Merge "fix(xlat_tables_v2): zeromem to clear all tables" into integration
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 3f1fff2..decb2f9 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -42,7 +42,7 @@
groups:
dev-deps:
patterns: ["*"]
- update-types: ["major", "minor", "patch"]
+ update-types: ["minor", "patch"]
- target-branch: "lts-v2.10"
package-ecosystem: "pip"
diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S
index 91ea75d..fce17e1 100644
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@@ -245,26 +245,30 @@
*/
func ea_proceed
/*
- * If the ESR loaded earlier is not zero, we were processing an EA
- * already, and this is a double fault.
+ * If it is a double fault invoke platform handler.
+ * Double fault scenario would arise when platform is handling a fault in
+ * lower EL using plat_ea_handler() and another fault happens which would
+ * trap into EL3 as FFH_SUPPORT is enabled for the platform.
*/
- ldr x5, [sp, #CTX_EL3STATE_OFFSET + CTX_ESR_EL3]
+ ldr x5, [sp, #CTX_EL3STATE_OFFSET + CTX_DOUBLE_FAULT_ESR]
cbz x5, 1f
no_ret plat_handle_double_fault
1:
- /* Save EL3 state */
+ /* Save EL3 state as handling might involve lower ELs */
mrs x2, spsr_el3
mrs x3, elr_el3
stp x2, x3, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
+ mrs x4, scr_el3
+ str x4, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
/*
- * Save ESR as handling might involve lower ELs, and returning back to
- * EL3 from there would trample the original ESR.
+ * Save CTX_DOUBLE_FAULT_ESR, so that if another fault happens in lower EL, we
+ * catch it as DoubleFault in next invocation of ea_proceed() along with
+ * preserving original ESR_EL3.
*/
- mrs x4, scr_el3
mrs x5, esr_el3
- stp x4, x5, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
+ str x5, [sp, #CTX_EL3STATE_OFFSET + CTX_DOUBLE_FAULT_ESR]
/*
* Setup rest of arguments, and call platform External Abort handler.
@@ -305,23 +309,15 @@
/* Make SP point to context */
msr spsel, #MODE_SP_ELX
- /* Restore EL3 state and ESR */
+ /* Clear Double Fault storage */
+ str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_DOUBLE_FAULT_ESR]
+
+ /* Restore EL3 state */
ldp x1, x2, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
msr spsr_el3, x1
msr elr_el3, x2
-
- /* Restore ESR_EL3 and SCR_EL3 */
- ldp x3, x4, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
+ ldr x3, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
msr scr_el3, x3
- msr esr_el3, x4
-
-#if ENABLE_ASSERTIONS
- cmp x4, xzr
- ASM_ASSERT(ne)
-#endif
-
- /* Clear ESR storage */
- str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_ESR_EL3]
ret x29
endfunc ea_proceed
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index 7914f6d..3e33824 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -387,7 +387,7 @@
Firmware Encryption Framework
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Sumit Garg <sumit.garg@linaro.org>
+:|M|: Sumit Garg <sumit.garg@kernel.org>
:|G|: `b49020`_
:|F|: drivers/io/io_encrypted.c
:|F|: include/drivers/io/io_encrypted.h
@@ -895,7 +895,7 @@
Synquacer platform port
^^^^^^^^^^^^^^^^^^^^^^^
-:|M|: Sumit Garg <sumit.garg@linaro.org>
+:|M|: Sumit Garg <sumit.garg@kernel.org>
:|G|: `b49020`_
:|M|: Masahisa Kojima <kojima.masahisa@socionext.com>
:|G|: `masahisak`_
@@ -996,7 +996,7 @@
Encrypt_fw tool
^^^^^^^^^^^^^^^
-:|M|: Sumit Garg <sumit.garg@linaro.org>
+:|M|: Sumit Garg <sumit.garg@kernel.org>
:|G|: `b49020`_
:|F|: tools/encrypt_fw/
diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst
index 9ca2aa9..d06d153 100644
--- a/docs/porting-guide.rst
+++ b/docs/porting-guide.rst
@@ -1001,7 +1001,7 @@
This function returns the size normal-world DCE of the platform.
Function : plat_drtm_get_imp_def_dlme_region_size()
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
::
@@ -1012,7 +1012,7 @@
of the platform.
Function : plat_drtm_get_tcb_hash_table_size()
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
::
@@ -1021,8 +1021,18 @@
This function returns the size of TCB hash table of the platform.
+Function : plat_drtm_get_acpi_tables_region_size()
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ Argument : void
+ Return : uint64_t
+
+This function returns the size of ACPI tables region of the platform.
+
Function : plat_drtm_get_tcb_hash_features()
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
::
@@ -1033,6 +1043,17 @@
platform.
For more details see section 3.3 Table 6 of `DRTM`_ specification.
+Function : plat_drtm_get_dlme_img_auth_features()
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ Argument : void
+ Return : uint64_t
+
+This function returns the DLME image authentication features.
+For more details see section 3.3 Table 6 of `DRTM`_ specification.
+
Function : plat_drtm_validate_ns_region()
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/include/lib/el3_runtime/aarch64/context.h b/include/lib/el3_runtime/aarch64/context.h
index 15d5204..d9a9188 100644
--- a/include/lib/el3_runtime/aarch64/context.h
+++ b/include/lib/el3_runtime/aarch64/context.h
@@ -67,25 +67,25 @@
******************************************************************************/
#define CTX_EL3STATE_OFFSET (CTX_GPREGS_OFFSET + CTX_GPREGS_END)
#define CTX_SCR_EL3 U(0x0)
-#define CTX_ESR_EL3 U(0x8)
-#define CTX_RUNTIME_SP U(0x10)
-#define CTX_SPSR_EL3 U(0x18)
-#define CTX_ELR_EL3 U(0x20)
-#define CTX_PMCR_EL0 U(0x28)
-#define CTX_IS_IN_EL3 U(0x30)
-#define CTX_MDCR_EL3 U(0x38)
+#define CTX_RUNTIME_SP U(0x8)
+#define CTX_SPSR_EL3 U(0x10)
+#define CTX_ELR_EL3 U(0x18)
+#define CTX_PMCR_EL0 U(0x20)
+#define CTX_IS_IN_EL3 U(0x28)
+#define CTX_MDCR_EL3 U(0x30)
/* Constants required in supporting nested exception in EL3 */
-#define CTX_SAVED_ELR_EL3 U(0x40)
+#define CTX_SAVED_ELR_EL3 U(0x38)
/*
* General purpose flag, to save various EL3 states
* FFH mode : Used to identify if handling nested exception
* KFH mode : Used as counter value
*/
-#define CTX_NESTED_EA_FLAG U(0x48)
+#define CTX_NESTED_EA_FLAG U(0x40)
#if FFH_SUPPORT
- #define CTX_SAVED_ESR_EL3 U(0x50)
- #define CTX_SAVED_SPSR_EL3 U(0x58)
- #define CTX_SAVED_GPREG_LR U(0x60)
+ #define CTX_SAVED_ESR_EL3 U(0x48)
+ #define CTX_SAVED_SPSR_EL3 U(0x50)
+ #define CTX_SAVED_GPREG_LR U(0x58)
+ #define CTX_DOUBLE_FAULT_ESR U(0x60)
#define CTX_EL3STATE_END U(0x70) /* Align to the next 16 byte boundary */
#else
#define CTX_EL3STATE_END U(0x50) /* Align to the next 16 byte boundary */
diff --git a/include/lib/transfer_list.h b/include/lib/transfer_list.h
index bcf9fc9..c403031 100644
--- a/include/lib/transfer_list.h
+++ b/include/lib/transfer_list.h
@@ -110,6 +110,7 @@
CASSERT(sizeof(struct transfer_list_entry) == U(0x8), assert_transfer_list_entry_size);
+void transfer_entry_dump(struct transfer_list_entry *te);
void transfer_list_dump(struct transfer_list_header *tl);
struct transfer_list_header *transfer_list_ensure(void *addr, size_t size);
entry_point_info_t *
diff --git a/include/plat/common/plat_drtm.h b/include/plat/common/plat_drtm.h
index 07545a6..0d6a818 100644
--- a/include/plat/common/plat_drtm.h
+++ b/include/plat/common/plat_drtm.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -59,6 +59,8 @@
uint64_t plat_drtm_get_tcb_hash_table_size(void);
uint64_t plat_drtm_get_imp_def_dlme_region_size(void);
uint64_t plat_drtm_get_tcb_hash_features(void);
+uint64_t plat_drtm_get_acpi_tables_region_size(void);
+uint64_t plat_drtm_get_dlme_img_auth_features(void);
/* DRTM error handling functions */
int plat_set_drtm_error(uint64_t error_code);
diff --git a/include/services/drtm_svc.h b/include/services/drtm_svc.h
index f0d3c63..3503fa4 100644
--- a/include/services/drtm_svc.h
+++ b/include/services/drtm_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2024 Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025 Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -49,6 +49,7 @@
#define ARM_DRTM_FEATURES_DMA_PROT U(0x3)
#define ARM_DRTM_FEATURES_BOOT_PE_ID U(0x4)
#define ARM_DRTM_FEATURES_TCB_HASHES U(0x5)
+#define ARM_DRTM_FEATURES_DLME_IMG_AUTH U(0x6)
#define is_drtm_fid(_fid) \
(((_fid) >= ARM_DRTM_SVC_VERSION) && ((_fid) <= ARM_DRTM_SVC_LOCK_TCB_HASH))
@@ -109,6 +110,9 @@
#define ARM_DRTM_TCB_HASH_FEATURES_MAX_NUM_HASHES_SHIFT U(0)
#define ARM_DRTM_TCB_HASH_FEATURES_MAX_NUM_HASHES_MASK ULL(0xFF)
+#define ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_SHIFT U(0)
+#define ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_MASK ULL(0x1)
+
#define ARM_DRTM_TPM_FEATURES_SET_PCR_SCHEMA(reg, val) \
do { \
reg = (((reg) & ~(ARM_DRTM_TPM_FEATURES_PCR_SCHEMA_MASK \
@@ -178,6 +182,16 @@
ARM_DRTM_TCB_HASH_FEATURES_MAX_NUM_HASHES_SHIFT)); \
} while (false)
+#define ARM_DRTM_DLME_IMG_AUTH_SUPPORT(reg, val) \
+ do { \
+ reg = (((reg) & \
+ ~(ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_MASK << \
+ ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_SHIFT)) | \
+ (((val) & \
+ ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_MASK) << \
+ ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_SHIFT)); \
+ } while (false)
+
/* Definitions for DRTM address map */
#define ARM_DRTM_REGION_SIZE_TYPE_CACHEABILITY_SHIFT U(55)
#define ARM_DRTM_REGION_SIZE_TYPE_CACHEABILITY_MASK ULL(0x3)
diff --git a/lib/transfer_list/transfer_list.c b/lib/transfer_list/transfer_list.c
index 07614a6..3817861 100644
--- a/lib/transfer_list/transfer_list.c
+++ b/lib/transfer_list/transfer_list.c
@@ -35,7 +35,15 @@
if (!te) {
break;
}
+
INFO("Entry %d:\n", i++);
+ transfer_entry_dump(te);
+ }
+}
+
+void transfer_entry_dump(struct transfer_list_entry *te)
+{
+ if (te) {
INFO("tag_id 0x%x\n", te->tag_id);
INFO("hdr_size 0x%x\n", te->hdr_size);
INFO("data_size 0x%x\n", te->data_size);
diff --git a/plat/arm/board/fvp/fvp_drtm_stub.c b/plat/arm/board/fvp/fvp_drtm_stub.c
index e2bc516..238febd 100644
--- a/plat/arm/board/fvp/fvp_drtm_stub.c
+++ b/plat/arm/board/fvp/fvp_drtm_stub.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -33,3 +33,13 @@
{
return 0ULL;
}
+
+uint64_t plat_drtm_get_acpi_tables_region_size(void)
+{
+ return 0ULL;
+}
+
+uint64_t plat_drtm_get_dlme_img_auth_features(void)
+{
+ return 0ULL;
+}
diff --git a/plat/arm/board/neoverse_rd/common/ras/nrd_ras_cpu.c b/plat/arm/board/neoverse_rd/common/ras/nrd_ras_cpu.c
index dcee92c..19fb796 100644
--- a/plat/arm/board/neoverse_rd/common/ras/nrd_ras_cpu.c
+++ b/plat/arm/board/neoverse_rd/common/ras/nrd_ras_cpu.c
@@ -129,8 +129,7 @@
cpu_info->ErrCtxEl3Reg[0] = read_ctx_reg(get_el3state_ctx(ctx),
CTX_ELR_EL3);
- cpu_info->ErrCtxEl3Reg[1] = read_ctx_reg(get_el3state_ctx(ctx),
- CTX_ESR_EL3);
+ cpu_info->ErrCtxEl3Reg[1] = read_esr_el3();
cpu_info->ErrCtxEl3Reg[2] = read_far_el3();
cpu_info->ErrCtxEl3Reg[4] = read_mair_el3();
cpu_info->ErrCtxEl3Reg[5] = read_sctlr_el3();
diff --git a/services/std_svc/drtm/drtm_main.c b/services/std_svc/drtm/drtm_main.c
index 37f2a2f..117934f 100644
--- a/services/std_svc/drtm/drtm_main.c
+++ b/services/std_svc/drtm/drtm_main.c
@@ -104,12 +104,16 @@
dlme_data_hdr_init.dlme_addr_map_size = drtm_get_address_map_size();
dlme_data_hdr_init.dlme_tcb_hashes_table_size =
plat_drtm_get_tcb_hash_table_size();
+ dlme_data_hdr_init.dlme_acpi_tables_region_size =
+ plat_drtm_get_acpi_tables_region_size();
dlme_data_hdr_init.dlme_impdef_region_size =
plat_drtm_get_imp_def_dlme_region_size();
- dlme_data_min_size += dlme_data_hdr_init.dlme_addr_map_size +
+ dlme_data_min_size += sizeof(struct_dlme_data_header) +
+ dlme_data_hdr_init.dlme_addr_map_size +
ARM_DRTM_MIN_EVENT_LOG_SIZE +
dlme_data_hdr_init.dlme_tcb_hashes_table_size +
+ dlme_data_hdr_init.dlme_acpi_tables_region_size +
dlme_data_hdr_init.dlme_impdef_region_size;
/* Fill out platform DRTM features structure */
@@ -130,6 +134,8 @@
plat_dma_prot_feat->dma_protection_support);
ARM_DRTM_TCB_HASH_FEATURES_SET_MAX_NUM_HASHES(plat_drtm_features.tcb_hash_features,
plat_drtm_get_tcb_hash_features());
+ ARM_DRTM_DLME_IMG_AUTH_SUPPORT(plat_drtm_features.dlme_image_auth_features,
+ plat_drtm_get_dlme_img_auth_features());
return 0;
}
@@ -171,6 +177,12 @@
plat_drtm_features.tcb_hash_features);
}
+static inline uint64_t drtm_features_dlme_img_auth_features(void *ctx)
+{
+ SMC_RET2(ctx, 1ULL, /* DLME Image auth is supported */
+ plat_drtm_features.dlme_image_auth_features);
+}
+
static enum drtm_retc drtm_dl_check_caller_el(void *ctx)
{
uint64_t spsr_el3 = read_ctx_reg(get_el3state_ctx(ctx), CTX_SPSR_EL3);
@@ -785,6 +797,12 @@
return drtm_features_tcb_hashes(handle);
break; /* not reached */
+ case ARM_DRTM_FEATURES_DLME_IMG_AUTH:
+ INFO("++ DRTM service handler: "
+ "DLME Image authentication features\n");
+ return drtm_features_dlme_img_auth_features(handle);
+ break; /* not reached */
+
default:
ERROR("Unknown ARM DRTM service feature\n");
SMC_RET1(handle, NOT_SUPPORTED);
diff --git a/services/std_svc/drtm/drtm_main.h b/services/std_svc/drtm/drtm_main.h
index c105b56..44d0d2d 100644
--- a/services/std_svc/drtm/drtm_main.h
+++ b/services/std_svc/drtm/drtm_main.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2024 Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025 Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -45,7 +45,7 @@
* Range(Min/Max) of DRTM parameter structure versions supported
*/
#define ARM_DRTM_PARAMS_MIN_VERSION U(1)
-#define ARM_DRTM_PARAMS_MAX_VERSION U(1)
+#define ARM_DRTM_PARAMS_MAX_VERSION U(2)
enum drtm_dlme_el {
DLME_AT_EL1 = MODE_EL1,
@@ -74,6 +74,7 @@
uint64_t dma_prot_features;
uint64_t boot_pe_id;
uint64_t tcb_hash_features;
+ uint64_t dlme_image_auth_features;
} drtm_features_t;
struct __packed drtm_dl_args_v1 {
diff --git a/services/std_svc/drtm/drtm_measurements.c b/services/std_svc/drtm/drtm_measurements.c
index 8d514b7..d4f2b57 100644
--- a/services/std_svc/drtm/drtm_measurements.c
+++ b/services/std_svc/drtm/drtm_measurements.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022 Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025 Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -198,6 +198,10 @@
PCR_18);
CHECK_RC(rc,
drtm_event_log_measure_and_record(DRTM_EVENT_ARM_SEPARATOR));
+
+ /* Measure no Action event but not extend it in PCR */
+ CHECK_RC(rc,
+ drtm_event_log_measure_and_record(DRTM_EVENT_ARM_NO_ACTION));
/*
* If the DCE is unable to log a measurement because there is no available
* space in the event log region, the DCE must extend a hash of the value
diff --git a/services/std_svc/drtm/drtm_measurements.h b/services/std_svc/drtm/drtm_measurements.h
index 6d7a84e..f5a8c7c 100644
--- a/services/std_svc/drtm/drtm_measurements.h
+++ b/services/std_svc/drtm/drtm_measurements.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022 Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025 Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -25,6 +25,9 @@
#define DRTM_EVENT_ARM_DCE_SECONDARY DRTM_EVENT_TYPE(8)
#define DRTM_EVENT_ARM_TZFW DRTM_EVENT_TYPE(9)
#define DRTM_EVENT_ARM_SEPARATOR DRTM_EVENT_TYPE(10)
+#define DRTM_EVENT_ARM_DLME_PUBKEY DRTM_EVENT_TYPE(11)
+#define DRTM_EVENT_ARM_DLME_SVN DRTM_EVENT_TYPE(12)
+#define DRTM_EVENT_ARM_NO_ACTION DRTM_EVENT_TYPE(13)
#define CHECK_RC(rc, func_call) { \
if (rc != 0) { \