aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
3 daysMerge changes from topic "mte_fixes" into integrationHEADmasterMadhukar Pappireddy
* changes: build(changelog): move mte to mte2 refactor(mte): remove mte, mte_perm
3 daysbuild(changelog): move mte to mte2Govindraj Raja
With commit: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/27122?tab=comments FEAT_MTE is removed and we have only FEAT_MTE2, so update change log to reflect the same. Change-Id: I9f3bd7053f9c1fa355168968f412374e1c4937d4 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
3 daysrefactor(mte): remove mte, mte_permGovindraj Raja
Currently both FEAT_MTE and FEAT_MTE_PERM aren't used for enabling of any feature bits in EL3. So remove both FEAT handling. All mte regs that are currently context saved/restored are needed only when FEAT_MTE2 is enabled, so move to usage of FEAT_MTE2 and remove FEAT_MTE usage. BREAKING CHANGE: Any platform or downstream code trying to use SCR_EL3.ATA bit(26) will see failures as this is now moved to be used only with FEAT_MTE2 with commit@ef0d0e5478a3f19cbe70a378b9b184036db38fe2 Change-Id: Id01e154156571f7792135639e17dc5c8d0e17cf8 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
3 daysMerge "chore: rename Poseidon to Neoverse V3" into integrationLauren Wehrmeister
3 dayschore: rename Poseidon to Neoverse V3Sona Mathew
Rename Neoverse Poseidon to Neoverse V3, make changes to related build flags, macros, file names etc. Change-Id: I9e40ba8f80b7390703d543787e6cd2ab6301e891 Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
3 daysMerge changes from topic "feature/imx8m-csu" into integrationMadhukar Pappireddy
* changes: style(imx8m): add parenthesis to CSU_HP_REG feat(imx8mp): restrict peripheral access to secure world feat(imx8mp): set and lock almost all peripherals as non-secure feat(imx8mm): restrict peripheral access to secure world feat(imx8mm): set and lock almost all peripherals as non-secure feat(imx8m): add defines for csu_sa access security feat(imx8m): add imx csu_sa enum type defines for imx8m fix(imx8m): fix CSU_SA_REG to work with all sa registers
3 daysMerge "feat(imx8ulp): give HIFI4 DSP access to more resources" into integrationMadhukar Pappireddy
3 daysfeat(imx8ulp): give HIFI4 DSP access to more resourcesLaurentiu Mihalcea
This patch gives i.MX8ULP's HIFI4 DSP R/W access to the following additional resources (peripherals): 1) LPUART7 2) IOMUXC1 3) PCC4 4) CGC1 Doing this allows the firmware running on the DSP to set up serial communication, which also requires doing pinctrl and clock management-related operations. Access to the aforementioned resources is given by configuring the XRDC module. Change-Id: Ie3ca9f22bb625b2463870158875f503c3c1d6452 Signed-off-by: Laurentiu Mihalcea <laurentiu.mihalcea@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com>
4 daysMerge "fix(cpus): workaround for Cortex-A715 erratum 2413290" into integrationBipin Ravi
4 daysMerge "fix(cpus): workaround for Cortex-A720 erratum 2926083" into integrationMark Dykes
4 daysfix(cpus): workaround for Cortex-A715 erratum 2413290Sona Mathew
Erratum 2413290 is a Cat B erratum that is present only in revision r0p1 and is fixed in r1p1. The initial implementation did not consider that this fix is to be applied only when SPE (Statistical Profiling Extension) is implemented and enabled. This patch applies the fix by adding a check for ENABLE_SPE_FOR_NS. Change-Id: I87b2175b89d6fb168c77e6ab233c90ca056791a1 Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
7 daysMerge changes Id72a0370,I2bafba38,I2bd48441,I164c579c,Iddf8aea0, ... into ↵André Przywara
integration * changes: feat(rpi): add Raspberry Pi 5 support fix(rpi): consider MT when calculating core index from MPIDR refactor(rpi): move register definitions out of rpi_hw.h refactor(rpi): add platform macro for the crash UART base address refactor(rpi): split out console registration logic refactor(rpi): move more platform-specific code into common
7 daysfix(cpus): workaround for Cortex-A720 erratum 2926083Bipin Ravi
Cortex-A720 erratum 2926083 is a Cat B erratum that is present in revisions r0p0, r0p1 and is fixed in r0p2. The errata is only present when SPE (Statistical Profiling Extension) is implemented and enabled. The workaround is to set bits[58:57] of the CPUACTLR_EL1 to 'b11 when SPE is "implemented and enabled". SDEN documentation: https://developer.arm.com/documentation/SDEN2439421/latest Change-Id: I30182c3893416af65b55fca9a913cb4512430434 Signed-off-by: Bipin Ravi <bipin.ravi@arm.com> Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
7 daysMerge "fix(mte): use ATA bit with FEAT_MTE2" into integrationManish Pandey
7 daysMerge "refactor(cm): minor update on conditions used in prepare_el3_exit" ↵Manish Pandey
into integration
8 daysMerge "chore: update status of Cortex-X3 erratum 2615812" into integrationBipin Ravi
8 daysMerge "fix(nuvoton): gfx frame buffer memory corruption during secondary ↵Madhukar Pappireddy
boot" into integration
8 daysMerge "fix(cpus): workaround for Cortex-A720 erratum 2940794" into integrationMadhukar Pappireddy
8 daysMerge "fix(mhu): use MHUv2 if PLAT_MHU_VERSION undefined" into integrationMadhukar Pappireddy
8 daysfix(mhu): use MHUv2 if PLAT_MHU_VERSION undefinedJoel Goddard
If RSS Comms is used but PLAT_MHU_VERSION was undefined then it should default to MHUv2 to avoid breaking existing configurations which did not need to specify PLAT_MHU_VERSION as on MHUv2 was available. Change-Id: I8353b49b9f61414a664c2802f90ba3b2bc526887 Signed-off-by: Joel Goddard <joel.goddard@arm.com>
8 daysMerge changes from topic "st_docs_update" into integrationMadhukar Pappireddy
* changes: docs(st): set OP-TEE as default BL32 docs(st): one device flag for ST platforms
9 daysMerge changes from topic "st_mckprot_bl32" into integrationMadhukar Pappireddy
* changes: refactor(stm32mp1): move the MCU security to BL32 feat(st-clock): add function to control MCU subsystem
9 dayschore: update status of Cortex-X3 erratum 2615812Sona Mathew
SDEN documentation: https://developer.arm.com/documentation/2055130/latest Change-Id: Ied7150bab505a743401cf4afa9a0a5f81d5fdff1 Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
9 daysMerge changes from topic "tfa_mhuv3" into integrationMadhukar Pappireddy
* changes: feat(mhu): use compile flag to choose mhu version feat(mhu): add MHUv3 wrapper APIs for RSS comm driver feat(mhu): add MHUv3 doorbell driver
9 daysMerge "refactor: fix common misspelling of init*" into integrationManish Pandey
9 daysrefactor: fix common misspelling of init*Harrison Mutai
Change-Id: I3fc95e8e53ef487fd5a559cda739aaea33d765a9 Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
9 daysrefactor(cm): minor update on conditions used in prepare_el3_exitJayanth Dodderi Chidanand
This patch covers the following: * Conditions set for verifying the EL2 presence and its usage for various scenarios while exiting to Non secure world "cm_prepare_el3_exit" has been improved. * It thereby also fixes the issue(misra_c_2012_rule_15_7_violation) for not terminating "if..else if" construct with an else statement and keeps code in accordance with MISRA standards. Change-Id: Ie5284447f5ac91412552629b76dbf2e636a09fd9 Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
10 daysfix(cpus): workaround for Cortex-A720 erratum 2940794Bipin Ravi
Cortex-A720 erratum 2940794 is a Cat B erratum that is present in revision r0p0, r0p1 and is fixed in r0p2. The workaround is to set bit[37] of the CPUACTLR2_EL1 to 1. SDEN documentation: https://developer.arm.com/documentation/SDEN2439421/latest Change-Id: I1488802e0ec7c16349c9633bb45de4d0e1faa9ad Signed-off-by: Bipin Ravi <biprav01@u203721.austin.arm.com>
10 daysrefactor(stm32mp1): move the MCU security to BL32Yann Gautier
Change the MCKPROT control management. Now, the MCU subsystem is done in the BL32 using the dedicated clock function. If using OP-TEE, you will need the corresponding commit [1]. This should be integrated in OP-TEE tag 4.2.0. [1] e07f9212d5 plat-stm32mp1: shared_resource: disable MCKPROT if not needed Signed-off-by: Lionel Debieve <lionel.debieve@st.com> Change-Id: I59f90ace750aa93f674389f881e2fe14ad334a72
10 daysfeat(st-clock): add function to control MCU subsystemLionel Debieve
Add a new function to control the MCU subsystem security state. Signed-off-by: Lionel Debieve <lionel.debieve@st.com> Change-Id: I070eec06fc93a1214227f25a6a4f1c40c66c86b0
10 daysMerge "docs(threat_model): cover the 'timing' side channel threat" into ↵Madhukar Pappireddy
integration
10 daysdocs(threat_model): cover the 'timing' side channel threatManish V Badarkhe
Incorporate a timing side-channel attack into the TF-A generic threat model. There is no software mitigation measures in TF-A against this specific type of attack. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I10e53f8ed85a6da32de4fa6a210805f950018102
10 daysdocs(st): set OP-TEE as default BL32Yann Gautier
Recommend OP-TEE as the default BL32 for STMicroelectronics platforms. SP_MIN is no more supported in STMicroelectronics software [1]. It will then no more receive new features, but should still remain as it is in the TF-A code. [1]: https://wiki.st.com/stm32mpu/wiki/STM32_MPU_OpenSTLinux_release_note_-_v5.0.0#TF-A Signed-off-by: Yann Gautier <yann.gautier@st.com> Change-Id: Ic49338dbba3fdcebcb1e477e6a1dbde32783482b
10 daysdocs(st): one device flag for ST platformsYann Gautier
Due to embedded SRAM used to load BL2 and BL31 or BL32 has a limited size, only one storage device or serial device flag should be selected in TF-A build command line for ST platforms. This is in line with STMicroelectionics recommendation [1] about those compilation flags. [1]: https://wiki.st.com/stm32mpu/wiki/How_to_configure_TF-A_BL2#Build_command_details Signed-off-by: Yann Gautier <yann.gautier@st.com> Change-Id: I6f6ab17d45d00289989a606d15c143e5710c64ce
10 daysMerge "refactor(guid-partition): list.entry_count to unsigned int" into ↵Manish V Badarkhe
integration
10 daysfix(nuvoton): gfx frame buffer memory corruption during secondary bootrutigl@gmail.com
gfx frame buffer memory corruption because of moving TF-A to DDR Change-Id: I6f1e0c8d048273b8047497adec631160aaf393d6 Signed-off-by: Margarita Glushkin <rutigl@gmail.com>
11 daysfix(mte): use ATA bit with FEAT_MTE2Govindraj Raja
Currently SCR_EL3.ATA bit(26) is used freely or either with FEAT_MTE, But ATA bit is available only with FEAT_MTE2. So use FEAT_MTE2 conditional check for use of SCR_EL3.ATA. Ref: https://developer.arm.com/documentation/ddi0601/2023-12/AArch64-Registers/SCR-EL3--Secure-Configuration-Register?lang=en#fieldset_0-26_26-1 Change-Id: I0a5766a138b0be760c5584014f1ab817e4207a93 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
11 daysrefactor(guid-partition): list.entry_count to unsigned intlaurenw-arm
Change list.entry_count to unsigned int to align with header.list_num, removing the need for casting. Change-Id: Id4259d9e841c8d34fe23fb74a7c627f2a643cbf2 Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
11 daysMerge "refactor(mbedtls): remove mbedtls 2.x support" into integrationManish V Badarkhe
2024-03-14Merge "refactor(sdei): use common create_spsr() in SDEI library" into ↵Lauren Wehrmeister
integration
2024-03-13refactor(mbedtls): remove mbedtls 2.x supportlaurenw-arm
Deprecation notice was sent to the community and no objection was raised, so removing mbedtls 2.x support. Change-Id: Id3eb98b55692df98aabe6a7c5a5ec910222c8abd Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
2024-03-12Merge "fix(cpus): fix a defect in Cortex-A715 erratum 2561034" into integrationLauren Wehrmeister
2024-03-12style(imx8m): add parenthesis to CSU_HP_REGStefan Kerkmann
To be inline with CSU_SA_REG and CSU_HPCONTROL_REG. Change-Id: Ia7332096312df41a8cf994d58fad76a99493dd02 Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
2024-03-12feat(imx8mp): restrict peripheral access to secure worldStefan Kerkmann
This restricts and locks all security relevant peripherals to only be changeable by the secure world. Otherwise the normal world can simply change the access settings and defeat all security measures put in place. Change-Id: I248ef8dd67f1de7e528c3da456311bb138b77540 Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
2024-03-12feat(imx8mp): set and lock almost all peripherals as non-secureStefan Kerkmann
This sets and locks all peripheral type-1 masters, except CAAM, access as non-secure, so that they can't access secure world resources from the normal world. The CAAM itself is TrustZone aware and handles memory access between the normal world and the secure world on its own. Pinning it as non-secure access results in bus aborts if the secure memory region is protected by the TZASC380. Change-Id: Iedf3d67481dc35d56aa7b291749b999a56d6e85e Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
2024-03-12feat(imx8mm): restrict peripheral access to secure worldStefan Kerkmann
This restricts and locks all security relevant peripherals to only be changeable by the secure world. Otherwise the normal world can simply change the access settings and defeat all security measures put in place. Change-Id: I484a2c8164e58b68256d829470e00d5ec473e266 Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
2024-03-12feat(imx8mm): set and lock almost all peripherals as non-secureStefan Kerkmann
This sets and locks all peripheral type-1 masters, except CAAM, access as non-secure, so that they can't access secure world resources from the normal world. The CAAM itself is TrustZone aware and handles memory access between the normal world and the secure world on its own. Pinning it as non-secure access results in bus aborts if the secure memory region is protected by the TZASC380. Change-Id: Idba4d8a491ccce0491489c61e73545baab1889c4 Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
2024-03-12Merge "fix(cpus): workaround for Cortex-A715 erratum 2413290" into integrationBipin Ravi
2024-03-11fix(cpus): fix a defect in Cortex-A715 erratum 2561034Bipin Ravi
Cortex-A715 erratum 2561034 mitigation needs to be applied during reset. This patch fixes the current macro usage from runtime to reset for both start and end macros. Change-Id: I4f115bbb27c57f16cada2a7eb314af8380f93cb4 Signed-off-by: Bipin Ravi <biprav01@u203721.austin.arm.com>
2024-03-11fix(cpus): workaround for Cortex-A715 erratum 2413290Sona Mathew
Cortex-A715 erratum 2413290 is a Cat B erratum that is present only in revision r1p0 and is fixed in r1p1. The errata is only present when SPE(Statistical Profiling Extension) is enabled. The workaround is to set bits[58:57] of the CPUACTLR_EL1 to 'b11 when SPE is enabled, ENABLE_SPE_FOR_NS=1. SDEN documentation: https://developer.arm.com/documentation/SDEN2148827/latest Change-Id: Iaeb258c8b0a92e93d70b7dad6ba59d1056aeb135 Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>