Merge "fix(cpus): workaround for Cortex-A510 erratum 2684597" into integration
diff --git a/common/fdt_wrappers.c b/common/fdt_wrappers.c
index 1b065b1..783b660 100644
--- a/common/fdt_wrappers.c
+++ b/common/fdt_wrappers.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -206,9 +206,9 @@
assert(cells <= 2U);
if (cells == 2U)
- *(uint64_t *)value = cpu_to_fdt64(*(uint64_t *)value);
+ *(fdt64_t *)value = cpu_to_fdt64(*(uint64_t *)value);
else
- *(uint32_t *)value = cpu_to_fdt32(*(uint32_t *)value);
+ *(fdt32_t *)value = cpu_to_fdt32(*(uint32_t *)value);
len = (int)cells * 4;
@@ -392,7 +392,7 @@
* to a global address with help of various helper functions.
******************************************************************************/
-static bool fdtw_xlat_hit(const uint32_t *value, int child_addr_size,
+static bool fdtw_xlat_hit(const fdt32_t *value, int child_addr_size,
int parent_addr_size, int range_size, uint64_t base_address,
uint64_t *translated_addr)
{
@@ -427,7 +427,7 @@
int local_bus, uint64_t base_address)
{
uint64_t translated_addr;
- const uint32_t *next_entry;
+ const fdt32_t *next_entry;
int parent_bus_node, nxlat_entries, length;
int self_addr_cells, parent_addr_cells, self_size_cells, ncells_xlat;
@@ -460,7 +460,7 @@
assert(nxlat_entries > 0);
- next_entry = (const uint32_t *)ranges_prop->data;
+ next_entry = (const fdt32_t *)ranges_prop->data;
/* Iterate over the entries in the "ranges" */
for (int i = 0; i < nxlat_entries; i++) {
diff --git a/docs/components/realm-management-extension.rst b/docs/components/realm-management-extension.rst
index 2ea8012..919eea5 100644
--- a/docs/components/realm-management-extension.rst
+++ b/docs/components/realm-management-extension.rst
@@ -13,7 +13,7 @@
The following diagram shows an Arm CCA software architecture with TF-A as the
EL3 firmware. In the Arm CCA architecture there are two additional security
states and address spaces: ``Root`` and ``Realm``. TF-A firmware runs in the
-Root world. In the realm world, a Realm Management Monitor firmware (RMM)
+Root world. In the realm world, a Realm Management Monitor firmware (`RMM`_)
manages the execution of Realm VMs and their interaction with the hypervisor.
.. image:: ../resources/diagrams/arm-cca-software-arch.png
@@ -44,7 +44,7 @@
In a typical TF-A boot flow, BL2 runs at Secure-EL1. However when RME is
enabled, TF-A runs in the Root world at EL3. Therefore, the boot flow is
modified to run BL2 at EL3 when RME is enabled. In addition to this, a
-Realm-world firmware (RMM) is loaded by BL2 in the Realm physical address
+Realm-world firmware (`RMM`_) is loaded by BL2 in the Realm physical address
space.
The boot flow when RME is enabled looks like the following:
@@ -70,57 +70,85 @@
RMM Dispatcher (RMMD)
************************
RMMD is a new standard runtime service that handles the switch to the Realm
-world. It initializes the RMM and handles Realm Management Interface (RMI)
-SMC calls from Non-secure and Realm worlds.
+world. It initializes the `RMM`_ and handles Realm Management Interface (RMI)
+SMC calls from Non-secure.
-There is a contract between RMM and RMMD that defines the arguments that the
+There is a contract between `RMM`_ and RMMD that defines the arguments that the
former needs to take in order to initialize and also the possible return values.
-This contract is defined in the RMM Boot Interface, which can be found at
+This contract is defined in the `RMM`_ Boot Interface, which can be found at
:ref:`rmm_el3_boot_interface`.
There is also a specification of the runtime services provided by TF-A
-to RMM. This can be found at :ref:`runtime_services_and_interface`.
+to `RMM`_. This can be found at :ref:`runtime_services_and_interface`.
Test Realm Payload (TRP)
*************************
TRP is a small test payload that runs at R-EL2 and implements a subset of
the Realm Management Interface (RMI) commands to primarily test EL3 firmware
and the interface between R-EL2 and EL3. When building TF-A with RME enabled,
-if a path to an RMM image is not provided, TF-A builds the TRP by default
-and uses it as RMM image.
+if the path to an RMM image is not provided, TF-A builds the TRP by default
+and uses it as the R-EL2 payload.
Building and running TF-A with RME
-------------------------------------
+----------------------------------
This section describes how you can build and run TF-A with RME enabled.
-We assume you have all the :ref:`Prerequisites` to build TF-A.
+We assume you have read the :ref:`Prerequisites` to build TF-A.
The following instructions show you how to build and run TF-A with RME
-for two scenarios:
+on FVP for two scenarios:
-- Three-world execution: TF-A with TF-A Tests or Linux.
+- Three-world execution: This is the configuration to use if Secure
+ world functionality is not needed. TF-A is tested with the following
+ software entities in each world as listed below:
- - NS (TF-A Test or Linux),
+ - NS Host (RME capable Linux or TF-A Tests),
- Root (TF-A)
- - Realm (RMM or TRP)
+ - R-EL2 (`RMM`_ or TRP)
-- Four-world execution: TF-A, Hafnium and TF-A Tests or Linux.
+- Four-world execution: This is the configuration to use if both Secure
+ and Realm world functionality is needed. TF-A is tested with the following
+ software entities in each world as listed below:
- - NS (TF-A Test or Linux),
+ - NS Host (RME capable Linux or TF-A Tests),
- Root (TF-A)
- - Realm (RMM or TRP)
- - SPM (Hafnium)
+ - R-EL2 (`RMM`_ or TRP)
+ - S-EL2 (Hafnium SPM)
To run the tests, you need an FVP model. Please use the :ref:`latest version
-<Arm Fixed Virtual Platforms (FVP)>` of *FVP_Base_RevC-2xAEMvA* model.
+<Arm Fixed Virtual Platforms (FVP)>` of *FVP_Base_RevC-2xAEMvA* model. If NS
+Host is Linux, then the below instructions assume that a suitable RME enabled
+kernel image and associated root filesystem are available.
-Three World Testing with TF-A Tests
-*************************************
+Three-world execution
+*********************
-**1. Obtain and build TF-A Tests with Realm Payload**
+**1. Clone and build RMM Image**
-The full set of instructions to setup build host and build options for
-TF-A-Tests can be found in the `TFTF Getting Started`_.
+Please refer to the `RMM Getting Started`_ on how to setup
+Host Environment and build `RMM`_. The build commands assume that
+an AArch64 toolchain and CMake executable are available in the
+shell PATH variable and CROSS_COMPILE variable has been setup
+appropriately.
+
+To clone `RMM`_ and build using the default build options for FVP:
+
+.. code:: shell
+
+ git clone --recursive https://git.trustedfirmware.org/TF-RMM/tf-rmm.git
+ cd tf-rmm
+ cmake -DRMM_CONFIG=fvp_defcfg -S . -B build
+ cmake --build build
+
+This will generate **rmm.img** in **build/Release** folder.
+
+**2. Clone and build TF-A Tests with Realm Payload**
+
+This step is only needed if NS Host is TF-A Tests. The full set
+of instructions to setup build host and build options for
+TF-A-Tests can be found in the `TFTF Getting Started`_. TF-A Tests
+can test Realm world with either `RMM`_ or TRP in R-EL2. In the TRP case,
+some tests which are not applicable will be skipped.
Use the following instructions to build TF-A with `TF-A Tests`_ as the
non-secure payload (BL33).
@@ -134,37 +162,23 @@
This produces a TF-A Tests binary (**tftf.bin**) with Realm payload packaged
and **sp_layout.json** in the **build/fvp/debug** directory.
-**2. Obtain and build RMM Image**
-Please refer to the `RMM Getting Started`_ on how to setup
-Host Environment and build RMM.
-
-The below command shows how to build RMM using the default build options for FVP.
-
-.. code:: shell
-
- git clone --recursive https://git.trustedfirmware.org/TF-RMM/tf-rmm.git
- cd tf-rmm
- cmake -DRMM_CONFIG=fvp_defcfg -S . -B build
- cmake --build build
-
-This will generate **rmm.img** in **build** folder.
-
-**3. Build TF-A**
+**3. Build RME Enabled TF-A**
The `TF-A Getting Started`_ has the necessary instructions to setup Host
machine and build TF-A.
To build for RME, set ``ENABLE_RME`` build option to 1 and provide the path to
-the RMM binary using the ``RMM`` build option.
-Currently, this feature is only supported for the FVP platform.
+the `RMM`_ binary ``rmm.img`` using ``RMM`` build option.
.. note::
ENABLE_RME build option is currently experimental.
-If the ``RMM`` option is not used, then the Test Realm Payload (TRP) in TF-A
-will be built and used as the RMM.
+.. note::
+
+ If the ``RMM`` option is not specified, TF-A builds the TRP to load and
+ run at R-EL2.
.. code:: shell
@@ -176,16 +190,42 @@
RMM=<path/to/rmm.img> \
FVP_HW_CONFIG_DTS=fdts/fvp-base-gicv3-psci-1t.dts \
DEBUG=1 \
- BL33=<path/to/tftf.bin> \
+ BL33=<path/to/bl33> \
all fip
-This produces **bl1.bin** and **fip.bin** binaries in the **build/fvp/debug** directory.
+``BL33`` can point to a Non Secure Bootloader like UEFI/U-Boot or
+the TF-A Tests binary(**tftf.bin**) from the previous step.
-Running the tests for a 3 world FVP setup
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+This produces **bl1.bin** and **fip.bin** binaries in the **build/fvp/debug**
+directory.
-Use the following command to run the tests on FVP. TF-A Tests should boot
-and run the default tests including Realm world tests.
+TF-A can also directly boot Linux kernel on the FVP. The kernel needs to be
+`preloaded` to a suitable memory location and this needs to be specified via
+``PRELOADED_BL33_BASE`` build option. Also TF-A should implement the Linux
+kernel register conventions for boot and this can be set using the
+``ARM_LINUX_KERNEL_AS_BL33`` option.
+
+.. code-block:: shell
+
+ cd trusted-firmware-a
+ make CROSS_COMPILE=aarch64-none-elf- \
+ PLAT=fvp \
+ ENABLE_RME=1 \
+ RMM=<path/to/rmm.img> \
+ FVP_HW_CONFIG_DTS=fdts/fvp-base-gicv3-psci-1t.dts \
+ DEBUG=1 \
+ ARM_LINUX_KERNEL_AS_BL33=1 \
+ PRELOADED_BL33_BASE=0x84000000 \
+ all fip
+
+The above command assumes that the Linux kernel will be placed in FVP
+memory at 0x84000000 via suitable FVP option (see the next step).
+
+.. _fvp_3_world_cmd:
+
+**4. Running FVP for 3 world setup**
+
+Use the following command to run the tests on FVP.
.. code:: shell
@@ -239,9 +279,30 @@
-C cluster1.restriction_on_speculative_execution_aarch32=2 \
-C pctl.startup=0.0.0.0 \
-C bp.smsc_91c111.enabled=1 \
- -C bp.hostbridge.userNetworking=1
+ -C bp.hostbridge.userNetworking=1 \
+ -C bp.virtioblockdevice.image_path=<path/to/rootfs.ext4>
-The bottom of the output from *uart0* should look something like the following.
+The ``bp.virtioblockdevice.image_path`` option presents the rootfs as a
+virtio block device to Linux kernel. It can be ignored if NS Host is
+TF-A-Tests or rootfs is accessed by some other mechanism.
+
+If TF-A was built to expect a preloaded Linux kernel, then use the following
+FVP argument to load the kernel image at the expected address.
+
+.. code-block:: shell
+
+ --data cluster0.cpu0=<path_to_kernel_Image>@0x84000000 \
+
+
+.. tip::
+ Tips to boot and run Linux faster on the FVP :
+ 1. Set the FVP option ``cache_state_modelled`` to 0.
+ 2. Disable the CPU Idle driver in Linux either by setting the kernel command line
+ parameter "cpuidle.off=1" or by disabling the ``CONFIG_CPU_IDLE`` kernel config.
+
+If the NS Host is TF-A-Tests, then the default test suite in TFTF
+will execute on the FVP and this includes Realm world tests. The
+tail of the output from *uart0* should look something like the following.
.. code-block:: shell
@@ -263,52 +324,19 @@
Passed
...
-Building TF-A with RME enabled Linux Kernel
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-If an RME enabled Linux kernel and filesystem is available for testing,
-and a suitable NS boot loader is not available, then this option can be used to
-launch kernel directly after BL31:
-
-.. code-block:: shell
-
- cd trusted-firmware-a
- make CROSS_COMPILE=aarch64-none-elf- \
- PLAT=fvp \
- ENABLE_RME=1 \
- RMM=<path/to/rmm.img> \
- FVP_HW_CONFIG_DTS=fdts/fvp-base-gicv3-psci-1t.dts \
- DEBUG=1 \
- ARM_LINUX_KERNEL_AS_BL33=1 \
- PRELOADED_BL33_BASE=0x84000000 \
- all fip
-
-Boot and run the RME enabled Linux Kernel
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Use the following additional arguments to boot the kernel on FVP.
-
-.. code-block:: shell
-
- --data cluster0.cpu0=<path_to_kernel_Image>@0x84000000 \
- -C bp.virtioblockdevice.image_path=<path_to_rootfs.ext4>
-
-.. tip::
-
- Set the FVP option `cache_state_modelled=0` to run Linux based tests much faster.
-
-Four-world execution with Hafnium and TF-A Tests
-*************************************************
+Four-world execution
+********************
Four-world execution involves software components in each security state: root,
secure, realm and non-secure. This section describes how to build TF-A
with four-world support.
-We use TF-A as the root firmware, `Hafnium SPM`_ is the reference Secure world component
-and the software components for the other 2 worlds (Realm and Non-Secure)
-are as described in the previous section.
+We use TF-A as the root firmware, `Hafnium SPM`_ is the reference Secure world
+component running at S-EL2. `RMM`_ can be built as described in previous
+section. The examples below assume TF-A-Tests as the NS Host and utilize SPs
+from TF-A-Tests.
-**1. Obtain and build Hafnium**
+**1. Obtain and build Hafnium SPM**
.. code:: shell
@@ -342,11 +370,12 @@
The Hafnium binary should be located at
*out/reference/secure_aem_v8a_fvp_clang/hafnium.bin*
-**2. Build TF-A**
+**2. Build RME enabled TF-A with SPM**
Build TF-A with RME as well as SPM enabled.
-Use sp_layout.json previously generated in tf-a-test build.
+Use the ``sp_layout.json`` previously generated in TF-A Tests
+build to run SP tests.
.. code:: shell
@@ -355,7 +384,6 @@
ENABLE_RME=1 \
FVP_HW_CONFIG_DTS=fdts/fvp-base-gicv3-psci-1t.dts \
SPD=spmd \
- SPMD_SPM_AT_SEL2=1 \
BRANCH_PROTECTION=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
DEBUG=1 \
@@ -365,11 +393,11 @@
RMM=<path/to/rmm.img> \
all fip
-Running the tests for a 4 world FVP setup
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+**3. Running the FVP for a 4 world setup**
-Use the following arguments in addition to
-`Running the tests for a 3 world FVP setup`_ to run tests for 4 world setup.
+Use the following arguments in addition to the FVP options mentioned in
+:ref:`4. Running FVP for 3 world setup <fvp_3_world_cmd>` to run tests for
+4 world setup.
.. code:: shell
@@ -388,4 +416,5 @@
.. _TF-A Tests: https://trustedfirmware-a-tests.readthedocs.io/en/latest
.. _TFTF Getting Started: https://trustedfirmware-a-tests.readthedocs.io/en/latest/getting_started/index.html
.. _Hafnium SPM: https://www.trustedfirmware.org/projects/hafnium
-.. _RMM Getting Started: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tree/docs/getting_started/index.rst
+.. _RMM Getting Started: https://tf-rmm.readthedocs.io/en/latest/getting_started/index.html
+.. _RMM: https://www.trustedfirmware.org/projects/tf-rmm/
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 5315d97..5b67299 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -321,6 +321,10 @@
CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, and r1p2, and
it is still open.
+- ``ERRATA_A78_2779479``: This applies erratum 2779479 workaround to Cortex-A78
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1 and r1p2 and
+ it is still open.
+
For Cortex-A78 AE, the following errata build flags are defined :
- ``ERRATA_A78_AE_1941500`` : This applies errata 1941500 workaround to
@@ -468,6 +472,10 @@
CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1 and r1p2 of the
CPU. It is still open.
+- ``ERRATA_V1_2779461``: This applies erratum 2779461 workaround to Neoverse-V1
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, r1p2 of the
+ CPU. It is still open.
+
For Cortex-A710, the following errata build flags are defined :
- ``ERRATA_A710_1987031``: This applies errata 1987031 workaround to
diff --git a/docs/process/security.rst b/docs/process/security.rst
index e15783b..f1e7a9d 100644
--- a/docs/process/security.rst
+++ b/docs/process/security.rst
@@ -9,10 +9,8 @@
vulnerabilities and inform users as best we can about all possible issues.
We disclose TF-A vulnerabilities as Security Advisories, all of which are listed
-at the bottom of this page. Any new ones will, additionally, be announced as
-issues in the project's `issue tracker`_ with the ``security-advisory`` tag. You
-can receive notification emails for these by watching the "Trusted Firmware-A"
-project at https://developer.trustedfirmware.org/.
+at the bottom of this page. Any new ones will, additionally, be announced on the
+TF-A project's `mailing list`_.
Found a Security Issue?
-----------------------
@@ -86,4 +84,4 @@
--------------
-*Copyright (c) 2019-2022, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
diff --git a/drivers/auth/mbedtls/mbedtls_x509_parser.c b/drivers/auth/mbedtls/mbedtls_x509_parser.c
index bef2f3d..bbabd9b 100644
--- a/drivers/auth/mbedtls/mbedtls_x509_parser.c
+++ b/drivers/auth/mbedtls/mbedtls_x509_parser.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -484,7 +484,7 @@
rc = get_ext(type_desc->cookie, param, param_len);
break;
case AUTH_PARAM_PUB_KEY:
- if (type_desc->cookie != 0) {
+ if (type_desc->cookie != NULL) {
/* Get public key from extension */
rc = get_ext(type_desc->cookie, param, param_len);
} else {
diff --git a/drivers/console/multi_console.c b/drivers/console/multi_console.c
index e3fb749..93c38d8 100644
--- a/drivers/console/multi_console.c
+++ b/drivers/console/multi_console.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,7 +11,7 @@
#include <drivers/console.h>
console_t *console_list;
-uint8_t console_state = CONSOLE_FLAG_BOOT;
+static uint8_t console_state = CONSOLE_FLAG_BOOT;
IMPORT_SYM(console_t *, __STACKS_START__, stacks_start)
IMPORT_SYM(console_t *, __STACKS_END__, stacks_end)
diff --git a/drivers/io/io_block.c b/drivers/io/io_block.c
index 5d45c2f..b5e0e5f 100644
--- a/drivers/io/io_block.c
+++ b/drivers/io/io_block.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -271,7 +271,7 @@
block_size = cur->dev_spec->block_size;
assert((length <= cur->size) &&
(length > 0U) &&
- (ops->read != 0));
+ (ops->read != NULL));
/*
* We don't know the number of bytes that we are going
@@ -383,8 +383,8 @@
block_size = cur->dev_spec->block_size;
assert((length <= cur->size) &&
(length > 0U) &&
- (ops->read != 0) &&
- (ops->write != 0));
+ (ops->read != NULL) &&
+ (ops->write != NULL));
/*
* We don't know the number of bytes that we are going
diff --git a/drivers/mmc/mmc.c b/drivers/mmc/mmc.c
index 8e83464..2b727d4 100644
--- a/drivers/mmc/mmc.c
+++ b/drivers/mmc/mmc.c
@@ -69,8 +69,7 @@
int i;
for (i = 0; i < 4; i++) {
- *r_data = cmd.resp_data[i];
- r_data++;
+ r_data[i] = cmd.resp_data[i];
}
}
@@ -112,7 +111,7 @@
return MMC_GET_STATE(resp_data[0]);
}
-static int mmc_send_part_switch_cmd(unsigned int part_config)
+static int mmc_send_part_switch_cmd(unsigned char part_config)
{
int ret;
unsigned int part_time = 0;
@@ -760,9 +759,9 @@
return size;
}
-static int mmc_part_switch(unsigned int part_type)
+static int mmc_part_switch(unsigned char part_type)
{
- uint8_t part_config = mmc_ext_csd[CMD_EXTCSD_PARTITION_CONFIG];
+ unsigned char part_config = mmc_ext_csd[CMD_EXTCSD_PARTITION_CONFIG];
part_config &= ~EXT_CSD_PART_CONFIG_ACC_MASK;
part_config |= part_type;
@@ -780,8 +779,7 @@
unsigned char current_boot_part = mmc_current_boot_part();
int ret;
- if (current_boot_part != 1U &&
- current_boot_part != 2U) {
+ if ((current_boot_part != 1U) && (current_boot_part != 2U)) {
ERROR("Got unexpected value for active boot partition, %u\n", current_boot_part);
return -EIO;
}
diff --git a/drivers/partition/gpt.c b/drivers/partition/gpt.c
index 4fe8322..8b1046d 100644
--- a/drivers/partition/gpt.c
+++ b/drivers/partition/gpt.c
@@ -26,14 +26,16 @@
/* check whether the unicode string is valid */
for (i = 1; i < (EFI_NAMELEN << 1); i += 2) {
- if (name[i] != '\0')
+ if (name[i] != '\0') {
return -EINVAL;
+ }
}
/* convert the unicode string to ascii string */
for (i = 0; i < (EFI_NAMELEN << 1); i += 2) {
str_out[i >> 1] = name[i];
- if (name[i] == '\0')
+ if (name[i] == '\0') {
break;
+ }
}
return 0;
}
diff --git a/include/drivers/console.h b/include/drivers/console.h
index 99bf960..f499571 100644
--- a/include/drivers/console.h
+++ b/include/drivers/console.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -48,6 +48,8 @@
/* Additional private driver data may follow here. */
} console_t;
+extern console_t *console_list;
+
/* offset macro assertions for console_t */
#include <drivers/console_assertions.h>
diff --git a/include/drivers/partition/efi.h b/include/drivers/partition/efi.h
index e463f96..96c2857 100644
--- a/include/drivers/partition/efi.h
+++ b/include/drivers/partition/efi.h
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2021, Linaro Limited
+ * Copyright (c) 2022, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -25,13 +26,13 @@
}
#define EFI_GUID(a, b, c, d0, d1, d2, d3, d4, d5, d6, d7) \
- { (a) & 0xffffffff, \
- (b) & 0xffff, \
- (c) & 0xffff, \
+ { (a) & 0xffffffffU, \
+ (b) & 0xffffU, \
+ (c) & 0xffffU, \
{ (d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7) } }
#define NULL_GUID \
- EFI_GUID(0x00000000, 0x0000, 0x0000, 0x00, 0x00, \
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00)
+ EFI_GUID(0x00000000U, 0x0000U, 0x0000U, 0x00U, 0x00U, \
+ 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U)
#endif /* DRIVERS_PARTITION_EFI_H */
diff --git a/include/lib/cpus/aarch64/cortex_a78.h b/include/lib/cpus/aarch64/cortex_a78.h
index 31da99e..fb325b6 100644
--- a/include/lib/cpus/aarch64/cortex_a78.h
+++ b/include/lib/cpus/aarch64/cortex_a78.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2022, ARM Limited. All rights reserved.
+ * Copyright (c) 2019-2023, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -40,6 +40,8 @@
#define CORTEX_A78_ACTLR2_EL1_BIT_2 (ULL(1) << 2)
#define CORTEX_A78_ACTLR2_EL1_BIT_40 (ULL(1) << 40)
+#define CORTEX_A78_ACTLR3_EL1 S3_0_C15_C1_2
+
/*******************************************************************************
* CPU Activity Monitor Unit register specific definitions.
******************************************************************************/
diff --git a/include/lib/cpus/aarch64/neoverse_v1.h b/include/lib/cpus/aarch64/neoverse_v1.h
index 9c7e967..4c10484 100644
--- a/include/lib/cpus/aarch64/neoverse_v1.h
+++ b/include/lib/cpus/aarch64/neoverse_v1.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2022, ARM Limited. All rights reserved.
+ * Copyright (c) 2019-2023, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -41,4 +41,6 @@
#define NEOVERSE_V1_ACTLR2_EL1_BIT_28 (ULL(1) << 28)
#define NEOVERSE_V1_ACTLR2_EL1_BIT_40 (ULL(1) << 40)
+#define NEOVERSE_V1_ACTLR3_EL1 S3_0_C15_C1_2
+
#endif /* NEOVERSE_V1_H */
diff --git a/lib/cpus/aarch64/cortex_a78.S b/lib/cpus/aarch64/cortex_a78.S
index 38f58bb..a3932e8 100644
--- a/lib/cpus/aarch64/cortex_a78.S
+++ b/lib/cpus/aarch64/cortex_a78.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2022, ARM Limited. All rights reserved.
+ * Copyright (c) 2019-2023, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -351,6 +351,35 @@
b cpu_rev_var_ls
endfunc check_errata_2772019
+/* ----------------------------------------------------
+ * Errata Workaround for Cortex A78 Errata 2779479.
+ * This applies to revisions r0p0, r1p0, r1p1, and r1p2.
+ * It is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x1, x17
+ * ----------------------------------------------------
+ */
+func errata_a78_2779479_wa
+ /* Check revision. */
+ mov x17, x30
+ bl check_errata_2779479
+ cbz x0, 1f
+
+ /* Apply the workaround */
+ mrs x1, CORTEX_A78_ACTLR3_EL1
+ orr x1, x1, #BIT(47)
+ msr CORTEX_A78_ACTLR3_EL1, x1
+
+1:
+ ret x17
+endfunc errata_a78_2779479_wa
+
+func check_errata_2779479
+ /* Applies to r0p0, r1p0, r1p1, r1p2 */
+ mov x1, #CPU_REV(1, 2)
+ b cpu_rev_var_ls
+endfunc check_errata_2779479
+
func check_errata_cve_2022_23960
#if WORKAROUND_CVE_2022_23960
mov x0, #ERRATA_APPLIES
@@ -414,6 +443,11 @@
bl errata_a78_2395406_wa
#endif
+#if ERRATA_A78_2779479
+ mov x0, x18
+ bl errata_a78_2779479_wa
+#endif
+
#if ENABLE_AMU
/* Make sure accesses from EL0/EL1 and EL2 are not trapped to EL3 */
mrs x0, actlr_el3
@@ -493,6 +527,7 @@
report_errata ERRATA_A78_2376745, cortex_a78, 2376745
report_errata ERRATA_A78_2395406, cortex_a78, 2395406
report_errata ERRATA_A78_2772019, cortex_a78, 2772019
+ report_errata ERRATA_A78_2779479, cortex_a78, 2779479
report_errata WORKAROUND_CVE_2022_23960, cortex_a78, cve_2022_23960
ldp x8, x30, [sp], #16
diff --git a/lib/cpus/aarch64/neoverse_v1.S b/lib/cpus/aarch64/neoverse_v1.S
index c3a70ca..f9a5789 100644
--- a/lib/cpus/aarch64/neoverse_v1.S
+++ b/lib/cpus/aarch64/neoverse_v1.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -486,6 +486,35 @@
b cpu_rev_var_ls
endfunc check_errata_2743093
+ /* ----------------------------------------------------
+ * Errata Workaround for Neoverse V1 Errata #2779461.
+ * This applies to revisions r0p0, r1p0, r1p1, and r1p2.
+ * It is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x1, x17
+ * ----------------------------------------------------
+ */
+func errata_neoverse_v1_2779461_wa
+ /* Check revision. */
+ mov x17, x30
+ bl check_errata_2779461
+ cbz x0, 1f
+
+ /* Apply the workaround */
+ mrs x1, NEOVERSE_V1_ACTLR3_EL1
+ orr x1, x1, #BIT(47)
+ msr NEOVERSE_V1_ACTLR3_EL1, x1
+
+1:
+ ret x17
+endfunc errata_neoverse_v1_2779461_wa
+
+func check_errata_2779461
+ /* Applies to r0p0, r1p0, r1p1, r1p2 */
+ mov x1, #CPU_REV(1, 2)
+ b cpu_rev_var_ls
+endfunc check_errata_2779461
+
func check_errata_cve_2022_23960
#if WORKAROUND_CVE_2022_23960
mov x0, #ERRATA_APPLIES
@@ -544,6 +573,7 @@
report_errata ERRATA_V1_2294912, neoverse_v1, 2294912
report_errata ERRATA_V1_2372203, neoverse_v1, 2372203
report_errata ERRATA_V1_2743093, neoverse_v1, 2743093
+ report_errata ERRATA_V1_2779461, neoverse_v1, 2779461
report_errata WORKAROUND_CVE_2022_23960, neoverse_v1, cve_2022_23960
ldp x8, x30, [sp], #16
@@ -622,6 +652,11 @@
bl errata_neoverse_v1_2372203_wa
#endif
+#if ERRATA_V1_2779461
+ mov x0, x18
+ bl errata_neoverse_v1_2779461_wa
+#endif
+
#if IMAGE_BL31 && WORKAROUND_CVE_2022_23960
/*
* The Neoverse-V1 generic vectors are overridden to apply errata
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 9c556b6..1dc9419 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -362,6 +362,10 @@
# open.
ERRATA_A78_2772019 ?=0
+# Flag to apply erratum 2779479 workaround during reset. This erratum applies
+# to revision r0p0, r1p0, r1p1 and r1p2 of the A78 cpu. It is still open.
+ERRATA_A78_2779479 ?=0
+
# Flag to apply erratum 1941500 workaround during reset. This erratum applies
# to revisions r0p0 and r0p1 of the A78 AE cpu. It is still open.
ERRATA_A78_AE_1941500 ?=0
@@ -522,6 +526,11 @@
# still open.
ERRATA_V1_2743093 ?=0
+# Flag to apply erratum 2779461 workaround during powerdown. This erratum
+# applies to revisions r0p0, r1p0, r1p1 and r1p2 of the Neoverse V1 cpu and is
+# still open.
+ERRATA_V1_2779461 ?=0
+
# Flag to apply erratum 1987031 workaround during reset. This erratum applies
# to revisions r0p0, r1p0 and r2p0 of the Cortex-A710 cpu and is still open.
ERRATA_A710_1987031 ?=0
@@ -1035,6 +1044,10 @@
$(eval $(call assert_boolean,ERRATA_A78_2772019))
$(eval $(call add_define,ERRATA_A78_2772019))
+# Process ERRATA_A78_2779479 flag
+$(eval $(call assert_boolean,ERRATA_A78_2779479))
+$(eval $(call add_define,ERRATA_A78_2779479))
+
# Process ERRATA_A78_AE_1941500 flag
$(eval $(call assert_boolean,ERRATA_A78_AE_1941500))
$(eval $(call add_define,ERRATA_A78_AE_1941500))
@@ -1191,6 +1204,10 @@
$(eval $(call assert_boolean,ERRATA_V1_2743093))
$(eval $(call add_define,ERRATA_V1_2743093))
+# Process ERRATA_V1_2779461 flag
+$(eval $(call assert_boolean,ERRATA_V1_2779461))
+$(eval $(call add_define,ERRATA_V1_2779461))
+
# Process ERRATA_A710_1987031 flag
$(eval $(call assert_boolean,ERRATA_A710_1987031))
$(eval $(call add_define,ERRATA_A710_1987031))
diff --git a/lib/libc/putchar.c b/lib/libc/putchar.c
index 3472b24..340bdd8 100644
--- a/lib/libc/putchar.c
+++ b/lib/libc/putchar.c
@@ -1,14 +1,13 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stdio.h>
-int __putchar(int c)
+#pragma weak putchar
+int putchar(int c)
{
return c;
}
-
-int putchar(int c) __attribute__((weak,alias("__putchar")));
diff --git a/plat/arm/board/tc/plat_def_fip_uuid.h b/plat/arm/board/tc/plat_def_fip_uuid.h
new file mode 100644
index 0000000..631f7c9
--- /dev/null
+++ b/plat/arm/board/tc/plat_def_fip_uuid.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __PLAT_DEF_FIP_UUID__
+#define __PLAT_DEF_FIP_UUID__
+
+#include "uuid.h"
+
+#define UUID_RSS_FIRMWARE_BL1_2 \
+ {{0x0a, 0xa5, 0xb1, 0xbe}, {0xe7, 0x84}, {0x41, 0xc5}, 0x81, 0xb8, {0x4a, 0x41, 0xcb, 0x4a, 0xd2, 0xdf}}
+
+#define UUID_RSS_FIRMWARE_BL2 \
+ {{0xa3, 0xb3, 0xb3, 0x0d}, {0xeb, 0xc9}, {0x40, 0x48}, 0xb4, 0x80, {0x15, 0x53, 0x61, 0xc1, 0x70, 0x48}}
+
+#define UUID_RSS_FIRMWARE_SCP_BL1 \
+ {{0xbf, 0xd5, 0x09, 0x8d}, {0xa7, 0x07}, {0x4f, 0x15}, 0x89, 0x1c, {0x37, 0x22, 0x10, 0xcb, 0x51, 0xe2}}
+
+#define UUID_RSS_FIRMWARE_AP_BL1 \
+ {{0x12, 0x4c, 0x50, 0xe0}, {0xf2, 0xda}, {0x45, 0xe9}, 0x85, 0xc8, {0xda, 0xd9, 0x60, 0x9b, 0x7a, 0x11}}
+
+#define UUID_RSS_FIRMWARE_NS \
+ {{0x8d, 0x95, 0x9f, 0x72}, {0xb8, 0xb1}, {0x42, 0x11}, 0x9a, 0xe6, {0x4b, 0x80, 0x97, 0x47, 0x5a, 0xd9}}
+
+#define UUID_RSS_FIRMWARE_S \
+ {{0x22, 0xea, 0x33, 0x85}, {0xf8, 0x6e}, {0x47, 0x93}, 0x96, 0x8a, {0x2f, 0xe3, 0xdd, 0x50, 0x33, 0xcc}}
+
+#define UUID_RSS_SIC_TABLES_NS \
+ {{0xd9, 0x10, 0x00, 0x72}, {0x6a, 0x28}, {0x4b, 0xec}, 0xb0, 0xd6, {0x8c, 0xed, 0xc4, 0x15, 0x7c, 0xe0}}
+
+#define UUID_RSS_SIC_TABLES_S \
+ {{0xc7, 0x38, 0xd0, 0xde}, {0x8c, 0x26}, {0x48, 0x51}, 0x93, 0x36, {0xf3, 0xdb, 0xe2, 0x96, 0x65, 0x18}}
+
+#endif /* __PLAT_DEF_FIP_UUID__ */
diff --git a/plat/arm/board/tc/plat_def_uuid_config.c b/plat/arm/board/tc/plat_def_uuid_config.c
new file mode 100644
index 0000000..903310b
--- /dev/null
+++ b/plat/arm/board/tc/plat_def_uuid_config.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stddef.h>
+
+#include <firmware_image_package.h>
+
+#include "tbbr_config.h"
+
+toc_entry_t plat_def_toc_entries[] = {
+ {
+ .name = "RSS Firmware BL1_2 image",
+ .uuid = UUID_RSS_FIRMWARE_BL1_2,
+ .cmdline_name = "rss-bl1_2"
+ },
+ {
+ .name = "RSS Firmware BL2 image",
+ .uuid = UUID_RSS_FIRMWARE_BL2,
+ .cmdline_name = "rss-bl2"
+ },
+ {
+ .name = "RSS Firmware SCP BL1 image",
+ .uuid = UUID_RSS_FIRMWARE_SCP_BL1,
+ .cmdline_name = "rss-scp-bl1"
+ },
+ {
+ .name = "RSS Firmware AP BL1 image",
+ .uuid = UUID_RSS_FIRMWARE_AP_BL1,
+ .cmdline_name = "rss-ap-bl1"
+ },
+ {
+ .name = "RSS Firmware non-secure image",
+ .uuid = UUID_RSS_FIRMWARE_NS,
+ .cmdline_name = "rss-ns"
+ },
+ {
+ .name = "RSS Firmware secure image",
+ .uuid = UUID_RSS_FIRMWARE_S,
+ .cmdline_name = "rss-s"
+ },
+ {
+ .name = "RSS Firmware non-secure SIC tables",
+ .uuid = UUID_RSS_SIC_TABLES_NS,
+ .cmdline_name = "rss-sic-tables-ns"
+ },
+ {
+ .name = "RSS Firmware secure SIC tables",
+ .uuid = UUID_RSS_SIC_TABLES_S,
+ .cmdline_name = "rss-sic-tables-s"
+ },
+
+ {
+ .name = NULL,
+ .uuid = { {0} },
+ .cmdline_name = NULL,
+ }
+};
diff --git a/plat/arm/board/tc/plat_fiptool.mk b/plat/arm/board/tc/plat_fiptool.mk
new file mode 100644
index 0000000..0e13556
--- /dev/null
+++ b/plat/arm/board/tc/plat_fiptool.mk
@@ -0,0 +1,33 @@
+#
+# Copyright (c) 2021, NXP. All rights reserved.
+# Copyright (c) 2022, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+# Name of the platform defined source file name,
+# which contains platform defined UUID entries populated
+# in the plat_def_toc_entries[].
+PLAT_DEF_UUID_CONFIG_FILE_NAME := plat_def_uuid_config
+
+PLAT_DEF_UUID_CONFIG_FILE_PATH := ../../plat/arm/board/tc
+
+PLAT_DEF_UUID := yes
+PLAT_DEF_UUID_OID_CONFIG_PATH := ../../plat/arm/board/tc
+
+
+INCLUDE_PATHS += -I${PLAT_DEF_UUID_OID_CONFIG_PATH} \
+ -I./
+# Clean the stale object file.
+$(shell rm ${PLAT_DEF_UUID_CONFIG_FILE_PATH}/${PLAT_DEF_UUID_CONFIG_FILE_NAME}.o)
+
+ifeq (${PLAT_DEF_OID},yes)
+HOSTCCFLAGS += -DPLAT_DEF_OID
+endif
+
+ifeq (${PLAT_DEF_UUID},yes)
+HOSTCCFLAGS += -DPLAT_DEF_FIP_UUID
+PLAT_OBJECTS += ${PLAT_DEF_UUID_CONFIG_FILE_PATH}/${PLAT_DEF_UUID_CONFIG_FILE_NAME}.o
+endif
+
+OBJECTS += ${PLAT_OBJECTS}
diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk
index 74c0f17..2182477 100644
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@@ -53,6 +53,9 @@
# enable trace filter control registers access to NS by default
ENABLE_TRF_FOR_NS := 1
+# Enable RSS-required FIP UUIDs
+$(shell cp plat/arm/board/tc/plat_fiptool.mk ${PLAT_DIR})
+
# Include GICv3 driver files
include drivers/arm/gic/v3/gicv3.mk
diff --git a/tools/fiptool/fiptool.c b/tools/fiptool/fiptool.c
index 5c240b5..fadf319 100644
--- a/tools/fiptool/fiptool.c
+++ b/tools/fiptool/fiptool.c
@@ -1,9 +1,12 @@
/*
- * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
+#ifndef _MSC_VER
+#include <sys/mount.h>
+#endif
#include <sys/types.h>
#include <sys/stat.h>
@@ -298,6 +301,7 @@
fip_toc_header_t *toc_header;
fip_toc_entry_t *toc_entry;
int terminated = 0;
+ size_t st_size;
fp = fopen(filename, "rb");
if (fp == NULL)
@@ -306,13 +310,21 @@
if (fstat(fileno(fp), &st) == -1)
log_err("fstat %s", filename);
- buf = xmalloc(st.st_size, "failed to load file into memory");
- if (fread(buf, 1, st.st_size, fp) != st.st_size)
+ st_size = st.st_size;
+
+#ifdef BLKGETSIZE64
+ if ((st.st_mode & S_IFBLK) != 0)
+ if (ioctl(fileno(fp), BLKGETSIZE64, &st_size) == -1)
+ log_err("ioctl %s", filename);
+#endif
+
+ buf = xmalloc(st_size, "failed to load file into memory");
+ if (fread(buf, 1, st_size, fp) != st_size)
log_errx("Failed to read %s", filename);
- bufend = buf + st.st_size;
+ bufend = buf + st_size;
fclose(fp);
- if (st.st_size < sizeof(fip_toc_header_t))
+ if (st_size < sizeof(fip_toc_header_t))
log_errx("FIP %s is truncated", filename);
toc_header = (fip_toc_header_t *)buf;
@@ -347,9 +359,11 @@
"failed to allocate image buffer, is FIP file corrupted?");
/* Overflow checks before memory copy. */
if (toc_entry->size > (uint64_t)-1 - toc_entry->offset_address)
- log_errx("FIP %s is corrupted", filename);
- if (toc_entry->size + toc_entry->offset_address > st.st_size)
- log_errx("FIP %s is corrupted", filename);
+ log_errx("FIP %s is corrupted: entry size exceeds 64 bit address space",
+ filename);
+ if (toc_entry->size + toc_entry->offset_address > st_size)
+ log_errx("FIP %s is corrupted: entry size exceeds FIP file size",
+ filename);
memcpy(image->buffer, buf + toc_entry->offset_address,
toc_entry->size);