Merge changes I0b0443d5,Ic454a87a into integration
* changes:
fix(gic): quote the correct flag on error
feat(lib): add a generic EXTRACT macro
diff --git a/Makefile b/Makefile
index 6d5a0c3..150aa30 100644
--- a/Makefile
+++ b/Makefile
@@ -652,7 +652,7 @@
################################################################################
include ${MAKE_HELPERS_DIRECTORY}march.mk
-TF_CFLAGS += $(march-directive)
+TF_CFLAGS += $(march-directive)
ASFLAGS += $(march-directive)
# This internal flag is common option which is set to 1 for scenarios
@@ -938,6 +938,34 @@
endif
endif #(CTX_INCLUDE_PAUTH_REGS)
+# Check ENABLE_FEAT_PAUTH_LR
+ifneq (${ENABLE_FEAT_PAUTH_LR},0)
+
+# Make sure PAUTH is enabled
+ifeq (${ENABLE_PAUTH},0)
+ $(error Error: PAUTH_LR cannot be used without PAUTH (see BRANCH_PROTECTION))
+endif
+
+# Make sure SCTLR2 is enabled
+ifeq (${ENABLE_FEAT_SCTLR2},0)
+ $(error Error: PAUTH_LR cannot be used without ENABLE_FEAT_SCTLR2)
+endif
+
+# FEAT_PAUTH_LR is only supported in aarch64 state
+ifneq (${ARCH},aarch64)
+ $(error ENABLE_FEAT_PAUTH_LR requires AArch64)
+endif
+
+# Currently, FEAT_PAUTH_LR is only supported by arm/clang compilers
+# TODO implement for GCC when support is added
+ifeq ($($(ARCH)-cc-id),arm-clang)
+ arch-features := $(arch-features)+pauth-lr
+else
+ $(error Error: ENABLE_FEAT_PAUTH_LR not supported for GCC compiler)
+endif
+
+endif # ${ENABLE_FEAT_PAUTH_LR}
+
ifeq ($(FEATURE_DETECTION),1)
$(info FEATURE_DETECTION is an experimental feature)
endif #(FEATURE_DETECTION)
@@ -984,7 +1012,7 @@
endif
# FEAT_RNG_TRAP is not supported in AArch32
- ifeq (${ENABLE_FEAT_RNG_TRAP},1)
+ ifneq (${ENABLE_FEAT_RNG_TRAP},0)
$(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32")
endif
@@ -1324,6 +1352,7 @@
ENABLE_TRBE_FOR_NS \
ENABLE_BTI \
ENABLE_PAUTH \
+ ENABLE_FEAT_PAUTH_LR \
ENABLE_FEAT_AMU \
ENABLE_FEAT_AMUv1p1 \
ENABLE_FEAT_CSV2_2 \
@@ -1410,6 +1439,7 @@
ENABLE_FEAT_DEBUGV8P9 \
ENABLE_FEAT_MPAM \
ENABLE_PAUTH \
+ ENABLE_FEAT_PAUTH_LR \
ENABLE_PIE \
ENABLE_PMF \
ENABLE_PSCI_STAT \
diff --git a/bl31/bl31_traps.c b/bl31/bl31_traps.c
index 984fdaa..114a57d 100644
--- a/bl31/bl31_traps.c
+++ b/bl31/bl31_traps.c
@@ -90,19 +90,17 @@
* Explicitly create all bits of SPSR to get PSTATE at exception return.
*
* The code is based on "Aarch64.exceptions.takeexception" described in
- * DDI0602 revision 2023-06.
- * "https://developer.arm.com/documentation/ddi0602/2023-06/Shared-Pseudocode/
+ * DDI0602 revision 2025-03.
+ * "https://developer.arm.com/documentation/ddi0597/2025-03/Shared-Pseudocode/
* aarch64-exceptions-takeexception"
*
- * NOTE: This piece of code must be reviewed every release to ensure that
- * we keep up with new ARCH features which introduces a new SPSR bit.
+ * NOTE: This piece of code must be reviewed every release against the latest
+ * takeexception sequence to ensure that we keep up with new arch features that
+ * affect the PSTATE.
*
- * TF-A 2.12 release review
- * The latest version available is 2024-09, which has two extra features which
- * impacts generation of SPSR, since these features are not implemented in TF-A
- * at the time of release, just log the feature names here to be taken up when
- * feature support is introduced.
- * - FEAT_PAuth_LR (2023 extension)
+ * TF-A 2.13 release review
+ *
+ * Review of version 2025-03 indicates we are missing support for one feature.
* - FEAT_UINJ (2024 extension)
*/
u_register_t create_spsr(u_register_t old_spsr, unsigned int target_el)
@@ -204,6 +202,12 @@
new_spsr |= (gcscr & GCSCR_EXLOCK_EN_BIT) ? SPSR_EXLOCK_BIT_AARCH64 : 0;
}
+ /* If FEAT_PAUTH_LR present then zero the PACM bit. */
+ new_spsr |= old_spsr & SPSR_PACM_BIT_AARCH64;
+ if (is_feat_pauth_lr_present()) {
+ new_spsr &= ~SPSR_PACM_BIT_AARCH64;
+ }
+
return new_spsr;
}
diff --git a/bl32/tsp/aarch64/tsp_entrypoint.S b/bl32/tsp/aarch64/tsp_entrypoint.S
index b4e7a7a..4ea2f5b 100644
--- a/bl32/tsp/aarch64/tsp_entrypoint.S
+++ b/bl32/tsp/aarch64/tsp_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -51,6 +51,15 @@
.endm
func tsp_entrypoint _align=3
+ /*---------------------------------------------
+ * Save arguments x0 - x3 from BL1 for future
+ * use.
+ * ---------------------------------------------
+ */
+ mov x20, x0
+ mov x21, x1
+ mov x22, x2
+ mov x23, x3
#if ENABLE_PIE
/*
@@ -173,6 +182,16 @@
bl update_stack_protector_canary
#endif
+ /*---------------------------------------------
+ * Save arguments x0 - x3 from prio stage for
+ * future use.
+ * ---------------------------------------------
+ */
+ mov x0, x20
+ mov x1, x21
+ mov x2, x22
+ mov x3, x23
+
/* ---------------------------------------------
* Perform TSP setup
* ---------------------------------------------
diff --git a/bl32/tsp/tsp_common.c b/bl32/tsp/tsp_common.c
index e69c054..144349a 100644
--- a/bl32/tsp/tsp_common.c
+++ b/bl32/tsp/tsp_common.c
@@ -64,13 +64,14 @@
/*******************************************************************************
* Setup function for TSP.
******************************************************************************/
-void tsp_setup(void)
+void tsp_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+ u_register_t arg3)
{
/* Enable early console if EARLY_CONSOLE flag is enabled */
plat_setup_early_console();
/* Perform early platform-specific setup. */
- tsp_early_platform_setup();
+ tsp_early_platform_setup(arg0, arg1, arg2, arg3);
/* Perform late platform-specific setup. */
tsp_plat_arch_setup();
diff --git a/changelog.yaml b/changelog.yaml
index 600e5be..93eeb73 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -205,13 +205,6 @@
deprecated:
- plat/tc
- subsections:
- - title: TC0
- scope: tc0
-
- deprecated:
- - plat/tc0
-
- title: Corstone-1000
scope: corstone-1000
diff --git a/common/feat_detect.c b/common/feat_detect.c
index 4d285d3..2d80b42 100644
--- a/common/feat_detect.c
+++ b/common/feat_detect.c
@@ -330,7 +330,7 @@
* revisions so that we catch them as they come along
*/
check_feature(FEAT_STATE_ALWAYS, read_feat_pmuv3_id_field(),
- "PMUv3", 1, ID_AA64DFR0_PMUVER_PMUV3P8);
+ "PMUv3", 1, ID_AA64DFR0_PMUVER_PMUV3P9);
/* v8.1 features */
check_feature(ENABLE_FEAT_PAN, read_feat_pan_id_field(), "PAN", 1, 3);
@@ -429,6 +429,7 @@
/* v9.4 features */
check_feature(ENABLE_FEAT_GCS, read_feat_gcs_id_field(), "GCS", 1, 1);
check_feature(ENABLE_RME, read_feat_rme_id_field(), "RME", 1, 1);
+ check_feature(ENABLE_FEAT_PAUTH_LR, is_feat_pauth_lr_present(), "PAUTH_LR", 1, 1);
if (tainted) {
panic();
diff --git a/docs/design_documents/measured_boot.rst b/docs/design_documents/measured_boot.rst
index 1f76770..a9d2fa9 100644
--- a/docs/design_documents/measured_boot.rst
+++ b/docs/design_documents/measured_boot.rst
@@ -231,9 +231,9 @@
- Public key data size is passed as the third argument to this function.
- This function must return 0 on success, a signed integer error code
otherwise.
- - In TC2 platform, this function is used to calculate the hash of the given
- key and forward this hash to |RSE| alongside the measurement of the image
- which the key signs.
+ - In Total Compute platform, this function is used to calculate the hash
+ of the given key and forward this hash to |RSE| alongside the measurement
+ of the image which the key signs.
--------------
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index e5f7b30..32daf1e 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -405,6 +405,12 @@
flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
+- ``ENABLE_FEAT_PAUTH_LR``: Numeric value to enable the ``FEAT_PAUTH_LR``
+ extension. ``FEAT_PAUTH_LR`` is an optional feature available from Arm v9.4
+ onwards. This feature requires PAUTH to be enabled via the
+ ``BRANCH_PROTECTION`` flag. This flag can take the values 0 to 2, to align
+ with the ``ENABLE_FEAT`` mechanism. Default value is ``0``.
+
- ``ENABLE_FEAT_RNG``: Numeric value to enable the ``FEAT_RNG`` extension.
``FEAT_RNG`` is an optional feature available on Arm v8.5 onwards. This
flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
diff --git a/docs/plat/arm/tc/index.rst b/docs/plat/arm/tc/index.rst
index 467738c..d57b48e 100644
--- a/docs/plat/arm/tc/index.rst
+++ b/docs/plat/arm/tc/index.rst
@@ -17,12 +17,8 @@
the Total Compute platform number. The platforms support the CPU variants
listed as below:
-- TC0 has support for Cortex A510, Cortex A710 and Cortex X2. (Note TC0 is now deprecated)
-- TC1 has support for Cortex A510, Cortex A715 and Cortex X3. (Note TC1 is now deprecated)
-- TC2 has support for Cortex A520, Cortex A720 and Cortex x4. (Note TC2 is now deprecated)
- TC3 has support for Cortex A520, Cortex A725 and Cortex x925.
-
Boot Sequence
-------------
@@ -59,6 +55,6 @@
--------------
-*Copyright (c) 2020-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2025, Arm Limited. All rights reserved.*
.. _Arm Toolchain: https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads
diff --git a/docs/plat/index.rst b/docs/plat/index.rst
index d0d6889..a30f55d 100644
--- a/docs/plat/index.rst
+++ b/docs/plat/index.rst
@@ -72,7 +72,7 @@
+----------------+----------------+--------------------+--------------------+
| Platform | Vendor | Deprecated version | Deleted version |
+================+================+====================+====================+
-| TC2 | Arm | 2.12 | TBD |
+| TC2 | Arm | 2.12 | 2.13 |
| | | | |
+----------------+----------------+--------------------+--------------------+
| fvp_r | Arm | 2.13 | 2.13 |
diff --git a/drivers/measured_boot/event_log/event_handoff.c b/drivers/measured_boot/event_log/event_handoff.c
new file mode 100644
index 0000000..238ea27
--- /dev/null
+++ b/drivers/measured_boot/event_log/event_handoff.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2025, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+
+#include <common/debug.h>
+#include <drivers/measured_boot/event_log/event_handoff.h>
+
+#include <platform_def.h>
+
+static uint8_t *get_log_ptr(struct transfer_list_entry *te, size_t offset)
+{
+ uint8_t *base_ptr = transfer_list_entry_data(te);
+
+ if (base_ptr == NULL) {
+ return NULL;
+ }
+
+ return base_ptr + offset;
+}
+
+uint8_t *transfer_list_event_log_extend(struct transfer_list_header *tl,
+ size_t req_size, size_t *free)
+{
+ struct transfer_list_entry *existing_entry;
+ struct transfer_list_entry *new_entry;
+ uint8_t *old_data;
+ size_t existing_offset;
+ size_t old_size;
+
+ if (tl == NULL || free == NULL || req_size == 0) {
+ ERROR("Invalid arguments to event log extend.\n");
+ return NULL;
+ }
+
+ existing_entry = transfer_list_find(tl, TL_TAG_TPM_EVLOG);
+ existing_offset = EVENT_LOG_RESERVED_BYTES;
+
+ if (existing_entry != NULL) {
+ existing_offset = existing_entry->data_size;
+
+ if (transfer_list_set_data_size(tl, existing_entry,
+ req_size + existing_offset)) {
+ VERBOSE("TPM event log entry resized: new space %zu bytes at offset %zu\n",
+ req_size, existing_offset);
+
+ *free = existing_entry->data_size - existing_offset;
+
+ return get_log_ptr(existing_entry, existing_offset);
+ }
+ }
+
+ /* Add new entry (resize failed or no existing entry) */
+ new_entry = transfer_list_add(tl, TL_TAG_TPM_EVLOG,
+ req_size + existing_offset, NULL);
+
+ if (new_entry == NULL) {
+ ERROR("Failed to add TPM event log entry to transfer list.\n");
+ return NULL;
+ }
+
+ VERBOSE("New TPM event log entry added at %p\n",
+ transfer_list_entry_data(new_entry));
+
+ if (existing_entry != NULL) {
+ old_data = transfer_list_entry_data(existing_entry);
+ old_size = existing_offset;
+
+ VERBOSE("Copying existing event log (%zu bytes) to new entry at %p\n",
+ old_size, transfer_list_entry_data(new_entry));
+
+ memmove(transfer_list_entry_data(new_entry), old_data,
+ old_size);
+
+ transfer_list_rem(tl, existing_entry);
+ }
+
+ *free = new_entry->data_size - existing_offset;
+
+ return get_log_ptr(new_entry, existing_offset);
+}
+
+uint8_t *transfer_list_event_log_finish(struct transfer_list_header *tl,
+ uintptr_t cursor)
+{
+ uintptr_t entry_data_base;
+ size_t final_log_size;
+ struct transfer_list_entry *entry;
+
+ entry = transfer_list_find(tl, TL_TAG_TPM_EVLOG);
+ entry_data_base = (uintptr_t)transfer_list_entry_data(entry);
+
+ if (cursor < entry_data_base ||
+ cursor >= entry_data_base + entry->data_size) {
+ ERROR("Invalid cursor: outside event log bounds.\n");
+ return NULL;
+ }
+
+ final_log_size = cursor - entry_data_base;
+
+ if (!transfer_list_set_data_size(tl, entry, final_log_size)) {
+ ERROR("Unable to resize event log TE.\n");
+ return NULL;
+ }
+
+ transfer_list_update_checksum(tl);
+
+ VERBOSE("TPM event log finalized: trimmed to %zu bytes",
+ final_log_size - EVENT_LOG_RESERVED_BYTES);
+
+ /* Ensure changes are visible to the next stage. */
+ flush_dcache_range((uintptr_t)tl, tl->size);
+
+ return get_log_ptr(entry, EVENT_LOG_RESERVED_BYTES);
+}
diff --git a/drivers/measured_boot/event_log/event_log.mk b/drivers/measured_boot/event_log/event_log.mk
index df3460f..09c15da 100644
--- a/drivers/measured_boot/event_log/event_log.mk
+++ b/drivers/measured_boot/event_log/event_log.mk
@@ -47,3 +47,8 @@
EVENT_LOG_SOURCES := ${EVENT_LOG_SRC_DIR}event_log.c \
${EVENT_LOG_SRC_DIR}event_print.c
+
+
+ifeq (${TRANSFER_LIST}, 1)
+EVENT_LOG_SOURCES += ${EVENT_LOG_SRC_DIR}/event_handoff.c
+endif
diff --git a/fdts/tc2.dts b/fdts/tc2.dts
deleted file mode 100644
index fa16dcd..0000000
--- a/fdts/tc2.dts
+++ /dev/null
@@ -1,287 +0,0 @@
-/*
- * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-/dts-v1/;
-
-#include <dt-bindings/interrupt-controller/arm-gic.h>
-#include <dt-bindings/interrupt-controller/irq.h>
-#include <platform_def.h>
-
-#if TARGET_FLAVOUR_FVP
-#define LIT_CAPACITY 406
-#define MID_CAPACITY 912
-#else /* TARGET_FLAVOUR_FPGA */
-#define LIT_CAPACITY 280
-#define MID_CAPACITY 775
-/* this is an area optimized configuration of the big core */
-#define BIG2_CAPACITY 930
-#endif /* TARGET_FLAVOUR_FPGA */
-#define BIG_CAPACITY 1024
-
-#define MHU_TX_ADDR 45000000 /* hex */
-#define MHU_TX_COMPAT "arm,mhuv2-tx","arm,primecell"
-#define MHU_TX_INT_NAME "mhu_tx"
-
-#define MHU_RX_ADDR 45010000 /* hex */
-#define MHU_RX_COMPAT "arm,mhuv2-rx","arm,primecell"
-#define MHU_OFFSET 0x1000
-#define MHU_MBOX_CELLS 2
-#define MHU_RX_INT_NUM 317
-#define MHU_RX_INT_NAME "mhu_rx"
-
-#define LIT_CPU_PMU_COMPATIBLE "arm,cortex-a520-pmu"
-#define MID_CPU_PMU_COMPATIBLE "arm,cortex-a720-pmu"
-#define BIG_CPU_PMU_COMPATIBLE "arm,cortex-x4-pmu"
-
-#define DSU_MPAM_ADDR 0x1 0x00010000 /* 0x1_0001_0000 */
-
-#define DPU_ADDR 2cc00000
-#define DPU_IRQ 69
-
-#define ETHERNET_ADDR 18000000
-#define ETHERNET_INT 109
-
-#define SYS_REGS_ADDR 1c010000
-
-#define MMC_ADDR 1c050000
-#define MMC_INT_0 107
-#define MMC_INT_1 108
-
-#define RTC_ADDR 1c170000
-#define RTC_INT 100
-
-#define KMI_0_ADDR 1c060000
-#define KMI_0_INT 197
-#define KMI_1_ADDR 1c070000
-#define KMI_1_INT 103
-
-#define VIRTIO_BLOCK_ADDR 1c130000
-#define VIRTIO_BLOCK_INT 204
-
-#include "tc-common.dtsi"
-#if TARGET_FLAVOUR_FVP
-#include "tc-fvp.dtsi"
-#else
-#include "tc-fpga.dtsi"
-#endif /* TARGET_FLAVOUR_FVP */
-#include "tc-base.dtsi"
-
-/ {
- cpus {
-#if TARGET_FLAVOUR_FPGA
- cpu-map {
- cluster0 {
- core8 {
- cpu = <&CPU8>;
- };
- core9 {
- cpu = <&CPU9>;
- };
- core10 {
- cpu = <&CPU10>;
- };
- core11 {
- cpu = <&CPU11>;
- };
- core12 {
- cpu = <&CPU12>;
- };
- core13 {
- cpu = <&CPU13>;
- };
- };
- };
-#endif
-
- CPU2:cpu@200 {
- clocks = <&scmi_dvfs 0>;
- capacity-dmips-mhz = <LIT_CAPACITY>;
- };
-
- CPU3:cpu@300 {
- clocks = <&scmi_dvfs 0>;
- capacity-dmips-mhz = <LIT_CAPACITY>;
- };
-
- CPU6:cpu@600 {
- clocks = <&scmi_dvfs 1>;
- capacity-dmips-mhz = <MID_CAPACITY>;
- };
-
- CPU7:cpu@700 {
- clocks = <&scmi_dvfs 1>;
- capacity-dmips-mhz = <MID_CAPACITY>;
- };
-
-#if TARGET_FLAVOUR_FPGA
- CPU8:cpu@800 {
- device_type = "cpu";
- compatible = "arm,armv8";
- reg = <0x800>;
- enable-method = "psci";
- clocks = <&scmi_dvfs 1>;
- capacity-dmips-mhz = <MID_CAPACITY>;
- };
-
- CPU9:cpu@900 {
- device_type = "cpu";
- compatible = "arm,armv8";
- reg = <0x900>;
- enable-method = "psci";
- clocks = <&scmi_dvfs 2>;
- capacity-dmips-mhz = <BIG2_CAPACITY>;
- };
-
- CPU10:cpu@A00 {
- device_type = "cpu";
- compatible = "arm,armv8";
- reg = <0xA00>;
- enable-method = "psci";
- clocks = <&scmi_dvfs 2>;
- capacity-dmips-mhz = <BIG2_CAPACITY>;
- };
-
- CPU11:cpu@B00 {
- device_type = "cpu";
- compatible = "arm,armv8";
- reg = <0xB00>;
- enable-method = "psci";
- clocks = <&scmi_dvfs 2>;
- capacity-dmips-mhz = <BIG2_CAPACITY>;
- };
-
- CPU12:cpu@C00 {
- device_type = "cpu";
- compatible = "arm,armv8";
- reg = <0xC00>;
- enable-method = "psci";
- clocks = <&scmi_dvfs 3>;
- capacity-dmips-mhz = <BIG_CAPACITY>;
- };
-
- CPU13:cpu@D00 {
- device_type = "cpu";
- compatible = "arm,armv8";
- reg = <0xD00>;
- enable-method = "psci";
- clocks = <&scmi_dvfs 3>;
- capacity-dmips-mhz = <BIG_CAPACITY>;
- };
-#endif
- };
-
-#if TARGET_FLAVOUR_FPGA
- ete8 {
- compatible = "arm,embedded-trace-extension";
- cpu = <&CPU8>;
- };
-
- ete9 {
- compatible = "arm,embedded-trace-extension";
- cpu = <&CPU9>;
- };
-
- ete10 {
- compatible = "arm,embedded-trace-extension";
- cpu = <&CPU10>;
- };
-
- ete11 {
- compatible = "arm,embedded-trace-extension";
- cpu = <&CPU11>;
- };
-
- ete12 {
- compatible = "arm,embedded-trace-extension";
- cpu = <&CPU12>;
- };
-
- ete13 {
- compatible = "arm,embedded-trace-extension";
- cpu = <&CPU13>;
- };
-#endif /* TARGET_FLAVOUR_FPGA */
-
- cmn-pmu {
- compatible = "arm,ci-700";
- reg = <0x0 0x50000000 0x0 0x10000000>;
- interrupts = <GIC_SPI 460 IRQ_TYPE_LEVEL_HIGH 0>;
- };
-
- mbox_db_rx: mhu@MHU_RX_ADDR {
- arm,mhuv2-protocols = <0 1>;
- };
-
- mbox_db_tx: mhu@MHU_TX_ADDR {
- arm,mhuv2-protocols = <0 1>;
- };
-
- firmware {
- /*
- * TC2 does not have a P2A channel, but wiring one was needed to make Linux work
- * (by chance). At the time the SCMI driver did not support bidirectional
- * mailboxes so as a workaround, the A2P channel was wired for TX communication
- * and the synchronous replies would be read asyncrhonously as if coming from
- * the P2A channel, while being the actual A2P channel.
- *
- * This will not work with kernels > 5.15, but keep it around to keep TC2
- * working with its target kernel. Newer kernels will still work, but SCMI
- * won't as they check that the two regions are distinct.
- */
- scmi {
- mboxes = <&mbox_db_tx 0 0 &mbox_db_rx 0 0>;
- shmem = <&cpu_scp_scmi_a2p &cpu_scp_scmi_a2p>;
- };
- };
-
- gic: interrupt-controller@GIC_CTRL_ADDR {
- ppi-partitions {
- ppi_partition_little: interrupt-partition-0 {
- affinity = <&CPU0>, <&CPU1>, <&CPU2>, <&CPU3>;
- };
-
-#if TARGET_FLAVOUR_FVP
- ppi_partition_mid: interrupt-partition-1 {
- affinity = <&CPU4>, <&CPU5>, <&CPU6>;
- };
-
- ppi_partition_big: interrupt-partition-2 {
- affinity = <&CPU7>;
- };
-#elif TARGET_FLAVOUR_FPGA
- ppi_partition_mid: interrupt-partition-1 {
- affinity = <&CPU4>, <&CPU5>, <&CPU6>, <&CPU7>, <&CPU8>;
- };
-
- ppi_partition_big: interrupt-partition-2 {
- affinity = <&CPU9>, <&CPU10>, <&CPU11>, <&CPU12>, <&CPU13>;
- };
-#endif
- };
- };
-
- spe-pmu-big {
- status = "okay";
- };
-
- smmu_700: iommu@3f000000 {
- status = "okay";
- };
-
- dp0: display@DPU_ADDR {
-#if TC_SCMI_PD_CTRL_EN
- power-domains = <&scmi_devpd (PLAT_MAX_CPUS_PER_CLUSTER + 2)>;
-#endif
- iommus = <&smmu_700 0x100>;
- };
-
- gpu: gpu@2d000000 {
- interrupts = <GIC_SPI 66 IRQ_TYPE_LEVEL_HIGH 0>,
- <GIC_SPI 67 IRQ_TYPE_LEVEL_HIGH 0>,
- <GIC_SPI 65 IRQ_TYPE_LEVEL_HIGH 0>;
- interrupt-names = "JOB", "MMU", "GPU";
- iommus = <&smmu_700 0x200>;
- };
-};
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index 3707520..77660b7 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -251,7 +251,7 @@
#define ID_AA64DFR0_PMUVER_SHIFT U(8)
#define ID_AA64DFR0_PMUVER_MASK U(0xf)
#define ID_AA64DFR0_PMUVER_PMUV3 U(1)
-#define ID_AA64DFR0_PMUVER_PMUV3P8 U(8)
+#define ID_AA64DFR0_PMUVER_PMUV3P9 U(9)
#define ID_AA64DFR0_PMUVER_IMP_DEF U(0xf)
/* ID_AA64DFR0_EL1.SEBEP definitions */
@@ -606,6 +606,11 @@
#define SCTLR_EPAN_BIT (ULL(1) << 57)
#define SCTLR_RESET_VAL SCTLR_EL3_RES1
+#define SCTLR2_EnPACM_BIT (ULL(1) << 7)
+
+/* SCTLR2 currently has no RES1 fields so reset to 0 */
+#define SCTLR2_RESET_VAL ULL(0)
+
/* CPACR_EL1 definitions */
#define CPACR_EL1_FPEN(x) ((x) << 20)
#define CPACR_EL1_FP_TRAP_EL0 UL(0x1)
@@ -696,6 +701,7 @@
#define MDCR_NSPBE_BIT (ULL(1) << 11)
#define MDCR_TDOSA_BIT (ULL(1) << 10)
#define MDCR_TDA_BIT (ULL(1) << 9)
+#define MDCR_EnPM2_BIT (ULL(1) << 7)
#define MDCR_TPM_BIT (ULL(1) << 6)
#define MDCR_RLTE_BIT (ULL(1) << 0)
#define MDCR_EL3_RESET_VAL MDCR_MTPME_BIT
@@ -855,6 +861,7 @@
#define SPSR_PPEND_BIT BIT(33)
#define SPSR_EXLOCK_BIT_AARCH64 BIT_64(34)
#define SPSR_NZCV (SPSR_V_BIT | SPSR_C_BIT | SPSR_Z_BIT | SPSR_N_BIT)
+#define SPSR_PACM_BIT_AARCH64 BIT_64(35)
#define DISABLE_ALL_EXCEPTIONS \
(DAIF_FIQ_BIT | DAIF_IRQ_BIT | DAIF_ABT_BIT | DAIF_DBG_BIT)
@@ -1531,6 +1538,7 @@
/*******************************************************************************
* FEAT_SCTLR2 - Extension to SCTLR_ELx Registers
******************************************************************************/
+#define SCTLR2_EL3 S3_6_C1_C0_3
#define SCTLR2_EL2 S3_4_C1_C0_3
#define SCTLR2_EL1 S3_0_C1_C0_3
diff --git a/include/arch/aarch64/arch_features.h b/include/arch/aarch64/arch_features.h
index e3068d1..757ce06 100644
--- a/include/arch/aarch64/arch_features.h
+++ b/include/arch/aarch64/arch_features.h
@@ -146,6 +146,8 @@
* +----------------------------+
* | FEAT_MOPS |
* +----------------------------+
+ * | FEAT_PAUTH_LR |
+ * +----------------------------+
*/
__attribute__((always_inline))
@@ -196,6 +198,35 @@
CREATE_FEATURE_SUPPORTED(feat_pauth, is_feat_pauth_present, ENABLE_PAUTH)
CREATE_FEATURE_SUPPORTED(ctx_pauth, is_feat_pauth_present, CTX_INCLUDE_PAUTH_REGS)
+/*
+ * FEAT_PAUTH_LR
+ * This feature has a non-standard discovery method so define this function
+ * manually then call use the CREATE_FEATURE_SUPPORTED macro with it. This
+ * feature is enabled with ENABLE_PAUTH when present.
+ */
+__attribute__((always_inline))
+static inline bool is_feat_pauth_lr_present(void)
+{
+ /*
+ * FEAT_PAUTH_LR support is indicated by up to 3 fields, if one or more
+ * of these is 0b0110 then the feature is present.
+ * 1) id_aa64isr1_el1.api
+ * 2) id_aa64isr1_el1.apa
+ * 3) id_aa64isr2_el1.apa3
+ */
+ if (ISOLATE_FIELD(read_id_aa64isar1_el1(), ID_AA64ISAR1_API_SHIFT, ID_AA64ISAR1_API_MASK) == 0b0110) {
+ return true;
+ }
+ if (ISOLATE_FIELD(read_id_aa64isar1_el1(), ID_AA64ISAR1_APA_SHIFT, ID_AA64ISAR1_APA_MASK) == 0b0110) {
+ return true;
+ }
+ if (ISOLATE_FIELD(read_id_aa64isar2_el1(), ID_AA64ISAR2_APA3_SHIFT, ID_AA64ISAR2_APA3_MASK) == 0b0110) {
+ return true;
+ }
+ return false;
+}
+CREATE_FEATURE_SUPPORTED(feat_pauth_lr, is_feat_pauth_lr_present, ENABLE_FEAT_PAUTH_LR)
+
/* FEAT_TTST: Small translation tables */
CREATE_FEATURE_PRESENT(feat_ttst, id_aa64mmfr2_el1, ID_AA64MMFR2_EL1_ST_SHIFT,
ID_AA64MMFR2_EL1_ST_MASK, 1U)
diff --git a/include/arch/aarch64/arch_helpers.h b/include/arch/aarch64/arch_helpers.h
index 9419583..c885424 100644
--- a/include/arch/aarch64/arch_helpers.h
+++ b/include/arch/aarch64/arch_helpers.h
@@ -240,12 +240,11 @@
******************************************************************************/
static inline u_register_t xpaci(u_register_t arg)
{
- register u_register_t x0 asm("x0") = arg;
+ __asm__ (".arch armv8.3-a\n"
+ "xpaci %0\n"
+ : "+r" (arg));
- /* `xpaci x0` for compatibility with older compiler and/or older -march */
- __asm__ (".arch armv8.3-a; xpaci %0\n" : "+r" (x0));
-
- return x0;
+ return arg;
}
void flush_dcache_range(uintptr_t addr, size_t size);
@@ -733,6 +732,7 @@
/* FEAT_SCTLR2 Registers */
DEFINE_RENAME_SYSREG_RW_FUNCS(sctlr2_el1, SCTLR2_EL1)
DEFINE_RENAME_SYSREG_RW_FUNCS(sctlr2_el2, SCTLR2_EL2)
+DEFINE_RENAME_SYSREG_RW_FUNCS(sctlr2_el3, SCTLR2_EL3)
/* FEAT_LS64_ACCDATA Registers */
DEFINE_RENAME_SYSREG_RW_FUNCS(accdata_el1, ACCDATA_EL1)
diff --git a/include/arch/aarch64/asm_macros.S b/include/arch/aarch64/asm_macros.S
index da51bf8..8f1651d 100644
--- a/include/arch/aarch64/asm_macros.S
+++ b/include/arch/aarch64/asm_macros.S
@@ -230,7 +230,7 @@
*/
.macro read reg:req
#if ENABLE_BTI
- bti j
+ BTI j
#endif
mrs x0, \reg
ret
@@ -241,7 +241,7 @@
*/
.macro write reg:req
#if ENABLE_BTI
- bti j
+ BTI j
#endif
msr \reg, x1
ret
@@ -351,6 +351,11 @@
tst \reg, \clobber
.endm
+ .macro is_feat_sctlr2_present_asm reg:req
+ mrs \reg, ID_AA64MMFR3_EL1
+ ands \reg, \reg, #(ID_AA64MMFR3_EL1_SCTLR2_MASK << ID_AA64MMFR3_EL1_SCTLR2_SHIFT)
+ .endm
+
.macro call_reset_handler
#if !(defined(IMAGE_BL2) && ENABLE_RME)
/* ---------------------------------------------------------------------
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S
index 07dffb1..fce0f2c 100644
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@@ -45,6 +45,16 @@
msr sctlr_el3, x0
isb
+#if ENABLE_FEAT_SCTLR2
+#if ENABLE_FEAT_SCTLR2 > 1
+ is_feat_sctlr2_present_asm x1
+ beq feat_sctlr2_not_supported\@
+#endif
+ mov x1, #SCTLR2_RESET_VAL
+ msr SCTLR2_EL3, x1
+feat_sctlr2_not_supported\@:
+#endif
+
#ifdef IMAGE_BL31
/* ---------------------------------------------------------------------
* Initialise the per-cpu cache pointer to the CPU.
diff --git a/include/bl32/tsp/platform_tsp.h b/include/bl32/tsp/platform_tsp.h
index fe8a2c9..81a1a40 100644
--- a/include/bl32/tsp/platform_tsp.h
+++ b/include/bl32/tsp/platform_tsp.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -10,7 +10,8 @@
/*******************************************************************************
* Mandatory TSP functions (only if platform contains a TSP)
******************************************************************************/
-void tsp_early_platform_setup(void);
+void tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+ u_register_t arg2, u_register_t arg3);
void tsp_plat_arch_setup(void);
void tsp_platform_setup(void);
diff --git a/include/bl32/tsp/tsp.h b/include/bl32/tsp/tsp.h
index a63abf1..bc152e5 100644
--- a/include/bl32/tsp/tsp.h
+++ b/include/bl32/tsp/tsp.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -106,7 +106,8 @@
tsp_vector_isn_t abort_yield_smc_entry;
} tsp_vectors_t;
-void tsp_setup(void);
+void tsp_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+ u_register_t arg3);
#endif /* __ASSEMBLER__ */
diff --git a/include/common/asm_macros_common.S b/include/common/asm_macros_common.S
index fd0ea81..9172b55 100644
--- a/include/common/asm_macros_common.S
+++ b/include/common/asm_macros_common.S
@@ -7,6 +7,20 @@
#define ASM_MACROS_COMMON_S
/*
+ * Provide a wrapper for the "bti" instructions using the more
+ * compatible "hint" encoding, otherwise older toolchains would reject
+ * this when not compiled for a BTI capable machine (-march=armv8.5-a).
+ */
+ .macro BTI _targets
+ .ifc \_targets, j
+ hint #36
+ .endif
+ .ifc \_targets, jc
+ hint #38
+ .endif
+ .endm
+
+ /*
* This macro is used to create a function label and place the
* code into a separate text section based on the function name
* to enable elimination of unused code during linking. It also adds
@@ -42,7 +56,7 @@
/* When Branch Target Identification is enabled, insert "bti jc"
* instruction to enable indirect calls and branches
*/
- bti jc
+ BTI jc
#endif
.endm
diff --git a/include/drivers/measured_boot/event_log/event_handoff.h b/include/drivers/measured_boot/event_log/event_handoff.h
new file mode 100644
index 0000000..e969d1f
--- /dev/null
+++ b/include/drivers/measured_boot/event_log/event_handoff.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2025, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef HANDOFF_H
+#define HANDOFF_H
+
+#include <stdint.h>
+
+#include <lib/transfer_list.h>
+
+/**
+ * Initializes or extends the TPM event log in the transfer list.
+ *
+ * If an event log entry exists, attempts to resize it. Otherwise, adds a new entry.
+ * Copies old data if needed. Updates free to reflect available space.
+ *
+ * @param tl Pointer to the transfer list header.
+ * @param req_size Requested size (bytes)
+ * @param free Available size (bytes)
+ * @return Pointer to writable space in the log, or NULL on failure.
+ */
+uint8_t *transfer_list_event_log_extend(struct transfer_list_header *tl,
+ size_t req_size, size_t *free);
+
+/**
+ * Finalizes the event log after writing is complete.
+ *
+ * Resizes the event log to match actual data written, updates checksum,
+ * and flushes cache for the next stage.
+ *
+ * @param tl Pointer to the transfer list header.
+ * @param cursor End offset of written log data.
+ * @return Pointer to finalized log data (past reserved bytes), or NULL.
+ */
+uint8_t *transfer_list_event_log_finish(struct transfer_list_header *tl,
+ uintptr_t cursor);
+
+#define EVENT_LOG_RESERVED_BYTES U(4)
+
+#endif /* HANDOFF_H */
diff --git a/include/drivers/measured_boot/event_log/event_log.h b/include/drivers/measured_boot/event_log/event_log.h
index 50e4721..b5adfdc 100644
--- a/include/drivers/measured_boot/event_log/event_log.h
+++ b/include/drivers/measured_boot/event_log/event_log.h
@@ -11,6 +11,7 @@
#include <stdint.h>
#include <drivers/auth/crypto_mod.h>
+#include "event_handoff.h"
#include "tcg.h"
/*
diff --git a/include/drivers/mmc.h b/include/drivers/mmc.h
index e94693d..454a85a 100644
--- a/include/drivers/mmc.h
+++ b/include/drivers/mmc.h
@@ -19,29 +19,29 @@
#define MMC_ACMD(_x) U(_x)
-#define OCR_POWERUP BIT(31)
-#define OCR_HCS BIT(30)
-#define OCR_BYTE_MODE (U(0) << 29)
-#define OCR_SECTOR_MODE (U(2) << 29)
-#define OCR_ACCESS_MODE_MASK (U(3) << 29)
-#define OCR_3_5_3_6 BIT(23)
-#define OCR_3_4_3_5 BIT(22)
-#define OCR_3_3_3_4 BIT(21)
-#define OCR_3_2_3_3 BIT(20)
-#define OCR_3_1_3_2 BIT(19)
-#define OCR_3_0_3_1 BIT(18)
-#define OCR_2_9_3_0 BIT(17)
-#define OCR_2_8_2_9 BIT(16)
-#define OCR_2_7_2_8 BIT(15)
-#define OCR_VDD_MIN_2V7 GENMASK(23, 15)
-#define OCR_VDD_MIN_2V0 GENMASK(14, 8)
-#define OCR_VDD_MIN_1V7 BIT(7)
+#define OCR_POWERUP BIT_32(31U)
+#define OCR_HCS BIT_32(30U)
+#define OCR_BYTE_MODE (U(0) << 29U)
+#define OCR_SECTOR_MODE (U(2) << 29U)
+#define OCR_ACCESS_MODE_MASK (U(3) << 29U)
+#define OCR_3_5_3_6 BIT_32(23U)
+#define OCR_3_4_3_5 BIT_32(22U)
+#define OCR_3_3_3_4 BIT_32(21U)
+#define OCR_3_2_3_3 BIT_32(20U)
+#define OCR_3_1_3_2 BIT_32(19U)
+#define OCR_3_0_3_1 BIT_32(18U)
+#define OCR_2_9_3_0 BIT_32(17U)
+#define OCR_2_8_2_9 BIT_32(16U)
+#define OCR_2_7_2_8 BIT_32(15U)
+#define OCR_VDD_MIN_2V7 GENMASK_32(23U, 15U)
+#define OCR_VDD_MIN_2V0 GENMASK_32(14U, 8U)
+#define OCR_VDD_MIN_1V7 BIT_32(7U)
-#define MMC_RSP_48 BIT(0)
-#define MMC_RSP_136 BIT(1) /* 136 bit response */
-#define MMC_RSP_CRC BIT(2) /* expect valid crc */
-#define MMC_RSP_CMD_IDX BIT(3) /* response contains cmd idx */
-#define MMC_RSP_BUSY BIT(4) /* device may be busy */
+#define MMC_RSP_48 BIT_32(0U)
+#define MMC_RSP_136 BIT_32(1U) /* 136 bit response */
+#define MMC_RSP_CRC BIT_32(2U) /* expect valid crc */
+#define MMC_RSP_CMD_IDX BIT_32(3U) /* response contains cmd idx */
+#define MMC_RSP_BUSY BIT_32(4U) /* device may be busy */
/* JEDEC 4.51 chapter 6.12 */
#define MMC_RESPONSE_R1 (MMC_RSP_48 | MMC_RSP_CMD_IDX | MMC_RSP_CRC)
diff --git a/include/lib/cpus/aarch64/cpu_macros.S b/include/lib/cpus/aarch64/cpu_macros.S
index 5d2bb7b..402e07f 100644
--- a/include/lib/cpus/aarch64/cpu_macros.S
+++ b/include/lib/cpus/aarch64/cpu_macros.S
@@ -514,7 +514,7 @@
.align \_align
\_name:
#if ENABLE_BTI
- bti jc
+ BTI jc
#endif
.endm
diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h
index 4a856a7..aed85f5 100644
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -300,7 +300,8 @@
void arm_transfer_list_get_heap_info(void **heap_addr, size_t *heap_size);
/* TSP utility functions */
-void arm_tsp_early_platform_setup(void);
+void arm_tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+ u_register_t arg2, u_register_t arg3);
/* SP_MIN utility functions */
void arm_sp_min_early_platform_setup(u_register_t arg0, u_register_t arg1,
diff --git a/include/services/arm_arch_svc.h b/include/services/arm_arch_svc.h
index 699a8d7..10ac2f1 100644
--- a/include/services/arm_arch_svc.h
+++ b/include/services/arm_arch_svc.h
@@ -95,6 +95,12 @@
#define SCR_FEAT_AMUv1p1 (0)
#endif
+#if ENABLE_FEAT_TWED
+#define SCR_FEAT_TWED SCR_TWEDEn_BIT
+#else
+#define SCR_FEAT_TWED (0)
+#endif
+
#if ENABLE_FEAT_ECV
#define SCR_FEAT_ECV SCR_ECVEN_BIT
#else
@@ -119,7 +125,7 @@
#define SCR_FEAT_CSV2_2 (0)
#endif
-#if ENABLE_FEAT_RAS
+#if !RAS_TRAP_NS_ERR_REC_ACCESS
#define SCR_FEAT_RAS SCR_TERR_BIT
#else
#define SCR_FEAT_RAS (0)
@@ -182,6 +188,7 @@
SCR_FEAT_HCX | \
SCR_FEAT_LS64_ACCDATA | \
SCR_FEAT_AMUv1p1 | \
+ SCR_FEAT_TWED | \
SCR_FEAT_ECV | \
SCR_FEAT_FGT | \
SCR_FEAT_MTE2 | \
@@ -289,6 +296,7 @@
MDCR_FEAT_SPE | \
MDCR_TDOSA_BIT | \
MDCR_TDA_BIT | \
+ MDCR_EnPM2_BIT | \
MDCR_TPM_BIT | /* FEAT_PMUv3 */ \
MDCR_PLAT_FEATS)
#define MDCR_EL3_FLIPPED ( \
diff --git a/lib/aarch64/cache_helpers.S b/lib/aarch64/cache_helpers.S
index ff9a4e6..cc46c53 100644
--- a/lib/aarch64/cache_helpers.S
+++ b/lib/aarch64/cache_helpers.S
@@ -215,7 +215,7 @@
.macro dcsw_loop _op
#if ENABLE_BTI
- bti j
+ BTI j
#endif
loop2_\_op:
lsl w7, w6, w2 // w7 = aligned max set number
diff --git a/lib/extensions/pauth/pauth.c b/lib/extensions/pauth/pauth.c
index 2dd0d28..fbbcaa2 100644
--- a/lib/extensions/pauth/pauth.c
+++ b/lib/extensions/pauth/pauth.c
@@ -62,16 +62,25 @@
void __no_pauth pauth_enable_el3(void)
{
write_sctlr_el3(read_sctlr_el3() | SCTLR_EnIA_BIT);
+
+ if (is_feat_pauth_lr_supported()) {
+ write_sctlr2_el3(read_sctlr2_el3() | SCTLR2_EnPACM_BIT);
+ }
+
isb();
}
void __no_pauth pauth_enable_el1(void)
{
write_sctlr_el1(read_sctlr_el1() | SCTLR_EnIA_BIT);
+
+ if (is_feat_pauth_lr_supported()) {
+ write_sctlr2_el1(read_sctlr2_el1() | SCTLR2_EnPACM_BIT);
+ }
+
isb();
}
-/* Enable PAuth for EL2 */
void pauth_enable_el2(void)
{
u_register_t hcr_el2 = read_hcr_el2();
diff --git a/lib/extensions/pmuv3/aarch64/pmuv3.c b/lib/extensions/pmuv3/aarch64/pmuv3.c
index 61d1258..b47b664 100644
--- a/lib/extensions/pmuv3/aarch64/pmuv3.c
+++ b/lib/extensions/pmuv3/aarch64/pmuv3.c
@@ -78,11 +78,14 @@
* 1 | 1 | enabled | disabled only for counters 0 to
* MDCR_EL2.HPMN - 1. Enabled for the rest
*
+ * MDCR_EL3.EnPM2: Set to one so that various PMUv3p9 related system
+ * register accesses do not trap to EL3.
+ *
* MDCR_EL3.TPM: Set to zero so that EL0, EL1, and EL2 System register
* accesses to all Performance Monitors registers do not trap to EL3.
*/
- mdcr_el3_val = (mdcr_el3_val | MDCR_SCCD_BIT | MDCR_MCCD_BIT) &
- ~(MDCR_MPMX_BIT | MDCR_SPME_BIT | MDCR_TPM_BIT);
+ mdcr_el3_val |= MDCR_SCCD_BIT | MDCR_MCCD_BIT | MDCR_EnPM2_BIT;
+ mdcr_el3_val &= ~(MDCR_MPMX_BIT | MDCR_SPME_BIT | MDCR_TPM_BIT);
mdcr_el3_val = mtpmu_disable_el3(mdcr_el3_val);
write_ctx_reg(state, CTX_MDCR_EL3, mdcr_el3_val);
diff --git a/lib/libc/printf.c b/lib/libc/printf.c
index f8c4a26..2a4b9db 100644
--- a/lib/libc/printf.c
+++ b/lib/libc/printf.c
@@ -44,19 +44,19 @@
unsigned int rem;
/* num_buf is only large enough for radix >= 10 */
- if (radix < 10) {
+ if (radix < 10U) {
assert(0);
return 0;
}
do {
rem = (uint32_t)(unum % radix);
- if (rem < 0xa) {
+ if (rem < 0xaU) {
num_buf[i] = '0' + rem;
} else if (uppercase) {
- num_buf[i] = 'A' + (rem - 0xa);
+ num_buf[i] = 'A' + (rem - 0xaU);
} else {
- num_buf[i] = 'a' + (rem - 0xa);
+ num_buf[i] = 'a' + (rem - 0xaU);
}
i++;
unum /= radix;
diff --git a/make_helpers/arch_features.mk b/make_helpers/arch_features.mk
index 56bfb64..1561a59 100644
--- a/make_helpers/arch_features.mk
+++ b/make_helpers/arch_features.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2022-2024, Arm Limited. All rights reserved.
+# Copyright (c) 2022-2025, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -160,6 +160,11 @@
# direct setting. Use BRANCH_PROTECTION to enable PAUTH.
ENABLE_PAUTH ?= 0
+# FEAT_PAUTH_LR is an optional architectural feature, so this flag must be set
+# manually in addition to the BRANCH_PROTECTION flag which is used for other
+# branch protection and pointer authentication features.
+ENABLE_FEAT_PAUTH_LR ?= 0
+
# Include pointer authentication (ARMv8.3-PAuth) registers in cpu context. This
# must be set to 1 if the platform wants to use this feature in the Secure
# world. It is not necessary for use in the Non-secure world.
diff --git a/plat/arm/board/fvp/fvp_bl1_measured_boot.c b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
index 7e2d9cc..d6b6863 100644
--- a/plat/arm/board/fvp/fvp_bl1_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
@@ -8,11 +8,16 @@
#include <drivers/measured_boot/event_log/event_log.h>
#include <drivers/measured_boot/metadata.h>
-#include <plat/arm/common/plat_arm.h>
#include <tools_share/zero_oid.h>
+#include <plat/arm/common/plat_arm.h>
+
/* Event Log data */
+#if TRANSFER_LIST
+static uint8_t *event_log;
+#else
static uint8_t event_log[PLAT_ARM_EVENT_LOG_MAX_SIZE];
+#endif
/* FVP table with platform specific image IDs, names and PCRs */
const event_log_metadata_t fvp_event_log_metadata[] = {
@@ -20,14 +25,23 @@
{ TB_FW_CONFIG_ID, MBOOT_TB_FW_CONFIG_STRING, PCR_0 },
{ BL2_IMAGE_ID, MBOOT_BL2_IMAGE_STRING, PCR_0 },
- { EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
+ { EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
void bl1_plat_mboot_init(void)
{
- size_t event_log_max_size = PLAT_ARM_EVENT_LOG_MAX_SIZE;
+ size_t event_log_max_size;
int rc;
+#if TRANSFER_LIST
+ event_log = transfer_list_event_log_extend(
+ secure_tl, PLAT_ARM_EVENT_LOG_MAX_SIZE,
+ &event_log_max_size);
+ assert(event_log != NULL);
+#else
+ event_log_max_size = sizeof(event_log);
+#endif
+
rc = event_log_init(event_log, event_log + event_log_max_size);
if (rc < 0) {
ERROR("Failed to initialize event log (%d).\n", rc);
@@ -43,18 +57,28 @@
void bl1_plat_mboot_finish(void)
{
- size_t event_log_cur_size;
+ size_t event_log_cur_size = event_log_get_cur_size(event_log);
- event_log_cur_size = event_log_get_cur_size(event_log);
- int rc = arm_set_tb_fw_info((uintptr_t)event_log,
- event_log_cur_size,
- PLAT_ARM_EVENT_LOG_MAX_SIZE);
- if (rc != 0) {
- /*
- * It is a fatal error because on FVP platform, BL2 software
- * assumes that a valid Event Log buffer exist and it will use
- * same Event Log buffer to append image measurements.
- */
- panic();
+#if TRANSFER_LIST
+ uint8_t *rc = transfer_list_event_log_finish(
+ secure_tl, (uintptr_t)event_log + event_log_cur_size);
+
+ if (rc != NULL) {
+ return;
}
+#else
+ int rc = arm_set_tb_fw_info((uintptr_t)event_log, event_log_cur_size,
+ PLAT_ARM_EVENT_LOG_MAX_SIZE);
+ if (rc == 0) {
+ return;
+ }
+#endif
+
+ /*
+ * Panic if we fail to set up the event log for the next stage. This is a fatal
+ * error because, on the FVP platform, BL2 software assumes that a valid
+ * Event Log buffer exists and will use the same Event Log buffer to append image
+ * measurements.
+ */
+ panic();
}
diff --git a/plat/arm/board/fvp/fvp_bl2_measured_boot.c b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
index 28aef92..1fae0cf 100644
--- a/plat/arm/board/fvp/fvp_bl2_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -19,7 +19,7 @@
#include <plat/arm/common/plat_arm.h>
#include <plat/common/common_def.h>
-#if defined(SPD_tspd) || defined(SPD_opteed) || defined(SPD_spmd)
+#if !TRANSFER_LIST && (defined(SPD_tspd) || defined(SPD_opteed) || defined(SPD_spmd))
CASSERT(ARM_EVENT_LOG_DRAM1_SIZE >= PLAT_ARM_EVENT_LOG_MAX_SIZE, \
assert_res_eventlog_mem_insufficient);
#endif /* defined(SPD_tspd) || defined(SPD_opteed) || defined(SPD_spmd) */
@@ -61,10 +61,17 @@
{
uint8_t *event_log_start;
uint8_t *event_log_finish;
- size_t bl1_event_log_size;
- size_t event_log_max_size;
- int rc;
+ size_t bl1_event_log_size __unused;
+ size_t event_log_max_size __unused;
+ int rc __unused;
+#if TRANSFER_LIST
+ event_log_start = transfer_list_event_log_extend(
+ secure_tl, PLAT_ARM_EVENT_LOG_MAX_SIZE, &event_log_max_size);
+ event_log_finish = event_log_start + event_log_max_size;
+
+ event_log_base = (uintptr_t)event_log_start;
+#else
rc = arm_get_tb_fw_info(&event_log_base, &bl1_event_log_size,
&event_log_max_size);
if (rc != 0) {
@@ -82,10 +89,11 @@
* BL1 and BL2 share the same Event Log buffer and that BL2 will
* append its measurements after BL1's
*/
- event_log_start = (uint8_t *)((uintptr_t)event_log_base +
- bl1_event_log_size);
- event_log_finish = (uint8_t *)((uintptr_t)event_log_base +
- event_log_max_size);
+ event_log_start =
+ (uint8_t *)((uintptr_t)event_log_base + bl1_event_log_size);
+ event_log_finish =
+ (uint8_t *)((uintptr_t)event_log_base + event_log_max_size);
+#endif
event_log_init((uint8_t *)event_log_start, event_log_finish);
}
@@ -160,7 +168,7 @@
int rc;
/* Event Log address in Non-Secure memory */
- uintptr_t ns_log_addr;
+ uintptr_t ns_log_addr __unused;
/* Event Log filled size */
size_t event_log_cur_size;
@@ -172,6 +180,15 @@
event_log_cur_size = event_log_get_cur_size((uint8_t *)event_log_base);
+#if TRANSFER_LIST
+ /*
+ * Re-size the event log for the next stage and update the size to include
+ * the entire event log (i.e., not just what this stage has added.)
+ */
+ event_log_base = (uintptr_t)transfer_list_event_log_finish(
+ secure_tl, (uintptr_t)event_log_base + event_log_cur_size);
+ event_log_cur_size = event_log_get_cur_size((uint8_t *)event_log_base);
+#else
#if defined(SPD_tspd) || defined(SPD_opteed) || defined(SPD_spmd)
/* Copy Event Log to TZC secured DRAM memory */
(void)memcpy((void *)ARM_EVENT_LOG_DRAM1_BASE,
@@ -217,6 +234,7 @@
panic();
}
#endif /* defined(SPD_tspd) || defined(SPD_spmd) */
+#endif /* TRANSFER_LIST */
event_log_dump((uint8_t *)event_log_base, event_log_cur_size);
}
diff --git a/plat/arm/board/fvp/fvp_private.h b/plat/arm/board/fvp/fvp_private.h
index 9a51eb7..7e53a65 100644
--- a/plat/arm/board/fvp/fvp_private.h
+++ b/plat/arm/board/fvp/fvp_private.h
@@ -19,7 +19,6 @@
void fvp_interconnect_enable(void);
void fvp_interconnect_disable(void);
void fvp_timer_init(void);
-void tsp_early_platform_setup(void);
void fvp_pcpu_init(void);
void fvp_gic_driver_pre_init(void);
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index 854e48a..68ff0fe 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -206,7 +206,7 @@
# define PLAT_ARM_MMAP_ENTRIES 12
# define MAX_XLAT_TABLES 6
# else
-# define PLAT_ARM_MMAP_ENTRIES 11
+# define PLAT_ARM_MMAP_ENTRIES 12
# define MAX_XLAT_TABLES 5
# endif /* (IMAGE_BL2 && ENABLE_RME) */
#else
@@ -514,8 +514,12 @@
/* Account for additional measurements of secure partitions and SPM. */
#define PLAT_ARM_EVENT_LOG_MAX_SIZE UL(0x800)
#else
+#if defined(IMAGE_BL1) && TRANSFER_LIST
+#define PLAT_ARM_EVENT_LOG_MAX_SIZE UL(0x200)
+#else
#define PLAT_ARM_EVENT_LOG_MAX_SIZE UL(0x400)
#endif
+#endif
/*
* Maximum size of Event Log buffer used for DRTM
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index beb6d5d..8e8870c 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -292,7 +292,7 @@
plat/arm/board/fvp/fvp_ide_keymgmt.c
endif
-ifeq (${ENABLE_FEAT_RNG_TRAP},1)
+ifneq (${ENABLE_FEAT_RNG_TRAP},0)
BL31_SOURCES += plat/arm/board/fvp/fvp_sync_traps.c
endif
diff --git a/plat/arm/board/fvp/tsp/fvp_tsp_setup.c b/plat/arm/board/fvp/tsp/fvp_tsp_setup.c
index 3c8a963..53a84c6 100644
--- a/plat/arm/board/fvp/tsp/fvp_tsp_setup.c
+++ b/plat/arm/board/fvp/tsp/fvp_tsp_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,9 +8,10 @@
#include "../fvp_private.h"
-void tsp_early_platform_setup(void)
+void tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+ u_register_t arg2, u_register_t arg3)
{
- arm_tsp_early_platform_setup();
+ arm_tsp_early_platform_setup(arg0, arg1, arg2, arg3);
/* Initialize the platform config for future decision making */
fvp_config_setup();
diff --git a/plat/arm/board/tc/include/platform_def.h b/plat/arm/board/tc/include/platform_def.h
index 0216000..76bae38 100644
--- a/plat/arm/board/tc/include/platform_def.h
+++ b/plat/arm/board/tc/include/platform_def.h
@@ -258,11 +258,7 @@
#define TC_FLASH0_RO MAP_REGION_FLAT(V2M_FLASH0_BASE,\
V2M_FLASH0_SIZE, \
MT_DEVICE | MT_RO | MT_SECURE)
-#if TARGET_PLATFORM == 2
-#define PLAT_ARM_NSTIMER_FRAME_ID U(0)
-#else
#define PLAT_ARM_NSTIMER_FRAME_ID U(1)
-#endif
#define PLAT_ARM_TRUSTED_ROM_BASE 0x0
@@ -276,10 +272,7 @@
#define PLAT_ARM_NSRAM_SIZE 0x00008000 /* 64KB */
#endif /* TARGET_FLAVOUR_FPGA */
-#if TARGET_PLATFORM <= 2
-#define PLAT_ARM_DRAM2_BASE ULL(0x8080000000)
-#define PLAT_ARM_DRAM2_SIZE ULL(0x180000000)
-#elif TARGET_PLATFORM >= 3
+#if TARGET_PLATFORM >= 3
#if TC_FPGA_FS_IMG_IN_RAM
/* 10GB reserved for system+userdata+vendor images */
@@ -348,28 +341,19 @@
CSS_SCMI_PAYLOAD_SIZE_MAX)
#define PLAT_ARM_CLUSTER_COUNT U(1)
-#if TARGET_FLAVOUR_FPGA && TARGET_PLATFORM == 2
-#define PLAT_MAX_CPUS_PER_CLUSTER U(14)
-#else /* TARGET_FLAVOUR_FPGA && TARGET_PLATFORM == 2 */
#define PLAT_MAX_CPUS_PER_CLUSTER U(8)
-#endif /* TARGET_FLAVOUR_FPGA && TARGET_PLATFORM == 2 */
#define PLAT_MAX_PE_PER_CPU U(1)
#define PLATFORM_CORE_COUNT (PLAT_MAX_CPUS_PER_CLUSTER * PLAT_ARM_CLUSTER_COUNT)
/* Message Handling Unit (MHU) base addresses */
-#if TARGET_PLATFORM <= 2
- #define PLAT_CSS_MHU_BASE UL(0x45400000)
-#elif TARGET_PLATFORM >= 3
+#if TARGET_PLATFORM >= 3
#define PLAT_CSS_MHU_BASE UL(0x46000000)
#endif /* TARGET_PLATFORM >= 3 */
#define PLAT_MHUV2_BASE PLAT_CSS_MHU_BASE
/* AP<->RSS MHUs */
-#if TARGET_PLATFORM <= 2
-#define PLAT_RSE_AP_SND_MHU_BASE UL(0x2A840000)
-#define PLAT_RSE_AP_RCV_MHU_BASE UL(0x2A850000)
-#elif TARGET_PLATFORM == 3
+#if TARGET_PLATFORM == 3
#define PLAT_RSE_AP_SND_MHU_BASE UL(0x49000000)
#define PLAT_RSE_AP_RCV_MHU_BASE UL(0x49100000)
#elif TARGET_PLATFORM == 4
@@ -403,36 +387,6 @@
*/
#define PLAT_CSS_MAX_SCP_BL2U_SIZE 0x30000
-#if TARGET_PLATFORM <= 2
-/* TZC Related Constants */
-#define PLAT_ARM_TZC_BASE UL(0x25000000)
-#define PLAT_ARM_TZC_FILTERS TZC_400_REGION_ATTR_FILTER_BIT(0)
-
-#define TZC400_OFFSET UL(0x1000000)
-#define TZC400_COUNT 4
-
-#define TZC400_BASE(n) (PLAT_ARM_TZC_BASE + \
- (n * TZC400_OFFSET))
-
-#define TZC_NSAID_DEFAULT U(0)
-
-#define PLAT_ARM_TZC_NS_DEV_ACCESS \
- (TZC_REGION_ACCESS_RDWR(TZC_NSAID_DEFAULT))
-
-/*
- * The first region below, TC_TZC_DRAM1_BASE (0xf9000000) to
- * ARM_SCP_TZC_DRAM1_END (0xffffffff) will mark the last 112 MB of DRAM as
- * secure. The second and third regions gives non secure access to rest of DRAM.
- */
-#define TC_TZC_REGIONS_DEF \
- {TC_TZC_DRAM1_BASE, ARM_SCP_TZC_DRAM1_END, \
- TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS}, \
- {TC_NS_DRAM1_BASE, TC_NS_DRAM1_END, ARM_TZC_NS_DRAM_S_ACCESS, \
- PLAT_ARM_TZC_NS_DEV_ACCESS}, \
- {PLAT_ARM_DRAM2_BASE, PLAT_ARM_DRAM2_END, \
- ARM_TZC_NS_DRAM_S_ACCESS, PLAT_ARM_TZC_NS_DEV_ACCESS}
-#endif
-
/* virtual address used by dynamic mem_protect for chunk_base */
#define PLAT_ARM_MEM_PROTEC_VA_FRAME UL(0xc0000000)
@@ -468,13 +422,11 @@
#undef ARM_CONSOLE_BAUDRATE
#define ARM_CONSOLE_BAUDRATE 38400
-#if TARGET_PLATFORM <= 2
-#define TC_UARTCLK 5000000
-#elif TARGET_PLATFORM == 3
+#if TARGET_PLATFORM == 3
#define TC_UARTCLK 3750000
#elif TARGET_PLATFORM == 4
#define TC_UARTCLK 4000000
-#endif /* TARGET_PLATFORM <=2 */
+#endif /* TARGET_PLATFORM == 3 */
#if TARGET_FLAVOUR_FVP
diff --git a/plat/arm/board/tc/include/tc_helpers.S b/plat/arm/board/tc/include/tc_helpers.S
index cc2f760..9a8172a 100644
--- a/plat/arm/board/tc/include/tc_helpers.S
+++ b/plat/arm/board/tc/include/tc_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2024, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2024-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -74,10 +74,6 @@
ret
endfunc enable_dsu_pmu_el1_access
-func TC_HANDLER(2)
- ret
-endfunc TC_HANDLER(2)
-
func TC_HANDLER(3)
mov x9, lr
bl mark_extllc_presence
diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk
index bbccce6..b29f0d6 100644
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@@ -67,15 +67,10 @@
endif
endif
-ifneq ($(shell expr $(TARGET_PLATFORM) \<= 1), 0)
+ifneq ($(shell expr $(TARGET_PLATFORM) \<= 2), 0)
$(error Platform ${PLAT}$(TARGET_PLATFORM) is no longer available.)
endif
-ifneq ($(shell expr $(TARGET_PLATFORM) = 2), 0)
- $(warning Platform ${PLAT}$(TARGET_PLATFORM) is deprecated. \
- Some of the features might not work as expected)
-endif
-
ifeq ($(shell expr $(TARGET_PLATFORM) \<= 4), 0)
$(error TARGET_PLATFORM must be less than or equal to 4)
endif
@@ -109,35 +104,13 @@
# Save DSU PMU registers on cluster off and restore them on cluster on
PRESERVE_DSU_PMU_REGS := 1
-# Specify MHU type based on platform
-ifneq ($(filter ${TARGET_PLATFORM}, 2),)
- PLAT_MHU := MHUv2
-else
- PLAT_MHU := MHUv3
-endif
+PLAT_MHU := MHUv3
TC_BASE = plat/arm/board/tc
PLAT_INCLUDES += -I${TC_BASE}/include/ \
-I${TC_BASE}/fdts/
-# CPU libraries for TARGET_PLATFORM=1
-ifeq (${TARGET_PLATFORM}, 1)
-TC_CPU_SOURCES += lib/cpus/aarch64/cortex_a510.S \
- lib/cpus/aarch64/cortex_a715.S \
- lib/cpus/aarch64/cortex_x3.S
-endif
-
-# CPU libraries for TARGET_PLATFORM=2
-ifeq (${TARGET_PLATFORM}, 2)
-ERRATA_A520_2938996 := 1
-ERRATA_X4_2726228 := 1
-
-TC_CPU_SOURCES += lib/cpus/aarch64/cortex_a520.S \
- lib/cpus/aarch64/cortex_a720.S \
- lib/cpus/aarch64/cortex_x4.S
-endif
-
# CPU libraries for TARGET_PLATFORM=3
ifeq (${TARGET_PLATFORM}, 3)
ERRATA_A520_2938996 := 1
@@ -183,10 +156,6 @@
drivers/arm/tzc/tzc400.c \
plat/arm/common/arm_nor_psci_mem_protect.c
-ifeq ($(shell test $(TARGET_PLATFORM) -le 2; echo $$?),0)
-BL2_SOURCES += plat/arm/common/arm_tzc400.c
-endif
-
BL31_SOURCES += ${INTERCONNECT_SOURCES} \
${TC_CPU_SOURCES} \
${TC_BASE}/tc_bl31_setup.c \
diff --git a/plat/arm/board/tc/tc_bl31_setup.c b/plat/arm/board/tc/tc_bl31_setup.c
index a358390..7f2014b 100644
--- a/plat/arm/board/tc/tc_bl31_setup.c
+++ b/plat/arm/board/tc/tc_bl31_setup.c
@@ -54,15 +54,6 @@
}
#endif /* PLATFORM_TEST_TFM_TESTSUITE */
-#if TARGET_PLATFORM <= 2
-static scmi_channel_plat_info_t tc_scmi_plat_info = {
- .scmi_mbx_mem = CSS_SCMI_PAYLOAD_BASE,
- .db_reg_addr = PLAT_CSS_MHU_BASE + SENDER_REG_SET(0),
- .db_preserve_mask = 0xfffffffe,
- .db_modify_mask = 0x1,
- .ring_doorbell = &mhuv2_ring_doorbell,
-};
-#elif TARGET_PLATFORM >= 3
static scmi_channel_plat_info_t tc_scmi_plat_info = {
.scmi_mbx_mem = CSS_SCMI_PAYLOAD_BASE,
.db_reg_addr = PLAT_CSS_MHU_BASE + MHU_V3_SENDER_REG_SET(0),
@@ -70,7 +61,6 @@
.db_modify_mask = 0x1,
.ring_doorbell = &mhu_ring_doorbell,
};
-#endif
/* the bottom 3 AMU group 1 counters */
#define MPMM_GEARS ((1 << 0) | (1 << 1) | (1 << 2))
diff --git a/plat/arm/board/tc/tc_security.c b/plat/arm/board/tc/tc_security.c
index 7c7a1a1..804a35b 100644
--- a/plat/arm/board/tc/tc_security.c
+++ b/plat/arm/board/tc/tc_security.c
@@ -7,21 +7,8 @@
#include <plat/arm/common/plat_arm.h>
#include <platform_def.h>
-#if (TARGET_PLATFORM <= 2)
-static const arm_tzc_regions_info_t tzc_regions[] = {
- TC_TZC_REGIONS_DEF,
- {}
-};
-#endif
-
/* Initialize the secure environment */
void plat_arm_security_setup(void)
{
-#if (TARGET_PLATFORM <= 2)
- unsigned int i;
- for (i = 0U; i < TZC400_COUNT; i++) {
- arm_tzc400_setup(TZC400_BASE(i), tzc_regions);
- }
-#endif
}
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index bd3946c..522017f 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -320,6 +320,13 @@
void arm_bl2_setup_next_ep_info(bl_mem_params_node_t *next_param_node)
{
entry_point_info_t *ep __unused;
+
+ /*
+ * Information might have been added to the TL before this (i.e. event log)
+ * make sure the checksum is up to date.
+ */
+ transfer_list_update_checksum(secure_tl);
+
ep = transfer_list_set_handoff_args(secure_tl,
&next_param_node->ep_info);
assert(ep != NULL);
diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c
index 82f96ba..f196269 100644
--- a/plat/arm/common/arm_bl31_setup.c
+++ b/plat/arm/common/arm_bl31_setup.c
@@ -133,7 +133,12 @@
}
#endif
else {
+#if TRANSFER_LIST && !RESET_TO_BL31
+ next_image_info = transfer_list_set_handoff_args(
+ secure_tl, &bl32_image_ep_info);
+#else
next_image_info = &bl32_image_ep_info;
+#endif
}
/*
@@ -394,6 +399,16 @@
te = transfer_list_add(ns_tl, TL_TAG_FDT, te->data_size,
transfer_list_entry_data(te));
assert(te != NULL);
+
+ te = transfer_list_find(secure_tl, TL_TAG_TPM_EVLOG);
+ if (te != NULL) {
+ te = transfer_list_add(ns_tl, TL_TAG_TPM_EVLOG, te->data_size,
+ transfer_list_entry_data(te));
+ if (te == NULL) {
+ ERROR("Failed to load event log in Non-Secure transfer list\n");
+ panic();
+ }
+ }
#endif /* TRANSFER_LIST && !RESET_TO_BL31 */
#if RESET_TO_BL31
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index d3c2a96..418a9d8 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -456,6 +456,9 @@
ifeq (${MEASURED_BOOT},1)
BL1_SOURCES += ${EVENT_LOG_SOURCES}
BL2_SOURCES += ${EVENT_LOG_SOURCES}
+ ifeq (${SPD_tspd},1)
+ BL32_SOURCES += ${EVENT_LOG_SOURCES}
+ endif
endif
ifeq (${DRTM_SUPPORT},1)
diff --git a/plat/arm/common/tsp/arm_tsp.mk b/plat/arm/common/tsp/arm_tsp.mk
index 4ad77c6..d7592df 100644
--- a/plat/arm/common/tsp/arm_tsp.mk
+++ b/plat/arm/common/tsp/arm_tsp.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2025, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -8,3 +8,10 @@
BL32_SOURCES += plat/arm/common/arm_topology.c \
plat/arm/common/tsp/arm_tsp_setup.c \
plat/common/aarch64/platform_mp_stack.S
+
+ifeq (${TRANSFER_LIST},1)
+BL32_SOURCES += $(TRANSFER_LIST_SOURCES)
+ifeq (${MEASURED_BOOT},1)
+BL32_SOURCES += $(EVENT_LOG_SOURCES)
+endif
+endif
diff --git a/plat/arm/common/tsp/arm_tsp_setup.c b/plat/arm/common/tsp/arm_tsp_setup.c
index 4f45579..d018dee 100644
--- a/plat/arm/common/tsp/arm_tsp_setup.c
+++ b/plat/arm/common/tsp/arm_tsp_setup.c
@@ -13,6 +13,9 @@
#include <common/debug.h>
#include <drivers/arm/pl011.h>
#include <drivers/console.h>
+#if TRANSFER_LIST && MEASURED_BOOT
+#include <drivers/measured_boot/event_log/event_log.h>
+#endif
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
@@ -26,13 +29,32 @@
BL32_END - BL32_BASE, \
MT_MEMORY | MT_RW | MT_SECURE)
+#define MAP_FW_HANDOFF MAP_REGION_FLAT( \
+ PLAT_ARM_EL3_FW_HANDOFF_BASE, \
+ PLAT_ARM_FW_HANDOFF_SIZE, \
+ MT_MEMORY | MT_RO | MT_SECURE)
+
+struct transfer_list_header *secure_tl __unused;
+
/*******************************************************************************
* Initialize the UART
******************************************************************************/
static console_t arm_tsp_runtime_console;
-void arm_tsp_early_platform_setup(void)
+void arm_tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+ u_register_t arg2, u_register_t arg3)
{
+#if TRANSFER_LIST
+ secure_tl = (struct transfer_list_header *)arg3;
+ assert(secure_tl != NULL);
+
+ if (transfer_list_check_header(secure_tl) == TL_OPS_NON) {
+ ERROR("Invalid transfer list received");
+ transfer_list_dump(secure_tl);
+ panic();
+ }
+#endif
+
/*
* Initialize a different console than already in use to display
* messages from TSP
@@ -41,16 +63,18 @@
PLAT_ARM_TSP_UART_CLK_IN_HZ,
ARM_CONSOLE_BAUDRATE,
&arm_tsp_runtime_console);
- if (rc == 0)
+ if (rc == 0) {
panic();
+ }
console_set_scope(&arm_tsp_runtime_console,
CONSOLE_FLAG_BOOT | CONSOLE_FLAG_RUNTIME);
}
-void tsp_early_platform_setup(void)
+void tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+ u_register_t arg2, u_register_t arg3)
{
- arm_tsp_early_platform_setup();
+ arm_tsp_early_platform_setup(arg0, arg1, arg2, arg3);
}
/*******************************************************************************
@@ -58,6 +82,8 @@
******************************************************************************/
void tsp_platform_setup(void)
{
+ struct transfer_list_entry *te __unused;
+
/*
* On GICv2 the driver must be initialised before calling the plat_ic_*
* functions as they need the data structures. Higher versions don't.
@@ -65,6 +91,17 @@
#if USE_GIC_DRIVER == 2
gic_init(plat_my_core_pos());
#endif
+
+#if TRANSFER_LIST && MEASURED_BOOT
+ te = transfer_list_find(secure_tl, TL_TAG_TPM_EVLOG);
+ assert(te != NULL);
+
+ /*
+ * Note the actual log is offset 4-bytes from the start of entry data, the
+ * first bytes are reserved.
+ */
+ event_log_dump(transfer_list_entry_data(te) + U(4), te->data_size - U(4));
+#endif
}
/*******************************************************************************
@@ -81,6 +118,9 @@
const mmap_region_t bl_regions[] = {
MAP_BL_TSP_TOTAL,
ARM_MAP_BL_RO,
+#if TRANSFER_LIST
+ MAP_FW_HANDOFF,
+#endif
{0}
};
diff --git a/plat/mediatek/build_helpers/options.mk b/plat/mediatek/build_helpers/options.mk
index 75cc80a..c55f50e 100644
--- a/plat/mediatek/build_helpers/options.mk
+++ b/plat/mediatek/build_helpers/options.mk
@@ -1,27 +1,30 @@
#
-# Copyright (c) 2022-2023, MediaTek Inc. All rights reserved.
+# Copyright (c) 2022-2025, MediaTek Inc. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
# call add_defined_option to evaluate MTK defined value
-$(eval $(call add_defined_option,MTK_SIP_KERNEL_BOOT_ENABLE))
-$(eval $(call add_defined_option,PLAT_EXTRA_RODATA_INCLUDES))
-$(eval $(call add_defined_option,MTK_EXTRA_LINKERFILE))
-$(eval $(call add_defined_option,MTK_BL31_AS_BL2))
-$(eval $(call add_defined_option,MTK_BL33_IS_64BIT))
-$(eval $(call add_defined_option,PLAT_XLAT_TABLES_DYNAMIC))
-$(eval $(call add_defined_option,MTK_ADAPTED))
-$(eval $(call add_defined_option,MTK_PUBEVENT_ENABLE))
-$(eval $(call add_defined_option,MTK_SOC))
-$(eval $(call add_defined_option,UART_CLOCK))
-$(eval $(call add_defined_option,UART_BAUDRATE))
-$(eval $(call add_defined_option,CONFIG_MTK_MCUSYS))
-$(eval $(call add_defined_option,CONFIG_MTK_PM_SUPPORT))
-$(eval $(call add_defined_option,CONFIG_MTK_CPU_PM_SUPPORT))
-$(eval $(call add_defined_option,CONFIG_MTK_SMP_EN))
-$(eval $(call add_defined_option,CONFIG_MTK_CPU_SUSPEND_EN))
-$(eval $(call add_defined_option,CONFIG_MTK_PM_ARCH))
-$(eval $(call add_defined_option,CONFIG_MTK_CPU_PM_ARCH))
-$(eval $(call add_defined_option,CONFIG_MTK_SUPPORT_SYSTEM_SUSPEND))
-$(eval $(call add_defined_option,CONFIG_MTK_MTCMOS))
+DEFINED_OPTIONS := \
+ CONFIG_MTK_CPU_PM_ARCH \
+ CONFIG_MTK_CPU_PM_SUPPORT \
+ CONFIG_MTK_CPU_SUSPEND_EN \
+ CONFIG_MTK_MCUSYS \
+ CONFIG_MTK_MTCMOS \
+ CONFIG_MTK_PM_ARCH \
+ CONFIG_MTK_PM_SUPPORT \
+ CONFIG_MTK_SMP_EN \
+ CONFIG_MTK_SUPPORT_SYSTEM_SUSPEND \
+ MTK_ADAPTED \
+ MTK_BL31_AS_BL2 \
+ MTK_BL33_IS_64BIT \
+ MTK_EXTRA_LINKERFILE \
+ MTK_PUBEVENT_ENABLE \
+ MTK_SIP_KERNEL_BOOT_ENABLE \
+ MTK_SOC \
+ PLAT_EXTRA_RODATA_INCLUDES \
+ PLAT_XLAT_TABLES_DYNAMIC \
+ UART_BAUDRATE \
+ UART_CLOCK
+
+$(foreach opt, $(DEFINED_OPTIONS),$(eval $(call add_defined_option,$(opt))))
diff --git a/plat/qti/msm8916/tsp/msm8916_tsp_setup.c b/plat/qti/msm8916/tsp/msm8916_tsp_setup.c
index 218af57..88d3c93 100644
--- a/plat/qti/msm8916/tsp/msm8916_tsp_setup.c
+++ b/plat/qti/msm8916/tsp/msm8916_tsp_setup.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2023, Stephan Gerhold <stephan@gerhold.net>
+ * Copyright (c) 2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -10,7 +11,8 @@
#include "../msm8916_setup.h"
#include <platform_def.h>
-void tsp_early_platform_setup(void)
+void tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+ u_register_t arg2, u_register_t arg3)
{
msm8916_early_platform_setup();
}
diff --git a/plat/socionext/uniphier/tsp/uniphier_tsp_setup.c b/plat/socionext/uniphier/tsp/uniphier_tsp_setup.c
index 4bbb259..31583b5 100644
--- a/plat/socionext/uniphier/tsp/uniphier_tsp_setup.c
+++ b/plat/socionext/uniphier/tsp/uniphier_tsp_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -15,7 +15,8 @@
static unsigned int uniphier_soc = UNIPHIER_SOC_UNKNOWN;
-void tsp_early_platform_setup(void)
+void tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+ u_register_t arg2, u_register_t arg3)
{
uniphier_soc = uniphier_get_soc_id();
if (uniphier_soc == UNIPHIER_SOC_UNKNOWN)
diff --git a/plat/xilinx/common/pm_service/pm_ipi.c b/plat/xilinx/common/pm_service/pm_ipi.c
index 610acc7..7a3e72f 100644
--- a/plat/xilinx/common/pm_service/pm_ipi.c
+++ b/plat/xilinx/common/pm_service/pm_ipi.c
@@ -27,7 +27,7 @@
* power down. Therefore, there is no doubt to use the spin_lock here.
*/
#if !HW_ASSISTED_COHERENCY
-DEFINE_BAKERY_LOCK(pm_secure_lock);
+static DEFINE_BAKERY_LOCK(pm_secure_lock);
static inline void pm_ipi_lock_get(void)
{
bakery_lock_get(&pm_secure_lock);
diff --git a/plat/xilinx/common/tsp/tsp_plat_setup.c b/plat/xilinx/common/tsp/tsp_plat_setup.c
index 21c29c3..5df4b6e 100644
--- a/plat/xilinx/common/tsp/tsp_plat_setup.c
+++ b/plat/xilinx/common/tsp/tsp_plat_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2025, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2023, Advanced Micro Devices. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -17,7 +17,8 @@
/*******************************************************************************
* Initialize the UART
******************************************************************************/
-void tsp_early_platform_setup(void)
+void tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+ u_register_t arg2, u_register_t arg3)
{
/*
* Register a different console than already in use to display
diff --git a/plat/xilinx/versal/pm_service/pm_client.c b/plat/xilinx/versal/pm_service/pm_client.c
index de2cac8..77e3fb0 100644
--- a/plat/xilinx/versal/pm_service/pm_client.c
+++ b/plat/xilinx/versal/pm_service/pm_client.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2019-2022, Xilinx, Inc. All rights reserved.
- * Copyright (c) 2022-2024, Advanced Micro Devices, Inc. All rights reserved.
+ * Copyright (c) 2022-2025, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -28,7 +28,7 @@
#define UNDEFINED_CPUID (~0U)
-DEFINE_BAKERY_LOCK(pm_client_secure_lock);
+static DEFINE_BAKERY_LOCK(pm_client_secure_lock);
static const struct pm_ipi apu_ipi = {
.local_ipi_id = IPI_LOCAL_ID,
diff --git a/plat/xilinx/versal_net/bl31_versal_net_setup.c b/plat/xilinx/versal_net/bl31_versal_net_setup.c
index d131a92..2308a75 100644
--- a/plat/xilinx/versal_net/bl31_versal_net_setup.c
+++ b/plat/xilinx/versal_net/bl31_versal_net_setup.c
@@ -1,7 +1,7 @@
/*
* Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2018-2022, Xilinx, Inc. All rights reserved.
- * Copyright (c) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
+ * Copyright (c) 2022-2025, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -203,14 +203,28 @@
return ret;
}
+#if SDEI_SUPPORT
+static int rdo_el3_interrupt_handler(uint32_t id, uint32_t flags,
+ void *handle, void *cookie)
+#else
static uint64_t rdo_el3_interrupt_handler(uint32_t id, uint32_t flags,
void *handle, void *cookie)
+#endif
{
uint32_t intr_id;
uint32_t i;
interrupt_type_handler_t handler = NULL;
+#if SDEI_SUPPORT
+ /* when SDEI_SUPPORT is enabled, ehf_el3_interrupt_handler
+ * reads the interrupt id prior to calling the
+ * rdo_el3_interrupt_handler and passes that id to the
+ * handler.
+ */
+ intr_id = id;
+#else
intr_id = plat_ic_get_pending_interrupt_id();
+#endif
for (i = 0; i < MAX_INTR_EL3; i++) {
if (intr_id == type_el3_interrupt_table[i].id) {
@@ -236,6 +250,7 @@
void bl31_plat_runtime_setup(void)
{
+#if !SDEI_SUPPORT
uint64_t flags = 0;
int32_t rc;
@@ -245,6 +260,9 @@
if (rc != 0) {
panic();
}
+#else
+ ehf_register_priority_handler(PLAT_IPI_PRI, rdo_el3_interrupt_handler);
+#endif
}
/*
diff --git a/plat/xilinx/versal_net/include/platform_def.h b/plat/xilinx/versal_net/include/platform_def.h
index ae49450..461fda8 100644
--- a/plat/xilinx/versal_net/include/platform_def.h
+++ b/plat/xilinx/versal_net/include/platform_def.h
@@ -1,7 +1,7 @@
/*
* Copyright (c) 2018-2020, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2021-2022, Xilinx, Inc. All rights reserved.
- * Copyright (c) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
+ * Copyright (c) 2022-2025, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -10,6 +10,7 @@
#define PLATFORM_DEF_H
#include <arch.h>
+#include <drivers/arm/gic_common.h>
#include <plat_common.h>
#include "versal_net_def.h"
@@ -119,6 +120,24 @@
#define PLAT_ARM_GICD_BASE U(0xE2000000)
#define PLAT_ARM_GICR_BASE U(0xE2060000)
+/* interrupt priorities when SDEI is enabled:
+ * RAS in future is planned to have highest priority (lower value 0x10)
+ * followed by IPI and SDEI exceptions in a step of 0x10.
+ */
+
+#if SDEI_SUPPORT
+#define VERSAL_NET_SDEI_SGI_PRIVATE U(8)
+#define PLAT_SDEI_CRITICAL_PRI 0x30
+#define PLAT_SDEI_NORMAL_PRI 0x40
+#define PLAT_PRI_BITS U(3)
+#define PLAT_IPI_PRI 0x20
+
+#define PLAT_EHF_DESC EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_IPI_PRI)
+
+#define VERSAL_NET_SDEI_SH_EVENT_0 U(200)
+#define VERSAL_NET_SDEI_PRV_EV U(201)
+#endif
+
/*
* Define a list of Group 1 Secure and Group 0 interrupts as per GICv3
* terminology. On a GICv2 system or mode, the lists will be merged and treated
@@ -127,6 +146,19 @@
#define PLAT_VERSAL_NET_IPI_IRQ 89
#define PLAT_VERSAL_IPI_IRQ PLAT_VERSAL_NET_IPI_IRQ
+#if SDEI_SUPPORT
+#define PLAT_ARM_G1S_IRQ_PROPS(grp) \
+ INTR_PROP_DESC(VERSAL_NET_IRQ_SEC_PHY_TIMER, PLAT_IPI_PRI, grp, \
+ GIC_INTR_CFG_LEVEL)
+
+#define PLAT_ARM_G0_IRQ_PROPS(grp) \
+ INTR_PROP_DESC(PLAT_VERSAL_IPI_IRQ, PLAT_IPI_PRI, grp, \
+ GIC_INTR_CFG_EDGE), \
+ INTR_PROP_DESC(CPU_PWR_DOWN_REQ_INTR, PLAT_IPI_PRI, grp, \
+ GIC_INTR_CFG_EDGE), \
+ INTR_PROP_DESC(VERSAL_NET_SDEI_SGI_PRIVATE, PLAT_SDEI_NORMAL_PRI, grp, \
+ GIC_INTR_CFG_EDGE)
+#else
#define PLAT_ARM_G1S_IRQ_PROPS(grp) \
INTR_PROP_DESC(VERSAL_NET_IRQ_SEC_PHY_TIMER, GIC_HIGHEST_SEC_PRIORITY, grp, \
GIC_INTR_CFG_LEVEL)
@@ -136,6 +168,7 @@
GIC_INTR_CFG_EDGE), \
INTR_PROP_DESC(CPU_PWR_DOWN_REQ_INTR, GIC_HIGHEST_SEC_PRIORITY, grp, \
GIC_INTR_CFG_EDGE)
+#endif
#define IRQ_MAX 200U
diff --git a/plat/xilinx/versal_net/platform.mk b/plat/xilinx/versal_net/platform.mk
index eda3e36..5e8f2b4 100644
--- a/plat/xilinx/versal_net/platform.mk
+++ b/plat/xilinx/versal_net/platform.mk
@@ -145,3 +145,10 @@
${LIBFDT_SRCS} \
${PLAT_PATH}/sip_svc_setup.c \
${XLAT_TABLES_LIB_SRCS}
+
+SDEI_SUPPORT := 0
+EL3_EXCEPTION_HANDLING := $(SDEI_SUPPORT)
+ifeq (${SDEI_SUPPORT},1)
+BL31_SOURCES += plat/common/aarch64/plat_ehf.c \
+ plat/xilinx/versal_net/versal_net_sdei.c
+endif
diff --git a/plat/xilinx/versal_net/versal_net_sdei.c b/plat/xilinx/versal_net/versal_net_sdei.c
new file mode 100644
index 0000000..e42c066
--- /dev/null
+++ b/plat/xilinx/versal_net/versal_net_sdei.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2025, Advanced Micro Devices, Inc. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#include <bl31/ehf.h>
+#include <common/debug.h>
+#include <plat/common/platform.h>
+#include <services/sdei.h>
+
+#include <platform_def.h>
+
+int arm_validate_ns_entrypoint(uintptr_t entrypoint)
+{
+ int ret;
+ uintptr_t base = BL31_BASE;
+ uintptr_t limit = BL31_LIMIT;
+
+ ret = ((entrypoint < base) || (entrypoint > limit)) ? 0 : -1;
+ return ret;
+}
+
+/* Private event mappings */
+static sdei_ev_map_t versal_net_sdei_private[] = {
+ SDEI_DEFINE_EVENT_0(VERSAL_NET_SDEI_SGI_PRIVATE),
+ SDEI_PRIVATE_EVENT(VERSAL_NET_SDEI_PRV_EV, SDEI_DYN_IRQ, SDEI_MAPF_DYNAMIC),
+};
+
+/* Shared event mappings */
+static sdei_ev_map_t versal_net_sdei_shared[] = {
+ SDEI_SHARED_EVENT(VERSAL_NET_SDEI_SH_EVENT_0, SDEI_DYN_IRQ, SDEI_MAPF_DYNAMIC),
+};
+
+void plat_sdei_setup(void)
+{
+ INFO("SDEI platform setup\n");
+}
+
+/* Export ARM SDEI events */
+REGISTER_SDEI_MAP(versal_net_sdei_private, versal_net_sdei_shared);