diff --git a/.gitignore b/.gitignore index 1f4efb6..ac9a11d 100644 --- a/.gitignore +++ b/.gitignore
@@ -11,6 +11,7 @@ # Ignore build products from tools tools/**/*.o +tools/**/*.d tools/renesas/rcar_layout_create/*.bin tools/renesas/rcar_layout_create/*.srec tools/renesas/rcar_layout_create/*.map @@ -31,6 +32,8 @@ tools/stm32image/stm32image tools/stm32image/stm32image.exe tools/sptool/__pycache__/ +tools/encrypt_fw/encrypt_fw +tools/encrypt_fw/encrypt_fw.exe # GNU GLOBAL files GPATH
diff --git a/.husky/pre-commit b/.husky/pre-commit new file mode 100755 index 0000000..afcb1f6 --- /dev/null +++ b/.husky/pre-commit
@@ -0,0 +1,6 @@ +#!/bin/sh + +# shellcheck source=./_/husky.sh +. "$(dirname "$0")/_/husky.sh" + +"$(dirname "$0")/pre-commit.copyright" "$@"
diff --git a/.husky/pre-commit.copyright b/.husky/pre-commit.copyright new file mode 100755 index 0000000..a4dfee8 --- /dev/null +++ b/.husky/pre-commit.copyright
@@ -0,0 +1,63 @@ +#!/bin/bash + +# A hook script that checks if files staged for commit have updated Arm copyright year. +# In case they are not - updates the years and prompts user to add them to the change. +# This hook is called on "git commit" after changes have been staged, but before commit +# message has to be provided. + +RED="\033[00;31m" +YELLOW="\033[00;33m" +BLANK="\033[00;00m" + +FILES=`git diff --cached --name-only HEAD` +YEAR_NOW=`date +"%Y"` + +YEAR_RGX="[0-9][0-9][0-9][0-9]" +ARM_RGX="\(ARM\|Arm\|arm\)" + +exit_code=0 + +function user_warning() { + echo -e "Copyright of $RED$FILE$BLANK is out of date/incorrect" + echo -e "Updated copyright to" + grep -nr "opyright.*$YEAR_RGX.*$ARM_RGX" "$FILE" + echo +} + +while read -r FILE; do + if [ -z "$FILE" ] + then + break + fi + # Check if correct copyright notice is in file. + # To reduce false positives, we assume files with no + # copyright notice do not require it. + if ! grep "opyright.*$YEAR_NOW.*$ARM_RGX" "$FILE">/dev/null 2>&1 + then + # If it is "from_date - to_date" type of entry - change to_date entry. + if grep "opyright.*$YEAR_RGX.*-.*$YEAR_RGX.*$ARM_RGX" "$FILE" >/dev/null 2>&1 + then + exit_code=1 + sed -i "s/\(opyright.*\)$YEAR_RGX\(.*$ARM_RGX\)/\1$(date +"%Y"), Arm/" $FILE + user_warning + # If it is single "date" type of entry - add the copyright extension to current year. + elif grep "opyright.*$YEAR_RGX.*$ARM_RGX" "$FILE" >/dev/null 2>&1 + then + exit_code=1 + sed -i "s/\(opyright.*$YEAR_RGX\)\(.*$ARM_RGX\)/\1-$(date +"%Y"), Arm/" $FILE + user_warning + fi + # Even if the year is correct - verify that Arm copyright is formatted correctly. + elif grep "opyright.*\(ARM\|arm\)" "$FILE">/dev/null 2>&1 + then + exit_code=1 + sed -i "s/\(opyright.*\)\(ARM\|arm\)/\1Arm/" $FILE + user_warning + fi +done <<< "$FILES" + +if [ $exit_code -eq 1 ] +then + echo -e "$RED""Please stage updated files$BLANK before commiting or use$YELLOW git commit --no-verify$BLANK to skip copyright check" +fi +exit $exit_code
diff --git a/.husky/prepare-commit-msg b/.husky/prepare-commit-msg index 593dfa8..617400a 100755 --- a/.husky/prepare-commit-msg +++ b/.husky/prepare-commit-msg
@@ -3,4 +3,6 @@ # shellcheck source=./_/husky.sh . "$(dirname "$0")/_/husky.sh" -"$(dirname "$0")/prepare-commit-msg.cz" "$@" +if ! git config --get tf-a.disableCommitizen > /dev/null; then + "$(dirname "$0")/prepare-commit-msg.cz" "$@" +fi
diff --git a/.readthedocs.yaml b/.readthedocs.yaml new file mode 100644 index 0000000..6207066 --- /dev/null +++ b/.readthedocs.yaml
@@ -0,0 +1,26 @@ +# Copyright (c) 2023, Arm Limited. All rights reserved +# +# SPDX-License-Identifier: BSD-3-Clause +# +# Configuration file for the readthedocs deploy +# Available at https://trustedfirmware-a.readthedocs.io/en/latest/ + + +# readthedocs config version +version: 2 + +build: + os: ubuntu-22.04 # Ubuntu Jammy LTS + tools: + python: "3.10" + apt_packages: + - plantuml + jobs: + post_create_environment: + - pip install poetry=="1.3.2" + - poetry config virtualenvs.create false + post_install: + - poetry install --with doc + +sphinx: + configuration: docs/conf.py
diff --git a/.versionrc.js b/.versionrc.js index f699a07..9e54c7b 100644 --- a/.versionrc.js +++ b/.versionrc.js
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, Arm Limited. All rights reserved. + * Copyright (c) 2021-2023, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -81,6 +81,23 @@ "type": "json" }, { + "filename": "pyproject.toml", + "updater": { + "readVersion": function (contents) { + const _ver = contents.match(/version\s=.*"(\d)\.(\d)\.(\d)/); + + return `${_ver[1]}.${_ver[2]}.${_ver[2]}`; + }, + + "writeVersion": function (contents, version) { + const _ver = 'version = "' + version + '"' + + return contents.replace(/^(version\s=\s")((\d).?)*$/m, _ver) + } + + }, + }, + { "filename": "package-lock.json", "type": "json" },
diff --git a/Makefile b/Makefile index 1ddb7b8..2c5748f 100644 --- a/Makefile +++ b/Makefile
@@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. +# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -8,7 +8,7 @@ # Trusted Firmware Version # VERSION_MAJOR := 2 -VERSION_MINOR := 8 +VERSION_MINOR := 9 VERSION := ${VERSION_MAJOR}.${VERSION_MINOR} # Default goal is build all images @@ -153,6 +153,9 @@ ENABLE_FEAT_ECV = 1 ENABLE_FEAT_FGT = 1 +# RME enables CSV2_2 extension by default. +ENABLE_FEAT_CSV2_2 = 1 + endif # USE_SPINLOCK_CAS requires AArch64 build @@ -350,27 +353,53 @@ # General warnings WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ -Wdisabled-optimization -Wvla -Wshadow \ - -Wno-unused-parameter -Wredundant-decls + -Wredundant-decls +# stricter warnings +WARNINGS += -Wextra -Wno-trigraphs +# too verbose for generic build +WARNINGS += -Wno-missing-field-initializers \ + -Wno-type-limits -Wno-sign-compare \ +# on clang this flag gets reset if -Wextra is set after it. No difference on gcc +WARNINGS += -Wno-unused-parameter # Additional warnings -# Level 1 -WARNING1 := -Wextra -WARNING1 += -Wmissing-format-attribute -WARNING1 += -Wmissing-prototypes -WARNING1 += -Wold-style-definition +# Level 1 - infrequent warnings we should have none of +# full -Wextra +WARNING1 += -Wsign-compare +WARNING1 += -Wtype-limits +WARNING1 += -Wmissing-field-initializers -# Level 2 -WARNING2 := -Waggregate-return -WARNING2 += -Wcast-align -WARNING2 += -Wnested-externs +# Level 2 - problematic warnings that we want +# zlib, compiler-rt, coreboot, and mbdedtls blow up with these +# TODO: disable just for them and move into default build +WARNING2 += -Wold-style-definition +WARNING2 += -Wmissing-prototypes +WARNING2 += -Wmissing-format-attribute +# TF-A aims to comply with this eventually. Effort too large at present +WARNING2 += -Wundef +# currently very involved and many platforms set this off +WARNING2 += -Wunused-const-variable=2 +# Level 3 - very pedantic, frequently ignored WARNING3 := -Wbad-function-cast +WARNING3 += -Waggregate-return +WARNING3 += -Wnested-externs +WARNING3 += -Wcast-align WARNING3 += -Wcast-qual WARNING3 += -Wconversion WARNING3 += -Wpacked WARNING3 += -Wpointer-arith WARNING3 += -Wswitch-default +# Setting W is quite verbose and most warnings will be pre-existing issues +# outside of the contributor's control. Don't fail the build on them so warnings +# can be seen and hopefully addressed +ifdef W +ifneq (${W},0) +E ?= 0 +endif +endif + ifeq (${W},1) WARNINGS += $(WARNING1) else ifeq (${W},2) @@ -385,6 +414,10 @@ WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ -Wpacked-bitfield-compat -Wshift-overflow=2 \ -Wlogical-op + +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105523 +TF_CFLAGS += $(call cc_option, --param=min-pagesize=0) + else # using clang WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ @@ -416,6 +449,8 @@ GCC_V_OUTPUT := $(shell $(CC) -v 2>&1) +TF_LDFLAGS += -z noexecstack + # LD = armlink ifneq ($(findstring armlink,$(notdir $(LD))),) TF_LDFLAGS += --diag_error=warning --lto_level=O1 @@ -427,6 +462,10 @@ # Pass ld options with Wl or Xlinker switches TF_LDFLAGS += -Wl,--fatal-warnings -O1 TF_LDFLAGS += -Wl,--gc-sections + +TF_LDFLAGS += -Wl,-z,common-page-size=4096 # Configure page size constants +TF_LDFLAGS += -Wl,-z,max-page-size=4096 + ifeq ($(ENABLE_LTO),1) ifeq (${ARCH},aarch64) TF_LDFLAGS += -flto -fuse-linker-plugin @@ -442,12 +481,21 @@ # LD = gcc-ld (ld) or llvm-ld (ld.lld) or other else -TF_LDFLAGS += --fatal-warnings -O1 +# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we +# are not loaded by a elf loader. +TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments) +TF_LDFLAGS += -O1 TF_LDFLAGS += --gc-sections + +TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants +TF_LDFLAGS += -z max-page-size=4096 + # ld.lld doesn't recognize the errata flags, -# therefore don't add those in that case +# therefore don't add those in that case. +# ld.lld reports section type mismatch warnings, +# therefore don't add --fatal-warnings to it. ifeq ($(findstring ld.lld,$(notdir $(LD))),) -TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) +TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings endif endif @@ -473,6 +521,13 @@ plat/common/${ARCH}/platform_helpers.S \ ${COMPILER_RT_SRCS} +# Pointer Authentication sources +ifeq (${ENABLE_PAUTH}, 1) +# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the +# Pauth support. As it's not secure, it must be reimplemented for real platforms +BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S +endif + ifeq ($(notdir $(CC)),armclang) BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S endif @@ -526,9 +581,7 @@ SPD_DIR := std_svc ifeq ($(SPMD_SPM_AT_SEL2),1) - ifeq ($(CTX_INCLUDE_EL2_REGS),0) - $(error SPMD with SPM at S-EL2 requires CTX_INCLUDE_EL2_REGS option) - endif + CTX_INCLUDE_EL2_REGS := 1 ifeq ($(SPMC_AT_EL3),1) $(error SPM cannot be enabled in both S-EL2 and EL3.) endif @@ -574,6 +627,14 @@ # over the sources. endif +ifeq (${CTX_INCLUDE_EL2_REGS}, 1) +ifeq (${SPD},none) +ifeq (${ENABLE_RME},0) + $(error CTX_INCLUDE_EL2_REGS is available only when SPD or RME is enabled) +endif +endif +endif + ################################################################################ # Include rmmd Makefile if RME is enabled ################################################################################ @@ -596,6 +657,22 @@ include ${PLAT_MAKEFILE_FULL} +# This internal flag is common option which is set to 1 for scenarios +# when the BL2 is running in EL3 level. This occurs in two scenarios - +# 4 world system running BL2 at EL3 and two world system without BL1 running +# BL2 in EL3 + +ifeq (${RESET_TO_BL2},1) + BL2_RUNS_AT_EL3 := 1 + ifeq (${ENABLE_RME},1) + $(error RESET_TO_BL2=1 and ENABLE_RME=1 configuration is not supported at the moment.) + endif +else ifeq (${ENABLE_RME},1) + BL2_RUNS_AT_EL3 := 1 +else + BL2_RUNS_AT_EL3 := 0 +endif + $(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT})) ifeq (${ARM_ARCH_MAJOR},7) @@ -617,21 +694,25 @@ endif ifeq ($(ENABLE_PIE),1) -ifeq ($(BL2_AT_EL3),1) +ifeq ($(RESET_TO_BL2),1) ifneq ($(BL2_IN_XIP_MEM),1) + BL2_CPPFLAGS += -fpie BL2_CFLAGS += -fpie BL2_LDFLAGS += $(PIE_LDFLAGS) endif endif - BL31_CFLAGS += -fpie + BL31_CPPFLAGS += -fpie + BL31_CFLAGS += -fpie BL31_LDFLAGS += $(PIE_LDFLAGS) + + BL32_CPPFLAGS += -fpie BL32_CFLAGS += -fpie BL32_LDFLAGS += $(PIE_LDFLAGS) endif ifeq (${ARCH},aarch64) BL1_CPPFLAGS += -DIMAGE_AT_EL3 -ifeq ($(BL2_AT_EL3),1) +ifeq ($(RESET_TO_BL2),1) BL2_CPPFLAGS += -DIMAGE_AT_EL3 else BL2_CPPFLAGS += -DIMAGE_AT_EL1 @@ -708,22 +789,28 @@ $(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) endif -#For now, BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is 1. -ifeq ($(BL2_AT_EL3)-$(BL2_IN_XIP_MEM),0-1) -$(error "BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is enabled") +#For now, BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is 1. +ifeq ($(RESET_TO_BL2)-$(BL2_IN_XIP_MEM),0-1) +$(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled") endif -# For RAS_EXTENSION, require that EAs are handled in EL3 first +# RAS_EXTENSION is deprecated, provide alternate build options ifeq ($(RAS_EXTENSION),1) + $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS and RAS_FFH_SUPPORT instead") +endif +# RAS firmware first handling requires that EAs are handled in EL3 first +ifeq ($(RAS_FFH_SUPPORT),1) + ifneq ($(ENABLE_FEAT_RAS),1) + $(error For RAS_FFH_SUPPORT, ENABLE_FEAT_RAS must also be 1) + endif ifneq ($(HANDLE_EA_EL3_FIRST_NS),1) - $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST_NS must also be 1) + $(error For RAS_FFH_SUPPORT, HANDLE_EA_EL3_FIRST_NS must also be 1) endif endif - -# When FAULT_INJECTION_SUPPORT is used, require that RAS_EXTENSION is enabled +# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled ifeq ($(FAULT_INJECTION_SUPPORT),1) - ifneq ($(RAS_EXTENSION),1) - $(error For FAULT_INJECTION_SUPPORT, RAS_EXTENSION must also be 1) + ifeq ($(ENABLE_FEAT_RAS),0) + $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must not be 0) endif endif @@ -784,6 +871,14 @@ $(info FEATURE_DETECTION is an experimental feature) endif +ifneq ($(ENABLE_SME2_FOR_NS), 0) + ifeq (${ENABLE_SME_FOR_NS}, 0) + $(warning "ENABLE_SME2_FOR_NS requires ENABLE_SME_FOR_NS also to be set") + $(warning "Forced ENABLE_SME_FOR_NS=1") + override ENABLE_SME_FOR_NS := 1 + endif +endif + ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) ifeq (${ALLOW_RO_XLAT_TABLES}, 1) $(error "ALLOW_RO_XLAT_TABLES requires translation tables library v2") @@ -800,9 +895,10 @@ ifeq (${ARCH},aarch32) # SME/SVE only supported on AArch64 - ifeq (${ENABLE_SME_FOR_NS},1) + ifneq (${ENABLE_SME_FOR_NS},0) $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") endif + ifeq (${ENABLE_SVE_FOR_NS},1) # Warning instead of error due to CI dependency on this $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") @@ -821,16 +917,25 @@ # Ensure ENABLE_RME is not used with SME ifeq (${ENABLE_RME},1) - ifeq (${ENABLE_SME_FOR_NS},1) + ifneq (${ENABLE_SME_FOR_NS},0) $(error "ENABLE_SME_FOR_NS cannot be used with ENABLE_RME") endif endif +ifneq (${ENABLE_SME_FOR_NS},0) + ifeq (${ENABLE_SVE_FOR_NS},0) + $(error "ENABLE_SME_FOR_NS requires ENABLE_SVE_FOR_NS") + endif +endif + # Secure SME/SVE requires the non-secure component as well ifeq (${ENABLE_SME_FOR_SWD},1) ifeq (${ENABLE_SME_FOR_NS},0) $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") endif + ifeq (${ENABLE_SVE_FOR_SWD},0) + $(error "ENABLE_SME_FOR_SWD requires ENABLE_SVE_FOR_SWD") + endif endif ifeq (${ENABLE_SVE_FOR_SWD},1) ifeq (${ENABLE_SVE_FOR_NS},0) @@ -841,9 +946,10 @@ # SVE and SME cannot be used with CTX_INCLUDE_FPREGS since secure manager does # its own context management including FPU registers. ifeq (${CTX_INCLUDE_FPREGS},1) - ifeq (${ENABLE_SME_FOR_NS},1) + ifneq (${ENABLE_SME_FOR_NS},0) $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") endif + ifeq (${ENABLE_SVE_FOR_NS},1) # Warning instead of error due to CI dependency on this $(warning "ENABLE_SVE_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") @@ -971,6 +1077,7 @@ # Variables for use with PRINT_MEMORY_MAP PRINT_MEMORY_MAP_PATH ?= tools/memory PRINT_MEMORY_MAP ?= ${PRINT_MEMORY_MAP_PATH}/print_memory_map.py +INVERTED_MEMMAP ?= 0 # Variables for use with documentation build using Sphinx tool DOCS_PATH ?= docs @@ -1015,19 +1122,16 @@ DISABLE_MTPMU \ DYN_DISABLE_AUTH \ EL3_EXCEPTION_HANDLING \ - ENABLE_AMU \ ENABLE_AMU_AUXILIARY_COUNTERS \ ENABLE_AMU_FCONF \ AMU_RESTRICT_COUNTERS \ ENABLE_ASSERTIONS \ + ENABLE_FEAT_SB \ ENABLE_PIE \ ENABLE_PMF \ ENABLE_PSCI_STAT \ ENABLE_RUNTIME_INSTRUMENTATION \ - ENABLE_SME_FOR_NS \ ENABLE_SME_FOR_SWD \ - ENABLE_SPE_FOR_LOWER_ELS \ - ENABLE_SVE_FOR_NS \ ENABLE_SVE_FOR_SWD \ ERROR_DEPRECATED \ FAULT_INJECTION_SUPPORT \ @@ -1044,8 +1148,8 @@ PLAT_RSS_NOT_SUPPORTED \ PROGRAMMABLE_RESET_ADDRESS \ PSCI_EXTENDED_STATE_ID \ + PSCI_OS_INIT_MODE \ RESET_TO_BL31 \ - RESET_TO_BL31_WITH_PARAMS \ SAVE_KEYS \ SEPARATE_CODE_AND_RODATA \ SEPARATE_BL2_NOLOAD_REGION \ @@ -1063,7 +1167,7 @@ USE_ROMLIB \ USE_TBBR_DEFS \ WARMBOOT_ENABLE_DCACHE_EARLY \ - BL2_AT_EL3 \ + RESET_TO_BL2 \ BL2_IN_XIP_MEM \ BL2_INV_DCACHE \ USE_SPINLOCK_CAS \ @@ -1074,13 +1178,15 @@ COT_DESC_IN_DTB \ USE_SP804_TIMER \ PSA_FWU_SUPPORT \ - ENABLE_SYS_REG_TRACE_FOR_NS \ ENABLE_MPMM \ ENABLE_MPMM_FCONF \ SIMICS_BUILD \ FEATURE_DETECTION \ TRNG_SUPPORT \ + ERRATA_ABI_SUPPORT \ + ERRATA_NON_ARM_INTERCONNECT \ CONDITIONAL_CMO \ + RAS_FFH_SUPPORT \ ))) $(eval $(call assert_numerics,\ @@ -1096,9 +1202,10 @@ ENABLE_TRBE_FOR_NS \ ENABLE_BTI \ ENABLE_PAUTH \ - ENABLE_FEAT_AMUv1 \ + ENABLE_FEAT_AMU \ ENABLE_FEAT_AMUv1p1 \ ENABLE_FEAT_CSV2_2 \ + ENABLE_FEAT_RAS \ ENABLE_FEAT_DIT \ ENABLE_FEAT_ECV \ ENABLE_FEAT_FGT \ @@ -1106,19 +1213,29 @@ ENABLE_FEAT_PAN \ ENABLE_FEAT_RNG \ ENABLE_FEAT_RNG_TRAP \ - ENABLE_FEAT_SB \ ENABLE_FEAT_SEL2 \ + ENABLE_FEAT_TCR2 \ + ENABLE_FEAT_S2PIE \ + ENABLE_FEAT_S1PIE \ + ENABLE_FEAT_S2POE \ + ENABLE_FEAT_S1POE \ + ENABLE_FEAT_GCS \ ENABLE_FEAT_VHE \ ENABLE_MPAM_FOR_LOWER_ELS \ ENABLE_RME \ + ENABLE_SPE_FOR_NS \ + ENABLE_SYS_REG_TRACE_FOR_NS \ + ENABLE_SME_FOR_NS \ + ENABLE_SME2_FOR_NS \ + ENABLE_SVE_FOR_NS \ ENABLE_TRF_FOR_NS \ FW_ENC_STATUS \ NR_OF_FW_BANKS \ NR_OF_IMAGES_IN_FW_BANK \ - RAS_EXTENSION \ TWED_DELAY \ ENABLE_FEAT_TWED \ SVE_VECTOR_LEN \ + IMPDEF_SYSREG_TRAP \ ))) ifdef KEY_SIZE @@ -1151,7 +1268,7 @@ CTX_INCLUDE_NEVE_REGS \ DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ DISABLE_MTPMU \ - ENABLE_AMU \ + ENABLE_FEAT_AMU \ ENABLE_AMU_AUXILIARY_COUNTERS \ ENABLE_AMU_FCONF \ AMU_RESTRICT_COUNTERS \ @@ -1165,8 +1282,9 @@ ENABLE_RME \ ENABLE_RUNTIME_INSTRUMENTATION \ ENABLE_SME_FOR_NS \ + ENABLE_SME2_FOR_NS \ ENABLE_SME_FOR_SWD \ - ENABLE_SPE_FOR_LOWER_ELS \ + ENABLE_SPE_FOR_NS \ ENABLE_SVE_FOR_NS \ ENABLE_SVE_FOR_SWD \ ENCRYPT_BL31 \ @@ -1185,9 +1303,10 @@ PLAT_RSS_NOT_SUPPORTED \ PROGRAMMABLE_RESET_ADDRESS \ PSCI_EXTENDED_STATE_ID \ - RAS_EXTENSION \ + PSCI_OS_INIT_MODE \ + ENABLE_FEAT_RAS \ + RAS_FFH_SUPPORT \ RESET_TO_BL31 \ - RESET_TO_BL31_WITH_PARAMS \ SEPARATE_CODE_AND_RODATA \ SEPARATE_BL2_NOLOAD_REGION \ SEPARATE_NOBITS_REGION \ @@ -1200,6 +1319,8 @@ TRUSTED_BOARD_BOOT \ CRYPTO_SUPPORT \ TRNG_SUPPORT \ + ERRATA_ABI_SUPPORT \ + ERRATA_NON_ARM_INTERCONNECT \ USE_COHERENT_MEM \ USE_DEBUGFS \ ARM_IO_IN_DTB \ @@ -1208,7 +1329,8 @@ USE_ROMLIB \ USE_TBBR_DEFS \ WARMBOOT_ENABLE_DCACHE_EARLY \ - BL2_AT_EL3 \ + RESET_TO_BL2 \ + BL2_RUNS_AT_EL3 \ BL2_IN_XIP_MEM \ BL2_INV_DCACHE \ USE_SPINLOCK_CAS \ @@ -1231,7 +1353,6 @@ ENABLE_MPMM \ ENABLE_MPMM_FCONF \ ENABLE_FEAT_FGT \ - ENABLE_FEAT_AMUv1 \ ENABLE_FEAT_ECV \ SIMICS_BUILD \ ENABLE_FEAT_AMUv1p1 \ @@ -1239,10 +1360,17 @@ ENABLE_FEAT_VHE \ ENABLE_FEAT_CSV2_2 \ ENABLE_FEAT_PAN \ + ENABLE_FEAT_TCR2 \ + ENABLE_FEAT_S2PIE \ + ENABLE_FEAT_S1PIE \ + ENABLE_FEAT_S2POE \ + ENABLE_FEAT_S1POE \ + ENABLE_FEAT_GCS \ FEATURE_DETECTION \ TWED_DELAY \ ENABLE_FEAT_TWED \ CONDITIONAL_CMO \ + IMPDEF_SYSREG_TRAP \ ))) ifeq (${SANITIZE_UB},trap) @@ -1315,7 +1443,7 @@ endif ifeq (${NEED_BL2},yes) -ifeq (${BL2_AT_EL3}, 0) +ifeq (${RESET_TO_BL2}, 0) FIP_BL2_ARGS := tb-fw endif
diff --git a/bl1/aarch64/bl1_exceptions.S b/bl1/aarch64/bl1_exceptions.S index c54219f..eaaf59a 100644 --- a/bl1/aarch64/bl1_exceptions.S +++ b/bl1/aarch64/bl1_exceptions.S
@@ -218,9 +218,7 @@ smc_handler: /* ----------------------------------------------------- * Save x0-x29 and ARMv8.3-PAuth (if enabled) registers. - * If Secure Cycle Counter is not disabled in MDCR_EL3 - * when ARMv8.5-PMU is implemented, save PMCR_EL0 and - * disable Cycle Counter. + * Save PMCR_EL0 and disable Cycle Counter. * TODO: Revisit to store only SMCCC specified registers. * ----------------------------------------------------- */
diff --git a/bl1/bl1.ld.S b/bl1/bl1.ld.S index c4ec5fe..bec234b 100644 --- a/bl1/bl1.ld.S +++ b/bl1/bl1.ld.S
@@ -1,13 +1,12 @@ /* - * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ /* - * The .data section gets copied from ROM to RAM at runtime. - * Its LMA should be 16-byte aligned to allow efficient copying of 16-bytes - * aligned regions in it. + * The .data section gets copied from ROM to RAM at runtime. Its LMA should be + * 16-byte aligned to allow efficient copying of 16-bytes aligned regions in it. * Its VMA must be page-aligned as it marks the first read/write page. */ #define DATA_ALIGN 16 @@ -24,23 +23,26 @@ RAM (rwx): ORIGIN = BL1_RW_BASE, LENGTH = BL1_RW_LIMIT - BL1_RW_BASE } -SECTIONS -{ +SECTIONS { . = BL1_RO_BASE; + ASSERT(. == ALIGN(PAGE_SIZE), - "BL1_RO_BASE address is not aligned on a page boundary.") + "BL1_RO_BASE address is not aligned on a page boundary.") #if SEPARATE_CODE_AND_RODATA .text . : { __TEXT_START__ = .; + *bl1_entrypoint.o(.text*) *(SORT_BY_ALIGNMENT(.text*)) *(.vectors) + . = ALIGN(PAGE_SIZE); + __TEXT_END__ = .; } >ROM - /* .ARM.extab and .ARM.exidx are only added because Clang need them */ + /* .ARM.extab and .ARM.exidx are only added because Clang needs them */ .ARM.extab . : { *(.ARM.extab* .gnu.linkonce.armextab.*) } >ROM @@ -51,51 +53,57 @@ .rodata . : { __RODATA_START__ = .; + *(SORT_BY_ALIGNMENT(.rodata*)) - RODATA_COMMON + RODATA_COMMON /* * No need to pad out the .rodata section to a page boundary. Next is * the .data section, which can mapped in ROM with the same memory * attributes as the .rodata section. * - * Pad out to 16 bytes though as .data section needs to be 16 byte - * aligned and lld does not align the LMA to the aligment specified + * Pad out to 16 bytes though as .data section needs to be 16-byte + * aligned and lld does not align the LMA to the alignment specified * on the .data section. */ __RODATA_END__ = .; - . = ALIGN(16); + + . = ALIGN(16); } >ROM -#else - ro . : { +#else /* SEPARATE_CODE_AND_RODATA */ + .ro . : { __RO_START__ = .; + *bl1_entrypoint.o(.text*) *(SORT_BY_ALIGNMENT(.text*)) *(SORT_BY_ALIGNMENT(.rodata*)) - RODATA_COMMON + RODATA_COMMON *(.vectors) + __RO_END__ = .; /* - * Pad out to 16 bytes as .data section needs to be 16 byte aligned and - * lld does not align the LMA to the aligment specified on the .data - * section. + * Pad out to 16 bytes as the .data section needs to be 16-byte aligned + * and lld does not align the LMA to the alignment specified on the + * .data section. */ - . = ALIGN(16); + . = ALIGN(16); } >ROM -#endif +#endif /* SEPARATE_CODE_AND_RODATA */ ASSERT(__CPU_OPS_END__ > __CPU_OPS_START__, - "cpu_ops not defined for this platform.") + "cpu_ops not defined for this platform.") . = BL1_RW_BASE; + ASSERT(BL1_RW_BASE == ALIGN(PAGE_SIZE), - "BL1_RW_BASE address is not aligned on a page boundary.") + "BL1_RW_BASE address is not aligned on a page boundary.") DATA_SECTION >RAM AT>ROM + __DATA_RAM_START__ = __DATA_START__; __DATA_RAM_END__ = __DATA_END__; @@ -105,24 +113,26 @@ #if USE_COHERENT_MEM /* - * The base address of the coherent memory section must be page-aligned (4K) - * to guarantee that the coherent data are stored on their own pages and - * are not mixed with normal data. This is required to set up the correct - * memory attributes for the coherent data page tables. + * The base address of the coherent memory section must be page-aligned to + * guarantee that the coherent data are stored on their own pages and are + * not mixed with normal data. This is required to set up the correct memory + * attributes for the coherent data page tables. */ - coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { + .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { __COHERENT_RAM_START__ = .; - *(tzfw_coherent_mem) + *(.tzfw_coherent_mem) __COHERENT_RAM_END_UNALIGNED__ = .; + /* - * Memory page(s) mapped to this section will be marked - * as device memory. No other unexpected data must creep in. - * Ensure the rest of the current memory page is unused. + * Memory page(s) mapped to this section will be marked as device + * memory. No other unexpected data must creep in. Ensure the rest of + * the current memory page is unused. */ . = ALIGN(PAGE_SIZE); + __COHERENT_RAM_END__ = .; } >RAM -#endif +#endif /* USE_COHERENT_MEM */ __BL1_RAM_START__ = ADDR(.data); __BL1_RAM_END__ = .; @@ -135,15 +145,16 @@ * of BL1's actual content in Trusted ROM. */ __BL1_ROM_END__ = __DATA_ROM_START__ + __DATA_SIZE__; + ASSERT(__BL1_ROM_END__ <= BL1_RO_LIMIT, - "BL1's ROM content has exceeded its limit.") + "BL1's ROM content has exceeded its limit.") __BSS_SIZE__ = SIZEOF(.bss); #if USE_COHERENT_MEM __COHERENT_RAM_UNALIGNED_SIZE__ = __COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__; -#endif +#endif /* USE_COHERENT_MEM */ ASSERT(. <= BL1_RW_LIMIT, "BL1's RW section has exceeded its limit.") }
diff --git a/bl1/bl1.mk b/bl1/bl1.mk index 9f63fd5..b1791b1 100644 --- a/bl1/bl1.mk +++ b/bl1/bl1.mk
@@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -29,4 +29,10 @@ BL1_SOURCES += bl1/bl1_fwu.c endif -BL1_LINKERFILE := bl1/bl1.ld.S +ifneq ($(findstring gcc,$(notdir $(LD))),) + BL1_LDFLAGS += -Wl,--sort-section=alignment +else ifneq ($(findstring ld,$(notdir $(LD))),) + BL1_LDFLAGS += --sort-section=alignment +endif + +BL1_DEFAULT_LINKER_SCRIPT_SOURCE := bl1/bl1.ld.S
diff --git a/bl1/bl1_fwu.c b/bl1/bl1_fwu.c index b70bffd..6d4dc7e 100644 --- a/bl1/bl1_fwu.c +++ b/bl1/bl1_fwu.c
@@ -420,7 +420,7 @@ * Image is in RESET state. * Check the parameters and authenticate the source image in place. */ - if (bl1_plat_mem_check(image_src, image_size, \ + if (bl1_plat_mem_check(image_src, image_size, desc->ep_info.h.attr) != 0) { WARN("BL1-FWU: Authentication arguments source/size not mapped\n"); return -ENOMEM;
diff --git a/bl2/bl2.ld.S b/bl2/bl2.ld.S index 80cf7db..458a12b 100644 --- a/bl2/bl2.ld.S +++ b/bl2/bl2.ld.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -15,28 +15,31 @@ RAM (rwx): ORIGIN = BL2_BASE, LENGTH = BL2_LIMIT - BL2_BASE } - -SECTIONS -{ +SECTIONS { . = BL2_BASE; + ASSERT(. == ALIGN(PAGE_SIZE), - "BL2_BASE address is not aligned on a page boundary.") + "BL2_BASE address is not aligned on a page boundary.") #if SEPARATE_CODE_AND_RODATA .text . : { __TEXT_START__ = .; + #if ENABLE_RME *bl2_rme_entrypoint.o(.text*) #else /* ENABLE_RME */ *bl2_entrypoint.o(.text*) #endif /* ENABLE_RME */ + *(SORT_BY_ALIGNMENT(.text*)) *(.vectors) + . = ALIGN(PAGE_SIZE); + __TEXT_END__ = .; } >RAM - /* .ARM.extab and .ARM.exidx are only added because Clang need them */ + /* .ARM.extab and .ARM.exidx are only added because Clang needs them */ .ARM.extab . : { *(.ARM.extab* .gnu.linkonce.armextab.*) } >RAM @@ -47,39 +50,41 @@ .rodata . : { __RODATA_START__ = .; + *(SORT_BY_ALIGNMENT(.rodata*)) - RODATA_COMMON + RODATA_COMMON . = ALIGN(PAGE_SIZE); + __RODATA_END__ = .; } >RAM -#else - ro . : { +#else /* SEPARATE_CODE_AND_RODATA */ + .ro . : { __RO_START__ = .; + *bl2_entrypoint.o(.text*) *(SORT_BY_ALIGNMENT(.text*)) *(SORT_BY_ALIGNMENT(.rodata*)) - RODATA_COMMON + RODATA_COMMON *(.vectors) + __RO_END_UNALIGNED__ = .; + /* - * Memory page(s) mapped to this section will be marked as - * read-only, executable. No RW data from the next section must - * creep in. Ensure the rest of the current memory page is unused. + * Memory page(s) mapped to this section will be marked as read-only, + * executable. No RW data from the next section must creep in. Ensure + * that the rest of the current memory page is unused. */ . = ALIGN(PAGE_SIZE); + __RO_END__ = .; } >RAM -#endif +#endif /* SEPARATE_CODE_AND_RODATA */ - /* - * Define a linker symbol to mark start of the RW memory area for this - * image. - */ - __RW_START__ = . ; + __RW_START__ = .; DATA_SECTION >RAM STACK_SECTION >RAM @@ -88,29 +93,27 @@ #if USE_COHERENT_MEM /* - * The base address of the coherent memory section must be page-aligned (4K) - * to guarantee that the coherent data are stored on their own pages and - * are not mixed with normal data. This is required to set up the correct + * The base address of the coherent memory section must be page-aligned to + * guarantee that the coherent data are stored on their own pages and are + * not mixed with normal data. This is required to set up the correct * memory attributes for the coherent data page tables. */ - coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { + .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { __COHERENT_RAM_START__ = .; - *(tzfw_coherent_mem) + *(.tzfw_coherent_mem) __COHERENT_RAM_END_UNALIGNED__ = .; + /* - * Memory page(s) mapped to this section will be marked - * as device memory. No other unexpected data must creep in. - * Ensure the rest of the current memory page is unused. + * Memory page(s) mapped to this section will be marked as device + * memory. No other unexpected data must creep in. Ensure the rest of + * the current memory page is unused. */ . = ALIGN(PAGE_SIZE); + __COHERENT_RAM_END__ = .; } >RAM -#endif +#endif /* USE_COHERENT_MEM */ - /* - * Define a linker symbol to mark end of the RW memory area for this - * image. - */ __RW_END__ = .; __BL2_END__ = .; @@ -119,7 +122,7 @@ #if USE_COHERENT_MEM __COHERENT_RAM_UNALIGNED_SIZE__ = __COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__; -#endif +#endif /* USE_COHERENT_MEM */ ASSERT(. <= BL2_LIMIT, "BL2 image has exceeded its limit.") }
diff --git a/bl2/bl2.mk b/bl2/bl2.mk index 7a973e5..41bcd12 100644 --- a/bl2/bl2.mk +++ b/bl2/bl2.mk
@@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved. +# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -15,6 +15,12 @@ BL2_SOURCES += common/aarch64/early_exceptions.S endif +ifneq ($(findstring gcc,$(notdir $(LD))),) + BL2_LDFLAGS += -Wl,--sort-section=alignment +else ifneq ($(findstring ld,$(notdir $(LD))),) + BL2_LDFLAGS += --sort-section=alignment +endif + ifeq (${ENABLE_RME},1) # Using RME, run BL2 at EL3 include lib/gpt_rme/gpt_rme.mk @@ -23,12 +29,12 @@ bl2/${ARCH}/bl2_el3_exceptions.S \ bl2/${ARCH}/bl2_run_next_image.S \ ${GPT_LIB_SRCS} -BL2_LINKERFILE := bl2/bl2.ld.S +BL2_DEFAULT_LINKER_SCRIPT_SOURCE := bl2/bl2.ld.S -else ifeq (${BL2_AT_EL3},0) +else ifeq (${RESET_TO_BL2},0) # Normal operation, no RME, no BL2 at EL3 BL2_SOURCES += bl2/${ARCH}/bl2_entrypoint.S -BL2_LINKERFILE := bl2/bl2.ld.S +BL2_DEFAULT_LINKER_SCRIPT_SOURCE := bl2/bl2.ld.S else # BL2 at EL3, no RME @@ -46,5 +52,5 @@ BL2_SOURCES += lib/cpus/aarch64/dsu_helpers.S endif -BL2_LINKERFILE := bl2/bl2_el3.ld.S +BL2_DEFAULT_LINKER_SCRIPT_SOURCE := bl2/bl2_el3.ld.S endif
diff --git a/bl2/bl2_el3.ld.S b/bl2/bl2_el3.ld.S index c95706c..aa457fa 100644 --- a/bl2/bl2_el3.ld.S +++ b/bl2/bl2_el3.ld.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -15,140 +15,158 @@ #if BL2_IN_XIP_MEM ROM (rx): ORIGIN = BL2_RO_BASE, LENGTH = BL2_RO_LIMIT - BL2_RO_BASE RAM (rwx): ORIGIN = BL2_RW_BASE, LENGTH = BL2_RW_LIMIT - BL2_RW_BASE -#else +#else /* BL2_IN_XIP_MEM */ RAM (rwx): ORIGIN = BL2_BASE, LENGTH = BL2_LIMIT - BL2_BASE -#endif +#endif /* BL2_IN_XIP_MEM */ + #if SEPARATE_BL2_NOLOAD_REGION RAM_NOLOAD (rw!a): ORIGIN = BL2_NOLOAD_START, LENGTH = BL2_NOLOAD_LIMIT - BL2_NOLOAD_START -#else -#define RAM_NOLOAD RAM -#endif +#else /* SEPARATE_BL2_NOLOAD_REGION */ +# define RAM_NOLOAD RAM +#endif /* SEPARATE_BL2_NOLOAD_REGION */ } #if !BL2_IN_XIP_MEM -#define ROM RAM -#endif +# define ROM RAM +#endif /* !BL2_IN_XIP_MEM */ -SECTIONS -{ +SECTIONS { #if BL2_IN_XIP_MEM . = BL2_RO_BASE; + ASSERT(. == ALIGN(PAGE_SIZE), - "BL2_RO_BASE address is not aligned on a page boundary.") -#else + "BL2_RO_BASE address is not aligned on a page boundary.") +#else /* BL2_IN_XIP_MEM */ . = BL2_BASE; + ASSERT(. == ALIGN(PAGE_SIZE), - "BL2_BASE address is not aligned on a page boundary.") -#endif + "BL2_BASE address is not aligned on a page boundary.") +#endif /* BL2_IN_XIP_MEM */ #if SEPARATE_CODE_AND_RODATA .text . : { __TEXT_START__ = .; - __TEXT_RESIDENT_START__ = .; - *bl2_el3_entrypoint.o(.text*) - *(.text.asm.*) - __TEXT_RESIDENT_END__ = .; + __TEXT_RESIDENT_START__ = .; + + *bl2_el3_entrypoint.o(.text*) + *(.text.asm.*) + + __TEXT_RESIDENT_END__ = .; + *(SORT_BY_ALIGNMENT(.text*)) *(.vectors) + . = ALIGN(PAGE_SIZE); + __TEXT_END__ = .; - } >ROM + } >ROM .rodata . : { __RODATA_START__ = .; + *(SORT_BY_ALIGNMENT(.rodata*)) - RODATA_COMMON + RODATA_COMMON . = ALIGN(PAGE_SIZE); + __RODATA_END__ = .; } >ROM ASSERT(__TEXT_RESIDENT_END__ - __TEXT_RESIDENT_START__ <= PAGE_SIZE, - "Resident part of BL2 has exceeded its limit.") -#else - ro . : { + "Resident part of BL2 has exceeded its limit.") +#else /* SEPARATE_CODE_AND_RODATA */ + .ro . : { __RO_START__ = .; - __TEXT_RESIDENT_START__ = .; - *bl2_el3_entrypoint.o(.text*) - *(.text.asm.*) - __TEXT_RESIDENT_END__ = .; + __TEXT_RESIDENT_START__ = .; + + *bl2_el3_entrypoint.o(.text*) + *(.text.asm.*) + + __TEXT_RESIDENT_END__ = .; + *(SORT_BY_ALIGNMENT(.text*)) *(SORT_BY_ALIGNMENT(.rodata*)) - RODATA_COMMON + RODATA_COMMON *(.vectors) + __RO_END_UNALIGNED__ = .; + /* - * Memory page(s) mapped to this section will be marked as - * read-only, executable. No RW data from the next section must - * creep in. Ensure the rest of the current memory page is unused. + * Memory page(s) mapped to this section will be marked as read-only, + * executable. No RW data from the next section must creep in. Ensure + * that the rest of the current memory page is unused. */ . = ALIGN(PAGE_SIZE); __RO_END__ = .; } >ROM -#endif +#endif /* SEPARATE_CODE_AND_RODATA */ ASSERT(__CPU_OPS_END__ > __CPU_OPS_START__, - "cpu_ops not defined for this platform.") + "cpu_ops not defined for this platform.") #if BL2_IN_XIP_MEM . = BL2_RW_BASE; + ASSERT(BL2_RW_BASE == ALIGN(PAGE_SIZE), "BL2_RW_BASE address is not aligned on a page boundary.") -#endif +#endif /* BL2_IN_XIP_MEM */ - /* - * Define a linker symbol to mark start of the RW memory area for this - * image. - */ - __RW_START__ = . ; + __RW_START__ = .; DATA_SECTION >RAM AT>ROM + __DATA_RAM_START__ = __DATA_START__; __DATA_RAM_END__ = __DATA_END__; RELA_SECTION >RAM + #if SEPARATE_BL2_NOLOAD_REGION SAVED_ADDR = .; + . = BL2_NOLOAD_START; + __BL2_NOLOAD_START__ = .; -#endif +#endif /* SEPARATE_BL2_NOLOAD_REGION */ + STACK_SECTION >RAM_NOLOAD BSS_SECTION >RAM_NOLOAD XLAT_TABLE_SECTION >RAM_NOLOAD + #if SEPARATE_BL2_NOLOAD_REGION __BL2_NOLOAD_END__ = .; + . = SAVED_ADDR; -#endif +#endif /* SEPARATE_BL2_NOLOAD_REGION */ #if USE_COHERENT_MEM /* - * The base address of the coherent memory section must be page-aligned (4K) - * to guarantee that the coherent data are stored on their own pages and - * are not mixed with normal data. This is required to set up the correct + * The base address of the coherent memory section must be page-aligned to + * guarantee that the coherent data are stored on their own pages and are + * not mixed with normal data. This is required to set up the correct * memory attributes for the coherent data page tables. */ - coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { + .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { __COHERENT_RAM_START__ = .; - *(tzfw_coherent_mem) + + *(.tzfw_coherent_mem) + __COHERENT_RAM_END_UNALIGNED__ = .; + /* - * Memory page(s) mapped to this section will be marked - * as device memory. No other unexpected data must creep in. - * Ensure the rest of the current memory page is unused. + * Memory page(s) mapped to this section will be marked as device + * memory. No other unexpected data must creep in. Ensure the rest of + * the current memory page is unused. */ . = ALIGN(PAGE_SIZE); + __COHERENT_RAM_END__ = .; } >RAM -#endif +#endif /* USE_COHERENT_MEM */ - /* - * Define a linker symbol to mark end of the RW memory area for this - * image. - */ __RW_END__ = .; __BL2_END__ = .; @@ -165,23 +183,24 @@ /* * The .data section is the last PROGBITS section so its end marks the end - * of BL2's RO content in XIP memory.. + * of BL2's RO content in XIP memory. */ __BL2_ROM_END__ = __DATA_ROM_START__ + __DATA_SIZE__; + ASSERT(__BL2_ROM_END__ <= BL2_RO_LIMIT, "BL2's RO content has exceeded its limit.") -#endif - __BSS_SIZE__ = SIZEOF(.bss); +#endif /* BL2_IN_XIP_MEM */ + __BSS_SIZE__ = SIZEOF(.bss); #if USE_COHERENT_MEM __COHERENT_RAM_UNALIGNED_SIZE__ = __COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__; -#endif +#endif /* USE_COHERENT_MEM */ #if BL2_IN_XIP_MEM ASSERT(. <= BL2_RW_LIMIT, "BL2's RW content has exceeded its limit.") -#else +#else /* BL2_IN_XIP_MEM */ ASSERT(. <= BL2_LIMIT, "BL2 image has exceeded its limit.") -#endif +#endif /* BL2_IN_XIP_MEM */ }
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c index 5da8037..ce83692 100644 --- a/bl2/bl2_main.c +++ b/bl2/bl2_main.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -27,9 +27,9 @@ #define NEXT_IMAGE "BL32" #endif -#if BL2_AT_EL3 +#if RESET_TO_BL2 /******************************************************************************* - * Setup function for BL2 when BL2_AT_EL3=1 + * Setup function for BL2 when RESET_TO_BL2=1 ******************************************************************************/ void bl2_el3_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3) @@ -48,9 +48,10 @@ assert(is_armv8_3_pauth_present()); #endif /* CTX_INCLUDE_PAUTH_REGS */ } -#else /* BL2_AT_EL3 */ +#else /* RESET_TO_BL2 */ + /******************************************************************************* - * Setup function for BL2 when BL2_AT_EL3=0 + * Setup function for BL2 when RESET_TO_BL2=0 ******************************************************************************/ void bl2_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3) @@ -69,7 +70,7 @@ assert(is_armv8_3_pauth_present()); #endif /* CTX_INCLUDE_PAUTH_REGS */ } -#endif /* BL2_AT_EL3 */ +#endif /* RESET_TO_BL2 */ /******************************************************************************* * The only thing to do in BL2 is to load further images and pass control to @@ -107,7 +108,7 @@ /* Teardown the Measured Boot backend */ bl2_plat_mboot_finish(); -#if !BL2_AT_EL3 && !ENABLE_RME +#if !BL2_RUNS_AT_EL3 #ifndef __aarch64__ /* * For AArch32 state BL1 and BL2 share the MMU setup. @@ -132,7 +133,8 @@ * be passed to next BL image as an argument. */ smc(BL1_SMC_RUN_IMAGE, (unsigned long)next_bl_ep_info, 0, 0, 0, 0, 0, 0); -#else /* if BL2_AT_EL3 || ENABLE_RME */ +#else /* if BL2_RUNS_AT_EL3 */ + NOTICE("BL2: Booting " NEXT_IMAGE "\n"); print_entry_point_info(next_bl_ep_info); console_flush(); @@ -145,5 +147,5 @@ #endif /* ENABLE_PAUTH */ bl2_run_next_image(next_bl_ep_info); -#endif /* BL2_AT_EL3 && ENABLE_RME */ +#endif /* BL2_RUNS_AT_EL3 */ }
diff --git a/bl2u/bl2u.ld.S b/bl2u/bl2u.ld.S index a7752a4..52a925b 100644 --- a/bl2u/bl2u.ld.S +++ b/bl2u/bl2u.ld.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -17,67 +17,69 @@ RAM (rwx): ORIGIN = BL2U_BASE, LENGTH = BL2U_LIMIT - BL2U_BASE } - -SECTIONS -{ +SECTIONS { . = BL2U_BASE; + ASSERT(. == ALIGN(PAGE_SIZE), - "BL2U_BASE address is not aligned on a page boundary.") + "BL2U_BASE address is not aligned on a page boundary.") #if SEPARATE_CODE_AND_RODATA .text . : { __TEXT_START__ = .; + *bl2u_entrypoint.o(.text*) *(SORT_BY_ALIGNMENT(.text*)) *(.vectors) + . = ALIGN(PAGE_SIZE); + __TEXT_END__ = .; - } >RAM + } >RAM - /* .ARM.extab and .ARM.exidx are only added because Clang need them */ - .ARM.extab . : { + /* .ARM.extab and .ARM.exidx are only added because Clang needs them */ + .ARM.extab . : { *(.ARM.extab* .gnu.linkonce.armextab.*) - } >RAM + } >RAM - .ARM.exidx . : { + .ARM.exidx . : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) - } >RAM + } >RAM .rodata . : { __RODATA_START__ = .; *(SORT_BY_ALIGNMENT(.rodata*)) - RODATA_COMMON + RODATA_COMMON . = ALIGN(PAGE_SIZE); __RODATA_END__ = .; } >RAM -#else - ro . : { +#else /* SEPARATE_CODE_AND_RODATA */ + .ro . : { __RO_START__ = .; + *bl2u_entrypoint.o(.text*) *(SORT_BY_ALIGNMENT(.text*)) *(SORT_BY_ALIGNMENT(.rodata*)) - RODATA_COMMON + RODATA_COMMON *(.vectors) + __RO_END_UNALIGNED__ = .; + /* - * Memory page(s) mapped to this section will be marked as - * read-only, executable. No RW data from the next section must - * creep in. Ensure the rest of the current memory page is unused. + * Memory page(s) mapped to this section will be marked as read-only, + * executable. No RW data from the next section must creep in. Ensure + * that the rest of the current memory page is unused. */ . = ALIGN(PAGE_SIZE); + __RO_END__ = .; } >RAM -#endif +#endif /* SEPARATE_CODE_AND_RODATA */ - /* - * Define a linker symbol to mark start of the RW memory area for this - * image. - */ - __RW_START__ = . ; + __RW_START__ = .; DATA_SECTION >RAM STACK_SECTION >RAM @@ -86,29 +88,27 @@ #if USE_COHERENT_MEM /* - * The base address of the coherent memory section must be page-aligned (4K) - * to guarantee that the coherent data are stored on their own pages and - * are not mixed with normal data. This is required to set up the correct + * The base address of the coherent memory section must be page-aligned to + * guarantee that the coherent data are stored on their own pages and are + * not mixed with normal data. This is required to set up the correct * memory attributes for the coherent data page tables. */ - coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { + .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { __COHERENT_RAM_START__ = .; - *(tzfw_coherent_mem) + *(.tzfw_coherent_mem) __COHERENT_RAM_END_UNALIGNED__ = .; + /* - * Memory page(s) mapped to this section will be marked - * as device memory. No other unexpected data must creep in. - * Ensure the rest of the current memory page is unused. + * Memory page(s) mapped to this section will be marked as device + * memory. No other unexpected data must creep in. Ensure the rest of + * the current memory page is unused. */ . = ALIGN(PAGE_SIZE); + __COHERENT_RAM_END__ = .; } >RAM -#endif +#endif /* USE_COHERENT_MEM */ - /* - * Define a linker symbol to mark end of the RW memory area for this - * image. - */ __RW_END__ = .; __BL2U_END__ = .;
diff --git a/bl2u/bl2u.mk b/bl2u/bl2u.mk index b4d7634..9fe20f5 100644 --- a/bl2u/bl2u.mk +++ b/bl2u/bl2u.mk
@@ -1,5 +1,5 @@ # -# Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -12,4 +12,10 @@ BL2U_SOURCES += common/aarch64/early_exceptions.S endif -BL2U_LINKERFILE := bl2u/bl2u.ld.S +BL2U_DEFAULT_LINKER_SCRIPT_SOURCE := bl2u/bl2u.ld.S + +ifneq ($(findstring gcc,$(notdir $(LD))),) + BL2U_LDFLAGS += -Wl,--sort-section=alignment +else ifneq ($(findstring ld,$(notdir $(LD))),) + BL2U_LDFLAGS += --sort-section=alignment +endif
diff --git a/bl31/aarch64/bl31_entrypoint.S b/bl31/aarch64/bl31_entrypoint.S index b0c46dc..dfb14e9 100644 --- a/bl31/aarch64/bl31_entrypoint.S +++ b/bl31/aarch64/bl31_entrypoint.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -66,19 +66,6 @@ _init_c_runtime=1 \ _exception_vectors=runtime_exceptions \ _pie_fixup_size=BL31_LIMIT - BL31_BASE - -#if !RESET_TO_BL31_WITH_PARAMS - /* --------------------------------------------------------------------- - * For RESET_TO_BL31 systems, BL31 is the first bootloader to run so - * there's no argument to relay from a previous bootloader. Zero the - * arguments passed to the platform layer to reflect that. - * --------------------------------------------------------------------- - */ - mov x20, 0 - mov x21, 0 - mov x22, 0 - mov x23, 0 -#endif /* RESET_TO_BL31_WITH_PARAMS */ #endif /* RESET_TO_BL31 */ /* --------------------------------------------------------------------
diff --git a/bl31/aarch64/crash_reporting.S b/bl31/aarch64/crash_reporting.S index d56b513..4cec110 100644 --- a/bl31/aarch64/crash_reporting.S +++ b/bl31/aarch64/crash_reporting.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -15,8 +15,8 @@ .globl report_unhandled_exception .globl report_unhandled_interrupt - .globl el3_panic - .globl elx_panic + .globl report_el3_panic + .globl report_elx_panic #if CRASH_REPORTING @@ -64,7 +64,7 @@ x30_msg: .asciz "x30" excpt_msg_el: - .asciz "Unhandled Exception from EL" + .asciz "Unhandled Exception from lower EL.\n" /* * Helper function to print from crash buf. @@ -194,28 +194,20 @@ /* ----------------------------------------------------- * This function allows to report a crash from the lower * exception level (if crash reporting is enabled) when - * panic() is invoked from C Runtime. + * lower_el_panic() is invoked from C Runtime. * It prints the CPU state via the crash console making * use of 'cpu_context' structure where general purpose * registers are saved and the crash buf. * This function will not return. - * - * x0: Exception level * ----------------------------------------------------- */ -func elx_panic +func report_elx_panic msr spsel, #MODE_SP_ELX - mov x8, x0 /* Print the crash message */ adr x4, excpt_msg_el bl asm_print_str - /* Print exception level */ - add x0, x8, #'0' - bl plat_crash_console_putc - bl asm_print_newline - /* Report x0 - x29 values stored in 'gpregs_ctx' structure */ /* Store the ascii list pointer in x6 */ adr x6, gp_regs @@ -295,7 +287,7 @@ mrs x2, sctlr_el1 mrs x1, tcr_el1 b test_pauth -endfunc elx_panic +endfunc report_elx_panic /* ----------------------------------------------------- * This function allows to report a crash (if crash @@ -305,7 +297,7 @@ * will not return. * ----------------------------------------------------- */ -func el3_panic +func report_el3_panic msr spsel, #MODE_SP_ELX prepare_crash_buf_save_x0_x1 adr x0, panic_msg @@ -463,7 +455,7 @@ /* Done reporting */ no_ret plat_panic_handler -endfunc el3_panic +endfunc report_el3_panic #else /* CRASH_REPORTING */ func report_unhandled_exception
diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S index dbb3234..dd6b4dc 100644 --- a/bl31/aarch64/ea_delegate.S +++ b/bl31/aarch64/ea_delegate.S
@@ -16,9 +16,8 @@ #include <context.h> .globl handle_lower_el_ea_esb - .globl handle_lower_el_async_ea - .globl enter_lower_el_sync_ea - .globl enter_lower_el_async_ea + .globl handle_lower_el_sync_ea + .globl handle_lower_el_async_ea /* @@ -42,17 +41,12 @@ * Implementation Defined Exceptions. If any other kind of exception is detected, * then this function reports unhandled exception. * - * Since it's part of exception vector, this function doesn't expect any GP - * registers to have been saved. It delegates the handling of the EA to platform - * handler, and upon successfully handling the EA, exits EL3; otherwise panics. + * It delegates the handling of the EA to platform handler, and upon successfully + * handling the EA, exits EL3; otherwise panics. + * + * This function assumes x30 has been saved. */ -func enter_lower_el_sync_ea - /* - * Explicitly save x30 so as to free up a register and to enable - * branching. - */ - str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] - +func handle_lower_el_sync_ea mrs x30, esr_el3 ubfx x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH @@ -87,9 +81,7 @@ 1: /* * Save general purpose and ARMv8.3-PAuth registers (if enabled). - * If Secure Cycle Counter is not disabled in MDCR_EL3 when - * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter. - * Also set the PSTATE to a known state. + * Also save PMCR_EL0 and set the PSTATE to a known state. */ bl prepare_el3_entry @@ -114,29 +106,22 @@ /* Synchronous exceptions other than the above are assumed to be EA */ ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] no_ret report_unhandled_exception -endfunc enter_lower_el_sync_ea +endfunc handle_lower_el_sync_ea /* * This function handles SErrors from lower ELs. * - * Since it's part of exception vector, this function doesn't expect any GP - * registers to have been saved. It delegates the handling of the EA to platform - * handler, and upon successfully handling the EA, exits EL3; otherwise panics. + * It delegates the handling of the EA to platform handler, and upon successfully + * handling the EA, exits EL3; otherwise panics. + * + * This function assumes x30 has been saved. */ -func enter_lower_el_async_ea - /* - * Explicitly save x30 so as to free up a register and to enable - * branching - */ - str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] +func handle_lower_el_async_ea -handle_lower_el_async_ea: /* * Save general purpose and ARMv8.3-PAuth registers (if enabled). - * If Secure Cycle Counter is not disabled in MDCR_EL3 when - * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter. - * Also set the PSTATE to a known state. + * Also save PMCR_EL0 and set the PSTATE to a known state. */ bl prepare_el3_entry @@ -153,7 +138,7 @@ /* el3_exit assumes SP_EL0 on entry */ msr spsel, #MODE_SP_EL0 b el3_exit -endfunc enter_lower_el_async_ea +endfunc handle_lower_el_async_ea /* @@ -164,7 +149,7 @@ * x1: EA syndrome */ func delegate_sync_ea -#if RAS_EXTENSION +#if RAS_FFH_SUPPORT /* * Check for Uncontainable error type. If so, route to the platform * fatal error handler rather than the generic EA one. @@ -194,14 +179,14 @@ * x1: EA syndrome */ func delegate_async_ea -#if RAS_EXTENSION +#if RAS_FFH_SUPPORT /* Check Exception Class to ensure SError, as this function should * only be invoked for SError. If that is not the case, which implies * either an HW error or programming error, panic. */ ubfx x2, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH cmp x2, EC_SERROR - b.ne do_panic + b.ne el3_panic /* * Check for Implementation Defined Syndrome. If so, skip checking * Uncontainable error type from the syndrome as the format is unknown.
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S index 0283553..8bcf94e 100644 --- a/bl31/aarch64/runtime_exceptions.S +++ b/bl31/aarch64/runtime_exceptions.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -10,6 +10,7 @@ #include <asm_macros.S> #include <bl31/ea_handle.h> #include <bl31/interrupt_mgmt.h> +#include <bl31/sync_handle.h> #include <common/runtime_svc.h> #include <context.h> #include <el3_common_macros.S> @@ -39,39 +40,39 @@ .globl serror_aarch32 /* + * Save LR and make x30 available as most of the routines in vector entry + * need a free register + */ + .macro save_x30 + str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] + .endm + + /* * Macro that prepares entry to EL3 upon taking an exception. * - * With RAS_EXTENSION, this macro synchronizes pending errors with an ESB - * instruction. When an error is thus synchronized, the handling is + * With RAS_FFH_SUPPORT, this macro synchronizes pending errors with an + * ESB instruction. When an error is thus synchronized, the handling is * delegated to platform EA handler. * - * Without RAS_EXTENSION, this macro synchronizes pending errors using - * a DSB, unmasks Asynchronous External Aborts and saves X30 before + * Without RAS_FFH_SUPPORT, this macro synchronizes pending errors using + * a DSB, unmasks Asynchronous External Aborts and saves X30 before * setting the flag CTX_IS_IN_EL3. */ .macro check_and_unmask_ea -#if RAS_EXTENSION +#if RAS_FFH_SUPPORT /* Synchronize pending External Aborts */ esb /* Unmask the SError interrupt */ msr daifclr, #DAIF_ABT_BIT - /* - * Explicitly save x30 so as to free up a register and to enable - * branching - */ - str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] - /* Check for SErrors synchronized by the ESB instruction */ mrs x30, DISR_EL1 tbz x30, #DISR_A_BIT, 1f /* * Save general purpose and ARMv8.3-PAuth registers (if enabled). - * If Secure Cycle Counter is not disabled in MDCR_EL3 when - * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter. - * Also set the PSTATE to a known state. + * Also save PMCR_EL0 and set the PSTATE to a known state. */ bl prepare_el3_entry @@ -82,31 +83,6 @@ 1: #else /* - * For SoCs which do not implement RAS, use DSB as a barrier to - * synchronize pending external aborts. - */ - dsb sy - - /* Unmask the SError interrupt */ - msr daifclr, #DAIF_ABT_BIT - - /* Use ISB for the above unmask operation to take effect immediately */ - isb - - /* - * Refer Note 1. No need to restore X30 as both handle_sync_exception - * and handle_interrupt_exception macro which follow this macro modify - * X30 anyway. - */ - str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] - mov x30, #1 - str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3] - dmb sy -#endif - .endm - -#if !RAS_EXTENSION - /* * Note 1: The explicit DSB at the entry of various exception vectors * for handling exceptions from lower ELs can inadvertently trigger an * SError exception in EL3 due to pending asynchronous aborts in lower @@ -120,13 +96,9 @@ * flag execute without causing further exceptions. */ - /* --------------------------------------------------------------------- - * This macro handles Asynchronous External Aborts. - * --------------------------------------------------------------------- - */ - .macro handle_async_ea /* - * Use a barrier to synchronize pending external aborts. + * For SoCs which do not implement RAS, use DSB as a barrier to + * synchronize pending external aborts. */ dsb sy @@ -136,33 +108,12 @@ /* Use ISB for the above unmask operation to take effect immediately */ isb - /* Refer Note 1 */ - str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] + /* Refer Note 1. */ mov x30, #1 str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3] dmb sy - - b handle_lower_el_async_ea - .endm - - /* - * This macro checks if the exception was taken due to SError in EL3 or - * because of pending asynchronous external aborts from lower EL that got - * triggered due to explicit synchronization in EL3. Refer Note 1. - */ - .macro check_if_serror_from_EL3 - /* Assumes SP_EL3 on entry */ - str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] - ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3] - cbnz x30, exp_from_EL3 - - /* Handle asynchronous external abort from lower EL */ - b handle_lower_el_async_ea - -exp_from_EL3: - /* Jump to plat_handle_el3_ea which does not return */ - .endm #endif + .endm /* --------------------------------------------------------------------- * This macro handles Synchronous exceptions. @@ -191,11 +142,14 @@ b.eq smc_handler32 cmp x30, #EC_AARCH64_SMC - b.eq smc_handler64 + b.eq sync_handler64 + + cmp x30, #EC_AARCH64_SYS + b.eq sync_handler64 /* Synchronous exceptions other than the above are assumed to be EA */ ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] - b enter_lower_el_sync_ea + b handle_lower_el_sync_ea .endm @@ -208,9 +162,7 @@ /* * Save general purpose and ARMv8.3-PAuth registers (if enabled). - * If Secure Cycle Counter is not disabled in MDCR_EL3 when - * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter. - * Also set the PSTATE to a known state. + * Also save PMCR_EL0 and set the PSTATE to a known state. */ bl prepare_el3_entry @@ -351,8 +303,20 @@ end_vector_entry fiq_sp_elx vector_entry serror_sp_elx -#if !RAS_EXTENSION - check_if_serror_from_EL3 +#if !RAS_FFH_SUPPORT + /* + * This will trigger if the exception was taken due to SError in EL3 or + * because of pending asynchronous external aborts from lower EL that got + * triggered due to explicit synchronization in EL3. Refer Note 1. + */ + /* Assumes SP_EL3 on entry */ + save_x30 + ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3] + cbnz x30, 1f + + /* Handle asynchronous external abort from lower EL */ + b handle_lower_el_async_ea +1: #endif no_ret plat_handle_el3_ea end_vector_entry serror_sp_elx @@ -368,31 +332,36 @@ * to a valid cpu context where the general purpose and system register * state can be saved. */ + save_x30 apply_at_speculative_wa check_and_unmask_ea handle_sync_exception end_vector_entry sync_exception_aarch64 vector_entry irq_aarch64 + save_x30 apply_at_speculative_wa check_and_unmask_ea handle_interrupt_exception irq_aarch64 end_vector_entry irq_aarch64 vector_entry fiq_aarch64 + save_x30 apply_at_speculative_wa check_and_unmask_ea handle_interrupt_exception fiq_aarch64 end_vector_entry fiq_aarch64 vector_entry serror_aarch64 + save_x30 apply_at_speculative_wa -#if RAS_EXTENSION +#if RAS_FFH_SUPPORT msr daifclr, #DAIF_ABT_BIT - b enter_lower_el_async_ea #else - handle_async_ea + check_and_unmask_ea #endif + b handle_lower_el_async_ea + end_vector_entry serror_aarch64 /* --------------------------------------------------------------------- @@ -406,31 +375,36 @@ * to a valid cpu context where the general purpose and system register * state can be saved. */ + save_x30 apply_at_speculative_wa check_and_unmask_ea handle_sync_exception end_vector_entry sync_exception_aarch32 vector_entry irq_aarch32 + save_x30 apply_at_speculative_wa check_and_unmask_ea handle_interrupt_exception irq_aarch32 end_vector_entry irq_aarch32 vector_entry fiq_aarch32 + save_x30 apply_at_speculative_wa check_and_unmask_ea handle_interrupt_exception fiq_aarch32 end_vector_entry fiq_aarch32 vector_entry serror_aarch32 + save_x30 apply_at_speculative_wa -#if RAS_EXTENSION +#if RAS_FFH_SUPPORT msr daifclr, #DAIF_ABT_BIT - b enter_lower_el_async_ea #else - handle_async_ea + check_and_unmask_ea #endif + b handle_lower_el_async_ea + end_vector_entry serror_aarch32 #ifdef MONITOR_TRAPS @@ -452,19 +426,17 @@ * Note that x30 has been explicitly saved and can be used here * --------------------------------------------------------------------- */ -func smc_handler +func sync_exception_handler smc_handler32: /* Check whether aarch32 issued an SMC64 */ tbnz x0, #FUNCID_CC_SHIFT, smc_prohibited -smc_handler64: +sync_handler64: /* NOTE: The code below must preserve x0-x4 */ /* * Save general purpose and ARMv8.3-PAuth registers (if enabled). - * If Secure Cycle Counter is not disabled in MDCR_EL3 when - * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter. - * Also set the PSTATE to a known state. + * Also save PMCR_EL0 and set the PSTATE to a known state. */ bl prepare_el3_entry @@ -493,15 +465,22 @@ msr spsel, #MODE_SP_EL0 /* - * Save the SPSR_EL3, ELR_EL3, & SCR_EL3 in case there is a world + * Save the SPSR_EL3 and ELR_EL3 in case there is a world * switch during SMC handling. * TODO: Revisit if all system registers can be saved later. */ mrs x16, spsr_el3 mrs x17, elr_el3 - mrs x18, scr_el3 stp x16, x17, [x6, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3] - str x18, [x6, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3] + + /* Load SCR_EL3 */ + mrs x18, scr_el3 + + /* check for system register traps */ + mrs x16, esr_el3 + ubfx x17, x16, #ESR_EC_SHIFT, #ESR_EC_LENGTH + cmp x17, #EC_AARCH64_SYS + b.eq sysreg_handler64 /* Clear flag register */ mov x7, xzr @@ -521,6 +500,17 @@ /* Copy SCR_EL3.NS bit to the flag to indicate caller's security */ bfi x7, x18, #0, #1 + mov sp, x12 + + /* + * Per SMCCC documentation, bits [23:17] must be zero for Fast + * SMCs. Other values are reserved for future use. Ensure that + * these bits are zeroes, if not report as unknown SMC. + */ + tbz x0, #FUNCID_TYPE_SHIFT, 2f /* Skip check if its a Yield Call*/ + tst x0, #(FUNCID_FC_RESERVED_MASK << FUNCID_FC_RESERVED_SHIFT) + b.ne smc_unknown + /* * Per SMCCCv1.3 a caller can set the SVE hint bit in the SMC FID * passed through x0. Copy the SVE hint bit to flags and mask the @@ -528,11 +518,10 @@ * A service/dispatcher can retrieve the SVE hint bit state from * flags using the appropriate helper. */ +2: bfi x7, x0, #FUNCID_SVE_HINT_SHIFT, #FUNCID_SVE_HINT_MASK bic x0, x0, #(FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT) - mov sp, x12 - /* Get the unique owning entity number */ ubfx x16, x0, #FUNCID_OEN_SHIFT, #FUNCID_OEN_WIDTH ubfx x15, x0, #FUNCID_TYPE_SHIFT, #FUNCID_TYPE_WIDTH @@ -568,12 +557,38 @@ b el3_exit +sysreg_handler64: + mov x0, x16 /* ESR_EL3, containing syndrome information */ + mov x1, x6 /* lower EL's context */ + mov x19, x6 /* save context pointer for after the call */ + mov sp, x12 /* EL3 runtime stack, as loaded above */ + + /* int handle_sysreg_trap(uint64_t esr_el3, cpu_context_t *ctx); */ + bl handle_sysreg_trap + /* + * returns: + * -1: unhandled trap, panic + * 0: handled trap, return to the trapping instruction (repeating it) + * 1: handled trap, return to the next instruction + */ + + tst w0, w0 + b.mi elx_panic /* negative return value: panic */ + b.eq 1f /* zero: do not change ELR_EL3 */ + + /* advance the PC to continue after the instruction */ + ldr x1, [x19, #CTX_EL3STATE_OFFSET + CTX_ELR_EL3] + add x1, x1, #4 + str x1, [x19, #CTX_EL3STATE_OFFSET + CTX_ELR_EL3] +1: + b el3_exit + smc_unknown: /* * Unknown SMC call. Populate return value with SMC_UNK and call * el3_exit() which will restore the remaining architectural state * i.e., SYS, GP and PAuth registers(if any) prior to issuing the ERET - * to the desired lower EL. + * to the desired lower EL. */ mov x0, #SMC_UNK str x0, [x6, #CTX_GPREGS_OFFSET + CTX_GPREG_X0] @@ -592,7 +607,7 @@ msr spsel, #MODE_SP_ELX no_ret report_unhandled_exception #endif -endfunc smc_handler +endfunc sync_exception_handler /* --------------------------------------------------------------------- * The following code handles exceptions caused by BRK instructions.
diff --git a/bl31/bl31.ld.S b/bl31/bl31.ld.S index 309e752..5ac83fa 100644 --- a/bl31/bl31.ld.S +++ b/bl31/bl31.ld.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -11,137 +11,148 @@ OUTPUT_ARCH(PLATFORM_LINKER_ARCH) ENTRY(bl31_entrypoint) - MEMORY { RAM (rwx): ORIGIN = BL31_BASE, LENGTH = BL31_LIMIT - BL31_BASE + #if SEPARATE_NOBITS_REGION NOBITS (rw!a): ORIGIN = BL31_NOBITS_BASE, LENGTH = BL31_NOBITS_LIMIT - BL31_NOBITS_BASE -#else -#define NOBITS RAM -#endif +#else /* SEPARATE_NOBITS_REGION */ +# define NOBITS RAM +#endif /* SEPARATE_NOBITS_REGION */ } #ifdef PLAT_EXTRA_LD_SCRIPT -#include <plat.ld.S> -#endif +# include <plat.ld.S> +#endif /* PLAT_EXTRA_LD_SCRIPT */ -SECTIONS -{ +SECTIONS { . = BL31_BASE; + ASSERT(. == ALIGN(PAGE_SIZE), - "BL31_BASE address is not aligned on a page boundary.") + "BL31_BASE address is not aligned on a page boundary.") __BL31_START__ = .; #if SEPARATE_CODE_AND_RODATA .text . : { __TEXT_START__ = .; + *bl31_entrypoint.o(.text*) *(SORT_BY_ALIGNMENT(SORT(.text*))) *(.vectors) + . = ALIGN(PAGE_SIZE); + __TEXT_END__ = .; } >RAM .rodata . : { __RODATA_START__ = .; + *(SORT_BY_ALIGNMENT(.rodata*)) -#if PLAT_EXTRA_RODATA_INCLUDES -#include <plat.ld.rodata.inc> -#endif +# if PLAT_EXTRA_RODATA_INCLUDES +# include <plat.ld.rodata.inc> +# endif /* PLAT_EXTRA_RODATA_INCLUDES */ - RODATA_COMMON + RODATA_COMMON - /* Place pubsub sections for events */ . = ALIGN(8); -#include <lib/el3_runtime/pubsub_events.h> + +# include <lib/el3_runtime/pubsub_events.h> . = ALIGN(PAGE_SIZE); + __RODATA_END__ = .; } >RAM -#else - ro . : { +#else /* SEPARATE_CODE_AND_RODATA */ + .ro . : { __RO_START__ = .; + *bl31_entrypoint.o(.text*) *(SORT_BY_ALIGNMENT(.text*)) *(SORT_BY_ALIGNMENT(.rodata*)) - RODATA_COMMON + RODATA_COMMON - /* Place pubsub sections for events */ . = ALIGN(8); -#include <lib/el3_runtime/pubsub_events.h> + +# include <lib/el3_runtime/pubsub_events.h> *(.vectors) + __RO_END_UNALIGNED__ = .; + /* * Memory page(s) mapped to this section will be marked as read-only, - * executable. No RW data from the next section must creep in. - * Ensure the rest of the current memory page is unused. + * executable. No RW data from the next section must creep in. Ensure + * that the rest of the current memory page is unused. */ . = ALIGN(PAGE_SIZE); + __RO_END__ = .; } >RAM -#endif +#endif /* SEPARATE_CODE_AND_RODATA */ ASSERT(__CPU_OPS_END__ > __CPU_OPS_START__, - "cpu_ops not defined for this platform.") + "cpu_ops not defined for this platform.") #if SPM_MM -#ifndef SPM_SHIM_EXCEPTIONS_VMA -#define SPM_SHIM_EXCEPTIONS_VMA RAM -#endif +# ifndef SPM_SHIM_EXCEPTIONS_VMA +# define SPM_SHIM_EXCEPTIONS_VMA RAM +# endif /* SPM_SHIM_EXCEPTIONS_VMA */ /* * Exception vectors of the SPM shim layer. They must be aligned to a 2K - * address, but we need to place them in a separate page so that we can set - * individual permissions to them, so the actual alignment needed is 4K. + * address but we need to place them in a separate page so that we can set + * individual permissions on them, so the actual alignment needed is the + * page size. * * There's no need to include this into the RO section of BL31 because it * doesn't need to be accessed by BL31. */ - spm_shim_exceptions : ALIGN(PAGE_SIZE) { + .spm_shim_exceptions : ALIGN(PAGE_SIZE) { __SPM_SHIM_EXCEPTIONS_START__ = .; + *(.spm_shim_exceptions) + . = ALIGN(PAGE_SIZE); + __SPM_SHIM_EXCEPTIONS_END__ = .; } >SPM_SHIM_EXCEPTIONS_VMA AT>RAM - PROVIDE(__SPM_SHIM_EXCEPTIONS_LMA__ = LOADADDR(spm_shim_exceptions)); - . = LOADADDR(spm_shim_exceptions) + SIZEOF(spm_shim_exceptions); -#endif + PROVIDE(__SPM_SHIM_EXCEPTIONS_LMA__ = LOADADDR(.spm_shim_exceptions)); - /* - * Define a linker symbol to mark start of the RW memory area for this - * image. - */ - __RW_START__ = . ; + . = LOADADDR(.spm_shim_exceptions) + SIZEOF(.spm_shim_exceptions); +#endif /* SPM_MM */ + + __RW_START__ = .; DATA_SECTION >RAM RELA_SECTION >RAM #ifdef BL31_PROGBITS_LIMIT - ASSERT(. <= BL31_PROGBITS_LIMIT, "BL31 progbits has exceeded its limit.") -#endif + ASSERT( + . <= BL31_PROGBITS_LIMIT, + "BL31 progbits has exceeded its limit. Consider disabling some features." + ) +#endif /* BL31_PROGBITS_LIMIT */ #if SEPARATE_NOBITS_REGION - /* - * Define a linker symbol to mark end of the RW memory area for this - * image. - */ . = ALIGN(PAGE_SIZE); + __RW_END__ = .; __BL31_END__ = .; ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.") . = BL31_NOBITS_BASE; + ASSERT(. == ALIGN(PAGE_SIZE), - "BL31 NOBITS base address is not aligned on a page boundary.") + "BL31 NOBITS base address is not aligned on a page boundary.") __NOBITS_START__ = .; -#endif +#endif /* SEPARATE_NOBITS_REGION */ STACK_SECTION >NOBITS BSS_SECTION >NOBITS @@ -149,49 +160,44 @@ #if USE_COHERENT_MEM /* - * The base address of the coherent memory section must be page-aligned (4K) - * to guarantee that the coherent data are stored on their own pages and - * are not mixed with normal data. This is required to set up the correct + * The base address of the coherent memory section must be page-aligned to + * guarantee that the coherent data are stored on their own pages and are + * not mixed with normal data. This is required to set up the correct * memory attributes for the coherent data page tables. */ - coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { + .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { __COHERENT_RAM_START__ = .; + /* - * Bakery locks are stored in coherent memory - * - * Each lock's data is contiguous and fully allocated by the compiler + * Bakery locks are stored in coherent memory. Each lock's data is + * contiguous and fully allocated by the compiler. */ - *(bakery_lock) - *(tzfw_coherent_mem) + *(.bakery_lock) + *(.tzfw_coherent_mem) + __COHERENT_RAM_END_UNALIGNED__ = .; + /* - * Memory page(s) mapped to this section will be marked - * as device memory. No other unexpected data must creep in. - * Ensure the rest of the current memory page is unused. + * Memory page(s) mapped to this section will be marked as device + * memory. No other unexpected data must creep in. Ensure the rest of + * the current memory page is unused. */ . = ALIGN(PAGE_SIZE); + __COHERENT_RAM_END__ = .; } >NOBITS -#endif +#endif /* USE_COHERENT_MEM */ #if SEPARATE_NOBITS_REGION - /* - * Define a linker symbol to mark end of the NOBITS memory area for this - * image. - */ __NOBITS_END__ = .; ASSERT(. <= BL31_NOBITS_LIMIT, "BL31 NOBITS region has exceeded its limit.") -#else - /* - * Define a linker symbol to mark end of the RW memory area for this - * image. - */ +#else /* SEPARATE_NOBITS_REGION */ __RW_END__ = .; __BL31_END__ = .; ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.") -#endif +#endif /* SEPARATE_NOBITS_REGION */ /DISCARD/ : { *(.dynsym .dynstr .hash .gnu.hash)
diff --git a/bl31/bl31.mk b/bl31/bl31.mk index 4c93a55..d7c9a52 100644 --- a/bl31/bl31.mk +++ b/bl31/bl31.mk
@@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -42,6 +42,7 @@ bl31/aarch64/ea_delegate.S \ bl31/aarch64/runtime_exceptions.S \ bl31/bl31_context_mgmt.c \ + bl31/bl31_traps.c \ common/runtime_svc.c \ lib/cpus/aarch64/dsu_helpers.S \ plat/common/aarch64/platform_mp_stack.S \ @@ -86,11 +87,15 @@ services/std_svc/trng/trng_entropy_pool.c endif -ifeq (${ENABLE_SPE_FOR_LOWER_ELS},1) +ifneq (${ENABLE_SPE_FOR_NS},0) BL31_SOURCES += lib/extensions/spe/spe.c endif -ifeq (${ENABLE_AMU},1) +ifeq (${ERRATA_ABI_SUPPORT},1) +BL31_SOURCES += services/std_svc/errata_abi/errata_abi_main.c +endif + +ifneq (${ENABLE_FEAT_AMU},0) BL31_SOURCES += ${AMU_SOURCES} endif @@ -98,32 +103,30 @@ BL31_SOURCES += ${MPMM_SOURCES} endif -ifeq (${ENABLE_SME_FOR_NS},1) +ifneq (${ENABLE_SME_FOR_NS},0) BL31_SOURCES += lib/extensions/sme/sme.c -BL31_SOURCES += lib/extensions/sve/sve.c -else -ifeq (${ENABLE_SVE_FOR_NS},1) -BL31_SOURCES += lib/extensions/sve/sve.c endif +ifneq (${ENABLE_SVE_FOR_NS},0) +BL31_SOURCES += lib/extensions/sve/sve.c endif -ifeq (${ENABLE_MPAM_FOR_LOWER_ELS},1) +ifneq (${ENABLE_MPAM_FOR_LOWER_ELS},0) BL31_SOURCES += lib/extensions/mpam/mpam.c endif -ifeq (${ENABLE_TRBE_FOR_NS},1) +ifneq (${ENABLE_TRBE_FOR_NS},0) BL31_SOURCES += lib/extensions/trbe/trbe.c endif -ifeq (${ENABLE_BRBE_FOR_NS},1) +ifneq (${ENABLE_BRBE_FOR_NS},0) BL31_SOURCES += lib/extensions/brbe/brbe.c endif -ifeq (${ENABLE_SYS_REG_TRACE_FOR_NS},1) +ifneq (${ENABLE_SYS_REG_TRACE_FOR_NS},0) BL31_SOURCES += lib/extensions/sys_reg_trace/aarch64/sys_reg_trace.c endif -ifeq (${ENABLE_TRF_FOR_NS},1) +ifneq (${ENABLE_TRF_FOR_NS},0) BL31_SOURCES += lib/extensions/trf/aarch64/trf.c endif @@ -156,7 +159,13 @@ ${MBEDTLS_SOURCES} endif -BL31_LINKERFILE := bl31/bl31.ld.S +BL31_DEFAULT_LINKER_SCRIPT_SOURCE := bl31/bl31.ld.S + +ifneq ($(findstring gcc,$(notdir $(LD))),) + BL31_LDFLAGS += -Wl,--sort-section=alignment +else ifneq ($(findstring ld,$(notdir $(LD))),) + BL31_LDFLAGS += --sort-section=alignment +endif # Flag used to indicate if Crash reporting via console should be included # in BL31. This defaults to being present in DEBUG builds only
diff --git a/bl31/bl31_main.c b/bl31/bl31_main.c index 2a3d838..e70eb55 100644 --- a/bl31/bl31_main.c +++ b/bl31/bl31_main.c
@@ -93,15 +93,6 @@ /* Perform late platform-specific setup */ bl31_plat_arch_setup(); -#if ENABLE_FEAT_HCX - /* - * Assert that FEAT_HCX is supported on this system, without this check - * an exception would occur during context save/restore if enabled but - * not supported. - */ - assert(is_feat_hcx_present()); -#endif /* ENABLE_FEAT_HCX */ - #if CTX_INCLUDE_PAUTH_REGS /* * Assert that the ARMv8.3-PAuth registers are present or an access
diff --git a/bl31/bl31_traps.c b/bl31/bl31_traps.c new file mode 100644 index 0000000..2cfe14a --- /dev/null +++ b/bl31/bl31_traps.c
@@ -0,0 +1,30 @@ +/* + * Copyright (c) 2022, ARM Limited. All rights reserved. + * Copyright (c) 2023, NVIDIA Corporation. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + * Dispatch synchronous system register traps from lower ELs. + */ + +#include <bl31/sync_handle.h> +#include <context.h> + +int handle_sysreg_trap(uint64_t esr_el3, cpu_context_t *ctx) +{ + uint64_t __unused opcode = esr_el3 & ISS_SYSREG_OPCODE_MASK; + +#if ENABLE_FEAT_RNG_TRAP + if ((opcode == ISS_SYSREG_OPCODE_RNDR) || (opcode == ISS_SYSREG_OPCODE_RNDRRS)) { + return plat_handle_rng_trap(esr_el3, ctx); + } +#endif + +#if IMPDEF_SYSREG_TRAP + if ((opcode & ISS_SYSREG_OPCODE_IMPDEF) == ISS_SYSREG_OPCODE_IMPDEF) { + return plat_handle_impdef_trap(esr_el3, ctx); + } +#endif + + return TRAP_RET_UNHANDLED; +}
diff --git a/bl32/sp_min/sp_min.ld.S b/bl32/sp_min/sp_min.ld.S index 475affa..1695e1e 100644 --- a/bl32/sp_min/sp_min.ld.S +++ b/bl32/sp_min/sp_min.ld.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -16,130 +16,132 @@ } #ifdef PLAT_SP_MIN_EXTRA_LD_SCRIPT -#include <plat_sp_min.ld.S> -#endif +# include <plat_sp_min.ld.S> +#endif /* PLAT_SP_MIN_EXTRA_LD_SCRIPT */ -SECTIONS -{ +SECTIONS { . = BL32_BASE; + ASSERT(. == ALIGN(PAGE_SIZE), - "BL32_BASE address is not aligned on a page boundary.") + "BL32_BASE address is not aligned on a page boundary.") #if SEPARATE_CODE_AND_RODATA .text . : { __TEXT_START__ = .; + *entrypoint.o(.text*) *(SORT_BY_ALIGNMENT(.text*)) *(.vectors) + . = ALIGN(PAGE_SIZE); + __TEXT_END__ = .; } >RAM - /* .ARM.extab and .ARM.exidx are only added because Clang need them */ - .ARM.extab . : { + /* .ARM.extab and .ARM.exidx are only added because Clang needs them */ + .ARM.extab . : { *(.ARM.extab* .gnu.linkonce.armextab.*) - } >RAM + } >RAM - .ARM.exidx . : { + .ARM.exidx . : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) - } >RAM + } >RAM .rodata . : { __RODATA_START__ = .; *(SORT_BY_ALIGNMENT(.rodata*)) - RODATA_COMMON + RODATA_COMMON - /* Place pubsub sections for events */ . = ALIGN(8); -#include <lib/el3_runtime/pubsub_events.h> + +# include <lib/el3_runtime/pubsub_events.h> . = ALIGN(PAGE_SIZE); + __RODATA_END__ = .; } >RAM -#else - ro . : { +#else /* SEPARATE_CODE_AND_RODATA */ + .ro . : { __RO_START__ = .; + *entrypoint.o(.text*) *(SORT_BY_ALIGNMENT(.text*)) *(SORT_BY_ALIGNMENT(.rodata*)) - RODATA_COMMON + RODATA_COMMON - /* Place pubsub sections for events */ . = ALIGN(8); -#include <lib/el3_runtime/pubsub_events.h> + +# include <lib/el3_runtime/pubsub_events.h> *(.vectors) + __RO_END_UNALIGNED__ = .; /* - * Memory page(s) mapped to this section will be marked as - * read-only, executable. No RW data from the next section must - * creep in. Ensure the rest of the current memory page is unused. + * Memory page(s) mapped to this section will be marked as device + * memory. No other unexpected data must creep in. Ensure that the rest + * of the current memory page is unused. */ . = ALIGN(PAGE_SIZE); + __RO_END__ = .; } >RAM -#endif +#endif /* SEPARATE_CODE_AND_RODATA */ ASSERT(__CPU_OPS_END__ > __CPU_OPS_START__, - "cpu_ops not defined for this platform.") - /* - * Define a linker symbol to mark start of the RW memory area for this - * image. - */ - __RW_START__ = . ; + "cpu_ops not defined for this platform.") + + __RW_START__ = .; DATA_SECTION >RAM RELA_SECTION >RAM #ifdef BL32_PROGBITS_LIMIT ASSERT(. <= BL32_PROGBITS_LIMIT, "BL32 progbits has exceeded its limit.") -#endif +#endif /* BL32_PROGBITS_LIMIT */ STACK_SECTION >RAM BSS_SECTION >RAM XLAT_TABLE_SECTION >RAM - __BSS_SIZE__ = SIZEOF(.bss); + __BSS_SIZE__ = SIZEOF(.bss); #if USE_COHERENT_MEM /* - * The base address of the coherent memory section must be page-aligned (4K) - * to guarantee that the coherent data are stored on their own pages and - * are not mixed with normal data. This is required to set up the correct + * The base address of the coherent memory section must be page-aligned to + * guarantee that the coherent data are stored on their own pages and are + * not mixed with normal data. This is required to set up the correct * memory attributes for the coherent data page tables. */ - coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { + .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { __COHERENT_RAM_START__ = .; + /* - * Bakery locks are stored in coherent memory - * - * Each lock's data is contiguous and fully allocated by the compiler + * Bakery locks are stored in coherent memory. Each lock's data is + * contiguous and fully allocated by the compiler. */ - *(bakery_lock) - *(tzfw_coherent_mem) + *(.bakery_lock) + *(.tzfw_coherent_mem) + __COHERENT_RAM_END_UNALIGNED__ = .; + /* - * Memory page(s) mapped to this section will be marked - * as device memory. No other unexpected data must creep in. - * Ensure the rest of the current memory page is unused. + * Memory page(s) mapped to this section will be marked as device + * memory. No other unexpected data must creep in. Ensure that the rest + * of the current memory page is unused. */ . = ALIGN(PAGE_SIZE); + __COHERENT_RAM_END__ = .; } >RAM __COHERENT_RAM_UNALIGNED_SIZE__ = __COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__; -#endif +#endif /* USE_COHERENT_MEM */ - /* - * Define a linker symbol to mark the end of the RW memory area for this - * image. - */ __RW_END__ = .; - __BL32_END__ = .; /DISCARD/ : {
diff --git a/bl32/sp_min/sp_min.mk b/bl32/sp_min/sp_min.mk index ab1287d..ec75d88 100644 --- a/bl32/sp_min/sp_min.mk +++ b/bl32/sp_min/sp_min.mk
@@ -1,5 +1,5 @@ # -# Copyright (c) 2016-2022, Arm Limited and Contributors. All rights reserved. +# Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -28,7 +28,7 @@ BL32_SOURCES += lib/pmf/pmf_main.c endif -ifeq (${ENABLE_AMU},1) +ifneq (${ENABLE_FEAT_AMU},0) BL32_SOURCES += ${AMU_SOURCES} endif @@ -46,15 +46,25 @@ services/std_svc/trng/trng_entropy_pool.c endif -ifeq (${ENABLE_SYS_REG_TRACE_FOR_NS},1) +ifeq (${ERRATA_ABI_SUPPORT}, 1) +BL32_SOURCES += services/std_svc/errata_abi/errata_abi_main.c +endif + +ifneq (${ENABLE_SYS_REG_TRACE_FOR_NS},0) BL32_SOURCES += lib/extensions/sys_reg_trace/aarch32/sys_reg_trace.c endif -ifeq (${ENABLE_TRF_FOR_NS},1) +ifneq (${ENABLE_TRF_FOR_NS},0) BL32_SOURCES += lib/extensions/trf/aarch32/trf.c endif -BL32_LINKERFILE := bl32/sp_min/sp_min.ld.S +BL32_DEFAULT_LINKER_SCRIPT_SOURCE := bl32/sp_min/sp_min.ld.S + +ifneq ($(findstring gcc,$(notdir $(LD))),) + BL32_LDFLAGS += -Wl,--sort-section=alignment +else ifneq ($(findstring ld,$(notdir $(LD))),) + BL32_LDFLAGS += --sort-section=alignment +endif # Include the platform-specific SP_MIN Makefile # If no platform-specific SP_MIN Makefile exists, it means SP_MIN is not supported
diff --git a/bl32/tsp/ffa_helpers.c b/bl32/tsp/ffa_helpers.c index 3639c22..ad70c2b 100644 --- a/bl32/tsp/ffa_helpers.c +++ b/bl32/tsp/ffa_helpers.c
@@ -149,13 +149,15 @@ { smc_args_t ret; uint32_t descriptor_size; - struct ffa_mtd *memory_region = (struct ffa_mtd *)mb->tx_buffer; + struct ffa_mtd *memory_region; if (retrieved == NULL || mb == NULL) { ERROR("Invalid parameters!\n"); return false; } + memory_region = (struct ffa_mtd *)mb->tx_buffer; + /* Clear TX buffer. */ memset(memory_region, 0, PAGE_SIZE);
diff --git a/bl32/tsp/tsp.ld.S b/bl32/tsp/tsp.ld.S index d86ae55..a6658dd 100644 --- a/bl32/tsp/tsp.ld.S +++ b/bl32/tsp/tsp.ld.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -11,71 +11,73 @@ OUTPUT_ARCH(PLATFORM_LINKER_ARCH) ENTRY(tsp_entrypoint) - MEMORY { RAM (rwx): ORIGIN = TSP_SEC_MEM_BASE, LENGTH = TSP_SEC_MEM_SIZE } - -SECTIONS -{ +SECTIONS { . = BL32_BASE; + ASSERT(. == ALIGN(PAGE_SIZE), - "BL32_BASE address is not aligned on a page boundary.") + "BL32_BASE address is not aligned on a page boundary.") #if SEPARATE_CODE_AND_RODATA .text . : { __TEXT_START__ = .; + *tsp_entrypoint.o(.text*) *(.text*) *(.vectors) + . = ALIGN(PAGE_SIZE); + __TEXT_END__ = .; } >RAM .rodata . : { __RODATA_START__ = .; + *(.rodata*) - RODATA_COMMON + RODATA_COMMON . = ALIGN(PAGE_SIZE); + __RODATA_END__ = .; } >RAM -#else - ro . : { +#else /* SEPARATE_CODE_AND_RODATA */ + .ro . : { __RO_START__ = .; + *tsp_entrypoint.o(.text*) *(.text*) *(.rodata*) - RODATA_COMMON + RODATA_COMMON *(.vectors) __RO_END_UNALIGNED__ = .; + /* - * Memory page(s) mapped to this section will be marked as - * read-only, executable. No RW data from the next section must - * creep in. Ensure the rest of the current memory page is unused. + * Memory page(s) mapped to this section will be marked as read-only, + * executable. No RW data from the next section must creep in. Ensure + * that the rest of the current memory page is unused. */ . = ALIGN(PAGE_SIZE); + __RO_END__ = .; } >RAM -#endif +#endif /* SEPARATE_CODE_AND_RODATA */ - /* - * Define a linker symbol to mark start of the RW memory area for this - * image. - */ - __RW_START__ = . ; + __RW_START__ = .; DATA_SECTION >RAM RELA_SECTION >RAM #ifdef TSP_PROGBITS_LIMIT ASSERT(. <= TSP_PROGBITS_LIMIT, "TSP progbits has exceeded its limit.") -#endif +#endif /* TSP_PROGBITS_LIMIT */ STACK_SECTION >RAM BSS_SECTION >RAM @@ -83,29 +85,27 @@ #if USE_COHERENT_MEM /* - * The base address of the coherent memory section must be page-aligned (4K) - * to guarantee that the coherent data are stored on their own pages and - * are not mixed with normal data. This is required to set up the correct - * memory attributes for the coherent data page tables. + * The base address of the coherent memory section must be page-aligned to + * guarantee that the coherent data are stored on their own pages and are + * not mixed with normal data. This is required to set up the correct memory + * attributes for the coherent data page tables. */ - coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { + .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) { __COHERENT_RAM_START__ = .; - *(tzfw_coherent_mem) + *(.tzfw_coherent_mem) __COHERENT_RAM_END_UNALIGNED__ = .; + /* - * Memory page(s) mapped to this section will be marked - * as device memory. No other unexpected data must creep in. - * Ensure the rest of the current memory page is unused. + * Memory page(s) mapped to this section will be marked as device + * memory. No other unexpected data must creep in. Ensure that the rest + * of the current memory page is unused. */ . = ALIGN(PAGE_SIZE); + __COHERENT_RAM_END__ = .; } >RAM -#endif +#endif /* USE_COHERENT_MEM */ - /* - * Define a linker symbol to mark the end of the RW memory area for this - * image. - */ __RW_END__ = .; __BL32_END__ = .; @@ -114,10 +114,11 @@ } __BSS_SIZE__ = SIZEOF(.bss); + #if USE_COHERENT_MEM __COHERENT_RAM_UNALIGNED_SIZE__ = __COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__; -#endif +#endif /* USE_COHERENT_MEM */ ASSERT(. <= BL32_LIMIT, "BL32 image has exceeded its limit.") }
diff --git a/bl32/tsp/tsp.mk b/bl32/tsp/tsp.mk index c31b9b5..4c18131 100644 --- a/bl32/tsp/tsp.mk +++ b/bl32/tsp/tsp.mk
@@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -22,7 +22,13 @@ common/aarch64/early_exceptions.S \ lib/locks/exclusive/aarch64/spinlock.S -BL32_LINKERFILE := bl32/tsp/tsp.ld.S +BL32_DEFAULT_LINKER_SCRIPT_SOURCE := bl32/tsp/tsp.ld.S + +ifneq ($(findstring gcc,$(notdir $(LD))),) + BL32_LDFLAGS += -Wl,--sort-section=alignment +else ifneq ($(findstring ld,$(notdir $(LD))),) + BL32_LDFLAGS += --sort-section=alignment +endif # This flag determines if the TSPD initializes BL32 in tspd_init() (synchronous # method) or configures BL31 to pass control to BL32 instead of BL33
diff --git a/bl32/tsp/tsp_ffa_main.c b/bl32/tsp/tsp_ffa_main.c index 53dbd03..268d329 100644 --- a/bl32/tsp/tsp_ffa_main.c +++ b/bl32/tsp/tsp_ffa_main.c
@@ -201,7 +201,7 @@ /* Only expecting to be sent memory from NWd so map accordingly. */ mem_attrs |= MT_NS; - for (uint32_t i = 0U; i < composite->address_range_count; i++) { + for (int32_t i = 0; i < (int32_t)composite->address_range_count; i++) { size_t size = composite->address_range_array[i].page_count * PAGE_SIZE; ptr = (char *) composite->address_range_array[i].address; @@ -211,15 +211,15 @@ size, mem_attrs); if (ret != 0) { - ERROR("Failed [%u] mmap_add_dynamic_region %u (%lx) (%lx) (%x)!\n", + ERROR("Failed [%d] mmap_add_dynamic_region %u (%lx) (%lx) (%x)!\n", i, ret, (uint64_t)composite->address_range_array[i].address, size, mem_attrs); - /* Remove mappings created in this transaction. */ - for (i--; i >= 0U; i--) { + /* Remove mappings previously created in this transaction. */ + for (i--; i >= 0; i--) { ret = mmap_remove_dynamic_region( - (uint64_t)ptr, + (uint64_t)composite->address_range_array[i].address, composite->address_range_array[i].page_count * PAGE_SIZE); if (ret != 0) { @@ -227,6 +227,7 @@ panic(); } } + return FFA_ERROR_NO_MEMORY; } @@ -298,8 +299,8 @@ tsp_stats[linear_id].eret_count++; tsp_stats[linear_id].cpu_off_count++; - INFO("TSP: cpu 0x%lx off request\n", read_mpidr()); - INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu off requests\n", + VERBOSE("TSP: cpu 0x%lx off request\n", read_mpidr()); + VERBOSE("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu off requests\n", read_mpidr(), tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, @@ -336,7 +337,7 @@ tsp_stats[linear_id].eret_count++; tsp_stats[linear_id].cpu_suspend_count++; - INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu suspend requests\n", + VERBOSE("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu suspend requests\n", read_mpidr(), tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, @@ -369,9 +370,9 @@ tsp_stats[linear_id].eret_count++; tsp_stats[linear_id].cpu_resume_count++; - INFO("TSP: cpu 0x%lx resumed. maximum off power level %" PRId64 "\n", + VERBOSE("TSP: cpu 0x%lx resumed. maximum off power level %" PRId64 "\n", read_mpidr(), max_off_pwrlvl); - INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu resume requests\n", + VERBOSE("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu resume requests\n", read_mpidr(), tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, @@ -611,7 +612,7 @@ tsp_stats[linear_id].eret_count++; tsp_stats[linear_id].cpu_on_count++; - INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu on requests\n", + VERBOSE("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu on requests\n", read_mpidr(), tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, @@ -640,8 +641,8 @@ tsp_stats[linear_id].smc_count++; tsp_stats[linear_id].eret_count++; tsp_stats[linear_id].cpu_on_count++; - INFO("TSP: cpu 0x%lx turned on\n", read_mpidr()); - INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu on requests\n", + VERBOSE("TSP: cpu 0x%lx turned on\n", read_mpidr()); + VERBOSE("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu on requests\n", read_mpidr(), tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count,
diff --git a/bl32/tsp/tsp_main.c b/bl32/tsp/tsp_main.c index df9903b..0878ea4 100644 --- a/bl32/tsp/tsp_main.c +++ b/bl32/tsp/tsp_main.c
@@ -263,7 +263,7 @@ results[1] /= service_arg1 ? service_arg1 : 1; break; case TSP_CHECK_DIT: - if (!is_armv8_4_dit_present()) { + if (!is_feat_dit_supported()) { ERROR("DIT not supported\n"); results[0] = 0; results[1] = 0xffff;
diff --git a/changelog.yaml b/changelog.yaml index cfb2bb5..0c4644d 100644 --- a/changelog.yaml +++ b/changelog.yaml
@@ -1,5 +1,5 @@ # -# Copyright (c) 2021-2022, Arm Limited. All rights reserved. +# Copyright (c) 2021-2023, Arm Limited. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -101,6 +101,15 @@ - title: Extended Cache Index (FEAT_CCIDX) scope: ccidx + - title: Extended Translation Control Register (FEAT_TCR2). + scope: tcr2 + + - title: CPU feature / ID register handling in general + scope: cpufeat + + - title: Guarded Control Stack (FEAT_GCS) + scope: gcs + - title: Support for the `HCRX_EL2` register (FEAT_HCX) scope: hcx @@ -119,7 +128,7 @@ - title: Trapping support for RNDR/RNDRRS (FEAT_RNG_TRAP) scope: rng-trap - - title: Scalable Matrix Extension (FEAT_SME) + - title: Scalable Matrix Extension (FEAT_SME, FEAT_SME2) scope: sme - title: Statistical profiling Extension (FEAT_SPE) @@ -156,11 +165,15 @@ - plat/arm subsections: + - title: A5DS + scope: a5ds + - title: CSS scope: css deprecated: - plat/arm/css + - plat/css - title: FPGA scope: fpga @@ -199,6 +212,9 @@ scope: rd subsections: + - title: RD-N1 Edge + scope: rdn1edge + - title: RD-N2 scope: rdn2 @@ -215,6 +231,9 @@ - title: TC scope: tc + deprecated: + - plat/tc + subsections: - title: TC0 scope: tc0 @@ -326,6 +345,9 @@ - title: Tegra 194 scope: tegra194 + - title: Tegra 210 + scope: tegra210 + - title: NXP scope: nxp @@ -374,6 +396,9 @@ deprecated: - plat/imx/imx8m/imx8mq + - title: i.MX 8 + scope: imx8 + - title: Layerscape scope: layerscape @@ -456,6 +481,10 @@ deprecated: - plat/qemu + subsections: + - title: SBSA + scope: qemu-sbsa + - title: QTI scope: qti @@ -631,6 +660,9 @@ - title: RMMD scope: rmmd + - title: RMM + scope: rmm + - title: SPM scope: spm @@ -653,6 +685,9 @@ - title: TRNG scope: trng + - title: ERRATA_ABI + scope: errata_abi + - title: Libraries subsections: @@ -744,6 +779,9 @@ - title: mbedTLS scope: mbedtls + - title: Console + scope: console + - title: Generic Clock scope: clk @@ -796,6 +834,9 @@ - title: GUID Partition Tables Support scope: guid-partition + deprecated: + - partition + - title: SCMI scope: scmi @@ -865,6 +906,9 @@ deprecated: - drivers/tzc380 + - title: SBSA + scope: sbsa + - title: Marvell scope: marvell-drivers @@ -1160,6 +1204,9 @@ - title: PIE scope: pie + - title: PIE/POR + scope: pie/por + - title: Security scope: security @@ -1184,6 +1231,9 @@ deprecated: - plat/nxp/common/psci + - title: UUID + scope: uuid + - title: Documentation scope: docs @@ -1213,6 +1263,9 @@ - title: Threat Model scope: threat-model + - title: Porting Guide + scope: porting + - title: Build System scope: build @@ -1224,6 +1277,9 @@ - title: Git Hooks scope: hooks + deprecated: + - git-hooks + - title: Tools subsections: @@ -1269,4 +1325,3 @@ - title: zlib scope: zlib -
diff --git a/common/aarch32/debug.S b/common/aarch32/debug.S index ae0bb7a..2937f56 100644 --- a/common/aarch32/debug.S +++ b/common/aarch32/debug.S
@@ -12,7 +12,7 @@ .globl asm_print_hex .globl asm_print_hex_bits .globl asm_assert - .globl do_panic + .globl el3_panic .globl report_exception .globl report_prefetch_abort .globl report_data_abort @@ -159,14 +159,14 @@ endfunc asm_print_hex /*********************************************************** - * The common implementation of do_panic for all BL stages + * The common implementation of el3_panic for all BL stages ***********************************************************/ .section .rodata.panic_str, "aS" panic_msg: .asciz "PANIC at PC : 0x" panic_end: .asciz "\r\n" -func do_panic +func el3_panic /* Have LR copy point to PC at the time of panic */ sub r6, lr, #4 @@ -194,7 +194,7 @@ _panic_handler: mov lr, r6 b plat_panic_handler -endfunc do_panic +endfunc el3_panic /*********************************************************** * This function is called from the vector table for
diff --git a/common/aarch64/debug.S b/common/aarch64/debug.S index 742e022..8768a1f 100644 --- a/common/aarch64/debug.S +++ b/common/aarch64/debug.S
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2014-2023 Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -13,7 +13,8 @@ .globl asm_print_hex_bits .globl asm_print_newline .globl asm_assert - .globl do_panic + .globl el3_panic + .globl elx_panic /* Since the max decimal input number is 65536 */ #define MAX_DEC_DIVISOR 10000 @@ -145,54 +146,33 @@ endfunc asm_print_newline /*********************************************************** - * The common implementation of do_panic for all BL stages + * The common implementation of el3_panic for all BL stages ***********************************************************/ .section .rodata.panic_str, "aS" panic_msg: .asciz "PANIC at PC : 0x" +func elx_panic +#if CRASH_REPORTING && defined(IMAGE_BL31) + b report_elx_panic +#endif /* CRASH_REPORTING && IMAGE_BL31 */ + + b panic_common +endfunc elx_panic + /* --------------------------------------------------------------------------- - * do_panic assumes that it is invoked from a C Runtime Environment ie a + * el3_panic assumes that it is invoked from a C Runtime Environment ie a * valid stack exists. This call will not return. * Clobber list : if CRASH_REPORTING is not enabled then x30, x0 - x6 * --------------------------------------------------------------------------- */ -/* This is for the non el3 BL stages to compile through */ - .weak el3_panic - .weak elx_panic - -func do_panic -#if CRASH_REPORTING - str x0, [sp, #-0x10]! - mrs x0, currentel - ubfx x0, x0, #MODE_EL_SHIFT, #MODE_EL_WIDTH - cmp x0, #MODE_EL3 -#if !HANDLE_EA_EL3_FIRST_NS - ldr x0, [sp], #0x10 - b.eq el3_panic -#else - b.ne to_panic_common - - /* Check EL the exception taken from */ - mrs x0, spsr_el3 - ubfx x0, x0, #SPSR_EL_SHIFT, #SPSR_EL_WIDTH - cmp x0, #MODE_EL3 - b.ne elx_panic - ldr x0, [sp], #0x10 - b el3_panic - -to_panic_common: - ldr x0, [sp], #0x10 -#endif /* HANDLE_EA_EL3_FIRST_NS */ -#endif /* CRASH_REPORTING */ +func el3_panic +#if CRASH_REPORTING && defined(IMAGE_BL31) + b report_el3_panic +#endif /* CRASH_REPORTING && IMAGE_BL31 */ panic_common: -/* - * el3_panic will be redefined by the BL31 - * crash reporting mechanism (if enabled) - */ -el3_panic: mov x6, x30 bl plat_crash_console_init @@ -218,4 +198,5 @@ * called, not the address of the call from el3_panic. */ mov x30, x6 b plat_panic_handler -endfunc do_panic + +endfunc el3_panic
diff --git a/common/fdt_wrappers.c b/common/fdt_wrappers.c index 1b065b1..783b660 100644 --- a/common/fdt_wrappers.c +++ b/common/fdt_wrappers.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -206,9 +206,9 @@ assert(cells <= 2U); if (cells == 2U) - *(uint64_t *)value = cpu_to_fdt64(*(uint64_t *)value); + *(fdt64_t *)value = cpu_to_fdt64(*(uint64_t *)value); else - *(uint32_t *)value = cpu_to_fdt32(*(uint32_t *)value); + *(fdt32_t *)value = cpu_to_fdt32(*(uint32_t *)value); len = (int)cells * 4; @@ -392,7 +392,7 @@ * to a global address with help of various helper functions. ******************************************************************************/ -static bool fdtw_xlat_hit(const uint32_t *value, int child_addr_size, +static bool fdtw_xlat_hit(const fdt32_t *value, int child_addr_size, int parent_addr_size, int range_size, uint64_t base_address, uint64_t *translated_addr) { @@ -427,7 +427,7 @@ int local_bus, uint64_t base_address) { uint64_t translated_addr; - const uint32_t *next_entry; + const fdt32_t *next_entry; int parent_bus_node, nxlat_entries, length; int self_addr_cells, parent_addr_cells, self_size_cells, ncells_xlat; @@ -460,7 +460,7 @@ assert(nxlat_entries > 0); - next_entry = (const uint32_t *)ranges_prop->data; + next_entry = (const fdt32_t *)ranges_prop->data; /* Iterate over the entries in the "ranges" */ for (int i = 0; i < nxlat_entries; i++) {
diff --git a/common/feat_detect.c b/common/feat_detect.c index ee34588..50b74d0 100644 --- a/common/feat_detect.c +++ b/common/feat_detect.c
@@ -1,69 +1,63 @@ /* - * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2022-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ +#include <arch_features.h> +#include <common/debug.h> #include <common/feat_detect.h> +static bool tainted; + /******************************************************************************* * This section lists the wrapper modules for each feature to evaluate the - * feature states (FEAT_STATE_1 and FEAT_STATE_2) and perform necessary action - * as below: + * feature states (FEAT_STATE_ALWAYS and FEAT_STATE_CHECK) and perform + * necessary action as below: * * It verifies whether the FEAT_XXX (eg: FEAT_SB) is supported by the PE or not. * Without this check an exception would occur during context save/restore * routines, if the feature is enabled but not supported by PE. ******************************************************************************/ -/****************************************** - * Feature : FEAT_SB (Speculation Barrier) - *****************************************/ -static void read_feat_sb(void) -{ -#if (ENABLE_FEAT_SB == FEAT_STATE_1) - feat_detect_panic(is_armv8_0_feat_sb_present(), "SB"); -#endif -} +#define feat_detect_panic(a, b) ((a) ? (void)0 : feature_panic(b)) -/****************************************************** - * Feature : FEAT_CSV2_2 (Cache Speculation Variant 2) - *****************************************************/ -static void read_feat_csv2_2(void) +/******************************************************************************* + * Function : feature_panic + * Customised panic function with error logging mechanism to list the feature + * not supported by the PE. + ******************************************************************************/ +static inline void feature_panic(char *feat_name) { -#if (ENABLE_FEAT_CSV2_2 == FEAT_STATE_1) - feat_detect_panic(is_armv8_0_feat_csv2_2_present(), "CSV2_2"); -#endif -} - -/*********************************************** - * Feature : FEAT_PAN (Privileged Access Never) - **********************************************/ -static void read_feat_pan(void) -{ -#if (ENABLE_FEAT_PAN == FEAT_STATE_1) - feat_detect_panic(is_armv8_1_pan_present(), "PAN"); -#endif -} - -/****************************************************** - * Feature : FEAT_VHE (Virtualization Host Extensions) - *****************************************************/ -static void read_feat_vhe(void) -{ -#if (ENABLE_FEAT_VHE == FEAT_STATE_1) - feat_detect_panic(is_armv8_1_vhe_present(), "VHE"); -#endif + ERROR("FEAT_%s not supported by the PE\n", feat_name); + panic(); } /******************************************************************************* - * Feature : FEAT_RAS (Reliability, Availability, and Serviceability Extension) + * Function : check_feature + * Check for a valid combination of build time flags (ENABLE_FEAT_xxx) and + * feature availability on the hardware. <min> is the smallest feature + * ID field value that is required for that feature. + * Triggers a panic later if a feature is forcefully enabled, but not + * available on the PE. Also will panic if the hardware feature ID field + * is larger than the maximum known and supported number, specified by <max>. + * + * We force inlining here to let the compiler optimise away the whole check + * if the feature is disabled at build time (FEAT_STATE_DISABLED). ******************************************************************************/ -static void read_feat_ras(void) +static inline void __attribute((__always_inline__)) +check_feature(int state, unsigned long field, const char *feat_name, + unsigned int min, unsigned int max) { -#if (RAS_EXTENSION == FEAT_STATE_1) - feat_detect_panic(is_armv8_2_feat_ras_present(), "RAS"); -#endif + if (state == FEAT_STATE_ALWAYS && field < min) { + ERROR("FEAT_%s not supported by the PE\n", feat_name); + tainted = true; + } + if (state >= FEAT_STATE_ALWAYS && field > max) { + ERROR("FEAT_%s is version %ld, but is only known up to version %d\n", + feat_name, field, max); + tainted = true; + } } /************************************************ @@ -71,195 +65,50 @@ ***********************************************/ static void read_feat_pauth(void) { -#if (ENABLE_PAUTH == FEAT_STATE_1) || (CTX_INCLUDE_PAUTH_REGS == FEAT_STATE_1) +#if (ENABLE_PAUTH == FEAT_STATE_ALWAYS) || (CTX_INCLUDE_PAUTH_REGS == FEAT_STATE_ALWAYS) feat_detect_panic(is_armv8_3_pauth_present(), "PAUTH"); #endif } -/************************************************************ - * Feature : FEAT_DIT (Data Independent Timing Instructions) - ***********************************************************/ -static void read_feat_dit(void) -{ -#if (ENABLE_FEAT_DIT == FEAT_STATE_1) - feat_detect_panic(is_armv8_4_feat_dit_present(), "DIT"); -#endif -} - -/********************************************************* - * Feature : FEAT_AMUv1 (Activity Monitors Extensions v1) - ********************************************************/ -static void read_feat_amuv1(void) -{ -#if (ENABLE_FEAT_AMUv1 == FEAT_STATE_1) - feat_detect_panic(is_armv8_4_feat_amuv1_present(), "AMUv1"); -#endif -} - -/**************************************************************************** - * Feature : FEAT_MPAM (Memory Partitioning and Monitoring (MPAM) Extension) - ***************************************************************************/ -static void read_feat_mpam(void) -{ -#if (ENABLE_MPAM_FOR_LOWER_ELS == FEAT_STATE_1) - feat_detect_panic(get_mpam_version() != 0U, "MPAM"); -#endif -} - -/************************************************************** - * Feature : FEAT_NV2 (Enhanced Nested Virtualization Support) - *************************************************************/ -static void read_feat_nv2(void) -{ -#if (CTX_INCLUDE_NEVE_REGS == FEAT_STATE_1) - unsigned int nv = get_armv8_4_feat_nv_support(); - - feat_detect_panic((nv == ID_AA64MMFR2_EL1_NV2_SUPPORTED), "NV2"); -#endif -} - -/*********************************** - * Feature : FEAT_SEL2 (Secure EL2) - **********************************/ -static void read_feat_sel2(void) -{ -#if (ENABLE_FEAT_SEL2 == FEAT_STATE_1) - feat_detect_panic(is_armv8_4_sel2_present(), "SEL2"); -#endif -} - -/**************************************************** - * Feature : FEAT_TRF (Self-hosted Trace Extensions) - ***************************************************/ -static void read_feat_trf(void) -{ -#if (ENABLE_TRF_FOR_NS == FEAT_STATE_1) - feat_detect_panic(is_arm8_4_feat_trf_present(), "TRF"); -#endif -} - /************************************************ * Feature : FEAT_MTE (Memory Tagging Extension) ***********************************************/ static void read_feat_mte(void) { -#if (CTX_INCLUDE_MTE_REGS == FEAT_STATE_1) +#if (CTX_INCLUDE_MTE_REGS == FEAT_STATE_ALWAYS) unsigned int mte = get_armv8_5_mte_support(); feat_detect_panic((mte != MTE_UNIMPLEMENTED), "MTE"); #endif } -/*********************************************** - * Feature : FEAT_RNG (Random Number Generator) - **********************************************/ -static void read_feat_rng(void) -{ -#if (ENABLE_FEAT_RNG == FEAT_STATE_1) - feat_detect_panic(is_armv8_5_rng_present(), "RNG"); -#endif -} - /**************************************************** * Feature : FEAT_BTI (Branch Target Identification) ***************************************************/ static void read_feat_bti(void) { -#if (ENABLE_BTI == FEAT_STATE_1) +#if (ENABLE_BTI == FEAT_STATE_ALWAYS) feat_detect_panic(is_armv8_5_bti_present(), "BTI"); #endif } -/**************************************** - * Feature : FEAT_FGT (Fine Grain Traps) - ***************************************/ -static void read_feat_fgt(void) -{ -#if (ENABLE_FEAT_FGT == FEAT_STATE_1) - feat_detect_panic(is_armv8_6_fgt_present(), "FGT"); -#endif -} - -/*********************************************** - * Feature : FEAT_AMUv1p1 (AMU Extensions v1.1) - **********************************************/ -static void read_feat_amuv1p1(void) -{ -#if (ENABLE_FEAT_AMUv1p1 == FEAT_STATE_1) - feat_detect_panic(is_armv8_6_feat_amuv1p1_present(), "AMUv1p1"); -#endif -} - -/******************************************************* - * Feature : FEAT_ECV (Enhanced Counter Virtualization) - ******************************************************/ -static void read_feat_ecv(void) -{ -#if (ENABLE_FEAT_ECV == FEAT_STATE_1) - unsigned int ecv = get_armv8_6_ecv_support(); - - feat_detect_panic(((ecv == ID_AA64MMFR0_EL1_ECV_SUPPORTED) || - (ecv == ID_AA64MMFR0_EL1_ECV_SELF_SYNCH)), "ECV"); -#endif -} - -/*********************************************************** - * Feature : FEAT_TWED (Delayed Trapping of WFE Instruction) - **********************************************************/ -static void read_feat_twed(void) -{ -#if (ENABLE_FEAT_TWED == FEAT_STATE_1) - feat_detect_panic(is_armv8_6_twed_present(), "TWED"); -#endif -} - -/****************************************************************** - * Feature : FEAT_HCX (Extended Hypervisor Configuration Register) - *****************************************************************/ -static void read_feat_hcx(void) -{ -#if (ENABLE_FEAT_HCX == FEAT_STATE_1) - feat_detect_panic(is_feat_hcx_present(), "HCX"); -#endif -} - /************************************************** * Feature : FEAT_RME (Realm Management Extension) *************************************************/ static void read_feat_rme(void) { -#if (ENABLE_RME == FEAT_STATE_1) +#if (ENABLE_RME == FEAT_STATE_ALWAYS) feat_detect_panic((get_armv9_2_feat_rme_support() != ID_AA64PFR0_FEAT_RME_NOT_SUPPORTED), "RME"); #endif } -/****************************************************** - * Feature : FEAT_BRBE (Branch Record Buffer Extension) - *****************************************************/ -static void read_feat_brbe(void) -{ -#if (ENABLE_BRBE_FOR_NS == FEAT_STATE_1) - feat_detect_panic(is_feat_brbe_present(), "BRBE"); -#endif -} - -/****************************************************** - * Feature : FEAT_TRBE (Trace Buffer Extension) - *****************************************************/ -static void read_feat_trbe(void) -{ -#if (ENABLE_TRBE_FOR_NS == FEAT_STATE_1) - feat_detect_panic(is_feat_trbe_present(), "TRBE"); -#endif -} - /****************************************************************** * Feature : FEAT_RNG_TRAP (Trapping support for RNDR/RNDRRS) *****************************************************************/ static void read_feat_rng_trap(void) { -#if (ENABLE_FEAT_RNG_TRAP == FEAT_STATE_1) +#if (ENABLE_FEAT_RNG_TRAP == FEAT_STATE_ALWAYS) feat_detect_panic(is_feat_rng_trap_present(), "RNG_TRAP"); #endif } @@ -283,52 +132,91 @@ * ENABLE_FEAT_xxx = 2 : The feature is enabled but dynamically enabled at runtime * depending on hardware capability. * - * For better readability, state values are defined with macros namely: - * { FEAT_STATE_0, FEAT_STATE_1, FEAT_STATE_2 } taking values as their naming. + * For better readability, state values are defined with macros, namely: + * { FEAT_STATE_DISABLED, FEAT_STATE_ALWAYS, FEAT_STATE_CHECK }, taking values + * { 0, 1, 2 }, respectively, as their naming. **********************************************************************************/ void detect_arch_features(void) { + tainted = false; + /* v8.0 features */ - read_feat_sb(); - read_feat_csv2_2(); + check_feature(ENABLE_FEAT_SB, read_feat_sb_id_field(), "SB", 1, 1); + check_feature(ENABLE_FEAT_CSV2_2, read_feat_csv2_id_field(), + "CSV2_2", 2, 3); /* v8.1 features */ - read_feat_pan(); - read_feat_vhe(); + check_feature(ENABLE_FEAT_PAN, read_feat_pan_id_field(), "PAN", 1, 3); + check_feature(ENABLE_FEAT_VHE, read_feat_vhe_id_field(), "VHE", 1, 1); /* v8.2 features */ - read_feat_ras(); + check_feature(ENABLE_SVE_FOR_NS, read_feat_sve_id_field(), + "SVE", 1, 1); + check_feature(ENABLE_FEAT_RAS, read_feat_ras_id_field(), "RAS", 1, 2); /* v8.3 features */ read_feat_pauth(); /* v8.4 features */ - read_feat_dit(); - read_feat_amuv1(); - read_feat_mpam(); - read_feat_nv2(); - read_feat_sel2(); - read_feat_trf(); + check_feature(ENABLE_FEAT_DIT, read_feat_dit_id_field(), "DIT", 1, 1); + check_feature(ENABLE_FEAT_AMU, read_feat_amu_id_field(), + "AMUv1", 1, 2); + check_feature(ENABLE_MPAM_FOR_LOWER_ELS, read_feat_mpam_version(), + "MPAM", 1, 17); + check_feature(CTX_INCLUDE_NEVE_REGS, read_feat_nv_id_field(), + "NV2", 2, 2); + check_feature(ENABLE_FEAT_SEL2, read_feat_sel2_id_field(), + "SEL2", 1, 1); + check_feature(ENABLE_TRF_FOR_NS, read_feat_trf_id_field(), + "TRF", 1, 1); /* v8.5 features */ read_feat_mte(); - read_feat_rng(); + check_feature(ENABLE_FEAT_RNG, read_feat_rng_id_field(), "RNG", 1, 1); read_feat_bti(); read_feat_rng_trap(); /* v8.6 features */ - read_feat_amuv1p1(); - read_feat_fgt(); - read_feat_ecv(); - read_feat_twed(); + check_feature(ENABLE_FEAT_AMUv1p1, read_feat_amu_id_field(), + "AMUv1p1", 2, 2); + check_feature(ENABLE_FEAT_FGT, read_feat_fgt_id_field(), "FGT", 1, 1); + check_feature(ENABLE_FEAT_ECV, read_feat_ecv_id_field(), "ECV", 1, 2); + check_feature(ENABLE_FEAT_TWED, read_feat_twed_id_field(), + "TWED", 1, 1); /* v8.7 features */ - read_feat_hcx(); + check_feature(ENABLE_FEAT_HCX, read_feat_hcx_id_field(), "HCX", 1, 1); + + /* v8.9 features */ + check_feature(ENABLE_FEAT_TCR2, read_feat_tcrx_id_field(), + "TCR2", 1, 1); + check_feature(ENABLE_FEAT_S2PIE, read_feat_s2pie_id_field(), + "S2PIE", 1, 1); + check_feature(ENABLE_FEAT_S1PIE, read_feat_s1pie_id_field(), + "S1PIE", 1, 1); + check_feature(ENABLE_FEAT_S2POE, read_feat_s2poe_id_field(), + "S2POE", 1, 1); + check_feature(ENABLE_FEAT_S1POE, read_feat_s1poe_id_field(), + "S1POE", 1, 1); /* v9.0 features */ - read_feat_brbe(); - read_feat_trbe(); + check_feature(ENABLE_BRBE_FOR_NS, read_feat_brbe_id_field(), + "BRBE", 1, 2); + check_feature(ENABLE_TRBE_FOR_NS, read_feat_trbe_id_field(), + "TRBE", 1, 1); /* v9.2 features */ + check_feature(ENABLE_SME_FOR_NS, read_feat_sme_id_field(), + "SME", 1, 2); + check_feature(ENABLE_SME2_FOR_NS, read_feat_sme_id_field(), + "SME2", 2, 2); + + /* v9.4 features */ + check_feature(ENABLE_FEAT_GCS, read_feat_gcs_id_field(), "GCS", 1, 1); + read_feat_rme(); + + if (tainted) { + panic(); + } }
diff --git a/common/uuid.c b/common/uuid.c index 3e47eb4..969eda1 100644 --- a/common/uuid.c +++ b/common/uuid.c
@@ -1,12 +1,11 @@ /* - * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ #include <assert.h> #include <errno.h> -#include <stdint.h> #include <string.h> #include <common/debug.h>
diff --git a/docs/Makefile b/docs/Makefile index 3dd7ebc..5bc24db 100644 --- a/docs/Makefile +++ b/docs/Makefile
@@ -1,5 +1,5 @@ # -# Copyright (c) 2019-2020, ARM Limited. All rights reserved. +# Copyright (c) 2019-2023, ARM Limited. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -13,13 +13,20 @@ SOURCEDIR = . BUILDDIR = build +V ?= 0 +ifeq ($(V),0) + Q := @ +else + Q := +endif + # Put it first so that "make" without argument is like "make help". help: - @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) + ${Q}$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) .PHONY: help Makefile # Catch-all target: route all unknown targets to Sphinx using the new # "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). %: Makefile - @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) + ${Q}$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
diff --git a/docs/about/features.rst b/docs/about/features.rst index cb8b552..4a2c77e 100644 --- a/docs/about/features.rst +++ b/docs/about/features.rst
@@ -22,8 +22,8 @@ Cache Coherent Network (CCN), Network Interconnect (NIC) and TrustZone Controller (TZC). -- A generic |SCMI| driver to interface with conforming power controllers, for - example the Arm System Control Processor (SCP). +- Secure Monitor library code such as world switching, EL2/EL1 context + management and interrupt routing. - SMC (Secure Monitor Call) handling, conforming to the `SMC Calling Convention`_ using an EL3 runtime services framework. @@ -34,14 +34,22 @@ is also suitable for integration with other AArch32 EL3 Runtime Software, for example an AArch32 Secure OS. +- A generic |SCMI| driver to interface with conforming power controllers, for + example the Arm System Control Processor (SCP). + - A minimal AArch32 Secure Payload (*SP_MIN*) to demonstrate |PSCI| library integration with AArch32 EL3 Runtime Software. -- Secure Monitor library code such as world switching, EL1 context management - and interrupt routing. - When a Secure-EL1 Payload (SP) is present, for example a Secure OS, the - AArch64 EL3 Runtime Software must be integrated with a Secure Payload - Dispatcher (SPD) component to customize the interaction with the SP. +- Secure partition manager dispatcher(SPMD) with following two configurations: + + - S-EL2 SPMC implementation, widely compliant with FF-A v1.1 EAC0 and initial + support of FF-A v1.2. + + - EL3 SPMC implementation, compliant with a subset of FF-A v1.1 EAC0. + +- Support for Arm CCA based on FEAT_RME which supports authenticated boot and + execution of RMM with the necessary routing of RMI commands as specified in + RMM Beta 0 Specification. - A Test SP and SPD to demonstrate AArch64 Secure Monitor functionality and SP interaction with PSCI. @@ -50,12 +58,20 @@ `Trusty Secure OS`_ and `ProvenCore Secure OS`_. - A Trusted Board Boot implementation, conforming to all mandatory TBBR - requirements. This includes image authentication, Firmware Update (or - recovery mode), and packaging of the various firmware images into a + requirements. This includes image authentication, Firmware recovery, + Firmware encryption and packaging of the various firmware images into a Firmware Image Package (FIP). -- Pre-integration of TBB with the Arm CryptoCell product, to take advantage of - its hardware Root of Trust and crypto acceleration services. +- Measured boot support with PoC to showcase its interaction with firmware TPM + (fTPM) service implemneted on top of OP-TEE. + +- Support for Dynamic Root of Trust for Measurement (DRTM). + +- Following firmware update mechanisms available: + + - PSA Firmware Update (PSA FWU) + + - TBBR Firmware Update (TBBR FWU) - Reliability, Availability, and Serviceability (RAS) functionality, including @@ -81,6 +97,8 @@ secure system processor, or where a non-TF-A ROM expects BL2 to be loaded at EL3. +- Support for Errata management firmware interface. + - Support for the GCC, LLVM and Arm Compiler 6 toolchains. - Support for combining several libraries into a "romlib" image that may be @@ -88,27 +106,13 @@ in ROM but is accessed through a jump-table that may be stored in read-write memory, allowing for the library code to be patched. -- Support for the Secure Partition Manager Dispatcher (SPMD) component as a - new standard service. - -- Support for ARMv8.3 pointer authentication in the normal and secure worlds. - The use of pointer authentication in the normal world is enabled whenever - architectural support is available, without the need for additional build - flags. - -- Position-Independent Executable (PIE) support. Currently for BL2, BL31, and - TSP, with further support to be added in a future release. +- Position-Independent Executable (PIE) support. Still to come ------------- - Support for additional platforms. -- Refinements to Position Independent Executable (PIE) support. - -- Continued support for the FF-A v1.0 (formally known as SPCI) specification, to enable the - use of secure partition management in the secure world. - - Documentation enhancements. - Ongoing support for new architectural features, CPUs and System IP. @@ -125,4 +129,4 @@ -------------- -*Copyright (c) 2019-2021, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst index 9a2ae73..02dae05 100644 --- a/docs/about/maintainers.rst +++ b/docs/about/maintainers.rst
@@ -98,6 +98,8 @@ :|G|: `ManishVB-Arm`_ :|M|: Lauren Wehrmeister <Lauren.Wehrmeister@arm.com> :|G|: `laurenw-arm`_ +:|M|: Jimmy Brisson <jimmy.brisson@arm.com> +:|G|: `jimmy-brisson`_ :|F|: drivers/auth/ Secure Partition Manager Core (EL3 FF-A SPMC) @@ -175,10 +177,14 @@ ^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Joshua Slater <joshua.slater@arm.com> :|G|: `jslater8`_ -:|M|: Mikael Olsson <mikael.olsson@arm.com> -:|G|: `mikaelolsson-arm`_ +:|M|: Åžtefana Simion <stefana.simion@arm.com> +:|G|: `stefanasimion`_ :|F|: drivers/arm/ethosn/ :|F|: include/drivers/arm/ethosn.h +:|F|: include/drivers/arm/ethosn_cert.h +:|F|: include/drivers/arm/ethosn_fip.h +:|F|: include/drivers/arm/ethosn_oid.h +:|F|: plat/arm/board/juno/juno_ethosn_tzmp1_def.h :|F|: plat/arm/common/fconf/fconf_ethosn_getter.c :|F|: include/plat/arm/common/fconf_ethosn_getter.h :|F|: fdts/juno-ethosn.dtsi @@ -351,6 +357,8 @@ :|G|: `sandrine-bailleux-arm`_ :|M|: Manish Badarkhe <manish.badarkhe@arm.com> :|G|: `ManishVB-Arm`_ +:|M|: Jimmy Brisson <jimmy.brisson@arm.com> +:|G|: `jimmy-brisson`_ :|F|: drivers/measured_boot :|F|: include/drivers/measured_boot :|F|: docs/components/measured_boot @@ -377,6 +385,8 @@ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Sandrine Bailleux <sandrine.bailleux@arm.com> :|G|: `sandrine-bailleux-arm`_ +:|M|: Jimmy Brisson <jimmy.brisson@arm.com> +:|G|: `jimmy-brisson`_ :|F|: include/lib/psa :|F|: lib/psa @@ -473,8 +483,8 @@ Arm Morello and N1SDP Platform ports ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -:|M|: Manoj Kumar <manoj.kumar3@arm.com> -:|G|: `manojkumar-arm`_ +:|M|: Anurag Koul <anurag.koul@arm.com> +:|G|: `anukou`_ :|M|: Chandni Cherukuri <chandni.cherukuri@arm.com> :|G|: `chandnich`_ :|F|: plat/arm/board/morello @@ -506,8 +516,10 @@ Arm Total Compute platform port ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -:|M|: Anders Dellien <anders.dellien@arm.com> -:|G|: `andersdellien-arm`_ +:|M|: Vishnu Banavath <vishnu.banavath@arm.com> +:|G|: `vishnu-banavath`_ +:|M|: Rupinderjit Singh <rupinderjit.singh@arm.com> +:|G|: `rupsin01`_ :|F|: plat/arm/board/tc HiSilicon HiKey and HiKey960 platform ports @@ -541,6 +553,10 @@ :|G|: `mtk-rex-bc-chen`_ :|M|: Leon Chen <leon.chen@mediatek.com> :|G|: `leon-chen-mtk`_ +:|M|: Jason-CH Chen <jason-ch.chen@mediatek.com> +:|G|: `jason-ch-chen`_ +:|M|: Yidi Lin <yidilin@chromium.org> +:|G|: `linyidi`_ :|F|: docs/plat/mt\*.rst :|F|: plat/mediatek/ @@ -834,6 +850,8 @@ :|G|: `ManishVB-Arm`_ :|M|: Lauren Wehrmeister <Lauren.Wehrmeister@arm.com> :|G|: `laurenw-arm`_ +:|M|: Jimmy Brisson <jimmy.brisson@arm.com> +:|G|: `jimmy-brisson`_ :|F|: tools/cert_create/ Encrypt_fw tool @@ -902,11 +920,12 @@ .. _marex: https://github.com/marex .. _masahir0y: https://github.com/masahir0y .. _michalsimek: https://github.com/michalsimek -.. _mikaelolsson-arm: https://github.com/mikaelolsson-arm .. _mmind: https://github.com/mmind .. _MrVan: https://github.com/MrVan .. _mtk-rex-bc-chen: https://github.com/mtk-rex-bc-chen .. _leon-chen-mtk: https://github.com/leon-chen-mtk +.. _jason-ch-chen: https://github.com/jason-ch-chen +.. _linyidi: https://github.com/linyidi .. _niej: https://github.com/niej .. _npoushin: https://github.com/npoushin .. _prabhakarlad: https://github.com/prabhakarlad @@ -919,6 +938,7 @@ .. _smaeul: https://github.com/smaeul .. _soby-mathew: https://github.com/soby-mathew .. _sreekare: https://github.com/sreekare +.. _stefanasimion: https://github.com/stefanasimion .. _stephan-gh: https://github.com/stephan-gh .. _sieumunt: https://github.com/sieumunt .. _BenjaminLimJL: https://github.com/BenjaminLimJL @@ -942,7 +962,7 @@ .. _raghuncstate: https://github.com/raghuncstate .. _CJKay: https://github.com/cjkay .. _nmenon: https://github.com/nmenon -.. _manojkumar-arm: https://github.com/manojkumar-arm +.. _anukou: https://github.com/anukou .. _chandnich: https://github.com/chandnich .. _abdellatif-elkhlifi: https://github.com/abdellatif-elkhlifi .. _vishnu-banavath: https://github.com/vishnu-banavath @@ -956,5 +976,7 @@ .. _marcbonnici: https://github.com/marcbonnici .. _jayanthchidanand-arm: https://github.com/jayanthchidanand-arm .. _bytefire: https://github.com/bytefire +.. _rupsin01: https://github.com/rupsin01 +.. _jimmy-brisson: https://github.com/theotherjimmy .. _Project Maintenance Process: https://developer.trustedfirmware.org/w/collaboration/project-maintenance-process/
diff --git a/docs/about/release-information.rst b/docs/about/release-information.rst index dead4f7..0768e1f 100644 --- a/docs/about/release-information.rst +++ b/docs/about/release-information.rst
@@ -52,7 +52,9 @@ +-----------------+---------------------------+------------------------------+ | v2.8 | 5th week of Nov '22 | 3rd week of Nov '22 | +-----------------+---------------------------+------------------------------+ -| v2.9 | 1st week of May '23 | 3rd week of Apr '23 | +| v2.9 | 4th week of May '23 | 2nd week of May '23 | ++-----------------+---------------------------+------------------------------+ +| v3.0 | 2nd week of Nov '23 | 2nd week of Oct '23 | +-----------------+---------------------------+------------------------------+ Removal of Deprecated Interfaces @@ -67,12 +69,26 @@ | | Date | after | | | | | Release | | +================================+=============+=========+=========================================================+ -| plat_convert_pk() function | Nov'22 | Next | Platform conversion to manage specific PK hash | -| | | release | | -| | | after | | -| | | 2.8 | | +| None at this time | | | | ++--------------------------------+-------------+---------+---------------------------------------------------------+ + +Removal of Deprecated Drivers +----------------------------- + +As mentioned in the :ref:`Platform Ports Policy`, this is a live document +cataloging all the deprecated drivers in TF-A project and the Release version +after which it will be removed. + ++--------------------------------+-------------+---------+---------------------------------------------------------+ +| Driver | Deprecation | Removed | Comments | +| | Date | after | | +| | | Release | | ++================================+=============+=========+=========================================================+ +| CryptoCell-712 | 2.9 | 3.0 | No longer maintained. | ++--------------------------------+-------------+---------+---------------------------------------------------------+ +| CryptoCell-713 | 2.9 | 3.0 | No longer maintained. | +--------------------------------+-------------+---------+---------------------------------------------------------+ -------------- -*Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/change-log.md b/docs/change-log.md index bb05afb..b660c73 100644 --- a/docs/change-log.md +++ b/docs/change-log.md
@@ -3,6 +3,1024 @@ This document contains a summary of the new features, changes, fixes and known issues in each release of Trusted Firmware-A. +## [2.9.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.8.0..refs/tags/v2.9.0) (2023-05-16) + +### âš BREAKING CHANGES + +- **Libraries** + + - **EL3 Runtime** + + - **RAS** + + - The previous RAS_EXTENSION is now deprecated. The equivalent functionality can be achieved by the following 2 options: + - ENABLE_FEAT_RAS + - RAS_FFH_SUPPORT + + **See:** replace RAS_EXTENSION with FEAT_RAS ([9202d51](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9202d51990c192e8bc041e6f53d5ce63ee908665)) + +- **Drivers** + + - **Authentication** + + - unify REGISTER_CRYPTO_LIB + + **See:** unify REGISTER_CRYPTO_LIB ([dee99f1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dee99f10b1dcea09091f4a1d53185153802dfb64)) + + - **Arm** + + - **Ethos-N** + + - The Linux Kernel NPU driver can no longer directly configure and boot the NPU in a TZMP1 build. The API version has therefore been given a major version bump with this change. + + **See:** add protected NPU firmware setup ([6dcf3e7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6dcf3e774457cf00b91abda715adfbefce822877)) + + - Building the FIP when TZMP1 support is enabled in the NPU driver now requires a parameter to specify the NPU firmware file. + + **See:** load NPU firmware at BL2 ([33bcaed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/33bcaed1211ab27968433b546979687bc1182630)) + +- **Build System** + + - BL2_AT_EL3 renamed to RESET_TO_BL2 across the repository. + + **See:** distinguish BL2 as TF-A entry point and BL2 running at EL3 ([42d4d3b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/42d4d3baacb3b11c68163ec85de1bf2e34e0c882)) + + - check boolean flags are not empty + + **See:** check boolean flags are not empty ([1369fb8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1369fb82c8e809c1a59a0d99184dbfd2d0b81afa)) + + - All input and output linker section names have been prefixed with the period character, e.g. `cpu_ops` -> `.cpu_ops`. + + **See:** always prefix section names with `.` ([da04341](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/da04341ed52d214139fe2d16667ef5b58c38e502)) + + - The `EXTRA_LINKERFILE` build system variable has been replaced with the `<IMAGE>_LINKER_SCRIPT_SOURCES` variable. See the commit message for more information. + + **See:** permit multiple linker scripts ([a6ff006](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a6ff0067ab57d848d3fb28a3eb2b47e6cf2a6092)) + + - The `LINKERFILE`, `BL_LINKERFILE` and `<IMAGE_LINKERFILE>` build system variables have been renamed. See the commit message for more information. + + **See:** clarify linker script generation ([8227493](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/82274936374bf630bf5256370e93a531fdda6372)) + +### Resolved Issues + +- **Architecture** + + - **CPU feature / ID register handling in general** + + - context-switch: move FGT availability check to callers ([de8c489](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/de8c489247458c00f7b48301fb5c5273c7a628fc)) + - make stub enable functions "static inline" ([d7f3ed3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d7f3ed3655b85223583d8c2d9e719f364266ef26)) + - resolve build errors due to compiler optimization ([e8f0dd5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e8f0dd58da231b81ba0ce6f27aaf1e31b4d4c429)) + + - **Memory Partitioning and Monitoring (MPAM) Extension (FEAT_MPAM)** + + - feat_detect: support major/minor ([1f8be7f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1f8be7fc66fb59b197dde3b4ea83314b1728c6b8)) + - remove unwanted param for "endfunc" macro ([0e0bd25](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0e0bd250ef08ba70b34db9eb0cab0f6ef4d08edf)) + - run-time checks for mpam save/restore routines ([ed80440](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ed804406bf2ee04bde1c17683cec6f679ea1e160)) + + - **Pointer Authentication Extension** + + - make pauth_helpers linking generic ([90ce8b8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/90ce8b8718d079b9e906d06bdd6a72da6cc5b636)) + + - **Performance Monitors Extension (FEAT_PMUv3)** + + - switch FVP PMUv3 SPIs to PPI ([d7c455d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d7c455d8cca85de4a520da33db6523c9c8a7ee38)) + - unconditionally save PMCR_EL0 ([1d6d680](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1d6d6802dd547c8b378a9a47572ee72e68cceb3b)) + + - **Scalable Matrix Extension (FEAT_SME, FEAT_SME2)** + + - disable SME for SPD=spmd ([2fd2fce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2fd2fcedff0595a7050328fa60dc4850d6b424bf)) + + - **Statistical profiling Extension (FEAT_SPE)** + + - drop SPE EL2 context switch code ([16e3ddb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/16e3ddba1f049106387dfe21989243d2fc4cf061)) + +- **Platforms** + + - **Allwinner** + + - check RSB availability in DT on H6 ([658b315](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/658b3154d5b06a467b65cb79d31da751ffc6f5a4)) + + - **Arm** + + - arm_rotpk_header undefined reference ([95302e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/95302e4b234589e0487996a5c0f1e111c21ffedc)) + + - **A5DS** + + - add default value for ARM_DISABLE_TRUSTED_WDOG ([115ab63](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/115ab63872ab36f8202f4c4aab093c4e9182d4e7)) + + - **CSS** + + - fix invalid redistributor poweroff ([60719e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/60719e4e0965aead49d927f12bf2a37bd2629012)) + + - **FPGA** + + - include missing header file ([b7253a1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b7253a14cdc633a606472ec4e5aa4123158e2013)) + + - **FVP** + + - correct ehf priority for SPM_MM ([fb2fd55](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fb2fd558d8102ad79e5970714e0afec31a6138d7)) + - incorrect UUID name in FVP tb_fw_config ([7f2bf23](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7f2bf23dec6e6467704d7d71ec44bee030912987)) + - unconditionally include lib/psa headers ([72db458](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/72db45852d84db6ade0da2a232a44df3e5228b6d)) + - work around BL31 progbits exceeded ([138221c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/138221c2457b9d04101b84084c07d576b0eb5a51)) + - work around DRTM_SUPPORT BL31 progbits exceeded ([7762e5d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7762e5d0ed5c28b0a77dc25cc566cf54a69af7e6)) + + - **Morello** + + - add platform-specific power domain functions ([02a5bcb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02a5bcb0bc3c8596894b6d0ec8c979b330db387a)) + + - **N1SDP** + + - add platform-specific power domain functions ([5bdafc4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5bdafc4099b446609965f9132e6c52a7bdeb9ac8)) + + - **RD** + + - **RD-N1 Edge** + + - change variable type to fix gcc sign conversion error ([3a3e0e5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3a3e0e5371e99b3764fd8e8d98a447911f3bb915)) + + - **TC** + + - increase TC_TZC_DRAM1_SIZE ([7e3f6a8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e3f6a87d74efec780c0832c0535dd64ef830cfa)) + - change the FIP offset to 8 KiB boundary ([d07b8aa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d07b8aac39abc3026233e316686f4643d076f8d6)) + - change the properties of optee reserved memory ([2fff46c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2fff46c80fe4aa27cd55ad4bfbe43c3823095259)) + - enable dynamic feature detection of FEAT_SVE for NormalWorld ([67265f2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/67265f2f6d7604147080033a1c99150e9a020f28)) + - enable the execution of both platform tests ([657b90e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/657b90ea1aa2831a7feed31f07fc8e92213e6465)) + - only suspend booting after running plat tests ([9b26655](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9b266556d308c0af6f932fedd1c41fbda05204aa)) + - unify TC ROM start addresses ([f9e11c7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f9e11c724bb7c919dc9bd5dd8fca1e04140374d2)) + - update the name of mbedtls config header ([d5fc899](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d5fc8992c7b63675b6fc4b2c00a1e1acfdaaeee2)) + + - **Broadcom** + + - add braces around bodies of conditionals ([9f58bfb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9f58bfbbe90d2891c289cd27ab7d2ede8b5572d4)) + + - **Intel** + + - add mailbox error return status for FCS_DECRYPTION ([76ed322](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/76ed32236aa396cb0e15eb049bea03710ca1992d)) + - agilex bitstream pre-authenticate ([4b3d323](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4b3d323acdd21d8853e38e135bf990b3767ca354)) + - fix Agilex and N5X clock manager to main PLL C0 ([5f06bff](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5f06bffa831638fd95d2160209000ef36d2a22ce)) + - fix fcs_client crashed when increased param size ([c42402c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c42402cdf8a3dfc6f6e62a92b2898066e8cc46f6)) + - fix pinmux handoff bug on Agilex ([e6c0389](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e6c038909193b83bc293de9b1eb65440e75f8c91)) + - fix print out ERROR when encounter SEU_Err ([1a0bf6e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1a0bf6e1d8fe899359535c0a0a68c2be5e5acaf4)) + - fix sp_timer0 is not disabled in firewall on Agilex ([8de7167](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8de7167eb661ff730a79bd2c6db15c22fdc62c8a)) + - fix the pointer of block memory to fill in and bytes being set ([afe9fcc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/afe9fcc3d262ca279a747c8ab6fa8bacf79c76fb)) + - flash dcache before mmio read ([731622f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/731622fe757ab2bcc0492ad27bafecf24206ddac)) + - mailbox store QSPI ref clk in scratch reg ([7f9e9e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7f9e9e4b40152c0cb52bcc53ac3d32fd1c978416)) + - missing NCORE CCU snoop filter fix in BL2 ([b34a48c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b34a48c1ce0dd7e44eac4ceb0537b337857b057f)) + - remove checking on TEMP and VOLT checking for HWMON ([68ac5fe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/68ac5fe14c0220673d7ee88a99b3d02be1fef530)) + - update boot scratch to indicate to Uboot is PSCI ON ([7f7a16a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7f7a16a6c0a49af593fa080eb66f72a20bb07299)) + + - **NVIDIA** + + - **Tegra** + + - append major revision to the chip_id value ([33c4766](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/33c476601cf48a4b02259b8cb43819acd824804f)) + - remove dependency on CPU registers to get boot parameters ([0b9f05f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0b9f05fcaea069bff6894d99ec5babc4be29ca67)) + + - **Tegra 210** + + - support legacy SMC_ID 0xC2FEFE00 ([40a4e2d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/40a4e2d84c38ffae899eaa2c33c1e280312919cf)) + + - **NXP** + + - **i.MX** + + - **i.MX 8M** + + - add ddr4 dvfs sw workaround for ERR050712 ([e00fe11](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e00fe11df3fee04c7f3137817294d464466dab22)) + - backup mr12/14 value from lpddr4 chip ([a2655f4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a2655f48697416b8350ba5b3f7f44f1f0be79d4e)) + - correct the rank info get fro mstr ([5277c09](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5277c09606450daaffa43f3cf15fcc427d7ba612)) + - fix coverity out of bound access issue ([0331b1c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0331b1c6111d198195298a2885dbd93cac1ad26a)) + - fix the current fsp init ([25c4323](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/25c43233e866326326f9f82bfae03357c396a99f)) + - fix the dfiphymaster setting after dvfs ([ad0cbbf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ad0cbbf513dfabe51a401c06be504e57d6b143ca)) + - fix the dram retention random hang on some imx8mq Rev2.0 ([4bf5019](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4bf5019228cf89e0cbc2cd03627f755d51e3e198)) + - fix the rank to rank space issue ([3330084](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3330084979e4c1a39a92f0642000664c79a00dda)) + + - **i.MX 8Q** + + - fix compilation with gcc >= 12.x ([e75a3b6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e75a3b6e89c4bce11d1885426f22262def9bd664)) + + - **Layerscape** + + - fix errata a008850 ([c45791b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c45791b2f20909c9a9d2bae84dafc17f55892fc8)) + - fix nv_storage assert checking ([5d599b7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5d599b71ea6e0020f4f9d0e7af303726483217bc)) + - unlock write access SMMU_CBn_ACTLR ([0ca1d8f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0ca1d8fba3bee32242b123ae28ad5c83a657aa0d)) + + - **LX2** + + - init global data before using it ([50aa0ea](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/50aa0ea7acd21e7e9920a91a14db14a9f8c63700)) + + - **LS1046A** + + - 4 keys secureboot failure resolved ([c0c157a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c0c157a680fcb100afed3e1ea9d342deea72ea05)) + + - **QEMU** + + - enable dynamic feature detection of FEAT_SVE for NormalWorld ([fc259b6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fc259b6c3a551efbc810c8e08e82b7b5378f57ba)) + + - **SBSA** + + - enable FGT ([c598692](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c598692d0c6a79dd10c34d5a4a740c90261cfc65)) + - enable SVE and SME ([9bff7ce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9bff7ce37545162d417953ac36c6878216815b94)) + + - **QTI** + + - **MSM8916** + + - add timeout for crash console TX flush ([7e002c8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e002c8a13172c44f55ab49062861479b6622884)) + - drop unneeded initialization of CNTACR ([d833af3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d833af3ab50cd2cfecb8868c3d5340df1572f042)) + - flush dcache after writing msm8916_entry_point ([01ba69c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/01ba69cd9b833047653186858a6929e6c9379989)) + - print \r before \n on UART console ([3fb7e40](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3fb7e40a21b1570a8ce1cd1708134fa7a05d94fb)) + + - **Raspberry Pi** + + - **Raspberry Pi 3** + + - initialize SD card host controller ([bd96d53](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bd96d533dc28c4c938aa54905787688823cbccac)) + + - **Renesas** + + - align incompatible function pointers ([90c4b3b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/90c4b3b62d5303c22fdc5f65f0db784de0f4ac95)) + + - **Rockchip** + + - use semicolon instead of comma ([8557d49](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8557d491b6dbd6cbf27cc2ae6425f6cb29ca2c35)) + + - **ST** + + - add U suffix for unsigned numbers ([9c1aa12](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9c1aa1253c9c77487b73d46a89941e81e80864eb)) + - explicitly check operators precedence ([56048fe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56048fe215997ab6788ebd251e8cde094392dfc7)) + - include utils.h to solve compilation error ([377846b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/377846b65e8eb946a6560f1200ca4ca0e1eb8b99)) + - make metadata_block_spec static ([d1d8a9b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d1d8a9bad0be53792e219625b0d327cc4855378f)) + - rework secure-status check in fdt_get_status() ([0ebaf22](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0ebaf222899c1c33fe8bd0e69bd2c287ebe1154b)) + - use Boolean type for tests ([45d2d49](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/45d2d495e77c9c8f3e80774e48a80e4882c8ac0d)) + - use indices when counting GPIOs in DT ([e7d7544](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e7d75448b9e46dee22fe23b37c28a522b9ec3a6c)) + + - **STM32MP1** + + - add const for strings in stm32mp_get_soc_name() ([d7f5bed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d7f5bed90eaacee0a223bcf23438dfb76dee08e6)) + - add missing platform.h include ([6e55f9e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6e55f9e2cde0426c39ccda87b00047f85d30f97d)) + - always define PKA algos flags ([e0e2d64](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e0e2d64f47654e4d86d0e400977eab0e4a01523e)) + - remove boolean check on PLAT_TBBR_IMG_DEF ([231a0ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/231a0adb6abc35c125d4177749af37042575eca2)) + - rework DWL buffer cache invalidation ([127ed00](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/127ed0008e03abb98b5447cb80c5634dfa554e7d)) + + - **Texas Instruments** + + - do not take system power reference in bl31_platform_setup() ([9977948](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9977948112d732935362a3fe8518e3b2e4b7f6b7)) + - fix typo in boot authentication message name ([81f525e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/81f525ecc75a3d8b344a27881098fcaab65f2d8f)) + + - **Xilinx** + + - fix misra defects ([964e559](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/964e55928c8f966633cc57e41987aa00890f5da7)) + - handle CRC failure in IPI ([5e92be5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5e92be5121e8ecd81a0f89eaae0d1a7ac8f4bfd7)) + - handle CRC failure in IPI callback ([6173d91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6173d914d673249ec47c080909c31a1654545913)) + - initialize values to device enum members ([5c62d59](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5c62d599274b5d9facd4996b50c1a1e153b247a4)) + - remove asserts around arg0/arg1 ([8be2044](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8be20446706c6b2fe911804385f308817495d2d4)) + - remove unnecessary condition ([c984123](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c984123669a7ba7b8d1dc168db8e130ee52bbb1e)) + - remove unused mailbox macros ([15f49cb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/15f49cb49d7daf2cd771c80d3dd80ff15874b40b)) + - resolve integer handling issue ([4e46db4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4e46db40fc86ddc0556c42ba01198d13002fcf14)) + - use lib/smccc.h macros instead of trusty spd ([0ee07d7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0ee07d796cece8074eb296415c88872504dee682)) + + - **Versal** + + - check smc_fid 23:16 bits ([4a50363](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4a50363aaeaa16edafcff17486006049b30e1e2f)) + - fix incorrect regbase for PMC IPI ([c4185d5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c4185d5103080621393edb770a56aa274f9af1a7)) + - initialize the variable with value 0 in pm code ([cd73d62](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cd73d62b0e0920ca4e6c4fea7ab65bcbd63e07de)) + - print proper atf handoff source ([0fe002c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0fe002c9be899f005316ea196ad4c6b08815d482)) + - replace FPD_MAINCCI* macros ([245d30e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/245d30efe617af68c674b411d63c680dca1c21dd)) + - sync location based on IPI_ID macros ([92a43bd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/92a43bdf366502c6919bbd2c8e4f687c51d9738c)) + + - **Versal NET** + + - fix irq for IPI0 ([95bbfbc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/95bbfbc6e0789cba871e2518dba76ff9bf712331)) + - clear power down bit during wakeup ([5f0f7e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5f0f7e47e05f98587d424c2162d1ce20af4f588d)) + - clear power down interrupt status before enable ([2d056db](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2d056db4e4981e0f8a58de0d1e44e46058b308f4)) + - correct aff level for cpu off ([6ada9dc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6ada9dc325aaa29e2f4c87575093401197856639)) + - disable wakeup interrupt during client wakeup ([e663f09](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e663f09b3cc2a3c933191c110557c6ffe5db6d6c)) + - enable wake interrupt during client suspend ([39fffe5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/39fffe552fb04028de750e6080d9a8ba46e89b8c)) + - fix setting power down state ([1f79bdf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1f79bdfd9ae105135a0192017d6f9368045228e9)) + - populate gic v3 rdist data statically ([355dc3d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/355dc3d4deacf73a3d354682bcda454e6d13ed66)) + - resolve misra 10.6 warnings ([8c23775](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8c23775e88bfc4ffa2b0eaf815d4f79992d344e6)) + - resolve misra rule 20.7 warnings ([21d1966](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/21d1966a23b57425a400730270c8694e37b1a85c)) + - use spin_lock instead of bakery_lock ([0b3a2cf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0b3a2cf0226878ad7098cc6cd1a97ade74fd9c38)) + + - **ZynqMP** + + - add bitmask for get_op_char API ([ad4b667](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ad4b667d3ba7ece4cf28106aef6f91259b5b06ee)) + - check return status of pm_get_api_version ([c92ad36](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c92ad369ca3a548ecbf30add110b1561fe416c10)) + - check smc_fid 23:16 bits ([09b342a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/09b342a9d3aa030bde6d52e39203b9b8c8e6b106)) + - conditional reservation of memory in DTB ([c52a142](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c52a142b7ceb397b4d66cc90f2bc717acc7263cd)) + - enable A53 workaround(errata 1530924) ([d8133d7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d8133d7785969b417cbace293db6393c55844fac)) + - fix bl31_zynqmp_setup.c coding style ([26ef5c2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/26ef5c29c62def3a21591dd216180d86063acdb4)) + - fix DT reserved allocated size ([2c03915](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2c03915322ede112030fcfb8097d4697b92fcc2f)) + - fix xck24 silicon ID ([f156590](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f156590767d5f80e942fa3f88a9b6a94c13ceb55)) + - initialize uint32 with value 0U in pm code ([e65584a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e65584a017fadf002d5bdd1e95527c48610a6963)) + - move EM SMC range to SIP range ([acbae39](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/acbae3998bd829ae4b31ea9da59055e3624991a5)) + - panic w/o handoff structure in !JTAG ([fbe4dbe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fbe4dbeec906038795f72d8f9284a812bd6a852d)) + - remove redundant api_version check ([d0b58c8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d0b58c8a9bff3cabfdb59e052ab7eaecfe64b305)) + - remove unused PLAT_NUM_POWER_DOMAINS ([72c3124](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/72c3124f584609275424bf52a20fd707d4f1af6a)) + - separate EM from PM SMCs ([a911396](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a9113966c35af281e9c8972b1209646963ff55d0)) + - update MAX_XLAT_TABLES for DDR memory range ([12446ce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/12446ce89e351959aebb610eb2e35cdc7eb84d26)) + - update the conflicting EEMI API IDs ([bcc1348](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bcc1348b6bb2fcd987c8f047fa9f526f32768258)) + - with DEBUG=1 move bl31 to DDR range ([2537f07](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2537f0725ee7d8f46bef3e5b49134419b5c3367b)) + +- **Bootloader Images** + + - **BL31** + + - avoid clearing of argument registers in RESET_TO_BL31 case ([3e14df6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3e14df6f63303adb134d525b373ec7f08c1b1dc6)) + + - **BL32** + + - **TSP** + + - loop / crash if mmap of region fails ([8c353e0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8c353e0058e95cfa20c9a760ebd0908a9a9aa1c1)) + - use verbose for power logs ([3354915](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3354915fff2ad5f97551c22a44a90f4ff7b7cc9b)) + +- **Services** + + - **RME** + + - update sample platform attestation token ([19c1dce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/19c1dcef88cb837abe175b89739e75e27539a561)) + + - **TRP** + + - preserve RMI SMC X4 when not used as return ([b96253d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b96253db08383c3edfb417c505c8da6f7b1dbe75)) + + - **RMMD** + + - add missing padding to RMM Boot Manifest and initialize it ([dc0ca64](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dc0ca64e4b6c86090eee025293e7ae7f1fe1cf12)) + + - **SPM** + + - **EL3 SPMC** + + - fix coverity scan warnings ([1543d17](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1543d17b9876add1cb89c1f5ffe0e6a129f5809e)) + - improve bound check for descriptor ([def7590](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/def7590b3e34ff69b297c239cb8948d0bdc9c691)) + - report execution state in partition info get ([62cd8f3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/62cd8f3147ed7fb146168c59cab3ba0e006210ad)) + + - **SPMD** + + - fix build error with spmd ([fd51b21](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fd51b21573ec2e0d815caecb89cc323aac0fca6d)) + +- **Libraries** + + - **CPU Support** + + - do not put RAS check before using esb ([9ec2ca2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9ec2ca2d453176179f923d7e0fbaac05341ebdc6)) + - use hint instruction for "tsb csync" ([7a181b7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7a181b7d046a710db5238fb37047816636d2bb8a)) + - workaround for Cortex-A510 erratum 2684597 ([aea4ccf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aea4ccf8d9f3eabbc931f0e82df65ffca28c25e5)) + - workaround for Cortex-A710 erratum 2282622 ([89d85ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/89d85ad0aad4fef7f56a9e18968b49e2b843ca9d)) + - workaround for Cortex-A710 erratum 2768515 ([b87b02c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b87b02cf1d93f2be2113192cd5f1927e33121a80)) + - workaround for Cortex-A78 erratum 2742426 ([a63332c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a63332c517ac5699644d3e2fbf159d3e35c32549)) + - workaround for Cortex-A78 erratum 2772019 ([b10afcc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b10afcce5ff1202e1cd922dbd3c1e5980b478429)) + - workaround for Cortex-A78 erratum 2779479 ([7d1700c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7d1700c4d475358539c9a84cb325183c86a06f33)) + - workaround for Cortex-A78C erratum 1827430 ([672eb21](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/672eb21e26a41657b8146372d4283e794b430c5f)) + - workaround for Cortex-A78C erratum 1827440 ([b01a59e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b01a59eb2a0456ca3ae6b8d020068ba846f813d4)) + - workaround for Cortex-A78C erratum 2772121 ([00230e3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/00230e37e3c21fed4a46eeb69dea9d808f8402b4)) + - workaround for Cortex-A78C erratum 2779484 ([66bf3ba](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/66bf3ba482e46137e19f368f1386436a33eaba74)) + - workaround for Cortex-X2 erratum 2282622 ([f9c6301](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f9c6301d743405bd91b9a1fe433ce14fa60a830f)) + - workaround for Cortex-X2 erratum 2768515 ([1cfde82](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1cfde82227558a8cc1792c068bc7a7cdf8feab43)) + - workaround for Cortex-X3 erratum 2615812 ([c7e698c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c7e698cfdedbe2b1c8212dd71477f289f7644953)) + - workaround for Neoverse N2 erratum 2743089 ([1ee7c82](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1ee7c8232c153203d104f148a33e6f641d503f96)) + - workaround for Neoverse V1 errata 2743233 ([f1c3eae](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1c3eae9e091a63b42eebae8b03d4d470c9c3f75)) + - workaround for Neoverse V1 errata 2779461 ([2757da0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2757da06149238041308060e5cb51f0870a02a15)) + - workaround for Neoverse V1 erratum 2743093 ([31747f0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/31747f057b13b5934b607b7021139e58a55f7766)) + - workaround platforms non-arm interconnect ([ab062f0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ab062f0510d42b2019667e3f4df82a1f57121412)) + + - **EL3 Runtime** + + - allow SErrors when executing in EL3 ([1cbe42a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1cbe42a510812a4a4415a26ba46821cad1c04b68)) + - do not save scr_el3 during EL3 entry ([e61713b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e61713b00715fc988a970687f9bf53418b81b0ca)) + - restore SPSR/ELR/SCR after esb ([ff1d2ef](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ff1d2ef387f085fdada4a122284b3b044fdde09c)) + + - **RAS** + + - do not put RAS check before esb macro ([7d5036b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7d5036b8ec911d83ede6eb73f1693b6f160d90ed)) + + - **FCONF** + + - fix FCONF_ARM_IO_UUID_NUMBER value ([e208f32](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e208f3244b311a23b3e7fa1c03b3e98a6228714a)) + - make struct fconf_populator static ([40e740d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/40e740dc14e807455d8db99dc758af355aa7fa8f)) + + - **OP-TEE** + + - address late comments and fix bad rc ([8d7c80f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8d7c80fa4c5ab17e25d6d82ff0b1e67795e903fb)) + - return UUID for image loading service ([85ab882](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85ab88238183be1e27835e14e3588fb73e0f6aa7)) + + - **PSCI** + + - do not panic on illegal MPIDR ([8a6d0d2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8a6d0d262ae03db0a0bedd047a2df6f95e8823f6)) + - potential array overflow with cpu on ([6632741](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/66327414fb1e3248d443f4eb2835f437625fb92c)) + - remove unreachable switch/case blocks ([ad27f4b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ad27f4b5d918bbd1feb9a2deed3cb0e2ae39616e)) + - tighten psci_power_down_wfi behaviour ([695a48b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/695a48b5b4366d1005f8b9a0fc83726914668fb5)) + + - **GPT** + + - fix compilation error for gpt_rme.c ([a0d5147](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a0d5147b8282374e107461421bb229272fde924b)) + + - **SMCCC** + + - check smc_fid [23:17] bits ([f8a3579](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f8a35797b919d8ea041480bd5eb2a334e7056e0b)) + + - **C Standard Library** + + - properly define SCHAR_MIN ([06c01b0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/06c01b085fb28fcfe26d747da2ba33415dbd52b9)) + - remove __putchar alias ([28dc825](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/28dc82580e50961f9b76933b20d576a6afc5035c)) + + - **Context Management** + + - enable SCXTNUM access ([01cf14d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/01cf14dd41cae9c68cb5e76a815747a0d2a19a4a)) + +- **Drivers** + + - **Authentication** + + - avoid out-of-bounds read in auth_nvctr() ([abb8f93](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/abb8f936fd0ad085b1966bdc2cddf040ba3865e3)) + - forbid junk after extensions ([fd37982](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fd37982a19a4a2911912ce321b9468993a0919ad)) + - only accept v3 X.509 certificates ([e9e4a2a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e9e4a2a6fd33d8fc21b00cfc9816a3dd3fef47fe)) + - properly validate X.509 extensions ([f5c5185](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f5c51855d36e399e6e22cc1eb94f6b58e51b3b6d)) + - reject invalid padding in digests ([f47547b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f47547b35462571636a76b737602e827ae43bc24)) + - reject junk after certificates ([ca34dbc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ca34dbc0cdb1c4e1ab62aa4dd195cf9389b9edb7)) + - reject padding after BIT STRING in signatures ([a8c8c5e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a8c8c5ef2a8f5a27772eb708f2201429dd8d32b2)) + - require at least one extension to be present ([72460f5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/72460f50e2437a85ce5229c430931aab8f4a0d5b)) + - require bit strings to have no unused bits ([8816dbb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8816dbb3819e626d14e1bb9702f6446cb80e26f0)) + - use NULL instead of 0 for pointer check ([654b65b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/654b65b36d60a9c08e1d0cd88b35cd7bc2c813af)) + + - **mbedTLS** + + - fix mbedtls coverity issues ([a9edc32](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a9edc32c8964ffe047909b4847edd710b5879f35)) + + - **Console** + + - correct scopes for console symbols ([03bd481](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/03bd48102b575a9c86eed73866a5f9cd4d03e2d5)) + - fix crash on spin_unlock with cache disabled ([5fb6946](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5fb6946ad70f5c6e82502a704633bba1dd82e507)) + + - **I/O** + + - compare function pointers with NULL ([06d223c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/06d223cb4f54543299b96d40a682e33f9147e192)) + + - **MMC** + + - align part config type ([53cbc94](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/53cbc949670877d1b661782ab452f6fac2302ce3)) + - do not modify r_data in mmc_send_cmd() ([bf78a65](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bf78a6504254be9bf2cee38828a72f84773d4aa7)) + - explicitly check operators precedence ([14cda51](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/14cda5168de45bbbcce1a5152140111d4fc8fd21)) + - remove redundant reset_to_idle call ([bc0a738](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bc0a73866f3e4f7138892b228eb592be118b40d2)) + + - **GUID Partition Tables Support** + + - add missing curly braces ([1290662](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1290662034578b4e52443c79f34dfd7c284c0435)) + - add U suffix for unsigned numbers ([d1c6c49](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d1c6c495541b6e387179f987acbef274a12c7535)) + + - **SCMI** + + - change function prototype to fix gcc error ([f0f2c90](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f0f2c90365d933ee0a160b4bf5723fc303d9ab73)) + - fix compilation error in scmi base ([7c38934](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7c3893423d6ba5088f92f4ebdb626285759a1bcd)) + + - **UFS** + + - device present (DP) field is set to '1' ([83103d1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/83103d1264fe3cd7d54f3a89121d6889b4d33980)) + - flush the entire PRDT ([83ef869](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/83ef8698f9d1477c892cad15b4e48574ed634903)) + - only allow using one slot ([56db7b8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56db7b8b08d5bb350a02e1f794dc6eb02827917f)) + - poll UCRDY for all commands ([6e57b2f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6e57b2f00e36e63da765e3aa1650b03772999726)) + - set the PRDT length field properly ([20fdbcf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/20fdbcf502bd457a4b74ffa9a610d573594f1f6c)) + + - **Arm** + + - **Ethos-N** + + - add workaround for erratum 2838783 ([5a89947](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5a89947ab3ef8541b7adb6058af9ef141073043d)) + + - **GIC** + + - wrap cache enabled assert under plat_can_cmo ([78fbb0e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/78fbb0ec8372a638b2b2a0276776892141ff43f8)) + + - **GICv3** + + - fixed bug in the initialization of GICv3 SGIs/(E)PPIs interrupt priorities ([5d68e89](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5d68e8913ea983b21eb4a1163e6215ff8f8e96e4)) + - restore scr_el3 after changing it ([1d0d5e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1d0d5e40206c693e24b0a4de7dbcfc4b79f3138e)) + - workaround for NVIDIA erratum T241-FABRIC-4 ([a02a45d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a02a45dfef4b02fa363a5f843ba6a0aac52d181f)) + + - **RSS** + + - do not consider MHU_ERR_ALREADY_INIT as error ([55a7aa9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/55a7aa9252acfc9712a914e74bcddefc3a8d6390)) + - fix msg deserialization bugs in comms ([dda0528](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dda052851a78fad150b6565ea4bb75644bd37dce)) + - remove null-terminator from RSS metadata ([85a14bc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85a14bc0a9598668c4678f9eda2ba497acba5ced)) + + - **NXP** + + - fix fspi coverity issue ([5199b3b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5199b3b93c6ada8dd830f625f77987d3474a6f98)) + - fix sd secure boot failure ([236ca56](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/236ca5667e8ac82aa53d4e933a78e6ca1ebf456e)) + - fix tzc380 memory regions config ([07d8e34](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/07d8e34fdd5a81b6fe5f805560be44c1063cea79)) + - use semicolon instead of comma ([50b8ea1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/50b8ea115f117e17646d73fe7606bee14bd02630)) + + - **NXP Crypto** + + - fix coverity issue ([e492299](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e49229911f4e08e317453883886a113f3332b776)) + - fix secure boot assert inclusion ([334badb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/334badb50f3ad55762785a6ba0266c2eb4d93e8e)) + + - **DDR** + + - add checking return value ([e83812f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e83812f11a2d725931de88308c5b520d88bcca86)) + - apply Max CDD values for warm boot ([00bb8c3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/00bb8c37e0fe57ae2126857ce2d2700106a76884)) + - fix coverity issue ([2d541cb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2d541cbcbe90217df107e1ac0c4adb76d647b283)) + - fix underrun coverity issue ([87612ea](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/87612eaefff34548b72fed0d8c93dcf73f9b8c81)) + - use CDDWW for write to read delay ([fa01056](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fa0105693c85eacf6eda22eca63f220d304f7768)) + + - **ST** + + - **Clock** + + - avoid arithmetics on pointers ([4198fa1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4198fa1db7297d8385bb6624d4bd475870e5bf12)) + - give the size for parent_mp13 and dividers_mp13 tables ([ee21709](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ee21709e98a9e0f60a46d79caf5b702a0b7941cc)) + - remove useless switch ([69a2e32](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/69a2e320b6798ce3cf5cb27bf70e3384cfac3ebb)) + - use Boolean type for tests ([c3ae7da](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c3ae7da02dd8b358239dde47c3325e333af81056)) + + - **Crypto** + + - move flag control into source code ([6a187a0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6a187a002ee72ef865222870b2ecf99cf4d4efb8)) + - remove platdata functions ([6b3ca0a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6b3ca0a81723290e2d9b33c406c0e65c1870baa8)) + - set get_plain_pk_from_asn1() static ([70a422b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/70a422ba83df3f572af1d2931e950feb78592ca3)) + + - **GPIO** + + - define shift as uint32_t ([5d942ff](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5d942ff1964131bf33f445f66175fe8211c77e23)) + + - **SDMMC2** + + - check transfer size before filling register ([029f81e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/029f81e04c0232843f3e546fa080778a1008a9c5)) + + - **ST PMIC** + + - define pmic_regs table size ([3cebeec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3cebeec2ae452d33ec0cea322f4ab18137e41631)) + - enclose macro parameter in parentheses ([be7195d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/be7195d06cb7731fe0d906c6eabe6cb6f39f29b1)) + + - **Regulator** + + - enclose macro parameters in parentheses ([91af163](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/91af163cbbfab936e70568998e8b9dcb10203b8e)) + - explicitly check operators precedence ([68083e7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/68083e7ad5ded7adbeca147546bbda6c14cab049)) + - rework for_each_*rdev macros ([6a3ffb5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6a3ffb53910f136d14ddad5042da01a03e5087c4)) + - use Boolean type for tests ([9a00daf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9a00daf9dd0a25da45a43142ca27126e6e26a622)) + + - **USB** + + - replace redundant checks with asserts ([02af589](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02af589cfa8d8aefaffeef3390e3fb8fdf51978f)) + +- **Style** + + - correct some typos ([1b491ee](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1b491eead580d7849a45a38f2c6a935a5d8d1160)) + +- **Miscellaneous** + + - **AArch64** + + - allow build with ARM_ARCH_MINOR=4 ([78f56ee](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/78f56ee71c9ffe7a6ee36268f0fe1f7ca7d01738)) + + - **FDT Wrappers** + + - use correct prototypes ([e0c56fd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e0c56fd71fbd7e8ef307777db8940fb2cf3c9957)) + + - **FDTs** + + - **STM32MP1** + + - **STM32MP15** + + - use /omit-if-no-ref/ for spi and i2c ([d480df2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d480df2116fc0d629d52f654bc218ee36251cb33)) + - use interrupts-extended for i2c2 ([600c8f7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/600c8f7d953d466e0ec5fd04bd6ef2e44c9c9125)) + + - **PIE** + + - pass `-fpie` to the preprocessor as well ([966660e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/966660ecd0c8a3d6e4d18a5352bb431e71a9a793)) + + - **UUID** + + - add missing `#include` directives ([12562af](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/12562af369e897c67aa45bfeb97cd7bb5d500cf6)) + + - add missing click dependency ([ff12683](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ff12683e87e44ead813600fac5415e05e7f95700)) + - add parenthesis for tests in MIN, MAX and CLAMP macros ([8406db1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8406db14fbba19c25d000eaeab538a0474795da1)) + - increase BL32 limit ([c2a7612](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c2a76122c88e9ba5de493e1aa765ad170614a31d)) + - remove old-style declarations ([f4b8470](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f4b8470feee4437fb3984baeee8c61ed91f63f51)) + - remove useless "return" at void functions ([af4d8c6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/af4d8c6d505c001ee78ea9dd9d8dd76ba039af9b)) + - unify fallthrough annotations ([e138400](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e138400d1c19a561eaf9f23b0cadc07226684561)) + +- **Documentation** + + - add a build.tools.python entry ([4052d95](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4052d9583c850feeb8add29734bda0ef0343c238)) + - add few missed links for Security Advisories ([43f3a9c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/43f3a9c4d67da76a00f9050e7cfe1333da51ff92)) + - add plantuml as a dependency ([65982a9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/65982a94ef113d5d652d8e1a521b219be75fca42)) + - add readthedocs configuration file ([8a84776](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8a84776340bf4215d235b7b6dc09cf94aed8c6b3)) + - deprecate plat_convert_pk() in v2.9 ([e0f58c7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e0f58c7fb685560933e3583cb1dfab8fb2963692)) + - make required compiler version == rather than >= ([415195c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/415195c03e6e1b3a5335ee242ab4116d2d1ac0b1)) + - python version must be string ([3aa919e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3aa919eb278e7e0b23742ea043d79e1b1f1d75c6)) + - specify python version to 3.10 ([a7773c5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a7773c590d0319bdf3b4ddc67c7b22180020224b)) + +- **Build System** + + - add a default value for INVERTED_MEMMAP ([4d32f91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4d32f9138d61719bbaab57fdd853877a7e06b1cd)) + - allow lower address access with gcc-12 ([dea23e2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dea23e245fb890c6c06eff7d1aed8fffa981fc05)) + - allow warnings when using lld ([ebac692](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ebac6922d1f6fc16c5d3953dfb512553001dcdd3)) + - partially fix qemu aarch32 build ([c68736d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c68736dab5631af3d9a1d33cb911e90e67e8ee34)) + +- **Tools** + + - **NXP Tools** + + - fix coverity issue ([4fa0f09](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4fa0f097399c7d396bc14a6692476ada6981c458)) + + - **Secure Partition Tool** + + - add dependency to SP image ([4daeaf3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4daeaf341a347a60fd481fb4a1530f18f8e4c058)) + + - **Certificate Creation Tool** + + - change WARN to VERBOSE ([76a85cf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/76a85cfa0ab5e7093ad18601b7e73a1e425d8025)) + +- **Dependencies** + + - add missing aeabi_memset.S ([bdedee5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bdedee5a0f156d05eb62c704e702bfd1c506dc5d)) + +### New Features + +- **Architecture** + + - **Extended Translation Control Register (FEAT_TCR2).** + + - add FEAT_TCR2 to the changelog ([a366640](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a366640cf22d7d0e610564f81e189f6037ff9473)) + - support FEAT_TCR2 ([d333160](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d3331603664ca7d4ab1510df09e722e6ffb1df29)) + + - **CPU feature / ID register handling in general** + + - enable FEAT_SME for FEAT_STATE_CHECKED ([45007ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/45007acd46981b9f289f03b283eb53e7ba37bb67)) + - enable FEAT_SVE for FEAT_STATE_CHECKED ([2b0bc4e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2b0bc4e028a75d75c6d6942ddd404ef331db29be)) + - extend check_feature() to deal with min/max ([a4cccb4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a4cccb4f6cbbb35d12bd5f8779f3c6d8d762619c)) + + - **Guarded Control Stack (FEAT_GCS)** + + - support guarded control stack ([688ab57](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/688ab57b9349adb19277d88f2469ceeadb8ba083)) + + - **Support for the `HCRX_EL2` register (FEAT_HCX)** + + - initialize HCRX_EL2 to its default value ([ddb615b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ddb615b419074727ac0a1430cf0f88bd018ac8df)) + + - **Scalable Matrix Extension (FEAT_SME, FEAT_SME2)** + + - enable SME2 functionality for NS world ([03d3c0d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/03d3c0d729e24713d657209bedf74d255550babb)) + +- **Platforms** + + - **Allwinner** + + - add extra CPU control registers ([b15e2cd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b15e2cda14b3ffddebd8b40cc5c31c1c0e9cbf0d)) + - add function to detect H616 die variant ([fbde260](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fbde260b11171f0f67afbc631e22fe26366ff448)) + - add support for Allwinner T507 SoC ([018c1d8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/018c1d878fbfd696ebeda52b5188e4658b87bf75)) + + - **Arm** + + - add ARM_ROTPK_LOCATION variant full key ([5f89928](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5f899286eac994b8337959ad924a43c1a4a543c9)) + - carveout DRAM1 area for Event Log ([6b2e961](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6b2e961fb1428c3fe213c524164a00fcaee495c4)) + + - **FVP** + + - add Event Log maximum size property in DT ([1cf3e2f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1cf3e2f0a8eb0d6324ce3db68dd5c78bdb690a8a)) + - copy the Event Log to TZC secured DRAM area ([191aa5d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/191aa5d3fc793c5c4cd8960d1ef7b95010cc9d87)) + - define ns memory in the SPMC manifest ([7f28179](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7f28179a46b40ede461326dd329eb832c0d72b0d)) + - emulate trapped RNDR ([1ae7552](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1ae75529bc2e5a213c3e458898c219c34aa99f65)) + - enable errata management interface ([d3bed15](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d3bed15851a1b35b2608f7275f1294c8d4f7aee7)) + - enable FEAT_FGT by default ([15107da](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/15107daad6b83b4ee1edfebf420b6779a054318e)) + - enable FEAT_HCX by default ([2e12418](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2e1241888ee82a5a9b3b30acd83a1f4ea6732f1b)) + - enable support for PSCI OS-initiated mode ([e75cc24](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e75cc247c744d21e52f834a442bf1c26d0ab6161)) + - increase BL1_RW and BL2 size ([dbb9c1f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dbb9c1f5b69134ca43c944d84b413331a64fba15)) + - introduce PLATFORM_TEST_EA_FFH config ([fe38cc6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fe38cc68975b23084b4ba512254926941c865a07)) + - introduce PLATFORM_TEST_RAS_FFH config ([5602ce1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5602ce1d8db3256a7766776cb908b1f716c2d463)) + - update device tree with load addresses of TOS_FW config ([1779762](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/177976286e347acd905d8082f31c201b9900d28e)) + + - **Juno** + + - support ARM_IO_IN_DTB option for Juno ([2fad320](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2fad320f5623edcdd23297ab57c4b9b0b0ef872c)) + + - **Morello** + + - add GPU DT node ([cd94c3d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cd94c3d6ad5e738c2583486b7a973bd8e516089b)) + - add support for HW_CONFIG ([be79071](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/be79071ef73b4b08cca310ec7e7d915faea8f036)) + - implement methods to retrieve soc-id information ([cc266bc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cc266bcd8c0a1d839151b69436fdf2c1ad07b0a1)) + + - **RD** + + - **RD-N2** + + - add platform id value for rdn2 variant 3 ([028c619](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/028c6190d9f3d892a84b5b9cbfdbbab808a73acb)) + + - **TC** + + - enable MPAM functionality of L3 DSU cache ([b45ec8c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b45ec8cea483a38e358146b99205504ff7f98001)) + - add delegated attest and measurement tests ([25dd217](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/25dd2172ae564c74b7e8b42aa96d5ee9a865ec75)) + - allow secure watchdog timer to trigger periodically ([28b2d86](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/28b2d86cd28ffc54c6272defcd6f123a925012f1)) + - use smmu 700 ([ed80eab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ed80eab6a686ce1042300cfbdb90e13366aa08d4)) + + - **Intel** + + - extending to support SMMU in FCS ([4687021](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4687021d2eedea880ad8596b32e85da72f8cba02)) + - fix bridge disable and reset ([9ce8251](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9ce82519c65f0dd93d2673ebb967d02f52b19a04)) + - implement timer init divider via CPU frequency for N5X ([02a9d70](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02a9d70c4deaa2102386611ac6b305838003148d)) + - setup FPGA interface for Agilex ([3905f57](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3905f57134853f47f6e859b8b6322a7dbbfc49f7)) + + - **MediaTek** + + - add APU init flow ([5243091](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5243091633b8fe8057cec176ac31adb72fdf3506)) + - add new features of LPM ([917abdd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/917abdd99012d01ef4fa804ecec1503bef68ed9b)) + - add SiP service for OP-TEE ([621eaab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/621eaab5cc3c9d98783700b7515b1da118b3d21c)) + - add SMC handler for EMI MPU ([c842cc0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c842cc0e5d1432a681cbddce62a852ff282169ae)) + - add SPM's SSPM notifier ([c234ad1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c234ad17d7d7278e1afa0f416982bb0f60a04dcf)) + + - **MT8188** + + - add apu power on/off control ([8e38b92](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8e38b928490516d308bdceebc4ad032852bf2716)) + - add MT8188 SPM debug logs ([f85b34b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f85b34b112eec006c14afab0eadbd45d1b0d0e7e)) + - add MT8188 SPM support ([45d5075](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/45d507599e213f8f3a26502c3ca8de6b1cfdc611)) + - add SPM feature support ([f299efb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f299efbea685aa8075ec4d6d0f70d189cce3ee07)) + - add the register definitions accessed by SPM ([1a64689](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1a64689df5e7bf78aa8724c1d75f414ea62750eb)) + - enable SPM and LPM ([380f64b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/380f64b2e39c60cb9a1f751b25cbce11c5e03e20)) + - keep infra and peri on when system suspend ([e56a939](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e56a939cabb5ae0fe967c19ddacf97304c563f37)) + - update INFRA IOMMU enable flow ([98415e1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/98415e1a80ca025a000241cf3fc175272890c0e8)) + + - **MT8195** + + - add support for SMC from OP-TEE ([ccc61e1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ccc61e10029b8ddfcb5cb65201862a18ebbc953d)) + + - **NVIDIA** + + - **Tegra** + + - implement 'pwr_domain_off_early' handler ([96d07af](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/96d07af402a5d191b7d1200a75c1b206f21cc395)) + + - **NXP** + + - **i.MX** + + - **i.MX 8M** + + - add more dram pll setting ([4234b90](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4234b902ae37ca05640888e31405ec97c8cde316)) + - fix the ddr4 dvfs random hang on imx8m ([093888c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/093888caaf54cbfe38d4b68406d98fbcf5c7d81f)) + - update the ddr4 dvfs flow to include ddr3l support ([0e39488](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0e39488ff3f2edac04d7f5acb58d9a22baa3a69e)) + - use non-fast wakeup stop mode for system suspend ([ef4e5f0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ef4e5f0f105f184f02ad4d1cc17cecec9b45502a)) + + - **i.MX 8Q** + + - add anamix pll override setting for DSM mode ([387a1df](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/387a1df18e0b5bf1d305c72df284b1b89f3c1cd3)) + - add BL31 PIE support ([8cfa94b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8cfa94b7a7fc398cc0ea803891f6277065bb7575)) + - add the dram retention support for imx8mq ([dd108c3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dd108c3c1fe3f958a38ae255e57b41e5453d077f)) + - add version for B2 ([99475c5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/99475c5dcc14123dda51bda32d21753f0b4c357d)) + - add workaround code for ERR11171 on imx8mq ([88a2646](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/88a264657fad2f71369fec4b53478e8a595d10e9)) + - always set up console ([36be108](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/36be10861e851e7e4df06bb08aab60d8e878d2b2)) + - correct the slot ack setting for STOP mode ([724ac3e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/724ac3e2c23441d11f642f2ae91c8a8834ea179f)) + - enable dram dvfs support on imx8mq ([8962bdd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8962bdd603508f649fd7a332e580c0e456ccc0ad)) + - make IMX_BOOT_UART_BASE configurable via build parameter ([202737e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/202737efda85b2ea61934123b8ffa492f5dc3679)) + - remove empty bl31_plat_runtime_setup ([7698dba](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7698dbab96072881e0912322db5036529bf8553c)) + + - **i.MX 8** + + - add support for debug uart on lpuart1 ([8406447](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8406447f13c65fe93aab7ed641b7e8fe3eb47a0b)) + + - **Layerscape** + + - **LX2** + + - enable OCRAM ECC ([e8faff3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e8faff3da962ce112e32d8f1fdb8155e078eae75)) + - support more variants ([c07f5e9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c07f5e9e50959a3667e5a96ac808d1d16bb72698)) + + - **QEMU** + + - add "neoverse-n1" cpu support ([226f4c8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/226f4c8e35c4441e80ad523b9105eab4ca630396)) + - add A76/N1 cpu support for virt ([6b66693](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6b66693685f828a51c7f78bfa402d6b192169a6d)) + - combine TF-A artefacts into ROM file ([63bb905](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/63bb90569792893a4e7401004c23cde488fda0cc)) + - increase max cpus per cluster to 16 ([73a7aca](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/73a7aca2a53d4dbb62909c5741830eee9eac5ee8)) + - increase size of bl2 ([db2bf3a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/db2bf3ac193f66f365b962b911e7bb2ffbde0a25)) + - make coherent memory section optional ([af994ae](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/af994ae8a089ead6082ca82036d30074f554ed52)) + - support el3 spmc ([302f053](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/302f05354f5aab340c315e0d04915367c65c6b27)) + - support pointer authentication ([cffc956](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cffc956edf3a14508ed5740c1ed093326ca67e72)) + - support s-el2 spmc ([36802e2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/36802e2c792f79ab630b53298dfd4f1e5a95d173)) + - update abi between spmd and spmc ([25ae7ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/25ae7ad1878244f78206cc7c91f7bdbd267331a1)) + + - **QTI** + + - **SC7280** + + - add support for PSCI_OS_INIT_MODE ([e528bbe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e528bbec74af359714203c7f8d356074733ea9cd)) + + - **MSM8916** + + - expose more timer frames ([1781bf1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1781bf1c40594e3a3f36404da793d5c7a6bca533)) + + - **ST** + + - mandate dtc version 1.4.7 ([38ac8bb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/38ac8bbbe450343e8545a44f370ff9da57cbed26)) + + - **STM32MP1** + + - add mbedtls-3.3 support config ([c9498c8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c9498c8f56387ad23530dcc6e57940d2b118d907)) + + - **Texas Instruments** + + - add PSCI system_off support ([0bdef26](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0bdef264c2bd356e2a89fc5ac7c438694618d272)) + - add sub and patch version number support ([852378f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/852378fd60d8cc536799639774f1e4ffe124131d)) + - disable L2 dataless UniqueClean evictions ([10d5cf1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/10d5cf1b26f03d61a90cdcff5163965fa48e291c)) + - do not handle EAs in EL3 ([2fcd408](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2fcd408bb3a6756767a43c073c597cef06e7f2d5)) + - set L2 cache data ram latency on A72 cores to 4 cycles ([aee2f33](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aee2f33a675891f660fc0d06e739ce85f3472075)) + - set L2 cache ECC and and parity on A72 cores ([81858a3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/81858a353f8e45f5cc57ce855188043b1745ea08)) + - set snoop-delayed exclusive handling on A72 cores ([5668db7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5668db72b724dc256d9b300f6938a08625624a48)) + - synchronize access to secure proxy threads ([312eec3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/312eec3ecde9837f61fc0d7b46b4197ec2257ee7)) + + - **Xilinx** + + - add device node indexes ([407eb6f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/407eb6fda06d7be034dc7f1c537183f64126f074)) + - sync copyright format ([2774965](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/27749653c7dbea1bd5b34a39085bc7cb12d46501)) + + - **Versal** + + - replace irq array with switch case ([0ec6c31](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0ec6c31320c6d86e89dce8775af2bbdfa7a302fa)) + - switch to xlat_v2 ([0e9f54e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0e9f54e5bb7f4b44bca9c63cce37913070fea23a)) + + - **Versal NET** + + - add jtag dcc support ([30e8bc3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/30e8bc365c1007da97f93c71e5fa16b6be56b679)) + - add support for set wakeup source ([c38d90f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c38d90f7964ddf186f4cbaad6da91dd0a44627e3)) + - add support for uart1 console ([2f1b4c5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2f1b4c55502262dba0ccd147f87cdb38cf4131f2)) + + - **ZynqMP** + + - add hooks for custom runtime setup ([88a8938](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/88a8938e62989b7319b20c46c046aa8845852ce9)) + - add hooks for mmap and early setup ([7013400](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/70134000842cbc7c052031dd453bdec8f4cb73f1)) + - add SMCCC_ARCH_SOC_ID support ([8f9ba3f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8f9ba3f344545740fc44e90fb8322c7728ae94ec)) + - add support for custom sip service ([496d708](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/496d708154d893fb9f412390acd433337faccecc)) + - build pm code as library ([3af2ee9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3af2ee906842378ee91f07aa4ea5565cd1a0f8c2)) + - bump up version of query_data API ([aaf5ce7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aaf5ce77fb22f54a8ca7bc8d3be6172dacbfc0c1)) + - make stack size configurable ([5753665](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/57536653e62765f9529d045b118ad881369bc73a)) + +- **Services** + + - **RME** + + - read DRAM information from FVP DTB ([8268590](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/826859049859a5bd88e142695e10a559d85721c1)) + - set DRAM information in Boot Manifest platform data ([a97bfa5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a97bfa5ff18b2682e3b9c528cbd5fb16ceec3393)) + + - **RMM** + + - add support for the 2nd DRAM bank ([346cfe2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/346cfe2b46a83bc9e6656f43ec55a196503b154a)) + + - **SPM** + + - **EL3 SPMC** + + - make platform logical partition optional ([555677f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/555677fe81c5e1888254ac36acb0a02b3850dc46)) + + - **SPMD** + + - add support for FFA_EL3_INTR_HANDLE_32 ABI ([6671b3d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6671b3d8224a8c4c3fea7cbe66b56945c432393f)) + - copy tos_fw_config in secure region ([0cea2ae](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0cea2ae07db089e60322677021da4743a084f9ca)) + - fail safe if SPM fails to initialize ([0d33649](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0d33649e3e2a21def73327522b9861b4619fc5c2)) + - introduce FFA_PARTITION_INFO_GET_REGS ([eaaf517](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eaaf517cd1bd8c9d5e3e6d2d202a69a0cbcb45bf)) + - introduce platform handler for Group0 interrupt ([f0b64e5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f0b64e507e9105813d9a5d16f70101cf0d8ca5a4)) + - map SPMC manifest region as EL3_PAS ([8c829a9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8c829a9240109dd7a66a3c26f734f23477b12551)) + - register handler for group0 interrupt from NWd ([a1e0e87](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a1e0e871f10201a9dbdc1dadfd27904888246adc)) + + - **ERRATA_ABI** + + - errata management firmware interface ([ffea384](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ffea3844c00daf8dee466840a4932cac04b3eb57)) + +- **Libraries** + + - **CPU Support** + + - add support for blackhawk cpu ([6578343](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6578343bb2aab6ec5ae309097047a83445aa12da)) + - add support for chaberton cpu ([516a52f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/516a52f6f5cda6acb311ffd6e8fb77f2e09c1357)) + + - **EL3 Runtime** + + - handle traps for IMPDEF registers accesses ([0ed3be6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0ed3be6fc2c8d275862959d1ee6a0354cc01ad5d)) + - introduce system register trap handler ([ccd81f1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ccd81f1e097c3eafe38523110c8eebabbe662508)) + + - **FCONF** + + - rename 'ns-load-address' to 'secondary-load-address' ([05e5503](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/05e550302103a527b9f8d3869942c203c7b2dd65)) + + - **OP-TEE** + + - add device tree for coreboot table ([f4bbf43](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f4bbf435554e87de31c0a70039aa03b19962aaea)) + - add loading OP-TEE image via an SMC ([05c69cf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/05c69cf75edf53478e23fce157fea72372b49597)) + + - **PSCI** + + - add support for OS-initiated mode ([606b743](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/606b7430077c15695a5b3bcfbad4975f00c9bf95)) + - add support for PSCI_SET_SUSPEND_MODE ([b88a441](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b88a4416b5e5f2bda2240c632ba79e15a9a75c45)) + - introduce 'pwr_domain_off_early' hook ([6cf4ae9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6cf4ae979a5f8be23927b97ecfe789dabcb53dbd)) + - update PSCI_FEATURES ([9a70e69](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9a70e69e059863d7aec11883e6345b54058264e0)) + + - **C Standard Library** + + - add %c to printf/snprintf ([44d9706](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/44d9706e5428d8e3588d04565c7cd738ffc1e472)) + - add support for fallthrough statement ([023f1be](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/023f1bed1dde23564e3b66a99c4a45b09e38992b)) + + - **PSA** + + - add read_measurement API ([6d0525a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6d0525aafe17e7affb0f71e86a5121989c150c42)) + - interface with RSS for NV counters ([8374508](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8374508b00909cdffbe6233cf8fddcb49924faed)) + +- **Drivers** + + - **Authentication** + + - compare platform and certificate ROTPK for authentication ([f1e693a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1e693a77548950cfffcb1d5a4b67cf349e0aed9)) + + - **mbedTLS** + + - add support for mbedtls-3.3 ([51e0615](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/51e061591bbf13af2486c3bb5f37ed609578d145)) + + - **UFS** + + - adds timeout and error handling ([2c5bce3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2c5bce3833848dac4fbb2ae19be418145e68c8a1)) + + - **Arm** + + - **Ethos-N** + + - add check for NPU in SiP setup ([a2cdbb1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a2cdbb1df088cde410aea1d5989dfc500aaf7939)) + - add event and aux control support ([7820777](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7820777fa3c8ca454ab40d5d8a8ba0e311bbb6f9)) + - add multiple asset allocators ([8a921e3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8a921e354575cd16aaa6f2f5a2aeaaaea35ab886)) + - add NPU firmware validation ([313b776](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/313b776f851ed184abb265df2b6269fe78f48ecd)) + - add NPU sleeping SMC call ([2a2e3e8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2a2e3e87706b56fd1b8e787d3a552cfc12725934)) + - add NPU support in fiptool ([c91b08c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c91b08c8a44aafac4f72c64aa8d4777b8c73647e)) + - add protected NPU firmware setup ([6dcf3e7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6dcf3e774457cf00b91abda715adfbefce822877)) + - add protected NPU TZMP1 regions ([d77c11e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d77c11e896e04be93caa4a56e50646af6806843f)) + - add reserved memory address support ([a19a024](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a19a0241a6f1573e11d4d747dabb756d15ac4801)) + - add reset type to reset SMC calls ([fa37d30](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fa37d30856fef6742bd82e4e0a3252a4d0b9e091)) + - add separate RO and RW NSAIDs ([986c4e9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/986c4e991ace5cb40bed35145184e66863c47152)) + - add SMC call to get FW properties ([e9812dd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e9812ddca6e72c0501ef1e84753f335dcafb74cd)) + - add stream extends and attr support ([e64abe7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e64abe7bdaeed99093ae5b4aab8956a04ff4075a)) + - add support for NPU to cert_create ([f309607](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f309607229e049a6ff9cbc858efa4dd0c0b921b8)) + - add support to set up NSAID ([70a296e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/70a296ee8641802dc60754aec5b18d8347820a5c)) + - load NPU firmware at BL2 ([33bcaed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/33bcaed1211ab27968433b546979687bc1182630)) + + - **GIC** + + - **GICv3** + + - enlarge the range for intr_num of structure interrupt_prop_t ([d5eee8f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d5eee8f3fbf53fce84c979e68433a27c93e3e96b)) + + - **RSS** + + - add TC platform UUIDs for RSS images ([6ef63af](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6ef63af65f55e9402e4cdc534928faceb9c6e003)) + + - **SBSA** + + - helper api for refreshing watchdog timer ([e8166d3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e8166d3e5937b8db43921b5049672b16af7f58e0)) + +- **Miscellaneous** + + - **AArch64** + + - make ID system register reads non-volatile ([c2fb8ef](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c2fb8ef66ccc8222c70ab802cdaf29f1592cbbb6)) + + - **FDTs** + + - **STM32MP1** + + - use /omit-if-no-ref/ for pins nodes ([0aae96c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0aae96cfb9ef826d207f2d18d4a9f21fa1a5dee7)) + + - **STM32MP15** + + - add support for prtt1x board family ([3812ceb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3812ceba8fcd682faeed6e71190a848771fd2022)) + + - **PIE/POR** + + - support permission indirection and overlay ([062b6c6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/062b6c6bf23f9656332b0aa3fed59c15f34f9361)) + +- **Documentation** + + - allow verbose build ([f771a34](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f771a3446356d92c6c27df5c4f3bb07a2561b36b)) + +- **Build System** + + - add support for new binutils versions ([1f49db5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1f49db5f25cdd4e43825c9bcc0575070b80f628c)) + - allow additional CFLAGS for library build ([5a65fcd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5a65fcd5f9c67baa681f664e4596760ca1f2606a)) + + - **Git Hooks** + + - add pre-commit hook ([cf9346c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cf9346cb83804feb083b56a668eb0a462983e038)) + + - add support for poetry ([793f72c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/793f72c06ca1c2782f800c9f20980ca6b7870072)) + +- **Tools** + + - **Firmware Image Package Tool** + + - handle FIP in a disk partition ([06e69f7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/06e69f7c94637c693ea5eb26038096c196d10f07)) + +- **Dependencies** + + - **Compiler runtime libraries** + + - update source files ([658ce7a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/658ce7ad8eceb40741cd40f1639a6d923f922fad)) + ## [2.8.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.7.0..refs/tags/v2.8.0) (2022-11-15) ### âš BREAKING CHANGES @@ -3580,7 +4598,7 @@ - Platforms - Arm - - Fixed missing copyrights in arm-gic.h file + - Fixed missing copyrights in Arm-gic.h file - Fixed the order of header files in several dts files - Fixed error message printing in board makefile - Fixed bug of overriding the last node in image load helper API @@ -6842,7 +7860,7 @@ ______________________________________________________________________ -*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.* [mbed tls releases]: https://tls.mbed.org/tech-updates/releases [pr#1002]: https://github.com/ARM-software/arm-trusted-firmware/pull/1002#issuecomment-312650193
diff --git a/docs/components/activity-monitors.rst b/docs/components/activity-monitors.rst index dd45c43..5c1c2c2 100644 --- a/docs/components/activity-monitors.rst +++ b/docs/components/activity-monitors.rst
@@ -6,9 +6,9 @@ Unit (|AMU|), an optional non-invasive component for monitoring core events through a set of 64-bit counters. -When the ``ENABLE_AMU=1`` build option is provided, Trusted Firmware-A sets up -the |AMU| prior to its exit from EL3, and will save and restore architected -|AMU| counters as necessary upon suspend and resume. +When the ``ENABLE_FEAT_AMU=1`` build option is provided, Trusted Firmware-A +sets up the |AMU| prior to its exit from EL3, and will save and restore +architected |AMU| counters as necessary upon suspend and resume. .. _Activity Monitor Auxiliary Counters:
diff --git a/docs/components/fconf/fconf_properties.rst b/docs/components/fconf/fconf_properties.rst index 20cc758..3479576 100644 --- a/docs/components/fconf/fconf_properties.rst +++ b/docs/components/fconf/fconf_properties.rst
@@ -20,7 +20,9 @@ - load-address [mandatory] - value type: <u64> - - Physical loading base address of the configuration. + - Physical loading base address of the configuration. + If secondary-load-address is also provided (see below), then this is the + primary load address. - max-size [mandatory] - value type: <u32> @@ -30,10 +32,11 @@ - value type: <u32> - Image ID of the configuration. -- ns-load-address [optional] +- secondary-load-address [optional] - value type: <u64> - - Physical loading base address of the configuration in the non-secure - memory. - Only needed by those configuration files which require being loaded - in secure memory (at load-address) as well as in non-secure memory - e.g. HW_CONFIG + - A platform uses this physical address to copy the configuration to + another location during the boot-flow. + +-------------- + +*Copyright (c) 2023, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/components/ffa-manifest-binding.rst b/docs/components/ffa-manifest-binding.rst index 7483c90..1061ca0 100644 --- a/docs/components/ffa-manifest-binding.rst +++ b/docs/components/ffa-manifest-binding.rst
@@ -128,18 +128,19 @@ - This field supersedes the managed-exit field in the FF-A v1.0 spec. +- other-s-interrupts-action + - value type: <u32> + - Specifies the action that the SPMC must take in response to a Other-Secure + physical interrupt. + + - 0x0: Other-Secure interrupt is queued + - 0x1: Other-Secure interrupt is signaled + - has-primary-scheduler - value type: <empty> - Presence of this field indicates that the partition implements the primary scheduler. If so, run-time EL must be EL1. -- run-time-model - - value type: <u32> - - Run time model that the SPM must enforce for this SP: - - - 0x0: Run to completion - - 0x1: Preemptible - - time-slice-mem - value type: <empty> - Presence of this field indicates that the partition doesn't expect the @@ -286,6 +287,18 @@ - PPI: 0b01 - SGI: 0b00 +- interrupts-target + - value type: <prop-encoded-array> + - A list of (id, mpdir upper bits, mpidr lower bits) tuples describing which + mpidr the interrupt is routed to, where: + + - id: The <u32> interrupt ID. Must be one of those specified in the + "interrupts" field. + - mpidr upper bits: The <u32> describing the upper bits of the 64 bits + mpidr + - mpidr lower bits: The <u32> describing the lower bits of the 64 bits + mpidr + - exclusive-access - value type: <empty> - Presence of this field implies that this endpoint must be granted exclusive
diff --git a/docs/components/measured_boot/event_log.rst b/docs/components/measured_boot/event_log.rst index 0881248..c102bea 100644 --- a/docs/components/measured_boot/event_log.rst +++ b/docs/components/measured_boot/event_log.rst
@@ -33,3 +33,11 @@ - tpm_event_log_size [mandatory] - value type: <u32> - Event Log size. + +- tpm_event_log_max_size [mandatory] + - value type: <u32> + - Event Log maximum size. + +-------------- + +*Copyright (c) 2023, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/components/ras.rst b/docs/components/ras.rst index 871be2d..8d00345 100644 --- a/docs/components/ras.rst +++ b/docs/components/ras.rst
@@ -1,45 +1,89 @@ Reliability, Availability, and Serviceability (RAS) Extensions -============================================================== +************************************************************** This document describes |TF-A| support for Arm Reliability, Availability, and Serviceability (RAS) extensions. RAS is a mandatory extension for Armv8.2 and later CPUs, and also an optional extension to the base Armv8.0 architecture. -In conjunction with the |EHF|, support for RAS extension enables firmware-first -paradigm for handling platform errors: exceptions resulting from errors in -Non-secure world are routed to and handled in EL3. -Said errors are Synchronous External Abort (SEA), Asynchronous External Abort -(signalled as SErrors), Fault Handling and Error Recovery interrupts. -The |EHF| document mentions various :ref:`error handling -use-cases <delegation-use-cases>` . - For the description of Arm RAS extensions, Standard Error Records, and the precise definition of RAS terminology, please refer to the Arm Architecture -Reference Manual. The rest of this document assumes familiarity with -architecture and terminology. +Reference Manual and `RAS Supplement`_. The rest of this document assumes +familiarity with architecture and terminology. + +There are two philosophies for handling RAS errors from Non-secure world point +of view. + +- :ref:`Firmware First Handling (FFH)` +- :ref:`Kernel First Handling (KFH)` + +.. _Firmware First Handling (FFH): + +Firmware First Handling (FFH) +============================= + +Introduction +------------ + +EA’s and Error interrupts corresponding to NS nodes are handled first in firmware + +- Errors signaled back to NS world via suitable mechanism +- Kernel is prohibited from accessing the RAS error records directly +- Firmware creates CPER records for kernel to navigate and process +- Firmware signals error back to Kernel via SDEI Overview -------- -As mentioned above, the RAS support in |TF-A| enables routing to and handling of -exceptions resulting from platform errors in EL3. It allows the platform to -define an External Abort handler, and to register RAS nodes and interrupts. RAS -framework also provides `helpers`__ for accessing Standard Error Records as -introduced by the RAS extensions. +FFH works in conjunction with `Exception Handling Framework`. Exceptions resulting from +errors in Non-secure world are routed to and handled in EL3. Said errors are Synchronous +External Abort (SEA), Asynchronous External Abort (signalled as SErrors), Fault Handling +and Error Recovery interrupts. +RAS Framework in TF-A allows the platform to define an external abort handler and to +register RAS nodes and interrupts. It also provides `helpers`__ for accessing Standard +Error Records as introduced by the RAS extensions + .. __: `Standard Error Record helpers`_ -The build option ``RAS_EXTENSION`` when set to ``1`` includes the RAS in run -time firmware; ``EL3_EXCEPTION_HANDLING`` and ``HANDLE_EA_EL3_FIRST_NS`` must also -be set ``1``. ``RAS_TRAP_NS_ERR_REC_ACCESS`` controls the access to the RAS -error record registers from Non-secure. +.. _Kernel First Handling (KFH): + +Kernel First Handling (KFH) +=========================== + +Introduction +------------ + +EA's originating/attributed to NS world are handled first in NS and Kernel navigates +the std error records directly. + +**KFH can be supported in a platform without TF-A being aware of it but there are few +corner cases where TF-A needs to have special handling, which is currently missing and +will be added in future** + +TF-A build options +================== + +- **ENABLE_FEAT_RAS**: Manage FEAT_RAS extension when switching the world. +- **RAS_FFH_SUPPORT**: Pull in necessary framework and platform hooks for Firmware first + handling(FFH) of RAS errors. +- **RAS_TRAP_NS_ERR_REC_ACCESS**: Trap Non-secure access of RAS error record registers. +- **RAS_EXTENSION**: Deprecated macro, equivalent to ENABLE_FEAT_RAS and RAS_FFH_SUPPORT + put together. + +RAS feature has dependency on some other TF-A build flags + +- **EL3_EXCEPTION_HANDLING**: Required for FFH +- **HANDLE_EA_EL3_FIRST_NS**: Required for FFH +- **FAULT_INJECTION_SUPPORT**: Required for testing RAS feature on fvp platform + +RAS Framework +============= + .. _ras-figure: .. image:: ../resources/diagrams/draw.io/ras.svg -See more on `Engaging the RAS framework`_. - Platform APIs ------------- @@ -191,19 +235,10 @@ Engaging the RAS framework -------------------------- -Enabling RAS support is a platform choice constructed from three distinct, but -related, build options: - -- ``RAS_EXTENSION=1`` includes the RAS framework in the run time firmware; - -- ``EL3_EXCEPTION_HANDLING=1`` enables handling of exceptions at EL3. See - `Interaction with Exception Handling Framework`_; - -- ``HANDLE_EA_EL3_FIRST_NS=1`` enables routing of External Aborts and SErrors, - resulting from errors in NS world, to EL3. +Enabling RAS support is a platform choice The RAS support in |TF-A| introduces a default implementation of -``plat_ea_handler``, the External Abort handler in EL3. When ``RAS_EXTENSION`` +``plat_ea_handler``, the External Abort handler in EL3. When ``RAS_FFH_SUPPORT`` is set to ``1``, it'll first call ``ras_ea_handler()`` function, which is the top-level RAS exception handler. ``ras_ea_handler`` is responsible for iterating to through platform-supplied error records, probe them, and when an error is @@ -239,4 +274,6 @@ -------------- -*Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.* + +.. _RAS Supplement: https://developer.arm.com/documentation/ddi0587/latest
diff --git a/docs/components/realm-management-extension.rst b/docs/components/realm-management-extension.rst index 6fc0c2e..919eea5 100644 --- a/docs/components/realm-management-extension.rst +++ b/docs/components/realm-management-extension.rst
@@ -13,7 +13,7 @@ The following diagram shows an Arm CCA software architecture with TF-A as the EL3 firmware. In the Arm CCA architecture there are two additional security states and address spaces: ``Root`` and ``Realm``. TF-A firmware runs in the -Root world. In the realm world, a Realm Management Monitor firmware (RMM) +Root world. In the realm world, a Realm Management Monitor firmware (`RMM`_) manages the execution of Realm VMs and their interaction with the hypervisor. .. image:: ../resources/diagrams/arm-cca-software-arch.png @@ -44,7 +44,7 @@ In a typical TF-A boot flow, BL2 runs at Secure-EL1. However when RME is enabled, TF-A runs in the Root world at EL3. Therefore, the boot flow is modified to run BL2 at EL3 when RME is enabled. In addition to this, a -Realm-world firmware (RMM) is loaded by BL2 in the Realm physical address +Realm-world firmware (`RMM`_) is loaded by BL2 in the Realm physical address space. The boot flow when RME is enabled looks like the following: @@ -70,57 +70,85 @@ RMM Dispatcher (RMMD) ************************ RMMD is a new standard runtime service that handles the switch to the Realm -world. It initializes the RMM and handles Realm Management Interface (RMI) -SMC calls from Non-secure and Realm worlds. +world. It initializes the `RMM`_ and handles Realm Management Interface (RMI) +SMC calls from Non-secure. -There is a contract between RMM and RMMD that defines the arguments that the +There is a contract between `RMM`_ and RMMD that defines the arguments that the former needs to take in order to initialize and also the possible return values. -This contract is defined in the RMM Boot Interface, which can be found at +This contract is defined in the `RMM`_ Boot Interface, which can be found at :ref:`rmm_el3_boot_interface`. There is also a specification of the runtime services provided by TF-A -to RMM. This can be found at :ref:`runtime_services_and_interface`. +to `RMM`_. This can be found at :ref:`runtime_services_and_interface`. Test Realm Payload (TRP) ************************* TRP is a small test payload that runs at R-EL2 and implements a subset of the Realm Management Interface (RMI) commands to primarily test EL3 firmware and the interface between R-EL2 and EL3. When building TF-A with RME enabled, -if a path to an RMM image is not provided, TF-A builds the TRP by default -and uses it as RMM image. +if the path to an RMM image is not provided, TF-A builds the TRP by default +and uses it as the R-EL2 payload. Building and running TF-A with RME ------------------------------------- +---------------------------------- This section describes how you can build and run TF-A with RME enabled. -We assume you have all the :ref:`Prerequisites` to build TF-A. +We assume you have read the :ref:`Prerequisites` to build TF-A. The following instructions show you how to build and run TF-A with RME -for two scenarios: +on FVP for two scenarios: -- Three-world execution: TF-A with TF-A Tests or Linux. +- Three-world execution: This is the configuration to use if Secure + world functionality is not needed. TF-A is tested with the following + software entities in each world as listed below: - - NS (TF-A Test or Linux), + - NS Host (RME capable Linux or TF-A Tests), - Root (TF-A) - - Realm (RMM or TRP) + - R-EL2 (`RMM`_ or TRP) -- Four-world execution: TF-A, Hafnium and TF-A Tests or Linux. +- Four-world execution: This is the configuration to use if both Secure + and Realm world functionality is needed. TF-A is tested with the following + software entities in each world as listed below: - - NS (TF-A Test or Linux), + - NS Host (RME capable Linux or TF-A Tests), - Root (TF-A) - - Realm (RMM or TRP) - - SPM (Hafnium) + - R-EL2 (`RMM`_ or TRP) + - S-EL2 (Hafnium SPM) To run the tests, you need an FVP model. Please use the :ref:`latest version -<Arm Fixed Virtual Platforms (FVP)>` of *FVP_Base_RevC-2xAEMvA* model. +<Arm Fixed Virtual Platforms (FVP)>` of *FVP_Base_RevC-2xAEMvA* model. If NS +Host is Linux, then the below instructions assume that a suitable RME enabled +kernel image and associated root filesystem are available. -Three World Testing with TF-A Tests -************************************* +Three-world execution +********************* -**1. Obtain and build TF-A Tests with Realm Payload** +**1. Clone and build RMM Image** -The full set of instructions to setup build host and build options for -TF-A-Tests can be found in the `TFTF Getting Started`_. +Please refer to the `RMM Getting Started`_ on how to setup +Host Environment and build `RMM`_. The build commands assume that +an AArch64 toolchain and CMake executable are available in the +shell PATH variable and CROSS_COMPILE variable has been setup +appropriately. + +To clone `RMM`_ and build using the default build options for FVP: + +.. code:: shell + + git clone --recursive https://git.trustedfirmware.org/TF-RMM/tf-rmm.git + cd tf-rmm + cmake -DRMM_CONFIG=fvp_defcfg -S . -B build + cmake --build build + +This will generate **rmm.img** in **build/Release** folder. + +**2. Clone and build TF-A Tests with Realm Payload** + +This step is only needed if NS Host is TF-A Tests. The full set +of instructions to setup build host and build options for +TF-A-Tests can be found in the `TFTF Getting Started`_. TF-A Tests +can test Realm world with either `RMM`_ or TRP in R-EL2. In the TRP case, +some tests which are not applicable will be skipped. Use the following instructions to build TF-A with `TF-A Tests`_ as the non-secure payload (BL33). @@ -134,37 +162,23 @@ This produces a TF-A Tests binary (**tftf.bin**) with Realm payload packaged and **sp_layout.json** in the **build/fvp/debug** directory. -**2. Obtain and build RMM Image** -Please refer to the `RMM Getting Started`_ on how to setup -Host Environment and build RMM. - -The below command shows how to build RMM using the default build options for FVP. - -.. code:: shell - - git clone --recursive https://git.trustedfirmware.org/TF-RMM/tf-rmm.git - cd tf-rmm - cmake -DRMM_CONFIG=fvp_defcfg -S . -B build - cmake --build build - -This will generate **rmm.img** in **build** folder. - -**3. Build TF-A** +**3. Build RME Enabled TF-A** The `TF-A Getting Started`_ has the necessary instructions to setup Host machine and build TF-A. To build for RME, set ``ENABLE_RME`` build option to 1 and provide the path to -the RMM binary using the ``RMM`` build option. -Currently, this feature is only supported for the FVP platform. +the `RMM`_ binary ``rmm.img`` using ``RMM`` build option. .. note:: ENABLE_RME build option is currently experimental. -If the ``RMM`` option is not used, then the Test Realm Payload (TRP) in TF-A -will be built and used as the RMM. +.. note:: + + If the ``RMM`` option is not specified, TF-A builds the TRP to load and + run at R-EL2. .. code:: shell @@ -176,16 +190,42 @@ RMM=<path/to/rmm.img> \ FVP_HW_CONFIG_DTS=fdts/fvp-base-gicv3-psci-1t.dts \ DEBUG=1 \ - BL33=<path/to/tftf.bin> \ + BL33=<path/to/bl33> \ all fip -This produces **bl1.bin** and **fip.bin** binaries in the **build/fvp/debug** directory. +``BL33`` can point to a Non Secure Bootloader like UEFI/U-Boot or +the TF-A Tests binary(**tftf.bin**) from the previous step. -Running the tests for a 3 world FVP setup -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +This produces **bl1.bin** and **fip.bin** binaries in the **build/fvp/debug** +directory. -Use the following command to run the tests on FVP. TF-A Tests should boot -and run the default tests including Realm world tests. +TF-A can also directly boot Linux kernel on the FVP. The kernel needs to be +`preloaded` to a suitable memory location and this needs to be specified via +``PRELOADED_BL33_BASE`` build option. Also TF-A should implement the Linux +kernel register conventions for boot and this can be set using the +``ARM_LINUX_KERNEL_AS_BL33`` option. + +.. code-block:: shell + + cd trusted-firmware-a + make CROSS_COMPILE=aarch64-none-elf- \ + PLAT=fvp \ + ENABLE_RME=1 \ + RMM=<path/to/rmm.img> \ + FVP_HW_CONFIG_DTS=fdts/fvp-base-gicv3-psci-1t.dts \ + DEBUG=1 \ + ARM_LINUX_KERNEL_AS_BL33=1 \ + PRELOADED_BL33_BASE=0x84000000 \ + all fip + +The above command assumes that the Linux kernel will be placed in FVP +memory at 0x84000000 via suitable FVP option (see the next step). + +.. _fvp_3_world_cmd: + +**4. Running FVP for 3 world setup** + +Use the following command to run the tests on FVP. .. code:: shell @@ -196,7 +236,7 @@ -C bp.refcounter.use_real_time=0 \ -C bp.ve_sysregs.exit_on_shutdown=1 \ -C cache_state_modelled=1 \ - -C bp.dram_size=2 \ + -C bp.dram_size=4 \ -C bp.secure_memory=1 \ -C pci.pci_smmuv3.mmu.SMMU_ROOT_IDR0=3 \ -C pci.pci_smmuv3.mmu.SMMU_ROOT_IIDR=0x43B \ @@ -239,9 +279,30 @@ -C cluster1.restriction_on_speculative_execution_aarch32=2 \ -C pctl.startup=0.0.0.0 \ -C bp.smsc_91c111.enabled=1 \ - -C bp.hostbridge.userNetworking=1 + -C bp.hostbridge.userNetworking=1 \ + -C bp.virtioblockdevice.image_path=<path/to/rootfs.ext4> -The bottom of the output from *uart0* should look something like the following. +The ``bp.virtioblockdevice.image_path`` option presents the rootfs as a +virtio block device to Linux kernel. It can be ignored if NS Host is +TF-A-Tests or rootfs is accessed by some other mechanism. + +If TF-A was built to expect a preloaded Linux kernel, then use the following +FVP argument to load the kernel image at the expected address. + +.. code-block:: shell + + --data cluster0.cpu0=<path_to_kernel_Image>@0x84000000 \ + + +.. tip:: + Tips to boot and run Linux faster on the FVP : + 1. Set the FVP option ``cache_state_modelled`` to 0. + 2. Disable the CPU Idle driver in Linux either by setting the kernel command line + parameter "cpuidle.off=1" or by disabling the ``CONFIG_CPU_IDLE`` kernel config. + +If the NS Host is TF-A-Tests, then the default test suite in TFTF +will execute on the FVP and this includes Realm world tests. The +tail of the output from *uart0* should look something like the following. .. code-block:: shell @@ -263,52 +324,19 @@ Passed ... -Building TF-A with RME enabled Linux Kernel -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -If an RME enabled Linux kernel and filesystem is available for testing, -and a suitable NS boot loader is not available, then this option can be used to -launch kernel directly after BL31: - -.. code-block:: shell - - cd trusted-firmware-a - make CROSS_COMPILE=aarch64-none-elf- \ - PLAT=fvp \ - ENABLE_RME=1 \ - RMM=<path/to/rmm.img> \ - FVP_HW_CONFIG_DTS=fdts/fvp-base-gicv3-psci-1t.dts \ - DEBUG=1 \ - ARM_LINUX_KERNEL_AS_BL33=1 \ - PRELOADED_BL33_BASE=0x84000000 \ - all fip - -Boot and run the RME enabled Linux Kernel -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Use the following additional arguments to boot the kernel on FVP. - -.. code-block:: shell - - --data cluster0.cpu0=<path_to_kernel_Image>@0x84000000 \ - -C bp.virtioblockdevice.image_path=<path_to_rootfs.ext4> - -.. tip:: - - Set the FVP option `cache_state_modelled=0` to run Linux based tests much faster. - -Four-world execution with Hafnium and TF-A Tests -************************************************* +Four-world execution +******************** Four-world execution involves software components in each security state: root, secure, realm and non-secure. This section describes how to build TF-A with four-world support. -We use TF-A as the root firmware, `Hafnium SPM`_ is the reference Secure world component -and the software components for the other 2 worlds (Realm and Non-Secure) -are as described in the previous section. +We use TF-A as the root firmware, `Hafnium SPM`_ is the reference Secure world +component running at S-EL2. `RMM`_ can be built as described in previous +section. The examples below assume TF-A-Tests as the NS Host and utilize SPs +from TF-A-Tests. -**1. Obtain and build Hafnium** +**1. Obtain and build Hafnium SPM** .. code:: shell @@ -342,11 +370,12 @@ The Hafnium binary should be located at *out/reference/secure_aem_v8a_fvp_clang/hafnium.bin* -**2. Build TF-A** +**2. Build RME enabled TF-A with SPM** Build TF-A with RME as well as SPM enabled. -Use sp_layout.json previously generated in tf-a-test build. +Use the ``sp_layout.json`` previously generated in TF-A Tests +build to run SP tests. .. code:: shell @@ -355,7 +384,6 @@ ENABLE_RME=1 \ FVP_HW_CONFIG_DTS=fdts/fvp-base-gicv3-psci-1t.dts \ SPD=spmd \ - SPMD_SPM_AT_SEL2=1 \ BRANCH_PROTECTION=1 \ CTX_INCLUDE_PAUTH_REGS=1 \ DEBUG=1 \ @@ -365,11 +393,11 @@ RMM=<path/to/rmm.img> \ all fip -Running the tests for a 4 world FVP setup -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**3. Running the FVP for a 4 world setup** -Use the following arguments in addition to -`Running the tests for a 3 world FVP setup`_ to run tests for 4 world setup. +Use the following arguments in addition to the FVP options mentioned in +:ref:`4. Running FVP for 3 world setup <fvp_3_world_cmd>` to run tests for +4 world setup. .. code:: shell @@ -388,4 +416,5 @@ .. _TF-A Tests: https://trustedfirmware-a-tests.readthedocs.io/en/latest .. _TFTF Getting Started: https://trustedfirmware-a-tests.readthedocs.io/en/latest/getting_started/index.html .. _Hafnium SPM: https://www.trustedfirmware.org/projects/hafnium -.. _RMM Getting Started: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tree/docs/getting_started/index.rst +.. _RMM Getting Started: https://tf-rmm.readthedocs.io/en/latest/getting_started/index.html +.. _RMM: https://www.trustedfirmware.org/projects/tf-rmm/
diff --git a/docs/components/rmm-el3-comms-spec.rst b/docs/components/rmm-el3-comms-spec.rst index 8070ff4..6b57c0e 100644 --- a/docs/components/rmm-el3-comms-spec.rst +++ b/docs/components/rmm-el3-comms-spec.rst
@@ -53,7 +53,7 @@ consistency with the versioning schemes used in other parts of RMM. This document specifies the 0.1 version of Boot Interface ABI and RMM-EL3 -services specification and the 0.1 version of the Boot Manifest. +services specification and the 0.2 version of the Boot Manifest. .. _rmm_el3_boot_interface: @@ -71,7 +71,7 @@ The Boot Interface ABI defines a set of register conventions and also a memory based manifest file to pass information from EL3 to RMM. The -boot manifest and the associated platform data in it can be dynamically created +Boot Manifest and the associated platform data in it can be dynamically created by EL3 and there is no restriction on how the data can be obtained (e.g by DTB, hoblist or other). @@ -99,9 +99,9 @@ x0,Linear index of this PE. This index starts from 0 and must be less than the maximum number of CPUs to be supported at runtime (see x2). x1,Version for this Boot Interface as defined in :ref:`rmm_el3_ifc_versioning`. x2,Maximum number of CPUs to be supported at runtime. RMM should ensure that it can support this maximum number. - x3,Base address for the shared buffer used for communication between EL3 firmware and RMM. This buffer must be of 4KB size (1 page). The boot manifest must be present at the base of this shared buffer during cold boot. + x3,Base address for the shared buffer used for communication between EL3 firmware and RMM. This buffer must be of 4KB size (1 page). The Boot Manifest must be present at the base of this shared buffer during cold boot. -During cold boot, EL3 firmware needs to allocate a 4K page that will be +During cold boot, EL3 firmware needs to allocate a 4KB page that will be passed to RMM in x3. This memory will be used as shared buffer for communication between EL3 and RMM. It must be assigned to Realm world and must be mapped with Normal memory attributes (IWB-OWB-ISH) at EL3. At boot, this memory will be @@ -162,8 +162,8 @@ ``E_RMM_BOOT_CPUS_OUT_OF_RAGE``,Number of CPUs reported by EL3 larger than maximum supported by RMM,-3 ``E_RMM_BOOT_CPU_ID_OUT_OF_RAGE``,Current CPU Id is higher or equal than the number of CPUs supported by RMM,-4 ``E_RMM_BOOT_INVALID_SHARED_BUFFER``,Invalid pointer to shared memory area,-5 - ``E_RMM_BOOT_MANIFEST_VERSION_NOT_SUPPORTED``,Version reported by the boot manifest not supported by RMM,-6 - ``E_RMM_BOOT_MANIFEST_DATA_ERROR``,Error parsing core boot manifest,-7 + ``E_RMM_BOOT_MANIFEST_VERSION_NOT_SUPPORTED``,Version reported by the Boot Manifest not supported by RMM,-6 + ``E_RMM_BOOT_MANIFEST_DATA_ERROR``,Error parsing core Boot Manifest,-7 For any error detected in RMM during cold or warm boot, RMM will return back to EL3 using ``RMM_BOOT_COMPLETE`` SMC with an appropriate error code. It is @@ -177,25 +177,28 @@ Boot Manifest ~~~~~~~~~~~~~ -During cold boot, EL3 Firmware passes a memory boot manifest to RMM containing +During cold boot, EL3 Firmware passes a memory Boot Manifest to RMM containing platform information. -This boot manifest is versioned independently of the boot interface, to help -evolve the boot manifest independent of the rest of Boot Manifest. -The current version for the boot manifest is ``v0.1`` and the rules explained +This Boot Manifest is versioned independently of the Boot Interface, to help +evolve the former independent of the latter. +The current version for the Boot Manifest is ``v0.2`` and the rules explained in :ref:`rmm_el3_ifc_versioning` apply on this version as well. -The boot manifest is divided into two different components: +The Boot Manifest v0.2 has the following fields: - - Core Manifest: This is the generic parameters passed to RMM by EL3 common to all platforms. - - Platform data: This is defined by the platform owner and contains information specific to that platform. + - version : Version of the Manifest (v0.2) + - plat_data : Pointer to the platform specific data and not specified by this + document. These data are optional and can be NULL. + - plat_dram : Structure encoding the NS DRAM information on the platform. This + field is also optional and platform can choose to zero out this structure if + RMM does not need EL3 to send this information during the boot. -For the current version of the manifest, the core manifest contains a pointer -to the platform data. EL3 must ensure that the whole boot manifest, -including the platform data, if available, fits inside the RMM EL3 shared -buffer. +For the current version of the Boot Manifest, the core manifest contains a pointer +to the platform data. EL3 must ensure that the whole Boot Manifest, including +the platform data, if available, fits inside the RMM EL3 shared buffer. -For the type specification of the RMM Boot Manifest v0.1, refer to +For the data structure specification of Boot Manifest, refer to :ref:`rmm_el3_manifest_struct` .. _runtime_services_and_interface: @@ -522,22 +525,62 @@ .. _rmm_el3_manifest_struct: -RMM-EL3 Boot Manifest Version -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +RMM-EL3 Boot Manifest structure +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The RMM-EL3 Boot Manifest structure contains platform boot information passed -from EL3 to RMM. The width of the Boot Manifest is 128 bits - -.. image:: ../resources/diagrams/rmm_el3_manifest_struct.png +The RMM-EL3 Boot Manifest v0.2 structure contains platform boot information passed +from EL3 to RMM. The size of the Boot Manifest is 40 bytes. The members of the RMM-EL3 Boot Manifest structure are shown in the following table: -.. csv-table:: - :header: "Name", "Range", "Type", Description - :widths: 2 1 1 4 ++-----------+--------+----------------+----------------------------------------+ +| Name | Offset | Type | Description | ++===========+========+================+========================================+ +| version | 0 | uint32_t | Boot Manifest version | ++-----------+--------+----------------+----------------------------------------+ +| padding | 4 | uint32_t | Reserved, set to 0 | ++-----------+--------+----------------+----------------------------------------+ +| plat_data | 8 | uintptr_t | Pointer to Platform Data section | ++-----------+--------+----------------+----------------------------------------+ +| plat_dram | 16 | ns_dram_info | NS DRAM Layout Info structure | ++-----------+--------+----------------+----------------------------------------+ - ``Version Minor``,15:0,uint16_t,Version Minor part of the Boot Manifest Version. - ``Version Major``,30:16,uint16_t,Version Major part of the Boot Manifest Version. - ``RES0``,31,bit,Reserved. Set to 0. - ``Platform Data``,127:64,Address,Pointer to the Platform Data section of the Boot Manifest. +.. _ns_dram_info_struct: + +NS DRAM Layout Info structure +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +NS DRAM Layout Info structure contains information about platform Non-secure +DRAM layout. The members of this structure are shown in the table below: + ++-----------+--------+----------------+----------------------------------------+ +| Name | Offset | Type | Description | ++===========+========+================+========================================+ +| num_banks | 0 | uint64_t | Number of NS DRAM banks | ++-----------+--------+----------------+----------------------------------------+ +| banks | 8 | ns_dram_bank * | Pointer to 'ns_dram_bank'[] array | ++-----------+--------+----------------+----------------------------------------+ +| checksum | 16 | uint64_t | Checksum | ++-----------+--------+----------------+----------------------------------------+ + +Checksum is calculated as two's complement sum of 'num_banks', 'banks' pointer +and DRAM banks data array pointed by it. + +.. _ns_dram_bank_struct: + +NS DRAM Bank structure +~~~~~~~~~~~~~~~~~~~~~~ + +NS DRAM Bank structure contains information about each Non-secure DRAM bank: + ++-----------+--------+----------------+----------------------------------------+ +| Name | Offset | Type | Description | ++===========+========+================+========================================+ +| base | 0 | uintptr_t | Base address | ++-----------+--------+----------------+----------------------------------------+ +| size | 8 | uint64_t | Size of bank in bytes | ++-----------+--------+----------------+----------------------------------------+ + + +
diff --git a/docs/components/secure-partition-manager.rst b/docs/components/secure-partition-manager.rst index cd439ad..e61dc20 100644 --- a/docs/components/secure-partition-manager.rst +++ b/docs/components/secure-partition-manager.rst
@@ -150,9 +150,6 @@ at EL3. - If neither ``SPMD_SPM_AT_SEL2`` or ``SPMC_AT_EL3`` are enabled the SPMC exception level is set to S-EL1. -- **CTX_INCLUDE_EL2_REGS**: this option permits saving (resp. - restoring) the EL2 system register context before entering (resp. - after leaving) the SPMC. It is mandatorily enabled when ``SPMD_SPM_AT_SEL2`` is enabled. The context save/restore routine and exhaustive list of registers is visible at `[4]`_. - **SP_LAYOUT_FILE**: this option specifies a text description file @@ -161,16 +158,16 @@ is required when ``SPMD_SPM_AT_SEL2`` is enabled hence when multiple secure partitions are to be loaded by BL2 on behalf of the SPMC. -+---------------+----------------------+------------------+-------------+ -| | CTX_INCLUDE_EL2_REGS | SPMD_SPM_AT_SEL2 | SPMC_AT_EL3 | -+---------------+----------------------+------------------+-------------+ -| SPMC at S-EL1 | 0 | 0 | 0 | -+---------------+----------------------+------------------+-------------+ -| SPMC at S-EL2 | 1 | 1 (default when | 0 | -| | | SPD=spmd) | | -+---------------+----------------------+------------------+-------------+ -| SPMC at EL3 | 0 | 0 | 1 | -+---------------+----------------------+------------------+-------------+ ++---------------+------------------+-------------+-------------------------+ +| | SPMD_SPM_AT_SEL2 | SPMC_AT_EL3 | CTX_INCLUDE_EL2_REGS(*) | ++---------------+------------------+-------------+-------------------------+ +| SPMC at S-EL1 | 0 | 0 | 0 | ++---------------+------------------+-------------+-------------------------+ +| SPMC at S-EL2 | 1 (default when | 0 | 1 | +| | SPD=spmd) | | | ++---------------+------------------+-------------+-------------------------+ +| SPMC at EL3 | 0 | 1 | 0 | ++---------------+------------------+-------------+-------------------------+ Other combinations of such build options either break the build or are not supported. @@ -181,9 +178,9 @@ stack. - When ``SPMD_SPM_AT_SEL2=1``, the reference software stack assumes enablement of FEAT_PAuth, FEAT_BTI and FEAT_MTE architecture extensions. -- The ``CTX_INCLUDE_EL2_REGS`` option provides the generic support for - barely saving/restoring EL2 registers from an Arm arch perspective. As such - it is decoupled from the ``SPD=spmd`` option. +- ``(*) CTX_INCLUDE_EL2_REGS``, this flag is |TF-A| internal and informational + in this table. When set, it provides the generic support for saving/restoring + EL2 registers required when S-EL2 firmware is present. - BL32 option is re-purposed to specify the SPMC image. It can specify either the Hafnium binary path (built for the secure world) or the path to a TEE binary implementing FF-A interfaces. @@ -212,7 +209,6 @@ CROSS_COMPILE=aarch64-none-elf- \ PLAT=fvp \ SPD=spmd \ - CTX_INCLUDE_EL2_REGS=1 \ ARM_ARCH_MINOR=5 \ BRANCH_PROTECTION=1 \ CTX_INCLUDE_PAUTH_REGS=1 \ @@ -230,7 +226,6 @@ CROSS_COMPILE=aarch64-none-elf- \ PLAT=fvp \ SPD=spmd \ - CTX_INCLUDE_EL2_REGS=1 \ ARM_ARCH_MINOR=5 \ BRANCH_PROTECTION=1 \ CTX_INCLUDE_PAUTH_REGS=1 \ @@ -466,8 +461,15 @@ - *cpus* node provide the platform topology and allows MPIDR to VMPIDR mapping. Note the primary core is declared first, then secondary cores are declared in reverse order. -- The *memory* node provides platform information on the ranges of memory - available to the SPMC. +- The *memory* nodes provide platform information on the ranges of memory + available for use by SPs at runtime. These ranges relate to either + secure or non-secure memory, depending on the *device_type* field. + If the field specifies "memory" the range is secure, else if it specifies + "ns-memory" the memory is non-secure. The system integrator must exclude + the memory used by other components that are not SPs, such as the monitor, + or the SPMC itself, the OS Kernel/Hypervisor, or other NWd VMs. The SPMC + limits the SP's address space such that they do not access memory outside + of those ranges. SPMC boot ~~~~~~~~~ @@ -567,7 +569,12 @@ - Memory regions are mapped in the SP EL1&0 Stage-2 translation regime at load time (or EL1&0 Stage-1 for an S-EL1 SPMC). A memory region node can specify RX/TX buffer regions in which case it is not necessary for an SP - to explicitly invoke the ``FFA_RXTX_MAP`` interface. + to explicitly invoke the ``FFA_RXTX_MAP`` interface. The memory referred + shall be contained within the memory ranges defined in SPMC manifest. The + NS bit in the attributes field should be consistent with the security + state of the range that it relates to. I.e. non-secure memory shall be + part of a non-secure memory range, and secure memory shall be contained + in a secure memory range of a given platform. - Device regions are mapped in the SP EL1&0 Stage-2 translation regime (or EL1&0 Stage-1 for an S-EL1 SPMC) as peripherals and possibly allocate additional resources (e.g. interrupts). @@ -1034,6 +1041,68 @@ This is used in particular to convey power management messages. +Memory Sharing +-------------- + +Hafnium implements the following memory sharing interfaces: + + - ``FFA_MEM_SHARE`` - for shared access between lender and borrower. + - ``FFA_MEM_LEND`` - borrower to obtain exclusive access, though lender + retains ownership of the memory. + - ``FFA_MEM_DONATE`` - lender permanently relinquishes ownership of memory + to the borrower. + +The ``FFA_MEM_RETRIEVE_REQ`` interface is for the borrower to request the +memory to be mapped into its address space: for S-EL1 partitions the SPM updates +their stage 2 translation regime; for S-EL0 partitions the SPM updates their +stage 1 translation regime. On a successful call, the SPMC responds back with +``FFA_MEM_RETRIEVE_RESP``. + +The ``FFA_MEM_RELINQUISH`` interface is for when the borrower is done with using +a memory region. + +The ``FFA_MEM_RECLAIM`` interface is for the owner of the memory to reestablish +its ownership and exclusive access to the memory shared. + +The memory transaction descriptors are transmitted via RX/TX buffers. In +situations where the size of the memory transaction descriptor exceeds the +size of the RX/TX buffers, Hafnium provides support for fragmented transmission +of the full transaction descriptor. The ``FFA_MEM_FRAG_RX`` and ``FFA_MEM_FRAG_TX`` +interfaces are for receiving and transmitting the next fragment, respectively. + +If lender and borrower(s) are SPs, all memory sharing operations are supported. + +Hafnium also supports memory sharing operations between the normal world and the +secure world. If there is an SP involved, the SPMC allocates data to track the +state of the operation. + +The SPMC is also the designated allocator for the memory handle. The hypervisor +or OS kernel has the possibility to rely on the SPMC to maintain the state +of the operation, thus saving memory. +A lender SP can only donate NS memory to a borrower from the normal world. + +The SPMC supports the hypervisor retrieve request, as defined by the FF-A +v1.1 EAC0 specification, in section 16.4.3. The intent is to aid with operations +that the hypervisor must do for a VM retriever. For example, when handling +an FFA_MEM_RECLAIM, if the hypervisor relies on SPMC to keep the state +of the operation, the hypervisor retrieve request can be used to obtain +that state information, do the necessary validations, and update stage 2 +memory translation. + +Hafnium also supports memory lend and share targetting multiple borrowers. +This is the case for a lender SP to multiple SPs, and for a lender VM to +multiple endpoints (from both secure world and normal world). If there is +at least one borrower VM, the hypervisor is in charge of managing its +stage 2 translation on a successful memory retrieve. +The semantics of ``FFA_MEM_DONATE`` implies ownership transmission, +which should target only one partition. + +The memory share interfaces are backwards compatible with memory transaction +descriptors from FF-A v1.0. These get translated to FF-A v1.1 descriptors for +Hafnium's internal processing of the operation. If the FF-A version of a +borrower is v1.0, Hafnium provides FF-A v1.0 compliant memory transaction +descriptors on memory retrieve response. + PE MMU configuration -------------------- @@ -1323,6 +1392,25 @@ direct request to SP2 by invoking FFA_RUN. - 9) SPMC resumes the pre-empted vCPU of SP2. +EL3 interrupt handling +~~~~~~~~~~~~~~~~~~~~~~ + +In GICv3 based systems, EL3 interrupts are configured as Group0 secure +interrupts. Execution traps to SPMC when a Group0 interrupt triggers while an +SP is running. Further, SPMC running at S-EL2 uses FFA_EL3_INTR_HANDLE ABI to +request EL3 platform firmware to handle a pending Group0 interrupt. +Similarly, SPMD registers a handler with interrupt management framework to +delegate handling of Group0 interrupt to the platform if the interrupt triggers +in normal world. + + - Platform hook + + - plat_spmd_handle_group0_interrupt + + SPMD provides platform hook to handle Group0 secure interrupts. In the + current design, SPMD expects the platform not to delegate handling to the + NWd (such as through SDEI) while processing Group0 interrupts. + Power management ---------------- @@ -1562,4 +1650,4 @@ -------------- -*Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/components/spd/optee-dispatcher.rst b/docs/components/spd/optee-dispatcher.rst index 63baccc..81476f1 100644 --- a/docs/components/spd/optee-dispatcher.rst +++ b/docs/components/spd/optee-dispatcher.rst
@@ -6,9 +6,26 @@ To build and execute OP-TEE follow the instructions at `OP-TEE build.git`_ +There are two different modes for loading the OP-TEE OS. The default mode will +load it as the BL32 payload during boot, and is the recommended technique for +platforms to use. There is also another technique that will load OP-TEE OS after +boot via an SMC call by enabling the option for OPTEE_ALLOW_SMC_LOAD that was +specifically added for ChromeOS. Loading OP-TEE via an SMC call may be insecure +depending upon the platform configuration. If using that option, be sure to +understand the risks involved with allowing the Trusted OS to be loaded this +way. ChromeOS uses a boot flow where it verifies the signature of the firmware +before executing it, and then only if the signature is valid will the 'secrets' +used by the TEE become accessible. The firmware then verifies the signature of +the kernel using depthcharge, and the kernel verifies the rootfs using +dm-verity. The SMC call to load OP-TEE is then invoked immediately after the +kernel finishes loading and before any attack vectors can be opened up by +mounting writable filesystems or opening network/device connections. this +ensures the platform is 'closed' and running signed code through the point where +OP-TEE is loaded. + -------------- -*Copyright (c) 2014-2018, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.* .. _OP-TEE OS: https://github.com/OP-TEE/build .. _OP-TEE build.git: https://github.com/OP-TEE/build
diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst index 6913e66..597f955 100644 --- a/docs/design/auth-framework.rst +++ b/docs/design/auth-framework.rst
@@ -236,18 +236,56 @@ void *sig_ptr, unsigned int sig_len, void *sig_alg, unsigned int sig_alg_len, void *pk_ptr, unsigned int pk_len); + int (*calc_hash)(enum crypto_md_algo alg, void *data_ptr, + unsigned int data_len, + unsigned char output[CRYPTO_MD_MAX_SIZE]) int (*verify_hash)(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); + int (*auth_decrypt)(enum crypto_dec_algo dec_algo, void *data_ptr, + size_t len, const void *key, unsigned int key_len, + unsigned int key_flags, const void *iv, + unsigned int iv_len, const void *tag, + unsigned int tag_len); These functions are registered in the CM using the macro: .. code:: c - REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash); + REGISTER_CRYPTO_LIB(_name, + _init, + _verify_signature, + _calc_hash, + _verify_hash, + _auth_decrypt, + _convert_pk); ``_name`` must be a string containing the name of the CL. This name is used for debugging purposes. +Crypto module provides a function ``_calc_hash`` to calculate and +return the hash of the given data using the provided hash algorithm. +This function is mainly used in the ``MEASURED_BOOT`` and ``DRTM_SUPPORT`` +features to calculate the hashes of various images/data. + +Optionally, a platform function can be provided to convert public key +(_convert_pk). It is only used if the platform saves a hash of the ROTPK. +Most platforms save the hash of the ROTPK, but some may save slightly different +information - e.g the hash of the ROTPK plus some related information. +Defining this function allows to transform the ROTPK used to verify +the signature to the buffer (a platform specific public key) which +hash is saved in OTP. + +.. code:: c + + int (*convert_pk)(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len); + + +- ``full_pk_ptr``: Pointer to Distinguished Encoding Rules (DER) ROTPK. +- ``full_pk_len``: DER ROTPK size. +- ``hashed_pk_ptr``: to return a pointer to a buffer, which hash should be the one saved in OTP. +- ``hashed_pk_len``: previous buffer size + Image Parser Module (IPM) ^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -936,7 +974,7 @@ based on mbed TLS, which can be found in ``drivers/auth/mbedtls/mbedtls_crypto.c``. This library is registered in the authentication framework using the macro ``REGISTER_CRYPTO_LIB()`` and exports -four functions: +below functions: .. code:: c @@ -945,6 +983,9 @@ void *sig_ptr, unsigned int sig_len, void *sig_alg, unsigned int sig_alg_len, void *pk_ptr, unsigned int pk_len); + int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, + unsigned int data_len, + unsigned char output[CRYPTO_MD_MAX_SIZE]) int verify_hash(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); int auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, @@ -975,6 +1016,6 @@ -------------- -*Copyright (c) 2017-2020, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.* .. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst index 55e265c..758d62b 100644 --- a/docs/design/cpu-specific-build-macros.rst +++ b/docs/design/cpu-specific-build-macros.rst
@@ -317,6 +317,23 @@ CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, and r1p2, and it is still open. +- ``ERRATA_A78_2712571``: This applies erratum 2712571 workaround to Cortex-A78 + CPU, this erratum affects system configurations that do not use an ARM + interconnect IP. This needs to be enabled for revisions r0p0, r1p0, r1p1 + and r1p2 and it is still open. + +- ``ERRATA_A78_2742426``: This applies erratum 2742426 workaround to Cortex-A78 + CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1 and r1p2 and + it is still open. + +- ``ERRATA_A78_2772019``: This applies errata 2772019 workaround to Cortex-A78 + CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, and r1p2, and + it is still open. + +- ``ERRATA_A78_2779479``: This applies erratum 2779479 workaround to Cortex-A78 + CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1 and r1p2 and + it is still open. + For Cortex-A78 AE, the following errata build flags are defined : - ``ERRATA_A78_AE_1941500`` : This applies errata 1941500 workaround to @@ -335,8 +352,21 @@ Cortex-A78 AE CPU. This needs to be enabled for revisions r0p0 and r0p1. This erratum is still open. +- ``ERRATA_A78_AE_2712574`` : This applies erratum 2712574 workaround to + Cortex-A78 AE CPU. This erratum affects system configurations that do not use + an ARM interconnect IP. This needs to be enabled for revisions r0p0, r0p1 and + r0p2. This erratum is still open. + For Cortex-A78C, the following errata build flags are defined : +- ``ERRATA_A78C_1827430`` : This applies errata 1827430 workaround to + Cortex-A78C CPU. This needs to be enabled for revision r0p0. The erratum is + fixed in r0p1. + +- ``ERRATA_A78C_1827440`` : This applies errata 1827440 workaround to + Cortex-A78C CPU. This needs to be enabled for revision r0p0. The erratum is + fixed in r0p1. + - ``ERRATA_A78C_2132064`` : This applies errata 2132064 workaround to Cortex-A78C CPU. This needs to be enabled for revisions r0p1, r0p2 and it is still open. @@ -353,6 +383,19 @@ Cortex-A78C CPU. This needs to be enabled for revisions r0p1 and r0p2. This erratum is still open. +- ``ERRATA_A78C_2712575`` : This applies erratum 2712575 workaround to + Cortex-A78C CPU, this erratum affects system configurations that do not use + an ARM interconnect IP. This needs to be enabled for revisions r0p1 and r0p2 + and is still open. + +- ``ERRATA_A78C_2772121`` : This applies errata 2772121 workaround to + Cortex-A78C CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2. + This erratum is still open. + +- ``ERRATA_A78C_2779484`` : This applies errata 2779484 workaround to + Cortex-A78C CPU. This needs to be enabled for revisions r0p1 and r0p2. + This erratum is still open. + For Cortex-X1 CPU, the following errata build flags are defined: - ``ERRATA_X1_1821534`` : This applies errata 1821534 workaround to Cortex-X1 @@ -460,6 +503,30 @@ CPU. This needs to be enabled for revisions r0p0, r1p0 and r1p1 of the CPU. It is still open. +- ``ERRATA_V1_2701953``: This applies erratum 2701953 workaround to Neoverse-V1 + CPU, this erratum affects system configurations that do not use an ARM + interconnect IP. This needs to be enabled for revisions r0p0, r1p0 and r1p1. + It has been fixed in r1p2. + +- ``ERRATA_V1_2743093``: This applies errata 2743093 workaround to Neoverse-V1 + CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1 and r1p2 of the + CPU. It is still open. + +- ``ERRATA_V1_2743233``: This applies erratum 2743233 workaround to Neoverse-V1 + CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, and r1p2 of the + CPU. It is still open. + +- ``ERRATA_V1_2779461``: This applies erratum 2779461 workaround to Neoverse-V1 + CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, r1p2 of the + CPU. It is still open. + +For Neoverse V2, the following errata build flags are defined : + +- ``ERRATA_V2_2719103``: This applies errata 2719103 workaround to Neoverse-V2 + CPU, this affects system configurations that do not use and ARM interconnect + IP. This needs to be enabled for revisions r0p0 and r0p1. It has been fixed + in r0p2. + For Cortex-A710, the following errata build flags are defined : - ``ERRATA_A710_1987031``: This applies errata 1987031 workaround to @@ -503,8 +570,8 @@ of the CPU and is fixed in r2p1. - ``ERRATA_A710_2282622``: This applies errata 2282622 workaround to - Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0 - of the CPU and is fixed in r2p1. + Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and + r2p1 of the CPU and is still open. - ``ERRATA_A710_2291219``: This applies errata 2291219 workaround to Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0 @@ -518,6 +585,15 @@ Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0 of the CPU and is fixed in r2p1. +- ``ERRATA_A710_2701952``: This applies erratum 2701952 workaround to Cortex-A710 + CPU, and applies to system configurations that do not use and ARM + interconnect IP. This needs to be enabled for r0p0, r1p0, r2p0 and r2p1 and + is still open. + +- ``ERRATA_A710_2768515``: This applies errata 2768515 workaround to + Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and + r2p1 of the CPU and is still open. + For Neoverse N2, the following errata build flags are defined : - ``ERRATA_N2_2002655``: This applies errata 2002655 workaround to Neoverse-N2 @@ -562,6 +638,15 @@ CPU. This needs to be enabled for revision r0p0 of the CPU, it is fixed in r0p1. +- ``ERRATA_N2_2743089``: This applies errata 2743089 workaround to Neoverse-N2 + CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2. It is fixed + in r0p3. + +- ``ERRATA_N2_2728475``: This applies erratum 2728475 workaround to Neoverse-N2 + CPU, this erratum affects system configurations that do not use and ARM + interconnect IP. This needs to be enabled for revisions r0p0, r0p1 and r0p2. + It is fixed in r0p3. + For Cortex-X2, the following errata build flags are defined : - ``ERRATA_X2_2002765``: This applies errata 2002765 workaround to Cortex-X2 @@ -575,25 +660,38 @@ - ``ERRATA_X2_2083908``: This applies errata 2083908 workaround to Cortex-X2 CPU. This needs to be enabled for revision r2p0 of the CPU, it is still open. -- ``ERRATA_X2_2017096``: This applies errata 2017096 workaround to - Cortex-X2 CPU. This needs to be enabled only for revisions r0p0, r1p0 and - r2p0 of the CPU, it is fixed in r2p1. +- ``ERRATA_X2_2017096``: This applies errata 2017096 workaround to Cortex-X2 + CPU. This needs to be enabled only for revisions r0p0, r1p0 and r2p0 of the + CPU, it is fixed in r2p1. -- ``ERRATA_X2_2081180``: This applies errata 2081180 workaround to - Cortex-X2 CPU. This needs to be enabled only for revisions r0p0, r1p0 and - r2p0 of the CPU, it is fixed in r2p1. +- ``ERRATA_X2_2081180``: This applies errata 2081180 workaround to Cortex-X2 + CPU. This needs to be enabled only for revisions r0p0, r1p0 and r2p0 of the + CPU, it is fixed in r2p1. -- ``ERRATA_X2_2216384``: This applies errata 2216384 workaround to - Cortex-X2 CPU. This needs to be enabled only for revisions r0p0, r1p0 and - r2p0 of the CPU, it is fixed in r2p1. +- ``ERRATA_X2_2216384``: This applies errata 2216384 workaround to Cortex-X2 + CPU. This needs to be enabled only for revisions r0p0, r1p0 and r2p0 of the + CPU, it is fixed in r2p1. -- ``ERRATA_X2_2147715``: This applies errata 2147715 workaround to - Cortex-X2 CPU. This needs to be enabled only for revision r2p0 of the CPU, - it is fixed in r2p1. +- ``ERRATA_X2_2147715``: This applies errata 2147715 workaround to Cortex-X2 + CPU. This needs to be enabled only for revision r2p0 of the CPU, it is fixed + in r2p1. -- ``ERRATA_X2_2371105``: This applies errata 2371105 workaround to - Cortex-X2 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0 - of the CPU and is fixed in r2p1. +- ``ERRATA_X2_2282622``: This applies errata 2282622 workaround to Cortex-X2 + CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the + CPU and is still open. + +- ``ERRATA_X2_2371105``: This applies errata 2371105 workaround to Cortex-X2 + CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0 of the CPU + and is fixed in r2p1. + +- ``ERRATA_X2_2701952``: This applies erratum 2701952 workaround to Cortex-X2 + CPU and affects system configurations that do not use an ARM interconnect IP. + This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 and is + still open. + +- ``ERRATA_X2_2768515``: This applies errata 2768515 workaround to Cortex-X2 + CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the + CPU and is still open. For Cortex-X3, the following errata build flags are defined : @@ -601,6 +699,10 @@ Cortex-X3 CPU. This needs to be enabled only for revisions r0p0 and r1p0 of the CPU, it is fixed in r1p1. +- ``ERRATA_X3_2615812``: This applies errata 2615812 workaround to Cortex-X3 + CPU. This needs to be enabled only for revisions r0p0, r1p0 and r1p1 of the + CPU, it is still open. + For Cortex-A510, the following errata build flags are defined : - ``ERRATA_A510_1922240``: This applies errata 1922240 workaround to @@ -633,7 +735,7 @@ Cortex-A510 CPU. This needs to be enabled for revisions r0p0, r0p1, r0p2, r0p3 and r1p0, it is fixed in r1p1. -- ``ERRATA_A510_2347730``: This applies errata 2347730 workaround to +- ``ERRATA_A510_2347730``: This applies errata 2347730 workaround to Cortex-A510 CPU. This needs to be enabled for revisions r0p0, r0p1, r0p2, r0p3, r1p0 and r1p1. It is fixed in r1p2. @@ -645,6 +747,17 @@ Cortex-A510 CPU. This needs to applied for revisions r0p0, r0p1, r0p2, r0p3, r1p0, r1p1. It is fixed in r1p2. +- ``ERRATA_A510_2684597``: This applies erratum 2684597 workaround to + Cortex-A510 CPU. This needs to be applied to revision r0p0, r0p1, r0p2, + r0p3, r1p0, r1p1 and r1p2. It is fixed in r1p3. + +For Cortex-A715, the following errata build flags are defined : + +- ``ERRATA_A715_2701951``: This applies erratum 2701951 workaround to Cortex-A715 + CPU and affects system configurations that do not use an ARM interconnect + IP. This needs to be applied to revisions r0p0, r1p0 and r1p1. It is fixed + in r1p2. + DSU Errata Workarounds ---------------------- @@ -730,7 +843,7 @@ -------------- -*Copyright (c) 2014-2022, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.* .. _CVE-2017-5715: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 .. _CVE-2018-3639: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst index 84bba18..14b273e 100644 --- a/docs/design/firmware-design.rst +++ b/docs/design/firmware-design.rst
@@ -25,7 +25,6 @@ :ref:`Translation (XLAT) Tables Library`. TF-A can be built to support either AArch64 or AArch32 execution state. - .. note:: The descriptions in this chapter are for the Arm TrustZone architecture. @@ -484,8 +483,8 @@ as its only purpose is to ensure TF-A BL2 is entered at S-EL1. To avoid this waste, a special mode enables BL2 to execute at EL3, which allows a non-TF-A Boot ROM to load and jump directly to BL2. This mode is selected -when the build flag BL2_AT_EL3 is enabled. The main differences in this -mode are: +when the build flag RESET_TO_BL2 is enabled. +The main differences in this mode are: #. BL2 includes the reset code and the mailbox mechanism to differentiate cold boot and warm boot. It runs at EL3 doing the arch @@ -900,7 +899,7 @@ A runtime service is registered using the ``DECLARE_RT_SVC()`` macro, specifying the name of the service, the range of OENs covered, the type of service and initialization and call handler functions. This macro instantiates a ``const struct rt_svc_desc`` for the service with these details (see ``runtime_svc.h``). -This structure is allocated in a special ELF section ``rt_svc_descs``, enabling +This structure is allocated in a special ELF section ``.rt_svc_descs``, enabling the framework to find all service descriptors included into BL31. The specific service for a SMC Function is selected based on the OEN and call @@ -1330,7 +1329,7 @@ (priority, group, configuration). Each element of the array shall be populated by the macro ``INTR_PROP_DESC()``. The macro takes the following arguments: -- 10-bit interrupt number, +- 13-bit interrupt number, - 8-bit interrupt priority, @@ -1760,6 +1759,10 @@ DRAM 0xffffffff +----------+ + | EL3 TZC | + 0xffe00000 |----------| (secure) + | AP TZC | + 0xff000000 +----------+ : : 0x82100000 |----------| |HW_CONFIG | @@ -1801,6 +1804,10 @@ DRAM 0xffffffff +--------------+ + | EL3 TZC | + 0xffe00000 |--------------| (secure) + | AP TZC | + 0xff000000 +--------------+ : : 0x82100000 |--------------| | HW_CONFIG | @@ -1841,7 +1848,10 @@ DRAM 0xffffffff +----------+ - | BL32 | (secure) + | EL3 TZC | + 0xffe00000 |----------| (secure) + | AP TZC | + | (BL32) | 0xff000000 +----------+ | | 0x82100000 |----------| @@ -1881,6 +1891,20 @@ :: + DRAM + 0xFFFFFFFF +----------+ + | SCP TZC | + 0xFFE00000 |----------| + | EL3 TZC | + 0xFFC00000 |----------| (secure) + | AP TZC | + 0xFF000000 +----------+ + | | + : : (non-secure) + | | + 0x80000000 +----------+ + + Flash0 0x0C000000 +----------+ : : @@ -1910,9 +1934,14 @@ :: DRAM - 0xFFE00000 +----------+ - | BL32 | (secure) - 0xFF000000 |----------| + 0xFFFFFFFF +----------+ + | SCP TZC | + 0xFFE00000 |----------| + | EL3 TZC | + 0xFFC00000 |----------| (secure) + | AP TZC | + | (BL32) | + 0xFF000000 +----------+ | | : : (non-secure) | | @@ -2165,7 +2194,7 @@ has been redesigned. The changes utilise the characteristic of Lamport's Bakery algorithm mentioned earlier. The bakery_lock structure only allocates the memory for a single CPU. The macro ``DEFINE_BAKERY_LOCK`` allocates all the bakery locks -needed for a CPU into a section ``bakery_lock``. The linker allocates the memory +needed for a CPU into a section ``.bakery_lock``. The linker allocates the memory for other cores by using the total size allocated for the bakery_lock section and multiplying it with (PLATFORM_CORE_COUNT - 1). This enables software to perform software cache maintenance on the lock data structure without running @@ -2193,7 +2222,7 @@ :: - bakery_lock section start + .bakery_lock section start |----------------| | `bakery_info_t`| <-- Lock_0 per-CPU field | Lock_0 | for CPU0 @@ -2230,7 +2259,7 @@ Consider a system of 2 CPUs with 'N' bakery locks as shown above. For an operation on Lock_N, the corresponding ``bakery_info_t`` in both CPU0 and CPU1 -``bakery_lock`` section need to be fetched and appropriate cache operations need +``.bakery_lock`` section need to be fetched and appropriate cache operations need to be performed for each access. On Arm Platforms, bakery locks are used in psci (``psci_locks``) and power controller @@ -2593,16 +2622,29 @@ section lists the usage of Architecture Extensions, and build flags controlling them. -In general, and unless individually mentioned, the build options -``ARM_ARCH_MAJOR`` and ``ARM_ARCH_MINOR`` select the Architecture Extension to -target when building TF-A. Subsequent Arm Architecture Extensions are backward -compatible with previous versions. +Build options +~~~~~~~~~~~~~ -The build system only requires that ``ARM_ARCH_MAJOR`` and ``ARM_ARCH_MINOR`` have a -valid numeric value. These build options only control whether or not -Architecture Extension-specific code is included in the build. Otherwise, TF-A -targets the base Armv8.0-A architecture; i.e. as if ``ARM_ARCH_MAJOR`` == 8 -and ``ARM_ARCH_MINOR`` == 0, which are also their respective default values. +``ARM_ARCH_MAJOR`` and ``ARM_ARCH_MINOR`` + +These build options serve dual purpose + +- Determine the architecture extension support in TF-A build: All the mandatory + architectural features up to ``ARM_ARCH_MAJOR.ARM_ARCH_MINOR`` are included + and unconditionally enabled by TF-A build system. + +- Passed to compiler via "-march" option to generate binary target : Tell the + compiler to emit instructions upto ``ARM_ARCH_MAJOR.ARM_ARCH_MINOR`` + +The build system requires that the platform provides a valid numeric value based on +CPU architecture extension, otherwise it defaults to base Armv8.0-A architecture. +Subsequent Arm Architecture versions also support extensions which were introduced +in previous versions. + +**TO-DO** : Its planned to decouple the two functionalities and introduce a new macro +for compiler usage. The requirement for this decoupling arises becasue TF-A code +always provides support for the latest and greatest architecture features but this +is not the case for the target compiler. .. seealso:: :ref:`Build Options` @@ -2752,7 +2794,7 @@ -------------- -*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.* .. _Power State Coordination Interface PDD: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf .. _SMCCC: https://developer.arm.com/docs/den0028/latest
diff --git a/docs/design/reset-design.rst b/docs/design/reset-design.rst index 666ee4f..f8c5a43 100644 --- a/docs/design/reset-design.rst +++ b/docs/design/reset-design.rst
@@ -141,26 +141,27 @@ Platform initialization ~~~~~~~~~~~~~~~~~~~~~~~ -In this configuration, when the CPU resets to BL31 there should be no parameters -that can be passed in registers by previous boot stages. Instead, the platform -code in BL31 needs to know, or be able to determine, the location of the BL32 -(if required) and BL33 images and provide this information in response to the -``bl31_plat_get_next_image_ep_info()`` function. - -.. note:: - Some platforms that configure ``RESET_TO_BL31`` might still be able to - receive parameters in registers depending on their actual boot sequence. On - those occasions, and in addition to ``RESET_TO_BL31``, these platforms should - set ``RESET_TO_BL31_WITH_PARAMS`` to avoid the input registers from being - zeroed before entering BL31. +In this configuration, since the CPU resets to BL31, no parameters are expected +to be passed to BL31 (see notes below for clarification). +Instead, the platform code in BL31 needs to know, or be able to determine, the +location of the BL32 (if required) and BL33 images and provide this information +in response to the ``bl31_plat_get_next_image_ep_info()`` function. Additionally, platform software is responsible for carrying out any security initialisation, for example programming a TrustZone address space controller. This might be done by the Trusted Boot Firmware or by platform code in BL31. +.. note:: + Even though RESET_TO_BL31 is designed such that BL31 is the reset BL image, + some platforms may wish to pass some arguments to BL31 as per the defined + contract between BL31 and previous bootloaders. Previous bootloaders can + pass arguments through registers x0 through x3. BL31 will preserve them and + propagate them to platform code, which will handle these arguments in an + IMPDEF manner. + -------------- -*Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.* .. |Default reset code flow| image:: ../resources/diagrams/default_reset_code.png .. |Reset code flow with programmable reset address| image:: ../resources/diagrams/reset_code_no_boot_type_check.png
diff --git a/docs/design/trusted-board-boot-build.rst b/docs/design/trusted-board-boot-build.rst index c3f3a2f..caf367b 100644 --- a/docs/design/trusted-board-boot-build.rst +++ b/docs/design/trusted-board-boot-build.rst
@@ -42,7 +42,7 @@ are loaded from that path instead of the default OS path. Export this variable if necessary. - In the case of Arm platforms, the location of the ROTPK hash must also be + In the case of Arm platforms, the location of the ROTPK must also be specified at build time. The following locations are currently supported (see ``ARM_ROTPK_LOCATION`` build option): @@ -62,6 +62,9 @@ ``plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin``. Enforce generation of the new hash if ``ROT_KEY`` is specified. + - ``ARM_ROTPK_LOCATION=devel_full_dev_rsa_key``: use the key located in + ``plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S``. + Example of command line using RSA development keys: .. code:: shell
diff --git a/docs/design_documents/index.rst b/docs/design_documents/index.rst index 3e20c07..d20fc58 100644 --- a/docs/design_documents/index.rst +++ b/docs/design_documents/index.rst
@@ -9,6 +9,8 @@ context_mgmt_rework measured_boot_poc drtm_poc + rss + psci_osi_mode --------------
diff --git a/docs/design_documents/measured_boot_poc.rst b/docs/design_documents/measured_boot_poc.rst index 3ae539b..7f73d7e 100644 --- a/docs/design_documents/measured_boot_poc.rst +++ b/docs/design_documents/measured_boot_poc.rst
@@ -6,7 +6,7 @@ security state can be attested later. The current implementation of the driver included in Trusted Firmware-A -(TF-A) stores the measurements into a `TGC event log`_ in secure +(TF-A) stores the measurements into a `TCG event log`_ in secure memory. No other means of recording measurements (such as a discrete TPM) is supported right now. @@ -24,7 +24,7 @@ platforms might have different needs and configurations (e.g. different SHA algorithms) and they might also use different types of TPM services (or even a different type of service to provide the attestation) - and therefore the instuctions given here might not apply in such scenarios. + and therefore the instructions given here might not apply in such scenarios. Components ~~~~~~~~~~ @@ -135,11 +135,11 @@ (4) Now, you should be able to continue with step 5 in "`Get and build the solution`_" instructions. In order to enable support for Measured Boot, you need to - set the ``MEASURED_BOOT`` build option: + set the following build options: .. code:: shell - $ MEASURED_BOOT=y make -j `nproc` + $ MEASURED_BOOT=y MEASURED_BOOT_FTPM=y make -j `nproc` .. note:: The build process will likely take a long time. It is strongly recommended to @@ -497,11 +497,11 @@ -------------- -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2021-2023, Arm Limited. All rights reserved.* .. _OP-TEE Toolkit: https://github.com/OP-TEE/build .. _ms-tpm-20-ref: https://github.com/microsoft/ms-tpm-20-ref .. _Get and build the solution: https://optee.readthedocs.io/en/latest/building/gits/build.html#get-and-build-the-solution .. _Armv8-A Foundation Platform (For Linux Hosts Only): https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms/arm-ecosystem-models .. _tpm2-tools: https://github.com/tpm2-software/tpm2-tools -.. _TGC event log: https://trustedcomputinggroup.org/resource/tcg-efi-platform-specification/ +.. _TCG event log: https://trustedcomputinggroup.org/resource/tcg-efi-platform-specification/
diff --git a/docs/design_documents/psci_osi_mode.rst b/docs/design_documents/psci_osi_mode.rst new file mode 100644 index 0000000..3296e27 --- /dev/null +++ b/docs/design_documents/psci_osi_mode.rst
@@ -0,0 +1,716 @@ +PSCI OS-initiated mode +====================== + +:Author: Maulik Shah & Wing Li +:Organization: Qualcomm Innovation Center, Inc. & Google LLC +:Contact: Maulik Shah <quic_mkshah@quicinc.com> & Wing Li <wingers@google.com> +:Status: RFC + +.. contents:: Table of Contents + +Introduction +------------ + +Power state coordination +^^^^^^^^^^^^^^^^^^^^^^^^ + +A power domain topology is a logical hierarchy of power domains in a system that +arises from the physical dependencies between power domains. + +Local power states describe power states for an individual node, and composite +power states describe the combined power states for an individual node and its +parent node(s). + +Entry into low-power states for a topology node above the core level requires +coordinating its children nodes. For example, in a system with a power domain +that encompasses a shared cache, and a separate power domain for each core that +uses the shared cache, the core power domains must be powered down before the +shared cache power domain can be powered down. + +PSCI supports two modes of power state coordination: platform-coordinated and +OS-initiated. + +Platform-coordinated +~~~~~~~~~~~~~~~~~~~~ + +Platform-coordinated mode is the default mode of power state coordination, and +is currently the only supported mode in TF-A. + +In platform-coordinated mode, the platform is responsible for coordinating power +states, and chooses the deepest power state for a topology node that can be +tolerated by its children. + +OS-initiated +~~~~~~~~~~~~ + +OS-initiated mode is optional. + +In OS-initiated mode, the calling OS is responsible for coordinating power +states, and may request for a topology node to enter a low-power state when +its last child enters the low-power state. + +Motivation +---------- + +There are two reasons why OS-initiated mode might be a more suitable option than +platform-coordinated mode for a platform. + +Scalability +^^^^^^^^^^^ + +In platform-coordinated mode, each core independently selects their own local +power states, and doesn't account for composite power states that are shared +between cores. + +In OS-initiated mode, the OS has knowledge of the next wakeup event for each +core, and can have more precise control over the entry, exit, and wakeup +latencies when deciding if a composite power state (e.g. for a cluster) is +appropriate. This is especially important for multi-cluster SMP systems and +heterogeneous systems like big.LITTLE, where different processor types can have +different power efficiencies. + +Simplicity +^^^^^^^^^^ + +In platform-coordinated mode, the OS doesn't have visibility when the last core +at a power level enters a low-power state. If the OS wants to perform last man +activity (e.g. powering off a shared resource when it is no longer needed), it +would have to communicate with an API side channel to know when it can do so. +This could result in a design smell where the platform is using +platform-coordinated mode when it should be using OS-initiated mode instead. + +In OS-initiated mode, the OS can perform last man activity if it selects a +composite power state when the last core enters a low-power state. This +eliminates the need for a side channel, and uses the well documented API between +the OS and the platform. + +Current vendor implementations and workarounds +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* STMicroelectronics + + * For their ARM32 platforms, they're using OS-initiated mode implemented in + OP-TEE. + * For their future ARM64 platforms, they are interested in using OS-initiated + mode in TF-A. + +* Qualcomm + + * For their mobile platforms, they're using OS-initiated mode implemented in + their own custom secure monitor firmware. + * For their Chrome OS platforms, they're using platform-coordinated mode in + TF-A with custom driver logic to perform last man activity. + +* Google + + * They're using platform-coordinated mode in TF-A with custom driver logic to + perform last man activity. + +Both Qualcomm and Google would like to be able to use OS-initiated mode in TF-A +in order to simplify custom driver logic. + +Requirements +------------ + +PSCI_FEATURES +^^^^^^^^^^^^^ + +PSCI_FEATURES is for checking whether or not a PSCI function is implemented and +what its properties are. + +.. c:macro:: PSCI_FEATURES + + :param func_id: 0x8400_000A. + :param psci_func_id: the function ID of a PSCI function. + :retval NOT_SUPPORTED: if the function is not implemented. + :retval feature flags associated with the function: if the function is + implemented. + +CPU_SUSPEND feature flags +~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Reserved, bits[31:2] +* Power state parameter format, bit[1] + + * A value of 0 indicates the original format is used. + * A value of 1 indicates the extended format is used. + +* OS-initiated mode, bit[0] + + * A value of 0 indicates OS-initiated mode is not supported. + * A value of 1 indicates OS-initiated mode is supported. + +See sections 5.1.14 and 5.15 of the PSCI spec (DEN0022D.b) for more details. + +PSCI_SET_SUSPEND_MODE +^^^^^^^^^^^^^^^^^^^^^ + +PSCI_SET_SUSPEND_MODE is for switching between the two different modes of power +state coordination. + +.. c:macro:: PSCI_SET_SUSPEND_MODE + + :param func_id: 0x8400_000F. + :param mode: 0 indicates platform-coordinated mode, 1 indicates OS-initiated + mode. + :retval SUCCESS: if the request is successful. + :retval NOT_SUPPORTED: if OS-initiated mode is not supported. + :retval INVALID_PARAMETERS: if the requested mode is not a valid value (0 or + 1). + :retval DENIED: if the cores are not in the correct state. + +Switching from platform-coordinated to OS-initiated is only allowed if the +following conditions are met: + +* All cores are in one of the following states: + + * Running. + * Off, through a call to CPU_OFF or not yet booted. + * Suspended, through a call to CPU_DEFAULT_SUSPEND. + +* None of the cores has called CPU_SUSPEND since the last change of mode or + boot. + +Switching from OS-initiated to platform-coordinated is only allowed if all cores +other than the calling core are off, either through a call to CPU_OFF or not yet +booted. + +If these conditions are not met, the PSCI implementation must return DENIED. + +See sections 5.1.19 and 5.20 of the PSCI spec (DEN0022D.b) for more details. + +CPU_SUSPEND +^^^^^^^^^^^ + +CPU_SUSPEND is for moving a topology node into a low-power state. + +.. c:macro:: CPU_SUSPEND + + :param func_id: 0xC400_0001. + :param power_state: the requested low-power state to enter. + :param entry_point_address: the address at which the core must resume + execution following wakeup from a powerdown state. + :param context_id: this field specifies a pointer to the saved context that + must be restored on a core following wakeup from a powerdown state. + :retval SUCCESS: if the request is successful. + :retval INVALID_PARAMETERS: in OS-initiated mode, this error is returned when + a low-power state is requested for a topology node above the core level, + and at least one of the node's children is in a local low-power state + that is incompatible with the request. + :retval INVALID_ADDRESS: if the entry_point_address argument is invalid. + :retval DENIED: only in OS-initiated mode; this error is returned when a + low-power state is requested for a topology node above the core level, + and at least one of the node's children is running, i.e. not in a + low-power state. + +In platform-coordinated mode, the PSCI implementation coordinates requests from +all cores to determine the deepest power state to enter. + +In OS-initiated mode, the calling OS is making an explicit request for a +specific power state, as opposed to expressing a vote. The PSCI implementation +must comply with the request, unless the request is not consistent with the +implementation's view of the system's state, in which case, the implementation +must return INVALID_PARAMETERS or DENIED. + +See sections 5.1.2 and 5.4 of the PSCI spec (DEN0022D.b) for more details. + +Power state formats +~~~~~~~~~~~~~~~~~~~ + +Original format + +* Power Level, bits[25:24] + + * The requested level in the power domain topology to enter a low-power + state. + +* State Type, bit[16] + + * A value of 0 indicates a standby or retention state. + * A value of 1 indicates a powerdown state. + +* State ID, bits[15:0] + + * Field to specify the requested composite power state. + * The state ID encodings must uniquely describe every possible composite + power state. + * In OS-initiated mode, the state ID encoding must allow expressing the + power level at which the calling core is the last to enter a powerdown + state. + +Extended format + +* State Type, bit[30] +* State ID, bits[27:0] + +Races in OS-initiated mode +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In OS-initiated mode, there are race windows where the OS's view and +implementation's view of the system's state differ. It is possible for the OS to +make requests that are invalid given the implementation's view of the system's +state. For example, the OS might request a powerdown state for a node from one +core, while at the same time, the implementation observes that another core in +that node is powering up. + +To address potential race conditions in power state requests: + +* The calling OS must specify in each CPU_SUSPEND request the deepest power + level for which it sees the calling core as the last running core (last man). + This is required even if the OS doesn't want the node at that power level to + enter a low-power state. +* The implementation must validate that the requested power states in the + CPU_SUSPEND request are consistent with the system's state, and that the + calling core is the last core running at the requested power level, or deny + the request otherwise. + +See sections 4.2.3.2, 6.2, and 6.3 of the PSCI spec (DEN0022D.b) for more +details. + +Caveats +------- + +CPU_OFF +^^^^^^^ + +CPU_OFF is always platform-coordinated, regardless of whether the power state +coordination mode for suspend is platform-coordinated or OS-initiated. If all +cores in a topology node call CPU_OFF, the last core will power down the node. + +In OS-initiated mode, if a subset of the cores in a topology node has called +CPU_OFF, the last running core may call CPU_SUSPEND to request a powerdown state +at or above that node's power level. + +See section 5.5.2 of the PSCI spec (DEN0022D.b) for more details. + +Implementation +-------------- + +Current implementation of platform-coordinated mode +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Platform-coordinated is currently the only supported power state coordination +mode in TF-A. + +The functions of interest in the ``psci_cpu_suspend`` call stack are as follows: + +* ``psci_validate_power_state`` + + * This function calls a platform specific ``validate_power_state`` handler, + which takes the ``power_state`` parameter, and updates the ``state_info`` + object with the requested states for each power level. + +* ``psci_find_target_suspend_lvl`` + + * This function takes the ``state_info`` object containing the requested power + states for each power level, and returns the deepest power level that was + requested to enter a low power state, i.e. the target power level. + +* ``psci_do_state_coordination`` + + * This function takes the target power level and the ``state_info`` object + containing the requested power states for each power level, and updates the + ``state_info`` object with the coordinated target power state for each + level. + +* ``pwr_domain_suspend`` + + * This is a platform specific handler that takes the ``state_info`` object + containing the target power states for each power level, and transitions + each power level to the specified power state. + +Proposed implementation of OS-initiated mode +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +To add support for OS-initiated mode, the following changes are proposed: + +* Add a boolean build option ``PSCI_OS_INIT_MODE`` for a platform to enable + optional support for PSCI OS-initiated mode. This build option defaults to 0. + +.. note:: + + If ``PSCI_OS_INIT_MODE=0``, the following changes will not be compiled into + the build. + +* Update ``psci_features`` to return 1 in bit[0] to indicate support for + OS-initiated mode for CPU_SUSPEND. +* Define a ``suspend_mode`` enum: ``PLAT_COORD`` and ``OS_INIT``. +* Define a ``psci_suspend_mode`` global variable with a default value of + ``PLAT_COORD``. +* Implement a new function handler ``psci_set_suspend_mode`` for + PSCI_SET_SUSPEND_MODE. +* Since ``psci_validate_power_state`` calls a platform specific + ``validate_power_state`` handler, the platform implementation should populate + the ``state_info`` object based on the state ID from the given ``power_state`` + parameter. +* ``psci_find_target_suspend_lvl`` remains unchanged. +* Implement a new function ``psci_validate_state_coordination`` that ensures the + request satisfies the following conditions, and denies any requests + that don't: + + * The requested power states for each power level are consistent with the + system's state + * The calling core is the last core running at the requested power level + + This function differs from ``psci_do_state_coordination`` in that: + + * The ``psci_req_local_pwr_states`` map is not modified if the request were to + be denied + * The ``state_info`` argument is never modified since it contains the power + states requested by the calling OS + +* Update ``psci_cpu_suspend_start`` to do the following: + + * If ``PSCI_SUSPEND_MODE`` is ``PLAT_COORD``, call + ``psci_do_state_coordination``. + * If ``PSCI_SUSPEND_MODE`` is ``OS_INIT``, call + ``psci_validate_state_coordination``. If validation fails, propagate the + error up the call stack. + +* Update the return type of the platform specific ``pwr_domain_suspend`` + handler from ``void`` to ``int``, to allow the platform to optionally perform + validations based on hardware states. + +.. image:: ../resources/diagrams/psci-osi-mode.png + +Testing +------- + +The proposed patches can be found at +https://review.trustedfirmware.org/q/topic:psci-osi. + +Testing on FVP and Google platforms +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The proposed patches add a new CPU Suspend in OSI mode test suite to TF-A Tests. +This has been enabled and verified on the FVP_Base_RevC-2xAEMvA platform and +Google platforms, and excluded from all other platforms via the build option +``PLAT_TESTS_SKIP_LIST``. + +Testing on STM32MP15 +^^^^^^^^^^^^^^^^^^^^ + +The proposed patches have been tested and verified on the STM32MP15 platform, +which has a single cluster with 2 CPUs, by Gabriel Fernandez +<gabriel.fernandez@st.com> from STMicroelectronics with this device tree +configuration: + +.. code-block:: devicetree + + cpus { + #address-cells = <1>; + #size-cells = <0>; + + cpu0: cpu@0 { + device_type = "cpu"; + compatible = "arm,cortex-a7"; + reg = <0>; + enable-method = "psci"; + power-domains = <&CPU_PD0>; + power-domain-names = "psci"; + }; + cpu1: cpu@1 { + device_type = "cpu"; + compatible = "arm,cortex-a7"; + reg = <1>; + enable-method = "psci"; + power-domains = <&CPU_PD1>; + power-domain-names = "psci"; + }; + + idle-states { + cpu_retention: cpu-retention { + compatible = "arm,idle-state"; + arm,psci-suspend-param = <0x00000001>; + entry-latency-us = <130>; + exit-latency-us = <620>; + min-residency-us = <700>; + local-timer-stop; + }; + }; + + domain-idle-states { + CLUSTER_STOP: core-power-domain { + compatible = "domain-idle-state"; + arm,psci-suspend-param = <0x01000001>; + entry-latency-us = <230>; + exit-latency-us = <720>; + min-residency-us = <2000>; + local-timer-stop; + }; + }; + }; + + psci { + compatible = "arm,psci-1.0"; + method = "smc"; + + CPU_PD0: power-domain-cpu0 { + #power-domain-cells = <0>; + power-domains = <&pd_core>; + domain-idle-states = <&cpu_retention>; + }; + + CPU_PD1: power-domain-cpu1 { + #power-domain-cells = <0>; + power-domains = <&pd_core>; + domain-idle-states = <&cpu_retention>; + }; + + pd_core: power-domain-cluster { + #power-domain-cells = <0>; + domain-idle-states = <&CLUSTER_STOP>; + }; + }; + +Testing on Qualcomm SC7280 +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The proposed patches have been tested and verified on the SC7280 platform by +Maulik Shah <quic_mkshah@quicinc.com> from Qualcomm with this device tree +configuration: + +.. code-block:: devicetree + + cpus { + #address-cells = <2>; + #size-cells = <0>; + + CPU0: cpu@0 { + device_type = "cpu"; + compatible = "arm,kryo"; + reg = <0x0 0x0>; + enable-method = "psci"; + power-domains = <&CPU_PD0>; + power-domain-names = "psci"; + }; + + CPU1: cpu@100 { + device_type = "cpu"; + compatible = "arm,kryo"; + reg = <0x0 0x100>; + enable-method = "psci"; + power-domains = <&CPU_PD1>; + power-domain-names = "psci"; + }; + + CPU2: cpu@200 { + device_type = "cpu"; + compatible = "arm,kryo"; + reg = <0x0 0x200>; + enable-method = "psci"; + power-domains = <&CPU_PD2>; + power-domain-names = "psci"; + }; + + CPU3: cpu@300 { + device_type = "cpu"; + compatible = "arm,kryo"; + reg = <0x0 0x300>; + enable-method = "psci"; + power-domains = <&CPU_PD3>; + power-domain-names = "psci"; + } + + CPU4: cpu@400 { + device_type = "cpu"; + compatible = "arm,kryo"; + reg = <0x0 0x400>; + enable-method = "psci"; + power-domains = <&CPU_PD4>; + power-domain-names = "psci"; + }; + + CPU5: cpu@500 { + device_type = "cpu"; + compatible = "arm,kryo"; + reg = <0x0 0x500>; + enable-method = "psci"; + power-domains = <&CPU_PD5>; + power-domain-names = "psci"; + }; + + CPU6: cpu@600 { + device_type = "cpu"; + compatible = "arm,kryo"; + reg = <0x0 0x600>; + enable-method = "psci"; + power-domains = <&CPU_PD6>; + power-domain-names = "psci"; + }; + + CPU7: cpu@700 { + device_type = "cpu"; + compatible = "arm,kryo"; + reg = <0x0 0x700>; + enable-method = "psci"; + power-domains = <&CPU_PD7>; + power-domain-names = "psci"; + }; + + idle-states { + entry-method = "psci"; + + LITTLE_CPU_SLEEP_0: cpu-sleep-0-0 { + compatible = "arm,idle-state"; + idle-state-name = "little-power-down"; + arm,psci-suspend-param = <0x40000003>; + entry-latency-us = <549>; + exit-latency-us = <901>; + min-residency-us = <1774>; + local-timer-stop; + }; + + LITTLE_CPU_SLEEP_1: cpu-sleep-0-1 { + compatible = "arm,idle-state"; + idle-state-name = "little-rail-power-down"; + arm,psci-suspend-param = <0x40000004>; + entry-latency-us = <702>; + exit-latency-us = <915>; + min-residency-us = <4001>; + local-timer-stop; + }; + + BIG_CPU_SLEEP_0: cpu-sleep-1-0 { + compatible = "arm,idle-state"; + idle-state-name = "big-power-down"; + arm,psci-suspend-param = <0x40000003>; + entry-latency-us = <523>; + exit-latency-us = <1244>; + min-residency-us = <2207>; + local-timer-stop; + }; + + BIG_CPU_SLEEP_1: cpu-sleep-1-1 { + compatible = "arm,idle-state"; + idle-state-name = "big-rail-power-down"; + arm,psci-suspend-param = <0x40000004>; + entry-latency-us = <526>; + exit-latency-us = <1854>; + min-residency-us = <5555>; + local-timer-stop; + }; + }; + + domain-idle-states { + CLUSTER_SLEEP_0: cluster-sleep-0 { + compatible = "arm,idle-state"; + idle-state-name = "cluster-power-down"; + arm,psci-suspend-param = <0x40003444>; + entry-latency-us = <3263>; + exit-latency-us = <6562>; + min-residency-us = <9926>; + local-timer-stop; + }; + }; + }; + + psci { + compatible = "arm,psci-1.0"; + method = "smc"; + + CPU_PD0: cpu0 { + #power-domain-cells = <0>; + power-domains = <&CLUSTER_PD>; + domain-idle-states = <&LITTLE_CPU_SLEEP_0 &LITTLE_CPU_SLEEP_1>; + }; + + CPU_PD1: cpu1 { + #power-domain-cells = <0>; + power-domains = <&CLUSTER_PD>; + domain-idle-states = <&LITTLE_CPU_SLEEP_0 &LITTLE_CPU_SLEEP_1>; + }; + + CPU_PD2: cpu2 { + #power-domain-cells = <0>; + power-domains = <&CLUSTER_PD>; + domain-idle-states = <&LITTLE_CPU_SLEEP_0 &LITTLE_CPU_SLEEP_1>; + }; + + CPU_PD3: cpu3 { + #power-domain-cells = <0>; + power-domains = <&CLUSTER_PD>; + domain-idle-states = <&LITTLE_CPU_SLEEP_0 &LITTLE_CPU_SLEEP_1>; + }; + + CPU_PD4: cpu4 { + #power-domain-cells = <0>; + power-domains = <&CLUSTER_PD>; + domain-idle-states = <&BIG_CPU_SLEEP_0 &BIG_CPU_SLEEP_1>; + }; + + CPU_PD5: cpu5 { + #power-domain-cells = <0>; + power-domains = <&CLUSTER_PD>; + domain-idle-states = <&BIG_CPU_SLEEP_0 &BIG_CPU_SLEEP_1>; + }; + + CPU_PD6: cpu6 { + #power-domain-cells = <0>; + power-domains = <&CLUSTER_PD>; + domain-idle-states = <&BIG_CPU_SLEEP_0 &BIG_CPU_SLEEP_1>; + }; + + CPU_PD7: cpu7 { + #power-domain-cells = <0>; + power-domains = <&CLUSTER_PD>; + domain-idle-states = <&BIG_CPU_SLEEP_0 &BIG_CPU_SLEEP_1>; + }; + + CLUSTER_PD: cpu-cluster0 { + #power-domain-cells = <0>; + domain-idle-states = <&CLUSTER_SLEEP_0>; + }; + }; + +Comparisons on Qualcomm SC7280 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +CPUIdle states +~~~~~~~~~~~~~~ + +* 8 CPUs, 1 L3 cache +* Platform-coordinated mode + + * CPUIdle states + + * State0 - WFI + * State1 - Core collapse + * State2 - Rail collapse + * State3 - L3 cache off and system resources voted off + +* OS-initiated mode + + * CPUIdle states + + * State0 - WFI + * State1 - Core collapse + * State2 - Rail collapse + + * Cluster domain idle state + + * State3 - L3 cache off and system resources voted off + +.. image:: ../resources/diagrams/psci-flattened-vs-hierarchical-idle-states.png + +Results +~~~~~~~ + +* The following stats have been captured with fixed CPU frequencies from the use + case of 10 seconds of device idle with the display turned on and Wi-Fi and + modem turned off. +* Count refers to the number of times a CPU or cluster entered power collapse. +* Residency refers to the time in seconds a CPU or cluster stayed in power + collapse. +* The results are an average of 3 iterations of actual counts and residencies. + +.. image:: ../resources/diagrams/psci-pc-mode-vs-osi-mode.png + +OS-initiated mode was able to scale better than platform-coordinated mode for +multiple CPUs. The count and residency results for state3 (i.e. a cluster domain +idle state) in OS-initiated mode for multiple CPUs were much closer to the +results for a single CPU than in platform-coordinated mode. + +-------------- + +*Copyright (c) 2023, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/design_documents/rss.rst b/docs/design_documents/rss.rst new file mode 100644 index 0000000..2be8067 --- /dev/null +++ b/docs/design_documents/rss.rst
@@ -0,0 +1,611 @@ +Runtime Security Subsystem (RSS) +================================ + +This document focuses on the relationship between the Runtime Security Subsystem +(RSS) and the application processor (AP). According to the ARM reference design +the RSS is an independent core next to the AP and the SCP on the same die. It +provides fundamental security guarantees and runtime services for the rest of +the system (e.g.: trusted boot, measured boot, platform attestation, +key management, and key derivation). + +At power up RSS boots first from its private ROM code. It validates and loads +its own images and the initial images of SCP and AP. When AP and SCP are +released from reset and their initial code is loaded then they continue their +own boot process, which is the same as on non-RSS systems. Please refer to the +``RSS documentation`` [1]_ for more details about the RSS boot flow. + +The last stage of the RSS firmware is a persistent, runtime component. Much +like AP_BL31, this is a passive entity which has no periodical task to do and +just waits for external requests from other subsystems. RSS and other +subsystems can communicate with each other over message exchange. RSS waits +in idle for the incoming request, handles them, and sends a response then goes +back to idle. + +RSS communication layer +----------------------- + +The communication between RSS and other subsystems are primarily relying on the +Message Handling Unit (MHU) module. The number of MHU interfaces between RSS +and other cores is IMPDEF. Besides MHU other modules also could take part in +the communication. RSS is capable of mapping the AP memory to its address space. +Thereby either RSS core itself or a DMA engine if it is present, can move the +data between memory belonging to RSS or AP. In this way, a bigger amount of data +can be transferred in a short time. + +The MHU comes in pairs. There is a sender and receiver side. They are connected +to each other. An MHU interface consists of two pairs of MHUs, one sender and +one receiver on both sides. Bidirectional communication is possible over an +interface. One pair provides message sending from AP to RSS and the other pair +from RSS to AP. The sender and receiver are connected via channels. There is an +IMPDEF number of channels (e.g: 4-16) between a sender and a receiver module. + +The RSS communication layer provides two ways for message exchange: + +- ``Embedded messaging``: The full message, including header and payload, are + exchanged over the MHU channels. A channel is capable of delivering a single + word. The sender writes the data to the channel register on its side and the + receiver can read the data from the channel on the other side. One dedicated + channel is used for signalling. It does not deliver any payload it is just + meant for signalling that the sender loaded the data to the channel registers + so the receiver can read them. The receiver uses the same channel to signal + that data was read. Signalling happens via IRQ. If the message is longer than + the data fit to the channel registers then the message is sent over in + multiple rounds. Both, sender and receiver allocate a local buffer for the + messages. Data is copied from/to these buffers to/from the channel registers. +- ``Pointer-access messaging``: The message header and the payload are + separated and they are conveyed in different ways. The header is sent + over the channels, similar to the embedded messaging but the payload is + copied over by RSS core (or by DMA) between the sender and the receiver. This + could be useful in the case of long messages because transaction time is less + compared to the embedded messaging mode. Small payloads are copied by the RSS + core because setting up DMA would require more CPU cycles. The payload is + either copied into an internal buffer or directly read-written by RSS. Actual + behavior depends on RSS setup, whether the partition supports memory-mapped + ``iovec``. Therefore, the sender must handle both cases and prevent access to + the memory, where payload data lives, while the RSS handles the request. + +The RSS communication layer supports both ways of messaging in parallel. It is +decided at runtime based on the message size which way to transfer the message. + +.. code-block:: bash + + +----------------------------------------------+ +-------------------+ + | | | | + | AP | | | + | | +--->| SRAM | + +----------------------------------------------| | | | + | BL1 / BL2 / BL31 | | | | + +----------------------------------------------+ | +-------------------+ + | ^ | ^ ^ + | send IRQ | receive |direct | | + V | |access | | + +--------------------+ +--------------------+ | | | + | MHU sender | | MHU receiver | | | Copy data | + +--------------------+ +--------------------+ | | | + | | | | | | | | | | | + | | channels | | | | channels | | | | | + | | e.g: 4-16 | | | | e.g: 4-16 | | | V | + +--------------------+ +--------------------+ | +-------+ | + | MHU receiver | | MHU sender | | +->| DMA | | + +--------------------+ +--------------------+ | | +-------+ | + | ^ | | ^ | + IRQ | receive | send | | | Copy data | + V | | | V V + +----------------------------------------------+ | | +-------------------+ + | |--+-+ | | + | RSS | | SRAM | + | | | | + +----------------------------------------------+ +-------------------+ + +.. Note:: + + The RSS communication layer is not prepared for concurrent execution. The + current use case only requires message exchange during the boot phase. In + the boot phase, only a single core is running and the rest of the cores are + in reset. + +Message structure +^^^^^^^^^^^^^^^^^ +A description of the message format can be found in the ``RSS communication +design`` [2]_ document. + +Source files +^^^^^^^^^^^^ +- RSS comms: ``drivers/arm/rss`` +- MHU driver: ``drivers/arm/mhu`` + + +API for communication over MHU +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The API is defined in these header files: + +- ``include/drivers/arm/rss_comms.h`` +- ``include/drivers/arm/mhu.h`` + +RSS provided runtime services +----------------------------- + +RSS provides the following runtime services: + +- ``Measured boot``: Securely store the firmware measurements which were + computed during the boot process and the associated metadata (image + description, measurement algorithm, etc.). More info on measured boot service + in RSS can be found in the ``measured_boot_integration_guide`` [3]_ . +- ``Delegated attestation``: Query the platform attestation token and derive a + delegated attestation key. More info on the delegated attestation service + in RSS can be found in the ``delegated_attestation_integration_guide`` [4]_ . +- ``OTP assets management``: RSS provides access for AP to assets in OTP. + These are keys for image signature verification and non-volatile counters + for anti-rollback protection. Only RSS has direct access to the OTP. Public + keys used by AP during the trusted boot process can be requested from RSS. + Furthermore, AP can request RSS to increase a non-volatile counter. Please + refer to the ``RSS key management`` [5]_ document for more details. + +Runtime service API +^^^^^^^^^^^^^^^^^^^ +The RSS provided runtime services implement a PSA aligned API. The parameter +encoding follows the PSA client protocol described in the +``Firmware Framework for M`` [6]_ document in chapter 4.4. The implementation is +restricted to the static handle use case therefore only the ``psa_call`` API is +implemented. + + +Software and API layers +^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: bash + + +----------------+ +---------------------+ + | BL1 / BL2 | | BL31 | + +----------------+ +---------------------+ + | | + | extend_measurement() | get_delegated_key() + | | get_platform_token() + V V + +----------------+ +---------------------+ + | PSA protocol | | PSA protocol | + +----------------+ +---------------------+ + | | + | psa_call() | psa_call() + | | + V V + +------------------------------------------------+ + | RSS communication protocol | + +------------------------------------------------+ + | ^ + | mhu_send_data() | mhu_receive_data() + | | + V | + +------------------------------------------------+ + | MHU driver | + +------------------------------------------------+ + | ^ + | Register access | IRQ + V | + +------------------------------------------------+ + | MHU HW on AP side | + +------------------------------------------------+ + ^ + | Physical wires + | + V + +------------------------------------------------+ + | MHU HW on RSS side | + +------------------------------------------------+ + | ^ + | IRQ | Register access + V | + +------------------------------------------------+ + | MHU driver | + +------------------------------------------------+ + | | + V V + +---------------+ +------------------------+ + | Measured boot | | Delegated attestation | + | service | | service | + +---------------+ +------------------------+ + + +RSS based Measured Boot +----------------------- + +Measured Boot is the process of cryptographically measuring (computing the hash +value of a binary) the code and critical data used at boot time. The +measurement must be stored in a tamper-resistant way, so the security state +of the device can be attested later to an external party. RSS provides a runtime +service which is meant to store measurements and associated metadata alongside. + +Data is stored in internal SRAM which is only accessible by the secure runtime +firmware of RSS. Data is stored in so-called measurement slots. A platform has +IMPDEF number of measurement slots. The measurement storage follows extend +semantics. This means that measurements are not stored directly (as it was +taken) instead they contribute to the current value of the measurement slot. +The extension implements this logic, where ``||`` stands for concatenation: + +.. code-block:: bash + + new_value_of_measurement_slot = Hash(old_value_of_measurement_slot || measurement) + +Supported hash algorithms: sha-256, sha-512 + +Measured Boot API +^^^^^^^^^^^^^^^^^ + +Defined here: + +- ``include/lib/psa/measured_boot.h`` + +.. code-block:: c + + psa_status_t + rss_measured_boot_extend_measurement(uint8_t index, + const uint8_t *signer_id, + size_t signer_id_size, + const uint8_t *version, + size_t version_size, + uint32_t measurement_algo, + const uint8_t *sw_type, + size_t sw_type_size, + const uint8_t *measurement_value, + size_t measurement_value_size, + bool lock_measurement); + +Measured Boot Metadata +^^^^^^^^^^^^^^^^^^^^^^ + +The following metadata can be stored alongside the measurement: + +- ``Signer-id``: Mandatory. The hash of the firmware image signing public key. +- ``Measurement algorithm``: Optional. The hash algorithm which was used to + compute the measurement (e.g.: sha-256, etc.). +- ``Version info``: Optional. The firmware version info (e.g.: 2.7). +- ``SW type``: Optional. Short text description (e.g.: BL1, BL2, BL31, etc.) + +.. Note:: + Signer-id and version info is not implemented in TF-A yet. + +The caller must specify in which measurement slot to extend a certain +measurement and metadata. A measurement slot can be extended by multiple +measurements. The default value is IMPDEF. All measurement slot is cleared at +reset, there is no other way to clear them. In the reference implementation, +the measurement slots are initialized to 0. At the first call to extend the +measurement in a slot, the extend operation uses the default value of the +measurement slot. All upcoming extend operation on the same slot contributes +to the previous value of that measurement slot. + +The following rules are kept when a slot is extended multiple times: + +- ``Signer-id`` must be the same as the previous call(s), otherwise a + PSA_ERROR_NOT_PERMITTED error code is returned. + +- ``Measurement algorithm``: must be the same as the previous call(s), + otherwise, a PSA_ERROR_NOT_PERMITTED error code is returned. + +In case of error no further action is taken (slot is not locked). If there is +a valid data in a sub-sequent call then measurement slot will be extended. The +rest of the metadata is handled as follows when a measurement slot is extended +multiple times: + +- ``SW type``: Cleared. +- ``Version info``: Cleared. + +.. Note:: + + Extending multiple measurements in the same slot leads to some metadata + information loss. Since RSS is not constrained on special HW resources to + store the measurements and metadata, therefore it is worth considering to + store all of them one by one in distinct slots. However, they are one-by-one + included in the platform attestation token. So, the number of distinct + firmware image measurements has an impact on the size of the attestation + token. + +The allocation of the measurement slot among RSS, Root and Realm worlds is +platform dependent. The platform must provide an allocation of the measurement +slot at build time. An example can be found in +``tf-a/plat/arm/board/tc/tc_bl1_measured_boot.c`` +Furthermore, the memory, which holds the metadata is also statically allocated +in RSS memory. Some of the fields have a static value (measurement algorithm), +and some of the values have a dynamic value (measurement value) which is updated +by the bootloaders when the firmware image is loaded and measured. The metadata +structure is defined in +``include/drivers/measured_boot/rss/rss_measured_boot.h``. + +.. code-block:: c + + struct rss_mboot_metadata { + unsigned int id; + uint8_t slot; + uint8_t signer_id[SIGNER_ID_MAX_SIZE]; + size_t signer_id_size; + uint8_t version[VERSION_MAX_SIZE]; + size_t version_size; + uint8_t sw_type[SW_TYPE_MAX_SIZE]; + size_t sw_type_size; + bool lock_measurement; + }; + +Build time config options +^^^^^^^^^^^^^^^^^^^^^^^^^ + +- ``MEASURED_BOOT``: Enable measured boot. It depends on the platform + implementation whether RSS or TPM (or both) backend based measured boot is + enabled. +- ``MBOOT_RSS_HASH_ALG``: Determine the hash algorithm to measure the images. + The default value is sha-256. + +Measured boot flow +^^^^^^^^^^^^^^^^^^ + +.. figure:: ../resources/diagrams/rss_measured_boot_flow.svg + :align: center + +Sample console log +^^^^^^^^^^^^^^^^^^ + +.. code-block:: bash + + INFO: Measured boot extend measurement: + INFO: - slot : 6 + INFO: - signer_id : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: - version : + INFO: - version_size: 0 + INFO: - sw_type : FW_CONFIG + INFO: - sw_type_size: 10 + INFO: - algorithm : 2000009 + INFO: - measurement : aa ea d3 a7 a8 e2 ab 7d 13 a6 cb 34 99 10 b9 a1 + INFO: : 1b 9f a0 52 c5 a8 b1 d7 76 f2 c1 c1 ef ca 1a df + INFO: - locking : true + INFO: FCONF: Config file with image ID:31 loaded at address = 0x4001010 + INFO: Loading image id=24 at address 0x4001300 + INFO: Image id=24 loaded: 0x4001300 - 0x400153a + INFO: Measured boot extend measurement: + INFO: - slot : 7 + INFO: - signer_id : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: - version : + INFO: - version_size: 0 + INFO: - sw_type : TB_FW_CONFIG + INFO: - sw_type_size: 13 + INFO: - algorithm : 2000009 + INFO: - measurement : 05 b9 dc 98 62 26 a7 1c 2d e5 bb af f0 90 52 28 + INFO: : f2 24 15 8a 3a 56 60 95 d6 51 3a 7a 1a 50 9b b7 + INFO: - locking : true + INFO: FCONF: Config file with image ID:24 loaded at address = 0x4001300 + INFO: BL1: Loading BL2 + INFO: Loading image id=1 at address 0x404d000 + INFO: Image id=1 loaded: 0x404d000 - 0x406412a + INFO: Measured boot extend measurement: + INFO: - slot : 8 + INFO: - signer_id : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: - version : + INFO: - version_size: 0 + INFO: - sw_type : BL_2 + INFO: - sw_type_size: 5 + INFO: - algorithm : 2000009 + INFO: - measurement : 53 a1 51 75 25 90 fb a1 d9 b8 c8 34 32 3a 01 16 + INFO: : c9 9e 74 91 7d 28 02 56 3f 5c 40 94 37 58 50 68 + INFO: - locking : true + +Delegated Attestation +--------------------- + +Delegated Attestation Service was mainly developed to support the attestation +flow on the ``ARM Confidential Compute Architecture`` (ARM CCA) [7]_. +The detailed description of the delegated attestation service can be found in +the ``Delegated Attestation Service Integration Guide`` [4]_ document. + +In the CCA use case, the Realm Management Monitor (RMM) relies on the delegated +attestation service of the RSS to get a realm attestation key and the CCA +platform token. BL31 does not use the service for its own purpose, only calls +it on behalf of RMM. The access to MHU interface and thereby to RSS is +restricted to BL31 only. Therefore, RMM does not have direct access, all calls +need to go through BL31. The RMM dispatcher module of the BL31 is responsible +for delivering the calls between the two parties. + +.. Note:: + Currently the connection between the RMM dispatcher and the PSA/RSS layer + is not yet implemented. RMM dispatcher just returns hard coded data. + +Delegated Attestation API +^^^^^^^^^^^^^^^^^^^^^^^^^ +Defined here: + +- ``include/lib/psa/delegated_attestation.h`` + +.. code-block:: c + + psa_status_t + rss_delegated_attest_get_delegated_key(uint8_t ecc_curve, + uint32_t key_bits, + uint8_t *key_buf, + size_t key_buf_size, + size_t *key_size, + uint32_t hash_algo); + + psa_status_t + rss_delegated_attest_get_token(const uint8_t *dak_pub_hash, + size_t dak_pub_hash_size, + uint8_t *token_buf, + size_t token_buf_size, + size_t *token_size); + +Attestation flow +^^^^^^^^^^^^^^^^ + +.. figure:: ../resources/diagrams/rss_attestation_flow.svg + :align: center + +Sample attestation token +^^^^^^^^^^^^^^^^^^^^^^^^ + +Binary format: + +.. code-block:: bash + + INFO: DELEGATED ATTEST TEST START + INFO: Get delegated attestation key start + INFO: Get delegated attest key succeeds, len: 48 + INFO: Delegated attest key: + INFO: 0d 2a 66 61 d4 89 17 e1 70 c6 73 56 df f4 11 fd + INFO: 7d 1f 3b 8a a3 30 3d 70 4c d9 06 c3 c7 ef 29 43 + INFO: 0f ee b5 e7 56 e0 71 74 1b c4 39 39 fd 85 f6 7b + INFO: Get platform token start + INFO: Get platform token succeeds, len: 1086 + INFO: Platform attestation token: + INFO: d2 84 44 a1 01 38 22 a0 59 03 d1 a9 0a 58 20 00 + INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 + INFO: 01 00 58 21 01 cb 8c 79 f7 a0 0a 6c ce 12 66 f8 + INFO: 64 45 48 42 0e c5 10 bf 84 ee 22 18 b9 8f 11 04 + INFO: c7 22 31 9d fb 19 09 5c 58 20 aa aa aa aa aa aa + INFO: aa aa bb bb bb bb bb bb bb bb cc cc cc cc cc cc + INFO: cc cc dd dd dd dd dd dd dd dd 19 09 5b 19 30 00 + INFO: 19 09 5f 89 a4 05 58 20 bf e6 d8 6f 88 26 f4 ff + INFO: 97 fb 96 c4 e6 fb c4 99 3e 46 19 fc 56 5d a2 6a + INFO: df 34 c3 29 48 9a dc 38 04 67 31 2e 36 2e 30 2b + INFO: 30 01 64 52 54 5f 30 02 58 20 90 27 f2 46 ab 31 + INFO: 85 36 46 c4 d7 c6 60 ed 31 0d 3c f0 14 de f0 6c + INFO: 24 0b de b6 7a 84 fc 3f 5b b7 a4 05 58 20 b3 60 + INFO: ca f5 c9 8c 6b 94 2a 48 82 fa 9d 48 23 ef b1 66 + INFO: a9 ef 6a 6e 4a a3 7c 19 19 ed 1f cc c0 49 04 67 + INFO: 30 2e 30 2e 30 2b 30 01 64 52 54 5f 31 02 58 20 + INFO: 52 13 15 d4 9d b2 cf 54 e4 99 37 44 40 68 f0 70 + INFO: 7d 73 64 ae f7 08 14 b0 f7 82 ad c6 17 db a3 91 + INFO: a4 05 58 20 bf e6 d8 6f 88 26 f4 ff 97 fb 96 c4 + INFO: e6 fb c4 99 3e 46 19 fc 56 5d a2 6a df 34 c3 29 + INFO: 48 9a dc 38 04 67 31 2e 35 2e 30 2b 30 01 64 52 + INFO: 54 5f 32 02 58 20 8e 5d 64 7e 6f 6c c6 6f d4 4f + INFO: 54 b6 06 e5 47 9a cc 1b f3 7f ce 87 38 49 c5 92 + INFO: d8 2f 85 2e 85 42 a4 05 58 20 bf e6 d8 6f 88 26 + INFO: f4 ff 97 fb 96 c4 e6 fb c4 99 3e 46 19 fc 56 5d + INFO: a2 6a df 34 c3 29 48 9a dc 38 04 67 31 2e 35 2e + INFO: 30 2b 30 01 60 02 58 20 b8 01 65 a7 78 8b c6 59 + INFO: 42 8d 33 10 85 d1 49 0a dc 9e c3 ee df 85 1b d2 + INFO: f0 73 73 6a 0c 07 11 b8 a4 05 58 20 00 00 00 00 + INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: 00 00 00 00 00 00 00 00 00 00 00 00 04 60 01 6a + INFO: 46 57 5f 43 4f 4e 46 49 47 00 02 58 20 21 9e a0 + INFO: 13 82 e6 d7 97 5a 11 13 a3 5f 45 39 68 b1 d9 a3 + INFO: ea 6a ab 84 23 3b 8c 06 16 98 20 ba b9 a4 05 58 + INFO: 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: 00 04 60 01 6d 54 42 5f 46 57 5f 43 4f 4e 46 49 + INFO: 47 00 02 58 20 41 39 f6 c2 10 84 53 c5 17 ae 9a + INFO: e5 be c1 20 7b cc 24 24 f3 9d 20 a8 fb c7 b3 10 + INFO: e3 ee af 1b 05 a4 05 58 20 00 00 00 00 00 00 00 + INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: 00 00 00 00 00 00 00 00 00 04 60 01 65 42 4c 5f + INFO: 32 00 02 58 20 5c 96 20 e1 e3 3b 0f 2c eb c1 8e + INFO: 1a 02 a6 65 86 dd 34 97 a7 4c 98 13 bf 74 14 45 + INFO: 2d 30 28 05 c3 a4 05 58 20 00 00 00 00 00 00 00 + INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: 00 00 00 00 00 00 00 00 00 04 60 01 6e 53 45 43 + INFO: 55 52 45 5f 52 54 5f 45 4c 33 00 02 58 20 f6 fb + INFO: 62 99 a5 0c df db 02 0b 72 5b 1c 0b 63 6e 94 ee + INFO: 66 50 56 3a 29 9c cb 38 f0 ec 59 99 d4 2e a4 05 + INFO: 58 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: 00 00 04 60 01 6a 48 57 5f 43 4f 4e 46 49 47 00 + INFO: 02 58 20 98 5d 87 21 84 06 33 9d c3 1f 91 f5 68 + INFO: 8d a0 5a f0 d7 7e 20 51 ce 3b f2 a5 c3 05 2e 3c + INFO: 8b 52 31 19 01 09 78 1c 68 74 74 70 3a 2f 2f 61 + INFO: 72 6d 2e 63 6f 6d 2f 43 43 41 2d 53 53 44 2f 31 + INFO: 2e 30 2e 30 19 09 62 71 6e 6f 74 2d 68 61 73 68 + INFO: 2d 65 78 74 65 6e 64 65 64 19 09 61 44 ef be ad + INFO: de 19 09 60 77 77 77 77 2e 74 72 75 73 74 65 64 + INFO: 66 69 72 6d 77 61 72 65 2e 6f 72 67 58 60 29 4e + INFO: 4a d3 98 1e 3b 70 9f b6 66 ed 47 33 0e 99 f0 b1 + INFO: c3 f2 bc b2 1d b0 ae 90 0c c4 82 ff a2 6f ae 45 + INFO: f6 87 09 4a 09 21 77 ec 36 1c 53 b8 a7 9b 8e f7 + INFO: 27 eb 7a 09 da 6f fb bf cb fd b3 e5 e9 36 91 b1 + INFO: 92 13 c1 30 16 b4 5c 49 5e c0 c1 b9 01 5c 88 2c + INFO: f8 2f 3e a4 a2 6d e4 9d 31 6a 06 f7 a7 73 + INFO: DELEGATED ATTEST TEST END + +JSON format: + +.. code-block:: JSON + + { + "CCA_PLATFORM_CHALLENGE": "b'0000000000000000000000000000000000000000000000000000000000000000'", + "CCA_PLATFORM_INSTANCE_ID": "b'01CB8C79F7A00A6CCE1266F8644548420EC510BF84EE2218B98F1104C722319DFB'", + "CCA_PLATFORM_IMPLEMENTATION_ID": "b'AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDD'", + "CCA_PLATFORM_LIFECYCLE": "secured_3000", + "CCA_PLATFORM_SW_COMPONENTS": [ + { + "SIGNER_ID": "b'BFE6D86F8826F4FF97FB96C4E6FBC4993E4619FC565DA26ADF34C329489ADC38'", + "SW_COMPONENT_VERSION": "1.6.0+0", + "SW_COMPONENT_TYPE": "RT_0", + "MEASUREMENT_VALUE": "b'9027F246AB31853646C4D7C660ED310D3CF014DEF06C240BDEB67A84FC3F5BB7'" + }, + { + "SIGNER_ID": "b'B360CAF5C98C6B942A4882FA9D4823EFB166A9EF6A6E4AA37C1919ED1FCCC049'", + "SW_COMPONENT_VERSION": "0.0.0+0", + "SW_COMPONENT_TYPE": "RT_1", + "MEASUREMENT_VALUE": "b'521315D49DB2CF54E49937444068F0707D7364AEF70814B0F782ADC617DBA391'" + }, + { + "SIGNER_ID": "b'BFE6D86F8826F4FF97FB96C4E6FBC4993E4619FC565DA26ADF34C329489ADC38'", + "SW_COMPONENT_VERSION": "1.5.0+0", + "SW_COMPONENT_TYPE": "RT_2", + "MEASUREMENT_VALUE": "b'8E5D647E6F6CC66FD44F54B606E5479ACC1BF37FCE873849C592D82F852E8542'" + }, + { + "SIGNER_ID": "b'BFE6D86F8826F4FF97FB96C4E6FBC4993E4619FC565DA26ADF34C329489ADC38'", + "SW_COMPONENT_VERSION": "1.5.0+0", + "SW_COMPONENT_TYPE": "", + "MEASUREMENT_VALUE": "b'B80165A7788BC659428D331085D1490ADC9EC3EEDF851BD2F073736A0C0711B8'" + }, + { + "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'", + "SW_COMPONENT_VERSION": "", + "SW_COMPONENT_TYPE": "FW_CONFIG\u0000", + "MEASUREMENT_VALUE": "b'219EA01382E6D7975A1113A35F453968B1D9A3EA6AAB84233B8C06169820BAB9'" + }, + { + "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'", + "SW_COMPONENT_VERSION": "", + "SW_COMPONENT_TYPE": "TB_FW_CONFIG\u0000", + "MEASUREMENT_VALUE": "b'4139F6C2108453C517AE9AE5BEC1207BCC2424F39D20A8FBC7B310E3EEAF1B05'" + }, + { + "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'", + "SW_COMPONENT_VERSION": "", + "SW_COMPONENT_TYPE": "BL_2\u0000", + "MEASUREMENT_VALUE": "b'5C9620E1E33B0F2CEBC18E1A02A66586DD3497A74C9813BF7414452D302805C3'" + }, + { + "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'", + "SW_COMPONENT_VERSION": "", + "SW_COMPONENT_TYPE": "SECURE_RT_EL3\u0000", + "MEASUREMENT_VALUE": "b'F6FB6299A50CDFDB020B725B1C0B636E94EE6650563A299CCB38F0EC5999D42E'" + }, + { + "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'", + "SW_COMPONENT_VERSION": "", + "SW_COMPONENT_TYPE": "HW_CONFIG\u0000", + "MEASUREMENT_VALUE": "b'985D87218406339DC31F91F5688DA05AF0D77E2051CE3BF2A5C3052E3C8B5231'" + } + ], + "CCA_ATTESTATION_PROFILE": "http://arm.com/CCA-SSD/1.0.0", + "CCA_PLATFORM_HASH_ALGO_ID": "not-hash-extended", + "CCA_PLATFORM_CONFIG": "b'EFBEADDE'", + "CCA_PLATFORM_VERIFICATION_SERVICE": "www.trustedfirmware.org" + } + +References +---------- + +.. [1] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/readme.html +.. [2] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/rss_comms.html +.. [3] https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/partitions/measured_boot/measured_boot_integration_guide.rst +.. [4] https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/partitions/delegated_attestation/delegated_attest_integration_guide.rst +.. [5] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/rss_key_management.html +.. [6] https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4&hash=3BFD6F3E687F324672F18E5BE9F08EDC48087C93 +.. [7] https://developer.arm.com/documentation/DEN0096/A_a/?lang=en + +-------------- + +*Copyright (c) 2023, Arm Limited. All rights reserved.*
diff --git a/docs/getting_started/build-internals.rst b/docs/getting_started/build-internals.rst new file mode 100644 index 0000000..a015d71 --- /dev/null +++ b/docs/getting_started/build-internals.rst
@@ -0,0 +1,14 @@ +Internal Build Options +====================== + +|TF-A| internally uses certain options that are not exposed directly through +:ref:`build-options <build options>` but enabled or disabled indirectly and +depends on certain options to be enabled or disabled. + +.. _build_options_internal: + +- ``CTX_INCLUDE_EL2_REGS``: This boolean option provides context save/restore + operations when entering/exiting an EL2 execution context. This is of primary + interest when Armv8.4-SecEL2 or RME extension is implemented. + Default is 0 (disabled). This option will be set to 1 (enabled) when ``SPD=spmd`` + and ``SPMD_SPM_AT_SEL2`` is set or when ``ENABLE_RME`` is set to 1 (enabled).
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index 402de13..4eafb39 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst
@@ -52,8 +52,14 @@ - ``BL2U``: This is an optional build option which specifies the path to BL2U image. In this case, the BL2U in TF-A will not be built. -- ``BL2_AT_EL3``: This is an optional build option that enables the use of - BL2 at EL3 execution level. +- ``RESET_TO_BL2``: Boolean option to enable BL2 entrypoint as the CPU reset + vector instead of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1 + entrypoint) or 1 (CPU reset to BL2 entrypoint). + The default value is 0. + +- ``BL2_RUNS_AT_EL3``: This is an implicit flag to denote that BL2 runs at EL3. + While it is explicitly set to 1 when RESET_TO_BL2 is set to 1 it can also be + true in a 4-world system where RESET_TO_BL2 is 0. - ``BL2_ENABLE_SP_LOAD``: Boolean option to enable loading SP packages from the FIP. Automatically enabled if ``SP_LAYOUT_FILE`` is provided. @@ -61,8 +67,8 @@ - ``BL2_IN_XIP_MEM``: In some use-cases BL2 will be stored in eXecute In Place (XIP) memory, like BL1. In these use-cases, it is necessary to initialize the RW sections in RAM, while leaving the RO sections in place. This option - enable this use-case. For now, this option is only supported when BL2_AT_EL3 - is set to '1'. + enable this use-case. For now, this option is only supported + when RESET_TO_BL2 is set to '1'. - ``BL31``: This is an optional build option which specifies the path to BL31 image for the ``fip`` target. In this case, the BL31 in TF-A will not @@ -164,12 +170,6 @@ is on hardware that does not implement AArch32, or at least not at EL1 and higher ELs). Default value is 1. -- ``CTX_INCLUDE_EL2_REGS`` : This boolean option provides context save/restore - operations when entering/exiting an EL2 execution context. This is of primary - interest when Armv8.4-SecEL2 extension is implemented. Default is 0 (disabled). - This option must be equal to 1 (enabled) when ``SPD=spmd`` and - ``SPMD_SPM_AT_SEL2`` is set. - - ``CTX_INCLUDE_FPREGS``: Boolean option that, when set to 1, will cause the FP registers to be included when saving and restoring the CPU context. Default is 0. @@ -219,16 +219,17 @@ - ``E``: Boolean option to make warnings into errors. Default is 1. + When specifying higher warnings levels (``W=1`` and higher), this option + defaults to 0. This is done to encourage contributors to use them, as they + are expected to produce warnings that would otherwise fail the build. New + contributions are still expected to build with ``W=0`` and ``E=1`` (the + default). + - ``EL3_PAYLOAD_BASE``: This option enables booting an EL3 payload instead of the normal boot flow. It must specify the entry point address of the EL3 payload. Please refer to the "Booting an EL3 payload" section for more details. -- ``ENABLE_AMU``: Boolean option to enable Activity Monitor Unit extensions. - This is an optional architectural feature available on v8.4 onwards. Some - v8.2 implementations also implement an AMU and this option can be used to - enable this feature on those systems as well. Default is 0. - - ``ENABLE_AMU_AUXILIARY_COUNTERS``: Enables support for AMU auxiliary counters (also known as group 1 counters). These are implementation-defined counters, and as such require additional platform configuration. Default is 0. @@ -255,13 +256,12 @@ builds, but this behaviour can be overridden in each platform's Makefile or in the build command line. -- ``ENABLE_FEAT_AMUv1``: Numeric value to enable access to the HAFGRTR_EL2 - (Hypervisor Activity Monitors Fine-Grained Read Trap Register) during EL2 - to EL3 context save/restore operations. This flag can take the values 0 to 2, - to align with the ``FEATURE_DETECTION`` mechanism. It is an optional feature - available on v8.4 and onwards and must be set to either 1 or 2 alongside - ``ENABLE_FEAT_FGT``, to access the HAFGRTR_EL2 register. - Default value is ``0``. +- ``ENABLE_FEAT_AMU``: Numeric value to enable Activity Monitor Unit + extensions. This flag can take the values 0 to 2, to align with the + ``FEATURE_DETECTION`` mechanism. This is an optional architectural feature + available on v8.4 onwards. Some v8.2 implementations also implement an AMU + and this option can be used to enable this feature on those systems as well. + This flag can take the values 0 to 2, the default is 0. - ``ENABLE_FEAT_AMUv1p1``: Numeric value to enable the ``FEAT_AMUv1p1`` extension. ``FEAT_AMUv1p1`` is an optional feature available on Arm v8.6 @@ -321,12 +321,11 @@ Default value is ``0``. ``FEAT_RNG_TRAP`` is an optional feature from Armv8.5 onwards. -- ``ENABLE_FEAT_SB``: Numeric value to enable the ``FEAT_SB`` (Speculation - Barrier) extension allowing access to ``sb`` instruction. ``FEAT_SB`` is an - optional feature and defaults to ``0`` for pre-Armv8.5 CPUs but are mandatory - for Armv8.5 or later CPUs. This flag can take values 0 to 2, to align with - ``FEATURE_DETECTION`` mechanism. It is enabled from v8.5 and upwards and if - needed could be overidden from platforms explicitly. Default value is ``0``. +- ``ENABLE_FEAT_SB``: Boolean option to let the TF-A code use the ``FEAT_SB`` + (Speculation Barrier) instruction ``FEAT_SB`` is an optional feature and + defaults to ``0`` for pre-Armv8.5 CPUs, but is mandatory for Armv8.5 or + later CPUs. It is enabled from v8.5 and upwards and if needed can be + overidden from platforms explicitly. - ``ENABLE_FEAT_SEL2``: Numeric value to enable the ``FEAT_SEL2`` (Secure EL2) extension. ``FEAT_SEL2`` is a mandatory feature available on Arm v8.4. @@ -348,6 +347,39 @@ values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism. Default value is ``0``. +- ``ENABLE_FEAT_TCR2``: Numeric value to set the bit SCR_EL3.ENTCR2 in EL3 to + allow access to TCR2_EL2 (extended translation control) from EL2 as + well as adding TCR2_EL2 to the EL2 context save/restore operations. Its a + mandatory architectural feature and is enabled from v8.9 and upwards. This + flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. Default value is ``0``. + +- ``ENABLE_FEAT_S2PIE``: Numeric value to enable support for FEAT_S2PIE + at EL2 and below, and context switch relevant registers. This flag + can take the values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. Default value is ``0``. + +- ``ENABLE_FEAT_S1PIE``: Numeric value to enable support for FEAT_S1PIE + at EL2 and below, and context switch relevant registers. This flag + can take the values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. Default value is ``0``. + +- ``ENABLE_FEAT_S2POE``: Numeric value to enable support for FEAT_S2POE + at EL2 and below, and context switch relevant registers. This flag + can take the values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. Default value is ``0``. + +- ``ENABLE_FEAT_S1POE``: Numeric value to enable support for FEAT_S1POE + at EL2 and below, and context switch relevant registers. This flag + can take the values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. Default value is ``0``. + +- ``ENABLE_FEAT_GCS``: Numeric value to set the bit SCR_EL3.GCSEn in EL3 to + allow use of Guarded Control Stack from EL2 as well as adding the GCS + registers to the EL2 context save/restore operations. This flag can take + the values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism. + Default value is ``0``. + - ``ENABLE_LTO``: Boolean option to enable Link Time Optimization (LTO) support in GCC for TF-A. This option is currently only supported for AArch64. Default is 0. @@ -377,8 +409,8 @@ - ``ENABLE_PIE``: Boolean option to enable Position Independent Executable(PIE) support within generic code in TF-A. This option is currently only supported - in BL2_AT_EL3, BL31, and BL32 (TSP) for AARCH64 binaries, and in BL32 - (SP_min) for AARCH32. Default is 0. + in BL2, BL31, and BL32 (TSP) for AARCH64 binaries, and + in BL32 (SP_min) for AARCH32. Default is 0. - ``ENABLE_PMF``: Boolean option to enable support for optional Performance Measurement Framework(PMF). Default is 0. @@ -400,27 +432,36 @@ instrumented. Enabling this option enables the ``ENABLE_PMF`` build option as well. Default is 0. -- ``ENABLE_SME_FOR_NS``: Boolean option to enable Scalable Matrix Extension +- ``ENABLE_SME_FOR_NS``: Numeric value to enable Scalable Matrix Extension (SME), SVE, and FPU/SIMD for the non-secure world only. These features share registers so are enabled together. Using this option without ENABLE_SME_FOR_SWD=1 will cause SME, SVE, and FPU/SIMD instructions in secure - world to trap to EL3. SME is an optional architectural feature for AArch64 + world to trap to EL3. Requires ``ENABLE_SVE_FOR_NS`` to be set as SME is a + superset of SVE. SME is an optional architectural feature for AArch64 and TF-A support is experimental. At this time, this build option cannot be used on systems that have SPD=spmd/SPM_MM or ENABLE_RME, and attempting to - build with these options will fail. Default is 0. + build with these options will fail. This flag can take the values 0 to 2, to + align with the ``FEATURE_DETECTION`` mechanism. Default is 0. + +- ``ENABLE_SME2_FOR_NS``: Numeric value to enable Scalable Matrix Extension + version 2 (SME2) for the non-secure world only. SME2 is an optional + architectural feature for AArch64 and TF-A support is experimental. + This should be set along with ENABLE_SME_FOR_NS=1, if not, the default SME + accesses will still be trapped. This flag can take the values 0 to 2, to + align with the ``FEATURE_DETECTION`` mechanism. Default is 0. - ``ENABLE_SME_FOR_SWD``: Boolean option to enable the Scalable Matrix - Extension for secure world use along with SVE and FPU/SIMD, ENABLE_SME_FOR_NS - must also be set to use this. If enabling this, the secure world MUST - handle context switching for SME, SVE, and FPU/SIMD registers to ensure that - no data is leaked to non-secure world. This is experimental. Default is 0. + Extension for secure world. Used along with SVE and FPU/SIMD. + ENABLE_SME_FOR_NS and ENABLE_SVE_FOR_SWD must also be set to use this. + This is experimental. Default is 0. -- ``ENABLE_SPE_FOR_LOWER_ELS`` : Boolean option to enable Statistical Profiling +- ``ENABLE_SPE_FOR_NS`` : Numeric value to enable Statistical Profiling extensions. This is an optional architectural feature for AArch64. - The default is 1 but is automatically disabled when the target architecture - is AArch32. + This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION`` + mechanism. The default is 2 but is automatically disabled when the target + architecture is AArch32. -- ``ENABLE_SVE_FOR_NS``: Boolean option to enable Scalable Vector Extension +- ``ENABLE_SVE_FOR_NS``: Numeric value to enable Scalable Vector Extension (SVE) for the Non-secure world only. SVE is an optional architectural feature for AArch64. Note that when SVE is enabled for the Non-secure world, access to SIMD and floating-point functionality from the Secure world is disabled by @@ -428,15 +469,15 @@ This is to avoid corruption of the Non-secure world data in the Z-registers which are aliased by the SIMD and FP registers. The build option is not compatible with the ``CTX_INCLUDE_FPREGS`` build option, and will raise an - assert on platforms where SVE is implemented and ``ENABLE_SVE_FOR_NS`` set to - 1. The default is 1 but is automatically disabled when ENABLE_SME_FOR_NS=1 - since SME encompasses SVE. At this time, this build option cannot be used on - systems that have SPM_MM enabled. + assert on platforms where SVE is implemented and ``ENABLE_SVE_FOR_NS`` + enabled. This flag can take the values 0 to 2, to align with the + ``FEATURE_DETECTION`` mechanism. At this time, this build option cannot be + used on systems that have SPM_MM enabled. The default is 1. - ``ENABLE_SVE_FOR_SWD``: Boolean option to enable SVE for the Secure world. SVE is an optional architectural feature for AArch64. Note that this option - requires ENABLE_SVE_FOR_NS to be enabled. The default is 0 and it - is automatically disabled when the target architecture is AArch32. + requires ENABLE_SVE_FOR_NS to be enabled. The default is 0 and it is + automatically disabled when the target architecture is AArch32. - ``ENABLE_STACK_PROTECTOR``: String option to enable the stack protection checks in GCC. Allowed values are "all", "strong", "default" and "none". The @@ -597,6 +638,10 @@ translation library (xlat tables v2) must be used; version 1 of translation library is not supported. +- ``IMPDEF_SYSREG_TRAP``: Numeric value to enable the handling traps for + implementation defined system register accesses from lower ELs. Default + value is ``0``. + - ``INVERTED_MEMMAP``: memmap tool print by default lower addresses at the bottom, higher addresses at the top. This build flag can be set to '1' to invert this behavior. Lower addresses will be printed at the top and higher @@ -670,7 +715,7 @@ the measurements and recording them as per `PSA DRTM specification`_. For platforms which use BL2 to load/authenticate BL31 ``TRUSTED_BOARD_BOOT`` can be used and for the platforms which use ``RESET_TO_BL31`` platform owners - should have mechanism to authenticate BL31. + should have mechanism to authenticate BL31. This is an experimental feature. This option defaults to 0. @@ -727,26 +772,23 @@ enabled on Arm platforms, the option ``ARM_RECOM_STATE_ID_ENC`` needs to be set to 1 as well. -- ``RAS_EXTENSION``: Numeric value to enable Armv8.2 RAS features. RAS features +- ``PSCI_OS_INIT_MODE``: Boolean flag to enable support for optional PSCI + OS-initiated mode. This option defaults to 0. + +- ``ENABLE_FEAT_RAS``: Numeric value to enable Armv8.2 RAS features. RAS features are an optional extension for pre-Armv8.2 CPUs, but are mandatory for Armv8.2 or later CPUs. This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism. - When ``RAS_EXTENSION`` is set to ``1``, ``HANDLE_EA_EL3_FIRST_NS`` must also be - set to ``1``. - - This option is disabled by default. +- ``RAS_FFH_SUPPORT``: Support to enable Firmware first handling of RAS errors + originating from NS world. When ``RAS_FFH_SUPPORT`` is set to ``1``, + ``HANDLE_EA_EL3_FIRST_NS`` and ``ENABLE_FEAT_RAS`` must also be set to ``1``. - ``RESET_TO_BL31``: Enable BL31 entrypoint as the CPU reset vector instead of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1 entrypoint) or 1 (CPU reset to BL31 entrypoint). The default value is 0. -- ``RESET_TO_BL31_WITH_PARAMS``: If ``RESET_TO_BL31`` has been enabled, setting - this additional option guarantees that the input registers are not cleared - therefore allowing parameters to be passed to the BL31 entrypoint. - The default value is 0. - - ``RESET_TO_SP_MIN``: SP_MIN is the minimal AArch32 Secure Payload provided in TF-A. This flag configures SP_MIN entrypoint as the CPU reset vector instead of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1 @@ -824,6 +866,11 @@ disabled). This configuration supports pre-Armv8.4 platforms (aka not implementing the ``FEAT_SEL2`` extension). This is an experimental feature. +- ``SPMC_OPTEE`` : This boolean option is used jointly with the SPM + Dispatcher option (``SPD=spmd``) and with ``SPMD_SPM_AT_SEL2=0`` to + indicate that the SPMC at S-EL1 is OP-TEE and an OP-TEE specific loading + mechanism should be used. + - ``SPMD_SPM_AT_SEL2`` : This boolean option is used jointly with the SPM Dispatcher option (``SPD=spmd``). When enabled (1) it indicates the SPMC component runs at the S-EL2 exception level provided by the ``FEAT_SEL2`` @@ -955,6 +1002,43 @@ regrouped and put in the root Makefile. This flag can take the values 0 to 3, each level enabling more warning options. Default is 0. + This option is closely related to the ``E`` option, which enables + ``-Werror``. + + - ``W=0`` (default) + + Enables a wide assortment of warnings, most notably ``-Wall`` and + ``-Wextra``, as well as various bad practices and things that are likely to + result in errors. Includes some compiler specific flags. No warnings are + expected at this level for any build. + + - ``W=1`` + + Enables warnings we want the generic build to include but are too time + consuming to fix at the moment. It re-enables warnings taken out for + ``W=0`` builds (a few of the ``-Wextra`` additions). This level is expected + to eventually be merged into ``W=0``. Some warnings are expected on some + builds, but new contributions should not introduce new ones. + + - ``W=2`` (recommended) + + Enables warnings we want the generic build to include but cannot be enabled + due to external libraries. This level is expected to eventually be merged + into ``W=0``. Lots of warnings are expected, primarily from external + libraries like zlib and compiler-rt, but new controbutions should not + introduce new ones. + + - ``W=3`` + + Enables warnings that are informative but not necessary and generally too + verbose and frequently ignored. A very large number of warnings are + expected. + + The exact set of warning flags depends on the compiler and TF-A warning + level, however they are all succinctly set in the top-level Makefile. Please + refer to the `GCC`_ or `Clang`_ documentation for more information on the + individual flags. + - ``WARMBOOT_ENABLE_DCACHE_EARLY`` : Boolean option to enable D-cache early on the CPU after warm boot. This is applicable for platforms which do not require interconnect programming to enable cache coherency (eg: single @@ -1023,10 +1107,11 @@ ``FEATURE_DETECTION`` mechanism. The default is 0 and it is automatically disabled when the target architecture is AArch32. -- ``ENABLE_SYS_REG_TRACE_FOR_NS``: Boolean option to enable trace system +- ``ENABLE_SYS_REG_TRACE_FOR_NS``: Numeric value to enable trace system registers access from NS ELs, NS-EL2 or NS-EL1 (when NS-EL2 is implemented but unused). This feature is available if trace unit such as ETMv4.x, and - ETE(extending ETM feature) is implemented. This flag is disabled by default. + ETE(extending ETM feature) is implemented. This flag can take the values + 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism. The default is 0. - ``ENABLE_TRF_FOR_NS``: Numeric value to enable trace filter control registers access from NS ELs, NS-EL2 or NS-EL1 (when NS-EL2 is implemented but unused), @@ -1044,6 +1129,13 @@ means platform hook won't be checked and CMOs will always be performed when related functions are called. +- ``ERRATA_ABI_SUPPORT``: Boolean option to enable support for Errata management + firmware interface for the BL31 image. By default its disabled (``0``). + +- ``ERRATA_NON_ARM_INTERCONNECT``: Boolean option to enable support for the + errata mitigation for platforms with a non-arm interconnect using the errata + ABI. By default its disabled (``0``). + GICv3 driver options -------------------- @@ -1157,8 +1249,10 @@ -------------- -*Copyright (c) 2019-2022, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2023, Arm Limited. All rights reserved.* .. _DEN0115: https://developer.arm.com/docs/den0115/latest .. _PSA FW update specification: https://developer.arm.com/documentation/den0118/a/ .. _PSA DRTM specification: https://developer.arm.com/documentation/den0113/a +.. _GCC: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html +.. _Clang: https://clang.llvm.org/docs/DiagnosticsReference.html
diff --git a/docs/getting_started/docs-build.rst b/docs/getting_started/docs-build.rst index 4a48059..aa8c2bb 100644 --- a/docs/getting_started/docs-build.rst +++ b/docs/getting_started/docs-build.rst
@@ -19,62 +19,79 @@ For building a local copy of the |TF-A| documentation you will need: -- Python 3 (3.5 or later) +- Python 3 (3.8 or later) - PlantUML (1.2017.15 or later) -- Python modules specified in ``docs/requirements.txt`` - - You can install these with ``pip3`` (the Python Package Installer) by - passing it the requirements file above (with ``-r``). An optional ``--user`` - argument will install them locally, but you have to add their location to - $PATH (pip will emit a warning). Alternatively, they can be installed - globally (but will probably require root privileges). - - .. note:: - Although not necessary, it is recommended you use a virtual environment. - More advanced usage instructions for *pip* are beyond the scope of this - document but you can refer to the `pip homepage`_ for detailed guides. - +- `Poetry`_ (Python dependency manager) - Optionally, the `Dia`_ application can be installed if you need to edit existing ``.dia`` diagram files, or create new ones. -An example set of installation commands for Ubuntu follows, assuming that the -working directory is ``docs``: + +Below is an example set of instructions to get a working environment (tested on +Ubuntu): .. code:: shell sudo apt install python3 python3-pip plantuml [dia] - pip3 install [--user] -r requirements.txt - -.. note:: - Several other modules will be installed as dependencies. Please review - the list to ensure that there will be no conflicts with other modules already - installed in your environment. + curl -sSL https://install.python-poetry.org | python3 - Building rendered documentation ------------------------------- -Documents can be built into HTML-formatted pages from project root directory by -running the following command. +To install Python dependencies using Poetry: .. code:: shell - make doc + poetry install -Output from the build process will be placed in: +Poetry will create a new virtual environment and install all dependencies listed +in ``pyproject.toml``. You can get information about this environment, such as +its location and the Python version, with the command: -:: +.. code:: shell - docs/build/html + poetry env info + +If you have already sourced a virtual environment, Poetry will respect this and +install dependencies there. + +Once all dependencies are installed, the documentation can be compiled into +HTML-formatted pages from the project root directory by running: + +.. code:: shell + + poetry run make doc + +Output from the build process will be placed in: ``docs/build/html``. + +Other Output Formats +~~~~~~~~~~~~~~~~~~~~ We also support building documentation in other formats. From the ``docs`` directory of the project, run the following command to see the supported -formats. It is important to note that you will not get the correct result if -the command is run from the project root directory, as that would invoke the -top-level Makefile for |TF-A| itself. +formats. .. code:: shell - make help + poetry run make -C docs help + +Building rendered documentation from Poetry's virtual environment +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The command ``poetry run`` used in the steps above executes the input command +from inside the project's virtual environment. The easiest way to activate this +virtual environment is with the ``poetry shell`` command. + +Running ``poetry shell`` from the directory containing this project, activates +the same virtual environment. This creates a sub-shell through which you can +build the documentation directly with ``make``. + +.. code:: shell + + poetry shell + make doc + +Type ``exit`` to deactivate the virtual environment and exit this new shell. For +other use cases, please see the official `Poetry`_ documentation. Building rendered documentation from a container ------------------------------------------------ @@ -88,24 +105,23 @@ .. code:: shell - docker run --rm -v $PWD:/TF sphinxdoc/sphinx \ - bash -c 'cd /TF && \ - pip3 install plantuml -r ./docs/requirements.txt && make doc' + docker run --rm -v $PWD:/tf-a sphinxdoc/sphinx \ + bash -c 'cd /tf-a && + apt-get update && apt-get install -y curl plantuml && + curl -sSL https://install.python-poetry.org | python3 - && + ~/.local/bin/poetry install && ~/.local/bin/poetry run make doc' The above command fetches the ``sphinxdoc/sphinx`` container from `docker hub`_, launches the container, installs documentation requirements and finally creates the documentation. Once done, exit the container and output from the -build process will be placed in: - -:: - - docs/build/html +build process will be placed in: ``docs/build/html``. -------------- -*Copyright (c) 2019, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2023, Arm Limited. All rights reserved.* .. _Sphinx: http://www.sphinx-doc.org/en/master/ +.. _Poetry: https://python-poetry.org/docs/ .. _pip homepage: https://pip.pypa.io/en/stable/ .. _Dia: https://wiki.gnome.org/Apps/Dia .. _docker: https://www.docker.com/
diff --git a/docs/getting_started/index.rst b/docs/getting_started/index.rst index 3fbf48d..8180a3f 100644 --- a/docs/getting_started/index.rst +++ b/docs/getting_started/index.rst
@@ -10,11 +10,11 @@ initial-build tools-build build-options + build-internals image-terminology - porting-guide psci-lib-integration-guide rt-svc-writers-guide -------------- -*Copyright (c) 2019, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
diff --git a/docs/getting_started/prerequisites.rst b/docs/getting_started/prerequisites.rst index 3723294..f4c3c28 100644 --- a/docs/getting_started/prerequisites.rst +++ b/docs/getting_started/prerequisites.rst
@@ -14,7 +14,7 @@ |TF-A| can be built using either a Linux or a Windows machine as the build host. A relatively recent Linux distribution is recommended for building |TF-A|. We -have performed tests using Ubuntu 20.04 LTS (64-bit) but other distributions +have performed tests using Ubuntu 22.04 LTS (64-bit) but other distributions should also work fine as a base, provided that the necessary tools and libraries can be installed. @@ -26,17 +26,23 @@ |TF-A| can be built with any of the following *cross-compiler* toolchains that target the Armv7-A or Armv8-A architectures: -- GCC >= 11.3.Rel1 (from the `Arm Developer website`_) +- GCC >= 12.2.Rel1 (from the `Arm Developer website`_) You will need the targets ``arm-none-eabi`` and ``aarch64-none-elf`` for AArch32 and AArch64 builds respectively. -- Clang >= 14.0.0 -- Arm Compiler >= 6.18 +- Clang == 14.0.0 +- Arm Compiler == 6.18 In addition, a native compiler is required to build the supporting tools. .. note:: + Versions greater than the ones specified are likely but not guaranteed to + work. This is predominantly because TF-A carries its own copy of compiler-rt, + which may be older than the version expected by the compiler. Fixes and bug + reports are always welcome. + +.. note:: The software has also been built on Windows 7 Enterprise SP1, using CMD.EXE, Cygwin, and Msys (MinGW) shells, using version 5.3.1 of the GNU toolchain. @@ -71,11 +77,11 @@ The following libraries are required for Trusted Board Boot and Measured Boot support: -- mbed TLS == 2.28.1 (tag: ``mbedtls-2.28.1``) +- mbed TLS == 3.4.0 (tag: ``mbedtls-3.4.0``) These tools are optional: -- Device Tree Compiler (DTC) >= 1.4.6 +- Device Tree Compiler (DTC) >= 1.4.7 Needed if you want to rebuild the provided Flattened Device Tree (FDT) source files (``.dts`` files). DTC is available for Linux through the package @@ -92,6 +98,13 @@ Git hooks and helper tools. Without these tools you will need to rely on the CI for feedback on commit message conformance. +- Poetry >= 1.3.2 + + Required for managing Python dependencies, this will allow you to reliably + reproduce a Python environment to build documentation and run analysis tools. + Most importantly, it ensures your system environment will not be affected by + dependencies in the Python scripts. + Package Installation (Linux) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -171,7 +184,7 @@ -------------- -*Copyright (c) 2021-2022, Arm Limited. All rights reserved.* +*Copyright (c) 2021-2023, Arm Limited. All rights reserved.* .. _Arm Developer website: https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads .. _Gerrit Code Review: https://www.gerritcodereview.com/
diff --git a/docs/global_substitutions.txt b/docs/global_substitutions.txt index 0cf2946..80012e7 100644 --- a/docs/global_substitutions.txt +++ b/docs/global_substitutions.txt
@@ -50,15 +50,18 @@ .. |SP| replace:: :term:`SP` .. |SPD| replace:: :term:`SPD` .. |SPM| replace:: :term:`SPM` +.. |SRTM| replace:: :term:`SRTM` .. |SSBS| replace:: :term:`SSBS` .. |SVE| replace:: :term:`SVE` .. |TBB| replace:: :term:`TBB` .. |TBBR| replace:: :term:`TBBR` +.. |TCG| replace:: :term:`TCG` .. |TEE| replace:: :term:`TEE` .. |TF-A| replace:: :term:`TF-A` .. |TF-M| replace:: :term:`TF-M` .. |TLB| replace:: :term:`TLB` .. |TLK| replace:: :term:`TLK` +.. |TPM| replace:: :term:`TPM` .. |TRNG| replace:: :term:`TRNG` .. |TSP| replace:: :term:`TSP` .. |TZC| replace:: :term:`TZC` @@ -66,3 +69,4 @@ .. |UEFI| replace:: :term:`UEFI` .. |WDOG| replace:: :term:`WDOG` .. |XLAT| replace:: :term:`XLAT` +.. |ERRATA_ABI| replace:: :term:`ERRATA_ABI`
diff --git a/docs/glossary.rst b/docs/glossary.rst index e6b0239..58b7d99 100644 --- a/docs/glossary.rst +++ b/docs/glossary.rst
@@ -70,6 +70,9 @@ EHF Exception Handling Framework + ERRATA_ABI + Errata management firmware interface + FCONF Firmware Configuration Framework @@ -187,6 +190,9 @@ SPM Secure Partition Manager + SRTM + Static Root of Trust for Measurement + SSBS Speculative Store Bypass Safe. Introduced in Armv8.5, this configuration bit can be set by software to allow or prevent the hardware from @@ -204,6 +210,9 @@ TCB Trusted Compute Base + TCG + Trusted Computing Group + TEE Trusted Execution Environment @@ -219,8 +228,11 @@ TLK Trusted Little Kernel. A Trusted OS from NVIDIA. + TPM + Trusted Platform Module + TRNG - True Randon Number Generator (hardware based) + True Random Number Generator (hardware based) TSP Test Secure Payload
diff --git a/docs/index.rst b/docs/index.rst index 3860199..d5ab8fc 100644 --- a/docs/index.rst +++ b/docs/index.rst
@@ -11,6 +11,7 @@ process/index components/index design/index + porting-guide plat/index perf/index security_advisories/index @@ -84,7 +85,7 @@ -------------- -*Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.* .. _Armv7-A and Armv8-A: https://developer.arm.com/products/architecture/a-profile .. _Secure Monitor: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php
diff --git a/docs/perf/index.rst b/docs/perf/index.rst index bccad00..0938a17 100644 --- a/docs/perf/index.rst +++ b/docs/perf/index.rst
@@ -5,10 +5,13 @@ :maxdepth: 1 :caption: Contents + psci-performance-instr psci-performance-juno + psci-performance-n1sdp + psci-performance-methodology tsp performance-monitoring-unit -------------- -*Copyright (c) 2019-2020, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
diff --git a/docs/perf/psci-performance-instr.rst b/docs/perf/psci-performance-instr.rst new file mode 100644 index 0000000..16f386f --- /dev/null +++ b/docs/perf/psci-performance-instr.rst
@@ -0,0 +1,117 @@ +PSCI Performance Measurement +============================ + +TF-A provides two instrumentation tools for performing analysis of the PSCI +implementation: + +* PSCI STAT +* Runtime Instrumentation + +This page explains how they may be enabled and used to perform all varieties of +analysis. + +Performance Measurement Framework +--------------------------------- + +The Performance Measurement Framework `PMF`_ is a framework that provides +mechanisms for collecting and retrieving timestamps at runtime from the +Performance Measurement Unit (`PMU`_). The PMU is a generalized abstraction for +accessing CPU hardware registers used to measure hardware events. This means, +for instance, that the PMU might be used to place instrumentation points at +logical locations in code for tracing purposes. + +TF-A utilises the PMF as a backend for the two instrumentation services it +provides--PSCI Statistics and Runtime Instrumentation. The PMF is used by +these services to facilitate collection and retrieval of timestamps. For +instance, the PSCI Statistics service registers the PMF service +``psci_svc`` to track its residency statistics. + +This is reserved a unique ID, name, and space in memory by the PMF. The +framework provides a convenient interface for PSCI Statistics to retrieve +values from ``psci_svc`` at runtime. Alternatively, the service may be +configured such that the PMF dumps those values to the console. A platform may +choose to expose SMCs that allow retrieval of these timestamps from the +service. + +This feature is enabled with the Boolean flag ``ENABLE_PMF``. + +PSCI Statistics +--------------- + +PSCI Statistics is a runtime service that provides residency statistics for +power states used by the platform. The service tracks residency time and +entry count. Residency time is the total time spent in a particular power +state by a PE. The entry count is the number of times the PE has entered +the power state. PSCI Statistics implements the optional functions +``PSCI_STAT_RESIDENCY`` and ``PSCI_STAT_COUNT`` from the `PSCI`_ +specification. + + +.. c:macro:: PSCI_STAT_RESIDENCY + + :param target_cpu: Contains copy of affinity fields in the MPIDR register + for identifying the target core (See section 5.1.4 of `PSCI`_ + specifications for more details). + :param power_state: identifier for a specific local + state. Generally, this parameter takes the same form as the power_state + parameter described for CPU_SUSPEND in section 5.4.2. + + :returns: Time spent in ``power_state``, in microseconds, by ``target_cpu`` + and the highest level expressed in ``power_state``. + + +.. c:macro:: PSCI_STAT_COUNT + + :param target_cpu: follows the same format as ``PSCI_STAT_RESIDENCY``. + :param power_state: follows the same format as ``PSCI_STAT_RESIDENCY``. + + :returns: Number of times the state expressed in ``power_state`` has been + used by ``target_cpu`` and the highest level expressed in + ``power_state``. + +The implementation provides residency statistics only for low power states, +and does this regardless of the entry mechanism into those states. The +statistics it collects are set to 0 during shutdown or reset. + +PSCI Statistics is enabled with the Boolean build flag +``ENABLE_PSCI_STAT``. All Arm platforms utilise the PMF unless another +collection backend is provided (``ENABLE_PMF`` is implicitly enabled). + +Runtime Instrumentation +----------------------- + +The Runtime Instrumentation Service is an instrumentation tool that wraps +around the PMF to provide timestamp data. Although the service is not +restricted to PSCI, it is used primarily in TF-A to quantify the total time +spent in the PSCI implementation. The tool can be used to instrument other +components in TF-A as well. It is enabled with the Boolean flag +``ENABLE_RUNTIME_INSTRUMENTATION``, and as with PSCI STAT, requires PMF to +be enabled. + +In PSCI, this service provides instrumentation points in the +following code paths: + +* Entry into the PSCI SMC handler +* Exit from the PSCI SMC handler +* Entry to low power state +* Exit from low power state +* Entry into cache maintenance operations in PSCI +* Exit from cache maintenance operations in PSCI + +The service captures the cycle count, which allows for the time spent in the +implementation to be calculated, given the frequency counter. + +PSCI SMC Handler Instrumentation +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The timestamp during entry into the handler is captured as early as possible +during the runtime exception, prior to entry into the handler itself. All +timestamps are stored in memory for later retrieval. The exit timestamp is +captured after normal return from the PSCI SMC handler, or, if a low power state +was requested, it is captured in the warm boot path. + +*Copyright (c) 2023, Arm Limited. All rights reserved.* + +.. _PMF: ../design/firmware-design.html#performance-measurement-framework +.. _PMU: performance-monitoring-unit.html +.. _PSCI: https://developer.arm.com/documentation/den0022/latest/
diff --git a/docs/perf/psci-performance-juno.rst b/docs/perf/psci-performance-juno.rst index eab3e4d..7a484b8 100644 --- a/docs/perf/psci-performance-juno.rst +++ b/docs/perf/psci-performance-juno.rst
@@ -25,62 +25,189 @@ Juno supports CPU, cluster and system power down states, corresponding to power levels 0, 1 and 2 respectively. It does not support any retention states. -We used the upstream `TF master as of 31/01/2017`_, building the platform using -the ``ENABLE_RUNTIME_INSTRUMENTATION`` option: +Given that runtime instrumentation using PMF is invasive, there is a small +(unquantified) overhead on the results. PMF uses the generic counter for +timestamps, which runs at 50MHz on Juno. -.. code:: shell +The following source trees and binaries were used: - make PLAT=juno ENABLE_RUNTIME_INSTRUMENTATION=1 \ - SCP_BL2=<path/to/scp-fw.bin> \ - BL33=<path/to/test-fw.bin> \ - all fip +- TF-A [`v2.9-rc0`_] +- TFTF [`v2.9-rc0`_] -When using the debug build of TF, there was no noticeable difference in the -results. +Please see the Runtime Instrumentation `Testing Methodology`_ page for more +details. -The tests are based on an ARM-internal test framework. The release build of this -framework was used because the results in the debug build became skewed; the -console output prevented some of the tests from executing in parallel. +Procedure +--------- -The tests consist of both parallel and sequential tests, which are broadly -described as follows: +#. Build TFTF with runtime instrumentation enabled: -- **Parallel Tests** This type of test powers on all the non-lead CPUs and - brings them and the lead CPU to a common synchronization point. The lead CPU - then initiates the test on all CPUs in parallel. + .. code:: shell -- **Sequential Tests** This type of test powers on each non-lead CPU in - sequence. The lead CPU initiates the test on a non-lead CPU then waits for the - test to complete before proceeding to the next non-lead CPU. The lead CPU then - executes the test on itself. + make CROSS_COMPILE=aarch64-none-elf- PLAT=juno \ + TESTS=runtime-instrumentation all + +#. Fetch Juno's SCP binary from TF-A's archive: + + .. code:: shell + + curl --fail --connect-timeout 5 --retry 5 -sLS -o scp_bl2.bin \ + https://downloads.trustedfirmware.org/tf-a/css_scp_2.12.0/juno/release/juno-bl2.bin + +#. Build TF-A with the following build options: + + .. code:: shell + + make CROSS_COMPILE=aarch64-none-elf- PLAT=juno \ + BL33="/path/to/tftf.bin" SCP_BL2="scp_bl2.bin" \ + ENABLE_RUNTIME_INSTRUMENTATION=1 fiptool all fip + +#. Load the following images onto the development board: ``fip.bin``, + ``scp_bl2.bin``. + +Results +------- + +``CPU_SUSPEND`` to deepest power level +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in + parallel + + +---------+------+-----------+---------+-------------+ + | Cluster | Core | Powerdown | Wakekup | Cache Flush | + +=========+======+===========+=========+=============+ + | 0 | 0 | 243.76 | 239.92 | 6.32 | + +---------+------+-----------+---------+-------------+ + | 0 | 1 | 663.5 | 30.32 | 167.82 | + +---------+------+-----------+---------+-------------+ + | 1 | 0 | 105.12 | 22.84 | 5.88 | + +---------+------+-----------+---------+-------------+ + | 1 | 1 | 384.16 | 19.06 | 4.7 | + +---------+------+-----------+---------+-------------+ + | 1 | 2 | 523.98 | 270.46 | 4.74 | + +---------+------+-----------+---------+-------------+ + | 1 | 3 | 950.54 | 220.9 | 89.2 | + +---------+------+-----------+---------+-------------+ + +.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in + serial + + +---------+------+-----------+---------+-------------+ + | Cluster | Core | Powerdown | Wakekup | Cache Flush | + +=========+======+===========+=========+=============+ + | 0 | 0 | 266.96 | 31.74 | 167.92 | + +---------+------+-----------+---------+-------------+ + | 0 | 1 | 266.9 | 31.52 | 167.82 | + +---------+------+-----------+---------+-------------+ + | 1 | 0 | 279.86 | 23.42 | 87.52 | + +---------+------+-----------+---------+-------------+ + | 1 | 1 | 101.38 | 18.8 | 4.64 | + +---------+------+-----------+---------+-------------+ + | 1 | 2 | 101.18 | 19.28 | 4.64 | + +---------+------+-----------+---------+-------------+ + | 1 | 3 | 101.32 | 19.02 | 4.62 | + +---------+------+-----------+---------+-------------+ + +``CPU_SUSPEND`` to power level 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in + parallel + + +---------+------+-----------+---------+-------------+ + | Cluster | Core | Powerdown | Wakekup | Cache Flush | + +=========+======+===========+=========+=============+ + +---------+------+-----------+---------+-------------+ + | 0 | 0 | 661.94 | 22.88 | 9.66 | + +---------+------+-----------+---------+-------------+ + | 0 | 1 | 801.64 | 23.38 | 9.62 | + +---------+------+-----------+---------+-------------+ + | 1 | 0 | 105.56 | 16.02 | 8.12 | + +---------+------+-----------+---------+-------------+ + | 1 | 1 | 245.42 | 16.26 | 7.78 | + +---------+------+-----------+---------+-------------+ + | 1 | 2 | 384.42 | 16.1 | 7.84 | + +---------+------+-----------+---------+-------------+ + | 1 | 3 | 523.74 | 15.4 | 8.02 | + +---------+------+-----------+---------+-------------+ + +.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial + + +---------+------+-----------+---------+-------------+ + | Cluster | Core | Powerdown | Wakekup | Cache Flush | + +=========+======+===========+=========+=============+ + | 0 | 0 | 102.16 | 23.64 | 6.7 | + +---------+------+-----------+---------+-------------+ + | 0 | 1 | 101.66 | 23.78 | 6.6 | + +---------+------+-----------+---------+-------------+ + | 1 | 0 | 277.74 | 15.96 | 4.66 | + +---------+------+-----------+---------+-------------+ + | 1 | 1 | 98.0 | 15.88 | 4.64 | + +---------+------+-----------+---------+-------------+ + | 1 | 2 | 97.66 | 15.88 | 4.62 | + +---------+------+-----------+---------+-------------+ + | 1 | 3 | 97.76 | 15.38 | 4.64 | + +---------+------+-----------+---------+-------------+ + +``CPU_OFF`` on all non-lead CPUs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +``CPU_OFF`` on all non-lead CPUs in sequence then, ``CPU_SUSPEND`` on the lead +core to the deepest power level. + +.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs + + +---------+------+-----------+---------+-------------+ + | Cluster | Core | Powerdown | Wakekup | Cache Flush | + +=========+======+===========+=========+=============+ + | 0 | 0 | 265.38 | 34.12 | 167.36 | + +---------+------+-----------+---------+-------------+ + | 0 | 1 | 265.72 | 33.98 | 167.48 | + +---------+------+-----------+---------+-------------+ + | 1 | 0 | 185.3 | 23.18 | 87.42 | + +---------+------+-----------+---------+-------------+ + | 1 | 1 | 101.58 | 23.46 | 4.48 | + +---------+------+-----------+---------+-------------+ + | 1 | 2 | 101.66 | 22.02 | 4.72 | + +---------+------+-----------+---------+-------------+ + | 1 | 3 | 101.48 | 22.22 | 4.52 | + +---------+------+-----------+---------+-------------+ + +``CPU_VERSION`` in parallel +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores + + +-------------+--------+--------------+ + | Cluster | Core | Latency | + +=============+========+==============+ + | 0 | 0 | 1.22 | + +-------------+--------+--------------+ + | 0 | 1 | 1.2 | + +-------------+--------+--------------+ + | 1 | 0 | 0.6 | + +-------------+--------+--------------+ + | 1 | 1 | 1.08 | + +-------------+--------+--------------+ + | 1 | 2 | 1.04 | + +-------------+--------+--------------+ + | 1 | 3 | 1.04 | + +-------------+--------+--------------+ + +Annotated Historic Results +-------------------------- + +The following results are based on the upstream `TF master as of 31/01/2017`_. +TF-A was built using the same build instructions as detailed in the procedure +above. In the results below, CPUs 0-3 refer to CPUs in the little cluster (A53) and CPUs 4-5 refer to CPUs in the big cluster (A57). In all cases CPU 4 is the lead CPU. -``PSCI_ENTRY`` refers to the time taken from entering the TF PSCI implementation -to the point the hardware enters the low power state (WFI). Referring to the TF -runtime instrumentation points, this corresponds to: -``(RT_INSTR_ENTER_HW_LOW_PWR - RT_INSTR_ENTER_PSCI)``. - -``PSCI_EXIT`` refers to the time taken from the point the hardware exits the low -power state to exiting the TF PSCI implementation. This corresponds to: -``(RT_INSTR_EXIT_PSCI - RT_INSTR_EXIT_HW_LOW_PWR)``. - -``CFLUSH_OVERHEAD`` refers to the part of ``PSCI_ENTRY`` taken to flush the -caches. This corresponds to: ``(RT_INSTR_EXIT_CFLUSH - RT_INSTR_ENTER_CFLUSH)``. - -Note there is very little variance observed in the values given (~1us), although -the values for each CPU are sometimes interchanged, depending on the order in -which locks are acquired. Also, there is very little variance observed between -executing the tests sequentially in a single boot or rebooting between tests. - -Given that runtime instrumentation using PMF is invasive, there is a small -(unquantified) overhead on the results. PMF uses the generic counter for -timestamps, which runs at 50MHz on Juno. - -Results and Commentary ----------------------- +``PSCI_ENTRY`` corresponds to the powerdown latency, ``PSCI_EXIT`` the wakeup latency, and +``CFLUSH_OVERHEAD`` the latency of the cache flush operation. ``CPU_SUSPEND`` to deepest power level on all CPUs in parallel ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -286,7 +413,9 @@ -------------- -*Copyright (c) 2019-2020, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2019-2023, Arm Limited and Contributors. All rights reserved.* -.. _Juno R1 platform: https://static.docs.arm.com/100122/0100/arm_versatile_express_juno_r1_development_platform_(v2m_juno_r1)_technical_reference_manual_100122_0100_05_en.pdf +.. _Juno R1 platform: https://developer.arm.com/documentation/100122/latest/ .. _TF master as of 31/01/2017: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/?id=c38b36d +.. _v2.9-rc0: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/?h=v2.9-rc0 +.. _Testing Methodology: ../perf/psci-performance-methodology.html
diff --git a/docs/perf/psci-performance-methodology.rst b/docs/perf/psci-performance-methodology.rst new file mode 100644 index 0000000..a9f379d --- /dev/null +++ b/docs/perf/psci-performance-methodology.rst
@@ -0,0 +1,55 @@ +Runtime Instrumentation Methodology +=================================== + +This document outlines steps for undertaking performance measurements of key +operations in the Trusted Firmware-A Power State Coordination Interface (PSCI) +implementation, using the in-built Performance Measurement Framework (PMF) and +runtime instrumentation timestamps. + +Framework +~~~~~~~~~ + +The tests are based on the ``runtime-instrumentation`` test suite provided by +the Trusted Firmware Test Framework (TFTF). The release build of this framework +was used because the results in the debug build became skewed; the console +output prevented some of the tests from executing in parallel. + +The tests consist of both parallel and sequential tests, which are broadly +described as follows: + +- **Parallel Tests** This type of test powers on all the non-lead CPUs and + brings them and the lead CPU to a common synchronization point. The lead CPU + then initiates the test on all CPUs in parallel. + +- **Sequential Tests** This type of test powers on each non-lead CPU in + sequence. The lead CPU initiates the test on a non-lead CPU then waits for the + test to complete before proceeding to the next non-lead CPU. The lead CPU then + executes the test on itself. + +Note there is very little variance observed in the values given (~1us), although +the values for each CPU are sometimes interchanged, depending on the order in +which locks are acquired. Also, there is very little variance observed between +executing the tests sequentially in a single boot or rebooting between tests. + +Given that runtime instrumentation using PMF is invasive, there is a small +(unquantified) overhead on the results. PMF uses the generic counter for +timestamps, which runs at 50MHz on Juno. + +Metrics +~~~~~~~ + +.. glossary:: + + Powerdown Latency + Time taken from entering the TF PSCI implementation to the point the hardware + enters the low power state (WFI). Referring to the TF runtime instrumentation points, this + corresponds to: ``(RT_INSTR_ENTER_HW_LOW_PWR - RT_INSTR_ENTER_PSCI)``. + + Wakeup Latency + Time taken from the point the hardware exits the low power state to exiting + the TF PSCI implementation. This corresponds to: ``(RT_INSTR_EXIT_PSCI - + RT_INSTR_EXIT_HW_LOW_PWR)``. + + Cache Flush Latency + Time taken to flush the caches during powerdown. This corresponds to: + ``(RT_INSTR_EXIT_CFLUSH - RT_INSTR_ENTER_CFLUSH)``.
diff --git a/docs/perf/psci-performance-n1sdp.rst b/docs/perf/psci-performance-n1sdp.rst new file mode 100644 index 0000000..70a1436 --- /dev/null +++ b/docs/perf/psci-performance-n1sdp.rst
@@ -0,0 +1,203 @@ +Runtime Instrumentation Testing - N1SDP +======================================= + +For this test we used the N1 System Development Platform (`N1SDP`_), which +contains an SoC consisting of two dual-core Arm N1 clusters. + +The following source trees and binaries were used: + +- TF-A [`v2.9-rc0-16-g666aec401`_] +- TFTF [`v2.9-rc0`_] +- SCP/MCP `Prebuilt Images`_ + +Please see the Runtime Instrumentation `Testing Methodology`_ page for more +details. + +Procedure +--------- + +#. Build TFTF with runtime instrumentation enabled: + + .. code:: shell + + make CROSS_COMPILE=aarch64-none-elf- PLAT=n1sdp \ + TESTS=runtime-instrumentation all + +#. Build TF-A with the following build options: + + .. code:: shell + + make CROSS_COMPILE=aarch64-none-elf- PLAT=n1sdp \ + ENABLE_RUNTIME_INSTRUMENTATION=1 fiptool all + +#. Fetch the SCP firmware images: + + .. code:: shell + + curl --fail --connect-timeout 5 --retry 5 \ + -sLS -o build/n1sdp/release/scp_rom.bin \ + https://downloads.trustedfirmware.org/tf-a/css_scp_2.12.0/n1sdp/release/n1sdp-bl1.bin + curl --fail --connect-timeout 5 \ + --retry 5 -sLS -o build/n1sdp/release/scp_ram.bin \ + https://downloads.trustedfirmware.org/tf-a/css_scp_2.12.0/n1sdp/release/n1sdp-bl2.bin + +#. Fetch the MCP firmware images: + + .. code:: shell + + curl --fail --connect-timeout 5 --retry 5 \ + -sLS -o build/n1sdp/release/mcp_rom.bin \ + https://downloads.trustedfirmware.org/tf-a/css_scp_2.12.0/n1sdp/release/n1sdp-mcp-bl1.bin + curl --fail --connect-timeout 5 --retry 5 \ + -sLS -o build/n1sdp/release/mcp_ram.bin \ + https://downloads.trustedfirmware.org/tf-a/css_scp_2.12.0/n1sdp/release/n1sdp-mcp-bl2.bin + +#. Using the fiptool, create a new FIP package and append the SCP ram image onto + it. + + .. code:: shell + + ./tools/fiptool/fiptool create --blob \ + uuid=cfacc2c4-15e8-4668-82be-430a38fad705,file=build/n1sdp/release/bl1.bin \ + --scp-fw build/n1sdp/release/scp_ram.bin build/n1sdp/release/scp_fw.bin + +#. Append the MCP image to the FIP. + + .. code:: shell + + ./tools/fiptool/fiptool create \ + --blob uuid=54464222-a4cf-4bf8-b1b6-cee7dade539e,file=build/n1sdp/release/mcp_ram.bin \ + build/n1sdp/release/mcp_fw.bin + +#. Then, add TFTF as the Non-Secure workload in the FIP image: + + .. code:: shell + + make CROSS_COMPILE=aarch64-none-elf- PLAT=n1sdp \ + ENABLE_RUNTIME_INSTRUMENTATION=1 SCP_BL2=/dev/null \ + BL33=<path/to/tftf.bin> fip + +#. Load the following images onto the development board: ``fip.bin``, + ``scp_rom.bin``, ``scp_ram.bin``, ``mcp_rom.bin``, and ``mcp_ram.bin``. + +.. note:: + + These instructions presume you have a complete firmware stack. The N1SDP + `user guide`_ provides a detailed explanation on how to get setup from + scratch. + +Results +------- + +``CPU_SUSPEND`` to deepest power level +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in + parallel + + +---------+------+-----------+---------+-------------+ + | Cluster | Core | Powerdown | Wakekup | Cache Flush | + +=========+======+===========+=========+=============+ + | 0 | 0 | 3.44 | 10.04 | 0.4 | + +---------+------+-----------+---------+-------------+ + | 0 | 1 | 4.98 | 12.72 | 0.16 | + +---------+------+-----------+---------+-------------+ + | 1 | 0 | 3.58 | 15.42 | 0.2 | + +---------+------+-----------+---------+-------------+ + | 1 | 1 | 5.24 | 17.78 | 0.18 | + +---------+------+-----------+---------+-------------+ + +.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in + serial + + +---------+------+-----------+---------+-------------+ + | Cluster | Core | Powerdown | Wakekup | Cache Flush | + +=========+======+===========+=========+=============+ + | 0 | 0 | 1.82 | 9.98 | 0.32 | + +---------+------+-----------+---------+-------------+ + | 0 | 1 | 1.96 | 9.96 | 0.18 | + +---------+------+-----------+---------+-------------+ + | 1 | 0 | 2.0 | 10.5 | 0.16 | + +---------+------+-----------+---------+-------------+ + | 1 | 1 | 2.22 | 10.56 | 0.16 | + +---------+------+-----------+---------+-------------+ + +``CPU_SUSPEND`` to power level 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in + parallel + + +---------+------+-----------+---------+-------------+ + | Cluster | Core | Powerdown | Wakekup | Cache Flush | + +=========+======+===========+=========+=============+ + | 0 | 0 | 1.52 | 11.84 | 0.34 | + +---------+------+-----------+---------+-------------+ + | 0 | 1 | 1.1 | 13.66 | 0.14 | + +---------+------+-----------+---------+-------------+ + | 1 | 0 | 2.18 | 9.48 | 0.18 | + +---------+------+-----------+---------+-------------+ + | 1 | 1 | 2.06 | 14.4 | 0.16 | + +---------+------+-----------+---------+-------------+ + +.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial + + +---------+------+-----------+---------+-------------+ + | Cluster | Core | Powerdown | Wakekup | Cache Flush | + +=========+======+===========+=========+=============+ + | 0 | 0 | 1.54 | 9.34 | 0.3 | + +---------+------+-----------+---------+-------------+ + | 0 | 1 | 1.88 | 9.5 | 0.16 | + +---------+------+-----------+---------+-------------+ + | 1 | 0 | 1.86 | 9.86 | 0.2 | + +---------+------+-----------+---------+-------------+ + | 1 | 1 | 2.02 | 9.64 | 0.18 | + +---------+------+-----------+---------+-------------+ + +``CPU_OFF`` on all non-lead CPUs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +``CPU_OFF`` on all non-lead CPUs in sequence then, ``CPU_SUSPEND`` on the lead +core to the deepest power level. + +.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs + + +---------+------+-----------+---------+-------------+ + | Cluster | Core | Powerdown | Wakekup | Cache Flush | + +=========+======+===========+=========+=============+ + | 0 | 0 | 1.86 | 9.88 | 0.32 | + +---------+------+-----------+---------+-------------+ + | 0 | 1 | 21.1 | 12.44 | 0.42 | + +---------+------+-----------+---------+-------------+ + | 1 | 0 | 21.22 | 13.2 | 0.32 | + +---------+------+-----------+---------+-------------+ + | 1 | 1 | 21.56 | 13.18 | 0.54 | + +---------+------+-----------+---------+-------------+ + +``CPU_VERSION`` in parallel +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores + + +-------------+--------+--------------+ + | Cluster | Core | Latency | + +=============+========+==============+ + | 0 | 0 | 0.08 | + +-------------+--------+--------------+ + | 0 | 1 | 0.22 | + +-------------+--------+--------------+ + | 1 | 0 | 0.28 | + +-------------+--------+--------------+ + | 1 | 1 | 0.26 | + +-------------+--------+--------------+ + +-------------- + +*Copyright (c) 2023, Arm Limited. All rights reserved.* + +.. _v2.9-rc0-16-g666aec401: https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/heads/v2.9-rc0-16-g666aec401 +.. _v2.9-rc0: https://review.trustedfirmware.org/plugins/gitiles/TF-A/tf-a-tests/+/refs/tags/v2.9-rc0 +.. _user guide: https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs/-/blob/master/docs/n1sdp/user-guide.rst +.. _Prebuilt Images: https://downloads.trustedfirmware.org/tf-a/css_scp_2.11.0/n1sdp/release/ +.. _N1SDP: https://developer.arm.com/documentation/101489/latest +.. _Testing Methodology: ../perf/psci-performance-methodology.html \ No newline at end of file
diff --git a/docs/plat/allwinner.rst b/docs/plat/allwinner.rst index 3e9ce51..8e967dc 100644 --- a/docs/plat/allwinner.rst +++ b/docs/plat/allwinner.rst
@@ -23,6 +23,8 @@ +------+-------------------+ | H313 | sun50i_h616 | +------+-------------------+ +| T507 | sun50i_h616 | ++------+-------------------+ | R329 | sun50i_r329 | +------+-------------------+
diff --git a/docs/plat/arm/arm-build-options.rst b/docs/plat/arm/arm-build-options.rst index 407c04b..e7e7ee7 100644 --- a/docs/plat/arm/arm-build-options.rst +++ b/docs/plat/arm/arm-build-options.rst
@@ -49,7 +49,7 @@ field of power-state parameter. - ``ARM_ROTPK_LOCATION``: used when ``TRUSTED_BOARD_BOOT=1``. It specifies the - location of the ROTPK hash returned by the function ``plat_get_rotpk_info()`` + location of the ROTPK returned by the function ``plat_get_rotpk_info()`` for Arm platforms. Depending on the selected option, the proper private key must be specified using the ``ROT_KEY`` option when building the Trusted Firmware. This private key will be used by the certificate generation tool @@ -68,12 +68,16 @@ ``arm_rotpk_ecdsa.der``, located in ``plat/arm/board/common/rotpk``. To use this option, ``arm_rotprivk_ecdsa.pem`` must be specified as ``ROT_KEY`` when creating the certificates. + - ``devel_full_dev_rsa_key`` : returns a development public key embedded in + the BL1 and BL2 binaries. This key has been obtained from the RSA public + key ``arm_rotpk_rsa.der``, located in ``plat/arm/board/common/rotpk``. -- ``ARM_ROTPK_HASH``: used when ``ARM_ROTPK_LOCATION=devel_*``. Specifies the - location of the ROTPK hash. Not expected to be a build option. This defaults to - ``plat/arm/board/common/rotpk/*_sha256.bin`` depending on the specified algorithm. - Providing ``ROT_KEY`` enforces generation of the hash from the ``ROT_KEY`` and - overwrites the default hash file. +- ``ARM_ROTPK_HASH``: used when ``ARM_ROTPK_LOCATION=devel_*``, excluding + ``devel_full_dev_rsa_key``. Specifies the location of the ROTPK hash. Not + expected to be a build option. This defaults to + ``plat/arm/board/common/rotpk/*_sha256.bin`` depending on the specified + algorithm. Providing ``ROT_KEY`` enforces generation of the hash from the + ``ROT_KEY`` and overwrites the default hash file. - ``ARM_TSP_RAM_LOCATION``: location of the TSP binary. Options: @@ -97,6 +101,14 @@ the Arm Juno platform has this included in its ``HW_CONFIG`` and the platform only loads the ``HW_CONFIG`` in AArch64 builds. Default is 0. +- ``ARM_ETHOSN_NPU_TZMP1``: boolean option to enable TZMP1 support for the + Arm® Ethos™-N NPU. Requires ``ARM_ETHOSN_NPU_DRIVER`` and + ``TRUSTED_BOARD_BOOT`` to be enabled. + +- ``ARM_ETHOSN_NPU_FW``: location of the NPU firmware binary + (```ethosn.bin```). This firmware image will be included in the FIP and + loaded at runtime. + - ``ARM_SPMC_MANIFEST_DTS`` : path to an alternate manifest file used as the SPMC Core manifest. Valid when ``SPD=spmd`` is selected. @@ -161,4 +173,4 @@ .. |FIP in a GPT image| image:: ../../resources/diagrams/FIP_in_a_GPT_image.png -*Copyright (c) 2019-2021, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
diff --git a/docs/plat/arm/corstone1000/index.rst b/docs/plat/arm/corstone1000/index.rst index b889b7f..dc626e1 100644 --- a/docs/plat/arm/corstone1000/index.rst +++ b/docs/plat/arm/corstone1000/index.rst
@@ -47,7 +47,7 @@ ARCH=aarch64 \ TARGET_PLATFORM=<fpga or fvp> \ ENABLE_PIE=1 \ - BL2_AT_EL3=1 \ + RESET_TO_BL2=1 \ CREATE_KEYS=1 \ GENERATE_COT=1 \ TRUSTED_BOARD_BOOT=1 \ @@ -58,4 +58,4 @@ BL33=<path to u-boot binary> \ bl2 -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
diff --git a/docs/plat/arm/juno/index.rst b/docs/plat/arm/juno/index.rst index 91e681f..ea7d11c 100644 --- a/docs/plat/arm/juno/index.rst +++ b/docs/plat/arm/juno/index.rst
@@ -56,7 +56,7 @@ #. Obtain SCP binaries (Juno) - This version of TF-A is tested with SCP version 2.8.0 on Juno. You can + This version of TF-A is tested with SCP version 2.12.0 on Juno. You can download pre-built SCP binaries (``scp_bl1.bin`` and ``scp_bl2.bin``) from `TF-A downloads page`_. Alternatively, you can `build the binaries from source`_. @@ -241,13 +241,12 @@ -------------- -*Copyright (c) 2019-2022, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2023, Arm Limited. All rights reserved.* .. _Linaro release software stack: http://releases.linaro.org/members/arm/platforms/ .. _Juno platform software user guide: https://git.linaro.org/landing-teams/working/arm/arm-reference-platforms.git/about/docs/juno/user-guide.rst -.. _TF-A downloads page: https://downloads.trustedfirmware.org/tf-a/css_scp_2.8.0/juno/ +.. _TF-A downloads page: https://downloads.trustedfirmware.org/tf-a/css_scp_2.12.0/juno/ .. _build the binaries from source: https://github.com/ARM-software/SCP-firmware/blob/master/user_guide.md#scp-firmware-user-guide .. _Arm Platforms Portal: https://community.arm.com/dev-platforms/ .. _Juno Getting Started Guide: https://developer.arm.com/documentation/den0928/f/?lang=en .. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf -.. _Juno Arm Development Platform: http://www.arm.com/products/tools/development-boards/versatile-express/juno-arm-development-platform.php
diff --git a/docs/plat/index.rst b/docs/plat/index.rst index a4e2067..57c7303 100644 --- a/docs/plat/index.rst +++ b/docs/plat/index.rst
@@ -76,7 +76,9 @@ +----------------+----------------+--------------------+--------------------+ | tc0 | Arm | 2.8 | 3.0 | +----------------+----------------+--------------------+--------------------+ +| rde1edge | Arm | 2.9 | 3.1 | ++----------------+----------------+--------------------+--------------------+ -------------- -*Copyright (c) 2019-2022, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
diff --git a/docs/plat/qemu.rst b/docs/plat/qemu.rst index 6986326..f2a39e9 100644 --- a/docs/plat/qemu.rst +++ b/docs/plat/qemu.rst
@@ -44,7 +44,7 @@ Then, you will get ``Build/ArmVirtQemuKernel-AARCH64/DEBUG_GCC5/FV/QEMU_EFI.fd`` Please note you do not need to use GCC 5 in spite of the environment variable -``GCC5_AARCH64_PREFIX`` +``GCC5_AARCH64_PREFIX``. The rootfs can be built by using Buildroot as follows: @@ -88,54 +88,73 @@ -initrd rootfs.cpio.gz -smp 2 -m 1024 -bios bl1.bin \ -d unimp -semihosting-config enable,target=native -Booting via flash based firmwares ---------------------------------- +Booting via flash based firmware +-------------------------------- -Boot firmwares are loaded via secure FLASH0 device so ``bl1.bin`` and -``fip.bin`` should be concatenated to create a ``flash.bin`` that is flashed -onto secure FLASH0. +An alternate approach to deploy a full system stack on QEMU is to load the +firmware via a secure flash device. This involves concatenating ``bl1.bin`` and +``fip.bin`` to create a boot ROM that is flashed onto secure FLASH0 with the +``-bios`` option. -- ``bl32.bin`` -> BL32 (``tee-header_v2.bin``) -- ``bl32_extra1.bin`` -> BL32 Extra1 (``tee-pager_v2.bin``) -- ``bl32_extra2.bin`` -> BL32 Extra2 (``tee-pageable_v2.bin``) -- ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``) +For example, to test the following firmware stack: + + +- BL32 - ``bl32.bin`` -> ``tee-header_v2.bin`` +- BL32 Extra1 - ``bl32_extra1.bin`` -> ``tee-pager_v2.bin`` +- BL32 Extra2 - ``bl32_extra2.bin`` -> ``tee-pageable_v2.bin`` +- BL33 - ``bl33.bin`` -> ``QEMU_EFI.fd`` (EDK II) - ``Image`` -> linux/arch/arm64/boot/Image -To build: -.. code:: shell +1. Compile TF-A - make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \ - BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \ - BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip + .. code:: shell -To build with TBBR enabled, BL31 and BL32 encrypted with test key: + make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \ + BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \ + BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip -.. code:: shell + Or, alternatively, to build with TBBR enabled, as well as, BL31 and BL32 encrypted with + test key: - make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \ - BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \ - BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip \ - MBEDTLS_DIR=<path-to-mbedtls-repo> TRUSTED_BOARD_BOOT=1 \ - GENERATE_COT=1 DECRYPTION_SUPPORT=aes_gcm FW_ENC_STATUS=0 \ - ENCRYPT_BL31=1 ENCRYPT_BL32=1 + .. code:: shell -To build flash.bin: + make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \ + BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \ + BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip \ + MBEDTLS_DIR=<path-to-mbedtls-repo> TRUSTED_BOARD_BOOT=1 \ + GENERATE_COT=1 DECRYPTION_SUPPORT=aes_gcm FW_ENC_STATUS=0 \ + ENCRYPT_BL31=1 ENCRYPT_BL32=1 -.. code:: shell +2. Concatenate ``bl1.bin`` and ``fip.bin`` to create the boot ROM - dd if=build/qemu/release/bl1.bin of=flash.bin bs=4096 conv=notrunc - dd if=build/qemu/release/fip.bin of=flash.bin seek=64 bs=4096 conv=notrunc + .. code:: shell -To start (QEMU v5.0.0): + dd if=build/qemu/release/bl1.bin of=flash.bin bs=4096 conv=notrunc + dd if=build/qemu/release/fip.bin of=flash.bin seek=64 bs=4096 conv=notrunc -.. code:: shell +3. Launch QEMU - qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57 \ - -kernel Image -no-acpi \ - -append 'console=ttyAMA0,38400 keep_bootcon' \ - -initrd rootfs.cpio.gz -smp 2 -m 1024 -bios flash.bin \ - -d unimp + .. code:: shell + + qemu-system-aarch64 -nographic -machine virt,secure=on + -cpu cortex-a57 -kernel Image \ + -append 'console=ttyAMA0,38400 keep_bootcon' \ + -initrd rootfs.cpio.gz -smp 2 -m 1024 -bios flash.bin \ + -d unimp + +The ``-bios`` option abstracts the loading of raw bare metal binaries into flash +or ROM memory. QEMU loads the binary into the region corresponding to +the hardware's entrypoint, from which the binary is executed upon a platform +"reset". In addition to this, it places the information about the kernel +provided with option ``-kernel``, and the RamDisk provided with ``-initrd``, +into the firmware configuration ``fw_cfg``. In this setup, EDK II is responsible +for extracting and launching these from ``fw_cfg``. + +.. note:: + QEMU may be launched with or without ACPI (``-acpi``/``-no-acpi``). In + either case, ensure that the kernel build options are aligned with the + parameters passed to QEMU. Running QEMU in OpenCI -----------------------
diff --git a/docs/plat/stm32mp1.rst b/docs/plat/stm32mp1.rst index 23ea25a..a983606 100644 --- a/docs/plat/stm32mp1.rst +++ b/docs/plat/stm32mp1.rst
@@ -107,11 +107,11 @@ Boot sequence ~~~~~~~~~~~~~ -ROM code -> BL2 (compiled with BL2_AT_EL3) -> BL32 (SP_min) -> BL33 (U-Boot) +ROM code -> BL2(compiled with RESET_TO_BL2) -> BL32(SP_min)-> BL33(U-Boot) or if Op-TEE is used: -ROM code -> BL2 (compiled with BL2_AT_EL3) -> OP-TEE -> BL33 (U-Boot) +ROM code -> BL2 (compiled with RESET_TO_BL2) -> OP-TEE -> BL33 (U-Boot) Build Instructions
diff --git a/docs/plat/xilinx-versal-net.rst b/docs/plat/xilinx-versal-net.rst index 5d2e663..5d04639 100644 --- a/docs/plat/xilinx-versal-net.rst +++ b/docs/plat/xilinx-versal-net.rst
@@ -14,6 +14,11 @@ make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal_net bl31 ``` +To build TF-A for JTAG DCC console: +```bash +make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal_net VERSAL_NET_CONSOLE=dcc bl31 +``` + Xilinx Versal NET platform specific build options ------------------------------------------------- @@ -23,8 +28,9 @@ * `VERSAL_NET_BL32_MEM_SIZE`: Specifies the size of the memory region of the bl32 binary. * `VERSAL_NET_CONSOLE`: Select the console driver. Options: - - `pl011`, `pl011_0`: ARM pl011 UART 0 + - `pl011`, `pl011_0`: ARM pl011 UART 0 (default) - `pl011_1` : ARM pl011 UART 1 + - `dcc` : JTAG Debug Communication Channel(DCC) * `TFA_NO_PM` : Platform Management support. - 0 : Enable Platform Management (Default)
diff --git a/docs/plat/xilinx-zynqmp.rst b/docs/plat/xilinx-zynqmp.rst index af1cb22..4fe0d2f 100644 --- a/docs/plat/xilinx-zynqmp.rst +++ b/docs/plat/xilinx-zynqmp.rst
@@ -31,6 +31,7 @@ ZynqMP platform specific build options -------------------------------------- +- ``XILINX_OF_BOARD_DTB_ADDR`` : Specifies the base address of Device tree. - ``ZYNQMP_ATF_MEM_BASE``: Specifies the base address of the bl31 binary. - ``ZYNQMP_ATF_MEM_SIZE``: Specifies the size of the memory region of the bl31 binary. - ``ZYNQMP_BL32_MEM_BASE``: Specifies the base address of the bl32 binary. @@ -41,6 +42,63 @@ - ``cadence``, ``cadence0``: Cadence UART 0 - ``cadence1`` : Cadence UART 1 +ZynqMP Debug behavior +--------------------- + +With DEBUG=1, TF-A for ZynqMP uses DDR memory range instead of OCM memory range +due to size constraints. +For DEBUG=1 configuration for ZynqMP the BL31_BASE is set to the DDR location +of 0x1000 and BL31_LIMIT is set to DDR location of 0x7FFFF. By default the +above memory range will NOT be reserved in device tree. + +To reserve the above memory range in device tree, the device tree base address +must be provided during build as, + +make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp RESET_TO_BL31=1 DEBUG=1 \ + XILINX_OF_BOARD_DTB_ADDR=<DTB address> bl31 + +The default DTB base address for ZynqMP platform is 0x100000. This default value +is not set in the code and to use this default address, user still needs to +provide it through the build command as above. + +If the user wants to move the bl31 to a different DDR location, user can provide +the DDR address location using the build time parameters ZYNQMP_ATF_MEM_BASE and +ZYNQMP_ATF_MEM_SIZE. + +The DDR address must be reserved in the DTB by the user, either by manually +adding the reserved memory node, in the device tree, with the required address +range OR let TF-A modify the device tree on the run. + +To let TF-A access and modify the device tree, the DTB address must be provided +to the build command as follows, + +make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp RESET_TO_BL31=1 DEBUG=1 \ + ZYNQMP_ATF_MEM_BASE=<DDR address> ZYNQMP_ATF_MEM_SIZE=<size> \ + XILINX_OF_BOARD_DTB_ADDR=<DTB address> bl31 + +DDR Address Range Usage +----------------------- + +When FSBL runs on RPU and TF-A is to be placed in DDR address range, +then the user needs to make sure that the DDR address is beyond 256KB. +In the RPU view, the first 256 KB is TCM memory. + +For this use case, with the minimum base address in DDR for TF-A, +the build command example is; + +make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp RESET_TO_BL31=1 DEBUG=1 \ + ZYNQMP_ATF_MEM_BASE=0x40000 ZYNQMP_ATF_MEM_SIZE=<size> + +Configurable Stack Size +----------------------- + +The stack size in TF-A for ZynqMP platform is configurable. +The custom package can define the desired stack size as per the requirement in +the make file as follows, + +PLATFORM_STACK_SIZE := <value> +$(eval $(call add_define,PLATFORM_STACK_SIZE)) + FSBL->TF-A Parameter Passing ---------------------------- @@ -71,3 +129,40 @@ The 4 leaf power domains represent the individual A53 cores, while resources common to the cluster are grouped in the power domain on the top. + +CUSTOM SIP service support +-------------------------- + +- Dedicated SMC FID ZYNQMP_SIP_SVC_CUSTOM(0x82002000)(32-bit)/ + (0xC2002000)(64-bit) to be used by a custom package for + providing CUSTOM SIP service. + +- by default platform provides bare minimum definition for + custom_smc_handler in this service. + +- to use this service, custom package should implement their + smc handler with the name custom_smc_handler. once custom package is + included in TF-A build, their definition of custom_smc_handler is + enabled. + +Custom package makefile fragment inclusion in TF-A build +-------------------------------------------------------- + +- custom package is not directly part of TF-A source. + +- <CUSTOM_PKG_PATH> is the location at which user clones a + custom package locally. + +- custom package needs to implement makefile fragment named + custom_pkg.mk so as to get included in TF-A build. + +- custom_pkg.mk specify all the rules to include custom package + specific header files, dependent libs, source files that are + supposed to be included in TF-A build. + +- when <CUSTOM_PKG_PATH> is specified in TF-A build command, + custom_pkg.mk is included from <CUSTOM_PKG_PATH> in TF-A build. + +- TF-A build command: + make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp RESET_TO_BL31=1 + bl31 CUSTOM_PKG_PATH=<...>
diff --git a/docs/getting_started/porting-guide.rst b/docs/porting-guide.rst similarity index 93% rename from docs/getting_started/porting-guide.rst rename to docs/porting-guide.rst index aa57e1d..1250071 100644 --- a/docs/getting_started/porting-guide.rst +++ b/docs/porting-guide.rst
@@ -14,10 +14,24 @@ The platform-specific functions and variables are declared in ``include/plat/common/platform.h``. The firmware provides a default -implementation of variables and functions to fulfill the optional requirements. -These implementations are all weakly defined; they are provided to ease the -porting effort. Each platform port can override them with its own implementation -if the default implementation is inadequate. +implementation of variables and functions to fulfill the optional requirements +in order to ease the porting effort. Each platform port can use them as is or +provide their own implementation if the default implementation is inadequate. + + .. note:: + + TF-A historically provided default implementations of platform interfaces + as *weak* functions. This practice is now discouraged and new platform + interfaces as they get introduced in the code base should be *strongly* + defined. We intend to convert existing weak functions over time. Until + then, you will find references to *weak* functions in this document. + +Please review the :ref:`Threat Model` documents as part of the porting +effort. Some platform interfaces play a key role in mitigating against some of +the threats. Failing to fulfill these expectations could undermine the security +guarantees offered by TF-A. These platform responsibilities are highlighted in +the threat assessment section, under the "`Mitigations implemented?`" box for +each threat. Some modifications are common to all Boot Loader (BL) stages. Section 2 discusses these in detail. The subsequent sections discuss the remaining @@ -31,7 +45,7 @@ source files in ``plat/arm/common/``. This is done so that there are no dependencies between platforms maintained by different people/companies. If you want to use any of the functionality present in ``plat/arm`` files, please -create a pull request that moves the code to ``plat/common`` so that it can be +propose a patch that moves the code to ``plat/common`` so that it can be discussed. Common modifications @@ -47,7 +61,7 @@ A platform port must enable the Memory Management Unit (MMU) as well as the instruction and data caches for each BL stage. Setting up the translation tables is the responsibility of the platform port because memory maps differ -across platforms. A memory translation library (see ``lib/xlat_tables/``) is +across platforms. A memory translation library (see ``lib/xlat_tables_v2/``) is provided to help in this setup. Note that although this library supports non-identity mappings, this is intended @@ -66,22 +80,22 @@ If the build option ``USE_COHERENT_MEM`` is enabled, each platform can allocate a block of identity mapped secure memory with Device-nGnRE attributes aligned to page boundary (4K) for each BL stage. All sections which allocate coherent -memory are grouped under ``coherent_ram``. For ex: Bakery locks are placed in a -section identified by name ``bakery_lock`` inside ``coherent_ram`` so that its +memory are grouped under ``.coherent_ram``. For ex: Bakery locks are placed in a +section identified by name ``.bakery_lock`` inside ``.coherent_ram`` so that its possible for the firmware to place variables in it using the following C code directive: :: - __section("bakery_lock") + __section(".bakery_lock") Or alternatively the following assembler code directive: :: - .section bakery_lock + .section .bakery_lock -The ``coherent_ram`` section is a sum of all sections like ``bakery_lock`` which are +The ``.coherent_ram`` section is a sum of all sections like ``.bakery_lock`` which are used to allocate any data structures that are accessed both when a CPU is executing with its MMU and caches enabled, and when it's running with its MMU and caches disabled. Examples are given below. @@ -531,6 +545,15 @@ Defines the maximum address that the TSP's progbits sections can occupy. +If the platform supports OS-initiated mode, i.e. the build option +``PSCI_OS_INIT_MODE`` is enabled, and if the platform's maximum power domain +level for PSCI_CPU_SUSPEND differs from ``PLAT_MAX_PWR_LVL``, the following +constant must be defined. + +- **#define : PLAT_MAX_CPU_SUSPEND_PWR_LVL** + + Defines the maximum power domain level that PSCI_CPU_SUSPEND should apply to. + If the platform port uses the PL061 GPIO driver, the following constant may optionally be defined: @@ -558,6 +581,68 @@ PLAT_PARTITION_BLOCK_SIZE := 4096 $(eval $(call add_define,PLAT_PARTITION_BLOCK_SIZE)) +If the platform port uses the Arm® Ethos™-N NPU driver, the following +configuration must be performed: + +- The NPU SiP service handler must be hooked up. This consists of both the + initial setup (``ethosn_smc_setup``) and the handler itself + (``ethosn_smc_handler``) + +If the platform port uses the Arm® Ethos™-N NPU driver with TZMP1 support +enabled, the following constants and configuration must also be defined: + +- **ARM_ETHOSN_NPU_PROT_FW_NSAID** + + Defines the Non-secure Access IDentity (NSAID) that the NPU shall use to + access the protected memory that contains the NPU's firmware. + +- **ARM_ETHOSN_NPU_PROT_DATA_RW_NSAID** + + Defines the Non-secure Access IDentity (NSAID) that the NPU shall use for + read/write access to the protected memory that contains inference data. + +- **ARM_ETHOSN_NPU_PROT_DATA_RO_NSAID** + + Defines the Non-secure Access IDentity (NSAID) that the NPU shall use for + read-only access to the protected memory that contains inference data. + +- **ARM_ETHOSN_NPU_NS_RW_DATA_NSAID** + + Defines the Non-secure Access IDentity (NSAID) that the NPU shall use for + read/write access to the non-protected memory. + +- **ARM_ETHOSN_NPU_NS_RO_DATA_NSAID** + + Defines the Non-secure Access IDentity (NSAID) that the NPU shall use for + read-only access to the non-protected memory. + +- **ARM_ETHOSN_NPU_FW_IMAGE_BASE** and **ARM_ETHOSN_NPU_FW_IMAGE_LIMIT** + + Defines the physical address range that the NPU's firmware will be loaded + into and executed from. + +- Configure the platforms TrustZone Controller (TZC) with appropriate regions + of protected memory. At minimum this must include a region for the NPU's + firmware code and a region for protected inference data, and these must be + accessible using the NSAIDs defined above. + +- Include the NPU firmware and certificates in the FIP. + +- Provide FCONF entries to configure the image source for the NPU firmware + and certificates. + +- Add MMU mappings such that: + + - BL2 can write the NPU firmware into the region defined by + ``ARM_ETHOSN_NPU_FW_IMAGE_BASE`` and ``ARM_ETHOSN_NPU_FW_IMAGE_LIMIT`` + - BL31 (SiP service) can read the NPU firmware from the same region + +- Add the firmware image ID ``ARM_ETHOSN_NPU_FW_IMAGE_ID`` to the list of images + loaded by BL2. + +Please see the reference implementation code for the Juno platform as an example. + + The following constant is optional. It should be defined to override the default behaviour of the ``assert()`` function (for example, to save memory). @@ -809,34 +894,6 @@ either could not be updated or the authentication image descriptor indicates that it is not allowed to be updated. -Function: plat_convert_pk() -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -:: - - Argument : void *, unsigned int, void **, unsigned int * - Return : int - -This function is optional when Trusted Board Boot is enabled, and only -used if the platform saves a hash of the ROTPK. -First argument is the Distinguished Encoding Rules (DER) ROTPK. -Second argument is its size. -Third argument is used to return a pointer to a buffer, which hash should -be the one saved in OTP. -Fourth argument is a pointer to return its size. - -Most platforms save the hash of the ROTPK, but some may save slightly different -information - e.g the hash of the ROTPK plus some related information. -Defining this function allows to transform the ROTPK used to verify -the signature to the buffer (a platform specific public key) which -hash is saved in OTP. - -The default implementation copies the input key and length to the output without -modification. - -The function returns 0 on success. Any other value means the expected -public key buffer cannot be extracted. - Dynamic Root of Trust for Measurement support (in BL31) ------------------------------------------------------- @@ -2135,7 +2192,7 @@ #. Providing runtime firmware services. Currently, BL31 only implements a subset of the Power State Coordination Interface (PSCI) API as a runtime - service. See Section 3.3 below for details of porting the PSCI + service. See :ref:`psci_in_bl31` below for details of porting the PSCI implementation. #. Optionally passing control to the BL32 image, pre-loaded at a platform- @@ -2411,7 +2468,7 @@ accommodate all the bakery locks. If this constant is not defined when ``USE_COHERENT_MEM = 0``, the linker -calculates the size of the ``bakery_lock`` input section, aligns it to the +calculates the size of the ``.bakery_lock`` input section, aligns it to the nearest ``CACHE_WRITEBACK_GRANULE``, multiplies it with ``PLATFORM_CORE_COUNT`` and stores the result in a linker symbol. This constant prevents a platform from relying on the linker and provide a more efficient mechanism for @@ -2544,6 +2601,8 @@ This function writes entropy into storage provided by the caller. If no entropy is available, it must return false and the storage must not be written. +.. _psci_in_bl31: + Power State Coordination Interface (in BL31) -------------------------------------------- @@ -2726,6 +2785,22 @@ by the ``MPIDR`` (first argument). The generic code expects the platform to return PSCI_E_SUCCESS on success or PSCI_E_INTERN_FAIL for any failure. +plat_psci_ops.pwr_domain_off_early() [optional] +............................................... + +This optional function performs the platform specific actions to check if +powering off the calling CPU and its higher parent power domain levels as +indicated by the ``target_state`` (first argument) is possible or allowed. + +The ``target_state`` encodes the platform coordinated target local power states +for the CPU power domain and its parent power domain levels. + +For this handler, the local power state for the CPU power domain will be a +power down state where as it could be either power down, retention or run state +for the higher power domain levels depending on the result of state +coordination. The generic code expects PSCI_E_DENIED return code if the +platform thinks that CPU_OFF should not proceed on the calling CPU. + plat_psci_ops.pwr_domain_off() .............................. @@ -2801,6 +2876,10 @@ data, for example in DRAM. The Distributor can then be powered down using an implementation-defined sequence. +If the build option ``PSCI_OS_INIT_MODE`` is enabled, the generic code expects +the platform to return PSCI_E_SUCCESS on success, or either PSCI_E_DENIED or +PSCI_E_INVALID_PARAMS as appropriate for any invalid requests. + plat_psci_ops.pwr_domain_pwr_down_wfi() ....................................... @@ -3202,9 +3281,20 @@ Common helper functions ----------------------- +Function : elx_panic() +~~~~~~~~~~~~~~~~~~~~~~ -Function : do_panic() -~~~~~~~~~~~~~~~~~~~~~ +:: + + Argument : void + Return : void + +This API is called from assembly files when reporting a critical failure +that has occured in lower EL and is been trapped in EL3. This call +**must not** return. + +Function : el3_panic() +~~~~~~~~~~~~~~~~~~~~~~ :: @@ -3212,9 +3302,8 @@ Return : void This API is called from assembly files when encountering a critical failure that -cannot be recovered from. It also invokes elx_panic() which allows to report a -crash from lower exception level. This function assumes that it is invoked from -a C runtime environment i.e. valid stack exists. This call **must not** return. +cannot be recovered from. This function assumes that it is invoked from a C +runtime environment i.e. valid stack exists. This call **must not** return. Function : panic() ~~~~~~~~~~~~~~~~~~ @@ -3226,7 +3315,7 @@ This API called from C files when encountering a critical failure that cannot be recovered from. This function in turn prints backtrace (if enabled) and calls -do_panic(). This call **must not** return. +el3_panic(). This call **must not** return. Crash Reporting mechanism (in BL31) ----------------------------------- @@ -3329,11 +3418,11 @@ (``uint64_t flags``) indicates the preempted security state. These parameters are received from the top-level exception handler. -If ``RAS_EXTENSION`` is set to ``1``, the default implementation of this +If ``RAS_FFH_SUPPORT`` is set to ``1``, the default implementation of this function iterates through RAS handlers registered by the platform. If any of the RAS handlers resolve the External Abort, no further action is taken. -If ``RAS_EXTENSION`` is set to ``0``, or if none of the platform RAS handlers +If ``RAS_FFH_SUPPORT`` is set to ``0``, or if none of the platform RAS handlers could resolve the External Abort, the default implementation prints an error message, and panics. @@ -3396,6 +3485,71 @@ The default implementation of this function calls ``report_unhandled_exception``. +Function : plat_handle_rng_trap +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Argument : uint64_t + Argument : cpu_context_t * + Return : int + +This function is invoked by BL31's exception handler when there is a synchronous +system register trap caused by access to the RNDR or RNDRRS registers. It allows +platforms implementing ``FEAT_RNG_TRAP`` and enabling ``ENABLE_FEAT_RNG_TRAP`` to +emulate those system registers by returing back some entropy to the lower EL. + +The first parameter (``uint64_t esr_el3``) contains the content of the ESR_EL3 +syndrome register, which encodes the instruction that was trapped. The interesting +information in there is the target register (``get_sysreg_iss_rt()``). + +The second parameter (``cpu_context_t *ctx``) represents the CPU state in the +lower exception level, at the time when the execution of the ``mrs`` instruction +was trapped. Its content can be changed, to put the entropy into the target +register. + +The return value indicates how to proceed: + +- When returning ``TRAP_RET_UNHANDLED`` (-1), the machine will panic. +- When returning ``TRAP_RET_REPEAT`` (0), the exception handler will return + to the same instruction, so its execution will be repeated. +- When returning ``TRAP_RET_CONTINUE`` (1), the exception handler will return + to the next instruction. + +This function needs to be implemented by a platform if it enables FEAT_RNG_TRAP. + +Function : plat_handle_impdef_trap +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Argument : uint64_t + Argument : cpu_context_t * + Return : int + +This function is invoked by BL31's exception handler when there is a synchronous +system register trap caused by access to the implementation defined registers. +It allows platforms enabling ``IMPDEF_SYSREG_TRAP`` to emulate those system +registers choosing to program bits of their choice. + +The first parameter (``uint64_t esr_el3``) contains the content of the ESR_EL3 +syndrome register, which encodes the instruction that was trapped. + +The second parameter (``cpu_context_t *ctx``) represents the CPU state in the +lower exception level, at the time when the execution of the ``mrs`` instruction +was trapped. + +The return value indicates how to proceed: + +- When returning ``TRAP_RET_UNHANDLED`` (-1), the machine will panic. +- When returning ``TRAP_RET_REPEAT`` (0), the exception handler will return + to the same instruction, so its execution will be repeated. +- When returning ``TRAP_RET_CONTINUE`` (1), the exception handler will return + to the next instruction. + +This function needs to be implemented by a platform if it enables +IMPDEF_SYSREG_TRAP. + Build flags ----------- @@ -3451,7 +3605,7 @@ storage access is only required by BL1 and BL2 phases and performed inside the ``load_image()`` function in ``bl_common.c``. -.. uml:: ../resources/diagrams/plantuml/io_framework_usage_overview.puml +.. uml:: resources/diagrams/plantuml/io_framework_usage_overview.puml It is mandatory to implement at least one storage driver. For the Arm development platforms the Firmware Image Package (FIP) driver is provided as @@ -3461,7 +3615,7 @@ in ``drivers/io/io_storage.c`` and the driver files are located in ``drivers/io/``. -.. uml:: ../resources/diagrams/plantuml/io_arm_class_diagram.puml +.. uml:: resources/diagrams/plantuml/io_arm_class_diagram.puml Each IO driver must provide ``io_dev_*`` structures, as described in ``drivers/io/io_driver.h``. These are returned via a mandatory registration @@ -3472,12 +3626,12 @@ abstraction layer. These drivers then need to be initialized by bootloader phases as required in their respective ``blx_platform_setup()`` functions. -.. uml:: ../resources/diagrams/plantuml/io_dev_registration.puml +.. uml:: resources/diagrams/plantuml/io_dev_registration.puml The storage abstraction layer provides mechanisms (``io_dev_init()``) to initialize storage devices before IO operations are called. -.. uml:: ../resources/diagrams/plantuml/io_dev_init_and_check.puml +.. uml:: resources/diagrams/plantuml/io_dev_init_and_check.puml The basic operations supported by the layer include ``open()``, ``close()``, ``read()``, ``write()``, ``size()`` and ``seek()``. @@ -3505,7 +3659,7 @@ -------------- -*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.* .. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022c/DEN0022C_Power_State_Coordination_Interface.pdf .. _Arm Generic Interrupt Controller version 2.0 (GICv2): http://infocenter.arm.com/help/topic/com.arm.doc.ihi0048b/index.html
diff --git a/docs/process/coding-guidelines.rst b/docs/process/coding-guidelines.rst index 26c272d..13fb7cb 100644 --- a/docs/process/coding-guidelines.rst +++ b/docs/process/coding-guidelines.rst
@@ -461,9 +461,56 @@ - Low-level code where specific system-level instructions must be used, such as cache maintenance operations. +Do not use weak functions +------------------------- + +.. note:: + + The following guideline applies more strongly to common, platform-independent + code. For plaform code (under ``plat/`` directory), it is up to each platform + maintainer to decide whether this should be striclty enforced or not. + +The use of weak functions is highly discouraged in the TF-A codebase. Newly +introduced platform interfaces should be strongly defined, wherever possible. In +the rare cases where this is not possible or where weak functions appear as the +best tool to solve the problem at hand, this should be discussed with the +project's maintainers and justified in the code. + +For the purpose of providing a default implementation of a platform interface, +an alternative to weak functions is to provide a strongly-defined implementation +under the ``plat/common/`` directory. Then platforms have two options to pull +in this implementation: + + - They can include the source file through the platform's makefile. Note that + this method is suitable only if the platform wants *all* default + implementations defined in this file, else either the file should be + refactored or the next approach should be used. + + - They access the platform interface through a **constant** function pointer. + +In both cases, what matters is that platforms include the default implementation +as a conscious decision. + +.. rubric:: Rationale + +Weak functions may sound useful to simplify the initial porting effort to a +new platform, such that one can quickly get the firmware to build and link, +without implementing all platform interfaces from the beginning. For this +reason, the TF-A project used to make heavy use of weak functions and there +are still many outstanding usages of them across the code base today. We +intend to convert them to strongly-defined functions over time. + +However, weak functions also have major drawbacks, which we consider +outweighing their benefits. They can make it hard to identify which +implementation gets built into the firmware, especially when using multiple +levels of "weakness". This has resulted in bugs in the past. + +Weak functions are also forbidden by MISRA coding guidelines, which TF-A aims to +comply with. + -------------- -*Copyright (c) 2020, 2022, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2020 - 2023, Arm Limited and Contributors. All rights reserved.* .. _`Linux master tree`: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/ .. _`Procedure Call Standard for the Arm Architecture`: https://github.com/ARM-software/abi-aa/blob/main/aapcs32/aapcs32.rst
diff --git a/docs/process/coding-style.rst b/docs/process/coding-style.rst index be13b14..483780b 100644 --- a/docs/process/coding-style.rst +++ b/docs/process/coding-style.rst
@@ -386,6 +386,27 @@ #include "a_header.h" +The preferred approach for third-party headers is to include them immediately +following system header files like in the example below, where the +``version.h`` header from the Mbed TLS library immediately follows the +``stddef.h`` system header. + +.. code:: c + + /* system header files */ + #include <stddef.h> + + /* Mbed TLS header files */ + #include <mbedtls/version.h> + + /* project header files */ + #include <drivers/auth/auth_mod.h> + #include <drivers/auth/tbbr_cot_common.h> + + /* platform header files */ + #include <platform_def.h> + + Include statement variants ^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -463,7 +484,7 @@ -------------- -*Copyright (c) 2020, Arm Limited. All rights reserved.* +*Copyright (c) 2020-2023, Arm Limited. All rights reserved.* .. _`Linux kernel coding style`: https://www.kernel.org/doc/html/latest/process/coding-style.html .. _`MISRA C:2012 Guidelines`: https://www.misra.org.uk/Activities/MISRAC/tabid/160/Default.aspx
diff --git a/docs/process/platform-ports-policy.rst b/docs/process/platform-ports-policy.rst index 7983749..02eb6bd 100644 --- a/docs/process/platform-ports-policy.rst +++ b/docs/process/platform-ports-policy.rst
@@ -10,12 +10,18 @@ Platform compatibility is mainly affected by changes to Platform APIs (as documented in the :ref:`Porting Guide`), driver APIs (like the GICv3 drivers) or library interfaces (like xlat_table library). The project will try to maintain -compatibility for upstream platforms. Due to evolving requirements and -enhancements, there might be changes affecting platform compatibility which -means the previous interface needs to be deprecated and a new interface -introduced to replace it. In case the migration to the new interface is trivial, -the contributor of the change is expected to make good effort to migrate the -upstream platforms to the new interface. +compatibility for upstream platforms. + +Due to evolving requirements and enhancements, there might be changes affecting +platform compatibility, which means the previous interface needs to be deprecated +and a new interface introduced to replace it. In case the migration to the new +interface is trivial, the contributor of the change is expected to make good +effort to migrate the upstream platforms to the new interface. + +The project will generally not take into account downstream platforms. If those +are affected by a deprecation / removal decision, we encourage their maintainers +to upstream their platform code or copy the latest version of the code being +deprecated into their downstream tree. The deprecated interfaces are listed inside :ref:`Release Processes` as well as the release after which each one will be removed. When an interface is @@ -26,26 +32,25 @@ deprecated interfaces. Platforms are expected to migrate before the removal of the deprecated interface. -Platform deprecation policy ---------------------------- +Deprecation policy +------------------ -If a platform is no longer maintained, it is best to deprecate it to keep the -projects' source tree clean and healthy. Deprecation can be a 1-stage or 2-stage -process (up to the platform maintainers). +If a platform, driver or library interface is no longer maintained, it is best +to deprecate it to keep the projects' source tree clean and healthy. Deprecation +can be a 1-stage or 2-stage process (up to the maintainers). - - *2-stage*: The platform's source code can be kept in the repository for a - cooling off period before deleting it (typically 2 release cycles). In this - case, we keep track ot the *Deprecated* version separately from the *Deleted* - version. + - *2-stage*: The source code can be kept in the repository for a cooling off + period before deleting it (typically 2 release cycles). In this case, we keep + track of the *Deprecated* version separately from the *Deleted* version. - - *1-stage*: The platform's source code can be deleted straight away. In this - case, both versions are the same. + - *1-stage*: The source code can be deleted straight away. In this case, both + versions are the same. The :ref:`Platform Ports` page provides a list of all deprecated/deleted platform ports (or soon to be) to this day. -------------- -*Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.* .. _TF-A public mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
diff --git a/docs/process/security-hardening.rst b/docs/process/security-hardening.rst index 507046f..f9618db 100644 --- a/docs/process/security-hardening.rst +++ b/docs/process/security-hardening.rst
@@ -131,38 +131,9 @@ overflows. - The ``W`` build flag can be used to enable a number of compiler warning - options to detect potentially incorrect code. - - - W=0 (default value) - - The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization`` - and ``Wvla`` flags are enabled. - - The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and - ``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled. - - - W=1 - - Adds ``Wextra``, ``Wmissing-format-attribute``, ``Wmissing-prototypes``, - ``Wold-style-definition`` and ``Wunused-const-variable``. - - - W=2 - - Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``, - ``Wshadow``, ``Wlogical-op``. - - - W=3 - - Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``, - ``Wpointer-arith``, ``Wredundant-decls`` and - ``Wswitch-default``. - - Refer to the GCC or Clang documentation for more information on the individual - options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and - https://clang.llvm.org/docs/DiagnosticsReference.html. - - NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by - setting the ``E`` build flag to 0. + options to detect potentially incorrect code. TF-A is tested with ``W=0`` but + it is recommended to develop against ``W=2`` (which will eventually become the + default). .. rubric:: References
diff --git a/docs/process/security.rst b/docs/process/security.rst index e15783b..c6429ad 100644 --- a/docs/process/security.rst +++ b/docs/process/security.rst
@@ -9,10 +9,8 @@ vulnerabilities and inform users as best we can about all possible issues. We disclose TF-A vulnerabilities as Security Advisories, all of which are listed -at the bottom of this page. Any new ones will, additionally, be announced as -issues in the project's `issue tracker`_ with the ``security-advisory`` tag. You -can receive notification emails for these by watching the "Trusted Firmware-A" -project at https://developer.trustedfirmware.org/. +at the bottom of this page. Any new ones will, additionally, be announced on the +TF-A project's `mailing list`_. Found a Security Issue? ----------------------- @@ -69,6 +67,12 @@ | |TFV-8| | Not saving x0 to x3 registers can leak information from one | | | Normal World SMC client to another | +-----------+------------------------------------------------------------------+ +| |TFV-9| | Trusted Firmware-A exposure to speculative processor | +| | vulnerabilities with branch prediction target reuse | ++-----------+------------------------------------------------------------------+ +| |TFV-10| | Incorrect validation of X.509 certificate extensions can result | +| | in an out-of-bounds read | ++-----------+------------------------------------------------------------------+ .. _issue tracker: https://developer.trustedfirmware.org/project/board/1/ .. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/ @@ -81,9 +85,11 @@ .. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)` .. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)` .. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)` +.. |TFV-9| replace:: :ref:`Advisory TFV-9 (CVE-2022-23960)` +.. |TFV-10| replace:: :ref:`Advisory TFV-10 (CVE-2022-47630)` .. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/ -------------- -*Copyright (c) 2019-2022, Arm Limited. All rights reserved.* +*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
diff --git a/docs/requirements.in b/docs/requirements.in deleted file mode 100644 index 5d771e5..0000000 --- a/docs/requirements.in +++ /dev/null
@@ -1,5 +0,0 @@ -myst-parser==0.15.2 -pip-tools==6.4.0 -sphinx==4.2.0 -sphinx-rtd-theme==1.0.0 -sphinxcontrib-plantuml==0.22
diff --git a/docs/requirements.txt b/docs/requirements.txt deleted file mode 100644 index 03b1189..0000000 --- a/docs/requirements.txt +++ /dev/null
@@ -1,91 +0,0 @@ -# -# This file is autogenerated by pip-compile with python 3.8 -# To update, run: -# -# pip-compile -# -alabaster==0.7.12 - # via sphinx -attrs==21.2.0 - # via markdown-it-py -babel==2.9.1 - # via sphinx -certifi==2021.5.30 - # via requests -charset-normalizer==2.0.4 - # via requests -click==8.0.1 - # via pip-tools -docutils==0.16 - # via - # myst-parser - # sphinx - # sphinx-rtd-theme -idna==3.2 - # via requests -imagesize==1.2.0 - # via sphinx -jinja2==3.0.1 - # via - # myst-parser - # sphinx -markdown-it-py==1.1.0 - # via - # mdit-py-plugins - # myst-parser -markupsafe==2.0.1 - # via jinja2 -mdit-py-plugins==0.2.8 - # via myst-parser -myst-parser==0.15.2 - # via -r requirements.in -packaging==21.0 - # via sphinx -pep517==0.11.0 - # via pip-tools -pip-tools==6.4.0 - # via -r requirements.in -pygments==2.10.0 - # via sphinx -pyparsing==2.4.7 - # via packaging -pytz==2021.1 - # via babel -pyyaml==6.0 - # via myst-parser -requests==2.26.0 - # via sphinx -snowballstemmer==2.1.0 - # via sphinx -sphinx==4.2.0 - # via - # -r requirements.in - # myst-parser - # sphinx-rtd-theme - # sphinxcontrib-plantuml -sphinx-rtd-theme==1.0.0 - # via -r requirements.in -sphinxcontrib-applehelp==1.0.2 - # via sphinx -sphinxcontrib-devhelp==1.0.2 - # via sphinx -sphinxcontrib-htmlhelp==2.0.0 - # via sphinx -sphinxcontrib-jsmath==1.0.1 - # via sphinx -sphinxcontrib-plantuml==0.22 - # via -r requirements.in -sphinxcontrib-qthelp==1.0.3 - # via sphinx -sphinxcontrib-serializinghtml==1.1.5 - # via sphinx -tomli==1.2.1 - # via pep517 -urllib3==1.26.6 - # via requests -wheel==0.37.0 - # via pip-tools - -# The following packages are considered to be unsafe in a requirements file: -# pip -# setuptools
diff --git a/docs/resources/diagrams/plantuml/rss_attestation_flow.puml b/docs/resources/diagrams/plantuml/rss_attestation_flow.puml new file mode 100644 index 0000000..aca5c01 --- /dev/null +++ b/docs/resources/diagrams/plantuml/rss_attestation_flow.puml
@@ -0,0 +1,39 @@ +@startuml +skinparam ParticipantPadding 10 +skinparam BoxPadding 10 +box AP +participant RMM +participant BL31 +endbox +box RSS +participant DelegAttest +participant InitAttest +participant MeasuredBoot +participant Crypto +endbox + +== RMM Boot phase == + +RMM -> BL31: get_realm_key(\n\t**hash_algo**, ...) +BL31 -> DelegAttest: get_delegated_key +DelegAttest -> MeasuredBoot: read_measurement +Rnote over DelegAttest: Compute input\n\ for key derivation\n\ (hash of measurements) +DelegAttest -> Crypto: derive_key +Rnote over DelegAttest: Compute public key\n\ hash with **hash_algo**. +Rnote over Crypto: Seed is provisioned\n\ in the factory. +DelegAttest --> BL31: get_delegated_key +BL31 --> RMM: get_realm_key +Rnote over RMM: Only private key\n\ is returned. Public\n\ key and its hash\n\ must be computed.\n\ +Public key is included\n\ in the realm token.\n\ Its hash is the input\n\ for get_platform_token +RMM -> BL31: get_platform_token(\n\t**pub_key_hash**, ...) +BL31 -> DelegAttest: get_delegated_token +Rnote over DelegAttest: Check **pub_key_hash**\n\ against derived key. +DelegAttest -> InitAttest: get_initial_token +Rnote over InitAttest: Create the token including\n\ the **pub_key_hash** as the\n\ challenge claim +InitAttest -> MeasuredBoot: read_measurement +InitAttest -> Crypto: sign_token +InitAttest --> DelegAttest: get_initial_token +DelegAttest --> BL31: get_delegated_token +BL31 --> RMM: get_platform_token +Rnote over RMM: Platform token is\n\ cached. It is not\n\ changing within\n\ a power cycle. +@enduml
diff --git a/docs/resources/diagrams/plantuml/rss_measured_boot_flow.puml b/docs/resources/diagrams/plantuml/rss_measured_boot_flow.puml new file mode 100644 index 0000000..1aeb1a9 --- /dev/null +++ b/docs/resources/diagrams/plantuml/rss_measured_boot_flow.puml
@@ -0,0 +1,79 @@ +@startuml +skinparam ParticipantPadding 10 +skinparam BoxPadding 10 +box RSS +participant RSS_BL1_1 +participant RSS_BL1_2 +participant RSS_BL2 +participant RSS_S +endbox +box SCP +participant SCP_BL1 +endbox +box AP +participant AP_BL1 +participant AP_BL2 +participant AP_BL31 +endbox + +== RSS Boot phase == +-> RSS_BL1_1: Reset +Rnote over RSS_BL1_1: ROM code, XIP +Rnote over RSS_BL1_2: OTP code, XIP +Rnote over RSS_BL2, AP_BL31: Stored in flash, loaded and executed in RAM +activate RSS_BL1_1 #Green +RSS_BL1_1 -->> RSS_BL1_2: Validate, measure +Rnote over RSS_BL1_1: BL1_2 measurement\n\ saved to a shared buffer +RSS_BL1_1 -> RSS_BL1_2: Pass execution +deactivate RSS_BL1_1 +activate RSS_BL1_2 #Green +RSS_BL1_2 -->> RSS_BL2: Validate, measure, load +Rnote over RSS_BL1_2: RSS_BL2 measurement\n\ saved to a shared buffer +RSS_BL1_2 -> RSS_BL2: Pass execution +deactivate RSS_BL1_2 +activate RSS_BL2 #Green +RSS_BL2 -->> RSS_S: Validate, measure, load +RSS_BL2 -->> SCP_BL1: Validate, measure, load +Rnote over RSS_BL2: RSS_S and SCP_BL1\n\ measurements saved\n\ to a shared buffer +RSS_BL2 -> SCP_BL1: Release from reset +activate SCP_BL1 #Green +Rnote over RSS_BL2, SCP_BL1: MHU init between RSS and SCP +Rnote over SCP_BL1: Configure memory +Rnote over RSS_BL2: Waits for SCP +SCP_BL1 --> RSS_BL2: Done +RSS_BL2 -->> AP_BL1: Validate, measure, load +Rnote over RSS_BL2: AP_BL1 measurement\n\ saved to a shared buffer +RSS_BL2 -> AP_BL1: Release from reset +activate AP_BL1 #Green +RSS_BL2 -> RSS_S: Pass execution +deactivate RSS_BL2 +activate RSS_S #Green +Rnote over RSS_S: Measurements read from\n\ shared buffer and saved by\n\ +Measured Boot service to\n\ measurement slots. + +== RSS Runtime / AP Boot phase == +Rnote over RSS_S, AP_BL1: MHU init between RSS and AP +Rnote over AP_BL1: Measure and load:\n\ FW_CONFIG\n\ TB_FW_CONFIG +AP_BL1 -> RSS_S: Extend measurement +Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL1 -->> AP_BL2: Validate, measure,load +AP_BL1 -> RSS_S: Extend measurement +Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL1 -> AP_BL2: Pass execution +deactivate AP_BL1 +activate AP_BL2 #Green +Rnote over AP_BL2: Measure and load:\n\ HW_CONFIG +AP_BL2 -> RSS_S: Extend measurement +Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL2 -->> AP_BL31: Validate, measure,load +Rnote over AP_BL2: Measure and load:\n\ BL31 +AP_BL2 -> RSS_S: Extend measurement +Rnote over RSS_S: Measured Boot:\n\ store measurement +Rnote over AP_BL2: Measure and load:\n\ RMM +AP_BL2 -> RSS_S: Extend measurement +Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL2 -> AP_BL31: Pass execution +deactivate AP_BL2 +activate AP_BL31 #Green +== RSS / AP Runtime == +@enduml
diff --git a/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml b/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml new file mode 100644 index 0000000..23f5b17 --- /dev/null +++ b/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
@@ -0,0 +1,77 @@ +/' + ' Copyright (c) 2021-2022, Arm Limited. All rights reserved. + ' + ' SPDX-License-Identifier: BSD-3-Clause + '/ + +/' +TF-A Data Flow Diagram including RSS +'/ + +@startuml +digraph tfa_dfd { + + # Arrange nodes from left to right + rankdir="LR" + + # Allow arrows to end on cluster boundaries + compound=true + + # Default settings for edges and nodes + edge [minlen=2 color="#8c1b07"] + node [fillcolor="#ffb866" style=filled shape=box fixedsize=true width=1.6 height=0.7] + + # Nodes outside of the trust boundary + nsec [label="Non-secure\nClients"] + sec [label="Secure\nClients"] + dbg [label="Debug & Trace"] + logs [label="Logs\n(UART)"] + nvm [label="Non-volatile\nMemory"] + + + # Trust boundary cluster + subgraph cluster_trusted{ + graph [style=dashed color="#f22430"] + + # HW IPs cluster + subgraph cluster_ip{ + label ="Hardware IPs"; + graph [style=filled color="#000000" fillcolor="#ffd29e"] + + rank="same" + gic [label="GIC" width=1.2 height=0.5] + tzc [label="TZ\nController" width=1.2 height=0.5] + etc [label="..." shape=none style=none height=0.5] + } + + # TF-A cluster + subgraph cluster_tfa{ + label ="TF-A"; + graph [style=filled color="#000000" fillcolor="#faf9cd"] + + bl1 [label="Boot ROM\n(BL1)" fillcolor="#ddffb3"]; + bl2 [label="Trusted Boot\nFirmware\n(BL2)" fillcolor="#ddffb3" height=1] + bl31 [label="TF-A Runtime\n(BL31)" fillcolor="#ddffb3"] + } + + # RSS cluster + subgraph cluster_rss{ + label ="RSS"; + graph [style=filled color="#000000" fillcolor="#faf9cd"] + + rss [label="Runtime Security\n\ Subsystem\n\ (RSS)" fillcolor="#ddffb3"] + } + } + + # Interactions between nodes + nvm -> bl31 [lhead=cluster_tfa label="DF1"] + logs -> bl31 [dir="back" lhead=cluster_tfa label="DF2"] + dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"] + sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"] + nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"] + bl2 -> tzc [dir="both" ltail=cluster_tfa lhead=cluster_ip label="DF6" minlen=1] + bl31 -> rss [dir="both" ltail=cluster_tfa lhead=cluster_rss label="DF7" minlen=1] + +} + +@enduml
diff --git a/docs/resources/diagrams/psci-flattened-vs-hierarchical-idle-states.png b/docs/resources/diagrams/psci-flattened-vs-hierarchical-idle-states.png new file mode 100644 index 0000000..7c41f75 --- /dev/null +++ b/docs/resources/diagrams/psci-flattened-vs-hierarchical-idle-states.png Binary files differ
diff --git a/docs/resources/diagrams/psci-osi-mode.png b/docs/resources/diagrams/psci-osi-mode.png new file mode 100644 index 0000000..d322953 --- /dev/null +++ b/docs/resources/diagrams/psci-osi-mode.png Binary files differ
diff --git a/docs/resources/diagrams/psci-pc-mode-vs-osi-mode.png b/docs/resources/diagrams/psci-pc-mode-vs-osi-mode.png new file mode 100644 index 0000000..7270a3d --- /dev/null +++ b/docs/resources/diagrams/psci-pc-mode-vs-osi-mode.png Binary files differ
diff --git a/docs/resources/diagrams/rmm_el3_manifest_struct.dia b/docs/resources/diagrams/rmm_el3_manifest_struct.dia deleted file mode 100644 index 7b7a9c2..0000000 --- a/docs/resources/diagrams/rmm_el3_manifest_struct.dia +++ /dev/null Binary files differ
diff --git a/docs/resources/diagrams/rmm_el3_manifest_struct.png b/docs/resources/diagrams/rmm_el3_manifest_struct.png deleted file mode 100644 index 8b5776c..0000000 --- a/docs/resources/diagrams/rmm_el3_manifest_struct.png +++ /dev/null Binary files differ
diff --git a/docs/resources/diagrams/rss_attestation_flow.svg b/docs/resources/diagrams/rss_attestation_flow.svg new file mode 100644 index 0000000..3728c6f --- /dev/null +++ b/docs/resources/diagrams/rss_attestation_flow.svg
@@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentStyleType="text/css" height="1087px" preserveAspectRatio="none" style="width:900px;height:1087px;background:#FFFFFF;" version="1.1" viewBox="0 0 900 1087" width="900px" zoomAndPan="magnify"><defs/><g><rect fill="#DDDDDD" height="1075.1719" style="stroke:#181818;stroke-width:0.5;" width="261.5" x="44" y="6"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="20" x="164.75" y="18.0669">AP</text><rect fill="#DDDDDD" height="1075.1719" style="stroke:#181818;stroke-width:0.5;" width="502" x="364" y="6"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="28" x="601" y="18.0669">RSS</text><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="82" x2="82" y1="56.4297" y2="1046.875"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="266.5" x2="266.5" y1="56.4297" y2="1046.875"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="426" x2="426" y1="56.4297" y2="1046.875"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="553.5" x2="553.5" y1="56.4297" y2="1046.875"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="705" x2="705" y1="56.4297" y2="1046.875"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="822" x2="822" y1="56.4297" y2="1046.875"/><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="48" x="58" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="34" x="65" y="45.1279">RMM</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="48" x="58" y="1045.875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="34" x="65" y="1065.8701">RMM</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="49" x="242.5" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="35" x="249.5" y="45.1279">BL31</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="49" x="242.5" y="1045.875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="35" x="249.5" y="1065.8701">BL31</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="96" x="378" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="82" x="385" y="45.1279">DelegAttest</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="96" x="378" y="1045.875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="82" x="385" y="1065.8701">DelegAttest</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="75" x="516.5" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61" x="523.5" y="45.1279">InitAttest</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="75" x="516.5" y="1045.875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61" x="523.5" y="1065.8701">InitAttest</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="116" x="647" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="102" x="654" y="45.1279">MeasuredBoot</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="116" x="647" y="1045.875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="102" x="654" y="1065.8701">MeasuredBoot</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="59" x="793" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="45" x="800" y="45.1279">Crypto</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="59" x="793" y="1045.875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="45" x="800" y="1065.8701">Crypto</text><rect fill="#EEEEEE" height="3" style="stroke:#EEEEEE;stroke-width:1.0;" width="893" x="0" y="86.9961"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="893" y1="86.9961" y2="86.9961"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="893" y1="89.9961" y2="89.9961"/><rect fill="#EEEEEE" height="23.1328" style="stroke:#000000;stroke-width:2.0;" width="144" x="374.5" y="76.4297"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="125" x="380.5" y="92.4966">RMM Boot phase</text><polygon fill="#181818" points="255,141.8281,265,145.8281,255,149.8281,259,145.8281" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="82" x2="261" y1="145.8281" y2="145.8281"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="99" x="89" y="125.6294">get_realm_key(</text><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="74" x="121" y="140.7622">hash_algo</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="25" x="195" y="140.7622">, ...)</text><polygon fill="#181818" points="414,170.9609,424,174.9609,414,178.9609,418,174.9609" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="267" x2="420" y1="174.9609" y2="174.9609"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="121" x="274" y="169.895">get_delegated_key</text><polygon fill="#181818" points="693,200.0938,703,204.0938,693,208.0938,697,204.0938" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="426" x2="699" y1="204.0938" y2="204.0938"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="127" x="433" y="199.0278">read_measurement</text><rect fill="#FEFFDD" height="53" style="stroke:#181818;stroke-width:0.5;" width="167" x="342" y="217.0938"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="95" x="346" y="233.1606">Compute input</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="110" x="346" y="248.2935">for key derivation</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="159" x="346" y="263.4263">(hash of measurements)</text><polygon fill="#181818" points="810.5,292.625,820.5,296.625,810.5,300.625,814.5,296.625" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="426" x2="816.5" y1="296.625" y2="296.625"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="68" x="433" y="291.5591">derive_key</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="150" x="351" y="309.625"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="126" x="355" y="325.6919">Compute public key</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="60" x="355" y="340.8247">hash with</text><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="74" x="419" y="340.8247">hash_algo</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="4" x="493" y="340.8247">.</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="132" x="756" y="357.8906"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="124" x="760" y="373.9575">Seed is provisioned</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="88" x="760" y="389.0903">in the factory.</text><polygon fill="#181818" points="278,418.2891,268,422.2891,278,426.2891,274,422.2891" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="272" x2="425" y1="422.2891" y2="422.2891"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="121" x="284" y="417.2231">get_delegated_key</text><polygon fill="#181818" points="93,447.4219,83,451.4219,93,455.4219,89,451.4219" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="87" x2="266" y1="451.4219" y2="451.4219"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="94" x="99" y="446.356">get_realm_key</text><rect fill="#FEFFDD" height="129" style="stroke:#181818;stroke-width:0.5;" width="154" x="5" y="464.4219"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="102" x="9" y="480.4888">Only private key</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="114" x="9" y="495.6216">is returned. Public</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="104" x="9" y="510.7544">key and its hash</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="126" x="9" y="525.8872">must be computed.</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="134" x="9" y="541.02">Public key is included</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="121" x="9" y="556.1528">in the realm token.</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="125" x="9" y="571.2856">Its hash is the input</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="146" x="9" y="586.4185">for get_platform_token</text><polygon fill="#181818" points="255,630.75,265,634.75,255,638.75,259,634.75" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="82" x2="261" y1="634.75" y2="634.75"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="130" x="89" y="614.5513">get_platform_token(</text><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="104" x="121" y="629.6841">pub_key_hash</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="25" x="225" y="629.6841">, ...)</text><polygon fill="#181818" points="414,659.8828,424,663.8828,414,667.8828,418,663.8828" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="267" x2="420" y1="663.8828" y2="663.8828"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="135" x="274" y="658.8169">get_delegated_token</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="155" x="348" y="676.8828"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="39" x="352" y="692.9497">Check</text><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="104" x="395" y="692.9497">pub_key_hash</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="128" x="352" y="708.0825">against derived key.</text><polygon fill="#181818" points="542,737.2813,552,741.2813,542,745.2813,546,741.2813" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="426" x2="548" y1="741.2813" y2="741.2813"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="104" x="433" y="736.2153">get_initial_token</text><rect fill="#FEFFDD" height="53" style="stroke:#181818;stroke-width:0.5;" width="181" x="463" y="754.2813"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="168" x="467" y="770.3481">Create the token including</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="21" x="467" y="785.481">the</text><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="104" x="492" y="785.481">pub_key_hash</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="40" x="600" y="785.481">as the</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="99" x="467" y="800.6138">challenge claim</text><polygon fill="#181818" points="693,829.8125,703,833.8125,693,837.8125,697,833.8125" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="554" x2="699" y1="833.8125" y2="833.8125"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="127" x="561" y="828.7466">read_measurement</text><polygon fill="#181818" points="810.5,858.9453,820.5,862.9453,810.5,866.9453,814.5,862.9453" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="554" x2="816.5" y1="862.9453" y2="862.9453"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="69" x="561" y="857.8794">sign_token</text><polygon fill="#181818" points="437,888.0781,427,892.0781,437,896.0781,433,892.0781" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="431" x2="553" y1="892.0781" y2="892.0781"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="104" x="443" y="887.0122">get_initial_token</text><polygon fill="#181818" points="278,917.2109,268,921.2109,278,925.2109,274,921.2109" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="272" x2="425" y1="921.2109" y2="921.2109"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="135" x="284" y="916.145">get_delegated_token</text><polygon fill="#181818" points="93,946.3438,83,950.3438,93,954.3438,89,950.3438" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="87" x2="266" y1="950.3438" y2="950.3438"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="125" x="99" y="945.2778">get_platform_token</text><rect fill="#FEFFDD" height="68" style="stroke:#181818;stroke-width:0.5;" width="116" x="24" y="963.3438"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="108" x="28" y="979.4106">Platform token is</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="101" x="28" y="994.5435">cached. It is not</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="98" x="28" y="1009.6763">changing within</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="90" x="28" y="1024.8091">a power cycle.</text><!--MD5=[84fabec568a656165bea957fac178b53] +@startuml +skinparam ParticipantPadding 10 +skinparam BoxPadding 10 +box AP +participant RMM +participant BL31 +endbox +box RSS +participant DelegAttest +participant InitAttest +participant MeasuredBoot +participant Crypto +endbox + +== RMM Boot phase == + +RMM -> BL31: get_realm_key(\n\t**hash_algo**, ...) +BL31 -> DelegAttest: get_delegated_key +DelegAttest -> MeasuredBoot: read_measurement +Rnote over DelegAttest: Compute input\n\ for key derivation\n\ (hash of measurements) +DelegAttest -> Crypto: derive_key +Rnote over DelegAttest: Compute public key\n\ hash with **hash_algo**. +Rnote over Crypto: Seed is provisioned\n\ in the factory. +DelegAttest - -> BL31: get_delegated_key +BL31 - -> RMM: get_realm_key +Rnote over RMM: Only private key\n\ is returned. Public\n\ key and its hash\n\ must be computed.\nPublic key is included\n\ in the realm token.\n\ Its hash is the input\n\ for get_platform_token +RMM -> BL31: get_platform_token(\n\t**pub_key_hash**, ...) +BL31 -> DelegAttest: get_delegated_token +Rnote over DelegAttest: Check **pub_key_hash**\n\ against derived key. +DelegAttest -> InitAttest: get_initial_token +Rnote over InitAttest: Create the token including\n\ the **pub_key_hash** as the\n\ challenge claim +InitAttest -> MeasuredBoot: read_measurement +InitAttest -> Crypto: sign_token +InitAttest - -> DelegAttest: get_initial_token +DelegAttest - -> BL31: get_delegated_token +BL31 - -> RMM: get_platform_token +Rnote over RMM: Platform token is\n\ cached. It is not\n\ changing within\n\ a power cycle. +@enduml + +PlantUML version 1.2022.7(Mon Aug 22 19:01:30 CEST 2022) +(GPL source distribution) +Java Runtime: OpenJDK Runtime Environment +JVM: OpenJDK 64-Bit Server VM +Default Encoding: UTF-8 +Language: hu +Country: HU +--></g></svg> \ No newline at end of file
diff --git a/docs/resources/diagrams/rss_measured_boot_flow.svg b/docs/resources/diagrams/rss_measured_boot_flow.svg new file mode 100644 index 0000000..f5bf311 --- /dev/null +++ b/docs/resources/diagrams/rss_measured_boot_flow.svg
@@ -0,0 +1,88 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentStyleType="text/css" height="1826px" preserveAspectRatio="none" style="width:1254px;height:1826px;background:#FFFFFF;" version="1.1" viewBox="0 0 1254 1826" width="1254px" zoomAndPan="magnify"><defs/><g><rect fill="#DDDDDD" height="1814.0938" style="stroke:#181818;stroke-width:0.5;" width="610.5" x="27" y="6"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="28" x="318.25" y="18.0669">RSS</text><rect fill="#DDDDDD" height="1814.0938" style="stroke:#181818;stroke-width:0.5;" width="103" x="659.5" y="6"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="29" x="696.5" y="18.0669">SCP</text><rect fill="#DDDDDD" height="1814.0938" style="stroke:#181818;stroke-width:0.5;" width="451.5" x="784.5" y="6"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="20" x="1000.25" y="18.0669">AP</text><rect fill="#008000" height="205.9297" style="stroke:#181818;stroke-width:1.0;" width="10" x="81.5" y="130.6953"/><rect fill="#008000" height="106.5313" style="stroke:#181818;stroke-width:1.0;" width="10" x="227.5" y="336.625"/><rect fill="#008000" height="414.9922" style="stroke:#181818;stroke-width:1.0;" width="10" x="408.5" y="443.1563"/><rect fill="#008000" height="918.6484" style="stroke:#181818;stroke-width:1.0;" width="10" x="589.5" y="858.1484"/><rect fill="#008000" height="1182.8438" style="stroke:#181818;stroke-width:1.0;" width="10" x="706" y="593.9531"/><rect fill="#008000" height="460.3906" style="stroke:#181818;stroke-width:1.0;" width="10" x="826" y="829.0156"/><rect fill="#008000" height="435.2578" style="stroke:#181818;stroke-width:1.0;" width="10" x="1003" y="1289.4063"/><rect fill="#008000" height="52.1328" style="stroke:#181818;stroke-width:1.0;" width="10" x="1180" y="1724.6641"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="86" x2="86" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="232" x2="232" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="413" x2="413" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="594.5" x2="594.5" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="710.5" x2="710.5" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="830.5" x2="830.5" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="1007.5" x2="1007.5" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="1185" x2="1185" y1="56.4297" y2="1785.7969"/><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="91" x="41" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="77" x="48" y="45.1279">RSS_BL1_1</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="91" x="41" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="77" x="48" y="1804.792">RSS_BL1_1</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="91" x="187" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="77" x="194" y="45.1279">RSS_BL1_2</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="91" x="187" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="77" x="194" y="1804.792">RSS_BL1_2</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="75" x="376" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61" x="383" y="45.1279">RSS_BL2</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="75" x="376" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61" x="383" y="1804.792">RSS_BL2</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="58" x="565.5" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="44" x="572.5" y="45.1279">RSS_S</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="58" x="565.5" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="44" x="572.5" y="1804.792">RSS_S</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="75" x="673.5" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61" x="680.5" y="45.1279">SCP_BL1</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="75" x="673.5" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61" x="680.5" y="1804.792">SCP_BL1</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="65" x="798.5" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="51" x="805.5" y="45.1279">AP_BL1</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="65" x="798.5" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="51" x="805.5" y="1804.792">AP_BL1</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="65" x="975.5" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="51" x="982.5" y="45.1279">AP_BL2</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="65" x="975.5" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="51" x="982.5" y="1804.792">AP_BL2</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="74" x="1148" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="60" x="1155" y="45.1279">AP_BL31</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="74" x="1148" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="60" x="1155" y="1804.792">AP_BL31</text><rect fill="#008000" height="205.9297" style="stroke:#181818;stroke-width:1.0;" width="10" x="81.5" y="130.6953"/><rect fill="#008000" height="106.5313" style="stroke:#181818;stroke-width:1.0;" width="10" x="227.5" y="336.625"/><rect fill="#008000" height="414.9922" style="stroke:#181818;stroke-width:1.0;" width="10" x="408.5" y="443.1563"/><rect fill="#008000" height="918.6484" style="stroke:#181818;stroke-width:1.0;" width="10" x="589.5" y="858.1484"/><rect fill="#008000" height="1182.8438" style="stroke:#181818;stroke-width:1.0;" width="10" x="706" y="593.9531"/><rect fill="#008000" height="460.3906" style="stroke:#181818;stroke-width:1.0;" width="10" x="826" y="829.0156"/><rect fill="#008000" height="435.2578" style="stroke:#181818;stroke-width:1.0;" width="10" x="1003" y="1289.4063"/><rect fill="#008000" height="52.1328" style="stroke:#181818;stroke-width:1.0;" width="10" x="1180" y="1724.6641"/><rect fill="#EEEEEE" height="3" style="stroke:#EEEEEE;stroke-width:1.0;" width="1247" x="0" y="86.9961"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="1247" y1="86.9961" y2="86.9961"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="1247" y1="89.9961" y2="89.9961"/><rect fill="#EEEEEE" height="23.1328" style="stroke:#000000;stroke-width:2.0;" width="136" x="555.5" y="76.4297"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="117" x="561.5" y="92.4966">RSS Boot phase</text><polygon fill="#181818" points="69.5,126.6953,79.5,130.6953,69.5,134.6953,73.5,130.6953" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="0" x2="75.5" y1="130.6953" y2="130.6953"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="36" x="7" y="125.6294">Reset</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="99" x="37" y="143.6953"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="91" x="41" y="159.7622">ROM code, XIP</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="95" x="185" y="176.8281"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="87" x="189" y="192.895">OTP code, XIP</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="861" x="368" y="209.9609"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="281" x="658" y="226.0278">Stored in flash, loaded and executed in RAM</text><line style="stroke:#181818;stroke-width:1.0;" x1="230.5" x2="220.5" y1="259.2266" y2="255.2266"/><line style="stroke:#181818;stroke-width:1.0;" x1="230.5" x2="220.5" y1="259.2266" y2="263.2266"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="91.5" x2="231.5" y1="259.2266" y2="259.2266"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="117" x="98.5" y="254.1606">Validate, measure</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="164" x="5" y="272.2266"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="134" x="9" y="288.2935">BL1_2 measurement</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="156" x="9" y="303.4263">saved to a shared buffer</text><polygon fill="#181818" points="215.5,332.625,225.5,336.625,215.5,340.625,219.5,336.625" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="86.5" x2="221.5" y1="336.625" y2="336.625"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="96" x="93.5" y="331.5591">Pass execution</text><line style="stroke:#181818;stroke-width:1.0;" x1="411.5" x2="401.5" y1="365.7578" y2="361.7578"/><line style="stroke:#181818;stroke-width:1.0;" x1="411.5" x2="401.5" y1="365.7578" y2="369.7578"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="237.5" x2="412.5" y1="365.7578" y2="365.7578"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="152" x="244.5" y="360.6919">Validate, measure, load</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="164" x="150" y="378.7578"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="152" x="154" y="394.8247">RSS_BL2 measurement</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="156" x="154" y="409.9575">saved to a shared buffer</text><polygon fill="#181818" points="396.5,439.1563,406.5,443.1563,396.5,447.1563,400.5,443.1563" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="232.5" x2="402.5" y1="443.1563" y2="443.1563"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="96" x="239.5" y="438.0903">Pass execution</text><line style="stroke:#181818;stroke-width:1.0;" x1="592.5" x2="582.5" y1="472.2891" y2="468.2891"/><line style="stroke:#181818;stroke-width:1.0;" x1="592.5" x2="582.5" y1="472.2891" y2="476.2891"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="418.5" x2="593.5" y1="472.2891" y2="472.2891"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="152" x="425.5" y="467.2231">Validate, measure, load</text><line style="stroke:#181818;stroke-width:1.0;" x1="709" x2="699" y1="501.4219" y2="497.4219"/><line style="stroke:#181818;stroke-width:1.0;" x1="709" x2="699" y1="501.4219" y2="505.4219"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="418.5" x2="710" y1="501.4219" y2="501.4219"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="152" x="425.5" y="496.356">Validate, measure, load</text><rect fill="#FEFFDD" height="53" style="stroke:#181818;stroke-width:0.5;" width="148" x="339" y="514.4219"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="131" x="343" y="530.4888">RSS_S and SCP_BL1</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="140" x="343" y="545.6216">measurements saved</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="114" x="343" y="560.7544">to a shared buffer</text><polygon fill="#181818" points="694,589.9531,704,593.9531,694,597.9531,698,593.9531" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="418.5" x2="700" y1="593.9531" y2="593.9531"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="121" x="425.5" y="588.8872">Release from reset</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="387" x="368" y="606.9531"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="200" x="461.75" y="623.02">MHU init between RSS and SCP</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="127" x="647" y="640.0859"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="119" x="651" y="656.1528">Configure memory</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="93" x="367" y="673.2188"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="85" x="371" y="689.2856">Waits for SCP</text><polygon fill="#181818" points="429.5,718.4844,419.5,722.4844,429.5,726.4844,425.5,722.4844" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="423.5" x2="705" y1="722.4844" y2="722.4844"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="34" x="435.5" y="717.4185">Done</text><line style="stroke:#181818;stroke-width:1.0;" x1="829" x2="819" y1="751.6172" y2="747.6172"/><line style="stroke:#181818;stroke-width:1.0;" x1="829" x2="819" y1="751.6172" y2="755.6172"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="418.5" x2="830" y1="751.6172" y2="751.6172"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="152" x="425.5" y="746.5513">Validate, measure, load</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="164" x="331" y="764.6172"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="143" x="335" y="780.6841">AP_BL1 measurement</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="156" x="335" y="795.8169">saved to a shared buffer</text><polygon fill="#181818" points="814,825.0156,824,829.0156,814,833.0156,818,829.0156" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="418.5" x2="820" y1="829.0156" y2="829.0156"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="121" x="425.5" y="823.9497">Release from reset</text><polygon fill="#181818" points="577.5,854.1484,587.5,858.1484,577.5,862.1484,581.5,858.1484" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="413.5" x2="583.5" y1="858.1484" y2="858.1484"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="96" x="420.5" y="853.0825">Pass execution</text><rect fill="#FEFFDD" height="68" style="stroke:#181818;stroke-width:0.5;" width="182" x="503" y="871.1484"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="163" x="507" y="887.2153">Measurements read from</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="174" x="507" y="902.3481">shared buffer and saved by</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="163" x="507" y="917.481">Measured Boot service to</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="129" x="507" y="932.6138">measurement slots.</text><rect fill="#EEEEEE" height="3" style="stroke:#EEEEEE;stroke-width:1.0;" width="1247" x="0" y="965.2461"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="1247" y1="965.2461" y2="965.2461"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="1247" y1="968.2461" y2="968.2461"/><rect fill="#EEEEEE" height="23.1328" style="stroke:#000000;stroke-width:2.0;" width="237" x="505" y="954.6797"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="218" x="511" y="970.7466">RSS Runtime / AP Boot phase</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="313" x="556" y="992.8125"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="191" x="617" y="1008.8794">MHU init between RSS and AP</text><rect fill="#FEFFDD" height="53" style="stroke:#181818;stroke-width:0.5;" width="126" x="768" y="1025.9453"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="118" x="772" y="1042.0122">Measure and load:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="74" x="772" y="1057.145">FW_CONFIG</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="97" x="772" y="1072.2778">TB_FW_CONFIG</text><polygon fill="#181818" points="610.5,1101.4766,600.5,1105.4766,610.5,1109.4766,606.5,1105.4766" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="604.5" x2="825" y1="1105.4766" y2="1105.4766"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="139" x="616.5" y="1100.4106">Extend measurement</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="136" x="526" y="1118.4766"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="101" x="530" y="1134.5435">Measured Boot:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="128" x="530" y="1149.6763">store measurement</text><line style="stroke:#181818;stroke-width:1.0;" x1="1006" x2="996" y1="1182.875" y2="1178.875"/><line style="stroke:#181818;stroke-width:1.0;" x1="1006" x2="996" y1="1182.875" y2="1186.875"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="836" x2="1007" y1="1182.875" y2="1182.875"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="148" x="843" y="1177.8091">Validate, measure,load</text><polygon fill="#181818" points="610.5,1208.0078,600.5,1212.0078,610.5,1216.0078,606.5,1212.0078" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="604.5" x2="825" y1="1212.0078" y2="1212.0078"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="139" x="616.5" y="1206.9419">Extend measurement</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="136" x="526" y="1225.0078"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="101" x="530" y="1241.0747">Measured Boot:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="128" x="530" y="1256.2075">store measurement</text><polygon fill="#181818" points="991,1285.4063,1001,1289.4063,991,1293.4063,995,1289.4063" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="831" x2="997" y1="1289.4063" y2="1289.4063"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="96" x="838" y="1284.3403">Pass execution</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="126" x="945" y="1302.4063"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="118" x="949" y="1318.4731">Measure and load:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="77" x="949" y="1333.606">HW_CONFIG</text><polygon fill="#181818" points="610.5,1362.8047,600.5,1366.8047,610.5,1370.8047,606.5,1366.8047" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="604.5" x2="1002" y1="1366.8047" y2="1366.8047"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="139" x="616.5" y="1361.7388">Extend measurement</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="136" x="526" y="1379.8047"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="101" x="530" y="1395.8716">Measured Boot:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="128" x="530" y="1411.0044">store measurement</text><line style="stroke:#181818;stroke-width:1.0;" x1="1183" x2="1173" y1="1444.2031" y2="1440.2031"/><line style="stroke:#181818;stroke-width:1.0;" x1="1183" x2="1173" y1="1444.2031" y2="1448.2031"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="1013" x2="1184" y1="1444.2031" y2="1444.2031"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="148" x="1020" y="1439.1372">Validate, measure,load</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="126" x="945" y="1457.2031"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="118" x="949" y="1473.27">Measure and load:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="32" x="949" y="1488.4028">BL31</text><polygon fill="#181818" points="610.5,1517.6016,600.5,1521.6016,610.5,1525.6016,606.5,1521.6016" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="604.5" x2="1002" y1="1521.6016" y2="1521.6016"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="139" x="616.5" y="1516.5356">Extend measurement</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="136" x="526" y="1534.6016"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="101" x="530" y="1550.6685">Measured Boot:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="128" x="530" y="1565.8013">store measurement</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="126" x="945" y="1582.8672"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="118" x="949" y="1598.9341">Measure and load:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="30" x="949" y="1614.0669">RMM</text><polygon fill="#181818" points="610.5,1643.2656,600.5,1647.2656,610.5,1651.2656,606.5,1647.2656" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="604.5" x2="1002" y1="1647.2656" y2="1647.2656"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="139" x="616.5" y="1642.1997">Extend measurement</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="136" x="526" y="1660.2656"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="101" x="530" y="1676.3325">Measured Boot:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="128" x="530" y="1691.4653">store measurement</text><polygon fill="#181818" points="1168,1720.6641,1178,1724.6641,1168,1728.6641,1172,1724.6641" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="1008" x2="1174" y1="1724.6641" y2="1724.6641"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="96" x="1015" y="1719.5981">Pass execution</text><rect fill="#EEEEEE" height="3" style="stroke:#EEEEEE;stroke-width:1.0;" width="1247" x="0" y="1753.2305"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="1247" y1="1753.2305" y2="1753.2305"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="1247" y1="1756.2305" y2="1756.2305"/><rect fill="#EEEEEE" height="23.1328" style="stroke:#000000;stroke-width:2.0;" width="148" x="549.5" y="1742.6641"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="129" x="555.5" y="1758.731">RSS / AP Runtime</text><!--MD5=[e3f0ee259d2a4aa9c2a97ff856de0312] +@startuml +skinparam ParticipantPadding 10 +skinparam BoxPadding 10 +box RSS +participant RSS_BL1_1 +participant RSS_BL1_2 +participant RSS_BL2 +participant RSS_S +endbox +box SCP +participant SCP_BL1 +endbox +box AP +participant AP_BL1 +participant AP_BL2 +participant AP_BL31 +endbox + +== RSS Boot phase == +-> RSS_BL1_1: Reset +Rnote over RSS_BL1_1: ROM code, XIP +Rnote over RSS_BL1_2: OTP code, XIP +Rnote over RSS_BL2, AP_BL31: Stored in flash, loaded and executed in RAM +activate RSS_BL1_1 #Green +RSS_BL1_1 - ->> RSS_BL1_2: Validate, measure +Rnote over RSS_BL1_1: BL1_2 measurement\n\ saved to a shared buffer +RSS_BL1_1 -> RSS_BL1_2: Pass execution +deactivate RSS_BL1_1 +activate RSS_BL1_2 #Green +RSS_BL1_2 - ->> RSS_BL2: Validate, measure, load +Rnote over RSS_BL1_2: RSS_BL2 measurement\n\ saved to a shared buffer +RSS_BL1_2 -> RSS_BL2: Pass execution +deactivate RSS_BL1_2 +activate RSS_BL2 #Green +RSS_BL2 - ->> RSS_S: Validate, measure, load +RSS_BL2 - ->> SCP_BL1: Validate, measure, load +Rnote over RSS_BL2: RSS_S and SCP_BL1\n\ measurements saved\n\ to a shared buffer +RSS_BL2 -> SCP_BL1: Release from reset +activate SCP_BL1 #Green +Rnote over RSS_BL2, SCP_BL1: MHU init between RSS and SCP +Rnote over SCP_BL1: Configure memory +Rnote over RSS_BL2: Waits for SCP +SCP_BL1 - -> RSS_BL2: Done +RSS_BL2 - ->> AP_BL1: Validate, measure, load +Rnote over RSS_BL2: AP_BL1 measurement\n\ saved to a shared buffer +RSS_BL2 -> AP_BL1: Release from reset +activate AP_BL1 #Green +RSS_BL2 -> RSS_S: Pass execution +deactivate RSS_BL2 +activate RSS_S #Green +Rnote over RSS_S: Measurements read from\n\ shared buffer and saved by\nMeasured Boot service to\n\ measurement slots. + +== RSS Runtime / AP Boot phase == +Rnote over RSS_S, AP_BL1: MHU init between RSS and AP +Rnote over AP_BL1: Measure and load:\n\ FW_CONFIG\n\ TB_FW_CONFIG +AP_BL1 -> RSS_S: Extend measurement +Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL1 - ->> AP_BL2: Validate, measure,load +AP_BL1 -> RSS_S: Extend measurement +Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL1 -> AP_BL2: Pass execution +deactivate AP_BL1 +activate AP_BL2 #Green +Rnote over AP_BL2: Measure and load:\n\ HW_CONFIG +AP_BL2 -> RSS_S: Extend measurement +Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL2 - ->> AP_BL31: Validate, measure,load +Rnote over AP_BL2: Measure and load:\n\ BL31 +AP_BL2 -> RSS_S: Extend measurement +Rnote over RSS_S: Measured Boot:\n\ store measurement +Rnote over AP_BL2: Measure and load:\n\ RMM +AP_BL2 -> RSS_S: Extend measurement +Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL2 -> AP_BL31: Pass execution +deactivate AP_BL2 +activate AP_BL31 #Green +== RSS / AP Runtime == +@enduml + +PlantUML version 1.2022.7(Mon Aug 22 19:01:30 CEST 2022) +(GPL source distribution) +Java Runtime: OpenJDK Runtime Environment +JVM: OpenJDK 64-Bit Server VM +Default Encoding: UTF-8 +Language: hu +Country: HU +--></g></svg> \ No newline at end of file
diff --git a/docs/security_advisories/index.rst b/docs/security_advisories/index.rst index b80ba34..c9b0f78 100644 --- a/docs/security_advisories/index.rst +++ b/docs/security_advisories/index.rst
@@ -14,3 +14,4 @@ security-advisory-tfv-7.rst security-advisory-tfv-8.rst security-advisory-tfv-9.rst + security-advisory-tfv-10.rst
diff --git a/docs/security_advisories/security-advisory-tfv-10.rst b/docs/security_advisories/security-advisory-tfv-10.rst new file mode 100644 index 0000000..91dba07 --- /dev/null +++ b/docs/security_advisories/security-advisory-tfv-10.rst
@@ -0,0 +1,159 @@ +Advisory TFV-10 (CVE-2022-47630) +================================ + ++----------------+-------------------------------------------------------------+ +| Title | Incorrect validation of X.509 certificate extensions can | +| | result in an out-of-bounds read. | ++================+=============================================================+ +| CVE ID | `CVE-2022-47630`_ | ++----------------+-------------------------------------------------------------+ +| Date | Reported on 12 Dec 2022 | ++----------------+-------------------------------------------------------------+ +| Versions | v1.2 to v2.8 | +| Affected | | ++----------------+-------------------------------------------------------------+ +| Configurations | BL1 and BL2 with Trusted Boot enabled with custom, | +| Affected | downstream usages of ``get_ext()`` and/or ``auth_nvctr()`` | +| | interfaces. Not exploitable in upstream TF-A code. | ++----------------+-------------------------------------------------------------+ +| Impact | Out-of-bounds read. | ++----------------+-------------------------------------------------------------+ +| Fix Version | - `fd37982a19a4a291`_ "fix(auth): forbid junk after | +| | extensions" | +| | | +| | - `72460f50e2437a85`_ "fix(auth): require at least one | +| | extension to be present" | +| | | +| | - `f5c51855d36e399e`_ "fix(auth): properly validate X.509 | +| | extensions" | +| | | +| | - `abb8f936fd0ad085`_ "fix(auth): avoid out-of-bounds read | +| | in auth_nvctr()" | +| | | +| | Note that `72460f50e2437a85`_ is not fixing any | +| | vulnerability per se but it is required for | +| | `f5c51855d36e399e`_ to apply cleanly. | ++----------------+-------------------------------------------------------------+ +| Credit | Demi Marie Obenour, Invisible Things Lab | ++----------------+-------------------------------------------------------------+ + +This security advisory describes a vulnerability in the X.509 parser used to +parse boot certificates in TF-A trusted boot: it is possible for a crafted +certificate to cause an out-of-bounds memory read. + +Note that upstream platforms are **not** affected by this. Only downstream +platforms may be, if (and only if) the interfaces described below are used in a +different context than seen in upstream code. Details of such context is +described in the rest of this document. + +To fully understand this security advisory, it is recommended to refer to the +following standards documents: + + - `RFC 5280`_, *Internet X.509 Public Key Infrastructure Certificate and + Certificate Revocation List (CRL) Profile*. + + - `ITU-T X.690`_, *ASN.1 encoding rules: Specification of Basic Encoding Rules + (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules + (DER).* + +Bug 1: Insufficient certificate validation +------------------------------------------ + +The vulnerability lies in the following source file: +``drivers/auth/mbedtls/mbedtls_x509_parser.c``. By design, ``get_ext()`` does +not check the return value of the various ``mbedtls_*()`` functions, as +``cert_parse()`` is assumed to have guaranteed that they will always succeed. +However, it passes the end of an extension as the end pointer to these +functions, whereas ``cert_parse()`` passes the end of the ``TBSCertificate``. +Furthermore, ``cert_parse()`` does not check that the contents of the extension +have the same length as the extension itself. It also does not check that the +extension block extends to the end of the ``TBSCertificate``. + +This is a problem, as ``mbedtls_asn1_get_tag()`` leaves ``*p`` and ``*len`` +undefined on failure. In practice, this results in ``get_ext()`` continuing to +parse at different offsets than were used (and validated) by ``cert_parse()``, +which means that the in-bounds guarantee provided by ``cert_parse()`` no longer +holds. The result is that it is possible for ``get_ext()`` to read memory past +the end of the certificate. This could potentially access memory with dangerous +read side effects, or leak microarchitectural state that could theoretically be +retrieved through some side-channel attacks as part of a more complex attack. + +Bug 2: Missing bounds check in ``auth_nvctr()`` +----------------------------------------------- +``auth_nvctr()`` does not check that the buffer provided is +long enough to hold an ``ASN.1 INTEGER``. Since ``auth_nvctr()`` will only ever +read 6 bytes, it is possible to read up to 6 bytes past the end of the buffer. + +Exploitability Analysis +----------------------- + +Upstream TF-A Code +~~~~~~~~~~~~~~~~~~ + +In upstream TF-A code, the only caller of ``auth_nvctr()`` takes its input from +``get_ext()``, which means that the second bug is exploitable, so is the first. +Therefore, only the first bug need be considered. + +All standard chains of trust provided in TF-A source tree (that is, under +``drivers/auth/``) require that the certificate's signature has already been +validated prior to calling ``get_ext()``, or any function that calls ``get_ext()``. +Platforms taking their chain of trust from a dynamic configuration file (such as +``fdts/cot_descriptors.dtsi``) are also safe, as signature verification will +always be done prior to any calls to ``get_ext()`` or ``auth_nvctr()`` in this +case, no matter the order of the properties in the file. Therefore, it is not +possible to exploit this vulnerability pre-authentication in upstream TF-A. + +Furthermore, the data read through ``get_ext()`` only +ever gets used by the authentication framework (``drivers/auth/auth_mod.c``), +which greatly reduces the range of inputs it will ever receive and thus the +impact this has. Specifically, the authentication framework uses ``get_ext()`` +in three cases: + + 1. Retrieving a hash from an X.509 certificate to check the integrity of a + child certificate (see ``auth_hash()``). + + 2. Retrieving the signature details from an X.509 certificate to check its + authenticity and integrity (see ``auth_signature()``). + + 3. Retrieving the security counter value from an X.509 certificate to protect + it from unauthorized rollback to a previous version (see ``auth_nvctr()``). + +None of these uses authentication framework write to the out-of-bounds memory, +so no memory corruption is possible. + +In summary, there are 2 separate issues - one in ``get_ext()`` and another one +in ``auth_nvctr()`` - but neither of these can be exploited in the context of +TF-A upstream code. + +Only in the following 2 cases do we expect this vulnerability to be triggerable +prior to authentication: + + - The platform uses a custom chain of trust which uses the non-volatile counter + authentication method (``AUTH_METHOD_NV_CTR``) before the cryptographic + authentication method (``AUTH_METHOD_SIG``). + + - The chain of trust uses a custom authentication method that calls + ``get_ext()`` before cryptographic authentication. + +Custom Image Parsers +~~~~~~~~~~~~~~~~~~~~ + +If the platform uses a custom image parser instead of the certificate parser, +the bug in the certificate parser is obviously not relevant. The bug in +``auth_nvctr()`` *may* be relevant, but only if the returned data is: + +- Taken from an untrusted source (meaning that it is read prior to + authentication). + +- Not already checked to be a primitively-encoded ASN.1 tag. + +In particular, if the custom image parser implementation wraps a 32-bit integer +in an ASN.1 ``INTEGER``, it is not affected. + +.. _CVE-2022-47630: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47630 +.. _fd37982a19a4a291: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=fd37982a19a4a291 +.. _72460f50e2437a85: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=72460f50e2437a85 +.. _f5c51855d36e399e: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=f5c51855d36e399e +.. _abb8f936fd0ad085: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=abb8f936fd0ad085 +.. _RFC 5280: https://www.ietf.org/rfc/rfc5280.txt +.. _ITU-T X.690: https://www.itu.int/ITU-T/studygroups/com10/languages/X.690_1297.pdf
diff --git a/docs/threat_model/index.rst b/docs/threat_model/index.rst index ad8b82a..b22fb18 100644 --- a/docs/threat_model/index.rst +++ b/docs/threat_model/index.rst
@@ -4,9 +4,27 @@ Threat modeling is an important part of Secure Development Lifecycle (SDL) that helps us identify potential threats and mitigations affecting a system. -In the next sections, we first give a description of the target of evaluation -using a data flow diagram. Then we provide a list of threats we have identified -based on the data flow diagram and potential threat mitigations. +As the TF-A codebase is highly configurable to allow tailoring it best for each +platform's needs, providing a holistic threat model covering all of its features +is not necessarily the best approach. Instead, we provide a collection of +documents which, together, form the project's threat model. These are +articulated around a core document, called the :ref:`Generic Threat Model`, +which focuses on the most common configuration we expect to see. The other +documents typically focus on specific features not covered in the core document. + +As the TF-A codebase evolves and new features get added, these threat model +documents will be updated and extended in parallel to reflect at best the +current status of the code from a security standpoint. + + .. note:: + + Although our aim is eventually to provide threat model material for all + features within the project, we have not reached that point yet. We expect + to gradually fill these gaps over time. + +Each of these documents give a description of the target of evaluation using a +data flow diagram, as well as a list of threats we have identified using the +`STRIDE threat modeling technique`_ and corresponding mitigations. .. toctree:: :maxdepth: 1 @@ -16,7 +34,10 @@ threat_model_spm threat_model_el3_spm threat_model_fvp_r + threat_model_rss_interface -------------- -*Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.* + +.. _STRIDE threat modeling technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst index 38e5c87..71ec9b1 100644 --- a/docs/threat_model/threat_model.rst +++ b/docs/threat_model/threat_model.rst
@@ -36,12 +36,34 @@ - There is no Secure-EL2. We don't consider threats that may come with Secure-EL2 software. -- Measured boot is disabled. We do not consider the threats nor the mitigations - that may come with it. - - No experimental features are enabled. We do not consider threats that may come from them. +.. note:: + + In the current Measured Boot design, BL1, BL2, and BL31, as well as the + secure world components, form the |SRTM|. Measurement data is currently + considered an asset to be protected against attack, and this is achieved + by storing them in the Secure Memory. + Beyond the measurements stored inside the TCG-compliant Event Log buffer, + there are no other assets to protect or threats to defend against that + could compromise |TF-A| execution environment's security. + + There are general security assets and threats associated with remote/delegated + attestation. However, these are outside the |TF-A| security boundary and + should be dealt with by the appropriate agent in the platform/system. + Since current Measured Boot design does not use local attestation, there would + be no further assets to protect(like unsealed keys). + + A limitation of the current Measured Boot design is that it is dependent upon + Secure Boot as implementation of Measured Boot does not extend measurements + into a discrete |TPM|, where they would be securely stored and protected + against tampering. This implies that if Secure-Boot is compromised, Measured + Boot may also be compromised. + + Platforms must carefully evaluate the security of the default implementation + since the |SRTM| includes all secure world components. + Data Flow Diagram ================= @@ -170,7 +192,7 @@ For each threat identified, a risk rating that ranges from *informational* to *critical* is given based on the likelihood of the -threat occuring if a mitigation is not in place, and the impact of the +threat occurring if a mitigation is not in place, and the impact of the threat (i.e. how severe the consequences could be). Table 4 explains each rating in terms of score, impact and likelihood. @@ -778,8 +800,9 @@ +========================+====================================================+ | Threat | | **Misconfiguration of the Memory Management Unit | | | (MMU) may allow a normal world software to | -| | access sensitive data or execute arbitrary | -| | code** | +| | access sensitive data, execute arbitrary | +| | code or access otherwise restricted HW | +| | interface** | | | | | | | A misconfiguration of the MMU could | | | lead to an open door for software running in the | @@ -853,6 +876,8 @@ +------------------------+-----------------------------------------------------+ | Threat Type | Information Disclosure | +------------------------+-------------------+----------------+----------------+ +| Application | Server | IoT | Mobile | ++------------------------+-------------------+----------------+----------------+ | Impact | Medium (3) | Medium (3) | Medium (3) | +------------------------+-------------------+----------------+----------------+ | Likelihood | Low (2) | Low (2) | Low (2) | @@ -880,9 +905,89 @@ | | mitigated. | +------------------------+-----------------------------------------------------+ ++------------------------+-----------------------------------------------------+ +| ID | 13 | ++========================+=====================================================+ +| Threat | | **Leaving sensitive information in the memory, | +| | can allow an attacker to retrieve them.** | +| | | +| | | Accidentally leaving not-needed sensitive data in | +| | internal buffers can leak them if an attacker | +| | gains access to memory due to a vulnerability. | ++------------------------+-----------------------------------------------------+ +| Diagram Elements | DF4, DF5 | ++------------------------+-----------------------------------------------------+ +| Affected TF-A | BL1, BL2, BL31 | +| Components | | ++------------------------+-----------------------------------------------------+ +| Assets | Sensitive Data | ++------------------------+-----------------------------------------------------+ +| Threat Agent | NSCode, SecCode | ++------------------------+-----------------------------------------------------+ +| Threat Type | Information Disclosure | ++------------------------+-------------------+----------------+----------------+ +| Application | Server | IoT | Mobile | ++------------------------+-------------------+----------------+----------------+ +| Impact | Critical (5) | Critical (5) | Critical (5) | ++------------------------+-------------------+----------------+----------------+ +| Likelihood | Medium (3) | Medium (3) | Medium (3) | ++------------------------+-------------------+----------------+----------------+ +| Total Risk Rating | High (15) | High (15) | High (15) | ++------------------------+-------------------+----------------+----------------+ +| Mitigations | Clear the sensitive data from internal buffers as | +| | soon as they are not needed anymore. | ++------------------------+-----------------------------------------------------+ +| Mitigations | | Yes / Platform specific | ++------------------------+-----------------------------------------------------+ + ++------------------------+-----------------------------------------------------+ +| ID | 14 | ++========================+=====================================================+ +| Threat | | **Attacker wants to execute an arbitrary or | +| | untrusted binary as the secure OS.** | +| | | +| | | When the option OPTEE_ALLOW_SMC_LOAD is enabled, | +| | this trusts the non-secure world up until the | +| | point it issues the SMC call to load the Secure | +| | BL32 payload. If a compromise occurs before the | +| | SMC call is invoked, then arbitrary code execution| +| | in S-EL1 can occur or arbitrary memory in EL3 can | +| | be overwritten. | ++------------------------+-----------------------------------------------------+ +| Diagram Elements | DF5 | ++------------------------+-----------------------------------------------------+ +| Affected TF-A | BL31, BL32 | +| Components | | ++------------------------+-----------------------------------------------------+ +| Assets | Code Execution, Sensitive Data | ++------------------------+-----------------------------------------------------+ +| Threat Agent | NSCode | ++------------------------+-----------------------------------------------------+ +| Threat Type | Tampering, Information Disclosure, | +| | Elevation of privilege | ++------------------------+-----------------+-----------------+-----------------+ +| Application | Server | IoT | Mobile | ++------------------------+-----------------+-----------------+-----------------+ +| Impact | Critical (5) | Critical (5) | Critical (5) | ++------------------------+-----------------+-----------------+-----------------+ +| Likelihood | High (4) | High (4) | High (4) | ++------------------------+-----------------+-----------------+-----------------+ +| Total Risk Rating | Critical (20) | Critical (20) | Critical (20) | ++------------------------+-----------------+-----------------+-----------------+ +| Mitigations | When enabling the option OPTEE_ALLOW_SMC_LOAD, | +| | the non-secure OS must be considered a closed | +| | platform up until the point the SMC can be invoked | +| | to load OP-TEE. | ++------------------------+-----------------------------------------------------+ +| Mitigations | | None in TF-A itself. This option is only used by | +| implemented? | ChromeOS currently which has other mechanisms to | +| | to mitigate this threat which are described in | +| | `OP-TEE Dispatcher`_. | ++------------------------+-----------------------------------------------------+ + -------------- -*Copyright (c) 2021-2022, Arm Limited. All rights reserved.* +*Copyright (c) 2021-2023, Arm Limited. All rights reserved.* .. _STRIDE threat analysis technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model @@ -894,3 +999,4 @@ .. _TF-A error handling policy: https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#error-handling-and-robustness .. _Secure Development Guidelines: https://trustedfirmware-a.readthedocs.io/en/latest/process/security-hardening.html#secure-development-guidelines .. _Trusted Firmware-A Tests: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/about/ +.. _OP-TEE Dispatcher: https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/components/spd/optee-dispatcher.rst
diff --git a/docs/threat_model/threat_model_rss_interface.rst b/docs/threat_model/threat_model_rss_interface.rst new file mode 100644 index 0000000..4bceb63 --- /dev/null +++ b/docs/threat_model/threat_model_rss_interface.rst
@@ -0,0 +1,59 @@ +Threat Model for RSS - AP interface +*********************************** + +************ +Introduction +************ +This document is an extension for the general TF-A threat-model. It considers +those platforms where a Runtime Security Subsystem (RSS) is included in the SoC +next to the Application Processor (AP). + +******************** +Target of Evaluation +******************** +The scope of this threat model only includes the interface between the RSS and +AP. Otherwise, the TF-A :ref:`Generic Threat Model` document is applicable for +the AP core. The threat model for the RSS firmware will be provided by the RSS +firmware project in the future. + + +Data Flow Diagram +================= +This diagram is different only from the general TF-A data flow diagram in that +it includes the RSS and highlights the interface between the AP and the RSS +cores. The interface description only focuses on the AP-RSS interface the rest +is the same as in the general TF-A threat-model document. + +.. uml:: ../resources/diagrams/plantuml/tfa_rss_dfd.puml + :caption: Figure 1: TF-A Data Flow Diagram including RSS + +.. table:: Table 1: TF-A - RSS data flow diagram + + +-----------------+--------------------------------------------------------+ + | Diagram Element | Description | + +=================+========================================================+ + | DF7 | | Boot images interact with RSS over a communication | + | | channel to record boot measurements and get image | + | | verification keys. At runtime, BL31 obtains the | + | | realm world attestation signing key from RSS. | + +-----------------+--------------------------------------------------------+ + +Threat Assessment +================= +For this section, please reference the Threat Assessment under the general TF-A +threat-model document, :ref:`Generic Threat Model`. All the threats listed there +are applicable for the AP core, here only the differences are highlighted. + + - ID 11: The access to the communication interface between AP and RSS is + allowed only for firmware running at EL3. Accidentally exposing this + interface to NSCode can allow malicious code to interact with RSS and + gain access to sensitive data. + - ID 13: Relevant in the context of the realm attestation key, which can be + retrieved by BL31 through DF7. The RSS communication protocol layer + mitigates against this by clearing its internal buffer when reply is + received. The caller of the API must do the same if data is not needed + anymore. + +-------------- + +*Copyright (c) 2022, Arm Limited. All rights reserved.* \ No newline at end of file
diff --git a/docs/threat_model/threat_model_spm.rst b/docs/threat_model/threat_model_spm.rst index 98dbf76..9458a9f 100644 --- a/docs/threat_model/threat_model_spm.rst +++ b/docs/threat_model/threat_model_spm.rst
@@ -35,7 +35,7 @@ - The TF-A implementation for the S-EL2 SPMC based on the Hafnium hypervisor running in the secure world of TrustZone (at S-EL2 exception level). The threat model is not related to the normal world Hypervisor or VMs. - The S-EL1 SPMC solution is not covered. + The S-EL1 and EL3 SPMC solutions are not covered. - The implementation complies with the FF-A v1.0 specification, and a few features of FF-A v1.1 specification. - Secure partitions are statically provisioned at boot time. @@ -235,8 +235,8 @@ +------------------------+------------------+-----------------+---------------+ | ``Total Risk Rating`` | High (16) | High (16) | | +------------------------+------------------+-----------------+---------------+ -| ``Mitigations`` | In context of FF-A v1.0 this is the case of sharing| -| | the RX/TX buffer pair and usage in the | +| ``Mitigations`` | In context of FF-A v1.0 and v1.1 this is the case | +| | of sharing the RX/TX buffer pair and usage in the | | | PARTITION_INFO_GET or mem sharing primitives. | | | The SPMC must copy the contents of the TX buffer | | | to an internal temporary buffer before processing | @@ -1151,11 +1151,189 @@ | | interrupted. | +------------------------+----------------------------------------------------+ ++------------------------+----------------------------------------------------+ +| ID | 25 | ++========================+====================================================+ +| ``Threat`` | **A rogue FF-A endpoint can use memory sharing | +| | calls to exhaust SPMC resources.** | +| | For each on-going operation that involves an SP, | +| | the SPMC allocates resources to track its state. | +| | If the operation is never concluded, the resources | +| | are never freed. | +| | In the worst scenario, multiple operations that | +| | never conclude may exhaust the SPMC resources to a | +| | point in which renders memory sharing operations | +| | impossible. This could affect other, non-harmful | +| | FF-A endpoints, from legitimately using memory | +| | share functionality. The intent might even be | +| | to cause the SPMC to consume excessive CPU cycles, | +| | attempting to make it deny its service to the NWd. | ++------------------------+----------------------------------------------------+ +| ``Diagram Elements`` | DF1, DF2 | ++------------------------+----------------------------------------------------+ +| ``Affected TF-A | SPMC, SPMD | +| Components`` | | ++------------------------+----------------------------------------------------+ +| ``Assets`` | SPMC state | ++------------------------+----------------------------------------------------+ +| ``Threat Agent`` | NS-Endpoint, S-Endpoint | ++------------------------+----------------------------------------------------+ +| ``Threat Type`` | Denial of Service | ++------------------------+------------------+-----------------+---------------+ +| ``Application`` | ``Server`` | ``Mobile`` | | ++------------------------+------------------+-----------------+---------------+ +| ``Impact`` | High (4) | Medium (3) | | ++------------------------+------------------+-----------------+---------------+ +| ``Likelihood`` | High (4) | Medium (3) | | ++------------------------+------------------+-----------------+---------------+ +| ``Total Risk Rating`` | High (16) | Medium (9) | | ++------------------------+------------------+-----------------+---------------+ +| ``Mitigations`` | The TF-A SPMC uses a statically allocated pool of | +| | memory to keep track of on-going memory sharing | +| | operations. After a possible attack, this could | +| | fail due to insufficient memory, and return an | +| | error to the caller. At this point, any other | +| | endpoint that requires use of memory sharing for | +| | its operation could get itself in an unusable | +| | state. | +| | Regarding CPU cycles starving threat, the SPMC | +| | doesn't provide any mitigation for this, as any | +| | FF-A endpoint, at the virtual FF-A instance is | +| | allowed to invoke memory share/lend/donate. | ++------------------------+----------------------------------------------------+ + ++------------------------+----------------------------------------------------+ +| ID | 26 | ++========================+====================================================+ +| ``Threat`` | **A borrower may interfere with lender's | +| | operation, if it terminates due to a fatal error | +| | condition without releasing the memory | +| | shared/lent.** | +| | Such scenario may render the lender inoperable. | ++------------------------+----------------------------------------------------+ +| ``Diagram Elements`` | DF1, DF2 | ++------------------------+----------------------------------------------------+ +| ``Affected TF-A | SPMC | +| Components`` | | ++------------------------+----------------------------------------------------+ +| ``Assets`` | SP state | ++------------------------+----------------------------------------------------+ +| ``Threat Agent`` | NS-Endpoint, S-Endpoint | ++------------------------+----------------------------------------------------+ +| ``Threat Type`` | Denial of Service | ++------------------------+------------------+-----------------+---------------+ +| ``Application`` | ``Server`` | ``Mobile`` | | ++------------------------+------------------+-----------------+---------------+ +| ``Impact`` | High (4) | Low (2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Likelihood`` | Medium (3) | Medium (3) | | ++------------------------+------------------+-----------------+---------------+ +| ``Total Risk Rating`` | High (12) | Medium(6) | | ++------------------------+------------------+-----------------+---------------+ +| ``Mitigations`` | The TF-A SPMC does not provide mitigation for such | +| | scenario. The FF-A endpoints must attempt to | +| | relinquish memory shared/lent themselves in | +| | case of failure. The memory used to track the | +| | operation in the SPMC will also remain usuable. | ++------------------------+----------------------------------------------------+ + ++------------------------+----------------------------------------------------+ +| ID | 27 | ++========================+====================================================+ +| ``Threat`` | **A rogue FF-A endpoint may attempt to tamper with | +| | the content of the memory shared/lent, whilst | +| | being accessed by other FF-A endpoints.** | +| | It might attempt to do so: using one of the clear | +| | flags, when either retrieving or relinquishing | +| | access to the memory via the respective FF-A | +| | calls; or directly accessing memory without | +| | respecting the synchronization protocol between | +| | all involved endpoints. | ++------------------------+----------------------------------------------------+ +| ``Diagram Elements`` | DF1, DF2 | ++------------------------+----------------------------------------------------+ +| ``Affected TF-A | SPMC, FF-A endpoint | +| Components`` | | ++------------------------+----------------------------------------------------+ +| ``Assets`` | SP state | ++------------------------+----------------------------------------------------+ +| ``Threat Agent`` | NS-Endpoint, S-Endpoint | ++------------------------+----------------------------------------------------+ +| ``Threat Type`` | Denial of Service, Tampering | ++------------------------+------------------+-----------------+---------------+ +| ``Application`` | ``Server`` | ``Mobile`` | | ++------------------------+------------------+-----------------+---------------+ +| ``Impact`` | Low (2) | Low (2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Likelihood`` | Medium (3) | Medium (3) | | ++------------------------+------------------+-----------------+---------------+ +| ``Total Risk Rating`` | Medium (6) | Medium(6) | | ++------------------------+------------------+-----------------+---------------+ +| ``Mitigations`` | The first case defined in the threat, the TF-A | +| | SPMC mitigates it, by ensuring a memory is cleared | +| | only when all borrowers have relinquished access | +| | to the memory, in a scenario involving multiple | +| | borrowers. Also, if the receiver is granted RO, | +| | permissions, the SPMC will reject any request | +| | to clear memory on behalf of the borrower, by | +| | returning an error to the respective FF-A call. | +| | The second case defined in the threat can't be | +| | mitigated by the SPMC. It is up to the NS/S FF-A | +| | endpoints to establish a robust protocol for using | +| | the shared memory. | ++------------------------+----------------------------------------------------+ + ++------------------------+----------------------------------------------------+ +| ID | 28 | ++========================+====================================================+ +| ``Threat`` | **A rogue FF-A endpoint may attempt to share | +| | memory that is not in its translation regime, or | +| | attempt to specify attributes more permissive than | +| | those it possesses at a given time.** | +| | Both ways could be an attempt for escalating its | +| | privileges. | ++------------------------+----------------------------------------------------+ +| ``Diagram Elements`` | DF1, DF2 | ++------------------------+----------------------------------------------------+ +| ``Affected TF-A | SPMC, FF-A endpoint | +| Components`` | | ++------------------------+----------------------------------------------------+ +| ``Assets`` | SP state | ++------------------------+----------------------------------------------------+ +| ``Threat Agent`` | NS-Endpoint, S-Endpoint | ++------------------------+----------------------------------------------------+ +| ``Threat Type`` | Denial of Service, Tampering | ++------------------------+------------------+-----------------+---------------+ +| ``Application`` | ``Server`` | ``Mobile`` | | ++------------------------+------------------+-----------------+---------------+ +| ``Impact`` | High (4) | Low (2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Likelihood`` | Medium (3) | Low (2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Total Risk Rating`` | High (12) | Low (2) | | ++------------------------+------------------+-----------------+---------------+ +| ``Mitigations`` | The TF-A SPMC mitigates this threat by performing | +| | sanity checks to the provided memory region | +| | descriptor. | +| | For operations at the virtual FF-A instance, and | +| | once the full memory descriptor is provided, | +| | the SPMC validates that the memory is part of the | +| | caller's translation regime. The SPMC also checks | +| | that the memory attributes provided are within | +| | those the owner possesses, in terms of | +| | permissiveness. If more permissive attributes are | +| | specified, the SPMC returns an error | +| | FFA_INVALID_PARAMETERS. The permissiveness rules | +| | are enforced in any call to share/lend or donate | +| | the memory, and in retrieve requests. | ++------------------------+----------------------------------------------------+ + -------------- -*Copyright (c) 2021-2022, Arm Limited. All rights reserved.* +*Copyright (c) 2021-2023, Arm Limited. All rights reserved.* .. _Arm Firmware Framework for Arm A-profile: https://developer.arm.com/docs/den0077/latest .. _Secure Partition Manager: ../components/secure-partition-manager.html .. _Generic TF-A threat model: ./threat_model.html#threat-analysis .. _FF-A ACS: https://github.com/ARM-software/ff-a-acs/releases +
diff --git a/drivers/allwinner/axp/common.c b/drivers/allwinner/axp/common.c index f1250b0..79f9089 100644 --- a/drivers/allwinner/axp/common.c +++ b/drivers/allwinner/axp/common.c
@@ -9,6 +9,7 @@ #include <libfdt.h> #include <common/debug.h> +#include <common/fdt_wrappers.h> #include <drivers/allwinner/axp.h> int axp_check_id(void) @@ -97,19 +98,9 @@ return 0; } -static bool is_node_disabled(const void *fdt, int node) -{ - const char *cell; - cell = fdt_getprop(fdt, node, "status", NULL); - if (cell == NULL) { - return false; - } - return strcmp(cell, "okay") != 0; -} - static bool should_enable_regulator(const void *fdt, int node) { - if (is_node_disabled(fdt, node)) { + if (!fdt_node_is_enabled(fdt, node)) { return false; } if (fdt_getprop(fdt, node, "phandle", NULL) != NULL) {
diff --git a/drivers/arm/css/mhu/css_mhu_doorbell.c b/drivers/arm/css/mhu/css_mhu_doorbell.c index c51f3b1..479bb21 100644 --- a/drivers/arm/css/mhu/css_mhu_doorbell.c +++ b/drivers/arm/css/mhu/css_mhu_doorbell.c
@@ -15,7 +15,6 @@ MHU_RING_DOORBELL(plat_info->db_reg_addr, plat_info->db_modify_mask, plat_info->db_preserve_mask); - return; } void mhuv2_ring_doorbell(struct scmi_channel_plat_info *plat_info) @@ -35,6 +34,4 @@ /* clear the access request for the receiver */ MHU_V2_CLEAR_REQUEST(mhuv2_base); - - return; }
diff --git a/drivers/arm/css/scmi/vendor/scmi_sq.c b/drivers/arm/css/scmi/vendor/scmi_sq.c index f185424..1037633 100644 --- a/drivers/arm/css/scmi/vendor/scmi_sq.c +++ b/drivers/arm/css/scmi/vendor/scmi_sq.c
@@ -15,7 +15,7 @@ #include <sq_common.h> -/* SCMI messge ID to get the available DRAM region */ +/* SCMI message ID to get the available DRAM region */ #define SCMI_VENDOR_EXT_MEMINFO_GET_MSG 0x3 #define SCMI_VENDOR_EXT_MEMINFO_GET_MSG_LEN 4
diff --git a/drivers/arm/ethosn/ethosn_big_fw.c b/drivers/arm/ethosn/ethosn_big_fw.c new file mode 100644 index 0000000..628f5d9 --- /dev/null +++ b/drivers/arm/ethosn/ethosn_big_fw.c
@@ -0,0 +1,57 @@ +/* + * Copyright (c) 2023, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <common/debug.h> + +#include "ethosn_big_fw.h" + +/* Magic (FourCC) number to identify the big firmware binary */ +#define ETHOSN_BIG_FW_MAGIC ('E' | ('N' << 8) | ('F' << 16) | ('W' << 24)) + +/* Supported big firmware version */ +#define ETHOSN_BIG_FW_VERSION_MAJOR 11 + +#define ETHOSN_ARCH_VER_MAJOR_MASK U(0xF000) +#define ETHOSN_ARCH_VER_MAJOR_SHIFT U(0xC) +#define ETHOSN_ARCH_VER_MINOR_MASK U(0xF00) +#define ETHOSN_ARCH_VER_MINOR_SHIFT U(0x8) +#define ETHOSN_ARCH_VER_REV_MASK U(0xFF) + +/* Convert Arm(R) Ethos(TM)-N NPU architecture version to big firmware format */ +#define ETHOSN_BIG_FW_FORMAT_ARCH_VER(arch_ver) \ + (arch_ver & ETHOSN_ARCH_VER_MAJOR_MASK) << ETHOSN_ARCH_VER_MAJOR_SHIFT | \ + (arch_ver & ETHOSN_ARCH_VER_MINOR_MASK) << ETHOSN_ARCH_VER_MINOR_SHIFT | \ + (arch_ver & ETHOSN_ARCH_VER_REV_MASK) + + +bool ethosn_big_fw_verify_header(const struct ethosn_big_fw *big_fw, + uint32_t npu_arch_ver) +{ + const uint32_t arch_ver = ETHOSN_BIG_FW_FORMAT_ARCH_VER(npu_arch_ver); + + if (big_fw->fw_magic != ETHOSN_BIG_FW_MAGIC) { + ERROR("ETHOSN: Unable to find firmware. Invalid magic value: 0x%02x\n", + big_fw->fw_magic); + + return false; + } + + if (big_fw->fw_ver_major != ETHOSN_BIG_FW_VERSION_MAJOR) { + ERROR("ETHOSN: Unsupported firmware version: %u.%u.%u. Expected Version %u.x.x.\n", + big_fw->fw_ver_major, big_fw->fw_ver_minor, + big_fw->fw_ver_patch, ETHOSN_BIG_FW_VERSION_MAJOR); + + return false; + } + + if (big_fw->arch_min > arch_ver || arch_ver > big_fw->arch_max) { + ERROR("ETHOSN: Firmware is not compatbile with architecture version: 0x%02x\n", + npu_arch_ver); + return false; + } + + return true; +}
diff --git a/drivers/arm/ethosn/ethosn_big_fw.h b/drivers/arm/ethosn/ethosn_big_fw.h new file mode 100644 index 0000000..a321322 --- /dev/null +++ b/drivers/arm/ethosn/ethosn_big_fw.h
@@ -0,0 +1,36 @@ +/* + * Copyright (c) 2023, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <stdbool.h> +#include <stdint.h> + +/* + * Big FW binary structure. + * Must be kept in sync with the Arm(R) Ethos(TM)-N NPU firmware binary layout. + */ +struct ethosn_big_fw { + uint32_t fw_magic; + uint32_t fw_ver_major; + uint32_t fw_ver_minor; + uint32_t fw_ver_patch; + uint32_t arch_min; + uint32_t arch_max; + uint32_t offset; + uint32_t size; + uint32_t code_offset; + uint32_t code_size; + uint32_t ple_offset; + uint32_t ple_size; + uint32_t vector_table_offset; + uint32_t vector_table_size; + uint32_t unpriv_stack_offset; + uint32_t unpriv_stack_size; + uint32_t priv_stack_offset; + uint32_t priv_stack_size; +} __packed; + +bool ethosn_big_fw_verify_header(const struct ethosn_big_fw *big_fw, + uint32_t npu_arch_ver);
diff --git a/drivers/arm/ethosn/ethosn_smc.c b/drivers/arm/ethosn/ethosn_smc.c index 915a0d8..85a12c5 100644 --- a/drivers/arm/ethosn/ethosn_smc.c +++ b/drivers/arm/ethosn/ethosn_smc.c
@@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022, Arm Limited. All rights reserved. + * Copyright (c) 2021-2023, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -15,6 +15,12 @@ #include <lib/utils_def.h> #include <plat/arm/common/fconf_ethosn_getter.h> +#include <platform_def.h> + +#if ARM_ETHOSN_NPU_TZMP1 +#include "ethosn_big_fw.h" +#endif + /* * Number of Arm(R) Ethos(TM)-N NPU (NPU) devices available */ @@ -28,27 +34,89 @@ #define ETHOSN_CORE_SEC_REG(core_addr, reg_offset) \ (core_addr + reg_offset) +#define ETHOSN_FW_VA_BASE 0x20000000UL +#define ETHOSN_WORKING_DATA_VA_BASE 0x40000000UL +#define ETHOSN_COMMAND_STREAM_VA_BASE 0x60000000UL + /* Reset timeout in us */ #define ETHOSN_RESET_TIMEOUT_US U(10 * 1000 * 1000) #define ETHOSN_RESET_WAIT_US U(1) +#define ETHOSN_AUX_FEAT_LEVEL_IRQ U(0x1) +#define ETHOSN_AUX_FEAT_STASHING U(0x2) + +#define SEC_AUXCTLR_REG U(0x0024) +#define SEC_AUXCTLR_VAL U(0x80) +#define SEC_AUXCTLR_LEVEL_IRQ_VAL U(0x04) +#define SEC_AUXCTLR_STASHING_VAL U(0xA5000000) + #define SEC_DEL_REG U(0x0004) -#define SEC_DEL_VAL U(0x81C) +#if ARM_ETHOSN_NPU_TZMP1 +#define SEC_DEL_VAL U(0x808) +#else +#define SEC_DEL_VAL U(0x80C) +#endif #define SEC_DEL_EXCC_MASK U(0x20) #define SEC_SECCTLR_REG U(0x0010) -#define SEC_SECCTLR_VAL U(0x3) +/* Set bit[10] = 1 to workaround erratum 2838783 */ +#define SEC_SECCTLR_VAL U(0x403) -#define SEC_DEL_ADDR_EXT_REG U(0x201C) -#define SEC_DEL_ADDR_EXT_VAL U(0x15) +#define SEC_DEL_ADDR_EXT_REG U(0x201C) +#define SEC_DEL_ADDR_EXT_VAL U(0x1) #define SEC_SYSCTRL0_REG U(0x0018) +#define SEC_SYSCTRL0_CPU_WAIT U(1) +#define SEC_SYSCTRL0_SLEEPING U(1U << 4) +#define SEC_SYSCTRL0_INITVTOR_MASK U(0x1FFFFF80) #define SEC_SYSCTRL0_SOFT_RESET U(3U << 29) #define SEC_SYSCTRL0_HARD_RESET U(1U << 31) +#define SEC_SYSCTRL1_REG U(0x001C) +#define SEC_SYSCTRL1_VAL U(0x180110) + +#define SEC_NSAID_REG_BASE U(0x3004) +#define SEC_NSAID_OFFSET U(0x1000) + #define SEC_MMUSID_REG_BASE U(0x3008) #define SEC_MMUSID_OFFSET U(0x1000) +#define SEC_ADDR_EXT_REG_BASE U(0x3018) +#define SEC_ADDR_EXT_OFFSET U(0x1000) +#define SEC_ADDR_EXT_SHIFT U(0x14) +#define SEC_ADDR_EXT_MASK U(0x1FFFFE00) + +#define SEC_ATTR_CTLR_REG_BASE U(0x3010) +#define SEC_ATTR_CTLR_OFFSET U(0x1000) +#define SEC_ATTR_CTLR_NUM U(9) +#define SEC_ATTR_CTLR_VAL U(0x1) + +#define SEC_NPU_ID_REG U(0xF000) +#define SEC_NPU_ID_ARCH_VER_SHIFT U(0X10) + +#define FIRMWARE_STREAM_INDEX U(0x0) +#define WORKING_STREAM_INDEX U(0x1) +#define PLE_STREAM_INDEX U(0x4) +#define INPUT_STREAM_INDEX U(0x6) +#define INTERMEDIATE_STREAM_INDEX U(0x7) +#define OUTPUT_STREAM_INDEX U(0x8) + +#define TO_EXTEND_ADDR(addr) \ + ((addr >> SEC_ADDR_EXT_SHIFT) & SEC_ADDR_EXT_MASK) + +#if ARM_ETHOSN_NPU_TZMP1 +CASSERT(ARM_ETHOSN_NPU_FW_IMAGE_BASE > 0U, assert_ethosn_invalid_fw_image_base); +static const struct ethosn_big_fw *big_fw; + +#define FW_INITVTOR_ADDR(big_fw) \ + ((ETHOSN_FW_VA_BASE + big_fw->vector_table_offset) & \ + SEC_SYSCTRL0_INITVTOR_MASK) + +#define SYSCTRL0_INITVTOR_ADDR(value) \ + (value & SEC_SYSCTRL0_INITVTOR_MASK) + +#endif + static bool ethosn_get_device_and_core(uintptr_t core_addr, const struct ethosn_device_t **dev_match, const struct ethosn_core_t **core_match) @@ -74,6 +142,83 @@ return false; } +#if ARM_ETHOSN_NPU_TZMP1 +static uint32_t ethosn_core_read_arch_version(uintptr_t core_addr) +{ + uint32_t npu_id = mmio_read_32(ETHOSN_CORE_SEC_REG(core_addr, + SEC_NPU_ID_REG)); + + return (npu_id >> SEC_NPU_ID_ARCH_VER_SHIFT); +} + +static void ethosn_configure_stream_nsaid(const struct ethosn_core_t *core, + bool is_protected) +{ + size_t i; + uint32_t streams[9] = {[0 ... 8] = ARM_ETHOSN_NPU_NS_RO_DATA_NSAID}; + + streams[FIRMWARE_STREAM_INDEX] = ARM_ETHOSN_NPU_PROT_FW_NSAID; + streams[PLE_STREAM_INDEX] = ARM_ETHOSN_NPU_PROT_FW_NSAID; + + streams[WORKING_STREAM_INDEX] = ARM_ETHOSN_NPU_NS_RW_DATA_NSAID; + + if (is_protected) { + streams[INPUT_STREAM_INDEX] = ARM_ETHOSN_NPU_PROT_RO_DATA_NSAID; + streams[INTERMEDIATE_STREAM_INDEX] = + ARM_ETHOSN_NPU_PROT_RW_DATA_NSAID; + streams[OUTPUT_STREAM_INDEX] = ARM_ETHOSN_NPU_PROT_RW_DATA_NSAID; + } else { + streams[INPUT_STREAM_INDEX] = ARM_ETHOSN_NPU_NS_RO_DATA_NSAID; + streams[INTERMEDIATE_STREAM_INDEX] = + ARM_ETHOSN_NPU_NS_RW_DATA_NSAID; + streams[OUTPUT_STREAM_INDEX] = ARM_ETHOSN_NPU_NS_RW_DATA_NSAID; + } + + for (i = 0U; i < ARRAY_SIZE(streams); ++i) { + const uintptr_t reg_addr = SEC_NSAID_REG_BASE + + (SEC_NSAID_OFFSET * i); + mmio_write_32(ETHOSN_CORE_SEC_REG(core->addr, reg_addr), + streams[i]); + } +} + +static void ethosn_configure_vector_table(uintptr_t core_addr) +{ + mmio_setbits_32(ETHOSN_CORE_SEC_REG(core_addr, SEC_SYSCTRL0_REG), + FW_INITVTOR_ADDR(big_fw)); +} + +#endif + +static void ethosn_configure_events(uintptr_t core_addr) +{ + mmio_write_32(ETHOSN_CORE_SEC_REG(core_addr, SEC_SYSCTRL1_REG), SEC_SYSCTRL1_VAL); +} + +static bool ethosn_configure_aux_features(const struct ethosn_device_t *device, + uintptr_t core_addr, + uint32_t features) +{ + uint32_t val = SEC_AUXCTLR_VAL; + + if (features & ETHOSN_AUX_FEAT_LEVEL_IRQ) { + val |= SEC_AUXCTLR_LEVEL_IRQ_VAL; + } + + if (features & ETHOSN_AUX_FEAT_STASHING) { + /* Stashing can't be used with reserved memory */ + if (device->has_reserved_memory) { + return false; + } + + val |= SEC_AUXCTLR_STASHING_VAL; + } + + mmio_setbits_32(ETHOSN_CORE_SEC_REG(core_addr, SEC_AUXCTLR_REG), val); + + return true; +} + static void ethosn_configure_smmu_streams(const struct ethosn_device_t *device, const struct ethosn_core_t *core, uint32_t asset_alloc_idx) @@ -103,6 +248,44 @@ } } +static void ethosn_configure_stream_addr_extends(const struct ethosn_device_t *device, + uintptr_t core_addr) +{ + uint32_t addr_extends[3] = { 0 }; + size_t i; + + if (device->has_reserved_memory) { + const uint32_t addr = TO_EXTEND_ADDR(device->reserved_memory_addr); + + addr_extends[0] = addr; + addr_extends[1] = addr; + addr_extends[2] = addr; + } else { + addr_extends[0] = TO_EXTEND_ADDR(ETHOSN_FW_VA_BASE); + addr_extends[1] = TO_EXTEND_ADDR(ETHOSN_WORKING_DATA_VA_BASE); + addr_extends[2] = TO_EXTEND_ADDR(ETHOSN_COMMAND_STREAM_VA_BASE); + } + + for (i = 0U; i < ARRAY_SIZE(addr_extends); ++i) { + const uintptr_t reg_addr = SEC_ADDR_EXT_REG_BASE + + (SEC_ADDR_EXT_OFFSET * i); + mmio_write_32(ETHOSN_CORE_SEC_REG(core_addr, reg_addr), + addr_extends[i]); + } +} + +static void ethosn_configure_stream_attr_ctlr(uintptr_t core_addr) +{ + size_t i; + + for (i = 0U; i < SEC_ATTR_CTLR_NUM; ++i) { + const uintptr_t reg_addr = SEC_ATTR_CTLR_REG_BASE + + (SEC_ATTR_CTLR_OFFSET * i); + mmio_write_32(ETHOSN_CORE_SEC_REG(core_addr, reg_addr), + SEC_ATTR_CTLR_VAL); + } +} + static void ethosn_delegate_to_ns(uintptr_t core_addr) { mmio_setbits_32(ETHOSN_CORE_SEC_REG(core_addr, SEC_SECCTLR_REG), @@ -125,13 +308,22 @@ return 1; } -static bool ethosn_reset(uintptr_t core_addr, int hard_reset) +static int ethosn_core_is_sleeping(uintptr_t core_addr) +{ + const uintptr_t sysctrl0_reg = + ETHOSN_CORE_SEC_REG(core_addr, SEC_SYSCTRL0_REG); + const uint32_t sleeping_mask = SEC_SYSCTRL0_SLEEPING; + + return ((mmio_read_32(sysctrl0_reg) & sleeping_mask) == sleeping_mask); +} + +static bool ethosn_core_reset(uintptr_t core_addr, bool hard_reset) { unsigned int timeout; const uintptr_t sysctrl0_reg = ETHOSN_CORE_SEC_REG(core_addr, SEC_SYSCTRL0_REG); - const uint32_t reset_val = (hard_reset != 0) ? SEC_SYSCTRL0_HARD_RESET - : SEC_SYSCTRL0_SOFT_RESET; + const uint32_t reset_val = hard_reset ? SEC_SYSCTRL0_HARD_RESET : + SEC_SYSCTRL0_SOFT_RESET; mmio_write_32(sysctrl0_reg, reset_val); @@ -149,18 +341,184 @@ return timeout < ETHOSN_RESET_TIMEOUT_US; } +static int ethosn_core_boot_fw(uintptr_t core_addr) +{ +#if ARM_ETHOSN_NPU_TZMP1 + const uintptr_t sysctrl0_reg = ETHOSN_CORE_SEC_REG(core_addr, SEC_SYSCTRL0_REG); + const uint32_t sysctrl0_val = mmio_read_32(sysctrl0_reg); + const bool waiting = (sysctrl0_val & SEC_SYSCTRL0_CPU_WAIT); + + if (!waiting) { + WARN("ETHOSN: Firmware is already running.\n"); + return ETHOSN_INVALID_STATE; + } + + if (SYSCTRL0_INITVTOR_ADDR(sysctrl0_val) != FW_INITVTOR_ADDR(big_fw)) {
