Try to leak counter values from secure world.
This patch introduces a series of tests that try to leak PMU counter values
from EL3 and S_EL1.
PMU events used:
- CPU cycles via PMU counter PMCCNTR_EL0
- Retired writes to PC via PMU counter PMEVCNTR0_EL0
This AARCH64-specific patch is for security fix:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/1789
The AARCH32 versions of these tests will be in a future patch.
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ib27948edadde30272e59a9ab208543703fa078bd
diff --git a/include/lib/aarch64/arch.h b/include/lib/aarch64/arch.h
index c839d1a..a62f13c 100644
--- a/include/lib/aarch64/arch.h
+++ b/include/lib/aarch64/arch.h
@@ -148,6 +148,15 @@
#define ID_AA64DFR0_PMS_LENGTH U(4)
#define ID_AA64DFR0_PMS_MASK ULL(0xf)
+/* ID_AA64DFR0_EL1.DEBUG definitions */
+#define ID_AA64DFR0_DEBUG_SHIFT U(0)
+#define ID_AA64DFR0_DEBUG_LENGTH U(4)
+#define ID_AA64DFR0_DEBUG_MASK ULL(0xf)
+#define ID_AA64DFR0_V8_DEBUG_ARCH_SUPPORTED U(6)
+#define ID_AA64DFR0_V8_DEBUG_ARCH_VHE_SUPPORTED U(7)
+#define ID_AA64DFR0_V8_2_DEBUG_ARCH_SUPPORTED U(8)
+#define ID_AA64DFR0_V8_4_DEBUG_ARCH_SUPPORTED U(9)
+
#define EL_IMPL_NONE ULL(0)
#define EL_IMPL_A64ONLY ULL(1)
#define EL_IMPL_A64_A32 ULL(2)
@@ -659,6 +668,31 @@
#define PMCR_EL0_DP_BIT (U(1) << 5)
#define PMCR_EL0_X_BIT (U(1) << 4)
#define PMCR_EL0_D_BIT (U(1) << 3)
+#define PMCR_EL0_E_BIT (U(1) << 0)
+
+/* PMCNTENSET_EL0 definitions */
+#define PMCNTENSET_EL0_C_BIT (U(1) << 31)
+#define PMCNTENSET_EL0_P_BIT(x) (U(1) << x)
+
+/* PMEVTYPER<n>_EL0 definitions */
+#define PMEVTYPER_EL0_P_BIT (U(1) << 31)
+#define PMEVTYPER_EL0_NSK_BIT (U(1) << 29)
+#define PMEVTYPER_EL0_NSH_BIT (U(1) << 27)
+#define PMEVTYPER_EL0_M_BIT (U(1) << 26)
+#define PMEVTYPER_EL0_MT_BIT (U(1) << 25)
+#define PMEVTYPER_EL0_SH_BIT (U(1) << 24)
+#define PMEVTYPER_EL0_EVTCOUNT_BITS U(0x000003FF)
+
+/* PMCCFILTR_EL0 definitions */
+#define PMCCFILTR_EL0_P_BIT (U(1) << 31)
+#define PMCCFILTR_EL0_NSK_BIT (U(1) << 29)
+#define PMCCFILTR_EL0_NSH_BIT (U(1) << 27)
+#define PMCCFILTR_EL0_M_BIT (U(1) << 26)
+#define PMCCFILTR_EL0_MT_BIT (U(1) << 25)
+#define PMCCFILTR_EL0_SH_BIT (U(1) << 24)
+
+/* PMU event counter ID definitions */
+#define PMU_EV_PC_WRITE_RETIRED U(0x000C)
/*******************************************************************************
* Definitions for system register interface to SVE
diff --git a/include/lib/aarch64/arch_helpers.h b/include/lib/aarch64/arch_helpers.h
index 151e5be..9d1ebb8 100644
--- a/include/lib/aarch64/arch_helpers.h
+++ b/include/lib/aarch64/arch_helpers.h
@@ -395,6 +395,12 @@
DEFINE_SYSREG_RW_FUNCS(mdcr_el3)
DEFINE_SYSREG_RW_FUNCS(hstr_el2)
DEFINE_SYSREG_RW_FUNCS(pmcr_el0)
+DEFINE_SYSREG_RW_FUNCS(pmcntenset_el0)
+DEFINE_SYSREG_READ_FUNC(pmccntr_el0)
+DEFINE_SYSREG_RW_FUNCS(pmccfiltr_el0)
+
+DEFINE_SYSREG_RW_FUNCS(pmevtyper0_el0)
+DEFINE_SYSREG_READ_FUNC(pmevcntr0_el0)
/* GICv3 System Registers */