spm: enable pointer authentication and BTI
Use romlib in tbb/dualroot secure boot configurations. The debug build
is bigger when PAuth+BTI is enabled and BL2/BL31 no longer fit Trusted
SRAM. Update related run configs such that they call the rom lib shell
functions.
Update to arch version v8.5 in run configs such that BTI can be enabled.
Add has_branch_target_exception=1 to run configs such that BTI is
enabled.
Add restriction_on_speculative_execution option to base-aemva-common.sh.
Add restriction_on_speculative_execution=2 to run configs such that
SCXTNUM_ELx registers are supported in the EL2 context switch routine.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ib9f9996fd4d4d6e7b5975a5f7b64760169b76a6a
diff --git a/group/spm-l2-boot-tests/fvp-default,fvp-spm-tbb,fvp-default:fvp-spm b/group/spm-l2-boot-tests/fvp-default,fvp-spm-tbb,fvp-default:fvp-spm+romlib
similarity index 100%
rename from group/spm-l2-boot-tests/fvp-default,fvp-spm-tbb,fvp-default:fvp-spm
rename to group/spm-l2-boot-tests/fvp-default,fvp-spm-tbb,fvp-default:fvp-spm+romlib
diff --git a/group/spm-l2-boot-tests/fvp-default,fvp-spm-tbb-dualroot,fvp-default:fvp-spm b/group/spm-l2-boot-tests/fvp-default,fvp-spm-tbb-dualroot,fvp-default:fvp-spm
deleted file mode 100644
index 0a342ff..0000000
--- a/group/spm-l2-boot-tests/fvp-default,fvp-spm-tbb-dualroot,fvp-default:fvp-spm
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# Copyright (c) 2020, Arm Limited. All rights reserved.
-#
-# SPDX-License-Identifier: BSD-3-Clause
-#
diff --git a/group/spm-l2-boot-tests/fvp-default,fvp-spm-tbb,fvp-default:fvp-spm b/group/spm-l2-boot-tests/fvp-default,fvp-spm-tbb-dualroot,fvp-default:fvp-spm+romlib
similarity index 100%
copy from group/spm-l2-boot-tests/fvp-default,fvp-spm-tbb,fvp-default:fvp-spm
copy to group/spm-l2-boot-tests/fvp-default,fvp-spm-tbb-dualroot,fvp-default:fvp-spm+romlib
diff --git a/model/base-aemva-common.sh b/model/base-aemva-common.sh
index d1c1024..d1ac356 100644
--- a/model/base-aemva-common.sh
+++ b/model/base-aemva-common.sh
@@ -133,6 +133,8 @@
${has_branch_target_exception+-C cluster0.has_branch_target_exception=$has_branch_target_exception}
+${restriction_on_speculative_execution+-C cluster0.restriction_on_speculative_execution=$restriction_on_speculative_execution}
+
${gicv3_ext_interrupt_range+-C cluster0.gicv3.extended-interrupt-range-support=$gicv3_ext_interrupt_range}
EOF
@@ -230,6 +232,8 @@
${has_branch_target_exception+-C cluster1.has_branch_target_exception=$has_branch_target_exception}
+${restriction_on_speculative_execution+-C cluster1.restriction_on_speculative_execution=$restriction_on_speculative_execution}
+
${gicv3_ext_interrupt_range+-C cluster1.gicv3.extended-interrupt-range-support=$gicv3_ext_interrupt_range}
EOF
diff --git a/run_config/fvp-spm b/run_config/fvp-spm
index c87641e..cb0a5ec 100644
--- a/run_config/fvp-spm
+++ b/run_config/fvp-spm
@@ -24,8 +24,14 @@
# SPM(reference implementation of S-EL2 firmware) has SMMUv3 driver
# enabled to help with stage-2 translation and virtualization of
# upstream peripheral devices. Hence, enable the SMMUv3 IP in FVP
- # by confuguring the appropriate parameters of the SMMUv3 AEM.
- model="$model" arch_version="8.4" has_smmuv3_params="1" gen_model_params
+ # by configuring the appropriate parameters of the SMMUv3 AEM.
+
+ model="$model" \
+ arch_version="8.5" \
+ has_smmuv3_params="1" \
+ has_branch_target_exception="1" \
+ restriction_on_speculative_execution="2" \
+ gen_model_params
model="$model" gen_fvp_yaml
}
diff --git a/run_config/fvp-spm+romlib b/run_config/fvp-spm+romlib
new file mode 100644
index 0000000..2334371
--- /dev/null
+++ b/run_config/fvp-spm+romlib
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+post_tf_build() {
+ fvp_romlib_runtime
+ build_fip BL33="$archive/tftf.bin" BL32="$archive/secure_hafnium.bin"
+}
+
+fetch_tf_resource() {
+ # Expect scripts
+ uart="0" file="tftf.exp" track_expect
+ uart="2" file="spm-uart2.exp" track_expect
+
+ payload_type="tftf" gen_fvp_yaml_template
+
+}
+
+post_fetch_tf_resource() {
+ local model="base-aemv8a"
+
+ # SPM(reference implementation of S-EL2 firmware) has SMMUv3 driver
+ # enabled to help with stage-2 translation and virtualization of
+ # upstream peripheral devices. Hence, enable the SMMUv3 IP in FVP
+ # by configuring the appropriate parameters of the SMMUv3 AEM.
+
+ model="$model" \
+ arch_version="8.5" \
+ has_smmuv3_params="1" \
+ has_branch_target_exception="1" \
+ restriction_on_speculative_execution="2" \
+ gen_model_params
+
+ model="$model" gen_fvp_yaml
+}
+
+post_tf_archive() {
+ fvp_romlib_cleanup
+}
diff --git a/run_config/fvp-spm.linux b/run_config/fvp-spm.linux
index ca0d061..2d4bbcb 100644
--- a/run_config/fvp-spm.linux
+++ b/run_config/fvp-spm.linux
@@ -27,7 +27,9 @@
local model="base-aemv8a"
model="$model" \
- arch_version="8.4" \
+ arch_version="8.5" \
+ has_branch_target_exception="1" \
+ restriction_on_speculative_execution="2" \
initrd_bin="initrd.bin" \
el3_payload_bin="manifest.dtb" \
has_smmuv3_params="1" \
diff --git a/run_config/fvp-spm.optee.sp b/run_config/fvp-spm.optee.sp
index a924c38..a194587 100644
--- a/run_config/fvp-spm.optee.sp
+++ b/run_config/fvp-spm.optee.sp
@@ -34,6 +34,12 @@
post_fetch_tf_resource() {
local model="base-aemv8a"
- model="$model" arch_version="8.4" has_smmuv3_params="1" gen_model_params
+ model="$model" \
+ arch_version="8.5" \
+ has_smmuv3_params="1" \
+ has_branch_target_exception="1" \
+ restriction_on_speculative_execution="2" \
+ gen_model_params
+
model="$model" gen_fvp_yaml
}
diff --git a/run_config/fvp-spm.rstbl31 b/run_config/fvp-spm.rstbl31
index 45d0983..36031b5 100644
--- a/run_config/fvp-spm.rstbl31
+++ b/run_config/fvp-spm.rstbl31
@@ -45,7 +45,9 @@
local model="base-aemv8a"
model="$model" \
- arch_version="8.4" \
+ arch_version="8.5" \
+ has_branch_target_exception="1" \
+ restriction_on_speculative_execution="2" \
reset_to_bl31="1" \
preload_bl33="1" \
preload_bl33_bin="$archive/hafnium.bin" \
@@ -58,5 +60,6 @@
el3_payload_bin="manifest.dtb" \
has_smmuv3_params="1" \
gen_model_params
+
model="$model" model_dtb="manifest.dtb" gen_fvp_yaml
}
diff --git a/tf_config/fvp-spm b/tf_config/fvp-spm
index cf4878d..a0ceae5 100644
--- a/tf_config/fvp-spm
+++ b/tf_config/fvp-spm
@@ -3,5 +3,7 @@
SPD=spmd
SPMD_SPM_AT_SEL2=1
CTX_INCLUDE_EL2_REGS=1
-ARM_ARCH_MINOR=4
+ARM_ARCH_MINOR=5
+CTX_INCLUDE_PAUTH_REGS=1
+BRANCH_PROTECTION=1
SP_LAYOUT_FILE=${tftf_root}/build/fvp/${bin_mode}/sp_layout.json
diff --git a/tf_config/fvp-spm-optee-sp b/tf_config/fvp-spm-optee-sp
index 7533f73..95fc011 100644
--- a/tf_config/fvp-spm-optee-sp
+++ b/tf_config/fvp-spm-optee-sp
@@ -1,4 +1,6 @@
-ARM_ARCH_MINOR=4
+ARM_ARCH_MINOR=5
+CTX_INCLUDE_PAUTH_REGS=1
+BRANCH_PROTECTION=1
ARM_SPMC_MANIFEST_DTS=plat/arm/board/fvp/fdts/fvp_spmc_optee_sp_manifest.dts
CROSS_COMPILE=aarch64-none-elf-
CTX_INCLUDE_EL2_REGS=1
diff --git a/tf_config/fvp-spm-rst-bl31 b/tf_config/fvp-spm-rst-bl31
index 2b9c828..8e94368 100644
--- a/tf_config/fvp-spm-rst-bl31
+++ b/tf_config/fvp-spm-rst-bl31
@@ -4,5 +4,7 @@
SPD=spmd
SPMD_SPM_AT_SEL2=1
CTX_INCLUDE_EL2_REGS=1
-ARM_ARCH_MINOR=4
+ARM_ARCH_MINOR=5
+CTX_INCLUDE_PAUTH_REGS=1
+BRANCH_PROTECTION=1
SP_LAYOUT_FILE=${tftf_root}/build/fvp/${bin_mode}/sp_layout.json
diff --git a/tf_config/fvp-spm-tbb b/tf_config/fvp-spm-tbb
index b350626..5fa94ea 100644
--- a/tf_config/fvp-spm-tbb
+++ b/tf_config/fvp-spm-tbb
@@ -3,9 +3,12 @@
SPD=spmd
SPMD_SPM_AT_SEL2=1
CTX_INCLUDE_EL2_REGS=1
-ARM_ARCH_MINOR=4
+ARM_ARCH_MINOR=5
+CTX_INCLUDE_PAUTH_REGS=1
+BRANCH_PROTECTION=1
SP_LAYOUT_FILE=${tftf_root}/build/fvp/${bin_mode}/sp_layout.json
ARM_ROTPK_LOCATION=devel_rsa
GENERATE_COT=1
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem
TRUSTED_BOARD_BOOT=1
+USE_ROMLIB=1
diff --git a/tf_config/fvp-spm-tbb-dualroot b/tf_config/fvp-spm-tbb-dualroot
index 716e66b..53c0428 100644
--- a/tf_config/fvp-spm-tbb-dualroot
+++ b/tf_config/fvp-spm-tbb-dualroot
@@ -3,10 +3,13 @@
SPD=spmd
SPMD_SPM_AT_SEL2=1
CTX_INCLUDE_EL2_REGS=1
-ARM_ARCH_MINOR=4
+ARM_ARCH_MINOR=5
+CTX_INCLUDE_PAUTH_REGS=1
+BRANCH_PROTECTION=1
SP_LAYOUT_FILE=${tftf_root}/build/fvp/${bin_mode}/sp_layout.json
ARM_ROTPK_LOCATION=devel_rsa
GENERATE_COT=1
COT=dualroot
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem
TRUSTED_BOARD_BOOT=1
+USE_ROMLIB=1