feature build flag, ``ENABLE_FEAT_HCX`` set to + 0, feature is disabled statically during compilation. If it is defined as 1, + feature is validated, wherein FEAT_HCX is detected at boot time. In case not + implemented by the PE, a hard panic is generated. Finally, if the flag is set + to 2, feature is validated at runtime. + + Note that the entire implementation is divided into two phases, wherein as + as part of phase-1 we are supporting the values 0,1. Value 2 is currently not + supported and is planned to be handled explicilty in phase-2 implementation. + + FEATURE_DETECTION macro is disabled by default, and is currently an + experimental procedure. Platforms can explicitly make use of this by + mechanism, by enabling it to validate whether they have set their build flags + properly at an early phase. + - ``FIP_NAME``: This is an optional build option which specifies the FIP filename for the ``fip`` target. Default is ``fip.bin``. @@ -511,9 +643,18 @@ the build. The default value is 40 in debug builds and 20 in release builds. - ``MEASURED_BOOT``: Boolean flag to include support for the Measured Boot - feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set as well - in order to provide trust that the code taking the measurements and recording - them has not been tampered with. + feature. This flag can be enabled with ``TRUSTED_BOARD_BOOT`` in order to + provide trust that the code taking the measurements and recording them has + not been tampered with. + + This option defaults to 0. + +- ``DRTM_SUPPORT``: Boolean flag to enable support for Dynamic Root of Trust + for Measurement (DRTM). This feature has trust dependency on BL31 for taking + the measurements and recording them as per `PSA DRTM specification`_. For + platforms which use BL2 to load/authenticate BL31 ``TRUSTED_BOARD_BOOT`` can + be used and for the platforms which use ``RESET_TO_BL31`` platform owners + should have mechanism to authenticate BL31. This option defaults to 0. @@ -570,9 +711,10 @@ enabled on Arm platforms, the option ``ARM_RECOM_STATE_ID_ENC`` needs to be set to 1 as well. -- ``RAS_EXTENSION``: When set to ``1``, enable Armv8.2 RAS features. RAS features +- ``RAS_EXTENSION``: Numeric value to enable Armv8.2 RAS features. RAS features are an optional extension for pre-Armv8.2 CPUs, but are mandatory for Armv8.2 - or later CPUs. + or later CPUs. This flag can take the values 0 to 2, to align with the + ``FEATURE_DETECTION`` mechanism. When ``RAS_EXTENSION`` is set to ``1``, ``HANDLE_EA_EL3_FIRST`` must also be set to ``1``. @@ -584,6 +726,11 @@ entrypoint) or 1 (CPU reset to BL31 entrypoint). The default value is 0. +- ``RESET_TO_BL31_WITH_PARAMS``: If ``RESET_TO_BL31`` has been enabled, setting + this additional option guarantees that the input registers are not cleared + therefore allowing parameters to be passed to the BL31 entrypoint. + The default value is 0. + - ``RESET_TO_SP_MIN``: SP_MIN is the minimal AArch32 Secure Payload provided in TF-A. This flag configures SP_MIN entrypoint as the CPU reset vector instead of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1 @@ -629,6 +776,13 @@ ``BL31_NOBITS_LIMIT``. When the option is ``0`` (the default), NOBITS sections are placed in RAM immediately following the loaded firmware image. +- ``SEPARATE_BL2_NOLOAD_REGION``: Setting this option to ``1`` allows the + NOLOAD sections of BL2 (.bss, stacks, page tables) to be allocated in RAM + discontiguous from loaded firmware images. When set, the platform need to + provide definitions of ``BL2_NOLOAD_START`` and ``BL2_NOLOAD_LIMIT``. This + flag is disabled by default and NOLOAD sections are placed in RAM immediately + following the loaded firmware image. + - ``SMC_PCI_SUPPORT``: This option allows platforms to handle PCI configuration access requests via a standard SMCCC defined in `DEN0115`_. When combined with UEFI+ACPI this can provide a certain amount of OS forward compatibility @@ -648,13 +802,20 @@ firmware images have been loaded in memory, and the MMU and caches are turned off. Refer to the "Debugging options" section for more details. -- ``SPMD_SPM_AT_SEL2`` : this boolean option is used jointly with the SPM +- ``SPMC_AT_EL3`` : This boolean option is used jointly with the SPM Dispatcher option (``SPD=spmd``). When enabled (1) it indicates the SPMC - component runs at the S-EL2 execution state provided by the Armv8.4-SecEL2 + component runs at the EL3 exception level. The default value is ``0`` ( + disabled). This configuration supports pre-Armv8.4 platforms (aka not + implementing the ``FEAT_SEL2`` extension). This is an experimental feature. + +- ``SPMD_SPM_AT_SEL2`` : This boolean option is used jointly with the SPM + Dispatcher option (``SPD=spmd``). When enabled (1) it indicates the SPMC + component runs at the S-EL2 exception level provided by the ``FEAT_SEL2`` extension. This is the default when enabling the SPM Dispatcher. When disabled (0) it indicates the SPMC component runs at the S-EL1 execution - state. This latter configuration supports pre-Armv8.4 platforms (aka not - implementing the Armv8.4-SecEL2 extension). + state or at EL3 if ``SPMC_AT_EL3`` is enabled. The latter configurations + support pre-Armv8.4 platforms (aka not implementing the ``FEAT_SEL2`` + extension). - ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure Partition Manager (SPM) implementation. The default value is ``0`` @@ -706,6 +867,12 @@ When ``EL3_EXCEPTION_HANDLING`` is ``1``, ``TSP_NS_INTR_ASYNC_PREEMPT`` must also be set to ``1``. +- ``TWED_DELAY``: Numeric value to be set in order to delay the trapping of + WFE instruction. ``ENABLE_FEAT_TWED`` build option must be enabled to set + this delay. It can take values in the range (0-15). Default value is ``0`` + and based on this value, 2^(TWED_DELAY + 8) cycles will be delayed. + Platforms need to explicitly update this value based on their requirements. + - ``USE_ARM_LINK``: This flag determines whether to enable support for ARM linker. When the ``LINKER`` build variable points to the armlink linker, this flag is enabled automatically. To enable support for armlink, platforms @@ -815,6 +982,11 @@ functions that wait for an arbitrary time length (udelay and mdelay). The default value is 0. +- ``ENABLE_BRBE_FOR_NS``: This flag enables access to the branch record buffer + registers from NS ELs when FEAT_BRBE is implemented. BRBE is an optional + architectural feature for AArch64. The default is 0 and it is automatically + disabled when the target architecture is AArch32. + - ``ENABLE_TRBE_FOR_NS``: This flag is used to enable access of trace buffer control registers from NS ELs, NS-EL2 or NS-EL1(when NS-EL2 is implemented but unused) when FEAT_TRBE is implemented. TRBE is an optional architectural @@ -826,9 +998,15 @@ but unused). This feature is available if trace unit such as ETMv4.x, and ETE(extending ETM feature) is implemented. This flag is disabled by default. -- ``ENABLE_TRF_FOR_NS``: Boolean option to enable trace filter control registers +- ``ENABLE_TRF_FOR_NS``: Numeric value to enable trace filter control registers access from NS ELs, NS-EL2 or NS-EL1 (when NS-EL2 is implemented but unused), - if FEAT_TRF is implemented. This flag is disabled by default. + if FEAT_TRF is implemented. This flag can take the values 0 to 2, to align + with the ``FEATURE_DETECTION`` mechanism. This flag is disabled by default. + +- ``PLAT_RSS_NOT_SUPPORTED``: Boolean option to enable the usage of the PSA + APIs on platforms that doesn't support RSS (providing Arm CCA HES + functionalities). When enabled (``1``), a mocked version of the APIs are used. + The default value is 0. GICv3 driver options -------------------- @@ -873,11 +1051,11 @@ make PLAT=<platform> DEBUG=1 V=1 all -AArch64 GCC uses DWARF version 4 debugging symbols by default. Some tools (for -example DS-5) might not support this and may need an older version of DWARF -symbols to be emitted by GCC. This can be achieved by using the -``-gdwarf-<version>`` flag, with the version being set to 2 or 3. Setting the -version to 2 is recommended for DS-5 versions older than 5.16. +AArch64 GCC 11 uses DWARF version 5 debugging symbols by default. Some tools +(for example Arm-DS) might not support this and may need an older version of +DWARF symbols to be emitted by GCC. This can be achieved by using the +``-gdwarf-<version>`` flag, with the version being set to 2, 3, 4 or 5. Setting +the version to 4 is recommended for Arm-DS. When debugging logic problems it might also be useful to disable all compiler optimizations by using ``-O0``. @@ -902,7 +1080,7 @@ post-BL2 phase of TF-A. This can be done by rebuilding BL1 with the ``SPIN_ON_BL1_EXIT=1`` build flag. Refer to the :ref:`build_options_common` section. In this case, the developer may take control of the target using a -debugger when indicated by the console output. When using DS-5, the following +debugger when indicated by the console output. When using Arm-DS, the following commands can be used: :: @@ -943,7 +1121,8 @@ -------------- -*Copyright (c) 2019-2021, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2022, Arm Limited. All rights reserved.* .. _DEN0115: https://developer.arm.com/docs/den0115/latest .. _PSA FW update specification: https://developer.arm.com/documentation/den0118/a/ +.. _PSA DRTM specification: https://developer.arm.com/documentation/den0113/a
diff --git a/docs/getting_started/initial-build.rst b/docs/getting_started/initial-build.rst index d4a8f01..62f1941 100644 --- a/docs/getting_started/initial-build.rst +++ b/docs/getting_started/initial-build.rst
@@ -18,16 +18,12 @@ It is possible to build TF-A using Clang or Arm Compiler 6. To do so ``CC`` needs to point to the clang or armclang binary, which will - also select the clang or armclang assembler. Be aware that for Arm Compiler, - the GNU linker is used by default. However for Clang LLVM linker (LLD) - is used by default. In case of being needed the linker can be overridden - using the ``LD`` variable. LLVM linker (LLD) version 9 is - known to work with TF-A. - - In both cases ``CROSS_COMPILE`` should be set as described above. - - Arm Compiler 6 will be selected when the base name of the path assigned - to ``CC`` matches the string 'armclang'. + also select the clang or armclang assembler. Arm Compiler 6 will be selected + when the base name of the path assigned to ``CC`` matches the string + 'armclang'. GNU binutils are required since the TF-A build system doesn't + currently support Arm Scatter files. Meaning the GNU linker is used by + default for Arm Compiler 6. Because of this dependency, ``CROSS_COMPILE`` + should be set as described above. For AArch64 using Arm Compiler 6: @@ -36,6 +32,11 @@ export CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-none-elf- make CC=<path-to-armclang>/bin/armclang PLAT=<platform> all + On the other hand, Clang uses LLVM linker (LLD) and other LLVM binutils by + default instead of GNU utilities (LLVM linker (LLD) 14.0.0 is known to + work with TF-A). ``CROSS_COMPILE`` need not be set for Clang. Please note, + that the default linker may be manually overridden using the ``LD`` variable. + Clang will be selected when the base name of the path assigned to ``CC`` contains the string 'clang'. This is to allow both clang and clang-X.Y to work. @@ -44,7 +45,6 @@ .. code:: shell - export CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-none-elf- make CC=<path-to-clang>/bin/clang PLAT=<platform> all - Change to the root directory of the TF-A source tree and build. @@ -115,4 +115,4 @@ -------------- -*Copyright (c) 2020, Arm Limited. All rights reserved.* +*Copyright (c) 2020-2022, Arm Limited. All rights reserved.*
diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst index 92ff39f..2c6a005 100644 --- a/docs/getting_started/porting-guide.rst +++ b/docs/getting_started/porting-guide.rst
@@ -889,7 +889,7 @@ :: - Argument : struct fwu_metadata *metadata + Argument : const struct fwu_metadata *metadata Return : void This function is mandatory when PSA_FWU_SUPPORT is enabled. @@ -932,6 +932,25 @@ Alongside, returns device handle and image specification from the I/O policy of the requested FWU metadata image. +Function : plat_fwu_get_boot_idx() [when PSA_FWU_SUPPORT == 1] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Argument : void + Return : uint32_t + +This function is mandatory when PSA_FWU_SUPPORT is enabled. It provides the +means to retrieve the boot index value from the platform. The boot index is the +bank from which the platform has booted the firmware images. + +By default, the platform will read the metadata structure and try to boot from +the active bank. If the platform fails to boot from the active bank due to +reasons like an Authentication failure, or on crossing a set number of watchdog +resets while booting from the active bank, the platform can then switch to boot +from a different bank. This function then returns the bank that the platform +should boot its images from. + Common optional modifications ----------------------------- @@ -1195,7 +1214,7 @@ :: Argument : unsigned int, image_info_t * - Return : void + Return : int When the MEASURED_BOOT flag is enabled: @@ -1204,7 +1223,25 @@ - On the Arm FVP port, this function measures the given image using its passed id and information and then records that measurement in the Event Log buffer. -- This function must return 0 on success, a negative error code otherwise. +- This function must return 0 on success, a signed integer error code + otherwise. + +When the MEASURED_BOOT flag is disabled, this function doesn't do anything. + +Function : plat_mboot_measure_critical_data() +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Argument : unsigned int, const void *, size_t + Return : int + +When the MEASURED_BOOT flag is enabled: + +- This function measures the given critical data structure and records its + measurement using the measured boot backend driver. +- This function must return 0 on success, a signed integer error code + otherwise. When the MEASURED_BOOT flag is disabled, this function doesn't do anything. @@ -1980,6 +2017,58 @@ (that was copied during ``bl31_early_platform_setup()``) if the image exists. It should return NULL otherwise. +Function : plat_get_cca_attest_token() [mandatory when ENABLE_RME == 1] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Argument : uintptr_t, size_t *, uintptr_t, size_t + Return : int + +This function returns the Platform attestation token. + +The parameters of the function are: + + arg0 - A pointer to the buffer where the Platform token should be copied by + this function. The buffer must be big enough to hold the Platform + token. + + arg1 - Contains the size (in bytes) of the buffer passed in arg0. The + function returns the platform token length in this parameter. + + arg2 - A pointer to the buffer where the challenge object is stored. + + arg3 - The length of the challenge object in bytes. Possible values are 32, + 48 and 64. + +The function returns 0 on success, -EINVAL on failure. + +Function : plat_get_cca_realm_attest_key() [mandatory when ENABLE_RME == 1] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Argument : uintptr_t, size_t *, unsigned int + Return : int + +This function returns the delegated realm attestation key which will be used to +sign Realm attestation token. The API currently only supports P-384 ECC curve +key. + +The parameters of the function are: + + arg0 - A pointer to the buffer where the attestation key should be copied + by this function. The buffer must be big enough to hold the + attestation key. + + arg1 - Contains the size (in bytes) of the buffer passed in arg0. The + function returns the attestation key length in this parameter. + + arg2 - The type of the elliptic curve to which the requested attestation key + belongs. + +The function returns 0 on success, -EINVAL on failure. + Function : bl31_plat_enable_mmu [optional] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -2029,21 +2118,6 @@ of the system counter, which is retrieved from the first entry in the frequency modes table. -Function : plat_arm_set_twedel_scr_el3() [optional] -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -:: - - Argument : void - Return : uint32_t - -This function is used in v8.6+ systems to set the WFE trap delay value in -SCR_EL3. If this function returns TWED_DISABLED or is left unimplemented, this -feature is not enabled. The only hook provided is to set the TWED fields in -SCR_EL3, there are similar fields in HCR_EL2, SCTLR_EL2, and SCTLR_EL1 to adjust -the WFE trap delays in lower ELs and these fields should be set by the -appropriate EL2 or EL1 code depending on the platform configuration. - #define : PLAT_PERCPU_BAKERY_LOCK_SIZE [optional] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -3117,7 +3191,7 @@ -------------- -*Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.* .. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022c/DEN0022C_Power_State_Coordination_Interface.pdf .. _Arm Generic Interrupt Controller version 2.0 (GICv2): http://infocenter.arm.com/help/topic/com.arm.doc.ihi0048b/index.html
diff --git a/docs/getting_started/prerequisites.rst b/docs/getting_started/prerequisites.rst index ee30128..0b8a71c 100644 --- a/docs/getting_started/prerequisites.rst +++ b/docs/getting_started/prerequisites.rst
@@ -7,7 +7,6 @@ It may possible to build |TF-A| with combinations of software packages that are different from those listed below, however only the software described in this document can be officially supported. - Build Host ---------- @@ -26,9 +25,9 @@ |TF-A| can be built with any of the following *cross-compiler* toolchains that target the Armv7-A or Armv8-A architectures: -- GCC >= 10.3-2021.07 (from the `Arm Developer website`_) -- Clang >= 4.0 -- Arm Compiler >= 6.0 +- GCC >= 11.2-2022.02 (from the `Arm Developer website`_) +- Clang >= 14.0.0 +- Arm Compiler >= 6.18 In addition, a native compiler is required to build the supporting tools. @@ -54,13 +53,14 @@ The following libraries must be available to build one or more components or supporting tools: -- OpenSSL >= 1.0.1 +- OpenSSL >= 3.0 Required to build the cert_create tool. -The following libraries are required for Trusted Board Boot support: +The following libraries are required for Trusted Board Boot and Measured Boot +support: -- mbed TLS == 2.26.0 (tag: ``mbedtls-2.26.0``) +- mbed TLS == 2.28.0 (tag: ``mbedtls-2.28.0``) These tools are optional: @@ -70,7 +70,7 @@ source files (``.dts`` files). DTC is available for Linux through the package repositories of most distributions. -- Arm `Development Studio 5 (DS-5)`_ +- Arm `Development Studio (Arm-DS)`_ The standard software package used for debugging software on Arm development platforms and |FVP| models. @@ -159,11 +159,11 @@ -------------- -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2021-2022, Arm Limited. All rights reserved.* -.. _Arm Developer website: https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads +.. _Arm Developer website: https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads .. _Gerrit Code Review: https://www.gerritcodereview.com/ .. _Linaro Release Notes: https://community.arm.com/dev-platforms/w/docs/226/old-release-notes .. _Linaro instructions: https://community.arm.com/dev-platforms/w/docs/304/arm-reference-platforms-deliverables -.. _Development Studio 5 (DS-5): https://developer.arm.com/products/software-development-tools/ds-5-development-studio +.. _Development Studio (Arm-DS): https://developer.arm.com/Tools%20and%20Software/Arm%20Development%20Studio .. _Linaro Release 20.01: http://releases.linaro.org/members/arm/platforms/20.01
diff --git a/docs/plat/allwinner.rst b/docs/plat/allwinner.rst index b696989..3e9ce51 100644 --- a/docs/plat/allwinner.rst +++ b/docs/plat/allwinner.rst
@@ -8,24 +8,67 @@ Building TF-A ------------- -To build for machines with an A64 or H5 SoC: +There is one build target per supported SoC: + ++------+-------------------+ +| SoC | TF-A build target | ++======+===================+ +| A64 | sun50i_a64 | ++------+-------------------+ +| H5 | sun50i_a64 | ++------+-------------------+ +| H6 | sun50i_h6 | ++------+-------------------+ +| H616 | sun50i_h616 | ++------+-------------------+ +| H313 | sun50i_h616 | ++------+-------------------+ +| R329 | sun50i_r329 | ++------+-------------------+ + +To build with the default settings for a particular SoC: .. code:: shell - make CROSS_COMPILE=aarch64-linux-gnu- PLAT=sun50i_a64 DEBUG=1 bl31 + make CROSS_COMPILE=aarch64-linux-gnu- PLAT=<build target> DEBUG=1 -To build for machines with an H6 SoC: +So for instance to build for a board with the Allwinner A64 SoC:: -.. code:: shell + make CROSS_COMPILE=aarch64-linux-gnu- PLAT=sun50i_a64 DEBUG=1 - make CROSS_COMPILE=aarch64-linux-gnu- PLAT=sun50i_h6 DEBUG=1 bl31 +Platform-specific build options +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -To build for machines with an H616 or H313 SoC: +The default build options should generate a working firmware image. There are +some build options that allow to fine-tune the firmware, or to disable support +for optional features. -.. code:: shell +- ``SUNXI_PSCI_USE_NATIVE`` : Support direct control of the CPU cores powerdown + and powerup sequence by BL31. This requires either support for a code snippet + to be loaded into the ARISC SCP (A64, H5), or the power sequence control + registers to be programmed directly (H6, H616). This supports only basic + control, like core on/off and system off/reset. + This option defaults to 1. If an active SCP supporting the SCPI protocol + is detected at runtime, this control scheme will be ignored, and SCPI + will be used instead, unless support has been explicitly disabled. - make CROSS_COMPILE=aarch64-linux-gnu- PLAT=sun50i_h616 DEBUG=1 bl31 +- ``SUNXI_PSCI_USE_SCPI`` : Support control of the CPU cores powerdown and + powerup sequence by talking to the SCP processor via the SCPI protocol. + This allows more advanced power saving techniques, like suspend to RAM. + This option defaults to 1 on SoCs that feature an SCP. If no SCP firmware + using the SCPI protocol is detected, the native sequence will be used + instead. If both native and SCPI methods are included, SCPI will be favoured + if SCP support is detected. +- ``SUNXI_SETUP_REGULATORS`` : On SoCs that typically ship with a PMIC + power management controller, BL31 tries to set up all needed power rails, + programming them to their respective voltages. That allows bootloader + software like U-Boot to ignore power control via the PMIC. + This setting defaults to 1. In some situations that enables too many + regulators, or some regulators need to be enabled in a very specific + sequence. To avoid problems with those boards, ``SUNXI_SETUP_REGULATORS`` + can bet set to ``0`` on the build command line, to skip the PMIC setup + entirely. Any bootloader or OS would need to setup the PMIC on its own then. Installation ------------
diff --git a/docs/plat/arm/diphda/index.rst b/docs/plat/arm/corstone1000/index.rst similarity index 92% rename from docs/plat/arm/diphda/index.rst rename to docs/plat/arm/corstone1000/index.rst index 27afda4..b889b7f 100644 --- a/docs/plat/arm/diphda/index.rst +++ b/docs/plat/arm/corstone1000/index.rst
@@ -1,7 +1,7 @@ -Diphda Platform +Corstone1000 Platform ========================== -Some of the features of the Diphda platform referenced in TF-A include: +Some of the features of the Corstone1000 platform referenced in TF-A include: - Cortex-A35 application processor (64-bit mode) - Secure Enclave @@ -37,7 +37,7 @@ CC=aarch64-none-elf-gcc \ V=1 \ BUILD_BASE=<path to the build folder> \ - PLAT=diphda \ + PLAT=corstone1000 \ SPD=spmd \ SPMD_SPM_AT_SEL2=0 \ DEBUG=1 \
diff --git a/docs/plat/arm/fvp/index.rst b/docs/plat/arm/fvp/index.rst index 2aaf195..3d10e45 100644 --- a/docs/plat/arm/fvp/index.rst +++ b/docs/plat/arm/fvp/index.rst
@@ -12,7 +12,7 @@ (64-bit host machine only). .. note:: - The FVP models used are Version 11.16 Build 16, unless otherwise stated. + The FVP models used are Version 11.17 Build 21, unless otherwise stated. - ``Foundation_Platform`` - ``FVP_Base_AEMv8A-AEMv8A-AEMv8A-AEMv8A-CCN502`` @@ -48,12 +48,12 @@ - ``FVP_Base_Neoverse-N2x4`` (Version 11.12 build 38) - ``FVP_Base_Neoverse-V1x4`` - ``FVP_Base_RevC-2xAEMvA`` (For certain configurations also uses 0.0/6557) -- ``FVP_CSS_SGI-575`` (Version 11.15/26) -- ``FVP_Morello`` (Version 0.11/19) -- ``FVP_RD_E1_edge`` (Version 11.15/26) -- ``FVP_RD_N1_edge_dual`` (Version 11.15/26) -- ``FVP_RD_N1_edge`` (Version 11.15/26) -- ``FVP_RD_V1`` (Version 11.15/26) +- ``FVP_CSS_SGI-575`` (Version 11.17/33) +- ``FVP_Morello`` (Version 0.11/33) +- ``FVP_RD_E1_edge`` (Version 11.17/33) +- ``FVP_RD_N1_edge_dual`` (Version 11.17/33) +- ``FVP_RD_N1_edge`` (Version 11.17/33) +- ``FVP_RD_V1`` (Version 11.17/33) - ``FVP_TC0`` - ``FVP_TC1`` @@ -392,7 +392,8 @@ - BL1 is loaded at the start of the Trusted ROM. - The Firmware Image Package is loaded at the start of NOR FLASH0. - The firmware loads the FDT packaged in FIP to the DRAM. The FDT load address - is specified via the ``hw_config_addr`` property in `TB_FW_CONFIG for FVP`_. + is specified via the ``load-address`` property in the ``hw-config`` node of + `FW_CONFIG for FVP`_. - The default use-case for the Foundation FVP is to use the ``--gicv3`` option and enable the GICv3 device in the model. Note that without this option, the Foundation FVP defaults to legacy (Versatile Express) memory map which @@ -643,9 +644,9 @@ -------------- -*Copyright (c) 2019-2021, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2022, Arm Limited. All rights reserved.* -.. _TB_FW_CONFIG for FVP: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts +.. _FW_CONFIG for FVP: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/fdts/fvp_fw_config.dts .. _Arm's website: `FVP models`_ .. _FVP models: https://developer.arm.com/products/system-design/fixed-virtual-platforms .. _Linaro Release 20.01: http://releases.linaro.org/members/arm/platforms/20.01
diff --git a/docs/plat/arm/index.rst b/docs/plat/arm/index.rst index f262dc0..2f68522 100644 --- a/docs/plat/arm/index.rst +++ b/docs/plat/arm/index.rst
@@ -13,7 +13,7 @@ arm_fpga/index arm-build-options morello/index - diphda/index + corstone1000/index This chapter holds documentation related to Arm's development platforms, including both software models (FVPs) and hardware development boards
diff --git a/docs/plat/imx8m.rst b/docs/plat/imx8m.rst index 0fe15c9..101d52b 100644 --- a/docs/plat/imx8m.rst +++ b/docs/plat/imx8m.rst
@@ -60,3 +60,11 @@ All of the BL3x will be put in the FIP image. BL2 will verify them. In U-boot we turn on the UEFI secure boot features so it can verify grub. And we use grub to verify linux kernel. + +Measured Boot +------------- + +When setting MEASURED_BOOT=1 on imx8mm we can let TF-A generate event logs +with a DTB overlay. The overlay will be put at PLAT_IMX8M_DTO_BASE with +maximum size PLAT_IMX8M_DTO_MAX_SIZE. Then in U-boot we can apply the DTB +overlay and let U-boot to parse the event log and update the PCRs.
diff --git a/docs/plat/index.rst b/docs/plat/index.rst index 5848005..0cef16a 100644 --- a/docs/plat/index.rst +++ b/docs/plat/index.rst
@@ -20,18 +20,19 @@ intel-stratix10 marvell/index mt8183 + mt8186 mt8192 mt8195 nvidia-tegra warp7 imx8 imx8m - ls1043a nxp/index poplar qemu qemu-sbsa qti + qti-msm8916 rpi3 rpi4 rcar-gen3
diff --git a/docs/plat/ls1043a.rst b/docs/plat/ls1043a.rst deleted file mode 100644 index 72a51f3..0000000 --- a/docs/plat/ls1043a.rst +++ /dev/null
@@ -1,91 +0,0 @@ -NXP QorIQ® LS1043A -================== - -The QorIQ® LS1043A processor is NXP's first quad-core, 64-bit Arm®-based -processor for embedded networking. The LS1023A (two core version) and the -LS1043A (four core version) deliver greater than 10 Gbps of performance -in a flexible I/O package supporting fanless designs. This SoC is a -purpose-built solution for small-form-factor networking and industrial -applications with BOM optimizations for economic low layer PCB, lower cost -power supply and single clock design. The new 0.9V versions of the LS1043A -and LS1023A deliver addition power savings for applications such as Wireless -LAN and to Power over Ethernet systems. - -LS1043ARDB Specification: -------------------------- -Memory subsystem: - * 2GByte DDR4 SDRAM (32bit bus) - * 128 Mbyte NOR flash single-chip memory - * 512 Mbyte NAND flash - * 16 Mbyte high-speed SPI flash - * SD connector to interface with the SD memory card - -Ethernet: - * XFI 10G port - * QSGMII with 4x 1G ports - * Two RGMII ports - -PCIe: - * PCIe2 (Lanes C) to mini-PCIe slot - * PCIe3 (Lanes D) to PCIe slot - -USB 3.0: two super speed USB 3.0 type A ports - -UART: supports two UARTs up to 115200 bps for console - -More information are listed in `ls1043`_. - -Boot Sequence -------------- - - -Bootrom --> TF-A BL1 --> TF-A BL2 --> TF-A BL1 --> TF-A BL31 ---> BL32(Tee OS) --> TF-A BL31 --> BL33(u-boot) --> Linux kernel - - -How to build ------------- - -Build Procedure -~~~~~~~~~~~~~~~ - -- Prepare AARCH64 toolchain. - -- Build u-boot and OPTee firstly, and get binary images: u-boot.bin and tee.bin - -- Build TF-A for Nor boot - - Build bl1: - - .. code:: shell - - CROSS_COMPILE=aarch64-linux-gnu- make PLAT=ls1043 bl1 - - Build fip: - - .. code:: shell - - CROSS_COMPILE=aarch64-linux-gnu- make PLAT=ls1043 fip \ - BL33=u-boot.bin NEED_BL32=yes BL32=tee.bin SPD=opteed - -Deploy TF-A Images -~~~~~~~~~~~~~~~~~~ - -- Deploy TF-A images on Nor flash Alt Bank. - - .. code:: shell - - => tftp 82000000 bl1.bin - => pro off all;era 64100000 +$filesize;cp.b 82000000 64100000 $filesize - - => tftp 82000000 fip.bin - => pro off all;era 64120000 +$filesize;cp.b 82000000 64120000 $filesize - - Then change to Alt bank and boot up TF-A: - - .. code:: shell - - => cpld reset altbank - - -.. _ls1043: https://www.nxp.com/products/processors-and-microcontrollers/arm-based-processors-and-mcus/qoriq-layerscape-arm-processors/qoriq-layerscape-1043a-and-1023a-multicore-communications-processors:LS1043A?lang_cd=en
diff --git a/docs/plat/marvell/armada/build.rst b/docs/plat/marvell/armada/build.rst index 6872f56..adb9603 100644 --- a/docs/plat/marvell/armada/build.rst +++ b/docs/plat/marvell/armada/build.rst
@@ -68,8 +68,9 @@ - DEBUG Default is without debug information (=0). in order to enable it use ``DEBUG=1``. - Must be disabled when building UART recovery images due to current console driver - implementation that is not compatible with Xmodem protocol used for boot image download. + Can be enabled also when building UART recovery images, there is no issue with it. + + Production TF-A images should be built without this debug option! - LOG_LEVEL @@ -258,7 +259,7 @@ Image needs to be stored at disk LBA 0 or at disk partition with MBR type 0x4d (ASCII 'M' as in Marvell) or at disk partition with - GPT name ``MARVELL BOOT PARTITION``. + GPT partition type GUID ``6828311A-BA55-42A4-BCDE-A89BB5EDECAE``. - PARTNUM @@ -317,11 +318,19 @@ Use this parameter to point to the directory with compiled Crypto++ library. By default it points to the CRYPTOPP_PATH. + On Debian systems it is possible to install system-wide Crypto++ library + via command ``apt install libcrypto++-dev`` and specify CRYPTOPP_LIBDIR + to ``/usr/lib/``. + - CRYPTOPP_INCDIR Use this parameter to point to the directory with header files of Crypto++ library. By default it points to the CRYPTOPP_PATH. + On Debian systems it is possible to install system-wide Crypto++ library + via command ``apt install libcrypto++-dev`` and specify CRYPTOPP_INCDIR + to ``/usr/include/crypto++/``. + For example, in order to build the image in debug mode with log level up to 'notice' level run
diff --git a/docs/plat/mt8186.rst b/docs/plat/mt8186.rst new file mode 100644 index 0000000..16b833a --- /dev/null +++ b/docs/plat/mt8186.rst
@@ -0,0 +1,21 @@ +MediaTek 8186 +============= + +MediaTek 8186 (MT8186) is a 64-bit ARM SoC introduced by MediaTek in 2021. +The chip incorporates eight cores - six Cortex-A55 little cores and two Cortex-A76. +Cortex-A76 can operate at up to 2.05 GHz. +Cortex-A55 can operate at up to 2.0 GHz. + +Boot Sequence +------------- + +:: + + Boot Rom --> Coreboot --> TF-A BL31 --> Depthcharge --> Linux Kernel + +How to Build +------------ + +.. code:: shell + + make CROSS_COMPILE=aarch64-linux-gnu- PLAT=mt8186 DEBUG=1 COREBOOT=1
diff --git a/docs/plat/nxp/nxp-layerscape.rst b/docs/plat/nxp/nxp-layerscape.rst index 9a470e6..cd5874b 100644 --- a/docs/plat/nxp/nxp-layerscape.rst +++ b/docs/plat/nxp/nxp-layerscape.rst
@@ -40,7 +40,7 @@ Details about LS1028A can be found at `ls1028a`_. -- LS1028ARDB Boards: +- LS1028ARDB Board: The LS1028A reference design board (RDB) is a computing, evaluation, and development platform that supports industrial IoT applications, human @@ -48,6 +48,105 @@ Details about LS1028A RDB board can be found at `ls1028ardb`_. +3. LS1043A + +- SoC Overview: + +The Layerscape LS1043A processor is NXP's first quad-core, 64-bit Arm®-based +processor for embedded networking. The LS1023A (two core version) and the +LS1043A (four core version) deliver greater than 10 Gbps of performance +in a flexible I/O package supporting fanless designs. This SoC is a +purpose-built solution for small-form-factor networking and industrial +applications with BOM optimizations for economic low layer PCB, lower cost +power supply and single clock design. The new 0.9V versions of the LS1043A +and LS1023A deliver addition power savings for applications such as Wireless +LAN and to Power over Ethernet systems. + +Details about LS1043A can be found at `ls1043a`_. + +- LS1043ARDB Board: + +The LS1043A reference design board (RDB) is a computing, evaluation, and +development platform that supports the Layerscape LS1043A architecture +processor. The LS1043A-RDB can help shorten your time to market by providing +the following features: + +Memory subsystem: + * 2GByte DDR4 SDRAM (32bit bus) + * 128 Mbyte NOR flash single-chip memory + * 512 Mbyte NAND flash + * 16 Mbyte high-speed SPI flash + * SD connector to interface with the SD memory card + +Ethernet: + * XFI 10G port + * QSGMII with 4x 1G ports + * Two RGMII ports + +PCIe: + * PCIe2 (Lanes C) to mini-PCIe slot + * PCIe3 (Lanes D) to PCIe slot + +USB 3.0: two super speed USB 3.0 type A ports + +UART: supports two UARTs up to 115200 bps for console + +Details about LS1043A RDB board can be found at `ls1043ardb`_. + +4. LS1046A + +- SoC Overview: + +The LS1046A is a cost-effective, power-efficient, and highly integrated +system-on-chip (SoC) design that extends the reach of the NXP value-performance +line of QorIQ communications processors. Featuring power-efficient 64-bit +Arm Cortex-A72 cores with ECC-protected L1 and L2 cache memories for high +reliability, running up to 1.8 GHz. + +Details about LS1046A can be found at `ls1046a`_. + +- LS1046ARDB Board: + +The LS1046A reference design board (RDB) is a high-performance computing, +evaluation, and development platform that supports the Layerscape LS1046A +architecture processor. The LS1046ARDB board supports the Layerscape LS1046A +processor and is optimized to support the DDR4 memory and a full complement +of high-speed SerDes ports. + +Details about LS1046A RDB board can be found at `ls1046ardb`_. + +- LS1046AFRWY Board: + +The LS1046A Freeway board (FRWY) is a high-performance computing, evaluation, +and development platform that supports the LS1046A architecture processor +capable of support more than 32,000 CoreMark performance. The FRWY-LS1046A +board supports the LS1046A processor, onboard DDR4 memory, multiple Gigabit +Ethernet, USB3.0 and M2_Type_E interfaces for Wi-Fi, FRWY-LS1046A-AC includes +the Wi-Fi card. + +Details about LS1046A FRWY board can be found at `ls1046afrwy`_. + +5. LS1088A + +- SoC Overview: + +The LS1088A family of multicore communications processors combines up to and eight +Arm Cortex-A53 cores with the advanced, high-performance data path and network +peripheral interfaces required for wireless access points, networking infrastructure, +intelligent edge access, including virtual customer premise equipment (vCPE) and +high-performance industrial applications. + +Details about LS1088A can be found at `ls1088a`_. + +- LS1088ARDB Board: + +The LS1088A reference design board provides a comprehensive platform that +enables design and evaluation of the product (LS1088A processor). This RDB +comes pre-loaded with a board support package (BSP) based on a standard +Linux kernel. + +Details about LS1088A RDB board can be found at `ls1088ardb`_. + Table of supported boot-modes by each platform & platform that needs FIP-DDR: ----------------------------------------------------------------------------- @@ -60,6 +159,14 @@ +---------------------+-------+--------+-------+-------+-------+-------------+--------------+-----------------+ | ls1028ardb | yes | | | | yes | yes | | no | +---------------------+-------+--------+-------+-------+-------+-------------+--------------+-----------------+ +| ls1043ardb | yes | | yes | yes | | | | no | ++---------------------+-------+--------+-------+-------+-------+-------------+--------------+-----------------+ +| ls1046ardb | yes | yes | | | yes | | | no | ++---------------------+-------+--------+-------+-------+-------+-------------+--------------+-----------------+ +| ls1046afrwy | yes | yes | | | | | | no | ++---------------------+-------+--------+-------+-------+-------+-------------+--------------+-----------------+ +| ls1088ardb | yes | yes | | | | | | no | ++---------------------+-------+--------+-------+-------+-------+-------------+--------------+-----------------+ Boot Sequence @@ -228,30 +335,42 @@ Note: The size in the standard uboot commands for copy to nor, qspi, nand or sd should be modified based on the binary size of the image to be copied. -- Deploy ATF images on flexspi-Nor flash Alt Bank from U-Boot prompt. - -- Commands to flash images for bl2_xxx.pbl and fip.bin. +- Deploy ATF images on flexspi-Nor or QSPI flash Alt Bank from U-Boot prompt. + + -- Commands to flash images for bl2_xxx.pbl and fip.bin + + Notes: ls1028ardb has no flexspi-Nor Alt Bank, so use "sf probe 0:0" for current bank. .. code:: shell - tftp 82000000 $path/bl2_flexspi_nor.pbl; - i2c mw 66 50 20;sf probe 0:0; sf erase 0 +$filesize; sf write 0x82000000 0x0 $filesize; + tftp 82000000 $path/bl2_xxx.pbl; + + i2c mw 66 50 20;sf probe 0:1; sf erase 0 +$filesize; sf write 0x82000000 0x0 $filesize; tftp 82000000 $path/fip.bin; - i2c mw 66 50 20;sf probe 0:0; sf erase 0x100000 +$filesize; sf write 0x82000000 0x100000 $filesize; + i2c mw 66 50 20;sf probe 0:1; sf erase 0x100000 +$filesize; sf write 0x82000000 0x100000 $filesize; -- Next step is valid for platform where FIP-DDR is needed. .. code:: shell tftp 82000000 $path/ddr_fip.bin; - i2c mw 66 50 20;sf probe 0:0; sf erase 0x800000 +$filesize; sf write 0x82000000 0x800000 $filesize; + i2c mw 66 50 20;sf probe 0:1; sf erase 0x800000 +$filesize; sf write 0x82000000 0x800000 $filesize; -- Then reset to alternate bank to boot up ATF. + Command for lx2160a, ls1088a and ls1028a platforms: + .. code:: shell qixisreset altbank; + Command for ls1046a platforms: + + .. code:: shell + + cpld reset altbank; + - Deploy ATF images on SD/eMMC from U-Boot prompt. -- file_size_in_block_sizeof_512 = (Size_of_bytes_tftp / 512) @@ -274,10 +393,56 @@ -- Then reset to sd/emmc to boot up ATF from sd/emmc as boot-source. + Command for lx2160A, ls1088a and ls1028a platforms: + .. code:: shell qixisreset <sd or emmc>; + Command for ls1043a and ls1046a platform: + + .. code:: shell + + cpld reset <sd or emmc>; + +- Deploy ATF images on IFC nor flash from U-Boot prompt. + + .. code:: shell + + tftp 82000000 $path/bl2_nor.pbl; + protect off 64000000 +$filesize; erase 64000000 +$filesize; cp.b 82000000 64000000 $filesize; + + tftp 82000000 $path/fip.bin; + protect off 64100000 +$filesize; erase 64100000 +$filesize; cp.b 82000000 64100000 $filesize; + + -- Then reset to alternate bank to boot up ATF. + + Command for ls1043a platform: + + .. code:: shell + + cpld reset altbank; + +- Deploy ATF images on IFC nand flash from U-Boot prompt. + + .. code:: shell + + tftp 82000000 $path/bl2_nand.pbl; + nand erase 0x0 $filesize; nand write 82000000 0x0 $filesize; + + tftp 82000000 $path/fip.bin; + nand erase 0x100000 $filesize;nand write 82000000 0x100000 $filesize; + + -- Then reset to nand flash to boot up ATF. + + Command for ls1043a platform: + + .. code:: shell + + cpld reset nand; + + + Trusted Board Boot: =================== @@ -298,4 +463,11 @@ .. _lx2160ardb: https://www.nxp.com/products/processors-and-microcontrollers/arm-processors/layerscape-communication-process/layerscape-lx2160a-multicore-communications-processor:LX2160A .. _ls1028a: https://www.nxp.com/products/processors-and-microcontrollers/arm-processors/layerscape-processors/layerscape-1028a-applications-processor:LS1028A .. _ls1028ardb: https://www.nxp.com/design/qoriq-developer-resources/layerscape-ls1028a-reference-design-board:LS1028ARDB +.. _ls1043a: https://www.nxp.com/products/processors-and-microcontrollers/arm-processors/layerscape-processors/layerscape-1043a-and-1023a-processors:LS1043A +.. _ls1043ardb: https://www.nxp.com/design/qoriq-developer-resources/layerscape-ls1043a-reference-design-board:LS1043A-RDB +.. _ls1046a: https://www.nxp.com/products/processors-and-microcontrollers/arm-processors/layerscape-processors/layerscape-1046a-and-1026a-processors:LS1046A +.. _ls1046ardb: https://www.nxp.com/design/qoriq-developer-resources/layerscape-ls1046a-reference-design-board:LS1046A-RDB +.. _ls1046afrwy: https://www.nxp.com/design/qoriq-developer-resources/ls1046a-freeway-board:FRWY-LS1046A +.. _ls1088a: https://www.nxp.com/products/processors-and-microcontrollers/arm-processors/layerscape-processors/layerscape-1088a-and-1048a-processor:LS1088A +.. _ls1088ardb: https://www.nxp.com/design/qoriq-developer-resources/layerscape-ls1088a-reference-design-board:LS1088A-RDB .. _nxp-ls-tbbr.rst: ./nxp-ls-tbbr.rst
diff --git a/docs/plat/qti-msm8916.rst b/docs/plat/qti-msm8916.rst new file mode 100644 index 0000000..09a79b7 --- /dev/null +++ b/docs/plat/qti-msm8916.rst
@@ -0,0 +1,116 @@ +Qualcomm Snapdragon 410 (MSM8916/APQ8016) +========================================= + +The `Qualcomm Snapdragon 410`_ is Qualcomm's first 64-bit SoC, released in 2014 +with four ARM Cortex-A53 cores. There are differents variants (MSM8916, +APQ8016(E), ...) that are all very similar. A popular device based on APQ8016E +is the `DragonBoard 410c`_ single-board computer, but the SoC is also used in +various mid-range smartphones/tablets. + +The TF-A/BL31 port for MSM8916 provides a minimal, community-maintained +EL3 firmware. It is primarily based on information from the public +`Snapdragon 410E Technical Reference Manual`_ combined with a lot of +trial and error to actually make it work. + +.. note:: + Unlike the :doc:`QTI SC7180/SC7280 <qti>` ports, this port does **not** + make use of a proprietary binary components (QTISECLIB). It is fully + open-source but therefore limited to publicly documented hardware + components. + +Functionality +------------- + +The BL31 port is much more minimal compared to the original firmware and +therefore expects the non-secure world (e.g. Linux) to manage more hardware, +such as the SMMUs and all remote processors (RPM, WCNSS, Venus, Modem). +Everything except modem is currently functional with a slightly modified version +of mainline Linux. + +.. warning:: + This port is **not secure**. There is no special secure memory and the + used DRAM is available from both the non-secure and secure worlds. + Unfortunately, the hardware used for memory protection is not described + in the APQ8016E documentation. + +The port is primarily intended as a minimal PSCI implementation (without a +separate secure world) where this limitation is not a big problem. Booting +secondary CPU cores (PSCI ``CPU_ON``) is supported. Basic CPU core power +management (``CPU_SUSPEND``) is functional but still work-in-progress and +will be added later once ready. + +Boot Flow +--------- +BL31 replaces the original ``tz`` firmware in the boot flow:: + + Boot ROM (PBL) -> SBL -> BL31 (EL3) -> U-Boot (EL2) -> Linux (EL2) + +By default, BL31 enters the non-secure world in EL2 AArch64 state at address +``0x8f600000``. The original hypervisor firmware (``hyp``) is not used, you can +use KVM or another hypervisor. The entry address is fixed in the BL31 binary +but can be changed using the ``PRELOADED_BL33_BASE`` make file parameter. + +Using an AArch64 bootloader (such as `U-Boot for DragonBoard 410c`_) is +recommended. AArch32 bootloaders (such as the original Little Kernel bootloader +from Qualcomm) are not directly supported, although it is possible to use an EL2 +shim loader to temporarily switch to AArch32 state. + +Installation +------------ +First, setup the cross compiler for AArch64 and build TF-A for ``msm8916``:: + + $ make CROSS_COMPILE=aarch64-linux-gnu- PLAT=msm8916 + +The BL31 ELF image is generated in ``build/msm8916/release/bl31/bl31.elf``. +This image must be "signed" before flashing it, even if the board has secure +boot disabled. In this case the signature does not provide any security, +but it provides the firmware with required metadata. + +The `DragonBoard 410c`_ does not have secure boot enabled by default. In this +case you can simply sign the ELF image using a randomly generated key. You can +use e.g. `qtestsign`_:: + + $ ./qtestsign.py tz build/msm8916/release/bl31/bl31.elf + +Then install the resulting ``build/msm8916/release/bl31/bl31-test-signed.mbn`` +to the ``tz`` partition on the device. BL31 should be running after a reboot. + +.. warning:: + Do not flash incorrectly signed firmware on devices that have secure + boot enabled! Make sure that you have a way to recover the board in case + of problems (e.g. using EDL). + +Boot Trace +---------- +BL31 prints some lines on the debug console UART2, which will usually look like +this (with ``DEBUG=1``, otherwise only the ``NOTICE`` lines are shown):: + + ... + S - DDR Frequency, 400 MHz + NOTICE: BL31: v2.6(debug):v2.6 + NOTICE: BL31: Built : 20:00:00, Dec 01 2021 + INFO: BL31: Platform setup start + INFO: ARM GICv2 driver initialized + INFO: BL31: Platform setup done + INFO: BL31: Initializing runtime services + INFO: BL31: cortex_a53: CPU workaround for 819472 was applied + INFO: BL31: cortex_a53: CPU workaround for 824069 was applied + INFO: BL31: cortex_a53: CPU workaround for 826319 was applied + INFO: BL31: cortex_a53: CPU workaround for 827319 was applied + INFO: BL31: cortex_a53: CPU workaround for 835769 was applied + INFO: BL31: cortex_a53: CPU workaround for disable_non_temporal_hint was applied + INFO: BL31: cortex_a53: CPU workaround for 843419 was applied + INFO: BL31: cortex_a53: CPU workaround for 1530924 was applied + INFO: BL31: Preparing for EL3 exit to normal world + INFO: Entry point address = 0x8f600000 + INFO: SPSR = 0x3c9 + + U-Boot 2021.10 (Dec 01 2021 - 20:00:00 +0000) + Qualcomm-DragonBoard 410C + ... + +.. _Qualcomm Snapdragon 410: https://www.qualcomm.com/products/snapdragon-processors-410 +.. _DragonBoard 410c: https://www.96boards.org/product/dragonboard410c/ +.. _Snapdragon 410E Technical Reference Manual: https://developer.qualcomm.com/download/sd410/snapdragon-410e-technical-reference-manual.pdf +.. _U-Boot for DragonBoard 410c: https://u-boot.readthedocs.io/en/latest/board/qualcomm/dragonboard410c.html +.. _qtestsign: https://github.com/msm8916-mainline/qtestsign
diff --git a/docs/plat/stm32mp1.rst b/docs/plat/stm32mp1.rst index af302c6..7ae98b1 100644 --- a/docs/plat/stm32mp1.rst +++ b/docs/plat/stm32mp1.rst
@@ -2,15 +2,34 @@ =========================== STM32MP1 is a microprocessor designed by STMicroelectronics -based on a dual Arm Cortex-A7. +based on Arm Cortex-A7. It is an Armv7-A platform, using dedicated code from TF-A. -The STM32MP1 chip also embeds a Cortex-M4. More information can be found on `STM32MP1 Series`_ page. STM32MP1 Versions ----------------- -The STM32MP1 series is available in 3 different lines which are pin-to-pin compatible: + +There are 2 variants for STM32MP1: STM32MP13 and STM32MP15 + +STM32MP13 Versions +~~~~~~~~~~~~~~~~~~ +The STM32MP13 series is available in 3 different lines which are pin-to-pin compatible: + +- STM32MP131: Single Cortex-A7 core +- STM32MP133: STM32MP131 + 2*CAN, ETH2(GMAC), ADC1 +- STM32MP135: STM32MP133 + DCMIPP, LTDC + +Each line comes with a security option (cryptography & secure boot) and a Cortex-A frequency option: + +- A Cortex-A7 @ 650 MHz +- C Secure Boot + HW Crypto + Cortex-A7 @ 650 MHz +- D Cortex-A7 @ 900 MHz +- F Secure Boot + HW Crypto + Cortex-A7 @ 900 MHz + +STM32MP15 Versions +~~~~~~~~~~~~~~~~~~ +The STM32MP15 series is available in 3 different lines which are pin-to-pin compatible: - STM32MP157: Dual Cortex-A7 cores, Cortex-M4 core @ 209 MHz, 3D GPU, DSI display interface and CAN FD - STM32MP153: Dual Cortex-A7 cores, Cortex-M4 core @ 209 MHz and CAN FD @@ -115,6 +134,28 @@ - ``STM32MP_SPI_NAND`` - ``STM32MP_SPI_NOR`` +Serial boot devices: + +- ``STM32MP_UART_PROGRAMMER`` +- ``STM32MP_USB_PROGRAMMER`` + + +Other configuration flags: + +- | ``DTB_FILE_NAME``: to precise board device-tree blob to be used. + | Default: stm32mp157c-ev1.dtb +- | ``STM32MP_EARLY_CONSOLE``: to enable early traces before clock driver is setup. + | Default: 0 (disabled) +- | ``STM32MP_UART_BAUDRATE``: to select UART baud rate. + | Default: 115200 +- | ``STM32_TF_VERSION``: to manage BL2 monotonic counter. + | Default: 0 +- | ``STM32MP13``: to select STM32MP13 variant configuration. + | Default: 0 +- | ``STM32MP15``: to select STM32MP15 variant configuration. + | Default: 1 + + Boot with FIP ~~~~~~~~~~~~~ You need to build BL2, BL32 (SP_min or OP-TEE) and BL33 (U-Boot) before building FIP binary.
diff --git a/docs/plat/xilinx-versal.rst b/docs/plat/xilinx-versal.rst index d65b048..09a6ee2 100644 --- a/docs/plat/xilinx-versal.rst +++ b/docs/plat/xilinx-versal.rst
@@ -43,6 +43,8 @@ * `VERSAL_PLATFORM`: Select the platform. Options: - `versal_virt` : Versal Virtual platform + - `spp_itr6` : SPP ITR6 + - `emu_itr6` : EMU ITR6 # PLM->TF-A Parameter Passing ------------------------------
diff --git a/docs/plat/xilinx-zynqmp.rst b/docs/plat/xilinx-zynqmp.rst index 79c2535..af1cb22 100644 --- a/docs/plat/xilinx-zynqmp.rst +++ b/docs/plat/xilinx-zynqmp.rst
@@ -14,13 +14,13 @@ .. code:: bash - make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp bl31 + make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp RESET_TO_BL31=1 bl31 To build bl32 TSP you have to rebuild bl31 too: .. code:: bash - make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp SPD=tspd bl31 bl32 + make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp SPD=tspd RESET_TO_BL31=1 bl31 bl32 To build TF-A for JTAG DCC console:
diff --git a/docs/process/commit-style.rst b/docs/process/commit-style.rst index e9df5ce..de899ab 100644 --- a/docs/process/commit-style.rst +++ b/docs/process/commit-style.rst
@@ -79,11 +79,10 @@ +--------------+---------------------------------------------------------------+ The permissible `scopes` are more flexible, and we maintain a list of them in -our :download:`Commitizen configuration file <../../.cz.json>`. Scopes in this -file are organized by their changelog section, each of which may have one or -more accepted scopes, but only the first of which is considered to be "blessed". -Scopes that are not blessed exist for changes submitted before scope enforcement -came into effect, and are considered deprecated. +our :download:`changelog configuration file <../../changelog.yaml>`. Scopes in +this file are organized by their changelog section, where each changelog section +has a single scope that is considered to be blessed, and possibly several +deprecated scopes. Please avoid using deprecated scopes. While we don't enforce scopes strictly, we do ask that commits use these if they can, or add their own if no appropriate one exists (see :ref:`Adding Scopes`).
diff --git a/docs/process/contributing.rst b/docs/process/contributing.rst index d6f61d6..ef9ebd3 100644 --- a/docs/process/contributing.rst +++ b/docs/process/contributing.rst
@@ -1,8 +1,8 @@ Contributor's Guide -=================== +******************* Getting Started ---------------- +=============== - Make sure you have a Github account and you are logged on both `developer.trustedfirmware.org`_ and `review.trustedfirmware.org`_. @@ -24,7 +24,7 @@ branch. Making Changes --------------- +============== - Ensure commits adhere to the the project's :ref:`Commit Style`. @@ -91,7 +91,7 @@ block a patch, depending on how critical they are. Submitting Changes ------------------- +================== - Submit your changes for review at https://review.trustedfirmware.org targeting the ``integration`` branch. @@ -164,13 +164,17 @@ revert your patches and ask you to resubmit a reworked version of them or they may ask you to provide a fix-up patch. -Add Build Configurations ------------------------- +Add CI Configurations +===================== - TF-A uses Jenkins tool for Continuous Integration and testing activities. Various CI Jobs are deployed which run tests on every patch before being merged. So each of your patches go through a series of checks before they - get merged on to the master branch. + get merged on to the master branch. Kindly ensure, that everytime you add + new files under your platform, they are covered under the following two sections: + +Coverity Scan +------------- - ``Coverity Scan analysis`` is one of the tests we perform on our source code at regular intervals. We maintain a build script ``tf-cov-make`` which contains the @@ -182,7 +186,7 @@ respective build configurations in the ``tf-cov-make`` build script. - In this section you find the details on how to append your new build - configurations for Coverity Scan analysis: + configurations for Coverity scan analysis illustrated with examples: #. We maintain a separate repository named `tf-a-ci-scripts repository`_ for placing all the test scripts which will be executed by the CI Jobs. @@ -223,8 +227,51 @@ of various other platforms listed in the ``tf-cov-make`` script. Kindly refer them and append your build configurations respectively. +Test Build Configuration (``tf-l1-build-plat``) +----------------------------------------------- + +- Coverity Scan analysis, runs on a daily basis and will not be triggered for + every individual trusted-firmware patch. + +- Considering this, we have other distinguished CI jobs which run a set of test + configurations on every patch, before they are being passed to ``Coverity scan analysis``. + +- ``tf-l1-build-plat`` is the test group, which holds the test configurations + to build all the platforms. So be kind enough to verify that your newly added + files are built as part of one of the existing platform configurations present + in ``tf-l1-build-plat`` test group. + +- In this section you find the details on how to add the appropriate files, + needed to build your newly introduced platform as part of ``tf-l1-build-plat`` + test group, illustrated with an example: + +- Lets consider ``Hikey`` platform: + In the `tf-a-ci-scripts repository`_ we need to add a build configuration file ``hikey-default`` + under tf_config folder, ``tf_config/hikey-default`` listing all the build parameters + relevant to it. + +.. code:: shell + + #Hikey Build Parameters + CROSS_COMPILE=aarch64-none-elf- + PLAT=hikey + +- Further a test-configuration file ``hikey-default:nil`` need to be added under the + test group, ``tf-l1-build-plat`` located at ``tf-a-ci-scripts/group/tf-l1-build-plat``, + to allow the platform to be built as part of this group. + +.. code:: shell + + # + # Copyright (c) 2019-2022 Arm Limited. All rights reserved. + # + # SPDX-License-Identifier: BSD-3-Clause + # + +- As illustrated above, you need to add the similar files supporting your platform. + Binary Components ------------------ +================= - Platforms may depend on binary components submitted to the `Trusted Firmware binary repository`_ if they require code that the contributor is unable or @@ -242,7 +289,7 @@ -------------- -*Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.* .. _developer.trustedfirmware.org: https://developer.trustedfirmware.org .. _review.trustedfirmware.org: https://review.trustedfirmware.org @@ -252,6 +299,6 @@ .. _TF-A Tests: https://trustedfirmware-a-tests.readthedocs.io .. _Trusted Firmware binary repository: https://review.trustedfirmware.org/admin/repos/tf-binaries .. _tf-binaries-readme: https://git.trustedfirmware.org/tf-binaries.git/tree/readme.rst -.. _TF-A mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-a +.. _TF-A mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/ .. _tf-a-ci-scripts repository: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/ .. _tf-cov-make: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/tree/script/tf-coverity/tf-cov-make
diff --git a/docs/process/platform-compatibility-policy.rst b/docs/process/platform-compatibility-policy.rst index be1f9ba..a10236c 100644 --- a/docs/process/platform-compatibility-policy.rst +++ b/docs/process/platform-compatibility-policy.rst
@@ -31,6 +31,6 @@ -------------- -*Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.* -.. _TF-A public mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-a +.. _TF-A public mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
diff --git a/docs/process/security.rst b/docs/process/security.rst index a3b9971..e15783b 100644 --- a/docs/process/security.rst +++ b/docs/process/security.rst
@@ -71,7 +71,7 @@ +-----------+------------------------------------------------------------------+ .. _issue tracker: https://developer.trustedfirmware.org/project/board/1/ -.. _mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-a +.. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/ .. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)` .. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)` @@ -86,4 +86,4 @@ -------------- -*Copyright (c) 2019-2020, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2022, Arm Limited. All rights reserved.*
diff --git a/docs/resources/diagrams/context_management_abs.png b/docs/resources/diagrams/context_management_abs.png new file mode 100644 index 0000000..717ecec7 --- /dev/null +++ b/docs/resources/diagrams/context_management_abs.png Binary files differ
diff --git a/docs/resources/diagrams/context_mgmt_existing.png b/docs/resources/diagrams/context_mgmt_existing.png new file mode 100644 index 0000000..5170960 --- /dev/null +++ b/docs/resources/diagrams/context_mgmt_existing.png Binary files differ
diff --git a/docs/resources/diagrams/context_mgmt_proposed.png b/docs/resources/diagrams/context_mgmt_proposed.png new file mode 100644 index 0000000..41ae92f --- /dev/null +++ b/docs/resources/diagrams/context_mgmt_proposed.png Binary files differ
diff --git a/docs/resources/diagrams/partition-package.png b/docs/resources/diagrams/partition-package.png new file mode 100644 index 0000000..3367422 --- /dev/null +++ b/docs/resources/diagrams/partition-package.png Binary files differ
diff --git a/docs/security_advisories/index.rst b/docs/security_advisories/index.rst index ce2c843..887b06a 100644 --- a/docs/security_advisories/index.rst +++ b/docs/security_advisories/index.rst
@@ -14,3 +14,4 @@ security-advisory-tfv-6.rst security-advisory-tfv-7.rst security-advisory-tfv-8.rst + security-advisory-tfv-9.rst
diff --git a/docs/security_advisories/security-advisory-tfv-9.rst b/docs/security_advisories/security-advisory-tfv-9.rst new file mode 100644 index 0000000..74b85dc --- /dev/null +++ b/docs/security_advisories/security-advisory-tfv-9.rst
@@ -0,0 +1,104 @@ +Advisory TFV-9 (CVE-2022-23960) +============================================================ + ++----------------+-------------------------------------------------------------+ +| Title | Trusted Firmware-A exposure to speculative processor | +| | vulnerabilities with branch prediction target reuse | ++================+=============================================================+ +| CVE ID | `CVE-2022-23960`_ | ++----------------+-------------------------------------------------------------+ +| Date | 08 Mar 2022 | ++----------------+-------------------------------------------------------------+ +| Versions | All, up to and including v2.6 | +| Affected | | ++----------------+-------------------------------------------------------------+ +| Configurations | All | +| Affected | | ++----------------+-------------------------------------------------------------+ +| Impact | Potential leakage of secure world data to normal world | +| | if an attacker is able to find a TF-A exfiltration primitive| +| | that can be predicted as a valid branch target, and somehow | +| | induce misprediction onto that primitive. There are | +| | currently no known exploits. | ++----------------+-------------------------------------------------------------+ +| Fix Version | `Gerrit topic #spectre_bhb`_ | ++----------------+-------------------------------------------------------------+ +| Credit | Systems and Network Security Group at Vrije Universiteit | +| | Amsterdam for CVE-2022-23960, Arm for patches | ++----------------+-------------------------------------------------------------+ + +This security advisory describes the current understanding of the Trusted +Firmware-A exposure to the new speculative processor vulnerability. +To understand the background and wider impact of these vulnerabilities on Arm +systems, please refer to the `Arm Processor Security Update`_. The whitepaper +referred to below describes the Spectre attack and mitigation in more detail +including implementation specific mitigation details for all impacted Arm CPUs. + + +`CVE-2022-23960`_ +----------------- + +Where possible on vulnerable CPUs that implement FEAT_CSV2, Arm recommends +inserting a loop workaround with implementation specific number of iterations +that will discard the branch history on exception entry to a higher exception +level for the given CPU. This is done as early as possible on entry into EL3, +before any branch instruction is executed. This is sufficient to mitigate +Spectre-BHB on behalf of all secure world code, assuming that no secure world +code is under attacker control. + +The below table lists the CPUs that mitigate against this vulnerability in +TF-A using the loop workaround(all cores that implement FEAT_CSV2 except the +revisions of Cortex-A73 and Cortex-A75 that implements FEAT_CSV2). + ++----------------------+ +| Core | ++----------------------+ +| Cortex-A72(from r1p0)| ++----------------------+ +| Cortex-A76 | ++----------------------+ +| Cortex-A77 | ++----------------------+ +| Cortex-A78 | ++----------------------+ +| Cortex-X2 | ++----------------------+ +| Cortex-A710 | ++----------------------+ +| Neoverse-N1 | ++----------------------+ +| Neoverse-N2 | ++----------------------+ +| Neoverse-V1 | ++----------------------+ + +For all other cores impacted by Spectre-BHB, some of which that do not implement +FEAT_CSV2 and some that do e.g. Cortex-A73, the recommended mitigation is to +flush all branch predictions via an implementation specific route. + +In case local workaround is not feasible, the Rich OS can invoke the SMC +(``SMCCC_ARCH_WORKAROUND_3``) to apply the workaround. Refer to `SMCCC Calling +Convention specification`_ for more details. + +`Gerrit topic #spectre_bhb`_ This patchset implements the Spectre-BHB loop +workaround for CPUs mentioned in the above table. It also mitigates against +this vulnerability for Cortex-A72 CPU versions that support the CSV2 feature +(from r1p0). The patch stack also includes an implementation for a specified +`CVE-2022-23960`_ workaround SMC(``SMCCC_ARCH_WORKAROUND_3``) for use by normal +world privileged software. Details of ``SMCCC_ARCH_WORKAROUND_3`` can be found +in the `SMCCC Calling Convention specification`_. The specification and +implementation also enables the normal world to discover the presence of this +firmware service. This patch also implements ``SMCCC_ARCH_WORKAROUND_3`` for +Cortex-A57, Coxtex-A72, Cortex-A73 and Cortex-A75 using the existing workaround. +for CVE-2017-5715. + +The above workaround is enabled by default (on vulnerable CPUs only). Platforms +can choose to disable them at compile time if they do not require them. + +For more information about non-Arm CPUs, please contact the CPU vendor. + +.. _Arm Processor Security Update: http://www.arm.com/security-update +.. _CVE-2022-23960: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960 +.. _Gerrit topic #spectre_bhb: https://review.trustedfirmware.org/q/topic:"spectre_bhb"+(status:open%20OR%20status:merged) +.. _CVE-2022-23960 mitigation specification: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability +.. _SMCCC Calling Convention specification: https://developer.arm.com/documentation/den0028/latest
diff --git a/docs/threat_model/index.rst b/docs/threat_model/index.rst index b5ede69..335937e 100644 --- a/docs/threat_model/index.rst +++ b/docs/threat_model/index.rst
@@ -15,6 +15,7 @@ threat_model threat_model_spm + threat_model_fvp_r --------------
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst index 4a31e79..38e5c87 100644 --- a/docs/threat_model/threat_model.rst +++ b/docs/threat_model/threat_model.rst
@@ -1,9 +1,10 @@ -Generic threat model +Generic Threat Model ******************** -************************ +************ Introduction -************************ +************ + This document provides a generic threat model for TF-A firmware. .. note:: @@ -11,9 +12,10 @@ This threat model doesn't consider Root and Realm worlds introduced by :ref:`Realm Management Extension (RME)`. -************************ +******************** Target of Evaluation -************************ +******************** + In this threat model, the target of evaluation is the Trusted Firmware for A-class Processors (TF-A). This includes the boot ROM (BL1), the trusted boot firmware (BL2) and the runtime EL3 firmware (BL31) as @@ -34,8 +36,15 @@ - There is no Secure-EL2. We don't consider threats that may come with Secure-EL2 software. +- Measured boot is disabled. We do not consider the threats nor the mitigations + that may come with it. + +- No experimental features are enabled. We do not consider threats that may come + from them. + Data Flow Diagram -====================== +================= + Figure 1 shows a high-level data flow diagram for TF-A. The diagram shows a model of the different components of a TF-A-based system and their interactions with TF-A. A description of each diagram element @@ -51,26 +60,26 @@ +-----------------+--------------------------------------------------------+ | Diagram Element | Description | +=================+========================================================+ - | ``DF1`` | | At boot time, images are loaded from non-volatile | + | DF1 | | At boot time, images are loaded from non-volatile | | | memory and verified by TF-A boot firmware. These | | | images include TF-A BL2 and BL31 images, as well as | | | other secure and non-secure images. | +-----------------+--------------------------------------------------------+ - | ``DF2`` | | TF-A log system framework outputs debug messages | + | DF2 | | TF-A log system framework outputs debug messages | | | over a UART interface. | +-----------------+--------------------------------------------------------+ - | ``DF3`` | | Debug and trace IP on a platform can allow access | + | DF3 | | Debug and trace IP on a platform can allow access | | | to registers and memory of TF-A. | +-----------------+--------------------------------------------------------+ - | ``DF4`` | | Secure world software (e.g. trusted OS) interact | + | DF4 | | Secure world software (e.g. trusted OS) interact | | | with TF-A through SMC call interface and/or shared | | | memory. | +-----------------+--------------------------------------------------------+ - | ``DF5`` | | Non-secure world software (e.g. rich OS) interact | + | DF5 | | Non-secure world software (e.g. rich OS) interact | | | with TF-A through SMC call interface and/or shared | | | memory. | +-----------------+--------------------------------------------------------+ - | ``DF6`` | | This path represents the interaction between TF-A and| + | DF6 | | This path represents the interaction between TF-A and| | | various hardware IPs such as TrustZone controller | | | and GIC. At boot time TF-A configures/initializes the| | | IPs and interacts with them at runtime through | @@ -78,9 +87,10 @@ +-----------------+--------------------------------------------------------+ -********************* +*************** Threat Analysis -********************* +*************** + In this section we identify and provide assessment of potential threats to TF-A firmware. The threats are identified for each diagram element on the data flow diagram above. @@ -91,7 +101,8 @@ potential mitigations. Assets -================== +====== + We have identified the following assets for TF-A: .. table:: Table 2: TF-A Assets @@ -99,21 +110,22 @@ +--------------------+---------------------------------------------------+ | Asset | Description | +====================+===================================================+ - | ``Sensitive Data`` | | These include sensitive data that an attacker | + | Sensitive Data | | These include sensitive data that an attacker | | | must not be able to tamper with (e.g. the Root | | | of Trust Public Key) or see (e.g. secure logs, | | | debugging information such as crash reports). | +--------------------+---------------------------------------------------+ - | ``Code Execution`` | | This represents the requirement that the | + | Code Execution | | This represents the requirement that the | | | platform should run only TF-A code approved by | | | the platform provider. | +--------------------+---------------------------------------------------+ - | ``Availability`` | | This represents the requirement that TF-A | + | Availability | | This represents the requirement that TF-A | | | services should always be available for use. | +--------------------+---------------------------------------------------+ Threat Agents -===================== +============= + To understand the attack surface, it is important to identify potential attackers, i.e. attack entry points. The following threat agents are in scope of this threat model. @@ -123,16 +135,16 @@ +-------------------+-------------------------------------------------------+ | Threat Agent | Description | +===================+=======================================================+ - | ``NSCode`` | | Malicious or faulty code running in the Non-secure | + | NSCode | | Malicious or faulty code running in the Non-secure | | | world, including NS-EL0 NS-EL1 and NS-EL2 levels | +-------------------+-------------------------------------------------------+ - | ``SecCode`` | | Malicious or faulty code running in the secure | + | SecCode | | Malicious or faulty code running in the secure | | | world, including S-EL0 and S-EL1 levels | +-------------------+-------------------------------------------------------+ - | ``AppDebug`` | | Physical attacker using debug signals to access | + | AppDebug | | Physical attacker using debug signals to access | | | TF-A resources | +-------------------+-------------------------------------------------------+ - | ``PhysicalAccess``| | Physical attacker having access to external device | + | PhysicalAccess | | Physical attacker having access to external device | | | communication bus and to external flash | | | communication bus using common hardware | +-------------------+-------------------------------------------------------+ @@ -145,7 +157,8 @@ considered out-of-scope. Threat Types -======================== +============ + In this threat model we categorize threats using the `STRIDE threat analysis technique`_. In this technique a threat is categorized as one or more of these types: ``Spoofing``, ``Tampering``, ``Repudiation``, @@ -153,7 +166,8 @@ ``Elevation of privilege``. Threat Risk Ratings -======================== +=================== + For each threat identified, a risk rating that ranges from *informational* to *critical* is given based on the likelihood of the threat occuring if a mitigation is not in place, and the impact of the @@ -165,7 +179,7 @@ +-----------------------+-------------------------+---------------------------+ | **Rating (Score)** | **Impact** | **Likelihood** | +=======================+=========================+===========================+ - | ``Critical (5)`` | | Extreme impact to | | Threat is almost | + | Critical (5) | | Extreme impact to | | Threat is almost | | | entire organization | certain to be exploited.| | | if exploited. | | | | | | Knowledge of the threat | @@ -173,17 +187,17 @@ | | | are in the public | | | | domain. | +-----------------------+-------------------------+---------------------------+ - | ``High (4)`` | | Major impact to entire| | Threat is relatively | + | High (4) | | Major impact to entire| | Threat is relatively | | | organization or single| easy to detect and | | | line of business if | exploit by an attacker | | | exploited | with little skill. | +-----------------------+-------------------------+---------------------------+ - | ``Medium (3)`` | | Noticeable impact to | | A knowledgeable insider | + | Medium (3) | | Noticeable impact to | | A knowledgeable insider | | | line of business if | or expert attacker could| | | exploited. | exploit the threat | | | | without much difficulty.| +-----------------------+-------------------------+---------------------------+ - | ``Low (2)`` | | Minor damage if | | Exploiting the threat | + | Low (2) | | Minor damage if | | Exploiting the threat | | | exploited or could | would require | | | be used in conjunction| considerable expertise | | | with other | and resources | @@ -191,7 +205,7 @@ | | perform a more serious| | | | attack | | +-----------------------+-------------------------+---------------------------+ - | ``Informational (1)`` | | Poor programming | | Threat is not likely | + | Informational (1) | | Poor programming | | Threat is not likely | | | practice or poor | to be exploited on its | | | design decision that | own, but may be used to | | | may not represent an | gain information for | @@ -235,14 +249,27 @@ ``Internet of Things(IoT)``, ``Mobile`` and ``Server``. Threat Assessment -============================ +================= + The following threats were identified by applying STRIDE analysis on each diagram element of the data flow diagram. +For each threat, we strive to indicate whether the mitigations are currently +implemented or not. However, the answer to this question is not always straight +forward. Some mitigations are partially implemented in the generic code but also +rely on the platform code to implement some bits of it. This threat model aims +to be platform-independent and it is important to keep in mind that such threats +only get mitigated if the platform code properly fulfills its responsibilities. + +Also, some mitigations require enabling specific features, which must be +explicitly turned on via a build flag. + +These are highlighted in the ``Mitigations implemented?`` box. + +------------------------+----------------------------------------------------+ | ID | 01 | +========================+====================================================+ -| ``Threat`` | | **An attacker can mangle firmware images to | +| Threat | | **An attacker can mangle firmware images to | | | execute arbitrary code** | | | | | | | Some TF-A images are loaded from external | @@ -252,79 +279,89 @@ | | updating mechanism to modify the non-volatile | | | images to execute arbitrary code. | +------------------------+----------------------------------------------------+ -| ``Diagram Elements`` | DF1, DF4, DF5 | +| Diagram Elements | DF1, DF4, DF5 | +------------------------+----------------------------------------------------+ -| ``Affected TF-A | BL2, BL31 | -| Components`` | | +| Affected TF-A | BL2, BL31 | +| Components | | +------------------------+----------------------------------------------------+ -| ``Assets`` | Code Execution | +| Assets | Code Execution | +------------------------+----------------------------------------------------+ -| ``Threat Agent`` | PhysicalAccess, NSCode, SecCode | +| Threat Agent | PhysicalAccess, NSCode, SecCode | +------------------------+----------------------------------------------------+ -| ``Threat Type`` | Tampering, Elevation of Privilege | +| Threat Type | Tampering, Elevation of Privilege | +------------------------+------------------+-----------------+---------------+ -| ``Application`` | ``Server`` | ``IoT`` | ``Mobile`` | +| Application | Server | IoT | Mobile | +------------------------+------------------+-----------------+---------------+ -| ``Impact`` | Critical (5) | Critical (5) | Critical (5) | +| Impact | Critical (5) | Critical (5) | Critical (5) | +------------------------+------------------+-----------------+---------------+ -| ``Likelihood`` | Critical (5) | Critical (5) | Critical (5) | +| Likelihood | Critical (5) | Critical (5) | Critical (5) | +------------------------+------------------+-----------------+---------------+ -| ``Total Risk Rating`` | Critical (25) | Critical (25) | Critical (25) | +| Total Risk Rating | Critical (25) | Critical (25) | Critical (25) | +------------------------+------------------+-----------------+---------------+ -| ``Mitigations`` | | TF-A implements the `Trusted Board Boot (TBB)`_ | +| Mitigations | | 1) Implement the `Trusted Board Boot (TBB)`_ | | | feature which prevents malicious firmware from | | | running on the platform by authenticating all | -| | firmware images. In addition to this, the TF-A | -| | boot firmware performs extra checks on | -| | unauthenticated data, such as FIP metadata, prior| -| | to use. | +| | firmware images. | +| | | +| | | 2) Perform extra checks on unauthenticated data, | +| | such as FIP metadata, prior to use. | ++------------------------+----------------------------------------------------+ +| Mitigations | | 1) Yes, provided that the ``TRUSTED_BOARD_BOOT`` | +| implemented? | build option is set to 1. | +| | | +| | | 2) Yes. | +------------------------+----------------------------------------------------+ +------------------------+----------------------------------------------------+ | ID | 02 | +========================+====================================================+ -| ``Threat`` | | **An attacker may attempt to boot outdated, | +| Threat | | **An attacker may attempt to boot outdated, | | | potentially vulnerable firmware image** | | | | | | | When updating firmware, an attacker may attempt | | | to rollback to an older version that has unfixed | | | vulnerabilities. | +------------------------+----------------------------------------------------+ -| ``Diagram Elements`` | DF1, DF4, DF5 | +| Diagram Elements | DF1, DF4, DF5 | +------------------------+----------------------------------------------------+ -| ``Affected TF-A | BL2, BL31 | -| Components`` | | +| Affected TF-A | BL2, BL31 | +| Components | | +------------------------+----------------------------------------------------+ -| ``Assets`` | Code Execution | +| Assets | Code Execution | +------------------------+----------------------------------------------------+ -| ``Threat Agent`` | PhysicalAccess, NSCode, SecCode | +| Threat Agent | PhysicalAccess, NSCode, SecCode | +------------------------+----------------------------------------------------+ -| ``Threat Type`` | Tampering | +| Threat Type | Tampering | +------------------------+------------------+-----------------+---------------+ -| ``Application`` | ``Server`` | ``IoT`` | ``Mobile`` | +| Application | Server | IoT | Mobile | +------------------------+------------------+-----------------+---------------+ -| ``Impact`` | Critical (5) | Critical (5) | Critical (5) | +| Impact | Critical (5) | Critical (5) | Critical (5) | +------------------------+------------------+-----------------+---------------+ -| ``Likelihood`` | Critical (5) | Critical (5) | Critical (5) | +| Likelihood | Critical (5) | Critical (5) | Critical (5) | +------------------------+------------------+-----------------+---------------+ -| ``Total Risk Rating`` | Critical (25) | Critical (25) | Critical (25) | +| Total Risk Rating | Critical (25) | Critical (25) | Critical (25) | +------------------------+------------------+-----------------+---------------+ -| ``Mitigations`` | | TF-A supports anti-rollback protection using | -| | non-volatile counters (NV counters) as required | -| | by `TBBR-Client specification`_. After a firmware| -| | image is validated, the image revision number | -| | taken from a certificate extension field is | -| | compared with the corresponding NV counter stored| -| | in hardware to make sure the new counter value is| -| | larger or equal to the current counter value. | -| | Platforms must implement this protection using | -| | platform specific hardware NV counters. | +| Mitigations | Implement anti-rollback protection using | +| | non-volatile counters (NV counters) as required | +| | by `TBBR-Client specification`_. | ++------------------------+----------------------------------------------------+ +| Mitigations | | Yes / Platform specific. | +| implemented? | | +| | | After a firmware image is validated, the image | +| | revision number taken from a certificate | +| | extension field is compared with the | +| | corresponding NV counter stored in hardware to | +| | make sure the new counter value is larger than | +| | the current counter value. | +| | | +| | | **Platforms must implement this protection using | +| | platform specific hardware NV counters.** | +------------------------+----------------------------------------------------+ +------------------------+-------------------------------------------------------+ | ID | 03 | +========================+=======================================================+ -| ``Threat`` | | **An attacker can use Time-of-Check-Time-of-Use | +| Threat | | **An attacker can use Time-of-Check-Time-of-Use | | | (TOCTOU) attack to bypass image authentication | | | during the boot process** | | | | @@ -336,33 +373,39 @@ | | after the integrity and authentication check has | | | been performed. | +------------------------+-------------------------------------------------------+ -| ``Diagram Elements`` | DF1 | +| Diagram Elements | DF1 | +------------------------+-------------------------------------------------------+ -| ``Affected TF-A | BL1, BL2 | -| Components`` | | +| Affected TF-A | BL1, BL2 | +| Components | | +------------------------+-------------------------------------------------------+ -| ``Assets`` | Code Execution, Sensitive Data | +| Assets | Code Execution, Sensitive Data | +------------------------+-------------------------------------------------------+ -| ``Threat Agent`` | PhysicalAccess | +| Threat Agent | PhysicalAccess | +------------------------+-------------------------------------------------------+ -| ``Threat Type`` | Elevation of Privilege | +| Threat Type | Elevation of Privilege | +------------------------+---------------------+-----------------+---------------+ -| ``Application`` | ``Server`` | ``IoT`` | ``Mobile`` | +| Application | Server | IoT | Mobile | +------------------------+---------------------+-----------------+---------------+ -| ``Impact`` | N/A | Critical (5) | Critical (5) | +| Impact | N/A | Critical (5) | Critical (5) | +------------------------+---------------------+-----------------+---------------+ -| ``Likelihood`` | N/A | Medium (3) | Medium (3) | +| Likelihood | N/A | Medium (3) | Medium (3) | +------------------------+---------------------+-----------------+---------------+ -| ``Total Risk Rating`` | N/A | High (15) | High (15) | +| Total Risk Rating | N/A | High (15) | High (15) | +------------------------+---------------------+-----------------+---------------+ -| ``Mitigations`` | | TF-A boot firmware copies image to on-chip | -| | memory before authenticating an image. | +| Mitigations | Copy image to on-chip memory before authenticating | +| | it. | ++------------------------+-------------------------------------------------------+ +| Mitigations | | Platform specific. | +| implemented? | | +| | | The list of images to load and their location is | +| | platform specific. Platforms are responsible for | +| | arranging images to be loaded in on-chip memory. | +------------------------+-------------------------------------------------------+ +------------------------+-------------------------------------------------------+ | ID | 04 | +========================+=======================================================+ -| ``Threat`` | | **An attacker with physical access can execute | +| Threat | | **An attacker with physical access can execute | | | arbitrary image by bypassing the signature | | | verification stage using glitching techniques** | | | | @@ -381,31 +424,38 @@ | | points where the image is validated against the | | | signature. | +------------------------+-------------------------------------------------------+ -| ``Diagram Elements`` | DF1 | +| Diagram Elements | DF1 | +------------------------+-------------------------------------------------------+ -| ``Affected TF-A | BL1, BL2 | -| Components`` | | +| Affected TF-A | BL1, BL2 | +| Components | | +------------------------+-------------------------------------------------------+ -| ``Assets`` | Code Execution | +| Assets | Code Execution | +------------------------+-------------------------------------------------------+ -| ``Threat Agent`` | PhysicalAccess | +| Threat Agent | PhysicalAccess | +------------------------+-------------------------------------------------------+ -| ``Threat Type`` | Tampering, Elevation of Privilege | +| Threat Type | Tampering, Elevation of Privilege | +------------------------+---------------------+-----------------+---------------+ -| ``Application`` | ``Server`` | ``IoT`` | ``Mobile`` | +| Application | Server | IoT | Mobile | +------------------------+---------------------+-----------------+---------------+ -| ``Impact`` | N/A | Critical (5) | Critical (5) | +| Impact | N/A | Critical (5) | Critical (5) | +------------------------+---------------------+-----------------+---------------+ -| ``Likelihood`` | N/A | Medium (3) | Medium (3) | +| Likelihood | N/A | Medium (3) | Medium (3) | +------------------------+---------------------+-----------------+---------------+ -| ``Total Risk Rating`` | N/A | High (15) | High (15) | +| Total Risk Rating | N/A | High (15) | High (15) | +------------------------+---------------------+-----------------+---------------+ -| ``Mitigations`` | | The most effective mitigation is adding glitching | +| Mitigations | Mechanisms to detect clock glitch and power | +| | variations. | ++------------------------+-------------------------------------------------------+ +| Mitigations | | No. | +| implemented? | | +| | | The most effective mitigation is adding glitching | | | detection and mitigation circuit at the hardware | -| | level. However, software techniques, | -| | such as adding redundant checks when performing | -| | conditional branches that are security sensitive, | -| | can be used to harden TF-A against such attacks. | +| | level. | +| | | +| | | However, software techniques, such as adding | +| | redundant checks when performing conditional | +| | branches that are security sensitive, can be used | +| | to harden TF-A against such attacks. | | | **At the moment TF-A doesn't implement such | | | mitigations.** | +------------------------+-------------------------------------------------------+ @@ -413,49 +463,76 @@ +------------------------+---------------------------------------------------+ | ID | 05 | +========================+===================================================+ -| ``Threat`` | | **Information leak via UART logs such as | -| | crashes** | +| Threat | | **Information leak via UART logs** | | | | | | | During the development stages of software it is | -| | common to include crash reports with detailed | -| | information of the CPU state including current | -| | values of the registers, privilege level and | -| | stack dumps. This information is useful when | -| | debugging problems before releasing the | -| | production version, but it could be used by an | -| | attacker to develop a working exploit if left | -| | in the production version. | +| | common to print all sorts of information on the | +| | console, including sensitive or confidential | +| | information such as crash reports with detailed | +| | information of the CPU state, current registers | +| | values, privilege level or stack dumps. | +| | | +| | | This information is useful when debugging | +| | problems before releasing the production | +| | version but it could be used by an attacker | +| | to develop a working exploit if left enabled in | +| | the production version. | +| | | +| | | This happens when directly logging sensitive | +| | information and more subtly when logging | +| | side-channel information that can be used by an | +| | attacker to learn about sensitive information. | +------------------------+---------------------------------------------------+ -| ``Diagram Elements`` | DF2 | +| Diagram Elements | DF2 | +------------------------+---------------------------------------------------+ -| ``Affected TF-A | BL1, BL2, BL31 | -| Components`` | | +| Affected TF-A | BL1, BL2, BL31 | +| Components | | +------------------------+---------------------------------------------------+ -| ``Assets`` | Sensitive Data | +| Assets | Sensitive Data | +------------------------+---------------------------------------------------+ -| ``Threat Agent`` | AppDebug | +| Threat Agent | AppDebug | +------------------------+---------------------------------------------------+ -| ``Threat Type`` | Information Disclosure | +| Threat Type | Information Disclosure | +------------------------+------------------+----------------+---------------+ -| ``Application`` | ``Server`` | ``IoT`` | ``Mobile`` | +| Application | Server | IoT | Mobile | +------------------------+------------------+----------------+---------------+ -| ``Impact`` | N/A | Low (2) | Low (2) | +| Impact | N/A | Low (2) | Low (2) | +------------------------+------------------+----------------+---------------+ -| ``Likelihood`` | N/A | High (4) | High (4) | +| Likelihood | N/A | High (4) | High (4) | +------------------------+------------------+----------------+---------------+ -| ``Total Risk Rating`` | N/A | Medium (8) | Medium (8) | +| Total Risk Rating | N/A | Medium (8) | Medium (8) | +------------------------+------------------+----------------+---------------+ -| ``Mitigations`` | | In TF-A, crash reporting is only enabled for | -| | debug builds by default. Alternatively, the log | -| | level can be tuned at build time (from verbose | -| | to no output at all), independently of the | -| | build type. | +| Mitigations | | Remove sensitive information logging in | +| | production releases. | +| | | +| | | Do not conditionally log information depending | +| | on potentially sensitive data. | +| | | +| | | Do not log high precision timing information. | ++------------------------+---------------------------------------------------+ +| Mitigations | | Yes / Platform Specific. | +| implemented? | Requires the right build options to be used. | +| | | +| | | Crash reporting is only enabled for debug | +| | builds by default, see ``CRASH_REPORTING`` | +| | build option. | +| | | +| | | The log level can be tuned at build time, from | +| | very verbose to no output at all. See | +| | ``LOG_LEVEL`` build option. By default, release | +| | builds are a lot less verbose than debug ones | +| | but still produce some output. | +| | | +| | | Messages produced by the platform code should | +| | use the appropriate level of verbosity so as | +| | not to leak sensitive information in production | +| | builds. | +------------------------+---------------------------------------------------+ +------------------------+----------------------------------------------------+ | ID | 06 | +========================+====================================================+ -| ``Threat`` | | **An attacker can read sensitive data and | +| Threat | | **An attacker can read sensitive data and | | | execute arbitrary code through the external | | | debug and trace interface** | | | | @@ -468,37 +545,40 @@ | | attacker to read sensitive data and execute | | | arbitrary code. | +------------------------+----------------------------------------------------+ -| ``Diagram Elements`` | DF3 | +| Diagram Elements | DF3 | +------------------------+----------------------------------------------------+ -| ``Affected TF-A | BL1, BL2, BL31 | -| Components`` | | +| Affected TF-A | BL1, BL2, BL31 | +| Components | | +------------------------+----------------------------------------------------+ -| ``Assets`` | Code Execution, Sensitive Data | +| Assets | Code Execution, Sensitive Data | +------------------------+----------------------------------------------------+ -| ``Threat Agent`` | AppDebug | +| Threat Agent | AppDebug | +------------------------+----------------------------------------------------+ -| ``Threat Type`` | Tampering, Information Disclosure, | +| Threat Type | Tampering, Information Disclosure, | | | Elevation of privilege | +------------------------+------------------+---------------+-----------------+ -| ``Application`` | ``Server`` | ``IoT`` | ``Mobile`` | +| Application | Server | IoT | Mobile | +------------------------+------------------+---------------+-----------------+ -| ``Impact`` | N/A | High (4) | High (4) | +| Impact | N/A | High (4) | High (4) | +------------------------+------------------+---------------+-----------------+ -| ``Likelihood`` | N/A | Critical (5) | Critical (5) | +| Likelihood | N/A | Critical (5) | Critical (5) | +------------------------+------------------+---------------+-----------------+ -| ``Total Risk Rating`` | N/A | Critical (20) | Critical (20) | +| Total Risk Rating | N/A | Critical (20) | Critical (20) | +------------------------+------------------+---------------+-----------------+ -| ``Mitigations`` | | Configuration of debug and trace capabilities is | -| | platform specific. Therefore, platforms must | -| | disable the debug and trace capability for | -| | production releases or enable proper debug | -| | authentication as recommended by [`DEN0034`_]. | +| Mitigations | Disable the debug and trace capability for | +| | production releases or enable proper debug | +| | authentication as recommended by [`DEN0034`_]. | ++------------------------+----------------------------------------------------+ +| Mitigations | | Platform specific. | +| implemented? | | +| | | Configuration of debug and trace capabilities is | +| | entirely platform specific. | +------------------------+----------------------------------------------------+ +------------------------+------------------------------------------------------+ | ID | 07 | +========================+======================================================+ -| ``Threat`` | | **An attacker can perform a denial-of-service | +| Threat | | **An attacker can perform a denial-of-service | | | attack by using a broken SMC call that causes the | | | system to reboot or enter into unknown state.** | | | | @@ -508,48 +588,48 @@ | | by calling unimplemented SMC call or by passing | | | invalid arguments. | +------------------------+------------------------------------------------------+ -| ``Diagram Elements`` | DF4, DF5 | +| Diagram Elements | DF4, DF5 | +------------------------+------------------------------------------------------+ -| ``Affected TF-A | BL31 | -| Components`` | | +| Affected TF-A | BL31 | +| Components | | +------------------------+------------------------------------------------------+ -| ``Assets`` | Availability | +| Assets | Availability | +------------------------+------------------------------------------------------+ -| ``Threat Agent`` | NSCode, SecCode | +| Threat Agent | NSCode, SecCode | +------------------------+------------------------------------------------------+ -| ``Threat Type`` | Denial of Service | +| Threat Type | Denial of Service | +------------------------+-------------------+----------------+-----------------+ -| ``Application`` | ``Server`` | ``IoT`` | ``Mobile`` | +| Application | Server | IoT | Mobile | +------------------------+-------------------+----------------+-----------------+ -| ``Impact`` | Medium (3) | Medium (3) | Medium (3) | +| Impact | Medium (3) | Medium (3) | Medium (3) | +------------------------+-------------------+----------------+-----------------+ -| ``Likelihood`` | High (4) | High (4) | High (4) | +| Likelihood | High (4) | High (4) | High (4) | +------------------------+-------------------+----------------+-----------------+ -| ``Total Risk Rating`` | High (12) | High (12) | High (12) | +| Total Risk Rating | High (12) | High (12) | High (12) | +------------------------+-------------------+----------------+-----------------+ -| ``Mitigations`` | | The generic TF-A code validates SMC function ids | -| | and arguments before using them. | -| | Platforms that implement SiP services must also | +| Mitigations | Validate SMC function ids and arguments before using | +| | them. | ++------------------------+------------------------------------------------------+ +| Mitigations | | Yes / Platform specific. | +| implemented? | | +| | | For standard services, all input is validated. | +| | | +| | | Platforms that implement SiP services must also | | | validate SMC call arguments. | +------------------------+------------------------------------------------------+ +------------------------+------------------------------------------------------+ | ID | 08 | +========================+======================================================+ -| ``Threat`` | | **Memory corruption due to memory overflows and | +| Threat | | **Memory corruption due to memory overflows and | | | lack of boundary checking when accessing resources | | | could allow an attacker to execute arbitrary code, | | | modify some state variable to change the normal | | | flow of the program, or leak sensitive | | | information** | | | | -| | | Like in other software, the Trusted Firmware has | -| | multiple points where memory corruption security | -| | errors can arise. Memory corruption is a dangerous | -| | security issue since it could allow an attacker | -| | to execute arbitrary code, modify some state | -| | variable to change the normal flow of the program, | -| | or leak sensitive information. | +| | | Like in other software, TF-A has multiple points | +| | where memory corruption security errors can arise. | | | | | | | Some of the errors include integer overflow, | | | buffer overflow, incorrect array boundary checks, | @@ -558,37 +638,32 @@ | | validations might also result in these kinds of | | | errors in release builds. | +------------------------+------------------------------------------------------+ -| ``Diagram Elements`` | DF4, DF5 | +| Diagram Elements | DF4, DF5 | +------------------------+------------------------------------------------------+ -| ``Affected TF-A | BL1, BL2, BL31 | -| Components`` | | +| Affected TF-A | BL1, BL2, BL31 | +| Components | | +------------------------+------------------------------------------------------+ -| ``Assets`` | Code Execution, Sensitive Data | +| Assets | Code Execution, Sensitive Data | +------------------------+------------------------------------------------------+ -| ``Threat Agent`` | NSCode, SecCode | +| Threat Agent | NSCode, SecCode | +------------------------+------------------------------------------------------+ -| ``Threat Type`` | Tampering, Information Disclosure, | +| Threat Type | Tampering, Information Disclosure, | | | Elevation of Privilege | +------------------------+-------------------+-----------------+----------------+ -| ``Application`` | ``Server`` | ``IoT`` | ``Mobile`` | +| Application | Server | IoT | Mobile | +------------------------+-------------------+-----------------+----------------+ -| ``Impact`` | Critical (5) | Critical (5) | Critical (5) | +| Impact | Critical (5) | Critical (5) | Critical (5) | +------------------------+-------------------+-----------------+----------------+ -| ``Likelihood`` | Medium (3 | Medium (3) | Medium (3) | +| Likelihood | Medium (3 | Medium (3) | Medium (3) | +------------------------+-------------------+-----------------+----------------+ -| ``Total Risk Rating`` | High (15) | High (15) | High (15) | +| Total Risk Rating | High (15) | High (15) | High (15) | +------------------------+-------------------+-----------------+----------------+ -| ``Mitigations`` | | TF-A uses a combination of manual code reviews and | -| | automated program analysis and testing to detect | -| | and fix memory corruption bugs. All TF-A code | -| | including platform code go through manual code | -| | reviews. Additionally, static code analysis is | -| | performed using Coverity Scan on all TF-A code. | -| | The code is also tested with | -| | `Trusted Firmware-A Tests`_ on Juno and FVP | -| | platforms. | +| Mitigations | | 1) Use proper input validation. | | | | -| | | Data received from normal world, such as addresses | +| | | 2) Code reviews, testing. | ++------------------------+------------------------------------------------------+ +| Mitigations | | 1) Yes. | +| implemented? | Data received from normal world, such as addresses | | | and sizes identifying memory regions, are | | | sanitized before being used. These security checks | | | make sure that the normal world software does not | @@ -602,48 +677,62 @@ | | option to use *asserts* in release builds, however | | | we recommend using proper runtime checks instead | | | of relying on asserts in release builds. | +| | | +| | | 2) Yes. | +| | TF-A uses a combination of manual code reviews | +| | and automated program analysis and testing to | +| | detect and fix memory corruption bugs. All TF-A | +| | code including platform code go through manual | +| | code reviews. Additionally, static code analysis | +| | is performed using Coverity Scan on all TF-A code. | +| | The code is also tested with | +| | `Trusted Firmware-A Tests`_ on Juno and FVP | +| | platforms. | +------------------------+------------------------------------------------------+ +------------------------+------------------------------------------------------+ | ID | 09 | +========================+======================================================+ -| ``Threat`` | | **Improperly handled SMC calls can leak register | +| Threat | | **Improperly handled SMC calls can leak register | | | contents** | | | | -| | | When switching between secure and non-secure | -| | states, register contents of Secure world or | -| | register contents of other normal world clients | -| | can be leaked. | +| | | When switching between worlds, TF-A register state | +| | can leak to software in different security | +| | contexts. | +------------------------+------------------------------------------------------+ -| ``Diagram Elements`` | DF5 | +| Diagram Elements | DF4, DF5 | +------------------------+------------------------------------------------------+ -| ``Affected TF-A | BL31 | -| Components`` | | +| Affected TF-A | BL31 | +| Components | | +------------------------+------------------------------------------------------+ -| ``Assets`` | Sensitive Data | +| Assets | Sensitive Data | +------------------------+------------------------------------------------------+ -| ``Threat Agent`` | NSCode | +| Threat Agent | NSCode, SecCode | +------------------------+------------------------------------------------------+ -| ``Threat Type`` | Information Disclosure | +| Threat Type | Information Disclosure | +------------------------+-------------------+----------------+-----------------+ -| ``Application`` | ``Server`` | ``IoT`` | ``Mobile`` | +| Application | Server | IoT | Mobile | +------------------------+-------------------+----------------+-----------------+ -| ``Impact`` | Medium (3) | Medium (3) | Medium (3) | +| Impact | Medium (3) | Medium (3) | Medium (3) | +------------------------+-------------------+----------------+-----------------+ -| ``Likelihood`` | High (4) | High (4) | High (4) | +| Likelihood | High (4) | High (4) | High (4) | +------------------------+-------------------+----------------+-----------------+ -| ``Total Risk Rating`` | High (12) | High (12) | High (12) | +| Total Risk Rating | High (12) | High (12) | High (12) | +------------------------+-------------------+----------------+-----------------+ -| ``Mitigations`` | | TF-A saves and restores registers | -| | by default when switching contexts. Build options | -| | are also provided to save/restore additional | -| | registers such as floating-point registers. | +| Mitigations | Save and restore registers when switching contexts. | ++------------------------+------------------------------------------------------+ +| Mitigations | | Yes. | +| implemented? | | +| | | This is the default behaviour in TF-A. | +| | Build options are also provided to save/restore | +| | additional registers such as floating-point | +| | registers. These should be enabled if required. | +------------------------+------------------------------------------------------+ +------------------------+-----------------------------------------------------+ | ID | 10 | +========================+=====================================================+ -| ``Threat`` | | **SMC calls can leak sensitive information from | +| Threat | | **SMC calls can leak sensitive information from | | | TF-A memory via microarchitectural side channels**| | | | | | | Microarchitectural side-channel attacks such as | @@ -652,36 +741,42 @@ | | use this kind of attack to leak sensitive | | | data from TF-A memory. | +------------------------+-----------------------------------------------------+ -| ``Diagram Elements`` | DF4, DF5 | +| Diagram Elements | DF4, DF5 | +------------------------+-----------------------------------------------------+ -| ``Affected TF-A | BL31 | -| Components`` | | +| Affected TF-A | BL31 | +| Components | | +------------------------+-----------------------------------------------------+ -| ``Assets`` | Sensitive Data | +| Assets | Sensitive Data | +------------------------+-----------------------------------------------------+ -| ``Threat Agent`` | SecCode, NSCode | +| Threat Agent | SecCode, NSCode | +------------------------+-----------------------------------------------------+ -| ``Threat Type`` | Information Disclosure | +| Threat Type | Information Disclosure | +------------------------+-------------------+----------------+----------------+ -| ``Application`` | ``Server`` | ``IoT`` | ``Mobile`` | +| Application | Server | IoT | Mobile | +------------------------+-------------------+----------------+----------------+ -| ``Impact`` | Medium (3) | Medium (3) | Medium (3) | +| Impact | Medium (3) | Medium (3) | Medium (3) | +------------------------+-------------------+----------------+----------------+ -| ``Likelihood`` | Medium (3) | Medium (3) | Medium (3) | +| Likelihood | Medium (3) | Medium (3) | Medium (3) | +------------------------+-------------------+----------------+----------------+ -| ``Total Risk Rating`` | Medium (9) | Medium (9) | Medium (9) | +| Total Risk Rating | Medium (9) | Medium (9) | Medium (9) | +------------------------+-------------------+----------------+----------------+ -| ``Mitigations`` | | TF-A implements software mitigations for Spectre | +| Mitigations | Enable appropriate side-channel protections. | ++------------------------+-----------------------------------------------------+ +| Mitigations | | Yes / Platform specific. | +| implemented? | | +| | | TF-A implements software mitigations for Spectre | | | type attacks as recommended by `Cache Speculation | -| | Side-channels`_ for the generic code. SiPs should | -| | implement similar mitigations for code that is | -| | deemed to be vulnerable to such attacks. | +| | Side-channels`_ for the generic code. | +| | | +| | | SiPs should implement similar mitigations for | +| | code that is deemed to be vulnerable to such | +| | attacks. | +------------------------+-----------------------------------------------------+ +------------------------+----------------------------------------------------+ | ID | 11 | +========================+====================================================+ -| ``Threat`` | | **Misconfiguration of the Memory Management Unit | +| Threat | | **Misconfiguration of the Memory Management Unit | | | (MMU) may allow a normal world software to | | | access sensitive data or execute arbitrary | | | code** | @@ -692,44 +787,50 @@ | | execute code if the proper security mechanisms | | | are not in place. | +------------------------+----------------------------------------------------+ -| ``Diagram Elements`` | DF5, DF6 | +| Diagram Elements | DF5, DF6 | +------------------------+----------------------------------------------------+ -| ``Affected TF-A | BL1, BL2, BL31 | -| Components`` | | +| Affected TF-A | BL1, BL2, BL31 | +| Components | | +------------------------+----------------------------------------------------+ -| ``Assets`` | Sensitive Data, Code execution | +| Assets | Sensitive Data, Code execution | +------------------------+----------------------------------------------------+ -| ``Threat Agent`` | NSCode | +| Threat Agent | NSCode | +------------------------+----------------------------------------------------+ -| ``Threat Type`` | Information Disclosure, Elevation of Privilege | +| Threat Type | Information Disclosure, Elevation of Privilege | +------------------------+-----------------+-----------------+----------------+ -| ``Application`` | ``Server`` | ``IoT`` | ``Mobile`` | +| Application | Server | IoT | Mobile | +------------------------+-----------------+-----------------+----------------+ -| ``Impact`` | Critical (5) | Critical (5) | Critical (5) | +| Impact | Critical (5) | Critical (5) | Critical (5) | +------------------------+-----------------+-----------------+----------------+ -| ``Likelihood`` | High (4) | High (4) | High (4) | +| Likelihood | High (4) | High (4) | High (4) | +------------------------+-----------------+-----------------+----------------+ -| ``Total Risk Rating`` | Critical (20) | Critical (20) | Critical (20) | +| Total Risk Rating | Critical (20) | Critical (20) | Critical (20) | +------------------------+-----------------+-----------------+----------------+ -| ``Mitigations`` | | In TF-A, configuration of the MMU is done | -| | through a translation tables library. The | -| | library provides APIs to define memory regions | -| | and assign attributes including memory types and | -| | access permissions. Memory configurations are | -| | platform specific, therefore platforms need make | -| | sure the correct attributes are assigned to | -| | memory regions. When assigning access | -| | permissions, principle of least privilege ought | -| | to be enforced, i.e. we should not grant more | -| | privileges than strictly needed, e.g. code | -| | should be read-only executable, RO data should | -| | be read-only XN, and so on. | +| Mitigations | When configuring access permissions, the | +| | principle of least privilege ought to be | +| | enforced. This means we should not grant more | +| | privileges than strictly needed, e.g. code | +| | should be read-only executable, read-only data | +| | should be read-only execute-never, and so on. | ++------------------------+----------------------------------------------------+ +| Mitigations | | Platform specific. | +| implemented? | | +| | | MMU configuration is platform specific, | +| | therefore platforms need to make sure that the | +| | correct attributes are assigned to memory | +| | regions. | +| | | +| | | TF-A provides a library which abstracts the | +| | low-level details of MMU configuration. It | +| | provides well-defined and tested APIs. | +| | Platforms are encouraged to use it to limit the | +| | risk of misconfiguration. | +------------------------+----------------------------------------------------+ +------------------------+-----------------------------------------------------+ | ID | 12 | +========================+=====================================================+ -| ``Threat`` | | **Incorrect configuration of Performance Monitor | +| Threat | | **Incorrect configuration of Performance Monitor | | | Unit (PMU) counters can allow an attacker to | | | mount side-channel attacks using information | | | exposed by the counters** | @@ -738,43 +839,50 @@ | | to count events at any exception level and in | | | both Secure and Non-secure states. This allows | | | a Non-secure software (or a lower-level Secure | -| | software) to potentially carry out | +| | software) to potentially carry out | | | side-channel timing attacks against TF-A. | +------------------------+-----------------------------------------------------+ -| ``Diagram Elements`` | DF5, DF6 | +| Diagram Elements | DF5, DF6 | +------------------------+-----------------------------------------------------+ -| ``Affected TF-A | BL31 | -| Components`` | | +| Affected TF-A | BL31 | +| Components | | +------------------------+-----------------------------------------------------+ -| ``Assets`` | Sensitive Data | +| Assets | Sensitive Data | +------------------------+-----------------------------------------------------+ -| ``Threat Agent`` | NSCode | +| Threat Agent | NSCode | +------------------------+-----------------------------------------------------+ -| ``Threat Type`` | Information Disclosure | +| Threat Type | Information Disclosure | +------------------------+-------------------+----------------+----------------+ -| ``Impact`` | Medium (3) | Medium (3) | Medium (3) | +| Impact | Medium (3) | Medium (3) | Medium (3) | +------------------------+-------------------+----------------+----------------+ -| ``Likelihood`` | Low (2) | Low (2) | Low (2) | +| Likelihood | Low (2) | Low (2) | Low (2) | +------------------------+-------------------+----------------+----------------+ -| ``Total Risk Rating`` | Medium (6) | Medium (6) | Medium (6) | +| Total Risk Rating | Medium (6) | Medium (6) | Medium (6) | +------------------------+-------------------+----------------+----------------+ -| ``Mitigations`` | | TF-A follows mitigation strategies as described | -| | in `Secure Development Guidelines`_. General | -| | events and cycle counting in the Secure world is | -| | prohibited by default when applicable. However, | -| | on some implementations (e.g. PMUv3) Secure world | -| | event counting depends on external debug interface| -| | signals, i.e. Secure world event counting is | -| | enabled if external debug is enabled. | -| | Configuration of debug signals is platform | +| Mitigations | Follow mitigation strategies as described in | +| | `Secure Development Guidelines`_. | ++------------------------+-----------------------------------------------------+ +| Mitigations | | Yes / platform specific. | +| implemented? | | +| | | General events and cycle counting in the Secure | +| | world is prohibited by default when applicable. | +| | | +| | | However, on some implementations (e.g. PMUv3) | +| | Secure world event counting depends on external | +| | debug interface signals, i.e. Secure world event | +| | counting is enabled if external debug is enabled. | +| | | +| | | Configuration of debug signals is platform | | | specific, therefore platforms need to make sure | | | that external debug is disabled in production or | -| | proper debug authentication is in place. | +| | proper debug authentication is in place. This | +| | should be the case if threat #06 is properly | +| | mitigated. | +------------------------+-----------------------------------------------------+ -------------- -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2021-2022, Arm Limited. All rights reserved.* .. _STRIDE threat analysis technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model
diff --git a/docs/threat_model/threat_model_fvp_r.rst b/docs/threat_model/threat_model_fvp_r.rst new file mode 100644 index 0000000..c1462bb --- /dev/null +++ b/docs/threat_model/threat_model_fvp_r.rst
@@ -0,0 +1,97 @@ +fvp_r-Platform Threat Model +*************************** + +************************ +Introduction +************************ +This document provides a threat model for TF-A fvp_r platform. + +************************ +Target of Evaluation +************************ +In this threat model, the target of evaluation is the fvp_r platform of Trusted +Firmware for A-class Processors (TF-A). The fvp_r platform provides limited +support of AArch64 R-class Processors (v8-R64). + +This is a delta document, only pointing out differences from the general TF-A +threat-model document, :ref:`Generic Threat Model` + +BL1 Only +======== +The most fundamental difference between the threat model for the current fvp_r +implementation compared to the general TF-A threat model, is that fvp_r is +currently limited to BL1 only. Any threats from the general TF-A threat model +unrelated to BL1 are therefore not relevant to the fvp_r implementation. + +The fvp_r BL1 implementation directly loads a customer/partner-defined runtime +system. The threat model for that runtime system, being partner-defined, is +out-of-scope for this threat-model. + +Relatedly, all exceptions, synchronous and asynchronous, are disabled during BL1 +execution. So, any references to exceptions are not relevant. + +EL3 is Unsupported and All Secure +================================= +v8-R64 cores do not support EL3, and (essentially) all operation is defined as +Secure-mode. Therefore: + + - Any threats regarding NS operation are not relevant. + + - Any mentions of SMCs are also not relevant. + + - Anything otherwise-relevant code running in EL3 is instead run in EL2. + +MPU instead of MMU +================== +v8-R64 cores, running in EL2, use an MPU for memory management, rather than an +MMU. The MPU in the fvp_r implementation is configured to function effectively +identically with the MMU for the usual BL1 implementation. There are +memory-map differences, but the MPU configuration is functionally equivalent. + +No AArch32 Support +================== +Another substantial difference between v8-A and v8-R64 cores is that v8-R64 does +not support AArch32. However, this is not believed to have any threat-modeling +ramifications. + + +Threat Assessment +================= +For this section, please reference the Threat Assessment under the general TF-A +threat-model document, :ref:`Generic Threat Model` + +The following threats from that document are still relevant to the fvp_r +implementation: + + - ID 01: An attacker can mangle firmware images to execute arbitrary code. + + - ID 03: An attacker can use Time-of-Check-Time-of-Use (TOCTOU) attack to + bypass image authentication during the boot process. + + - ID 04: An attacker with physical access can execute arbitrary image by + bypassing the signature verification stage using clock- or power-glitching + techniques. + + - ID 05: Information leak via UART logs such as crashes + + - ID 06: An attacker can read sensitive data and execute arbitrary code + through the external debug and trace interface. + + - ID 08: Memory corruption due to memory overflows and lack of boundary + checking when accessing resources could allow an attacker to execute + arbitrary code, modify some state variable to change the normal flow of + the program, or leak sensitive. + + - ID 11: Misconfiguration of the Memory Protection Unit (MPU) may allow + normal world software to access sensitive data or execute arbitrary code. + Arguably, MPUs having fewer memory regions, there may be a temptation to + share memory regions, making this a greater threat. However, since the + fvp_r implementation is limited to BL1, since BL1's regions are fixed, + and since the MPU configuration is equivalent with that for the fvp + platform and others, this is not expected to be a concern. + + + +-------------- + +*Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/docs/threat_model/threat_model_spm.rst b/docs/threat_model/threat_model_spm.rst index 82f9916..a7bc2a9 100644 --- a/docs/threat_model/threat_model_spm.rst +++ b/docs/threat_model/threat_model_spm.rst
@@ -1,4 +1,4 @@ -SPMC threat model +SPMC Threat Model ***************** ************************ @@ -36,7 +36,8 @@ running in the secure world of TrustZone (at S-EL2 exception level). The threat model is not related to the normal world Hypervisor or VMs. The S-EL1 SPMC solution is not covered. -- The implementation complies with the FF-A v1.0 specification. +- The implementation complies with the FF-A v1.0 specification, and a few + features of FF-A v1.1 specification. - Secure partitions are statically provisioned at boot time. - Focus on the run-time part of the life-cycle (no specific emphasis on boot time, factory firmware provisioning, firmware udpate etc.) @@ -477,7 +478,7 @@ +------------------------+------------------+---------------+-----------------+ | ``Total Risk Rating`` | Medium (6) | Medium (6) | | +------------------------+------------------+---------------+-----------------+ -| ``Mitigations`` | For the specific case of direct requests targetting| +| ``Mitigations`` | For the specific case of direct requests targeting | | | the SPMC, the latter is hardened to prevent | | | its internal state or the state of an SP to be | | | revealed through a direct message response. | @@ -572,7 +573,7 @@ | ID | 11 | +========================+====================================================+ | ``Threat`` | **A malicious endpoint may attempt flooding the | -| | SPMC with requests targetting a service within an | +| | SPMC with requests targeting a service within an | | | endpoint such that it denies another endpoint to | | | access this service.** | | | Similarly, the malicious endpoint may target a | @@ -607,7 +608,281 @@ | | in a limited timeframe. | +------------------------+----------------------------------------------------+ --------------- ++------------------------+----------------------------------------------------+ +| ID | 12 | ++========================+====================================================+ +| ``Threat`` | **A malicious endpoint may attempt to allocate | +| | notifications bitmaps in the SPMC, through the | +| | FFA_NOTIFICATION_BITMAP_CREATE.** | +| | This might be an attempt to exhaust SPMC's memory, | +| | or to allocate a bitmap for a VM that was not | +| | intended to receive notifications from SPs. Thus | +| | creating the possibility for a channel that was not| +| | meant to exist. | ++------------------------+----------------------------------------------------+ +| ``Diagram Elements`` | DF1, DF2, DF3 | ++------------------------+----------------------------------------------------+ +| ``Affected TF-A | SPMC | +| Components`` | | ++------------------------+----------------------------------------------------+ +| ``Assets`` | SPMC state | ++------------------------+----------------------------------------------------+ +| ``Threat Agent`` | NS-Endpoint, S-Endpoint | ++------------------------+----------------------------------------------------+ +| ``Threat Type`` | Denial of service, Spoofing | ++------------------------+------------------+-----------------+---------------+ +| ``Application`` | ``Server`` | ``Mobile`` | | ++------------------------+------------------+-----------------+---------------+ +| ``Impact`` | Medium(3) | Medium(3) | | ++------------------------+------------------+-----------------+---------------+ +| ``Likelihood`` | Medium(3) | Medium(3) | | ++------------------------+------------------+-----------------+---------------+ +| ``Total Risk Rating`` | Medium(9) | Medium(9) | | ++------------------------+------------------+-----------------+---------------+ +| ``Mitigations`` | The TF-A SPMC mitigates this threat by defining a | +| | a fixed size pool for bitmap allocation. | +| | It also limits the designated FF-A calls to be used| +| | from NWd endpoints. | +| | In the NWd the hypervisor is supposed to limit the | +| | access to the designated FF-A call. | ++------------------------+----------------------------------------------------+ + ++------------------------+----------------------------------------------------+ +| ID | 13 | ++========================+====================================================+ +| ``Threat`` | **A malicious endpoint may attempt to destroy the | +| | notifications bitmaps in the SPMC, through the | +| | FFA_NOTIFICATION_BITMAP_DESTROY.** | +| | This might be an attempt to tamper with the SPMC | +| | state such that a partition isn't able to receive | +| | notifications. | ++------------------------+----------------------------------------------------+ +| ``Diagram Elements`` | DF1, DF2, DF3 | ++------------------------+----------------------------------------------------+ +| ``Affected TF-A | SPMC | +| Components`` | | ++------------------------+----------------------------------------------------+ +| ``Assets`` | SPMC state | ++------------------------+----------------------------------------------------+ +| ``Threat Agent`` | NS-Endpoint, S-Endpoint | ++------------------------+----------------------------------------------------+ +| ``Threat Type`` | Tampering | ++------------------------+------------------+-----------------+---------------+ +| ``Application`` | ``Server`` | ``Mobile`` | | ++------------------------+------------------+-----------------+---------------+ +| ``Impact`` | Low(2) | Low(2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Likelihood`` | Low(2) | Low(2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Total Risk Rating`` | Low(4) | Low(4) | | ++------------------------+------------------+-----------------+---------------+ +| ``Mitigations`` | The TF-A SPMC mitigates this issue by limiting the | +| | designated FF-A call to be issued by the NWd. | +| | Also, the notifications bitmap can't be destroyed | +| | if there are pending notifications. | +| | In the NWd, the hypervisor must restrict the | +| | NS-endpoints that can issue the designated call. | ++------------------------+----------------------------------------------------+ + ++------------------------+----------------------------------------------------+ +| ID | 14 | ++========================+====================================================+ +| ``Threat`` | **A malicious endpoint might attempt to give | +| | permissions to an unintended sender to set | +| | notifications targeting another receiver using the | +| | FF-A call FFA_NOTIFICATION_BIND.** | +| | This might be an attempt to tamper with the SPMC | +| | state such that an unintended, and possibly | +| | malicious, communication channel is established. | ++------------------------+----------------------------------------------------+ +| ``Diagram Elements`` | DF1, DF2, DF3 | ++------------------------+----------------------------------------------------+ +| ``Affected TF-A | SPMC | +| Components`` | | ++------------------------+----------------------------------------------------+ +| ``Assets`` | SPMC state | ++------------------------+----------------------------------------------------+ +| ``Threat Agent`` | NS-Endpoint, S-Endpoint | ++------------------------+----------------------------------------------------+ +| ``Threat Type`` | Tampering, Spoofing | ++------------------------+------------------+-----------------+---------------+ +| ``Application`` | ``Server`` | ``Mobile`` | | ++------------------------+------------------+-----------------+---------------+ +| ``Impact`` | Low(2) | Low(2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Likelihood`` | Medium(3) | Medium(3) | | ++------------------------+------------------+-----------------+---------------+ +| ``Total Risk Rating`` | Medium(6) | Medium(6) | | ++------------------------+------------------+-----------------+---------------+ +| ``Mitigations`` | The TF-A SPMC mitigates this by restricting | +| | designated FFA_NOTIFICATION_BIND call to be issued | +| | by the receiver only. The receiver is responsible | +| | for allocating the notifications IDs to one | +| | specific partition. | +| | Also, receivers that are not meant to receive | +| | notifications, must have notifications receipt | +| | disabled in the respective partition's manifest. | +| | As for calls coming from NWd, if the NWd VM has had| +| | its bitmap allocated at initialization, the TF-A | +| | SPMC can't guarantee this threat won't happen. | +| | The Hypervisor must mitigate in the NWd, similarly | +| | to SPMC for calls in SWd. Though, if the Hypervisor| +| | has been compromised, the SPMC won't be able to | +| | mitigate it for calls forwarded from NWd. | ++------------------------+----------------------------------------------------+ + ++------------------------+----------------------------------------------------+ +| ID | 15 | ++========================+====================================================+ +| ``Threat`` | **A malicious partition endpoint might attempt to | +| | set notifications that are not bound to it.** | ++------------------------+----------------------------------------------------+ +| ``Diagram Elements`` | DF1, DF2, DF3 | ++------------------------+----------------------------------------------------+ +| ``Affected TF-A | SPMC | +| Components`` | | ++------------------------+----------------------------------------------------+ +| ``Assets`` | SPMC state | ++------------------------+----------------------------------------------------+ +| ``Threat Agent`` | NS-Endpoint, S-Endpoint | ++------------------------+----------------------------------------------------+ +| ``Threat Type`` | Spoofing | ++------------------------+------------------+-----------------+---------------+ +| ``Application`` | ``Server`` | ``Mobile`` | | ++------------------------+------------------+-----------------+---------------+ +| ``Impact`` | Low(2) | Low(2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Likelihood`` | Low(2) | Low(2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Total Risk Rating`` | Low(4) | Low(4) | | ++------------------------+------------------+-----------------+---------------+ +| ``Mitigations`` | The TF-A SPMC mitigates this by checking the | +| | sender's ID provided in the input to the call | +| | FFA_NOTIFICATION_SET. The SPMC keeps track of which| +| | notifications are bound to which sender, for a | +| | given receiver. If the sender is an SP, the | +| | provided sender ID must match the ID of the | +| | currently running partition. | ++------------------------+----------------------------------------------------+ + ++------------------------+----------------------------------------------------+ +| ID | 16 | ++========================+====================================================+ +| ``Threat`` | **A malicious partition endpoint might attempt to | +| | get notifications that are not targeted to it.** | ++------------------------+----------------------------------------------------+ +| ``Diagram Elements`` | DF1, DF2, DF3 | ++------------------------+----------------------------------------------------+ +| ``Affected TF-A | SPMC | +| Components`` | | ++------------------------+----------------------------------------------------+ +| ``Assets`` | SPMC state | ++------------------------+----------------------------------------------------+ +| ``Threat Agent`` | NS-Endpoint, S-Endpoint | ++------------------------+----------------------------------------------------+ +| ``Threat Type`` | Spoofing | ++------------------------+------------------+-----------------+---------------+ +| ``Application`` | ``Server`` | ``Mobile`` | | ++------------------------+------------------+-----------------+---------------+ +| ``Impact`` | Informational(1) | Informational(1)| | ++------------------------+------------------+-----------------+---------------+ +| ``Likelihood`` | Low(2) | Low(2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Total Risk Rating`` | Low(2) | Low(2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Mitigations`` | The TF-A SPMC mitigates this by checking the | +| | receiver's ID provided in the input to the call | +| | FFA_NOTIFICATION_GET. The SPMC keeps track of which| +| | notifications are pending for each receiver. | +| | The provided receiver ID must match the ID of the | +| | currently running partition, if it is an SP. | +| | For calls forwarded from NWd, the SPMC will return | +| | the pending notifications if the receiver had its | +| | bitmap created, and has pending notifications. | +| | If Hypervisor or OS kernel are compromised, the | +| | SPMC won't be able to mitigate calls from rogue NWd| +| | endpoints. | ++------------------------+----------------------------------------------------+ + ++------------------------+----------------------------------------------------+ +| ID | 17 | ++========================+====================================================+ +| ``Threat`` | **A malicious partition endpoint might attempt to | +| | get the information about pending notifications, | +| | through the FFA_NOTIFICATION_INFO_GET call.** | +| | This call is meant to be used by the NWd FF-A | +| | driver. | ++------------------------+----------------------------------------------------+ +| ``Diagram Elements`` | DF1, DF2, DF3 | ++------------------------+----------------------------------------------------+ +| ``Affected TF-A | SPMC | +| Components`` | | ++------------------------+----------------------------------------------------+ +| ``Assets`` | SPMC state | ++------------------------+----------------------------------------------------+ +| ``Threat Agent`` | NS-Endpoint, S-Endpoint | ++------------------------+----------------------------------------------------+ +| ``Threat Type`` | Information disclosure | ++------------------------+------------------+-----------------+---------------+ +| ``Application`` | ``Server`` | ``Mobile`` | | ++------------------------+------------------+-----------------+---------------+ +| ``Impact`` | Low(2) | Low(2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Likelihood`` | Medium(3) | Medium(3) | | ++------------------------+------------------+-----------------+---------------+ +| ``Total Risk Rating`` | Medium(6) | Medium(6) | | ++------------------------+------------------+-----------------+---------------+ +| ``Mitigations`` | The TF-A SPMC mitigates this by returning error to | +| | calls made by SPs to FFA_NOTIFICATION_INFO_GET. | +| | If Hypervisor or OS kernel are compromised, the | +| | SPMC won't be able mitigate calls from rogue NWd | +| | endpoints. | ++------------------------+----------------------------------------------------+ + ++------------------------+----------------------------------------------------+ +| ID | 18 | ++========================+====================================================+ +| ``Threat`` | **A malicious partition endpoint might attempt to | +| | flood another partition endpoint with notifications| +| | hindering its operation.** | +| | The intent of the malicious endpoint could be to | +| | interfere with both the receiver's and/or primary | +| | endpoint execution, as they can both be preempted | +| | by the NPI and SRI, respectively. | ++------------------------+----------------------------------------------------+ +| ``Diagram Elements`` | DF1, DF2, DF3, DF4 | ++------------------------+----------------------------------------------------+ +| ``Affected TF-A | SPMC | +| Components`` | | ++------------------------+----------------------------------------------------+ +| ``Assets`` | SPMC state, SP state, CPU cycles | ++------------------------+----------------------------------------------------+ +| ``Threat Agent`` | NS-Endpoint, S-Endpoint | ++------------------------+----------------------------------------------------+ +| ``Threat Type`` | DoS | ++------------------------+------------------+-----------------+---------------+ +| ``Application`` | ``Server`` | ``Mobile`` | | ++------------------------+------------------+-----------------+---------------+ +| ``Impact`` | Low(2) | Low(2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Likelihood`` | Medium(3) | Medium(3) | | ++------------------------+------------------+-----------------+---------------+ +| ``Total Risk Rating`` | Medium(6) | Medium(6) | | ++------------------------+------------------+-----------------+---------------+ +| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. | +| | However, the impact is limited due to the | +| | architecture: | +| | - Notifications are not queued, one that has been | +| | signaled needs to be retrieved by the receiver, | +| | until it can be sent again. | +| | - Both SRI and NPI can't be pended until handled | +| | which limits the amount of spurious interrupts. | +| | - A given receiver could only bind a maximum number| +| | of notifications to a given sender, within a given | +| | execution context. | ++------------------------+----------------------------------------------------+ + +--------------- *Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/drivers/allwinner/axp/axp803.c b/drivers/allwinner/axp/axp803.c index 53b11c1..19a9549 100644 --- a/drivers/allwinner/axp/axp803.c +++ b/drivers/allwinner/axp/axp803.c
@@ -9,7 +9,9 @@ const uint8_t axp_chip_id = AXP803_CHIP_ID; const char *const axp_compatible = "x-powers,axp803"; +#if SUNXI_SETUP_REGULATORS == 1 const struct axp_regulator axp_regulators[] = { + {"aldo1", 700, 3300, 100, NA, 0x28, 0x13, 5}, {"dcdc1", 1600, 3400, 100, NA, 0x20, 0x10, 0}, {"dcdc5", 800, 1840, 10, 32, 0x24, 0x10, 4}, {"dcdc6", 600, 1520, 10, 50, 0x25, 0x10, 5}, @@ -20,3 +22,4 @@ {"fldo1", 700, 1450, 50, NA, 0x1c, 0x13, 2}, {} }; +#endif
diff --git a/drivers/allwinner/axp/axp805.c b/drivers/allwinner/axp/axp805.c index 8d029c0..3a03fec 100644 --- a/drivers/allwinner/axp/axp805.c +++ b/drivers/allwinner/axp/axp805.c
@@ -9,6 +9,7 @@ const uint8_t axp_chip_id = AXP805_CHIP_ID; const char *const axp_compatible = "x-powers,axp805"; +#if SUNXI_SETUP_REGULATORS == 1 /* * The "dcdcd" split changes the step size by a factor of 5, not 2; * disallow values above the split to maintain accuracy. @@ -31,3 +32,4 @@ {"cldo3", 700, 3300, 100, NA, 0x26, 0x11, 6}, {} }; +#endif
diff --git a/drivers/allwinner/axp/common.c b/drivers/allwinner/axp/common.c index 143fb0f..f1250b0 100644 --- a/drivers/allwinner/axp/common.c +++ b/drivers/allwinner/axp/common.c
@@ -48,6 +48,7 @@ axp_setbits(0x32, BIT(7)); } +#if SUNXI_SETUP_REGULATORS == 1 /* * Retrieve the voltage from a given regulator DTB node. * Both the regulator-{min,max}-microvolt properties must be present and @@ -208,3 +209,4 @@ axp_setbits(0x11, BIT(7)); } } +#endif /* SUNXI_SETUP_REGULATORS */
diff --git a/drivers/arm/css/scmi/scmi_private.h b/drivers/arm/css/scmi/scmi_private.h index 61437f6..a684ca5 100644 --- a/drivers/arm/css/scmi/scmi_private.h +++ b/drivers/arm/css/scmi/scmi_private.h
@@ -136,7 +136,7 @@ uint64_t res_b; /* Reserved */ uint32_t flags; volatile uint32_t len; - uint32_t msg_header; + volatile uint32_t msg_header; uint32_t payload[]; } mailbox_mem_t;
diff --git a/drivers/arm/gic/v3/gic600ae_fmu.c b/drivers/arm/gic/v3/gic600ae_fmu.c index 13979fa..0262f48 100644 --- a/drivers/arm/gic/v3/gic600ae_fmu.c +++ b/drivers/arm/gic/v3/gic600ae_fmu.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, NVIDIA Corporation. All rights reserved. + * Copyright (c) 2021-2022, NVIDIA Corporation. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -9,6 +9,7 @@ */ #include <assert.h> +#include <inttypes.h> #include <arch_helpers.h> #include <common/debug.h> @@ -112,6 +113,135 @@ "Wake-GICD AXI4-Stream interface error" }; +/* Helper function to find detailed information for a specific IERR */ +static char __unused *ras_ierr_to_str(unsigned int blkid, unsigned int ierr) +{ + char *str = NULL; + + /* Find the correct record */ + switch (blkid) { + case FMU_BLK_GICD: + assert(ierr < ARRAY_SIZE(gicd_sm_info)); + str = gicd_sm_info[ierr]; + break; + + case FMU_BLK_SPICOL: + assert(ierr < ARRAY_SIZE(spicol_sm_info)); + str = spicol_sm_info[ierr]; + break; + + case FMU_BLK_WAKERQ: + assert(ierr < ARRAY_SIZE(wkrqst_sm_info)); + str = wkrqst_sm_info[ierr]; + break; + + case FMU_BLK_ITS0...FMU_BLK_ITS7: + assert(ierr < ARRAY_SIZE(its_sm_info)); + str = its_sm_info[ierr]; + break; + + case FMU_BLK_PPI0...FMU_BLK_PPI31: + assert(ierr < ARRAY_SIZE(ppi_sm_info)); + str = ppi_sm_info[ierr]; + break; + + default: + assert(false); + break; + } + + return str; +} + +/* + * Probe for error in memory-mapped registers containing error records. + * Upon detecting an error, set probe data to the index of the record + * in error, and return 1; otherwise, return 0. + */ +int gic600_fmu_probe(uint64_t base, int *probe_data) +{ + uint64_t gsr; + + assert(base != 0UL); + + /* + * Read ERR_GSR to find the error record 'M' + */ + gsr = gic_fmu_read_errgsr(base); + if (gsr == U(0)) { + return 0; + } + + /* Return the index of the record in error */ + if (probe_data != NULL) { + *probe_data = (int)__builtin_ctzll(gsr); + } + + return 1; +} + +/* + * The handler function to read RAS records and find the safety + * mechanism with the error. + */ +int gic600_fmu_ras_handler(uint64_t base, int probe_data) +{ + uint64_t errstatus; + unsigned int blkid = (unsigned int)probe_data, ierr, serr; + + assert(base != 0UL); + + /* + * FMU_ERRGSR indicates the ID of the GIC + * block that faulted. + */ + assert(blkid <= FMU_BLK_PPI31); + + /* + * Find more information by reading FMU_ERR<M>STATUS + * register + */ + errstatus = gic_fmu_read_errstatus(base, blkid); + + /* + * If FMU_ERR<M>STATUS.V is set to 0, no RAS records + * need to be scanned. + */ + if ((errstatus & FMU_ERRSTATUS_V_BIT) == U(0)) { + return 0; + } + + /* + * FMU_ERR<M>STATUS.IERR indicates which Safety Mechanism + * reported the error. + */ + ierr = (errstatus >> FMU_ERRSTATUS_IERR_SHIFT) & + FMU_ERRSTATUS_IERR_MASK; + + /* + * FMU_ERR<M>STATUS.SERR indicates architecturally + * defined primary error code. + */ + serr = errstatus & FMU_ERRSTATUS_SERR_MASK; + + ERROR("**************************************\n"); + ERROR("RAS %s Error detected by GIC600 AE FMU\n", + ((errstatus & FMU_ERRSTATUS_UE_BIT) != 0U) ? + "Uncorrectable" : "Corrected"); + ERROR("\tStatus = 0x%lx \n", errstatus); + ERROR("\tBlock ID = 0x%x\n", blkid); + ERROR("\tSafety Mechanism ID = 0x%x (%s)\n", ierr, + ras_ierr_to_str(blkid, ierr)); + ERROR("\tArchitecturally defined primary error code = 0x%x\n", + serr); + ERROR("**************************************\n"); + + /* Clear FMU_ERR<M>STATUS */ + gic_fmu_write_errstatus(base, probe_data, errstatus); + + return 0; +} + /* * Initialization sequence for the FMU * @@ -138,8 +268,12 @@ /* Enable error detection for all error records */ for (unsigned int i = 0U; i < num_blk; i++) { - /* Skip next steps if the block is not present */ + /* + * Disable all safety mechanisms for blocks that are not + * present and skip the next steps. + */ if ((blk_present_mask & BIT(i)) == 0U) { + gic_fmu_disable_all_sm_blkid(base, i); continue; } @@ -168,22 +302,26 @@ */ if ((blk_present_mask & BIT(FMU_BLK_GICD)) != 0U) { smen = (GICD_MBIST_REQ_ERROR << FMU_SMEN_SMID_SHIFT) | - (FMU_BLK_GICD << FMU_SMEN_BLK_SHIFT); + (FMU_BLK_GICD << FMU_SMEN_BLK_SHIFT) | + FMU_SMEN_EN_BIT; gic_fmu_write_smen(base, smen); smen = (GICD_FMU_CLKGATE_ERROR << FMU_SMEN_SMID_SHIFT) | - (FMU_BLK_GICD << FMU_SMEN_BLK_SHIFT); + (FMU_BLK_GICD << FMU_SMEN_BLK_SHIFT) | + FMU_SMEN_EN_BIT; gic_fmu_write_smen(base, smen); } for (unsigned int i = FMU_BLK_PPI0; i < FMU_BLK_PPI31; i++) { if ((blk_present_mask & BIT(i)) != 0U) { smen = (PPI_MBIST_REQ_ERROR << FMU_SMEN_SMID_SHIFT) | - (i << FMU_SMEN_BLK_SHIFT); + (i << FMU_SMEN_BLK_SHIFT) | + FMU_SMEN_EN_BIT; gic_fmu_write_smen(base, smen); smen = (PPI_FMU_CLKGATE_ERROR << FMU_SMEN_SMID_SHIFT) | - (i << FMU_SMEN_BLK_SHIFT); + (i << FMU_SMEN_BLK_SHIFT) | + FMU_SMEN_EN_BIT; gic_fmu_write_smen(base, smen); } } @@ -191,11 +329,13 @@ for (unsigned int i = FMU_BLK_ITS0; i < FMU_BLK_ITS7; i++) { if ((blk_present_mask & BIT(i)) != 0U) { smen = (ITS_MBIST_REQ_ERROR << FMU_SMEN_SMID_SHIFT) | - (i << FMU_SMEN_BLK_SHIFT); + (i << FMU_SMEN_BLK_SHIFT) | + FMU_SMEN_EN_BIT; gic_fmu_write_smen(base, smen); smen = (ITS_FMU_CLKGATE_ERROR << FMU_SMEN_SMID_SHIFT) | - (i << FMU_SMEN_BLK_SHIFT); + (i << FMU_SMEN_BLK_SHIFT) | + FMU_SMEN_EN_BIT; gic_fmu_write_smen(base, smen); } }
diff --git a/drivers/arm/gic/v3/gic600ae_fmu_helpers.c b/drivers/arm/gic/v3/gic600ae_fmu_helpers.c index 4aa0efb..09806dc 100644 --- a/drivers/arm/gic/v3/gic600ae_fmu_helpers.c +++ b/drivers/arm/gic/v3/gic600ae_fmu_helpers.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, NVIDIA Corporation. All rights reserved. + * Copyright (c) 2021-2022, NVIDIA Corporation. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -258,3 +258,47 @@ { GIC_FMU_WRITE_64(base, GICFMU_PINGMASK, 0, val); } + +/* + * Helper function to disable all safety mechanisms for a given block + */ +void gic_fmu_disable_all_sm_blkid(uintptr_t base, unsigned int blkid) +{ + uint32_t smen, max_smid = U(0); + + /* Sanity check block ID */ + assert((blkid >= FMU_BLK_GICD) && (blkid <= FMU_BLK_PPI31)); + + /* Find the max safety mechanism ID for the block */ + switch (blkid) { + case FMU_BLK_GICD: + max_smid = FMU_SMID_GICD_MAX; + break; + + case FMU_BLK_SPICOL: + max_smid = FMU_SMID_SPICOL_MAX; + break; + + case FMU_BLK_WAKERQ: + max_smid = FMU_SMID_WAKERQ_MAX; + break; + + case FMU_BLK_ITS0...FMU_BLK_ITS7: + max_smid = FMU_SMID_ITS_MAX; + break; + + case FMU_BLK_PPI0...FMU_BLK_PPI31: + max_smid = FMU_SMID_PPI_MAX; + break; + + default: + assert(false); + break; + } + + /* Disable all Safety Mechanisms for a given block id */ + for (unsigned int i = 0U; i < max_smid; i++) { + smen = (blkid << FMU_SMEN_BLK_SHIFT) | (i << FMU_SMEN_SMID_SHIFT); + gic_fmu_write_smen(base, smen); + } +}
diff --git a/drivers/arm/gic/v3/gicv3_private.h b/drivers/arm/gic/v3/gicv3_private.h index 93ee1a1..3af0500 100644 --- a/drivers/arm/gic/v3/gicv3_private.h +++ b/drivers/arm/gic/v3/gicv3_private.h
@@ -171,7 +171,7 @@ static inline u_register_t gicd_irouter_val_from_mpidr(u_register_t mpidr, unsigned int irm) { - return (mpidr & ~(U(0xff) << 24)) | + return (mpidr & MPIDR_AFFINITY_MASK) | ((irm & IROUTER_IRM_MASK) << IROUTER_IRM_SHIFT); }
diff --git a/drivers/arm/mhu/mhu_v2_x.c b/drivers/arm/mhu/mhu_v2_x.c new file mode 100644 index 0000000..3103b92 --- /dev/null +++ b/drivers/arm/mhu/mhu_v2_x.c
@@ -0,0 +1,379 @@ +/* + * Copyright (c) 2020-2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <assert.h> +#include <stdbool.h> +#include <stdint.h> + +#include "mhu_v2_x.h" + +#define MHU_V2_X_MAX_CHANNELS 124 +#define MHU_V2_1_MAX_CHCOMB_INT 4 +#define ENABLE 0x1 +#define DISABLE 0x0 +#define CLEAR_INTR 0x1 +#define CH_PER_CH_COMB 0x20 +#define SEND_FRAME(p_mhu) ((struct mhu_v2_x_send_frame_t *)p_mhu) +#define RECV_FRAME(p_mhu) ((struct mhu_v2_x_recv_frame_t *)p_mhu) + +#define MHU_MAJOR_REV_V2 0x1u +#define MHU_MINOR_REV_2_0 0x0u +#define MHU_MINOR_REV_2_1 0x1u + +struct mhu_v2_x_send_ch_window_t { + /* Offset: 0x00 (R/ ) Channel Status */ + volatile uint32_t ch_st; + /* Offset: 0x04 (R/ ) Reserved */ + volatile uint32_t reserved_0; + /* Offset: 0x08 (R/ ) Reserved */ + volatile uint32_t reserved_1; + /* Offset: 0x0C ( /W) Channel Set */ + volatile uint32_t ch_set; + /* Offset: 0x10 (R/ ) Channel Interrupt Status (Reserved in 2.0) */ + volatile uint32_t ch_int_st; + /* Offset: 0x14 ( /W) Channel Interrupt Clear (Reserved in 2.0) */ + volatile uint32_t ch_int_clr; + /* Offset: 0x18 (R/W) Channel Interrupt Enable (Reserved in 2.0) */ + volatile uint32_t ch_int_en; + /* Offset: 0x1C (R/ ) Reserved */ + volatile uint32_t reserved_2; +}; + +struct mhu_v2_x_send_frame_t { + /* Offset: 0x000 ( / ) Sender Channel Window 0 -123 */ + struct mhu_v2_x_send_ch_window_t send_ch_window[MHU_V2_X_MAX_CHANNELS]; + /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */ + volatile uint32_t mhu_cfg; + /* Offset: 0xF84 (R/W) Response Configuration */ + volatile uint32_t resp_cfg; + /* Offset: 0xF88 (R/W) Access Request */ + volatile uint32_t access_request; + /* Offset: 0xF8C (R/ ) Access Ready */ + volatile uint32_t access_ready; + /* Offset: 0xF90 (R/ ) Interrupt Status */ + volatile uint32_t int_st; + /* Offset: 0xF94 ( /W) Interrupt Clear */ + volatile uint32_t int_clr; + /* Offset: 0xF98 (R/W) Interrupt Enable */ + volatile uint32_t int_en; + /* Offset: 0xF9C (R/ ) Reserved */ + volatile uint32_t reserved_0; + /* Offset: 0xFA0 (R/W) Channel Combined IRQ Stat (Reserved in 2.0) */ + volatile uint32_t ch_comb_int_st[MHU_V2_1_MAX_CHCOMB_INT]; + /* Offset: 0xFC4 (R/ ) Reserved */ + volatile uint32_t reserved_1[6]; + /* Offset: 0xFC8 (R/ ) Implementer Identification Register */ + volatile uint32_t iidr; + /* Offset: 0xFCC (R/ ) Architecture Identification Register */ + volatile uint32_t aidr; + /* Offset: 0xFD0 (R/ ) */ + volatile uint32_t pid_1[4]; + /* Offset: 0xFE0 (R/ ) */ + volatile uint32_t pid_0[4]; + /* Offset: 0xFF0 (R/ ) */ + volatile uint32_t cid[4]; +}; + +struct mhu_v2_x_rec_ch_window_t { + /* Offset: 0x00 (R/ ) Channel Status */ + volatile uint32_t ch_st; + /* Offset: 0x04 (R/ ) Channel Status Masked */ + volatile uint32_t ch_st_msk; + /* Offset: 0x08 ( /W) Channel Clear */ + volatile uint32_t ch_clr; + /* Offset: 0x0C (R/ ) Reserved */ + volatile uint32_t reserved_0; + /* Offset: 0x10 (R/ ) Channel Mask Status */ + volatile uint32_t ch_msk_st; + /* Offset: 0x14 ( /W) Channel Mask Set */ + volatile uint32_t ch_msk_set; + /* Offset: 0x18 ( /W) Channel Mask Clear */ + volatile uint32_t ch_msk_clr; + /* Offset: 0x1C (R/ ) Reserved */ + volatile uint32_t reserved_1; +}; + +struct mhu_v2_x_recv_frame_t { + /* Offset: 0x000 ( / ) Receiver Channel Window 0 -123 */ + struct mhu_v2_x_rec_ch_window_t rec_ch_window[MHU_V2_X_MAX_CHANNELS]; + /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */ + volatile uint32_t mhu_cfg; + /* Offset: 0xF84 (R/ ) Reserved */ + volatile uint32_t reserved_0[3]; + /* Offset: 0xF90 (R/ ) Interrupt Status (Reserved in 2.0) */ + volatile uint32_t int_st; + /* Offset: 0xF94 (R/ ) Interrupt Clear (Reserved in 2.0) */ + volatile uint32_t int_clr; + /* Offset: 0xF98 (R/W) Interrupt Enable (Reserved in 2.0) */ + volatile uint32_t int_en; + /* Offset: 0xF9C (R/ ) Reserved */ + volatile uint32_t reserved_1; + /* Offset: 0xFA0 (R/ ) Channel Combined IRQ Stat (Reserved in 2.0) */ + volatile uint32_t ch_comb_int_st[MHU_V2_1_MAX_CHCOMB_INT]; + /* Offset: 0xFB0 (R/ ) Reserved */ + volatile uint32_t reserved_2[6]; + /* Offset: 0xFC8 (R/ ) Implementer Identification Register */ + volatile uint32_t iidr; + /* Offset: 0xFCC (R/ ) Architecture Identification Register */ + volatile uint32_t aidr; + /* Offset: 0xFD0 (R/ ) */ + volatile uint32_t pid_1[4]; + /* Offset: 0xFE0 (R/ ) */ + volatile uint32_t pid_0[4]; + /* Offset: 0xFF0 (R/ ) */ + volatile uint32_t cid[4]; +}; + +union mhu_v2_x_frame { + struct mhu_v2_x_send_frame_t send_frame; + struct mhu_v2_x_recv_frame_t recv_frame; +}; + +enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev, + enum mhu_v2_x_supported_revisions rev) +{ + uint32_t AIDR = 0; + union mhu_v2_x_frame *p_mhu; + + assert(dev != NULL); + + p_mhu = (union mhu_v2_x_frame *)dev->base; + + if (dev->is_initialized) { + return MHU_V_2_X_ERR_ALREADY_INIT; + } + + if (rev == MHU_REV_READ_FROM_HW) { + /* Read revision from HW */ + if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { + AIDR = p_mhu->recv_frame.aidr; + } else { + AIDR = p_mhu->send_frame.aidr; + } + + /* Get bits 7:4 to read major revision */ + if (((AIDR >> 4) & 0b1111) != MHU_MAJOR_REV_V2) { + /* Unsupported MHU version */ + return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; + } /* No need to save major version, driver only supports MHUv2 */ + + /* Get bits 3:0 to read minor revision */ + dev->subversion = AIDR & 0b1111; + + if (dev->subversion != MHU_MINOR_REV_2_0 && + dev->subversion != MHU_MINOR_REV_2_1) { + /* Unsupported subversion */ + return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; + } + } else { + /* Revisions were provided by caller */ + if (rev == MHU_REV_2_0) { + dev->subversion = MHU_MINOR_REV_2_0; + } else if (rev == MHU_REV_2_1) { + dev->subversion = MHU_MINOR_REV_2_1; + } else { + /* Unsupported subversion */ + return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; + } /* No need to save major version, driver only supports MHUv2 */ + } + + dev->is_initialized = true; + + return MHU_V_2_X_ERR_NONE; +} + +uint32_t mhu_v2_x_get_num_channel_implemented(const struct mhu_v2_x_dev_t *dev) +{ + union mhu_v2_x_frame *p_mhu; + + assert(dev != NULL); + + p_mhu = (union mhu_v2_x_frame *)dev->base; + + if (!(dev->is_initialized)) { + return MHU_V_2_X_ERR_NOT_INIT; + } + + if (dev->frame == MHU_V2_X_SENDER_FRAME) { + return (SEND_FRAME(p_mhu))->mhu_cfg; + } else { + assert(dev->frame == MHU_V2_X_RECEIVER_FRAME); + return (RECV_FRAME(p_mhu))->mhu_cfg; + } +} + +enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev, + uint32_t channel, uint32_t val) +{ + union mhu_v2_x_frame *p_mhu; + + assert(dev != NULL); + + p_mhu = (union mhu_v2_x_frame *)dev->base; + + if (!(dev->is_initialized)) { + return MHU_V_2_X_ERR_NOT_INIT; + } + + if (dev->frame == MHU_V2_X_SENDER_FRAME) { + (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_set = val; + return MHU_V_2_X_ERR_NONE; + } else { + return MHU_V_2_X_ERR_INVALID_ARG; + } +} + +enum mhu_v2_x_error_t mhu_v2_x_channel_poll(const struct mhu_v2_x_dev_t *dev, + uint32_t channel, uint32_t *value) +{ + union mhu_v2_x_frame *p_mhu; + + assert(dev != NULL); + + p_mhu = (union mhu_v2_x_frame *)dev->base; + + if (!(dev->is_initialized)) { + return MHU_V_2_X_ERR_NOT_INIT; + } + + if (dev->frame == MHU_V2_X_SENDER_FRAME) { + *value = (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_st; + return MHU_V_2_X_ERR_NONE; + } else { + return MHU_V_2_X_ERR_INVALID_ARG; + } +} + +enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev, + uint32_t channel) +{ + union mhu_v2_x_frame *p_mhu; + + assert(dev != NULL); + + p_mhu = (union mhu_v2_x_frame *)dev->base; + + if (!(dev->is_initialized)) { + return MHU_V_2_X_ERR_NOT_INIT; + } + + if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { + (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_clr = UINT32_MAX; + return MHU_V_2_X_ERR_NONE; + } else { + return MHU_V_2_X_ERR_INVALID_ARG; + } +} + +enum mhu_v2_x_error_t mhu_v2_x_channel_receive( + const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value) +{ + union mhu_v2_x_frame *p_mhu; + + assert(dev != NULL); + + p_mhu = (union mhu_v2_x_frame *)dev->base; + + if (!(dev->is_initialized)) { + return MHU_V_2_X_ERR_NOT_INIT; + } + + if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { + *value = (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_st; + return MHU_V_2_X_ERR_NONE; + } else { + return MHU_V_2_X_ERR_INVALID_ARG; + } +} + +enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set( + const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask) +{ + union mhu_v2_x_frame *p_mhu; + + assert(dev != NULL); + + p_mhu = (union mhu_v2_x_frame *)dev->base; + + if (!(dev->is_initialized)) { + return MHU_V_2_X_ERR_NOT_INIT; + } + + if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { + (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_set = mask; + return MHU_V_2_X_ERR_NONE; + } else { + return MHU_V_2_X_ERR_INVALID_ARG; + } +} + +enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear( + const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask) +{ + union mhu_v2_x_frame *p_mhu; + + assert(dev != NULL); + + p_mhu = (union mhu_v2_x_frame *)dev->base; + + if (!(dev->is_initialized)) { + return MHU_V_2_X_ERR_NOT_INIT; + } + + if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { + (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_clr = mask; + return MHU_V_2_X_ERR_NONE; + } else { + return MHU_V_2_X_ERR_INVALID_ARG; + } +} +enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer( + const struct mhu_v2_x_dev_t *dev) +{ + union mhu_v2_x_frame *p_mhu; + + assert(dev != NULL); + + p_mhu = (union mhu_v2_x_frame *)dev->base; + + if (!(dev->is_initialized)) { + return MHU_V_2_X_ERR_NOT_INIT; + } + + if (dev->frame != MHU_V2_X_SENDER_FRAME) { + return MHU_V_2_X_ERR_INVALID_ARG; + } + + (SEND_FRAME(p_mhu))->access_request = ENABLE; + + while (!((SEND_FRAME(p_mhu))->access_ready)) { + /* Wait in a loop for access ready signal to be high */ + ; + } + + return MHU_V_2_X_ERR_NONE; +} + +enum mhu_v2_x_error_t mhu_v2_x_close_transfer(const struct mhu_v2_x_dev_t *dev) +{ + union mhu_v2_x_frame *p_mhu; + + assert(dev != NULL); + + p_mhu = (union mhu_v2_x_frame *)dev->base; + + if (!(dev->is_initialized)) { + return MHU_V_2_X_ERR_NOT_INIT; + } + + if (dev->frame != MHU_V2_X_SENDER_FRAME) { + return MHU_V_2_X_ERR_INVALID_ARG; + } + + (SEND_FRAME(p_mhu))->access_request = DISABLE; + + return MHU_V_2_X_ERR_NONE; +}
diff --git a/drivers/arm/mhu/mhu_v2_x.h b/drivers/arm/mhu/mhu_v2_x.h new file mode 100644 index 0000000..10247d2 --- /dev/null +++ b/drivers/arm/mhu/mhu_v2_x.h
@@ -0,0 +1,210 @@ +/* + * Copyright (c) 2020-2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MHU_V2_X_H +#define MHU_V2_X_H + +#include <stdbool.h> +#include <stdint.h> + +#define MHU_2_X_INTR_NR2R_OFF (0x0u) +#define MHU_2_X_INTR_R2NR_OFF (0x1u) +#define MHU_2_1_INTR_CHCOMB_OFF (0x2u) + +#define MHU_2_X_INTR_NR2R_MASK (0x1u << MHU_2_X_INTR_NR2R_OFF) +#define MHU_2_X_INTR_R2NR_MASK (0x1u << MHU_2_X_INTR_R2NR_OFF) +#define MHU_2_1_INTR_CHCOMB_MASK (0x1u << MHU_2_1_INTR_CHCOMB_OFF) + +enum mhu_v2_x_frame_t { + MHU_V2_X_SENDER_FRAME = 0x0u, + MHU_V2_X_RECEIVER_FRAME = 0x1u, +}; + +enum mhu_v2_x_supported_revisions { + MHU_REV_READ_FROM_HW = 0, + MHU_REV_2_0, + MHU_REV_2_1, +}; + +struct mhu_v2_x_dev_t { + uintptr_t base; + enum mhu_v2_x_frame_t frame; + uint32_t subversion; /*!< Hardware subversion: v2.X */ + bool is_initialized; /*!< Indicates if the MHU driver + * is initialized and enabled + */ +}; + +/** + * MHU v2 error enumeration types. + */ +enum mhu_v2_x_error_t { + MHU_V_2_X_ERR_NONE = 0, + MHU_V_2_X_ERR_NOT_INIT = -1, + MHU_V_2_X_ERR_ALREADY_INIT = -2, + MHU_V_2_X_ERR_UNSUPPORTED_VERSION = -3, + MHU_V_2_X_ERR_INVALID_ARG = -4, + MHU_V_2_X_ERR_GENERAL = -5 +}; + +/** + * Initializes the driver. + * + * dev MHU device struct mhu_v2_x_dev_t. + * rev MHU revision (if can't be identified from HW). + * + * Reads the MHU hardware version. + * + * Returns mhu_v2_x_error_t error code. + * + * MHU revision only has to be specified when versions can't be read + * from HW (ARCH_MAJOR_REV reg reads as 0x0). + * + * This function doesn't check if dev is NULL. + */ +enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev, + enum mhu_v2_x_supported_revisions rev); + +/** + * Returns the number of channels implemented. + * + * dev MHU device struct mhu_v2_x_dev_t. + * + * This function doesn't check if dev is NULL. + */ +uint32_t mhu_v2_x_get_num_channel_implemented( + const struct mhu_v2_x_dev_t *dev); + +/** + * Sends the value over a channel. + * + * dev MHU device struct mhu_v2_x_dev_t. + * channel Channel to send the value over. + * val Value to send. + * + * Sends the value over a channel. + * + * Returns mhu_v2_x_error_t error code. + * + * This function doesn't check if dev is NULL. + * This function doesn't check if channel is implemented. + */ +enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev, + uint32_t channel, uint32_t val); + +/** + * Polls sender channel status. + * + * dev MHU device struct mhu_v2_x_dev_t. + * channel Channel to poll the status of. + * value Pointer to variable that will store the value. + * + * Polls sender channel status. + * + * Returns mhu_v2_x_error_t error code. + * + * This function doesn't check if dev is NULL. + * This function doesn't check if channel is implemented. + */ +enum mhu_v2_x_error_t mhu_v2_x_channel_poll(const struct mhu_v2_x_dev_t *dev, + uint32_t channel, uint32_t *value); + +/** + * Clears the channel after the value is send over it. + * + * dev MHU device struct mhu_v2_x_dev_t. + * channel Channel to clear. + * + * Clears the channel after the value is send over it. + * + * Returns mhu_v2_x_error_t error code.. + * + * This function doesn't check if dev is NULL. + * This function doesn't check if channel is implemented. + */ +enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev, + uint32_t channel); + +/** + * Receives the value over a channel. + * + * dev MHU device struct mhu_v2_x_dev_t. + * channel Channel to receive the value from. + * value Pointer to variable that will store the value. + * + * Receives the value over a channel. + * + * Returns mhu_v2_x_error_t error code. + * + * This function doesn't check if dev is NULL. + * This function doesn't check if channel is implemented. + */ +enum mhu_v2_x_error_t mhu_v2_x_channel_receive( + const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value); + +/** + * Sets bits in the Channel Mask. + * + * dev MHU device struct mhu_v2_x_dev_t. + * channel Which channel's mask to set. + * mask Mask to be set over a receiver frame. + * + * Sets bits in the Channel Mask. + * + * Returns mhu_v2_x_error_t error code.. + * + * This function doesn't check if dev is NULL. + * This function doesn't check if channel is implemented. + */ +enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set( + const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask); + +/** + * Clears bits in the Channel Mask. + * + * dev MHU device struct mhu_v2_x_dev_t. + * channel Which channel's mask to clear. + * mask Mask to be clear over a receiver frame. + * + * Clears bits in the Channel Mask. + * + * Returns mhu_v2_x_error_t error code. + * + * This function doesn't check if dev is NULL. + * This function doesn't check if channel is implemented. + */ +enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear( + const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask); + +/** + * Initiates a MHU transfer with the handshake signals. + * + * dev MHU device struct mhu_v2_x_dev_t. + * + * Initiates a MHU transfer with the handshake signals in a blocking mode. + * + * Returns mhu_v2_x_error_t error code. + * + * This function doesn't check if dev is NULL. + */ +enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer( + const struct mhu_v2_x_dev_t *dev); + +/** + * Closes a MHU transfer with the handshake signals. + * + * dev MHU device struct mhu_v2_x_dev_t. + * + * Closes a MHU transfer with the handshake signals in a blocking mode. + * + * Returns mhu_v2_x_error_t error code. + * + * This function doesn't check if dev is NULL. + */ +enum mhu_v2_x_error_t mhu_v2_x_close_transfer( + const struct mhu_v2_x_dev_t *dev); + +#endif /* MHU_V2_X_H */
diff --git a/drivers/arm/mhu/mhu_wrapper_v2_x.c b/drivers/arm/mhu/mhu_wrapper_v2_x.c new file mode 100644 index 0000000..d8b7cfd --- /dev/null +++ b/drivers/arm/mhu/mhu_wrapper_v2_x.c
@@ -0,0 +1,302 @@ +/* + * Copyright (c) 2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <assert.h> +#include <stddef.h> +#include <stdint.h> +#include <string.h> + +#include <drivers/arm/mhu.h> + +#include "mhu_v2_x.h" + +#define MHU_NOTIFY_VALUE (1234u) + +/* + * MHU devices for host: + * HSE: Host to Secure Enclave (sender device) + * SEH: Secure Enclave to Host (receiver device) + */ +struct mhu_v2_x_dev_t MHU1_HSE_DEV = {0, MHU_V2_X_SENDER_FRAME}; +struct mhu_v2_x_dev_t MHU1_SEH_DEV = {0, MHU_V2_X_RECEIVER_FRAME}; + +static enum mhu_error_t error_mapping_to_mhu_error_t(enum mhu_v2_x_error_t err) +{ + switch (err) { + case MHU_V_2_X_ERR_NONE: + return MHU_ERR_NONE; + case MHU_V_2_X_ERR_NOT_INIT: + return MHU_ERR_NOT_INIT; + case MHU_V_2_X_ERR_ALREADY_INIT: + return MHU_ERR_ALREADY_INIT; + case MHU_V_2_X_ERR_UNSUPPORTED_VERSION: + return MHU_ERR_UNSUPPORTED_VERSION; + case MHU_V_2_X_ERR_INVALID_ARG: + return MHU_ERR_INVALID_ARG; + case MHU_V_2_X_ERR_GENERAL: + return MHU_ERR_GENERAL; + default: + return MHU_ERR_GENERAL; + } +} + +static enum mhu_v2_x_error_t signal_and_wait_for_clear(void) +{ + enum mhu_v2_x_error_t err; + struct mhu_v2_x_dev_t *dev = &MHU1_HSE_DEV; + uint32_t val = MHU_NOTIFY_VALUE; + /* Using the last channel for notifications */ + uint32_t channel_notify = mhu_v2_x_get_num_channel_implemented(dev) - 1; + + err = mhu_v2_x_channel_send(dev, channel_notify, val); + if (err != MHU_V_2_X_ERR_NONE) { + return err; + } + + do { + err = mhu_v2_x_channel_poll(dev, channel_notify, &val); + if (err != MHU_V_2_X_ERR_NONE) { + break; + } + } while (val != 0); + + return err; +} + +static enum mhu_v2_x_error_t wait_for_signal(void) +{ + enum mhu_v2_x_error_t err; + struct mhu_v2_x_dev_t *dev = &MHU1_SEH_DEV; + uint32_t val = 0; + /* Using the last channel for notifications */ + uint32_t channel_notify = mhu_v2_x_get_num_channel_implemented(dev) - 1; + + do { + err = mhu_v2_x_channel_receive(dev, channel_notify, &val); + if (err != MHU_V_2_X_ERR_NONE) { + break; + } + } while (val != MHU_NOTIFY_VALUE); + + return err; +} + +static enum mhu_v2_x_error_t clear_and_wait_for_next_signal(void) +{ + enum mhu_v2_x_error_t err; + struct mhu_v2_x_dev_t *dev = &MHU1_SEH_DEV; + uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev); + uint32_t i; + + /* Clear all channels */ + for (i = 0; i < num_channels; ++i) { + err = mhu_v2_x_channel_clear(dev, i); + if (err != MHU_V_2_X_ERR_NONE) { + return err; + } + } + + return wait_for_signal(); +} + +enum mhu_error_t mhu_init_sender(uintptr_t mhu_sender_base) +{ + enum mhu_v2_x_error_t err; + + assert(mhu_sender_base != (uintptr_t)NULL); + + MHU1_HSE_DEV.base = mhu_sender_base; + + err = mhu_v2_x_driver_init(&MHU1_HSE_DEV, MHU_REV_READ_FROM_HW); + return error_mapping_to_mhu_error_t(err); +} + +enum mhu_error_t mhu_init_receiver(uintptr_t mhu_receiver_base) +{ + enum mhu_v2_x_error_t err; + uint32_t num_channels, i; + + assert(mhu_receiver_base != (uintptr_t)NULL); + + MHU1_SEH_DEV.base = mhu_receiver_base; + + err = mhu_v2_x_driver_init(&MHU1_SEH_DEV, MHU_REV_READ_FROM_HW); + if (err != MHU_V_2_X_ERR_NONE) { + return error_mapping_to_mhu_error_t(err); + } + + num_channels = mhu_v2_x_get_num_channel_implemented(&MHU1_SEH_DEV); + + /* Mask all channels except the notifying channel */ + for (i = 0; i < (num_channels - 1); ++i) { + err = mhu_v2_x_channel_mask_set(&MHU1_SEH_DEV, i, UINT32_MAX); + if (err != MHU_V_2_X_ERR_NONE) { + return error_mapping_to_mhu_error_t(err); + } + } + + /* The last channel is used for notifications */ + err = mhu_v2_x_channel_mask_clear( + &MHU1_SEH_DEV, (num_channels - 1), UINT32_MAX); + return error_mapping_to_mhu_error_t(err); +} + +/* + * Public function. See mhu.h + * + * The basic steps of transferring a message: + * 1. Initiate MHU transfer. + * 2. Send over the size of the payload on Channel 1. It is the very first + * 4 Bytes of the transfer. Continue with Channel 2. + * 3. Send over the payload, writing the channels one after the other + * (4 Bytes each). The last available channel is reserved for controlling + * the transfer. + * When the last channel is reached or no more data is left, STOP. + * 4. Notify the receiver using the last channel and wait for acknowledge. + * If there is still data to transfer, jump to step 3. Otherwise, proceed. + * 5. Close MHU transfer. + * + */ +enum mhu_error_t mhu_send_data(const uint8_t *send_buffer, size_t size) +{ + enum mhu_v2_x_error_t err; + struct mhu_v2_x_dev_t *dev = &MHU1_HSE_DEV; + uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev); + uint32_t chan = 0; + uint32_t i; + uint32_t *p; + + /* For simplicity, require the send_buffer to be 4-byte aligned */ + if ((uintptr_t)send_buffer & 0x3U) { + return MHU_ERR_INVALID_ARG; + } + + err = mhu_v2_x_initiate_transfer(dev); + if (err != MHU_V_2_X_ERR_NONE) { + return error_mapping_to_mhu_error_t(err); + } + + /* First send over the size of the actual message */ + err = mhu_v2_x_channel_send(dev, chan, (uint32_t)size); + if (err != MHU_V_2_X_ERR_NONE) { + return error_mapping_to_mhu_error_t(err); + } + chan++; + + p = (uint32_t *)send_buffer; + for (i = 0; i < size; i += 4) { + err = mhu_v2_x_channel_send(dev, chan, *p++); + if (err != MHU_V_2_X_ERR_NONE) { + return error_mapping_to_mhu_error_t(err); + } + if (++chan == (num_channels - 1)) { + err = signal_and_wait_for_clear(); + if (err != MHU_V_2_X_ERR_NONE) { + return error_mapping_to_mhu_error_t(err); + } + chan = 0; + } + } + + /* Signal the end of transfer. + * It's not required to send a signal when the message was + * perfectly-aligned (num_channels - 1 channels were used in the last + * round) preventing it from signaling twice at the end of transfer. + */ + if (chan != 0) { + err = signal_and_wait_for_clear(); + if (err != MHU_V_2_X_ERR_NONE) { + return error_mapping_to_mhu_error_t(err); + } + } + + err = mhu_v2_x_close_transfer(dev); + return error_mapping_to_mhu_error_t(err); +} + +/* + * Public function. See mhu.h + * + * The basic steps of receiving a message: + * 1. Read the size of the payload from Channel 1. It is the very first + * 4 Bytes of the transfer. Continue with Channel 2. + * 2. Receive the payload, read the channels one after the other + * (4 Bytes each). The last available channel is reserved for controlling + * the transfer. + * When the last channel is reached clear all the channels + * (also sending an acknowledge on the last channel). + * 3. If there is still data to receive wait for a notification on the last + * channel and jump to step 2 as soon as it arrived. Otherwise, proceed. + * 4. End of transfer. + * + */ +enum mhu_error_t mhu_receive_data(uint8_t *receive_buffer, size_t *size) +{ + enum mhu_v2_x_error_t err; + struct mhu_v2_x_dev_t *dev = &MHU1_SEH_DEV; + uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev); + uint32_t chan = 0; + uint32_t message_len; + uint32_t i; + uint32_t *p; + + /* For simplicity, require: + * - the receive_buffer to be 4-byte aligned, + * - the buffer size to be a multiple of 4. + */ + if (((uintptr_t)receive_buffer & 0x3U) || (*size & 0x3U)) { + return MHU_ERR_INVALID_ARG; + } + + /* Busy wait for incoming reply */ + err = wait_for_signal(); + if (err != MHU_V_2_X_ERR_NONE) { + return error_mapping_to_mhu_error_t(err); + } + + /* The first word is the length of the actual message */ + err = mhu_v2_x_channel_receive(dev, chan, &message_len); + if (err != MHU_V_2_X_ERR_NONE) { + return error_mapping_to_mhu_error_t(err); + } + chan++; + + if (message_len > *size) { + /* Message buffer too small */ + *size = message_len; + return MHU_ERR_BUFFER_TOO_SMALL; + } + + p = (uint32_t *)receive_buffer; + for (i = 0; i < message_len; i += 4) { + err = mhu_v2_x_channel_receive(dev, chan, p++); + if (err != MHU_V_2_X_ERR_NONE) { + return error_mapping_to_mhu_error_t(err); + } + + /* Only wait for next transfer if there is still missing data */ + if (++chan == (num_channels - 1) && (message_len - i) > 4) { + /* Busy wait for next transfer */ + err = clear_and_wait_for_next_signal(); + if (err != MHU_V_2_X_ERR_NONE) { + return error_mapping_to_mhu_error_t(err); + } + chan = 0; + } + } + + /* Clear all channels */ + for (i = 0; i < num_channels; ++i) { + err = mhu_v2_x_channel_clear(dev, i); + if (err != MHU_V_2_X_ERR_NONE) { + return error_mapping_to_mhu_error_t(err); + } + } + + *size = message_len; + + return MHU_ERR_NONE; +}
diff --git a/drivers/arm/rss/rss_comms.c b/drivers/arm/rss/rss_comms.c new file mode 100644 index 0000000..28a4925 --- /dev/null +++ b/drivers/arm/rss/rss_comms.c
@@ -0,0 +1,225 @@ +/* + * Copyright (c) 2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <stdint.h> +#include <string.h> + +#include <common/debug.h> +#include <drivers/arm/mhu.h> +#include <drivers/arm/rss_comms.h> +#include <initial_attestation.h> +#include <psa/client.h> + +#include <platform_def.h> + +#define TYPE_OFFSET U(16) +#define TYPE_MASK (0xFFFFUL << TYPE_OFFSET) +#define IN_LEN_OFFSET U(8) +#define IN_LEN_MASK (0xFFUL << IN_LEN_OFFSET) +#define OUT_LEN_OFFSET U(0) +#define OUT_LEN_MASK (0xFFUL << OUT_LEN_OFFSET) + +#define PARAM_PACK(type, in_len, out_len) \ + (((((uint32_t)type) << TYPE_OFFSET) & TYPE_MASK) | \ + ((((uint32_t)in_len) << IN_LEN_OFFSET) & IN_LEN_MASK) | \ + ((((uint32_t)out_len) << OUT_LEN_OFFSET) & OUT_LEN_MASK)) + +#define PARAM_UNPACK_IN_LEN(ctrl_param) \ + ((size_t)(((ctrl_param) & IN_LEN_MASK) >> IN_LEN_OFFSET)) + +/* Message types */ +struct __packed packed_psa_call_t { + uint8_t protocol_ver; + uint8_t seq_num; + uint16_t client_id; + psa_handle_t handle; + uint32_t ctrl_param; /* type, in_len, out_len */ + uint16_t io_size[4]; +}; + +struct __packed packed_psa_reply_t { + uint8_t protocol_ver; + uint8_t seq_num; + uint16_t client_id; + int32_t return_val; + uint16_t out_size[4]; +}; + +/* + * In the current implementation the RoT Service request that requires the + * biggest message buffer is the RSS_ATTEST_GET_TOKEN. The maximum required + * buffer size is calculated based on the platform-specific needs of + * this request. + */ +#define MAX_REQUEST_PAYLOAD_SIZE (PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64 \ + + PLAT_ATTEST_TOKEN_MAX_SIZE) + +/* Buffer to store the messages to be sent/received. */ +static uint8_t message_buf[MAX_REQUEST_PAYLOAD_SIZE] __aligned(4); + +static int32_t pack_params(const psa_invec *invecs, + size_t in_len, + uint8_t *buf, + size_t *buf_len) +{ + uint32_t i; + size_t payload_size = 0U; + + for (i = 0U; i < in_len; ++i) { + if (invecs[i].len > *buf_len - payload_size) { + return -1; + } + memcpy(buf + payload_size, invecs[i].base, invecs[i].len); + payload_size += invecs[i].len; + } + + *buf_len = payload_size; + return 0; +} + +static int serialise_message(const struct packed_psa_call_t *msg, + const psa_invec *invecs, + uint8_t *payload_buf, + size_t *payload_len) +{ + size_t message_len = 0U; + size_t len; + + /* Copy the message header into the payload buffer. */ + len = sizeof(*msg); + if (len > *payload_len) { + ERROR("[RSS-COMMS] Message buffer too small.\n"); + return -1; + } + memcpy(payload_buf, (const void *)msg, len); + message_len += len; + + /* The input data will follow the message header in the payload buffer. */ + len = *payload_len - message_len; + if (pack_params(invecs, PARAM_UNPACK_IN_LEN(msg->ctrl_param), + payload_buf + message_len, &len) != 0) { + ERROR("[RSS-COMMS] Message buffer too small.\n"); + return -1; + } + message_len += len; + + *payload_len = message_len; + return 0; +} + +static void unpack_params(const uint8_t *buf, + psa_outvec *outvecs, + size_t out_len) +{ + size_t i; + + for (i = 0U; i < out_len; ++i) { + memcpy(outvecs[i].base, buf, outvecs[i].len); + buf += outvecs[i].len; + } +} + +static void deserialise_reply(struct packed_psa_reply_t *reply, + psa_outvec *outvecs, + size_t outlen, + const uint8_t *message, + size_t message_len) +{ + uint32_t i; + + memcpy(reply, message, sizeof(*reply)); + + /* Outvecs */ + for (i = 0U; i < outlen; ++i) { + outvecs[i].len = reply->out_size[i]; + } + + unpack_params(message + sizeof(*reply), outvecs, outlen); +} + +psa_status_t psa_call(psa_handle_t handle, int32_t type, + const psa_invec *in_vec, size_t in_len, + psa_outvec *out_vec, size_t out_len) +{ + enum mhu_error_t err; + static uint32_t seq_num = 1U; + struct packed_psa_call_t msg = { + .protocol_ver = 0U, + .seq_num = seq_num, + /* No need to distinguish callers (currently concurrent calls are not supported). */ + .client_id = 1U, + .handle = handle, + .ctrl_param = PARAM_PACK(type, in_len, out_len), + }; + + struct packed_psa_reply_t reply = {0}; + size_t message_size; + uint32_t i; + + /* Fill msg iovec lengths */ + for (i = 0U; i < in_len; ++i) { + msg.io_size[i] = in_vec[i].len; + } + for (i = 0U; i < out_len; ++i) { + msg.io_size[in_len + i] = out_vec[i].len; + } + + message_size = sizeof(message_buf); + if (serialise_message(&msg, in_vec, message_buf, &message_size)) { + /* Local buffer is probably too small. */ + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + err = mhu_send_data(message_buf, message_size); + if (err != MHU_ERR_NONE) { + return PSA_ERROR_COMMUNICATION_FAILURE; + } + + message_size = sizeof(message_buf); +#if DEBUG + /* + * Poisoning the message buffer (with a known pattern). + * Helps in detecting hypothetical RSS communication bugs. + */ + memset(message_buf, 0xA5, message_size); +#endif + err = mhu_receive_data(message_buf, &message_size); + if (err != MHU_ERR_NONE) { + return PSA_ERROR_COMMUNICATION_FAILURE; + } + + deserialise_reply(&reply, out_vec, out_len, message_buf, message_size); + + seq_num++; + + VERBOSE("[RSS-COMMS] Received reply\n"); + VERBOSE("protocol_ver=%d\n", reply.protocol_ver); + VERBOSE("seq_num=%d\n", reply.seq_num); + VERBOSE("client_id=%d\n", reply.client_id); + VERBOSE("return_val=%d\n", reply.return_val); + VERBOSE("out_size[0]=%d\n", reply.out_size[0]); + + return reply.return_val; +} + +int rss_comms_init(uintptr_t mhu_sender_base, uintptr_t mhu_receiver_base) +{ + enum mhu_error_t err; + + err = mhu_init_sender(mhu_sender_base); + if (err != MHU_ERR_NONE) { + ERROR("[RSS-COMMS] Host to RSS MHU driver initialization failed: %d\n", err); + return -1; + } + + err = mhu_init_receiver(mhu_receiver_base); + if (err != MHU_ERR_NONE) { + ERROR("[RSS-COMMS] RSS to Host MHU driver initialization failed: %d\n", err); + return -1; + } + + return 0; +}
diff --git a/drivers/arm/smmu/smmu_v3.c b/drivers/arm/smmu/smmu_v3.c index a082a81..6c6f978 100644 --- a/drivers/arm/smmu/smmu_v3.c +++ b/drivers/arm/smmu/smmu_v3.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -9,11 +9,12 @@ #include <drivers/arm/smmu_v3.h> #include <drivers/delay_timer.h> #include <lib/mmio.h> +#include <arch_features.h> /* SMMU poll number of retries */ #define SMMU_POLL_TIMEOUT_US U(1000) -static int __init smmuv3_poll(uintptr_t smmu_reg, uint32_t mask, +static int smmuv3_poll(uintptr_t smmu_reg, uint32_t mask, uint32_t value) { uint32_t reg_val; @@ -79,14 +80,74 @@ if (smmuv3_security_init(smmu_base) != 0) return -1; - /* Check if the SMMU supports secure state */ - if ((mmio_read_32(smmu_base + SMMU_S_IDR1) & - SMMU_S_IDR1_SECURE_IMPL) == 0U) - return 0; +#if ENABLE_RME + + if (get_armv9_2_feat_rme_support() != 0U) { + if ((mmio_read_32(smmu_base + SMMU_ROOT_IDR0) & + SMMU_ROOT_IDR0_ROOT_IMPL) == 0U) { + WARN("Skip SMMU GPC configuration.\n"); + } else { + uint64_t gpccr_el3 = read_gpccr_el3(); + uint64_t gptbr_el3 = read_gptbr_el3(); + + /* SMMU_ROOT_GPT_BASE_CFG[16] is RES0. */ + gpccr_el3 &= ~(1UL << 16); + + /* + * TODO: SMMU_ROOT_GPT_BASE_CFG is 64b in the spec, + * but SMMU model only accepts 32b access. + */ + mmio_write_32(smmu_base + SMMU_ROOT_GPT_BASE_CFG, + gpccr_el3); + + /* + * pa_gpt_table_base[51:12] maps to GPTBR_EL3[39:0] + * whereas it maps to SMMU_ROOT_GPT_BASE[51:12] + * hence needs a 12 bit left shit. + */ + mmio_write_64(smmu_base + SMMU_ROOT_GPT_BASE, + gptbr_el3 << 12); + + /* + * ACCESSEN=1: SMMU- and client-originated accesses are + * not terminated by this mechanism. + * GPCEN=1: All clients and SMMU-originated accesses, + * except GPT-walks, are subject to GPC. + */ + mmio_setbits_32(smmu_base + SMMU_ROOT_CR0, + SMMU_ROOT_CR0_GPCEN | + SMMU_ROOT_CR0_ACCESSEN); + + /* Poll for ACCESSEN and GPCEN ack bits. */ + if (smmuv3_poll(smmu_base + SMMU_ROOT_CR0ACK, + SMMU_ROOT_CR0_GPCEN | + SMMU_ROOT_CR0_ACCESSEN, + SMMU_ROOT_CR0_GPCEN | + SMMU_ROOT_CR0_ACCESSEN) != 0) { + WARN("Failed enabling SMMU GPC.\n"); + + /* + * Do not return in error, but fall back to + * invalidating all entries through the secure + * register file. + */ + } + } + } + +#endif /* ENABLE_RME */ + /* * Initiate invalidation of secure caches and TLBs if the SMMU * supports secure state. If not, it's implementation defined * as to how SMMU_S_INIT register is accessed. + * Arm SMMU Arch RME supplement, section 3.4: all SMMU registers + * specified to be accessible only in secure physical address space are + * additionally accessible in root physical address space in an SMMU + * with RME. + * Section 3.3: as GPT information is permitted to be cached in a TLB, + * the SMMU_S_INIT.INV_ALL mechanism also invalidates GPT information + * cached in TLBs. */ mmio_write_32(smmu_base + SMMU_S_INIT, SMMU_S_INIT_INV_ALL); @@ -94,3 +155,28 @@ return smmuv3_poll(smmu_base + SMMU_S_INIT, SMMU_S_INIT_INV_ALL, 0U); } + +int smmuv3_ns_set_abort_all(uintptr_t smmu_base) +{ + /* Attribute update has completed when SMMU_GBPA.Update bit is 0 */ + if (smmuv3_poll(smmu_base + SMMU_GBPA, SMMU_GBPA_UPDATE, 0U) != 0U) { + return -1; + } + + /* + * Set GBPA's ABORT bit. Other GBPA fields are presumably ignored then, + * so simply preserve their value. + */ + mmio_setbits_32(smmu_base + SMMU_GBPA, SMMU_GBPA_UPDATE | SMMU_GBPA_ABORT); + if (smmuv3_poll(smmu_base + SMMU_GBPA, SMMU_GBPA_UPDATE, 0U) != 0U) { + return -1; + } + + /* Disable the SMMU to engage the GBPA fields previously configured. */ + mmio_clrbits_32(smmu_base + SMMU_CR0, SMMU_CR0_SMMUEN); + if (smmuv3_poll(smmu_base + SMMU_CR0ACK, SMMU_CR0_SMMUEN, 0U) != 0U) { + return -1; + } + + return 0; +}
diff --git a/drivers/arm/tzc/tzc400.c b/drivers/arm/tzc/tzc400.c index e4fc8c9..759824d 100644 --- a/drivers/arm/tzc/tzc400.c +++ b/drivers/arm/tzc/tzc400.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -306,8 +306,8 @@ * See the 'ARM (R) CoreLink TM TZC-400 TrustZone (R) * Address Space Controller' Technical Reference Manual. */ - ERROR("TZC-400 : Filter %d Gatekeeper already" - " enabled.\n", filter); + ERROR("TZC-400 : Filter %u Gatekeeper already enabled.\n", + filter); panic(); } _tzc400_set_gate_keeper(tzc400.base, filter, 1);
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c index 917ee4a..a99a2c7 100644 --- a/drivers/auth/auth_mod.c +++ b/drivers/auth/auth_mod.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -339,9 +339,6 @@ /* Check we have a valid CoT registered */ assert(cot_desc_ptr != NULL); - /* Crypto module */ - crypto_mod_init(); - /* Image parser module */ img_parser_init(); }
diff --git a/drivers/auth/crypto_mod.c b/drivers/auth/crypto_mod.c index c63ff08..eada357 100644 --- a/drivers/auth/crypto_mod.c +++ b/drivers/auth/crypto_mod.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -46,8 +46,13 @@ { assert(crypto_lib_desc.name != NULL); assert(crypto_lib_desc.init != NULL); +#if TRUSTED_BOARD_BOOT assert(crypto_lib_desc.verify_signature != NULL); assert(crypto_lib_desc.verify_hash != NULL); +#endif /* TRUSTED_BOARD_BOOT */ +#if MEASURED_BOOT + assert(crypto_lib_desc.calc_hash != NULL); +#endif /* MEASURED_BOOT */ /* Initialize the cryptographic library */ crypto_lib_desc.init(); @@ -114,8 +119,9 @@ * data_ptr, data_len: data to be hashed * output: resulting hash */ -int crypto_mod_calc_hash(unsigned int alg, void *data_ptr, - unsigned int data_len, unsigned char *output) +int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, + unsigned int data_len, + unsigned char output[CRYPTO_MD_MAX_SIZE]) { assert(data_ptr != NULL); assert(data_len != 0);
diff --git a/drivers/auth/dualroot/cot.c b/drivers/auth/dualroot/cot.c index e1e47bc..8368503 100644 --- a/drivers/auth/dualroot/cot.c +++ b/drivers/auth/dualroot/cot.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, Arm Limited. All rights reserved. + * Copyright (c) 2020-2022, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -8,7 +8,7 @@ #include <platform_def.h> -#include <drivers/auth/mbedtls/mbedtls_config.h> +#include MBEDTLS_CONFIG_FILE #include <drivers/auth/auth_mod.h> #include <tools_share/dualroot_oid.h>
diff --git a/drivers/auth/mbedtls/mbedtls_common.c b/drivers/auth/mbedtls/mbedtls_common.c index 4a8efae..a12e49c 100644 --- a/drivers/auth/mbedtls/mbedtls_common.c +++ b/drivers/auth/mbedtls/mbedtls_common.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -13,7 +13,7 @@ #include <common/debug.h> #include <drivers/auth/mbedtls/mbedtls_common.h> -#include <drivers/auth/mbedtls/mbedtls_config.h> +#include MBEDTLS_CONFIG_FILE #include <plat/common/platform.h> static void cleanup(void)
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk index 53ebe30..3eb4161 100644 --- a/drivers/auth/mbedtls/mbedtls_common.mk +++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -1,5 +1,5 @@ # -# Copyright (c) 2015-2020, Arm Limited. All rights reserved. +# Copyright (c) 2015-2022, Arm Limited. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -16,7 +16,7 @@ MBEDTLS_INC = -I${MBEDTLS_DIR}/include # Specify mbed TLS configuration file -MBEDTLS_CONFIG_FILE := "<drivers/auth/mbedtls/mbedtls_config.h>" +MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config.h>" $(eval $(call add_define,MBEDTLS_CONFIG_FILE)) MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_common.c @@ -48,6 +48,7 @@ rsa_internal.c \ x509.c \ x509_crt.c \ + constant_time.c \ ) # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key @@ -96,6 +97,18 @@ TF_MBEDTLS_USE_AES_GCM := 0 endif +ifeq ($(MEASURED_BOOT),1) + ifeq (${TPM_HASH_ALG}, sha256) + TF_MBEDTLS_TPM_HASH_ALG_ID := TF_MBEDTLS_SHA256 + else ifeq (${TPM_HASH_ALG}, sha384) + TF_MBEDTLS_TPM_HASH_ALG_ID := TF_MBEDTLS_SHA384 + else ifeq (${TPM_HASH_ALG}, sha512) + TF_MBEDTLS_TPM_HASH_ALG_ID := TF_MBEDTLS_SHA512 + else + $(error "TPM_HASH_ALG not defined.") + endif +endif + # Needs to be set to drive mbed TLS configuration correctly $(eval $(call add_defines,\ $(sort \ @@ -105,6 +118,10 @@ TF_MBEDTLS_USE_AES_GCM \ ))) +ifeq ($(MEASURED_BOOT),1) + $(eval $(call add_define,TF_MBEDTLS_TPM_HASH_ALG_ID)) +endif + $(eval $(call MAKE_LIB,mbedtls)) endif
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c index 6d6efb5..0901d04 100644 --- a/drivers/auth/mbedtls/mbedtls_crypto.c +++ b/drivers/auth/mbedtls/mbedtls_crypto.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -24,6 +24,16 @@ #define LIB_NAME "mbed TLS" +#if MEASURED_BOOT +/* + * CRYPTO_MD_MAX_SIZE value is as per current stronger algorithm available + * so make sure that mbed TLS MD maximum size must be lesser than this. + */ +CASSERT(CRYPTO_MD_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE, + assert_mbedtls_md_size_overflow); + +#endif /* MEASURED_BOOT */ + /* * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, @@ -50,6 +60,7 @@ mbedtls_init(); } +#if TRUSTED_BOARD_BOOT /* * Verify a signature. * @@ -208,24 +219,49 @@ return CRYPTO_SUCCESS; } +#endif /* TRUSTED_BOARD_BOOT */ #if MEASURED_BOOT /* + * Map a generic crypto message digest algorithm to the corresponding macro used + * by Mbed TLS. + */ +static inline mbedtls_md_type_t md_type(enum crypto_md_algo algo) +{ + switch (algo) { + case CRYPTO_MD_SHA512: + return MBEDTLS_MD_SHA512; + case CRYPTO_MD_SHA384: + return MBEDTLS_MD_SHA384; + case CRYPTO_MD_SHA256: + return MBEDTLS_MD_SHA256; + default: + /* Invalid hash algorithm. */ + return MBEDTLS_MD_NONE; + } +} + +/* * Calculate a hash * * output points to the computed hash */ -int calc_hash(unsigned int alg, void *data_ptr, - unsigned int data_len, unsigned char *output) +static int calc_hash(enum crypto_md_algo md_algo, void *data_ptr, + unsigned int data_len, + unsigned char output[CRYPTO_MD_MAX_SIZE]) { const mbedtls_md_info_t *md_info; - md_info = mbedtls_md_info_from_type((mbedtls_md_type_t)alg); + md_info = mbedtls_md_info_from_type(md_type(md_algo)); if (md_info == NULL) { return CRYPTO_ERR_HASH; } - /* Calculate the hash of the data */ + /* + * Calculate the hash of the data, it is safe to pass the + * 'output' hash buffer pointer considering its size is always + * bigger than or equal to MBEDTLS_MD_MAX_SIZE. + */ return mbedtls_md(md_info, data_ptr, data_len, output); } #endif /* MEASURED_BOOT */ @@ -332,7 +368,7 @@ /* * Register crypto library descriptor */ -#if MEASURED_BOOT +#if MEASURED_BOOT && TRUSTED_BOARD_BOOT #if TF_MBEDTLS_USE_AES_GCM REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash, auth_decrypt); @@ -340,11 +376,13 @@ REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash, NULL); #endif -#else /* MEASURED_BOOT */ +#elif TRUSTED_BOARD_BOOT #if TF_MBEDTLS_USE_AES_GCM REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, auth_decrypt); #else REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL); #endif -#endif /* MEASURED_BOOT */ +#elif MEASURED_BOOT +REGISTER_CRYPTO_LIB(LIB_NAME, init, calc_hash); +#endif /* MEASURED_BOOT && TRUSTED_BOARD_BOOT */
diff --git a/drivers/auth/tbbr/tbbr_cot_bl1.c b/drivers/auth/tbbr/tbbr_cot_bl1.c index e4c9221..44f8638 100644 --- a/drivers/auth/tbbr/tbbr_cot_bl1.c +++ b/drivers/auth/tbbr/tbbr_cot_bl1.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,7 +7,7 @@ #include <stddef.h> #include <platform_def.h> -#include <drivers/auth/mbedtls/mbedtls_config.h> +#include MBEDTLS_CONFIG_FILE #include <drivers/auth/auth_mod.h> #include <drivers/auth/tbbr_cot_common.h>
diff --git a/drivers/auth/tbbr/tbbr_cot_bl1_r64.c b/drivers/auth/tbbr/tbbr_cot_bl1_r64.c index e8e017c..78e38f6 100644 --- a/drivers/auth/tbbr/tbbr_cot_bl1_r64.c +++ b/drivers/auth/tbbr/tbbr_cot_bl1_r64.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,7 +7,7 @@ #include <stddef.h> #include <drivers/auth/auth_mod.h> -#include <drivers/auth/mbedtls/mbedtls_config.h> +#include MBEDTLS_CONFIG_FILE #include <drivers/auth/tbbr_cot_common.h> #if USE_TBBR_DEFS
diff --git a/drivers/auth/tbbr/tbbr_cot_bl2.c b/drivers/auth/tbbr/tbbr_cot_bl2.c index 65a0478..11e2f46 100644 --- a/drivers/auth/tbbr/tbbr_cot_bl2.c +++ b/drivers/auth/tbbr/tbbr_cot_bl2.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,7 +7,7 @@ #include <stddef.h> #include <platform_def.h> -#include <drivers/auth/mbedtls/mbedtls_config.h> +#include MBEDTLS_CONFIG_FILE #include <drivers/auth/auth_mod.h> #include <drivers/auth/tbbr_cot_common.h>
diff --git a/drivers/auth/tbbr/tbbr_cot_common.c b/drivers/auth/tbbr/tbbr_cot_common.c index ff3f22d..0983d42 100644 --- a/drivers/auth/tbbr/tbbr_cot_common.c +++ b/drivers/auth/tbbr/tbbr_cot_common.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,7 +7,7 @@ #include <stddef.h> #include <platform_def.h> -#include <drivers/auth/mbedtls/mbedtls_config.h> +#include MBEDTLS_CONFIG_FILE #include <drivers/auth/auth_mod.h> #include <drivers/auth/tbbr_cot_common.h>
diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c new file mode 100644 index 0000000..4cbc0f7 --- /dev/null +++ b/drivers/clk/clk.c
@@ -0,0 +1,65 @@ +/* + * Copyright (c) 2021, STMicroelectronics - All Rights Reserved + * Author(s): Ludovic Barre, <ludovic.barre@st.com> for STMicroelectronics. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <assert.h> +#include <errno.h> +#include <stdbool.h> + +#include <drivers/clk.h> + +static const struct clk_ops *ops; + +int clk_enable(unsigned long id) +{ + assert((ops != NULL) && (ops->enable != NULL)); + + return ops->enable(id); +} + +void clk_disable(unsigned long id) +{ + assert((ops != NULL) && (ops->disable != NULL)); + + ops->disable(id); +} + +unsigned long clk_get_rate(unsigned long id) +{ + assert((ops != NULL) && (ops->get_rate != NULL)); + + return ops->get_rate(id); +} + +int clk_get_parent(unsigned long id) +{ + assert((ops != NULL) && (ops->get_parent != NULL)); + + return ops->get_parent(id); +} + +bool clk_is_enabled(unsigned long id) +{ + assert((ops != NULL) && (ops->is_enabled != NULL)); + + return ops->is_enabled(id); +} + +/* + * Initialize the clk. The fields in the provided clk + * ops pointer must be valid. + */ +void clk_register(const struct clk_ops *ops_ptr) +{ + assert((ops_ptr != NULL) && + (ops_ptr->enable != NULL) && + (ops_ptr->disable != NULL) && + (ops_ptr->get_rate != NULL) && + (ops_ptr->get_parent != NULL) && + (ops_ptr->is_enabled != NULL)); + + ops = ops_ptr; +}
diff --git a/drivers/fwu/fwu.c b/drivers/fwu/fwu.c index 7cb4c29..ff432be 100644 --- a/drivers/fwu/fwu.c +++ b/drivers/fwu/fwu.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, Arm Limited. All rights reserved. + * Copyright (c) 2021-2022, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -25,7 +25,7 @@ crc_32_must_be_first_member_of_structure); static struct fwu_metadata metadata; -static bool is_fwu_initialized; +static bool is_metadata_initialized __unused; /******************************************************************************* * Compute CRC32 of the FWU metadata, and check it against the CRC32 value @@ -142,7 +142,7 @@ { bool trial_run = false; - assert(is_fwu_initialized == true); + assert(is_metadata_initialized); for (unsigned int i = 0U; i < NR_OF_IMAGES_IN_FW_BANK; i++) { struct fwu_image_entry *entry = &metadata.img_entry[i]; @@ -157,6 +157,13 @@ return trial_run; } +const struct fwu_metadata *fwu_get_metadata(void) +{ + assert(is_metadata_initialized); + + return &metadata; +} + /******************************************************************************* * Load verified copy of FWU metadata image kept in the platform NV storage * into local FWU metadata structure. @@ -181,7 +188,7 @@ } } - plat_fwu_set_images_source(&metadata); + is_metadata_initialized = true; - is_fwu_initialized = true; + plat_fwu_set_images_source(&metadata); }
diff --git a/drivers/io/io_mtd.c b/drivers/io/io_mtd.c index ba8cecd..5d86592 100644 --- a/drivers/io/io_mtd.c +++ b/drivers/io/io_mtd.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2019-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -8,13 +8,13 @@ #include <errno.h> #include <string.h> -#include <platform_def.h> - #include <common/debug.h> #include <drivers/io/io_driver.h> #include <drivers/io/io_mtd.h> #include <lib/utils.h> +#include <platform_def.h> + typedef struct { io_mtd_dev_spec_t *dev_spec; uintptr_t base; @@ -214,7 +214,7 @@ ops = &cur->dev_spec->ops; assert(ops->read != NULL); - VERBOSE("Read at %llx into %lx, length %zi\n", + VERBOSE("Read at %llx into %lx, length %zu\n", cur->base + cur->pos, buffer, length); if ((cur->base + cur->pos + length) > cur->dev_spec->device_size) { return -EINVAL;
diff --git a/drivers/marvell/comphy/phy-comphy-3700.c b/drivers/marvell/comphy/phy-comphy-3700.c index a3e414c..1a97753 100644 --- a/drivers/marvell/comphy/phy-comphy-3700.c +++ b/drivers/marvell/comphy/phy-comphy-3700.c
@@ -1,5 +1,5 @@ /* - * Copyright (C) 2018 Marvell International Ltd. + * Copyright (C) 2018-2021 Marvell International Ltd. * * SPDX-License-Identifier: BSD-3-Clause * https://spdx.org/licenses @@ -301,7 +301,7 @@ } /* Clear phy isolation mode to make it work in normal mode */ - offset = COMPHY_ISOLATION_CTRL_REG + SATAPHY_LANE2_REG_BASE_OFFSET; + offset = COMPHY_ISOLATION_CTRL + SATAPHY_LANE2_REG_BASE_OFFSET; comphy_sata_set_indirect(comphy_indir_regs, offset, 0, PHY_ISOLATE_MODE); /* 0. Check the Polarity invert bits */ @@ -310,21 +310,21 @@ if (invert & COMPHY_POLARITY_RXD_INVERT) data |= RXD_INVERT_BIT; - offset = COMPHY_SYNC_PATTERN_REG + SATAPHY_LANE2_REG_BASE_OFFSET; + offset = COMPHY_SYNC_PATTERN + SATAPHY_LANE2_REG_BASE_OFFSET; comphy_sata_set_indirect(comphy_indir_regs, offset, data, TXD_INVERT_BIT | RXD_INVERT_BIT); /* 1. Select 40-bit data width width */ - offset = COMPHY_LOOPBACK_REG0 + SATAPHY_LANE2_REG_BASE_OFFSET; + offset = COMPHY_DIG_LOOPBACK_EN + SATAPHY_LANE2_REG_BASE_OFFSET; comphy_sata_set_indirect(comphy_indir_regs, offset, DATA_WIDTH_40BIT, SEL_DATA_WIDTH_MASK); /* 2. Select reference clock(25M) and PHY mode (SATA) */ offset = COMPHY_POWER_PLL_CTRL + SATAPHY_LANE2_REG_BASE_OFFSET; if (get_ref_clk() == 40) - ref_clk = REF_CLOCK_SPEED_40M; + ref_clk = REF_FREF_SEL_SERDES_40MHZ; else - ref_clk = REF_CLOCK_SPEED_25M; + ref_clk = REF_FREF_SEL_SERDES_25MHZ; comphy_sata_set_indirect(comphy_indir_regs, offset, ref_clk | PHY_MODE_SATA, REF_FREF_SEL_MASK | PHY_MODE_MASK); @@ -352,7 +352,7 @@ /* Polling status */ mmio_write_32(comphy_indir_regs + COMPHY_LANE2_INDIR_ADDR_OFFSET, - COMPHY_LOOPBACK_REG0 + SATAPHY_LANE2_REG_BASE_OFFSET); + COMPHY_DIG_LOOPBACK_EN + SATAPHY_LANE2_REG_BASE_OFFSET); ret = polling_with_timeout(comphy_indir_regs + COMPHY_LANE2_INDIR_DATA_OFFSET, @@ -401,8 +401,8 @@ * PHY TXP/TXN output to idle state during PHY initialization * 3. Set PHY input port PIN_PU_PLL=0, PIN_PU_RX=0, PIN_PU_TX=0. */ - data = PIN_PU_IVEREF_BIT | PIN_TX_IDLE_BIT | PIN_RESET_COMPHY_BIT; - mask = PIN_RESET_CORE_BIT | PIN_PU_PLL_BIT | PIN_PU_RX_BIT | + data = PIN_PU_IVREF_BIT | PIN_TX_IDLE_BIT | PIN_RESET_COMPHY_BIT; + mask = data | PIN_RESET_CORE_BIT | PIN_PU_PLL_BIT | PIN_PU_RX_BIT | PIN_PU_TX_BIT; offset = MVEBU_COMPHY_REG_BASE + COMPHY_PHY_CFG1_OFFSET(comphy_index); reg_set(offset, data, mask); @@ -422,8 +422,8 @@ data |= SD_SPEED_1_25_G << GEN_TX_SEL_OFFSET; } else if (mode == COMPHY_2500BASEX_MODE) { /* 2500Base-X, SerDes speed 3.125G */ - data |= SD_SPEED_2_5_G << GEN_RX_SEL_OFFSET; - data |= SD_SPEED_2_5_G << GEN_TX_SEL_OFFSET; + data |= SD_SPEED_3_125_G << GEN_RX_SEL_OFFSET; + data |= SD_SPEED_3_125_G << GEN_TX_SEL_OFFSET; } else { /* Other rates are not supported */ ERROR("unsupported SGMII speed on comphy lane%d\n", @@ -450,16 +450,16 @@ */ data = 0; mask = PHY_REF_CLK_SEL; - reg_set16(SGMIIPHY_ADDR(COMPHY_MISC_REG0_ADDR, sd_ip_addr), data, mask); + reg_set16(SGMIIPHY_ADDR(COMPHY_MISC_CTRL0, sd_ip_addr), data, mask); /* * 9. Set correct reference clock frequency in COMPHY register * REF_FREF_SEL. */ if (get_ref_clk() == 40) - data = REF_CLOCK_SPEED_50M; + data = REF_FREF_SEL_SERDES_50MHZ; else - data = REF_CLOCK_SPEED_25M; + data = REF_FREF_SEL_SERDES_25MHZ; mask = REF_FREF_SEL_MASK; reg_set16(SGMIIPHY_ADDR(COMPHY_POWER_PLL_CTRL, sd_ip_addr), data, mask); @@ -477,7 +477,8 @@ */ data = DATA_WIDTH_10BIT; mask = SEL_DATA_WIDTH_MASK; - reg_set16(SGMIIPHY_ADDR(COMPHY_LOOPBACK_REG0, sd_ip_addr), data, mask); + reg_set16(SGMIIPHY_ADDR(COMPHY_DIG_LOOPBACK_EN, sd_ip_addr), + data, mask); /* * 12. As long as DFE function needs to be enabled in any mode, @@ -523,7 +524,7 @@ if (invert & COMPHY_POLARITY_RXD_INVERT) data |= RXD_INVERT_BIT; mask = TXD_INVERT_BIT | RXD_INVERT_BIT; - reg_set16(SGMIIPHY_ADDR(COMPHY_SYNC_PATTERN_REG, sd_ip_addr), data, mask); + reg_set16(SGMIIPHY_ADDR(COMPHY_SYNC_PATTERN, sd_ip_addr), data, mask); /* * 17. Set PHY input ports PIN_PU_PLL, PIN_PU_TX and PIN_PU_RX to 1 to @@ -645,68 +646,68 @@ */ mask = PRD_TXDEEMPH0_MASK | PRD_TXMARGIN_MASK | PRD_TXSWING_MASK | CFG_TX_ALIGN_POS_MASK; - usb3_reg_set(reg_base, COMPHY_REG_LANE_CFG0_ADDR, PRD_TXDEEMPH0_MASK, - mask); + usb3_reg_set(reg_base, COMPHY_LANE_CFG0, PRD_TXDEEMPH0_MASK, mask); /* * 2. Set BIT0: enable transmitter in high impedance mode * Set BIT[3:4]: delay 2 clock cycles for HiZ off latency * Set BIT6: Tx detect Rx at HiZ mode * Unset BIT15: set to 0 to set USB3 De-emphasize level to -3.5db - * together with bit 0 of COMPHY_REG_LANE_CFG0_ADDR register + * together with bit 0 of COMPHY_LANE_CFG0 register */ mask = PRD_TXDEEMPH1_MASK | TX_DET_RX_MODE | GEN2_TX_DATA_DLY_MASK | TX_ELEC_IDLE_MODE_EN; data = TX_DET_RX_MODE | GEN2_TX_DATA_DLY_DEFT | TX_ELEC_IDLE_MODE_EN; - usb3_reg_set(reg_base, COMPHY_REG_LANE_CFG1_ADDR, data, mask); + usb3_reg_set(reg_base, COMPHY_LANE_CFG1, data, mask); /* * 3. Set Spread Spectrum Clock Enabled */ - usb3_reg_set(reg_base, COMPHY_REG_LANE_CFG4_ADDR, + usb3_reg_set(reg_base, COMPHY_LANE_CFG4, SPREAD_SPECTRUM_CLK_EN, SPREAD_SPECTRUM_CLK_EN); /* * 4. Set Override Margining Controls From the MAC: * Use margining signals from lane configuration */ - usb3_reg_set(reg_base, COMPHY_REG_TEST_MODE_CTRL_ADDR, + usb3_reg_set(reg_base, COMPHY_TEST_MODE_CTRL, MODE_MARGIN_OVERRIDE, REG_16_BIT_MASK); /* * 5. Set Lane-to-Lane Bundle Clock Sampling Period = per PCLK cycles * set Mode Clock Source = PCLK is generated from REFCLK */ - usb3_reg_set(reg_base, COMPHY_REG_GLOB_CLK_SRC_LO_ADDR, 0x0, - (MODE_CLK_SRC | BUNDLE_PERIOD_SEL | BUNDLE_PERIOD_SCALE | - BUNDLE_SAMPLE_CTRL | PLL_READY_DLY)); + usb3_reg_set(reg_base, COMPHY_CLK_SRC_LO, 0x0, + (MODE_CLK_SRC | BUNDLE_PERIOD_SEL | + BUNDLE_PERIOD_SCALE_MASK | BUNDLE_SAMPLE_CTRL | + PLL_READY_DLY_MASK)); /* * 6. Set G2 Spread Spectrum Clock Amplitude at 4K */ - usb3_reg_set(reg_base, COMPHY_REG_GEN2_SET_2, - G2_TX_SSC_AMP_VALUE_20, G2_TX_SSC_AMP_MASK); + usb3_reg_set(reg_base, COMPHY_GEN2_SET2, + GS2_TX_SSC_AMP_VALUE_20, GS2_TX_SSC_AMP_MASK); /* * 7. Unset G3 Spread Spectrum Clock Amplitude * set G3 TX and RX Register Master Current Select */ - mask = G3_TX_SSC_AMP_MASK | G3_VREG_RXTX_MAS_ISET_MASK | - RSVD_PH03FH_6_0_MASK; - usb3_reg_set(reg_base, COMPHY_REG_GEN2_SET_3, - G3_VREG_RXTX_MAS_ISET_60U, mask); + mask = GS2_TX_SSC_AMP_MASK | GS2_VREG_RXTX_MAS_ISET_MASK | + GS2_RSVD_6_0_MASK; + usb3_reg_set(reg_base, COMPHY_GEN3_SET2, + GS2_VREG_RXTX_MAS_ISET_60U, mask); /* * 8. Check crystal jumper setting and program the Power and PLL Control * accordingly Change RX wait */ if (get_ref_clk() == 40) { - ref_clk = REF_CLOCK_SPEED_40M; + ref_clk = REF_FREF_SEL_PCIE_USB3_40MHZ; cfg = CFG_PM_RXDLOZ_WAIT_12_UNIT; } else { /* 25 MHz */ - ref_clk = USB3_REF_CLOCK_SPEED_25M; + ref_clk = REF_FREF_SEL_PCIE_USB3_25MHZ; cfg = CFG_PM_RXDLOZ_WAIT_7_UNIT; } @@ -720,24 +721,24 @@ mask = CFG_PM_OSCCLK_WAIT_MASK | CFG_PM_RXDEN_WAIT_MASK | CFG_PM_RXDLOZ_WAIT_MASK; data = CFG_PM_RXDEN_WAIT_1_UNIT | cfg; - usb3_reg_set(reg_base, COMPHY_REG_PWR_MGM_TIM1_ADDR, data, mask); + usb3_reg_set(reg_base, COMPHY_PWR_MGM_TIM1, data, mask); /* * 9. Enable idle sync */ - data = UNIT_CTRL_DEFAULT_VALUE | IDLE_SYNC_EN; - usb3_reg_set(reg_base, COMPHY_REG_UNIT_CTRL_ADDR, data, REG_16_BIT_MASK); + data = IDLE_SYNC_EN_DEFAULT_VALUE | IDLE_SYNC_EN; + usb3_reg_set(reg_base, COMPHY_IDLE_SYNC_EN, data, REG_16_BIT_MASK); /* * 10. Enable the output of 500M clock */ - data = MISC_REG0_DEFAULT_VALUE | CLK500M_EN; - usb3_reg_set(reg_base, COMPHY_MISC_REG0_ADDR, data, REG_16_BIT_MASK); + data = MISC_CTRL0_DEFAULT_VALUE | CLK500M_EN; + usb3_reg_set(reg_base, COMPHY_MISC_CTRL0, data, REG_16_BIT_MASK); /* * 11. Set 20-bit data width */ - usb3_reg_set(reg_base, COMPHY_LOOPBACK_REG0, DATA_WIDTH_20BIT, + usb3_reg_set(reg_base, COMPHY_DIG_LOOPBACK_EN, DATA_WIDTH_20BIT, REG_16_BIT_MASK); /* @@ -758,32 +759,31 @@ data |= RXD_INVERT_BIT; } mask = TXD_INVERT_BIT | RXD_INVERT_BIT; - usb3_reg_set(reg_base, COMPHY_SYNC_PATTERN_REG, data, mask); + usb3_reg_set(reg_base, COMPHY_SYNC_PATTERN, data, mask); /* * 14. Set max speed generation to USB3.0 5Gbps */ - usb3_reg_set(reg_base, COMPHY_SYNC_MASK_GEN_REG, PHY_GEN_USB3_5G, + usb3_reg_set(reg_base, COMPHY_SYNC_MASK_GEN, PHY_GEN_MAX_USB3_5G, PHY_GEN_MAX_MASK); /* * 15. Set capacitor value for FFE gain peaking to 0xF */ - usb3_reg_set(reg_base, COMPHY_REG_GEN3_SETTINGS_3, - COMPHY_GEN_FFE_CAP_SEL_VALUE, COMPHY_GEN_FFE_CAP_SEL_MASK); + usb3_reg_set(reg_base, COMPHY_GEN2_SET3, + GS3_FFE_CAP_SEL_VALUE, GS3_FFE_CAP_SEL_MASK); /* * 16. Release SW reset */ data = MODE_CORE_CLK_FREQ_SEL | MODE_PIPE_WIDTH_32 | MODE_REFDIV_BY_4; - usb3_reg_set(reg_base, COMPHY_REG_GLOB_PHY_CTRL0_ADDR, data, - REG_16_BIT_MASK); + usb3_reg_set(reg_base, COMPHY_RST_CLK_CTRL, data, REG_16_BIT_MASK); /* Wait for > 55 us to allow PCLK be enabled */ udelay(PLL_SET_DELAY_US); if (comphy_index == COMPHY_LANE2) { - data = COMPHY_REG_LANE_STATUS1_ADDR + USB3PHY_LANE2_REG_BASE_OFFSET; + data = COMPHY_LANE_STAT1 + USB3PHY_LANE2_REG_BASE_OFFSET; mmio_write_32(reg_base + COMPHY_LANE2_INDIR_ADDR_OFFSET, data); @@ -791,7 +791,7 @@ ret = polling_with_timeout(addr, TXDCLK_PCLK_EN, TXDCLK_PCLK_EN, COMPHY_PLL_TIMEOUT, REG_32BIT); } else { - ret = polling_with_timeout(LANE_STATUS1_ADDR(USB3) + reg_base, + ret = polling_with_timeout(LANE_STAT1_ADDR(USB3) + reg_base, TXDCLK_PCLK_EN, TXDCLK_PCLK_EN, COMPHY_PLL_TIMEOUT, REG_16BIT); } @@ -826,11 +826,11 @@ USE_MAX_PLL_RATE_EN, USE_MAX_PLL_RATE_EN); /* 2. Select 20 bit SERDES interface. */ - reg_set16(GLOB_CLK_SRC_LO_ADDR(PCIE) + COMPHY_SD_ADDR, + reg_set16(CLK_SRC_LO_ADDR(PCIE) + COMPHY_SD_ADDR, CFG_SEL_20B, CFG_SEL_20B); /* 3. Force to use reg setting for PCIe mode */ - reg_set16(MISC_REG1_ADDR(PCIE) + COMPHY_SD_ADDR, + reg_set16(MISC_CTRL1_ADDR(PCIE) + COMPHY_SD_ADDR, SEL_BITS_PCIE_FORCE, SEL_BITS_PCIE_FORCE); /* 4. Change RX wait */ @@ -840,12 +840,12 @@ CFG_PM_RXDLOZ_WAIT_MASK)); /* 5. Enable idle sync */ - reg_set16(UNIT_CTRL_ADDR(PCIE) + COMPHY_SD_ADDR, - UNIT_CTRL_DEFAULT_VALUE | IDLE_SYNC_EN, REG_16_BIT_MASK); + reg_set16(IDLE_SYNC_EN_ADDR(PCIE) + COMPHY_SD_ADDR, + IDLE_SYNC_EN_DEFAULT_VALUE | IDLE_SYNC_EN, REG_16_BIT_MASK); /* 6. Enable the output of 100M/125M/500M clock */ - reg_set16(MISC_REG0_ADDR(PCIE) + COMPHY_SD_ADDR, - MISC_REG0_DEFAULT_VALUE | CLK500M_EN | TXDCLK_2X_SEL | CLK100M_125M_EN, + reg_set16(MISC_CTRL0_ADDR(PCIE) + COMPHY_SD_ADDR, + MISC_CTRL0_DEFAULT_VALUE | CLK500M_EN | TXDCLK_2X_SEL | CLK100M_125M_EN, REG_16_BIT_MASK); /* @@ -859,9 +859,9 @@ */ if (get_ref_clk() == 40) - ref_clk = REF_CLOCK_SPEED_40M; + ref_clk = REF_FREF_SEL_PCIE_USB3_40MHZ; else - ref_clk = PCIE_REF_CLOCK_SPEED_25M; + ref_clk = REF_FREF_SEL_PCIE_USB3_25MHZ; reg_set16(PWR_PLL_CTRL_ADDR(PCIE) + COMPHY_SD_ADDR, (PU_IVREF_BIT | PU_PLL_BIT | PU_RX_BIT | PU_TX_BIT | @@ -881,17 +881,17 @@ data |= RXD_INVERT_BIT; } mask = TXD_INVERT_BIT | RXD_INVERT_BIT; - reg_set16(SYNC_PATTERN_REG_ADDR(PCIE) + COMPHY_SD_ADDR, data, mask); + reg_set16(SYNC_PATTERN_ADDR(PCIE) + COMPHY_SD_ADDR, data, mask); /* 11. Release SW reset */ - reg_set16(GLOB_PHY_CTRL0_ADDR(PCIE) + COMPHY_SD_ADDR, - MODE_CORE_CLK_FREQ_SEL | MODE_PIPE_WIDTH_32, - SOFT_RESET | MODE_REFDIV); + data = MODE_CORE_CLK_FREQ_SEL | MODE_PIPE_WIDTH_32; + mask = data | SOFT_RESET | MODE_REFDIV_MASK; + reg_set16(RST_CLK_CTRL_ADDR(PCIE) + COMPHY_SD_ADDR, data, mask); /* Wait for > 55 us to allow PCLK be enabled */ udelay(PLL_SET_DELAY_US); - ret = polling_with_timeout(LANE_STATUS1_ADDR(PCIE) + COMPHY_SD_ADDR, + ret = polling_with_timeout(LANE_STAT1_ADDR(PCIE) + COMPHY_SD_ADDR, TXDCLK_PCLK_EN, TXDCLK_PCLK_EN, COMPHY_PLL_TIMEOUT, REG_16BIT); if (ret) { @@ -961,7 +961,7 @@ debug_enter(); /* Set phy isolation mode */ - offset = COMPHY_ISOLATION_CTRL_REG + SATAPHY_LANE2_REG_BASE_OFFSET; + offset = COMPHY_ISOLATION_CTRL + SATAPHY_LANE2_REG_BASE_OFFSET; comphy_sata_set_indirect(comphy_indir_regs, offset, PHY_ISOLATE_MODE, PHY_ISOLATE_MODE); @@ -1025,7 +1025,7 @@ /* Polling status */ mmio_write_32(comphy_indir_regs + COMPHY_LANE2_INDIR_ADDR_OFFSET, - COMPHY_LOOPBACK_REG0 + SATAPHY_LANE2_REG_BASE_OFFSET); + COMPHY_DIG_LOOPBACK_EN + SATAPHY_LANE2_REG_BASE_OFFSET); addr = comphy_indir_regs + COMPHY_LANE2_INDIR_DATA_OFFSET; data = polling_with_timeout(addr, PLL_READY_TX_BIT, PLL_READY_TX_BIT, COMPHY_PLL_TIMEOUT, REG_32BIT);
diff --git a/drivers/marvell/comphy/phy-comphy-3700.h b/drivers/marvell/comphy/phy-comphy-3700.h index 94056f1..ed07624 100644 --- a/drivers/marvell/comphy/phy-comphy-3700.h +++ b/drivers/marvell/comphy/phy-comphy-3700.h
@@ -1,5 +1,5 @@ /* - * Copyright (C) 2018 Marvell International Ltd. + * Copyright (C) 2018-2021 Marvell International Ltd. * * SPDX-License-Identifier: BSD-3-Clause * https://spdx.org/licenses @@ -13,11 +13,11 @@ #define REG_16_BIT_MASK 0xFFFF #define COMPHY_SELECTOR_PHY_REG 0xFC -/* bit0: 0: Lane0 is GBE0; 1: Lane1 is PCIE */ +/* bit0: 0: Lane1 is GbE0; 1: Lane1 is PCIE */ #define COMPHY_SELECTOR_PCIE_GBE0_SEL_BIT BIT(0) -/* bit4: 0: Lane1 is GBE1; 1: Lane1 is USB3 */ +/* bit4: 0: Lane0 is GbE1; 1: Lane0 is USB3 */ #define COMPHY_SELECTOR_USB3_GBE1_SEL_BIT BIT(4) -/* bit8: 0: Lane1 is USB, Lane2 is SATA; 1: Lane2 is USB3 */ +/* bit8: 0: Lane0 is USB3 instead of GbE1, Lane2 is SATA; 1: Lane2 is USB3 */ #define COMPHY_SELECTOR_USB3_PHY_SEL_BIT BIT(8) /* SATA PHY register offset */ @@ -53,12 +53,11 @@ #define PLL_LOCK_BIT BIT(8) #define REF_FREF_SEL_OFFSET 0 #define REF_FREF_SEL_MASK (0x1F << REF_FREF_SEL_OFFSET) -#define REF_CLOCK_SPEED_25M (0x1 << REF_FREF_SEL_OFFSET) -#define REF_CLOCK_SPEED_30M (0x2 << REF_FREF_SEL_OFFSET) -#define PCIE_REF_CLOCK_SPEED_25M REF_CLOCK_SPEED_30M -#define USB3_REF_CLOCK_SPEED_25M REF_CLOCK_SPEED_30M -#define REF_CLOCK_SPEED_40M (0x3 << REF_FREF_SEL_OFFSET) -#define REF_CLOCK_SPEED_50M (0x4 << REF_FREF_SEL_OFFSET) +#define REF_FREF_SEL_SERDES_25MHZ (0x1 << REF_FREF_SEL_OFFSET) +#define REF_FREF_SEL_SERDES_40MHZ (0x3 << REF_FREF_SEL_OFFSET) +#define REF_FREF_SEL_SERDES_50MHZ (0x4 << REF_FREF_SEL_OFFSET) +#define REF_FREF_SEL_PCIE_USB3_25MHZ (0x2 << REF_FREF_SEL_OFFSET) +#define REF_FREF_SEL_PCIE_USB3_40MHZ (0x3 << REF_FREF_SEL_OFFSET) #define PHY_MODE_OFFSET 5 #define PHY_MODE_MASK (7 << PHY_MODE_OFFSET) #define PHY_MODE_SATA (0x0 << PHY_MODE_OFFSET) @@ -73,11 +72,9 @@ #define SPEED_PLL_MASK (0x3F << SPEED_PLL_OFFSET) #define SPEED_PLL_VALUE_16 (0x10 << SPEED_PLL_OFFSET) -#define COMPHY_RESERVED_REG 0x0E -#define PHYCTRL_FRM_PIN_BIT BIT(13) - -#define COMPHY_LOOPBACK_REG0 0x23 -#define DIG_LB_EN_ADDR(unit) (COMPHY_LOOPBACK_REG0 * PHY_SHFT(unit)) +#define COMPHY_DIG_LOOPBACK_EN 0x23 +#define DIG_LOOPBACK_EN_ADDR(unit) (COMPHY_DIG_LOOPBACK_EN * \ + PHY_SHFT(unit)) #define SEL_DATA_WIDTH_OFFSET 10 #define SEL_DATA_WIDTH_MASK (0x3 << SEL_DATA_WIDTH_OFFSET) #define DATA_WIDTH_10BIT (0x0 << SEL_DATA_WIDTH_OFFSET) @@ -85,80 +82,71 @@ #define DATA_WIDTH_40BIT (0x2 << SEL_DATA_WIDTH_OFFSET) #define PLL_READY_TX_BIT BIT(4) -#define COMPHY_SYNC_PATTERN_REG 0x24 -#define SYNC_PATTERN_REG_ADDR(unit) (COMPHY_SYNC_PATTERN_REG * \ - PHY_SHFT(unit)) +#define COMPHY_SYNC_PATTERN 0x24 +#define SYNC_PATTERN_ADDR(unit) (COMPHY_SYNC_PATTERN * PHY_SHFT(unit)) #define TXD_INVERT_BIT BIT(10) #define RXD_INVERT_BIT BIT(11) -#define COMPHY_SYNC_MASK_GEN_REG 0x25 +#define COMPHY_SYNC_MASK_GEN 0x25 #define PHY_GEN_MAX_OFFSET 10 #define PHY_GEN_MAX_MASK (3 << PHY_GEN_MAX_OFFSET) -#define PHY_GEN_USB3_5G (1 << PHY_GEN_MAX_OFFSET) +#define PHY_GEN_MAX_USB3_5G (1 << PHY_GEN_MAX_OFFSET) -#define COMPHY_ISOLATION_CTRL_REG 0x26 -#define ISOLATION_CTRL_REG_ADDR(unit) (COMPHY_ISOLATION_CTRL_REG * \ - PHY_SHFT(unit)) +#define COMPHY_ISOLATION_CTRL 0x26 +#define ISOLATION_CTRL_ADDR(unit) (COMPHY_ISOLATION_REG * PHY_SHFT(unit)) #define PHY_ISOLATE_MODE BIT(15) -#define COMPHY_MISC_REG0_ADDR 0x4F -#define MISC_REG0_ADDR(unit) (COMPHY_MISC_REG0_ADDR * PHY_SHFT(unit)) +#define COMPHY_GEN2_SET2 0x3e +#define GEN2_SET2_ADDR(unit) (COMPHY_GEN2_SET2 * PHY_SHFT(unit)) +#define GS2_TX_SSC_AMP_VALUE_20 BIT(14) +#define GS2_TX_SSC_AMP_OFF 9 +#define GS2_TX_SSC_AMP_LEN 7 +#define GS2_TX_SSC_AMP_MASK (((1 << GS2_TX_SSC_AMP_LEN) - 1) << \ + GS2_TX_SSC_AMP_OFF) +#define GS2_VREG_RXTX_MAS_ISET_OFF 7 +#define GS2_VREG_RXTX_MAS_ISET_60U (0 << GS2_VREG_RXTX_MAS_ISET_OFF) +#define GS2_VREG_RXTX_MAS_ISET_80U (1 << GS2_VREG_RXTX_MAS_ISET_OFF) +#define GS2_VREG_RXTX_MAS_ISET_100U (2 << GS2_VREG_RXTX_MAS_ISET_OFF) +#define GS2_VREG_RXTX_MAS_ISET_120U (3 << GS2_VREG_RXTX_MAS_ISET_OFF) +#define GS2_VREG_RXTX_MAS_ISET_MASK (BIT(7) | BIT(8)) +#define GS2_RSVD_6_0_OFF 0 +#define GS2_RSVD_6_0_LEN 7 +#define GS2_RSVD_6_0_MASK (((1 << GS2_RSVD_6_0_LEN) - 1) << \ + GS2_RSVD_6_0_OFF) + +#define COMPHY_GEN3_SET2 0x3f +#define GEN3_SET2_ADDR(unit) (COMPHY_GEN3_SET2 * PHY_SHFT(unit)) + +#define COMPHY_IDLE_SYNC_EN 0x48 +#define IDLE_SYNC_EN_ADDR(unit) (COMPHY_IDLE_SYNC_EN * PHY_SHFT(unit)) +#define IDLE_SYNC_EN BIT(12) +#define IDLE_SYNC_EN_DEFAULT_VALUE 0x60 + +#define COMPHY_MISC_CTRL0 0x4F +#define MISC_CTRL0_ADDR(unit) (COMPHY_MISC_CTRL0 * PHY_SHFT(unit)) #define CLK100M_125M_EN BIT(4) #define TXDCLK_2X_SEL BIT(6) #define CLK500M_EN BIT(7) #define PHY_REF_CLK_SEL BIT(10) -#define MISC_REG0_DEFAULT_VALUE 0xA00D +#define MISC_CTRL0_DEFAULT_VALUE 0xA00D -#define COMPHY_REG_GEN2_SET_2 0x3e -#define GEN2_SETTING_2_ADDR(unit) (COMPHY_REG_GEN2_SET_2 * PHY_SHFT(unit)) -#define G2_TX_SSC_AMP_VALUE_20 BIT(14) -#define G2_TX_SSC_AMP_OFF 9 -#define G2_TX_SSC_AMP_LEN 7 -#define G2_TX_SSC_AMP_MASK (((1 << G2_TX_SSC_AMP_LEN) - 1) << \ - G2_TX_SSC_AMP_OFF) - -#define COMPHY_REG_GEN2_SET_3 0x3f -#define GEN2_SETTING_3_ADDR(unit) (COMPHY_REG_GEN2_SET_3 * PHY_SHFT(unit)) -#define G3_TX_SSC_AMP_OFF 9 -#define G3_TX_SSC_AMP_LEN 7 -#define G3_TX_SSC_AMP_MASK (((1 << G2_TX_SSC_AMP_LEN) - 1) << \ - G2_TX_SSC_AMP_OFF) -#define G3_VREG_RXTX_MAS_ISET_OFF 7 -#define G3_VREG_RXTX_MAS_ISET_60U (0 << G3_VREG_RXTX_MAS_ISET_OFF) -#define G3_VREG_RXTX_MAS_ISET_80U (1 << G3_VREG_RXTX_MAS_ISET_OFF) -#define G3_VREG_RXTX_MAS_ISET_100U (2 << G3_VREG_RXTX_MAS_ISET_OFF) -#define G3_VREG_RXTX_MAS_ISET_120U (3 << G3_VREG_RXTX_MAS_ISET_OFF) -#define G3_VREG_RXTX_MAS_ISET_MASK (BIT(7) | BIT(8)) -#define RSVD_PH03FH_6_0_OFF 0 -#define RSVD_PH03FH_6_0_LEN 7 -#define RSVD_PH03FH_6_0_MASK (((1 << RSVD_PH03FH_6_0_LEN) - 1) << \ - RSVD_PH03FH_6_0_OFF) - -#define COMPHY_REG_UNIT_CTRL_ADDR 0x48 -#define UNIT_CTRL_ADDR(unit) (COMPHY_REG_UNIT_CTRL_ADDR * \ - PHY_SHFT(unit)) -#define IDLE_SYNC_EN BIT(12) -#define UNIT_CTRL_DEFAULT_VALUE 0x60 - -#define COMPHY_MISC_REG1_ADDR 0x73 -#define MISC_REG1_ADDR(unit) (COMPHY_MISC_REG1_ADDR * PHY_SHFT(unit)) +#define COMPHY_MISC_CTRL1 0x73 +#define MISC_CTRL1_ADDR(unit) (COMPHY_MISC_CTRL1 * PHY_SHFT(unit)) #define SEL_BITS_PCIE_FORCE BIT(15) -#define COMPHY_REG_GEN3_SETTINGS_3 0x112 -#define COMPHY_GEN_FFE_CAP_SEL_MASK 0xF -#define COMPHY_GEN_FFE_CAP_SEL_VALUE 0xF +#define COMPHY_GEN2_SET3 0x112 +#define GS3_FFE_CAP_SEL_MASK 0xF +#define GS3_FFE_CAP_SEL_VALUE 0xF -#define COMPHY_REG_LANE_CFG0_ADDR 0x180 -#define LANE_CFG0_ADDR(unit) (COMPHY_REG_LANE_CFG0_ADDR * \ - PHY_SHFT(unit)) +#define COMPHY_LANE_CFG0 0x180 +#define LANE_CFG0_ADDR(unit) (COMPHY_LANE_CFG0 * PHY_SHFT(unit)) #define PRD_TXDEEMPH0_MASK BIT(0) #define PRD_TXMARGIN_MASK (BIT(1) | BIT(2) | BIT(3)) #define PRD_TXSWING_MASK BIT(4) #define CFG_TX_ALIGN_POS_MASK (BIT(5) | BIT(6) | BIT(7) | BIT(8)) -#define COMPHY_REG_LANE_CFG1_ADDR 0x181 -#define LANE_CFG1_ADDR(unit) (COMPHY_REG_LANE_CFG1_ADDR * \ - PHY_SHFT(unit)) +#define COMPHY_LANE_CFG1 0x181 +#define LANE_CFG1_ADDR(unit) (COMPHY_LANE_CFG1 * PHY_SHFT(unit)) #define PRD_TXDEEMPH1_MASK BIT(15) #define USE_MAX_PLL_RATE_EN BIT(9) #define TX_DET_RX_MODE BIT(6) @@ -166,21 +154,17 @@ #define GEN2_TX_DATA_DLY_DEFT (2 << 3) #define TX_ELEC_IDLE_MODE_EN BIT(0) -#define COMPHY_REG_LANE_STATUS1_ADDR 0x183 -#define LANE_STATUS1_ADDR(unit) (COMPHY_REG_LANE_STATUS1_ADDR * \ - PHY_SHFT(unit)) +#define COMPHY_LANE_STAT1 0x183 +#define LANE_STAT1_ADDR(unit) (COMPHY_LANE_STAT1 * PHY_SHFT(unit)) #define TXDCLK_PCLK_EN BIT(0) -#define COMPHY_REG_LANE_CFG4_ADDR 0x188 -#define LANE_CFG4_ADDR(unit) (COMPHY_REG_LANE_CFG4_ADDR * \ - PHY_SHFT(unit)) +#define COMPHY_LANE_CFG4 0x188 +#define LANE_CFG4_ADDR(unit) (COMPHY_LANE_CFG4 * PHY_SHFT(unit)) #define SPREAD_SPECTRUM_CLK_EN BIT(7) -#define COMPHY_REG_GLOB_PHY_CTRL0_ADDR 0x1C1 -#define GLOB_PHY_CTRL0_ADDR(unit) (COMPHY_REG_GLOB_PHY_CTRL0_ADDR * \ - PHY_SHFT(unit)) +#define COMPHY_RST_CLK_CTRL 0x1C1 +#define RST_CLK_CTRL_ADDR(unit) (COMPHY_RST_CLK_CTRL * PHY_SHFT(unit)) #define SOFT_RESET BIT(0) -#define MODE_REFDIV 0x30 #define MODE_CORE_CLK_FREQ_SEL BIT(9) #define MODE_PIPE_WIDTH_32 BIT(3) #define MODE_REFDIV_OFFSET 4 @@ -188,24 +172,21 @@ #define MODE_REFDIV_MASK (0x3 << MODE_REFDIV_OFFSET) #define MODE_REFDIV_BY_4 (0x2 << MODE_REFDIV_OFFSET) -#define COMPHY_REG_TEST_MODE_CTRL_ADDR 0x1C2 -#define TEST_MODE_CTRL_ADDR(unit) (COMPHY_REG_TEST_MODE_CTRL_ADDR * \ - PHY_SHFT(unit)) +#define COMPHY_TEST_MODE_CTRL 0x1C2 +#define TEST_MODE_CTRL_ADDR(unit) (COMPHY_TEST_MODE_CTRL * PHY_SHFT(unit)) #define MODE_MARGIN_OVERRIDE BIT(2) -#define COMPHY_REG_GLOB_CLK_SRC_LO_ADDR 0x1C3 -#define GLOB_CLK_SRC_LO_ADDR(unit) (COMPHY_REG_GLOB_CLK_SRC_LO_ADDR * \ - PHY_SHFT(unit)) +#define COMPHY_CLK_SRC_LO 0x1C3 +#define CLK_SRC_LO_ADDR(unit) (COMPHY_CLK_SRC_LO * PHY_SHFT(unit)) #define MODE_CLK_SRC BIT(0) #define BUNDLE_PERIOD_SEL BIT(1) -#define BUNDLE_PERIOD_SCALE (BIT(2) | BIT(3)) +#define BUNDLE_PERIOD_SCALE_MASK (BIT(2) | BIT(3)) #define BUNDLE_SAMPLE_CTRL BIT(4) -#define PLL_READY_DLY (BIT(5) | BIT(6) | BIT(7)) +#define PLL_READY_DLY_MASK (BIT(5) | BIT(6) | BIT(7)) #define CFG_SEL_20B BIT(15) -#define COMPHY_REG_PWR_MGM_TIM1_ADDR 0x1D0 -#define PWR_MGM_TIM1_ADDR(unit) (COMPHY_REG_PWR_MGM_TIM1_ADDR * \ - PHY_SHFT(unit)) +#define COMPHY_PWR_MGM_TIM1 0x1D0 +#define PWR_MGM_TIM1_ADDR(unit) (COMPHY_PWR_MGM_TIM1 * PHY_SHFT(unit)) #define CFG_PM_OSCCLK_WAIT_OFF 12 #define CFG_PM_OSCCLK_WAIT_LEN 4 #define CFG_PM_OSCCLK_WAIT_MASK (((1 << CFG_PM_OSCCLK_WAIT_LEN) - 1) \ @@ -222,9 +203,18 @@ #define CFG_PM_RXDLOZ_WAIT_7_UNIT (7 << CFG_PM_RXDLOZ_WAIT_OFF) #define CFG_PM_RXDLOZ_WAIT_12_UNIT (0xC << CFG_PM_RXDLOZ_WAIT_OFF) +/* + * This register is not from PHY lane register space. It only exists in the + * indirect register space, before the actual PHY lane 2 registers. So the + * offset is absolute, not relative to SATAPHY_LANE2_REG_BASE_OFFSET. + * It is used only for SATA PHY initialization. + */ +#define COMPHY_RESERVED_REG 0x0E +#define PHYCTRL_FRM_PIN_BIT BIT(13) + /* SGMII */ #define COMPHY_PHY_CFG1_OFFSET(lane) ((1 - (lane)) * 0x28) -#define PIN_PU_IVEREF_BIT BIT(1) +#define PIN_PU_IVREF_BIT BIT(1) #define PIN_RESET_CORE_BIT BIT(11) #define PIN_RESET_COMPHY_BIT BIT(12) #define PIN_PU_PLL_BIT BIT(16) @@ -237,11 +227,11 @@ #define GEN_TX_SEL_MASK (0xF << GEN_TX_SEL_OFFSET) #define PHY_RX_INIT_BIT BIT(30) #define SD_SPEED_1_25_G 0x6 -#define SD_SPEED_2_5_G 0x8 +#define SD_SPEED_3_125_G 0x8 /* COMPHY status reg: - * lane0: PCIe/GbE0 PHY Status 1 - * lane1: USB3/GbE1 PHY Status 1 + * lane0: USB3/GbE1 PHY Status 1 + * lane1: PCIe/GbE0 PHY Status 1 */ #define COMPHY_PHY_STATUS_OFFSET(lane) (0x18 + (1 - (lane)) * 0x28) #define PHY_RX_INIT_DONE_BIT BIT(0)
diff --git a/drivers/marvell/comphy/phy-comphy-common.h b/drivers/marvell/comphy/phy-comphy-common.h index c599437..ba5d255 100644 --- a/drivers/marvell/comphy/phy-comphy-common.h +++ b/drivers/marvell/comphy/phy-comphy-common.h
@@ -1,5 +1,5 @@ /* - * Copyright (C) 2018 Marvell International Ltd. + * Copyright (C) 2018-2021 Marvell International Ltd. * * SPDX-License-Identifier: BSD-3-Clause * https://spdx.org/licenses @@ -147,7 +147,7 @@ debug("<atf>: WR to addr = 0x%lx, data = 0x%x (mask = 0x%x) - ", addr, data, mask); debug("old value = 0x%x ==> ", mmio_read_32(addr)); - mmio_clrsetbits_32(addr, mask, data); + mmio_clrsetbits_32(addr, mask, data & mask); debug("new val 0x%x\n", mmio_read_32(addr)); } @@ -159,7 +159,7 @@ debug("<atf>: WR to addr = 0x%lx, data = 0x%x (mask = 0x%x) - ", addr, data, mask); debug("old value = 0x%x ==> ", mmio_read_16(addr)); - mmio_clrsetbits_16(addr, mask, data); + mmio_clrsetbits_16(addr, mask, data & mask); debug("new val 0x%x\n", mmio_read_16(addr)); }
diff --git a/drivers/marvell/uart/a3700_console.S b/drivers/marvell/uart/a3700_console.S index 218fd86..c7eb165 100644 --- a/drivers/marvell/uart/a3700_console.S +++ b/drivers/marvell/uart/a3700_console.S
@@ -34,7 +34,7 @@ * w1 - Uart clock in Hz * w2 - Baud rate * Out: return 1 on success - * Clobber list : x1, x2, x3 + * Clobber list : x1, x2, x3, x4 * -------------------------------------------