Merge changes from topic "for-lts-v2.12.1" into lts-v2.12
* changes:
fix(rd1ae): fix rd1-ae device tree
feat(rd1ae): add Generic Timer in device tree
docs(rd1ae): update documentation to include BL32
feat(rd1ae): add support for OP-TEE SPMC
feat(mbedtls): mbedtls config update for v3.6.2
docs(prerequisites): update mbedtls to version 3.6.2
refactor(mbedtls): rename default mbedtls confs
fix(cpus): workaround for Neoverse-V3 erratum 3701767
fix(cpus): workaround for Neoverse-N3 erratum 3699563
fix(cpus): workaround for Neoverse-N2 erratum 3701773
fix(cpus): workaround for Cortex-X925 erratum 3701747
fix(cpus): workaround for Cortex-X4 erratum 3701758
fix(cpus): workaround for Cortex-X3 erratum 3701769
fix(cpus): workaround for Cortex-X2 erratum 3701772
fix(cpus): workaround for Cortex-A725 erratum 3699564
fix(cpus): workaround for Cortex-A720-AE erratum 3699562
fix(cpus): workaround for Cortex-A720 erratum 3699561
fix(cpus): workaround for Cortex-A715 erratum 3699560
fix(cpus): workaround for Cortex-A710 erratum 3701772
fix(cpus): workaround for accessing ICH_VMCR_EL2
chore(cpus): fix incorrect header macro
fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus
fix(security): add support in cpu_ops for CVE-2024-7881
fix(security): add CVE-2024-7881 mitigation to Cortex-X3
fix(security): add CVE-2024-7881 mitigation to Neoverse-V3
fix(security): add CVE-2024-7881 mitigation to Neoverse-V2
fix(security): add CVE-2024-7881 mitigation to Cortex-X925
fix(security): add CVE-2024-7881 mitigation to Cortex-X4
fix(security): enable WORKAROUND_CVE_2024_7881 build option
fix(cpus): workaround for CVE-2024-5660 for Cortex-X925
fix(cpus): workaround for CVE-2024-5660 for Cortex-X2
fix(cpus): workaround for CVE-2024-5660 for Cortex-A77
fix(cpus): workaround for CVE-2024-5660 for Neoverse-V1
fix(cpus): workaround for CVE-2024-5660 for Cortex-A78_AE
fix(cpus): workaround for CVE-2024-5660 for Cortex-A78C
fix(cpus): workaround for CVE-2024-5660 for Cortex-A78
fix(cpus): workaround for CVE-2024-5660 for Cortex-X1
fix(cpus): workaround for CVE-2024-5660 for Neoverse-N2
fix(cpus): workaround for CVE-2024-5660 for Cortex-A710
fix(cpus): workaround for CVE-2024-5660 for Neoverse-V2
fix(cpus): workaround for CVE-2024-5660 for Cortex-X3
fix(cpus): workaround for CVE-2024-5660 for Neoverse-V3
fix(cpus): workaround for CVE-2024-5660 for Cortex-X4
fix(cpus): workaround for Cortex-X4 erratum 2923985
fix(build): do not force PLAT in plat_helpers.mk
chore(deps): update pytest for cot-dt2c
chore(deps): bump jinja2
chore(deps): bump jinja2 in the pip group across 1 directory
chore(deps): bump the pip group across 2 directories with 1 update
build(deps): bump setuptools in the pip group across 1 directory
chore(deps): bump micromatch
diff --git a/Makefile b/Makefile
index e4a1f31..edd9f6e 100644
--- a/Makefile
+++ b/Makefile
@@ -32,6 +32,7 @@
################################################################################
include ${MAKE_HELPERS_DIRECTORY}defaults.mk
+PLAT := ${DEFAULT_PLAT}
include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk
# To be able to set platform specific defaults
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index fda43dc..4637908 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -33,6 +33,15 @@
This build option should be set to 1 if the target platform contains at
least 1 CPU that requires this mitigation. Defaults to 1.
+- ``WORKAROUND_CVE_2024_5660``: Enables mitigation for `CVE-2024-5660`.
+ The fix is to disable hardware page aggregation by setting CPUECTLR_EL1[46]
+ in EL3 FW. This build option should be set to 1 if the target platform contains
+ at least 1 CPU that requires this mitigation. Defaults to 1.
+
+- ``WORKAROUND_CVE_2024_7881``: Enables mitigation for `CVE-2024-7881`.
+ This build option should be set to 1 if the target platform contains at
+ least 1 CPU that requires this mitigation. Defaults to 1.
+
.. _arm_cpu_macros_errata_workarounds:
CPU Errata Workarounds
@@ -569,6 +578,12 @@
CPU, this affects all configurations. This needs to be enabled for revisions
r0p0 and r0p1. It has been fixed in r0p2.
+For Neoverse V3, the following errata build flags are defined :
+
+- ``ERRATA_V3_3701767``: This applies errata 3701767 workaround to Neoverse-V3
+ CPU. This needs to be enabled for revisions r0p0, r0p1, r0p2 of the CPU and
+ is still open.
+
For Cortex-A710, the following errata build flags are defined :
- ``ERRATA_A710_1987031``: This applies errata 1987031 workaround to
@@ -644,6 +659,10 @@
CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
CPU and is still open.
+- ``ERRATA_A710_3701772``: This applies errata 3701772 workaround to Cortex-A710
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0, r2p1 of the
+ CPU and is still open.
+
For Neoverse N2, the following errata build flags are defined :
- ``ERRATA_N2_2002655``: This applies errata 2002655 workaround to Neoverse-N2
@@ -715,6 +734,15 @@
CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2. It is fixed
in r0p3.
+- ``ERRATA_N2_3701773``: This applies errata 3701773 workaround to Neoverse-N2
+ CPU. This needs to be enabled for revisions r0p0, r0p1, r0p2, r0p3 and is
+ still open.
+
+For Neoverse N3, the following errata build flags are defined :
+
+- ``ERRATA_N3_3699563``: This applies errata 3699563 workaround to Neoverse-N3
+ CPU. This needs to be enabled for revisions r0p0 and is still open.
+
For Cortex-X2, the following errata build flags are defined :
- ``ERRATA_X2_2002765``: This applies errata 2002765 workaround to Cortex-X2
@@ -769,6 +797,10 @@
CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
CPU and it is still open.
+- ``ERRATA_X2_3701772``: This applies errata 3701772 workaround to Cortex-X2
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
+ CPU and it is still open.
+
For Cortex-X3, the following errata build flags are defined :
- ``ERRATA_X3_2070301``: This applies errata 2070301 workaround to the Cortex-X3
@@ -816,6 +848,10 @@
CPU. This needs to be enabled only for revisions r0p0, r1p0 and r1p1 of the
CPU. It is fixed in r1p2.
+- ``ERRATA_X3_3701769``: This applies errata 3701769 workaround to Cortex-X3
+ CPU. This needs to be enabled only for revisions r0p0, r1p0, r1p1 and r1p2
+ of the CPU and it is still open.
+
For Cortex-X4, the following errata build flags are defined :
- ``ERRATA_X4_2701112``: This applies erratum 2701112 workaround to Cortex-X4
@@ -843,9 +879,21 @@
- ``ERRATA_X4_2897503``: This applies errata 2897503 workaround to Cortex-X4
CPU. This needs to be enabled for revisions r0p0 and r0p1. It is fixed in r0p2.
+- ``ERRATA_X4_2923985``: This applies errata 2923985 workaround to Cortex-X4
+ CPU. This needs to be enabled for revisions r0p0 and r0p1. It is fixed in r0p2.
+
- ``ERRATA_X4_3076789``: This applies errata 3076789 workaround to Cortex-X4
CPU. This needs to be enabled for revisions r0p0 and r0p1. It is fixed in r0p2.
+- ``ERRATA_X4_3701758``: This applies errata 3701758 workaround to Cortex-X4
+ CPU. This needs to be enabled for revisions r0p0, r0p1, r0p2 and r0p3.
+ It is still open.
+
+For Cortex-X925, the following errata build flags are defined :
+
+- ``ERRATA_X925_3701747``: This applies errata 3701747 workaround to Cortex-X925
+ CPU. This needs to be enabled for revisions r0p0 and r0p1. It is still open.
+
For Cortex-A510, the following errata build flags are defined :
- ``ERRATA_A510_1922240``: This applies errata 1922240 workaround to
@@ -944,6 +992,10 @@
Cortex-A715 CPU. This needs to be enabled for revisions r0p0, r1p0
and r1p1. It is fixed in r1p2.
+- ``ERRATA_A715_3699560``: This applies errata 3699560 workaround to
+ Cortex-A715 CPU. This needs to be enabled for revisions r0p0, r1p0,
+ r1p2, r1p3. It is still open.
+
For Cortex-A720, the following errata build flags are defined :
- ``ERRATA_A720_2792132``: This applies errata 2792132 workaround to
@@ -962,6 +1014,22 @@
Cortex-A720 CPU. This needs to be enabled for revisions r0p0 and r0p1.
It is fixed in r0p2.
+- ``ERRATA_A720_3699561``: This applies errata 3699561 workaround to
+ Cortex-A720 CPU. This needs to be enabled for revisions r0p0, r0p1
+ and r0p2. It is still open.
+
+For Cortex-A720_AE, the following errata build flags are defined :
+
+- ``ERRATA_A720_AE_3699562``: This applies errata 3699562 workaround
+ to Cortex-A715_AE CPU. This needs to be enabled for revisions r0p0.
+ It is still open.
+
+For Cortex-A725, the following errata build flags are defined :
+
+- ``ERRATA_A725_3699564``: This applies errata 3699564 workaround to
+ Cortex-A725 CPU. This needs to be enabled for revisions r0p0 and r0p1.
+ It is fixed in r0p2.
+
DSU Errata Workarounds
----------------------
@@ -1047,7 +1115,7 @@
--------------
-*Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2014-2025, Arm Limited and Contributors. All rights reserved.*
.. _CVE-2017-5715: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
.. _CVE-2018-3639: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
diff --git a/docs/getting_started/prerequisites.rst b/docs/getting_started/prerequisites.rst
index c414b1f..32c2b39 100644
--- a/docs/getting_started/prerequisites.rst
+++ b/docs/getting_started/prerequisites.rst
@@ -31,7 +31,7 @@
Clang/LLVM 18.1.8
Device Tree Compiler 1.6.1
GNU make 3.81
-mbed TLS\ [#f1]_ 3.6.1
+mbed TLS\ [#f1]_ 3.6.2
Node.js [#f2]_ 16
OpenSSL 1.0.0
Poetry 1.3.2
diff --git a/docs/plat/arm/automotive_rd/index.rst b/docs/plat/arm/automotive_rd/index.rst
index d0db6ac..04ca2b9 100644
--- a/docs/plat/arm/automotive_rd/index.rst
+++ b/docs/plat/arm/automotive_rd/index.rst
@@ -11,15 +11,34 @@
Boot Sequence
-------------
-BL2 –> BL31 –> BL33
+The boot process starts from RSE (Runtime Security Engine) that loads the
+Application Processor (AP) BL2 image and signals the System Control Processor (SCP)
+to power up the AP. The AP then runs AP BL2
-The boot process starts from RSE (Runtime Security Engine) that loads the BL2 image
-and signals the System Control Processor (SCP) to power up the Application Processor (AP).
-The AP then runs BL2, which loads the rest of the images, including the runtime firmware
-BL31, and proceeds to execute it. Finally, it passes control to the non-secure world
-BL33 (u-boot).
+The primary compute boot flow follows the following steps:
-BL2 performs the actions described in the `Trusted Board Boot (TBB)`_ document.
+1. AP BL2:
+
+ * Performs the actions described in the `Trusted Board Boot (TBB)`_ document.
+ * Copies the AP BL31 image from Secure Flash to Secure SRAM
+ * Copies the AP BL32 (OP-TEE) image from Secure Flash to Secure DRAM
+ * Copies the AP BL33 (U-Boot) image from Secure Flash to Normal DRAM
+ * Transfers the execution to AP BL31
+
+2. AP BL31:
+
+ * Initializes Trusted Firmware-A Services
+ * Transfers the execution to AP BL32 and then transfers the execution to AP BL33
+ * During runtime, acts as the Secure Monitor, handling SMC calls,
+ and context switching between secure and non-secure worlds.
+
+3. AP BL32:
+
+ * Initializes OP-TEE environment
+ * Initializes Secure Partitions
+ * Transfers the execution back to AP BL31
+ * During runtime, it facilitates secure communication between the
+ normal world environment (e.g. Linux) and the Trusted Execution Environment.
Build Procedure (TF-A only)
~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -41,6 +60,9 @@
COT=tbbr \
ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
+ BL32=<path to optee binary> \
+ SPD=spmd \
+ SPMD_SPM_AT_SEL2=0 \
BL33=<path to u-boot binary> \
*Copyright (c) 2024, Arm Limited. All rights reserved.*
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 765491e..b3c4c91 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -25,9 +25,9 @@
# Specify mbed TLS configuration file
ifeq (${PSA_CRYPTO},1)
- MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
+ MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/default_psa_mbedtls_config.h>"
else
- MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-3.h>"
+ MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/default_mbedtls_config.h>"
endif
$(eval $(call add_define,MBEDTLS_CONFIG_FILE))
diff --git a/fdts/rd1ae.dts b/fdts/rd1ae.dts
index 3060b5a..26eaa65 100644
--- a/fdts/rd1ae.dts
+++ b/fdts/rd1ae.dts
@@ -255,10 +255,25 @@
#size-cells = <2>;
ranges;
+ timer@2a810000 {
+ compatible = "arm,armv7-timer-mem";
+ reg = <0x0 0x2a810000 0 0x10000>;
+ #address-cells = <2>;
+ #size-cells = <2>;
+ clock-frequency = <250000000>;
+ ranges;
+
+ frame@2a830000 {
+ frame-number = <0>;
+ interrupts = <GIC_SPI 77 IRQ_TYPE_LEVEL_HIGH>;
+ reg = <0x0 0x2a830000 0x0 0x10000>;
+ };
+ };
+
gic: interrupt-controller@30000000 {
compatible = "arm,gic-v3";
reg = <0x0 0x30000000 0 0x10000>, // GICD
- <0x0 0x301c0000 0 0x8000000>; // GICR
+ <0x0 0x301c0000 0 0x400000>; // GICR
#interrupt-cells = <3>;
#address-cells = <2>;
#size-cells = <2>;
@@ -410,7 +425,7 @@
method = "smc";
cpu_suspend = <0xc4000001>;
cpu_off = <0x84000002>;
- cpu_on = <0x84000003>;
+ cpu_on = <0xc4000003>;
};
};
diff --git a/include/drivers/auth/mbedtls/mbedtls_config-3.h b/include/drivers/auth/mbedtls/default_mbedtls_config.h
similarity index 96%
rename from include/drivers/auth/mbedtls/mbedtls_config-3.h
rename to include/drivers/auth/mbedtls/default_mbedtls_config.h
index 6ed9397..12a5fe1 100644
--- a/include/drivers/auth/mbedtls/mbedtls_config-3.h
+++ b/include/drivers/auth/mbedtls/default_mbedtls_config.h
@@ -11,6 +11,11 @@
*/
/*
+ * This file is compatible with versions >= 3.6.2
+ */
+#define MBEDTLS_CONFIG_VERSION 0x03060200
+
+/*
* Key algorithms currently supported on mbed TLS libraries
*/
#define TF_MBEDTLS_RSA 1
diff --git a/include/drivers/auth/mbedtls/psa_mbedtls_config.h b/include/drivers/auth/mbedtls/default_psa_mbedtls_config.h
similarity index 95%
rename from include/drivers/auth/mbedtls/psa_mbedtls_config.h
rename to include/drivers/auth/mbedtls/default_psa_mbedtls_config.h
index 1001d89..8926051 100644
--- a/include/drivers/auth/mbedtls/psa_mbedtls_config.h
+++ b/include/drivers/auth/mbedtls/default_psa_mbedtls_config.h
@@ -7,7 +7,7 @@
#ifndef PSA_MBEDTLS_CONFIG_H
#define PSA_MBEDTLS_CONFIG_H
-#include "mbedtls_config-3.h"
+#include "default_mbedtls_config.h"
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
diff --git a/include/lib/cpus/aarch64/cortex_a710.h b/include/lib/cpus/aarch64/cortex_a710.h
index 9df8d47..650193c 100644
--- a/include/lib/cpus/aarch64/cortex_a710.h
+++ b/include/lib/cpus/aarch64/cortex_a710.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -67,4 +67,8 @@
#define CORTEX_A710_CPUPOR_EL3 S3_6_C15_C8_2
#define CORTEX_A710_CPUPMR_EL3 S3_6_C15_C8_3
+#ifndef __ASSEMBLER__
+long check_erratum_cortex_a710_3701772(long cpu_rev);
+#endif /* __ASSEMBLER__ */
+
#endif /* CORTEX_A710_H */
diff --git a/include/lib/cpus/aarch64/cortex_a715.h b/include/lib/cpus/aarch64/cortex_a715.h
index c7f50db..e9bd886 100644
--- a/include/lib/cpus/aarch64/cortex_a715.h
+++ b/include/lib/cpus/aarch64/cortex_a715.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -38,4 +38,8 @@
#define CORTEX_A715_CPUPWRCTLR_EL1 S3_0_C15_C2_7
#define CORTEX_A715_CPUPWRCTLR_EL1_CORE_PWRDN_BIT U(1)
+#ifndef __ASSEMBLER__
+long check_erratum_cortex_a715_3699560(long cpu_rev);
+#endif /* __ASSEMBLER__ */
+
#endif /* CORTEX_A715_H */
diff --git a/include/lib/cpus/aarch64/cortex_a720.h b/include/lib/cpus/aarch64/cortex_a720.h
index 129c1ee..670438f 100644
--- a/include/lib/cpus/aarch64/cortex_a720.h
+++ b/include/lib/cpus/aarch64/cortex_a720.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -38,4 +38,8 @@
#define CORTEX_A720_CPUPWRCTLR_EL1 S3_0_C15_C2_7
#define CORTEX_A720_CPUPWRCTLR_EL1_CORE_PWRDN_BIT U(1)
+#ifndef __ASSEMBLER__
+long check_erratum_cortex_a720_3699561(long cpu_rev);
+#endif /* __ASSEMBLER__ */
+
#endif /* CORTEX_A720_H */
diff --git a/include/lib/cpus/aarch64/cortex_a720_ae.h b/include/lib/cpus/aarch64/cortex_a720_ae.h
index c88b1f9..cc9c3b0 100644
--- a/include/lib/cpus/aarch64/cortex_a720_ae.h
+++ b/include/lib/cpus/aarch64/cortex_a720_ae.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2024-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -20,4 +20,8 @@
#define CORTEX_A720_AE_CPUPWRCTLR_EL1 S3_0_C15_C2_7
#define CORTEX_A720_AE_CPUPWRCTLR_EL1_CORE_PWRDN_BIT U(1)
+#ifndef __ASSEMBLER__
+long check_erratum_cortex_a720_ae_3699562(long cpu_rev);
+#endif /* __ASSEMBLER__ */
+
#endif /* CORTEX_A720_AE_H */
diff --git a/include/lib/cpus/aarch64/cortex_a725.h b/include/lib/cpus/aarch64/cortex_a725.h
index cb1c099..20488dd 100644
--- a/include/lib/cpus/aarch64/cortex_a725.h
+++ b/include/lib/cpus/aarch64/cortex_a725.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,4 +21,8 @@
#define CORTEX_A725_CPUPWRCTLR_EL1 S3_0_C15_C2_7
#define CORTEX_A725_CPUPWRCTLR_EL1_CORE_PWRDN_BIT U(1)
+#ifndef __ASSEMBLER__
+long check_erratum_cortex_a725_3699564(long cpu_rev);
+#endif /* __ASSEMBLER__ */
+
#endif /* CORTEX_A725_H */
diff --git a/include/lib/cpus/aarch64/cortex_x2.h b/include/lib/cpus/aarch64/cortex_x2.h
index 0f97b1e..9ec5177 100644
--- a/include/lib/cpus/aarch64/cortex_x2.h
+++ b/include/lib/cpus/aarch64/cortex_x2.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -64,4 +64,8 @@
#define CORTEX_X2_IMP_CPUPOR_EL3 S3_6_C15_C8_2
#define CORTEX_X2_IMP_CPUPMR_EL3 S3_6_C15_C8_3
+#ifndef __ASSEMBLER__
+long check_erratum_cortex_x2_3701772(long cpu_rev);
+#endif /* __ASSEMBLER__ */
+
#endif /* CORTEX_X2_H */
diff --git a/include/lib/cpus/aarch64/cortex_x3.h b/include/lib/cpus/aarch64/cortex_x3.h
index c5f820c..8834db1 100644
--- a/include/lib/cpus/aarch64/cortex_x3.h
+++ b/include/lib/cpus/aarch64/cortex_x3.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -63,4 +63,8 @@
#define CORTEX_X3_CPUACTLR3_EL1 S3_0_C15_C1_2
#define CORTEX_X3_CPUACTLR3_EL1_BIT_47 (ULL(1) << 47)
+#ifndef __ASSEMBLER__
+long check_erratum_cortex_x3_3701769(long cpu_rev);
+#endif /* __ASSEMBLER__ */
+
#endif /* CORTEX_X3_H */
diff --git a/include/lib/cpus/aarch64/cortex_x4.h b/include/lib/cpus/aarch64/cortex_x4.h
index f701216..8ef830a 100644
--- a/include/lib/cpus/aarch64/cortex_x4.h
+++ b/include/lib/cpus/aarch64/cortex_x4.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -36,6 +36,11 @@
#define CORTEX_X4_CPUACTLR5_EL1 S3_0_C15_C8_0
#define CORTEX_X4_CPUACTLR5_EL1_BIT_14 (ULL(1) << 14)
+/*******************************************************************************
+ * CPU Auxiliary control register 6 specific definitions
+ ******************************************************************************/
+#define CORTEX_X4_CPUACTLR6_EL1 S3_0_C15_C8_1
+
#ifndef __ASSEMBLER__
#if ERRATA_X4_2726228
long check_erratum_cortex_x4_2726228(long cpu_rev);
@@ -45,6 +50,8 @@
return 0;
}
#endif /* ERRATA_X4_2726228 */
+
+long check_erratum_cortex_x4_3701758(long cpu_rev);
#endif /* __ASSEMBLER__ */
#endif /* CORTEX_X4_H */
diff --git a/include/lib/cpus/aarch64/cortex_x925.h b/include/lib/cpus/aarch64/cortex_x925.h
index b0d0ca4..170afbf 100644
--- a/include/lib/cpus/aarch64/cortex_x925.h
+++ b/include/lib/cpus/aarch64/cortex_x925.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,4 +21,13 @@
#define CORTEX_X925_CPUPWRCTLR_EL1 S3_0_C15_C2_7
#define CORTEX_X925_CPUPWRCTLR_EL1_CORE_PWRDN_BIT U(1)
+/*******************************************************************************
+ * CPU Auxiliary control register 6 specific definitions
+ ******************************************************************************/
+#define CORTEX_X925_CPUACTLR6_EL1 S3_0_C15_C8_1
+
+#ifndef __ASSEMBLER__
+long check_erratum_cortex_x925_3701747(long cpu_rev);
+#endif /* __ASSEMBLER__ */
+
#endif /* CORTEX_X925_H */
diff --git a/include/lib/cpus/aarch64/cpu_macros.S b/include/lib/cpus/aarch64/cpu_macros.S
index 5e92934..0ce9c3c 100644
--- a/include/lib/cpus/aarch64/cpu_macros.S
+++ b/include/lib/cpus/aarch64/cpu_macros.S
@@ -63,6 +63,10 @@
* This is a placeholder for future per CPU operations. Currently,
* some CPUs use this entry to set a test function to determine if
* the workaround for CVE-2022-23960 needs to be applied or not.
+ * _extra4:
+ * This is a placeholder for future per CPU operations. Currently,
+ * some CPUs use this entry to set a test function to determine if
+ * the workaround for CVE-2024-7881 needs to be applied or not.
* _e_handler:
* This is a placeholder for future per CPU exception handlers.
* _power_down_ops:
@@ -75,7 +79,8 @@
* used to handle power down at subsequent levels
*/
.macro declare_cpu_ops_base _name:req, _midr:req, _resetfunc:req, \
- _extra1:req, _extra2:req, _extra3:req, _e_handler:req, _power_down_ops:vararg
+ _extra1:req, _extra2:req, _extra3:req, _extra4:req, \
+ _e_handler:req, _power_down_ops:vararg
.section .cpu_ops, "a"
.align 3
.type cpu_ops_\_name, %object
@@ -86,6 +91,7 @@
.quad \_extra1
.quad \_extra2
.quad \_extra3
+ .quad \_extra4
.quad \_e_handler
#ifdef IMAGE_BL31
/* Insert list of functions */
@@ -148,21 +154,28 @@
.macro declare_cpu_ops _name:req, _midr:req, _resetfunc:req, \
_power_down_ops:vararg
- declare_cpu_ops_base \_name, \_midr, \_resetfunc, 0, 0, 0, 0, \
+ declare_cpu_ops_base \_name, \_midr, \_resetfunc, 0, 0, 0, 0, 0, \
\_power_down_ops
.endm
.macro declare_cpu_ops_eh _name:req, _midr:req, _resetfunc:req, \
_e_handler:req, _power_down_ops:vararg
declare_cpu_ops_base \_name, \_midr, \_resetfunc, \
- 0, 0, 0, \_e_handler, \_power_down_ops
+ 0, 0, 0, 0, \_e_handler, \_power_down_ops
.endm
.macro declare_cpu_ops_wa _name:req, _midr:req, \
_resetfunc:req, _extra1:req, _extra2:req, \
_extra3:req, _power_down_ops:vararg
declare_cpu_ops_base \_name, \_midr, \_resetfunc, \
- \_extra1, \_extra2, \_extra3, 0, \_power_down_ops
+ \_extra1, \_extra2, \_extra3, 0, 0, \_power_down_ops
+ .endm
+
+ .macro declare_cpu_ops_wa_4 _name:req, _midr:req, \
+ _resetfunc:req, _extra1:req, _extra2:req, \
+ _extra3:req, _extra4:req, _power_down_ops:vararg
+ declare_cpu_ops_base \_name, \_midr, \_resetfunc, \
+ \_extra1, \_extra2, \_extra3, \_extra4, 0, \_power_down_ops
.endm
/*
diff --git a/include/lib/cpus/aarch64/neoverse_n2.h b/include/lib/cpus/aarch64/neoverse_n2.h
index b379fab..f5837d4 100644
--- a/include/lib/cpus/aarch64/neoverse_n2.h
+++ b/include/lib/cpus/aarch64/neoverse_n2.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -69,4 +69,8 @@
#define CPUECTLR2_EL1_TXREQ_LSB U(0)
#define CPUECTLR2_EL1_TXREQ_WIDTH U(3)
+#ifndef __ASSEMBLER__
+long check_erratum_neoverse_n2_3701773(long cpu_rev);
+#endif /* __ASSEMBLER__ */
+
#endif /* NEOVERSE_N2_H */
diff --git a/include/lib/cpus/aarch64/neoverse_n3.h b/include/lib/cpus/aarch64/neoverse_n3.h
index 9196330..24988aa 100644
--- a/include/lib/cpus/aarch64/neoverse_n3.h
+++ b/include/lib/cpus/aarch64/neoverse_n3.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,4 +21,8 @@
#define NEOVERSE_N3_CPUPWRCTLR_EL1 S3_0_C15_C2_7
#define NEOVERSE_N3_CPUPWRCTLR_EL1_CORE_PWRDN_BIT U(1)
+#ifndef __ASSEMBLER__
+long check_erratum_neoverse_n3_3699563(long cpu_rev);
+#endif /* __ASSEMBLER__ */
+
#endif /* NEOVERSE_N3_H */
diff --git a/include/lib/cpus/aarch64/neoverse_v2.h b/include/lib/cpus/aarch64/neoverse_v2.h
index 1171e95..427cafa 100644
--- a/include/lib/cpus/aarch64/neoverse_v2.h
+++ b/include/lib/cpus/aarch64/neoverse_v2.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -58,4 +58,9 @@
#define NEOVERSE_V2_CPUACTLR5_EL1_BIT_56 (ULL(1) << 56)
#define NEOVERSE_V2_CPUACTLR5_EL1_BIT_55 (ULL(1) << 55)
+/*******************************************************************************
+ * CPU Auxiliary control register 6 specific definitions
+ ******************************************************************************/
+#define NEOVERSE_V2_CPUACTLR6_EL1 S3_0_C15_C8_1
+
#endif /* NEOVERSE_V2_H */
diff --git a/include/lib/cpus/aarch64/neoverse_v3.h b/include/lib/cpus/aarch64/neoverse_v3.h
index e5f75ba..5a828c0 100644
--- a/include/lib/cpus/aarch64/neoverse_v3.h
+++ b/include/lib/cpus/aarch64/neoverse_v3.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,7 +22,16 @@
/*******************************************************************************
* CPU Power Control register specific definitions
******************************************************************************/
-#define NEOVERSE_V3_CPUPWRCTLR_EL1 S3_0_C15_C2_7
+#define NEOVERSE_V3_CPUPWRCTLR_EL1 S3_0_C15_C2_7
#define NEOVERSE_V3_CPUPWRCTLR_EL1_CORE_PWRDN_BIT U(1)
+/*******************************************************************************
+ * CPU Auxiliary control register 6 specific definitions
+ ******************************************************************************/
+#define NEOVERSE_V3_CPUACTLR6_EL1 S3_0_C15_C8_1
+
+#ifndef __ASSEMBLER__
+long check_erratum_neoverse_v3_3701767(long cpu_rev);
+#endif /* __ASSEMBLER__ */
+
#endif /* NEOVERSE_V3_H */
diff --git a/include/lib/cpus/cpu_ops.h b/include/lib/cpus/cpu_ops.h
index 0084189..c1bdf8d 100644
--- a/include/lib/cpus/cpu_ops.h
+++ b/include/lib/cpus/cpu_ops.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023-2024, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2023-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -28,6 +28,7 @@
#define CPU_NO_EXTRA1_FUNC 0
#define CPU_NO_EXTRA2_FUNC 0
#define CPU_NO_EXTRA3_FUNC 0
+#define CPU_NO_EXTRA4_FUNC 0
#endif /* __aarch64__ */
@@ -45,6 +46,7 @@
#define CPU_EXTRA1_FUNC_SIZE CPU_WORD_SIZE
#define CPU_EXTRA2_FUNC_SIZE CPU_WORD_SIZE
#define CPU_EXTRA3_FUNC_SIZE CPU_WORD_SIZE
+#define CPU_EXTRA4_FUNC_SIZE CPU_WORD_SIZE
#define CPU_E_HANDLER_FUNC_SIZE CPU_WORD_SIZE
/* The power down core and cluster is needed only in BL31 and BL32 */
#if defined(IMAGE_BL31) || defined(IMAGE_BL32)
@@ -89,7 +91,8 @@
#define CPU_EXTRA1_FUNC CPU_RESET_FUNC + CPU_RESET_FUNC_SIZE
#define CPU_EXTRA2_FUNC CPU_EXTRA1_FUNC + CPU_EXTRA1_FUNC_SIZE
#define CPU_EXTRA3_FUNC CPU_EXTRA2_FUNC + CPU_EXTRA2_FUNC_SIZE
-#define CPU_E_HANDLER_FUNC CPU_EXTRA3_FUNC + CPU_EXTRA3_FUNC_SIZE
+#define CPU_EXTRA4_FUNC CPU_EXTRA3_FUNC + CPU_EXTRA3_FUNC_SIZE
+#define CPU_E_HANDLER_FUNC CPU_EXTRA4_FUNC + CPU_EXTRA4_FUNC_SIZE
#define CPU_PWR_DWN_OPS CPU_E_HANDLER_FUNC + CPU_E_HANDLER_FUNC_SIZE
#else
#define CPU_PWR_DWN_OPS CPU_RESET_FUNC + CPU_RESET_FUNC_SIZE
@@ -119,6 +122,7 @@
void (*extra1_func)(void);
void (*extra2_func)(void);
void (*extra3_func)(void);
+ void (*extra4_func)(void);
void (*e_handler_func)(long es);
#endif /* __aarch64__ */
#if (defined(IMAGE_BL31) || defined(IMAGE_BL32)) && CPU_MAX_PWR_DWN_OPS
diff --git a/include/lib/cpus/errata.h b/include/lib/cpus/errata.h
index 2c31515..b9166f7 100644
--- a/include/lib/cpus/errata.h
+++ b/include/lib/cpus/errata.h
@@ -1,15 +1,14 @@
/*
- * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
-#ifndef ERRATA_REPORT_H
-#define ERRATA_REPORT_H
+#ifndef ERRATA_H
+#define ERRATA_H
#include <lib/cpus/cpu_ops.h>
-
#define ERRATUM_WA_FUNC_SIZE CPU_WORD_SIZE
#define ERRATUM_CHECK_FUNC_SIZE CPU_WORD_SIZE
#define ERRATUM_ID_SIZE 4
@@ -35,19 +34,6 @@
void print_errata_status(void);
-#if ERRATA_A75_764081
-bool errata_a75_764081_applies(void);
-#else
-static inline bool errata_a75_764081_applies(void)
-{
- return false;
-}
-#endif
-
-#if ERRATA_A520_2938996 || ERRATA_X4_2726228
-unsigned int check_if_affected_core(void);
-#endif
-
/*
* NOTE that this structure will be different on AArch32 and AArch64. The
* uintptr_t will reflect the change and the alignment will be correct in both.
@@ -66,6 +52,26 @@
CASSERT(sizeof(struct erratum_entry) == ERRATUM_ENTRY_SIZE,
assert_erratum_entry_asm_c_different_sizes);
+
+/*
+ * Runtime errata helpers.
+ */
+#if ERRATA_A75_764081
+bool errata_a75_764081_applies(void);
+#else
+static inline bool errata_a75_764081_applies(void)
+{
+ return false;
+}
+#endif
+
+#if ERRATA_A520_2938996 || ERRATA_X4_2726228
+unsigned int check_if_affected_core(void);
+#endif
+
+int check_wa_cve_2024_7881(void);
+bool errata_ich_vmcr_el2_applies(void);
+
#else
/*
@@ -94,4 +100,4 @@
/* Macro to get CPU revision code for checking errata version compatibility. */
#define CPU_REV(r, p) ((r << 4) | p)
-#endif /* ERRATA_REPORT_H */
+#endif /* ERRATA_H */
diff --git a/include/services/arm_arch_svc.h b/include/services/arm_arch_svc.h
index 645b388..85b6b83 100644
--- a/include/services/arm_arch_svc.h
+++ b/include/services/arm_arch_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,7 @@
#define SMCCC_ARCH_WORKAROUND_1 U(0x80008000)
#define SMCCC_ARCH_WORKAROUND_2 U(0x80007FFF)
#define SMCCC_ARCH_WORKAROUND_3 U(0x80003FFF)
+#define SMCCC_ARCH_WORKAROUND_4 U(0x80000004)
#define SMCCC_GET_SOC_VERSION U(0)
#define SMCCC_GET_SOC_REVISION U(1)
diff --git a/lib/cpus/aarch64/cortex_a710.S b/lib/cpus/aarch64/cortex_a710.S
index b9f6081..71ed6db 100644
--- a/lib/cpus/aarch64/cortex_a710.S
+++ b/lib/cpus/aarch64/cortex_a710.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,10 +22,19 @@
#error "Cortex A710 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+.global check_erratum_cortex_a710_3701772
+
#if WORKAROUND_CVE_2022_23960
wa_cve_2022_23960_bhb_vector_table CORTEX_A710_BHB_LOOP_COUNT, cortex_a710
#endif /* WORKAROUND_CVE_2022_23960 */
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start cortex_a710, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set CORTEX_A710_CPUECTLR_EL1, BIT(46)
+workaround_reset_end cortex_a710, CVE(2024, 5660)
+
+check_erratum_ls cortex_a710, CVE(2024, 5660), CPU_REV(2, 1)
+
workaround_reset_start cortex_a710, ERRATUM(1987031), ERRATA_A710_1987031
ldr x0,=0x6
msr S3_6_c15_c8_0,x0
@@ -211,6 +220,10 @@
check_erratum_chosen cortex_a710, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
+add_erratum_entry cortex_a710, ERRATUM(3701772), ERRATA_A710_3701772, NO_APPLY_AT_RESET
+
+check_erratum_ls cortex_a710, ERRATUM(3701772), CPU_REV(2, 1)
+
/* ----------------------------------------------------
* HW will do the cache maintenance while powering down
* ----------------------------------------------------
diff --git a/lib/cpus/aarch64/cortex_a715.S b/lib/cpus/aarch64/cortex_a715.S
index 8c9988d..fbc73ed 100644
--- a/lib/cpus/aarch64/cortex_a715.S
+++ b/lib/cpus/aarch64/cortex_a715.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,6 +22,8 @@
#error "Cortex-A715 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+.global check_erratum_cortex_a715_3699560
+
#if WORKAROUND_CVE_2022_23960
wa_cve_2022_23960_bhb_vector_table CORTEX_A715_BHB_LOOP_COUNT, cortex_a715
#endif /* WORKAROUND_CVE_2022_23960 */
@@ -127,6 +129,10 @@
check_erratum_chosen cortex_a715, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
+add_erratum_entry cortex_a715, ERRATUM(3699560), ERRATA_A715_3699560, NO_APPLY_AT_RESET
+
+check_erratum_ls cortex_a715, ERRATUM(3699560), CPU_REV(1, 3)
+
cpu_reset_func_start cortex_a715
/* Disable speculative loads */
msr SSBS, xzr
diff --git a/lib/cpus/aarch64/cortex_a720.S b/lib/cpus/aarch64/cortex_a720.S
index 9befb36..ab2c12f 100644
--- a/lib/cpus/aarch64/cortex_a720.S
+++ b/lib/cpus/aarch64/cortex_a720.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,6 +22,8 @@
#error "Cortex A720 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+.global check_erratum_cortex_a720_3699561
+
#if WORKAROUND_CVE_2022_23960
wa_cve_2022_23960_bhb_vector_table CORTEX_A720_BHB_LOOP_COUNT, cortex_a720
#endif /* WORKAROUND_CVE_2022_23960 */
@@ -72,6 +74,10 @@
check_erratum_chosen cortex_a720, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
+add_erratum_entry cortex_a720, ERRATUM(3699561), ERRATA_A720_3699561, NO_APPLY_AT_RESET
+
+check_erratum_ls cortex_a720, ERRATUM(3699561), CPU_REV(0, 2)
+
cpu_reset_func_start cortex_a720
/* Disable speculative loads */
msr SSBS, xzr
diff --git a/lib/cpus/aarch64/cortex_a720_ae.S b/lib/cpus/aarch64/cortex_a720_ae.S
index 42d49c3..57a5030 100644
--- a/lib/cpus/aarch64/cortex_a720_ae.S
+++ b/lib/cpus/aarch64/cortex_a720_ae.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2024-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,6 +21,12 @@
#error "Cortex-A720AE supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+.global check_erratum_cortex_a720_ae_3699562
+
+add_erratum_entry cortex_a720_ae, ERRATUM(3699562), ERRATA_A720_AE_3699562, NO_APPLY_AT_RESET
+
+check_erratum_ls cortex_a720_ae, ERRATUM(3699562), CPU_REV(0, 0)
+
cpu_reset_func_start cortex_a720_ae
/* Disable speculative loads */
msr SSBS, xzr
diff --git a/lib/cpus/aarch64/cortex_a725.S b/lib/cpus/aarch64/cortex_a725.S
index af98d14..c4d6034 100644
--- a/lib/cpus/aarch64/cortex_a725.S
+++ b/lib/cpus/aarch64/cortex_a725.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,6 +21,12 @@
#error "Cortex-A725 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+.global check_erratum_cortex_a725_3699564
+
+add_erratum_entry cortex_a725, ERRATUM(3699564), ERRATA_A725_3699564, NO_APPLY_AT_RESET
+
+check_erratum_ls cortex_a725, ERRATUM(3699564), CPU_REV(0, 1)
+
cpu_reset_func_start cortex_a725
/* Disable speculative loads */
msr SSBS, xzr
diff --git a/lib/cpus/aarch64/cortex_a77.S b/lib/cpus/aarch64/cortex_a77.S
index f53b646..766bdc0 100644
--- a/lib/cpus/aarch64/cortex_a77.S
+++ b/lib/cpus/aarch64/cortex_a77.S
@@ -26,6 +26,13 @@
wa_cve_2022_23960_bhb_vector_table CORTEX_A77_BHB_LOOP_COUNT, cortex_a77
#endif /* WORKAROUND_CVE_2022_23960 */
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start cortex_a77, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set CORTEX_A77_CPUECTLR_EL1, BIT(46)
+workaround_reset_end cortex_a77, CVE(2024, 5660)
+
+check_erratum_ls cortex_a77, CVE(2024, 5660), CPU_REV(1, 1)
+
workaround_reset_start cortex_a77, ERRATUM(1508412), ERRATA_A77_1508412
/* move cpu revision in again and compare against r0p0 */
mov x0, x7
diff --git a/lib/cpus/aarch64/cortex_a78.S b/lib/cpus/aarch64/cortex_a78.S
index 1de570a..9f2ffdf 100644
--- a/lib/cpus/aarch64/cortex_a78.S
+++ b/lib/cpus/aarch64/cortex_a78.S
@@ -24,6 +24,13 @@
wa_cve_2022_23960_bhb_vector_table CORTEX_A78_BHB_LOOP_COUNT, cortex_a78
#endif /* WORKAROUND_CVE_2022_23960 */
+/* Disable hardware page aggregation.Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start cortex_a78, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set CORTEX_A78_CPUECTLR_EL1, BIT(46)
+workaround_reset_end cortex_a78, CVE(2024, 5660)
+
+check_erratum_ls cortex_a78, CVE(2024, 5660), CPU_REV(1, 2)
+
workaround_reset_start cortex_a78, ERRATUM(1688305), ERRATA_A78_1688305
sysreg_bit_set CORTEX_A78_ACTLR2_EL1, CORTEX_A78_ACTLR2_EL1_BIT_1
workaround_reset_end cortex_a78, ERRATUM(1688305)
diff --git a/lib/cpus/aarch64/cortex_a78_ae.S b/lib/cpus/aarch64/cortex_a78_ae.S
index bc10186..7fa1f9b 100644
--- a/lib/cpus/aarch64/cortex_a78_ae.S
+++ b/lib/cpus/aarch64/cortex_a78_ae.S
@@ -22,6 +22,13 @@
wa_cve_2022_23960_bhb_vector_table CORTEX_A78_AE_BHB_LOOP_COUNT, cortex_a78_ae
#endif /* WORKAROUND_CVE_2022_23960 */
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start cortex_a78_ae, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set CORTEX_A78_AE_CPUECTLR_EL1, BIT(46)
+workaround_reset_end cortex_a78_ae, CVE(2024, 5660)
+
+check_erratum_ls cortex_a78_ae, CVE(2024, 5660), CPU_REV(0, 3)
+
workaround_reset_start cortex_a78_ae, ERRATUM(1941500), ERRATA_A78_AE_1941500
sysreg_bit_set CORTEX_A78_AE_CPUECTLR_EL1, CORTEX_A78_AE_CPUECTLR_EL1_BIT_8
workaround_reset_end cortex_a78_ae, ERRATUM(1941500)
diff --git a/lib/cpus/aarch64/cortex_a78c.S b/lib/cpus/aarch64/cortex_a78c.S
index 260cc73..3f6944a 100644
--- a/lib/cpus/aarch64/cortex_a78c.S
+++ b/lib/cpus/aarch64/cortex_a78c.S
@@ -21,6 +21,13 @@
wa_cve_2022_23960_bhb_vector_table CORTEX_A78C_BHB_LOOP_COUNT, cortex_a78c
#endif /* WORKAROUND_CVE_2022_23960 */
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start cortex_a78c, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set CORTEX_A78C_CPUECTLR_EL1, BIT(46)
+workaround_reset_end cortex_a78c, CVE(2024, 5660)
+
+check_erratum_ls cortex_a78c, CVE(2024, 5660), CPU_REV(0, 2)
+
workaround_reset_start cortex_a78c, ERRATUM(1827430), ERRATA_A78C_1827430
/* Disable allocation of splintered pages in the L2 TLB */
sysreg_bit_set CORTEX_A78C_CPUECTLR_EL1, CORTEX_A78C_CPUECTLR_EL1_MM_ASP_EN
diff --git a/lib/cpus/aarch64/cortex_x1.S b/lib/cpus/aarch64/cortex_x1.S
index ca6cac9..5bd020c 100644
--- a/lib/cpus/aarch64/cortex_x1.S
+++ b/lib/cpus/aarch64/cortex_x1.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Google LLC. All rights reserved.
+ * Copyright (c) 2022-2024, Google LLC. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -23,6 +23,13 @@
wa_cve_2022_23960_bhb_vector_table CORTEX_X1_BHB_LOOP_COUNT, cortex_x1
#endif /* WORKAROUND_CVE_2022_23960 */
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start cortex_x1, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set CORTEX_X1_CPUECTLR_EL1, BIT(46)
+workaround_reset_end cortex_x1, CVE(2024, 5660)
+
+check_erratum_ls cortex_x1, CVE(2024, 5660), CPU_REV(1, 2)
+
workaround_reset_start cortex_x1, ERRATUM(1688305), ERRATA_X1_1688305
sysreg_bit_set CORTEX_X1_ACTLR2_EL1, BIT(1)
workaround_reset_end cortex_x1, ERRATUM(1688305)
diff --git a/lib/cpus/aarch64/cortex_x2.S b/lib/cpus/aarch64/cortex_x2.S
index ac60903..c18ce3c 100644
--- a/lib/cpus/aarch64/cortex_x2.S
+++ b/lib/cpus/aarch64/cortex_x2.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,10 +22,23 @@
#error "Cortex X2 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+.global check_erratum_cortex_x2_3701772
+
+add_erratum_entry cortex_x2, ERRATUM(3701772), ERRATA_X2_3701772, NO_APPLY_AT_RESET
+
+check_erratum_ls cortex_x2, ERRATUM(3701772), CPU_REV(2, 1)
+
#if WORKAROUND_CVE_2022_23960
wa_cve_2022_23960_bhb_vector_table CORTEX_X2_BHB_LOOP_COUNT, cortex_x2
#endif /* WORKAROUND_CVE_2022_23960 */
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start cortex_x2, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set CORTEX_X2_CPUECTLR_EL1, BIT(46)
+workaround_reset_end cortex_x2, CVE(2024, 5660)
+
+check_erratum_ls cortex_x2, CVE(2024, 5660), CPU_REV(2, 1)
+
workaround_reset_start cortex_x2, ERRATUM(2002765), ERRATA_X2_2002765
ldr x0, =0x6
msr S3_6_C15_C8_0, x0 /* CPUPSELR_EL3 */
diff --git a/lib/cpus/aarch64/cortex_x3.S b/lib/cpus/aarch64/cortex_x3.S
index a81c4cf..24dbf9d 100644
--- a/lib/cpus/aarch64/cortex_x3.S
+++ b/lib/cpus/aarch64/cortex_x3.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,10 +22,23 @@
#error "Cortex-X3 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+.global check_erratum_cortex_x3_3701769
+
+add_erratum_entry cortex_x3, ERRATUM(3701769), ERRATA_X3_3701769, NO_APPLY_AT_RESET
+
+check_erratum_ls cortex_x3, ERRATUM(3701769), CPU_REV(1, 2)
+
#if WORKAROUND_CVE_2022_23960
wa_cve_2022_23960_bhb_vector_table CORTEX_X3_BHB_LOOP_COUNT, cortex_x3
#endif /* WORKAROUND_CVE_2022_23960 */
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start cortex_x3, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set CORTEX_X3_CPUECTLR_EL1, BIT(46)
+workaround_reset_end cortex_x3, CVE(2024, 5660)
+
+check_erratum_ls cortex_x3, CVE(2024, 5660), CPU_REV(1, 2)
+
workaround_reset_start cortex_x3, ERRATUM(2070301), ERRATA_X3_2070301
sysreg_bitfield_insert CORTEX_X3_CPUECTLR2_EL1, CORTEX_X3_CPUECTLR2_EL1_PF_MODE_CNSRV, \
CORTEX_X3_CPUECTLR2_EL1_PF_MODE_LSB, CORTEX_X3_CPUECTLR2_EL1_PF_MODE_WIDTH
@@ -104,6 +117,17 @@
check_erratum_chosen cortex_x3, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
+workaround_reset_start cortex_x3, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
+ /* ---------------------------------
+ * Sets BIT41 of CPUACTLR6_EL1 which
+ * disables L1 Data cache prefetcher
+ * ---------------------------------
+ */
+ sysreg_bit_set CORTEX_X3_CPUACTLR6_EL1, BIT(41)
+workaround_reset_end cortex_x3, CVE(2024, 7881)
+
+check_erratum_chosen cortex_x3, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
+
cpu_reset_func_start cortex_x3
/* Disable speculative loads */
msr SSBS, xzr
@@ -144,6 +168,10 @@
ret
endfunc cortex_x3_cpu_reg_dump
-declare_cpu_ops cortex_x3, CORTEX_X3_MIDR, \
+declare_cpu_ops_wa_4 cortex_x3, CORTEX_X3_MIDR, \
cortex_x3_reset_func, \
+ CPU_NO_EXTRA1_FUNC, \
+ CPU_NO_EXTRA2_FUNC, \
+ CPU_NO_EXTRA3_FUNC, \
+ check_erratum_cortex_x3_7881, \
cortex_x3_core_pwr_dwn
diff --git a/lib/cpus/aarch64/cortex_x4.S b/lib/cpus/aarch64/cortex_x4.S
index 320fd90..fded73f 100644
--- a/lib/cpus/aarch64/cortex_x4.S
+++ b/lib/cpus/aarch64/cortex_x4.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -23,6 +23,7 @@
#endif
.global check_erratum_cortex_x4_2726228
+.global check_erratum_cortex_x4_3701758
#if WORKAROUND_CVE_2022_23960
wa_cve_2022_23960_bhb_vector_table CORTEX_X4_BHB_LOOP_COUNT, cortex_x4
@@ -46,6 +47,13 @@
ret
check_erratum_custom_end cortex_x4, ERRATUM(2726228)
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start cortex_x4, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set CORTEX_X4_CPUECTLR_EL1, BIT(46)
+workaround_reset_end cortex_x4, CVE(2024, 5660)
+
+check_erratum_ls cortex_x4, CVE(2024, 5660), CPU_REV(0, 2)
+
workaround_runtime_start cortex_x4, ERRATUM(2740089), ERRATA_X4_2740089
/* dsb before isb of power down sequence */
dsb sy
@@ -75,6 +83,12 @@
check_erratum_ls cortex_x4, ERRATUM(2897503), CPU_REV(0, 1)
+workaround_reset_start cortex_x4, ERRATUM(2923985), ERRATA_X4_2923985
+ sysreg_bit_set CORTEX_X4_CPUACTLR4_EL1, (BIT(11) | BIT(10))
+workaround_reset_end cortex_x4, ERRATUM(2923985)
+
+check_erratum_ls cortex_x4, ERRATUM(2923985), CPU_REV(0, 1)
+
workaround_reset_start cortex_x4, ERRATUM(3076789), ERRATA_X4_3076789
sysreg_bit_set CORTEX_X4_CPUACTLR3_EL1, BIT(14)
sysreg_bit_set CORTEX_X4_CPUACTLR3_EL1, BIT(13)
@@ -95,6 +109,21 @@
check_erratum_chosen cortex_x4, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
+workaround_reset_start cortex_x4, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
+ /* ---------------------------------
+ * Sets BIT41 of CPUACTLR6_EL1 which
+ * disables L1 Data cache prefetcher
+ * ---------------------------------
+ */
+ sysreg_bit_set CORTEX_X4_CPUACTLR6_EL1, BIT(41)
+workaround_reset_end cortex_x4, CVE(2024, 7881)
+
+check_erratum_chosen cortex_x4, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
+
+add_erratum_entry cortex_x4, ERRATUM(3701758), ERRATA_X4_3701758, NO_APPLY_AT_RESET
+
+check_erratum_ls cortex_x4, ERRATUM(3701758), CPU_REV(0, 3)
+
cpu_reset_func_start cortex_x4
/* Disable speculative loads */
msr SSBS, xzr
@@ -136,6 +165,10 @@
ret
endfunc cortex_x4_cpu_reg_dump
-declare_cpu_ops cortex_x4, CORTEX_X4_MIDR, \
+declare_cpu_ops_wa_4 cortex_x4, CORTEX_X4_MIDR, \
cortex_x4_reset_func, \
+ CPU_NO_EXTRA1_FUNC, \
+ CPU_NO_EXTRA2_FUNC, \
+ CPU_NO_EXTRA3_FUNC, \
+ check_erratum_cortex_x4_7881, \
cortex_x4_core_pwr_dwn
diff --git a/lib/cpus/aarch64/cortex_x925.S b/lib/cpus/aarch64/cortex_x925.S
index 8109ffb..e2e70dd 100644
--- a/lib/cpus/aarch64/cortex_x925.S
+++ b/lib/cpus/aarch64/cortex_x925.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,6 +21,30 @@
#error "Cortex-X925 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+.global check_erratum_cortex_x925_3701747
+
+add_erratum_entry cortex_x925, ERRATUM(3701747), ERRATA_X925_3701747, NO_APPLY_AT_RESET
+
+check_erratum_ls cortex_x925, ERRATUM(3701747), CPU_REV(0, 1)
+
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start cortex_x925, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set CORTEX_X925_CPUECTLR_EL1, BIT(46)
+workaround_reset_end cortex_x925, CVE(2024, 5660)
+
+check_erratum_ls cortex_x925, CVE(2024, 5660), CPU_REV(0, 1)
+
+workaround_reset_start cortex_x925, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
+ /* ---------------------------------
+ * Sets BIT41 of CPUACTLR6_EL1 which
+ * disables L1 Data cache prefetcher
+ * ---------------------------------
+ */
+ sysreg_bit_set CORTEX_X925_CPUACTLR6_EL1, BIT(41)
+workaround_reset_end cortex_x925, CVE(2024, 7881)
+
+check_erratum_chosen cortex_x925, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
+
cpu_reset_func_start cortex_x925
/* Disable speculative loads */
msr SSBS, xzr
@@ -59,6 +83,10 @@
ret
endfunc cortex_x925_cpu_reg_dump
-declare_cpu_ops cortex_x925, CORTEX_X925_MIDR, \
+declare_cpu_ops_wa_4 cortex_x925, CORTEX_X925_MIDR, \
cortex_x925_reset_func, \
+ CPU_NO_EXTRA1_FUNC, \
+ CPU_NO_EXTRA2_FUNC, \
+ CPU_NO_EXTRA3_FUNC, \
+ check_erratum_cortex_x925_7881, \
cortex_x925_core_pwr_dwn
diff --git a/lib/cpus/aarch64/cpu_helpers.S b/lib/cpus/aarch64/cpu_helpers.S
index 3aa4f15..0f9a3b8 100644
--- a/lib/cpus/aarch64/cpu_helpers.S
+++ b/lib/cpus/aarch64/cpu_helpers.S
@@ -327,6 +327,43 @@
endfunc check_wa_cve_2017_5715
/*
+ * int check_wa_cve_2024_7881(void);
+ *
+ * This function returns:
+ * - ERRATA_APPLIES when firmware mitigation is required.
+ * - ERRATA_NOT_APPLIES when firmware mitigation is _not_ required.
+ * - ERRATA_MISSING when firmware mitigation would be required but
+ * is not compiled in.
+ *
+ * NOTE: Must be called only after cpu_ops have been initialized
+ * in per-CPU data.
+ */
+.globl check_wa_cve_2024_7881
+func check_wa_cve_2024_7881
+ mrs x0, tpidr_el3
+#if ENABLE_ASSERTIONS
+ cmp x0, #0
+ ASM_ASSERT(ne)
+#endif
+ ldr x0, [x0, #CPU_DATA_CPU_OPS_PTR]
+#if ENABLE_ASSERTIONS
+ cmp x0, #0
+ ASM_ASSERT(ne)
+#endif
+ ldr x0, [x0, #CPU_EXTRA4_FUNC]
+ /*
+ * If the reserved function pointer is NULL, this CPU
+ * is unaffected by CVE-2024-7881 so bail out.
+ */
+ cmp x0, #CPU_NO_EXTRA4_FUNC
+ beq 1f
+ br x0
+1:
+ mov x0, #ERRATA_NOT_APPLIES
+ ret
+endfunc check_wa_cve_2024_7881
+
+/*
* void *wa_cve_2018_3639_get_disable_ptr(void);
*
* Returns a function pointer which is used to disable mitigation
diff --git a/lib/cpus/aarch64/neoverse_n2.S b/lib/cpus/aarch64/neoverse_n2.S
index d2237f1..3df3839 100644
--- a/lib/cpus/aarch64/neoverse_n2.S
+++ b/lib/cpus/aarch64/neoverse_n2.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -20,6 +20,12 @@
#error "Neoverse-N2 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+.global check_erratum_neoverse_n2_3701773
+
+add_erratum_entry neoverse_n2, ERRATUM(3701773), ERRATA_N2_3701773, NO_APPLY_AT_RESET
+
+check_erratum_ls neoverse_n2, ERRATUM(3701773), CPU_REV(0, 3)
+
#if WORKAROUND_CVE_2022_23960
wa_cve_2022_23960_bhb_vector_table NEOVERSE_N2_BHB_LOOP_COUNT, neoverse_n2
#endif /* WORKAROUND_CVE_2022_23960 */
@@ -34,6 +40,13 @@
.equ erratum_neoverse_n2_2313941_wa, errata_dsu_2313941_wa
add_erratum_entry neoverse_n2, ERRATUM(2313941), ERRATA_DSU_2313941, APPLY_AT_RESET
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start neoverse_n2, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set NEOVERSE_N2_CPUECTLR_EL1, BIT(46)
+workaround_reset_end neoverse_n2, CVE(2024, 5660)
+
+check_erratum_ls neoverse_n2, CVE(2024, 5660), CPU_REV(0, 3)
+
workaround_reset_start neoverse_n2, ERRATUM(2002655), ERRATA_N2_2002655
/* Apply instruction patching sequence */
ldr x0,=0x6
diff --git a/lib/cpus/aarch64/neoverse_n3.S b/lib/cpus/aarch64/neoverse_n3.S
index d96c9d4..8abcafe 100644
--- a/lib/cpus/aarch64/neoverse_n3.S
+++ b/lib/cpus/aarch64/neoverse_n3.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,6 +21,12 @@
#error "Neoverse-N3 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+.global check_erratum_neoverse_n3_3699563
+
+add_erratum_entry neoverse_n3, ERRATUM(3699563), ERRATA_N3_3699563, NO_APPLY_AT_RESET
+
+check_erratum_ls neoverse_n3, ERRATUM(3699563), CPU_REV(0, 0)
+
cpu_reset_func_start neoverse_n3
/* Disable speculative loads */
msr SSBS, xzr
diff --git a/lib/cpus/aarch64/neoverse_v1.S b/lib/cpus/aarch64/neoverse_v1.S
index 1ec3e94..d1a2c24 100644
--- a/lib/cpus/aarch64/neoverse_v1.S
+++ b/lib/cpus/aarch64/neoverse_v1.S
@@ -26,6 +26,13 @@
wa_cve_2022_23960_bhb_vector_table NEOVERSE_V1_BHB_LOOP_COUNT, neoverse_v1
#endif /* WORKAROUND_CVE_2022_23960 */
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start neoverse_v1, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set NEOVERSE_V1_CPUECTLR_EL1, BIT(46)
+workaround_reset_end neoverse_v1, CVE(2024, 5660)
+
+check_erratum_ls neoverse_v1, CVE(2024, 5660), CPU_REV(1, 2)
+
workaround_reset_start neoverse_v1, ERRATUM(1618635), ERRATA_V1_1618635
/* Inserts a DMB SY before and after MRS PAR_EL1 */
ldr x0, =0x0
diff --git a/lib/cpus/aarch64/neoverse_v2.S b/lib/cpus/aarch64/neoverse_v2.S
index ca66f8d..b43f6dd 100644
--- a/lib/cpus/aarch64/neoverse_v2.S
+++ b/lib/cpus/aarch64/neoverse_v2.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,6 +22,13 @@
#error "Neoverse V2 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start neoverse_v2, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set NEOVERSE_V2_CPUECTLR_EL1, BIT(46)
+workaround_reset_end neoverse_v2, CVE(2024, 5660)
+
+check_erratum_ls neoverse_v2, CVE(2024, 5660), CPU_REV(0, 2)
+
workaround_reset_start neoverse_v2, ERRATUM(2331132), ERRATA_V2_2331132
sysreg_bitfield_insert NEOVERSE_V2_CPUECTLR2_EL1, NEOVERSE_V2_CPUECTLR2_EL1_PF_MODE_CNSRV, \
NEOVERSE_V2_CPUECTLR2_EL1_PF_MODE_LSB, NEOVERSE_V2_CPUECTLR2_EL1_PF_MODE_WIDTH
@@ -90,6 +97,17 @@
wa_cve_2022_23960_bhb_vector_table NEOVERSE_V2_BHB_LOOP_COUNT, neoverse_v2
#endif /* WORKAROUND_CVE_2022_23960 */
+workaround_reset_start neoverse_v2, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
+ /* ---------------------------------
+ * Sets BIT41 of CPUACTLR6_EL1 which
+ * disables L1 Data cache prefetcher
+ * ---------------------------------
+ */
+ sysreg_bit_set NEOVERSE_V2_CPUACTLR6_EL1, BIT(41)
+workaround_reset_end neoverse_v2, CVE(2024, 7881)
+
+check_erratum_chosen neoverse_v2, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
+
/* ----------------------------------------------------
* HW will do the cache maintenance while powering down
* ----------------------------------------------------
@@ -135,6 +153,10 @@
ret
endfunc neoverse_v2_cpu_reg_dump
-declare_cpu_ops neoverse_v2, NEOVERSE_V2_MIDR, \
+declare_cpu_ops_wa_4 neoverse_v2, NEOVERSE_V2_MIDR, \
neoverse_v2_reset_func, \
+ CPU_NO_EXTRA1_FUNC, \
+ CPU_NO_EXTRA2_FUNC, \
+ CPU_NO_EXTRA3_FUNC, \
+ check_erratum_neoverse_v2_7881, \
neoverse_v2_core_pwr_dwn
diff --git a/lib/cpus/aarch64/neoverse_v3.S b/lib/cpus/aarch64/neoverse_v3.S
index 01ac38f..7fe2d7f 100644
--- a/lib/cpus/aarch64/neoverse_v3.S
+++ b/lib/cpus/aarch64/neoverse_v3.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,10 +22,23 @@
#error "Neoverse V3 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+.global check_erratum_neoverse_v3_3701767
+
+add_erratum_entry neoverse_v3, ERRATUM(3701767), ERRATA_V3_3701767, NO_APPLY_AT_RESET
+
+check_erratum_ls neoverse_v3, ERRATUM(3701767), CPU_REV(0, 2)
+
#if WORKAROUND_CVE_2022_23960
wa_cve_2022_23960_bhb_vector_table NEOVERSE_V3_BHB_LOOP_COUNT, neoverse_v3
#endif /* WORKAROUND_CVE_2022_23960 */
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start neoverse_v3, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+ sysreg_bit_set NEOVERSE_V3_CPUECTLR_EL1, BIT(46)
+workaround_reset_end neoverse_v3, CVE(2024, 5660)
+
+check_erratum_ls neoverse_v3, CVE(2024, 5660), CPU_REV(0, 1)
+
workaround_reset_start neoverse_v3, CVE(2022,23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
/*
@@ -39,6 +52,17 @@
check_erratum_chosen neoverse_v3, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
+workaround_reset_start neoverse_v3, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
+ /* ---------------------------------
+ * Sets BIT41 of CPUACTLR6_EL1 which
+ * disables L1 Data cache prefetcher
+ * ---------------------------------
+ */
+ sysreg_bit_set NEOVERSE_V3_CPUACTLR6_EL1, BIT(41)
+workaround_reset_end neoverse_v3, CVE(2024, 7881)
+
+check_erratum_chosen neoverse_v3, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
+
/* ---------------------------------------------
* HW will do the cache maintenance while powering down
* ---------------------------------------------
@@ -83,6 +107,10 @@
neoverse_v3_reset_func, \
neoverse_v3_core_pwr_dwn
-declare_cpu_ops neoverse_v3, NEOVERSE_V3_MIDR, \
+declare_cpu_ops_wa_4 neoverse_v3, NEOVERSE_V3_MIDR, \
neoverse_v3_reset_func, \
+ CPU_NO_EXTRA1_FUNC, \
+ CPU_NO_EXTRA2_FUNC, \
+ CPU_NO_EXTRA3_FUNC, \
+ check_erratum_neoverse_v3_7881, \
neoverse_v3_core_pwr_dwn
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 4c20785..fb904e2 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2014-2025, Arm Limited and Contributors. All rights reserved.
# Copyright (c) 2020-2022, NVIDIA Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
@@ -32,6 +32,14 @@
CPU_FLAG_LIST += DYNAMIC_WORKAROUND_CVE_2018_3639
WORKAROUND_CVE_2022_23960 ?=1
CPU_FLAG_LIST += WORKAROUND_CVE_2022_23960
+WORKAROUND_CVE_2024_7881 ?=1
+CPU_FLAG_LIST += WORKAROUND_CVE_2024_7881
+
+# Flag to disable Hardware page aggregation(HPA).
+# This flag is enabled by default.
+WORKAROUND_CVE_2024_5660 ?=1
+CPU_FLAG_LIST += WORKAROUND_CVE_2024_5660
+
# Flags to indicate internal or external Last level cache
# By default internal
@@ -556,6 +564,11 @@
# still open.
CPU_FLAG_LIST += ERRATA_V1_2779461
+# Flag to apply erratum 3701767 workaround during context save/restore of
+# ICH_VMCR_EL2 reg. This erratum applies to revisions r0p0, r0p1 and r0p2 of
+# the Neoverse V3 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_V3_3701767
+
# Flag to apply erratum 1987031 workaround during reset. This erratum applies
# to revisions r0p0, r1p0 and r2p0 of the Cortex-A710 cpu and is still open.
CPU_FLAG_LIST += ERRATA_A710_1987031
@@ -634,6 +647,11 @@
# open.
CPU_FLAG_LIST += ERRATA_A710_2778471
+# Flag to apply erratum 3701772 workaround during context save/restore of
+# ICH_VMCR_EL2 reg. This erratum applies to revisions r0p0, r1p0, r2p0, r2p1
+# of the Cortex-A710 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_A710_3701772
+
# Flag to apply erratum 2002655 workaround during reset. This erratum applies
# to revisions r0p0 of the Neoverse-N2 cpu and is fixed in r0p1.
CPU_FLAG_LIST += ERRATA_N2_2002655
@@ -715,6 +733,16 @@
# to r0p0, r0p1, r0p2 of the Neoverse N2 cpu, it is fixed in r0p3.
CPU_FLAG_LIST += ERRATA_N2_2779511
+# Flag to apply erratum 3701773 workaround during context save/restore of
+# ICH_VMCR_EL2 reg. This erratum applies to revisions r0p0, r0p1, r0p2 and r0p3
+# of the Neoverse N2 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_N2_3701773
+
+# Flag to apply erratum 3699563 workaround during context save/restore of
+# ICH_VMCR_EL2 reg. This erratum applies to revision r0p0 of the Neoverse N3
+# cpu and is still open.
+CPU_FLAG_LIST += ERRATA_N3_3699563
+
# Flag to apply erratum 2002765 workaround during reset. This erratum applies
# to revisions r0p0, r1p0, and r2p0 of the Cortex-X2 cpu and is still open.
CPU_FLAG_LIST += ERRATA_X2_2002765
@@ -773,6 +801,11 @@
# to revisions r0p0, r1p0, r2p0, r2p1 of the Cortex-X2 cpu and it is still open.
CPU_FLAG_LIST += ERRATA_X2_2778471
+# Flag to apply erratum 3701772 workaround during context save/restore of
+# ICH_VMCR_EL2 reg. This erratum applies to revisions r0p0, r1p0, r2p0 and r2p1
+# of the Cortex-X2 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_X2_3701772
+
# Flag to apply erratum 2070301 workaround on reset. This erratum applies
# to revisions r0p0, r1p0, r1p1 and r1p2 of the Cortex-X3 cpu and is
# still open.
@@ -814,6 +847,11 @@
# to revisions r0p0, r1p0 and r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_X3_2743088
+# Flag to apply erratum 3701769 workaround during context save/restore of
+# ICH_VMCR_EL2 reg. This erratum applies to revisions r0p0, r1p0, r1p1 and r1p2
+# of the Cortex-X3 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_X3_3701769
+
# Flag to apply erratum 2779509 workaround on reset. This erratum applies
# to revisions r0p0, r1p0, r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_X3_2779509
@@ -843,10 +881,24 @@
# to revisions r0p0 and r0p1 of the Cortex-X4 cpu. It is fixed in r0p2.
CPU_FLAG_LIST += ERRATA_X4_2897503
+# Flag to apply erratum 2923985 workaround on reset. This erratum applies
+# to revisions r0p0 and r0p1 of the Cortex-X4 cpu. It is fixed in r0p2.
+CPU_FLAG_LIST += ERRATA_X4_2923985
+
# Flag to apply erratum 3076789 workaround on reset. This erratum applies
# to revisions r0p0 and r0p1 of the Cortex-X4 cpu. It is fixed in r0p2.
CPU_FLAG_LIST += ERRATA_X4_3076789
+# Flag to apply erratum 3701758 workaround during context save/restore of
+# ICH_VMCR_EL2 reg. This erratum applies to revisions r0p0, r0p1, r0p2 and r0p3
+# of the Cortex-X4 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_X4_3701758
+
+# Flag to apply erratum 3701747 workaround during context save/restore of
+# ICH_VMCR_EL2 reg. This erratum applies to revisions r0p0, r0p1 of the
+# Cortex-X925 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_X925_3701747
+
# Flag to apply erratum 1922240 workaround during reset. This erratum applies
# to revision r0p0 of the Cortex-A510 cpu and is fixed in r0p1.
CPU_FLAG_LIST += ERRATA_A510_1922240
@@ -972,6 +1024,11 @@
# only to revision r0p0, r1p0 and r1p1. It is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_A715_2728106
+# Flag to apply erratum 3699560 workaround during context save/restore of
+# ICH_VMCR_EL2 reg. This erratum applies to revisions r0p0, r1p0, r1p2, r1p3
+# of the Cortex-A715 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_A715_3699560
+
# Flag to apply erratum 2792132 workaround during reset. This erratum applies
# to revisions r0p0 and r0p1. It is fixed in r0p2.
CPU_FLAG_LIST += ERRATA_A720_2792132
@@ -988,12 +1045,27 @@
# to revisions r0p0 and r0p1. It is fixed in r0p2.
CPU_FLAG_LIST += ERRATA_A720_2940794
+# Flag to apply erratum 3699561 workaround during context save/restore of
+# ICH_VMCR_EL2 reg. This erratum applies to revisions r0p0, r0p1, r0p2 of
+# the Cortex-A720 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_A720_3699561
+
+# Flag to apply erratum 3699562 workaround during context save/restore of
+# ICH_VMCR_EL2 reg. This erratum applies to revision r0p0 the Cortex-A720-AE
+# cpu and is still open.
+CPU_FLAG_LIST += ERRATA_A720_AE_3699562
+
+# Flag to apply erratum 3699564 workaround during context save/restore of
+# ICH_VMCR_EL2 reg. This erratum applies to revisions r0p0, r0p1 of
+# the Cortex-A725 cpu and is fixed in r0p2
+CPU_FLAG_LIST += ERRATA_A725_3699564
+
# Flag to apply DSU erratum 798953. This erratum applies to DSUs revision r0p0.
# Applying the workaround results in higher DSU power consumption on idle.
CPU_FLAG_LIST += ERRATA_DSU_798953
# Flag to apply DSU erratum 936184. This erratum applies to DSUs containing
-# the ACP interface and revision < r2p0. Applying the workaround results in
+# the ACP interface and revision < r0p0. Applying the workaround results in
# higher DSU power consumption on idle.
CPU_FLAG_LIST += ERRATA_DSU_936184
diff --git a/lib/cpus/errata_common.c b/lib/cpus/errata_common.c
index a4515a9..a391430 100644
--- a/lib/cpus/errata_common.c
+++ b/lib/cpus/errata_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2024-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,11 +8,22 @@
#include <arch.h>
#include <arch_helpers.h>
-#include <cortex_a520.h>
-#include <cortex_x4.h>
#include <cortex_a75.h>
+#include <cortex_a520.h>
+#include <cortex_a710.h>
+#include <cortex_a715.h>
+#include <cortex_a720.h>
+#include <cortex_a720_ae.h>
+#include <cortex_a725.h>
+#include <cortex_x2.h>
+#include <cortex_x3.h>
+#include <cortex_x4.h>
+#include <cortex_x925.h>
#include <lib/cpus/cpu_ops.h>
#include <lib/cpus/errata.h>
+#include <neoverse_n2.h>
+#include <neoverse_n3.h>
+#include <neoverse_v3.h>
#if ERRATA_A520_2938996 || ERRATA_X4_2726228
unsigned int check_if_affected_core(void)
@@ -40,3 +51,97 @@
return false;
}
#endif /* ERRATA_A75_764081 */
+
+bool errata_ich_vmcr_el2_applies(void)
+{
+ switch (EXTRACT_PARTNUM(read_midr())) {
+#if ERRATA_A710_3701772
+ case EXTRACT_PARTNUM(CORTEX_A710_MIDR):
+ if (check_erratum_cortex_a710_3701772(cpu_get_rev_var()) == ERRATA_APPLIES)
+ return true;
+ break;
+#endif /* ERRATA_A710_3701772 */
+
+#if ERRATA_A715_3699560
+ case EXTRACT_PARTNUM(CORTEX_A715_MIDR):
+ if (check_erratum_cortex_a715_3699560(cpu_get_rev_var()) == ERRATA_APPLIES)
+ return true;
+ break;
+#endif /* ERRATA_A715_3699560 */
+
+#if ERRATA_A720_3699561
+ case EXTRACT_PARTNUM(CORTEX_A720_MIDR):
+ if (check_erratum_cortex_a720_3699561(cpu_get_rev_var()) == ERRATA_APPLIES)
+ return true;;
+ break;
+#endif /* ERRATA_A720_3699561 */
+
+#if ERRATA_A720_AE_3699562
+ case EXTRACT_PARTNUM(CORTEX_A720_AE_MIDR):
+ if (check_erratum_cortex_a720_ae_3699562(cpu_get_rev_var()) == ERRATA_APPLIES)
+ return true;
+ break;
+#endif /* ERRATA_A720_AE_3699562 */
+
+#if ERRATA_A725_3699564
+ case EXTRACT_PARTNUM(CORTEX_A725_MIDR):
+ if (check_erratum_cortex_a725_3699564(cpu_get_rev_var()) == ERRATA_APPLIES)
+ return true;
+ break;
+#endif /* ERRATA_A725_3699564 */
+
+#if ERRATA_X2_3701772
+ case EXTRACT_PARTNUM(CORTEX_X2_MIDR):
+ if (check_erratum_cortex_x2_3701772(cpu_get_rev_var()) == ERRATA_APPLIES)
+ return true;
+ break;
+#endif /* ERRATA_X2_3701772 */
+
+#if ERRATA_X3_3701769
+ case EXTRACT_PARTNUM(CORTEX_X3_MIDR):
+ if (check_erratum_cortex_x3_3701769(cpu_get_rev_var()) == ERRATA_APPLIES)
+ return true;
+ break;
+#endif /* ERRATA_X3_3701769 */
+
+#if ERRATA_X4_3701758
+ case EXTRACT_PARTNUM(CORTEX_X4_MIDR):
+ if (check_erratum_cortex_x4_3701758(cpu_get_rev_var()) == ERRATA_APPLIES)
+ return true;
+ break;
+#endif /* ERRATA_X4_3701758 */
+
+#if ERRATA_X925_3701747
+ case EXTRACT_PARTNUM(CORTEX_X925_MIDR):
+ if (check_erratum_cortex_x925_3701747(cpu_get_rev_var()) == ERRATA_APPLIES)
+ return true;
+ break;
+#endif /* ERRATA_X925_3701747 */
+
+#if ERRATA_N2_3701773
+ case EXTRACT_PARTNUM(NEOVERSE_N2_MIDR):
+ if (check_erratum_neoverse_n2_3701773(cpu_get_rev_var()) == ERRATA_APPLIES)
+ return true;
+ break;
+#endif /* ERRATA_N2_3701773 */
+
+#if ERRATA_N3_3699563
+ case EXTRACT_PARTNUM(NEOVERSE_N3_MIDR):
+ if (check_erratum_neoverse_n3_3699563(cpu_get_rev_var()) == ERRATA_APPLIES)
+ return true;
+ break;
+#endif /* ERRATA_N3_3699563 */
+
+#if ERRATA_V3_3701767
+ case EXTRACT_PARTNUM(NEOVERSE_V3_MIDR):
+ if (check_erratum_neoverse_v3_3701767(cpu_get_rev_var()) == ERRATA_APPLIES)
+ return true;
+ break;
+#endif /* ERRATA_V3_3701767 */
+
+ default:
+ break;
+ }
+
+ return false;
+}
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 4ae1306..7e64966 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2022, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -1279,12 +1279,13 @@
* SCR_EL3.NS = 1 before accessing this register.
* ---------------------------------------------------------------------------
*/
-static void el2_sysregs_context_save_gic(el2_sysregs_t *ctx)
+static void el2_sysregs_context_save_gic(el2_sysregs_t *ctx, uint32_t security_state)
{
+ u_register_t scr_el3 = read_scr_el3();
+
#if defined(SPD_spmd) && SPMD_SPM_AT_SEL2
write_el2_ctx_common(ctx, icc_sre_el2, read_icc_sre_el2());
#else
- u_register_t scr_el3 = read_scr_el3();
write_scr_el3(scr_el3 | SCR_NS_BIT);
isb();
@@ -1294,15 +1295,31 @@
isb();
#endif
write_el2_ctx_common(ctx, ich_hcr_el2, read_ich_hcr_el2());
+
+ if (errata_ich_vmcr_el2_applies()) {
+ if (security_state == SECURE) {
+ write_scr_el3(scr_el3 & ~SCR_NS_BIT);
+ } else {
+ write_scr_el3(scr_el3 | SCR_NS_BIT);
+ }
+ isb();
+ }
+
write_el2_ctx_common(ctx, ich_vmcr_el2, read_ich_vmcr_el2());
+
+ if (errata_ich_vmcr_el2_applies()) {
+ write_scr_el3(scr_el3);
+ isb();
+ }
}
-static void el2_sysregs_context_restore_gic(el2_sysregs_t *ctx)
+static void el2_sysregs_context_restore_gic(el2_sysregs_t *ctx, uint32_t security_state)
{
+ u_register_t scr_el3 = read_scr_el3();
+
#if defined(SPD_spmd) && SPMD_SPM_AT_SEL2
write_icc_sre_el2(read_el2_ctx_common(ctx, icc_sre_el2));
#else
- u_register_t scr_el3 = read_scr_el3();
write_scr_el3(scr_el3 | SCR_NS_BIT);
isb();
@@ -1312,7 +1329,22 @@
isb();
#endif
write_ich_hcr_el2(read_el2_ctx_common(ctx, ich_hcr_el2));
+
+ if (errata_ich_vmcr_el2_applies()) {
+ if (security_state == SECURE) {
+ write_scr_el3(scr_el3 & ~SCR_NS_BIT);
+ } else {
+ write_scr_el3(scr_el3 | SCR_NS_BIT);
+ }
+ isb();
+ }
+
write_ich_vmcr_el2(read_el2_ctx_common(ctx, ich_vmcr_el2));
+
+ if (errata_ich_vmcr_el2_applies()) {
+ write_scr_el3(scr_el3);
+ isb();
+ }
}
/* -----------------------------------------------------
@@ -1404,7 +1436,7 @@
el2_sysregs_ctx = get_el2_sysregs_ctx(ctx);
el2_sysregs_context_save_common(el2_sysregs_ctx);
- el2_sysregs_context_save_gic(el2_sysregs_ctx);
+ el2_sysregs_context_save_gic(el2_sysregs_ctx, security_state);
if (is_feat_mte2_supported()) {
write_el2_ctx_mte2(el2_sysregs_ctx, tfsr_el2, read_tfsr_el2());
@@ -1495,7 +1527,7 @@
el2_sysregs_ctx = get_el2_sysregs_ctx(ctx);
el2_sysregs_context_restore_common(el2_sysregs_ctx);
- el2_sysregs_context_restore_gic(el2_sysregs_ctx);
+ el2_sysregs_context_restore_gic(el2_sysregs_ctx, security_state);
if (is_feat_mte2_supported()) {
write_tfsr_el2(read_el2_ctx_mte2(el2_sysregs_ctx, tfsr_el2));
diff --git a/make_helpers/plat_helpers.mk b/make_helpers/plat_helpers.mk
index bc02a20..9a59fae 100644
--- a/make_helpers/plat_helpers.mk
+++ b/make_helpers/plat_helpers.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2025, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -11,7 +11,6 @@
ifndef PLAT_HELPERS_MK
PLAT_HELPERS_MK := $(lastword $(MAKEFILE_LIST))
- PLAT:= ${DEFAULT_PLAT}
ifeq (${PLAT},)
$(error "Error: Unknown platform. Please use PLAT=<platform name> to specify the platform")
endif
@@ -33,7 +32,7 @@
PLAT_DEFAULTS_MAKEFILE_FULL := $(filter %/${PLAT}/${PLAT_DEFAULTS_MAKEFILE},${ALL_PLATFORM_MK_DEF_FILES})
PLATFORM_LIST := $(subst ${space},|,${ALL_PLATFORMS})
ifeq ($(PLAT_MAKEFILE_FULL),)
- $(error "Error: Invalid platform. The following platforms are available: ${PLATFORM_LIST}")
+ $(error "Error: Invalid platform (${PLAT}). The following platforms are available: ${PLATFORM_LIST}")
endif
# Record the directory where the platform make file was found.
diff --git a/package-lock.json b/package-lock.json
index dd11559..a039bc5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3572,12 +3572,12 @@
"dev": true
},
"node_modules/micromatch": {
- "version": "4.0.5",
- "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
- "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+ "version": "4.0.8",
+ "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
+ "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
"dev": true,
"dependencies": {
- "braces": "^3.0.2",
+ "braces": "^3.0.3",
"picomatch": "^2.3.1"
},
"engines": {
@@ -4903,7 +4903,7 @@
}
},
"tools/conventional-changelog-tf-a": {
- "version": "2.11.0",
+ "version": "2.12.0",
"dev": true,
"license": "BSD-3-Clause",
"dependencies": {
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_fw_config.dts b/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_fw_config.dts
index 53cd3b0..89e30e9 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_fw_config.dts
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_fw_config.dts
@@ -12,6 +12,12 @@
dtb-registry {
compatible = "fconf,dyn_cfg-dtb_registry";
+ tos_fw-config {
+ load-address = <0x0 0x70000>;
+ max-size = <0x1000>;
+ id = <TOS_FW_CONFIG_ID>;
+ };
+
hw-config {
load-address = <0x0 0x83000000>;
max-size = <0x8000>;
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_optee_spmc_manifest.dts b/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_optee_spmc_manifest.dts
new file mode 100644
index 0000000..c28cadf
--- /dev/null
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_optee_spmc_manifest.dts
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+ compatible = "arm,ffa-core-manifest-1.0";
+ #address-cells = <2>;
+ #size-cells = <1>;
+
+ /*
+ * BL32 image details needed by SPMC
+ */
+
+ attribute {
+ spmc_id = <0x8000>;
+ maj_ver = <0x1>;
+ min_ver = <0x0>;
+ exec_state = <0x0>;
+ load_address = <0x0 0xffc00000>;
+ entrypoint = <0x0 0xffc00000>;
+ binary_size = <0x00400000>;
+ };
+};
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h b/plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h
index 44c8ee3..b71be40 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h
@@ -45,6 +45,9 @@
#define PLAT_CSS_MHU_BASE UL(0x2A920000)
#define PLAT_ARM_NSTIMER_FRAME_ID U(0)
+#define PLAT_ARM_SPMC_BASE UL(0xFFC00000)
+#define PLAT_ARM_SPMC_SIZE UL(0x00400000)
+
#define SOC_CSS_SEC_UART_BASE UL(0x2A410000)
#define SOC_CSS_NSEC_UART_BASE UL(0x2A400000)
#define SOC_CSS_UART_SIZE UL(0x10000)
@@ -115,10 +118,14 @@
MT_SECURE)
#define RD1AE_MAP_NS_DRAM1 MAP_REGION_FLAT(ARM_DRAM1_BASE, \
- ARM_DRAM1_SIZE, \
+ ARM_DRAM1_SIZE - PLAT_ARM_SPMC_SIZE, \
MT_MEMORY | MT_RW | \
MT_NS)
+#define RD1AE_MAP_S_DRAM1 MAP_REGION_FLAT(PLAT_ARM_SPMC_BASE, \
+ PLAT_ARM_SPMC_SIZE, \
+ MT_MEMORY | MT_RW | MT_SECURE)
+
#define RD1AE_DEVICE_BASE (0x20000000)
#define RD1AE_DEVICE_SIZE (0x20000000)
#define RD1AE_MAP_DEVICE MAP_REGION_FLAT(RD1AE_DEVICE_BASE, \
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/platform.mk b/plat/arm/board/automotive_rd/platform/rd1ae/platform.mk
index 35cd8a1..6773ae0 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/platform.mk
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/platform.mk
@@ -32,6 +32,7 @@
GIC_ENABLE_V4_EXTN := 1
GICV3_SUPPORT_GIC600 := 1
HW_ASSISTED_COHERENCY := 1
+NEED_BL32 := yes
PLAT_MHU_VERSION := 1
RESET_TO_BL2 := 1
SVE_VECTOR_LEN := 128
@@ -68,15 +69,19 @@
# Add the FDT_SOURCES and options for Dynamic Config
FDT_SOURCES += ${RD1AE_BASE}/fdts/${PLAT}_fw_config.dts \
- fdts/${PLAT}.dts
+ fdts/${PLAT}.dts \
+ ${RD1AE_BASE}/fdts/${PLAT}_optee_spmc_manifest.dts
FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
HW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}.dtb
+TOS_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_optee_spmc_manifest.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the HW_CONFIG to FIP and specify the same to certtool
$(eval $(call TOOL_ADD_PAYLOAD,${HW_CONFIG},--hw-config,${HW_CONFIG}))
+# Add the TOS_FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${TOS_FW_CONFIG},--tos-fw-config,${TOS_FW_CONFIG}))
ifeq (${TRUSTED_BOARD_BOOT},1)
FIP_BL2_ARGS := tb-fw
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl2_mem_params_desc.c b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl2_mem_params_desc.c
index 30cc90f..8d0b96f 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl2_mem_params_desc.c
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl2_mem_params_desc.c
@@ -36,7 +36,7 @@
.image_info.image_base = BL31_BASE,
.image_info.image_max_size = BL31_LIMIT - BL31_BASE,
- .next_handoff_image_id = BL33_IMAGE_ID,
+ .next_handoff_image_id = BL32_IMAGE_ID,
},
/* Fill HW_CONFIG related information */
{
@@ -48,6 +48,30 @@
VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING),
.next_handoff_image_id = INVALID_IMAGE_ID,
},
+ /* Fill BL32 related information */
+ {
+ .image_id = BL32_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t, SECURE | EXECUTABLE),
+ .ep_info.pc = BL32_BASE,
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, 0),
+ .image_info.image_base = BL32_BASE,
+ .image_info.image_max_size = BL32_LIMIT - BL32_BASE,
+
+ .next_handoff_image_id = BL33_IMAGE_ID,
+ },
+ /* Fill TOS_FW_CONFIG related information */
+ {
+ .image_id = TOS_FW_CONFIG_ID,
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
+ VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE),
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
+ VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING),
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
/* Fill BL33 related information */
{
.image_id = BL33_IMAGE_ID,
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl31_setup.c b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl31_setup.c
index ce7bad7..6cfe34a 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl31_setup.c
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl31_setup.c
@@ -26,3 +26,14 @@
{
return css_scmi_override_pm_ops(ops);
}
+
+#if defined(SPD_spmd) && (SPMC_AT_EL3 == 0)
+/*
+ * A dummy implementation of the platform handler for Group0 secure interrupt.
+ */
+int plat_spmd_handle_group0_interrupt(uint32_t intid)
+{
+ (void)intid;
+ return -1;
+}
+#endif /* defined(SPD_spmd) && (SPMC_AT_EL3 == 0) */
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c
index e917330..229ab24 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c
@@ -19,6 +19,7 @@
#if IMAGE_BL2
RD1AE_MAP_NS_DRAM1,
#endif
+ RD1AE_MAP_S_DRAM1,
{0}
};
diff --git a/plat/arm/board/tc/plat_tc_mbedtls_config.h b/plat/arm/board/tc/plat_tc_mbedtls_config.h
index 4fd8b6b..9118b0b 100644
--- a/plat/arm/board/tc/plat_tc_mbedtls_config.h
+++ b/plat/arm/board/tc/plat_tc_mbedtls_config.h
@@ -8,7 +8,7 @@
#define PLAT_TC_MBEDTLS_CONFIG_H
#include <export/lib/utils_def_exp.h>
-#include <mbedtls_config-3.h>
+#include <default_mbedtls_config.h>
#ifndef TF_MBEDTLS_HEAP_SIZE
#error TF_MBEDTLS_HEAP_SIZE is not defined
diff --git a/plat/arm/common/plat_arm_mbedtls_config.h b/plat/arm/common/plat_arm_mbedtls_config.h
index a5d0ec4..c2db595 100644
--- a/plat/arm/common/plat_arm_mbedtls_config.h
+++ b/plat/arm/common/plat_arm_mbedtls_config.h
@@ -7,7 +7,7 @@
#ifndef PLAT_ARM_MBEDTLS_CONFIG_H
#define PLAT_ARM_MBEDTLS_CONFIG_H
-#include <mbedtls_config-3.h>
+#include <default_mbedtls_config.h>
/**
* On Arm platforms, the ROTPK is always hashed using the SHA-256
diff --git a/poetry.lock b/poetry.lock
index 9a90704..4127bcd 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.5 and should not be changed by hand.
[[package]]
name = "alabaster"
@@ -399,13 +399,13 @@
[[package]]
name = "jinja2"
-version = "3.1.4"
+version = "3.1.5"
description = "A very fast and expressive template engine."
optional = false
python-versions = ">=3.7"
files = [
- {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"},
- {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"},
+ {file = "jinja2-3.1.5-py3-none-any.whl", hash = "sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"},
+ {file = "jinja2-3.1.5.tar.gz", hash = "sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb"},
]
[package.dependencies]
@@ -869,23 +869,23 @@
[[package]]
name = "setuptools"
-version = "74.1.2"
+version = "75.3.0"
description = "Easily download, build, install, upgrade, and uninstall Python packages"
optional = false
python-versions = ">=3.8"
files = [
- {file = "setuptools-74.1.2-py3-none-any.whl", hash = "sha256:5f4c08aa4d3ebcb57a50c33b1b07e94315d7fc7230f7115e47fc99776c8ce308"},
- {file = "setuptools-74.1.2.tar.gz", hash = "sha256:95b40ed940a1c67eb70fc099094bd6e99c6ee7c23aa2306f4d2697ba7916f9c6"},
+ {file = "setuptools-75.3.0-py3-none-any.whl", hash = "sha256:f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd"},
+ {file = "setuptools-75.3.0.tar.gz", hash = "sha256:fba5dd4d766e97be1b1681d98712680ae8f2f26d7881245f2ce9e40714f1a686"},
]
[package.extras]
check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)", "ruff (>=0.5.2)"]
-core = ["importlib-metadata (>=6)", "importlib-resources (>=5.10.2)", "jaraco.text (>=3.7)", "more-itertools (>=8.8)", "packaging (>=24)", "platformdirs (>=2.6.2)", "tomli (>=2.0.1)", "wheel (>=0.43.0)"]
+core = ["importlib-metadata (>=6)", "importlib-resources (>=5.10.2)", "jaraco.collections", "jaraco.functools", "jaraco.text (>=3.7)", "more-itertools", "more-itertools (>=8.8)", "packaging", "packaging (>=24)", "platformdirs (>=4.2.2)", "tomli (>=2.0.1)", "wheel (>=0.43.0)"]
cover = ["pytest-cov"]
doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "pyproject-hooks (!=1.1)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (>=1,<2)", "sphinx-reredirects", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
enabler = ["pytest-enabler (>=2.2)"]
-test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "jaraco.test", "packaging (>=23.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-home (>=0.5)", "pytest-perf", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel (>=0.44.0)"]
-type = ["importlib-metadata (>=7.0.2)", "jaraco.develop (>=7.21)", "mypy (==1.11.*)", "pytest-mypy"]
+test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "jaraco.test (>=5.5)", "packaging (>=23.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-home (>=0.5)", "pytest-perf", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel (>=0.44.0)"]
+type = ["importlib-metadata (>=7.0.2)", "jaraco.develop (>=7.21)", "mypy (==1.12.*)", "pytest-mypy"]
[[package]]
name = "shellingham"
@@ -1247,13 +1247,13 @@
[[package]]
name = "virtualenv"
-version = "20.26.4"
+version = "20.26.6"
description = "Virtual Python Environment builder"
optional = false
python-versions = ">=3.7"
files = [
- {file = "virtualenv-20.26.4-py3-none-any.whl", hash = "sha256:48f2695d9809277003f30776d155615ffc11328e6a0a8c1f0ec80188d7874a55"},
- {file = "virtualenv-20.26.4.tar.gz", hash = "sha256:c17f4e0f3e6036e9f26700446f85c76ab11df65ff6d8a9cbfad9f71aabfcf23c"},
+ {file = "virtualenv-20.26.6-py3-none-any.whl", hash = "sha256:7345cc5b25405607a624d8418154577459c3e0277f5466dd79c49d5e492995f2"},
+ {file = "virtualenv-20.26.6.tar.gz", hash = "sha256:280aede09a2a5c317e409a00102e7077c6432c5a38f0ef938e643805a7ad2c48"},
]
[package.dependencies]
diff --git a/services/arm_arch_svc/arm_arch_svc_setup.c b/services/arm_arch_svc/arm_arch_svc_setup.c
index 5456164..740f7e2 100644
--- a/services/arm_arch_svc/arm_arch_svc_setup.c
+++ b/services/arm_arch_svc/arm_arch_svc_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -90,6 +90,15 @@
}
return 0; /* ERRATA_APPLIES || ERRATA_MISSING */
#endif
+
+#if WORKAROUND_CVE_2024_7881
+ case SMCCC_ARCH_WORKAROUND_4:
+ if (check_wa_cve_2024_7881() != ERRATA_APPLIES) {
+ return SMC_ARCH_CALL_NOT_SUPPORTED;
+ }
+ return 0;
+#endif /* WORKAROUND_CVE_2024_7881 */
+
#endif /* __aarch64__ */
/* Fallthrough */
@@ -160,6 +169,15 @@
*/
SMC_RET0(handle);
#endif
+#if WORKAROUND_CVE_2024_7881
+ case SMCCC_ARCH_WORKAROUND_4:
+ /*
+ * The workaround has already been applied on affected PEs
+ * during cold boot. This function has no effect whether PE is
+ * affected or not.
+ */
+ SMC_RET0(handle);
+#endif /* WORKAROUND_CVE_2024_7881 */
#endif /* __aarch64__ */
default:
WARN("Unimplemented Arm Architecture Service Call: 0x%x \n",
diff --git a/tools/cot_dt2c/poetry.lock b/tools/cot_dt2c/poetry.lock
index df58d54..eea96cd 100644
--- a/tools/cot_dt2c/poetry.lock
+++ b/tools/cot_dt2c/poetry.lock
@@ -1,35 +1,6 @@
# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand.
[[package]]
-name = "atomicwrites"
-version = "1.4.1"
-description = "Atomic file writes."
-optional = false
-python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
-files = [
- {file = "atomicwrites-1.4.1.tar.gz", hash = "sha256:81b2c9071a49367a7f770170e5eec8cb66567cfbbc8c73d20ce5ca4a8d71cf11"},
-]
-
-[[package]]
-name = "attrs"
-version = "24.2.0"
-description = "Classes Without Boilerplate"
-optional = false
-python-versions = ">=3.7"
-files = [
- {file = "attrs-24.2.0-py3-none-any.whl", hash = "sha256:81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"},
- {file = "attrs-24.2.0.tar.gz", hash = "sha256:5cfb1b9148b5b086569baec03f20d7b6bf3bcacc9a42bebf87ffaaca362f6346"},
-]
-
-[package.extras]
-benchmark = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-codspeed", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
-cov = ["cloudpickle", "coverage[toml] (>=5.3)", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
-dev = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pre-commit", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
-docs = ["cogapp", "furo", "myst-parser", "sphinx", "sphinx-notfound-page", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
-tests = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
-tests-mypy = ["mypy (>=1.11.1)", "pytest-mypy-plugins"]
-
-[[package]]
name = "click"
version = "8.1.7"
description = "Composable command line interface toolkit"
@@ -55,6 +26,20 @@
]
[[package]]
+name = "exceptiongroup"
+version = "1.2.2"
+description = "Backport of PEP 654 (exception groups)"
+optional = false
+python-versions = ">=3.7"
+files = [
+ {file = "exceptiongroup-1.2.2-py3-none-any.whl", hash = "sha256:3111b9d131c238bec2f8f516e123e14ba243563fb135d3fe885990585aa7795b"},
+ {file = "exceptiongroup-1.2.2.tar.gz", hash = "sha256:47c2edf7c6738fafb49fd34290706d1a1a2f4d1c6df275526b62cbb4aa5393cc"},
+]
+
+[package.extras]
+test = ["pytest (>=6)"]
+
+[[package]]
name = "igraph"
version = "0.11.6"
description = "High performance graph data structures and algorithms"
@@ -218,17 +203,6 @@
testing = ["pytest", "pytest-benchmark"]
[[package]]
-name = "py"
-version = "1.11.0"
-description = "library with cross-python path, ini-parsing, io, code, log facilities"
-optional = false
-python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
-files = [
- {file = "py-1.11.0-py2.py3-none-any.whl", hash = "sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378"},
- {file = "py-1.11.0.tar.gz", hash = "sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719"},
-]
-
-[[package]]
name = "pydevicetree"
version = "0.0.13"
description = "A library for parsing Devicetree Source v1"
@@ -258,27 +232,25 @@
[[package]]
name = "pytest"
-version = "6.2.5"
+version = "8.3.4"
description = "pytest: simple powerful testing with Python"
optional = false
-python-versions = ">=3.6"
+python-versions = ">=3.8"
files = [
- {file = "pytest-6.2.5-py3-none-any.whl", hash = "sha256:7310f8d27bc79ced999e760ca304d69f6ba6c6649c0b60fb0e04a4a77cacc134"},
- {file = "pytest-6.2.5.tar.gz", hash = "sha256:131b36680866a76e6781d13f101efb86cf674ebb9762eb70d3082b6f29889e89"},
+ {file = "pytest-8.3.4-py3-none-any.whl", hash = "sha256:50e16d954148559c9a74109af1eaf0c945ba2d8f30f0a3d3335edde19788b6f6"},
+ {file = "pytest-8.3.4.tar.gz", hash = "sha256:965370d062bce11e73868e0335abac31b4d3de0e82f4007408d242b4f8610761"},
]
[package.dependencies]
-atomicwrites = {version = ">=1.0", markers = "sys_platform == \"win32\""}
-attrs = ">=19.2.0"
colorama = {version = "*", markers = "sys_platform == \"win32\""}
+exceptiongroup = {version = ">=1.0.0rc8", markers = "python_version < \"3.11\""}
iniconfig = "*"
packaging = "*"
-pluggy = ">=0.12,<2.0"
-py = ">=1.8.2"
-toml = "*"
+pluggy = ">=1.5,<2"
+tomli = {version = ">=1", markers = "python_version < \"3.11\""}
[package.extras]
-testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "requests", "xmlschema"]
+dev = ["argcomplete", "attrs (>=19.2)", "hypothesis (>=3.56)", "mock", "pygments (>=2.7.2)", "requests", "setuptools", "xmlschema"]
[[package]]
name = "tenacity"
@@ -318,6 +290,47 @@
]
[[package]]
+name = "tomli"
+version = "2.2.1"
+description = "A lil' TOML parser"
+optional = false
+python-versions = ">=3.8"
+files = [
+ {file = "tomli-2.2.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:678e4fa69e4575eb77d103de3df8a895e1591b48e740211bd1067378c69e8249"},
+ {file = "tomli-2.2.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:023aa114dd824ade0100497eb2318602af309e5a55595f76b626d6d9f3b7b0a6"},
+ {file = "tomli-2.2.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ece47d672db52ac607a3d9599a9d48dcb2f2f735c6c2d1f34130085bb12b112a"},
+ {file = "tomli-2.2.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6972ca9c9cc9f0acaa56a8ca1ff51e7af152a9f87fb64623e31d5c83700080ee"},
+ {file = "tomli-2.2.1-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c954d2250168d28797dd4e3ac5cf812a406cd5a92674ee4c8f123c889786aa8e"},
+ {file = "tomli-2.2.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:8dd28b3e155b80f4d54beb40a441d366adcfe740969820caf156c019fb5c7ec4"},
+ {file = "tomli-2.2.1-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:e59e304978767a54663af13c07b3d1af22ddee3bb2fb0618ca1593e4f593a106"},
+ {file = "tomli-2.2.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:33580bccab0338d00994d7f16f4c4ec25b776af3ffaac1ed74e0b3fc95e885a8"},
+ {file = "tomli-2.2.1-cp311-cp311-win32.whl", hash = "sha256:465af0e0875402f1d226519c9904f37254b3045fc5084697cefb9bdde1ff99ff"},
+ {file = "tomli-2.2.1-cp311-cp311-win_amd64.whl", hash = "sha256:2d0f2fdd22b02c6d81637a3c95f8cd77f995846af7414c5c4b8d0545afa1bc4b"},
+ {file = "tomli-2.2.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:4a8f6e44de52d5e6c657c9fe83b562f5f4256d8ebbfe4ff922c495620a7f6cea"},
+ {file = "tomli-2.2.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:8d57ca8095a641b8237d5b079147646153d22552f1c637fd3ba7f4b0b29167a8"},
+ {file = "tomli-2.2.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4e340144ad7ae1533cb897d406382b4b6fede8890a03738ff1683af800d54192"},
+ {file = "tomli-2.2.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:db2b95f9de79181805df90bedc5a5ab4c165e6ec3fe99f970d0e302f384ad222"},
+ {file = "tomli-2.2.1-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:40741994320b232529c802f8bc86da4e1aa9f413db394617b9a256ae0f9a7f77"},
+ {file = "tomli-2.2.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:400e720fe168c0f8521520190686ef8ef033fb19fc493da09779e592861b78c6"},
+ {file = "tomli-2.2.1-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:02abe224de6ae62c19f090f68da4e27b10af2b93213d36cf44e6e1c5abd19fdd"},
+ {file = "tomli-2.2.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:b82ebccc8c8a36f2094e969560a1b836758481f3dc360ce9a3277c65f374285e"},
+ {file = "tomli-2.2.1-cp312-cp312-win32.whl", hash = "sha256:889f80ef92701b9dbb224e49ec87c645ce5df3fa2cc548664eb8a25e03127a98"},
+ {file = "tomli-2.2.1-cp312-cp312-win_amd64.whl", hash = "sha256:7fc04e92e1d624a4a63c76474610238576942d6b8950a2d7f908a340494e67e4"},
+ {file = "tomli-2.2.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:f4039b9cbc3048b2416cc57ab3bda989a6fcf9b36cf8937f01a6e731b64f80d7"},
+ {file = "tomli-2.2.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:286f0ca2ffeeb5b9bd4fcc8d6c330534323ec51b2f52da063b11c502da16f30c"},
+ {file = "tomli-2.2.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a92ef1a44547e894e2a17d24e7557a5e85a9e1d0048b0b5e7541f76c5032cb13"},
+ {file = "tomli-2.2.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9316dc65bed1684c9a98ee68759ceaed29d229e985297003e494aa825ebb0281"},
+ {file = "tomli-2.2.1-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e85e99945e688e32d5a35c1ff38ed0b3f41f43fad8df0bdf79f72b2ba7bc5272"},
+ {file = "tomli-2.2.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:ac065718db92ca818f8d6141b5f66369833d4a80a9d74435a268c52bdfa73140"},
+ {file = "tomli-2.2.1-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:d920f33822747519673ee656a4b6ac33e382eca9d331c87770faa3eef562aeb2"},
+ {file = "tomli-2.2.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:a198f10c4d1b1375d7687bc25294306e551bf1abfa4eace6650070a5c1ae2744"},
+ {file = "tomli-2.2.1-cp313-cp313-win32.whl", hash = "sha256:d3f5614314d758649ab2ab3a62d4f2004c825922f9e370b29416484086b264ec"},
+ {file = "tomli-2.2.1-cp313-cp313-win_amd64.whl", hash = "sha256:a38aa0308e754b0e3c67e344754dff64999ff9b513e691d0e786265c93583c69"},
+ {file = "tomli-2.2.1-py3-none-any.whl", hash = "sha256:cb55c73c5f4408779d0cf3eef9f762b9c9f147a77de7b258bef0a5628adc85cc"},
+ {file = "tomli-2.2.1.tar.gz", hash = "sha256:cd45e1dc79c835ce60f7404ec8119f2eb06d38b1deba146f07ced3bbc44505ff"},
+]
+
+[[package]]
name = "typing-extensions"
version = "4.12.2"
description = "Backported and Experimental Type Hints for Python 3.8+"
@@ -331,4 +344,4 @@
[metadata]
lock-version = "2.0"
python-versions = "^3.8"
-content-hash = "afa5cb49be96467a848bab753a630c6f5ec42d6750d67d29920c3e3971774e36"
+content-hash = "0f5b2b008bb5de8545881eaeacfdd1a6fe50e5271feea4635d622ffce9e550dc"
diff --git a/tools/cot_dt2c/pyproject.toml b/tools/cot_dt2c/pyproject.toml
index 73251d7..fc31d54 100644
--- a/tools/cot_dt2c/pyproject.toml
+++ b/tools/cot_dt2c/pyproject.toml
@@ -38,7 +38,7 @@
[tool.poetry.group.dev.dependencies]
mypy = "^0.910"
-pytest = "^6.2.5"
+pytest = "^8.3.4"
[tool.mypy]
# https://mypy.readthedocs.io/en/latest/config_file.html#using-a-pyproject-toml-file
diff --git a/tools/tlc/poetry.lock b/tools/tlc/poetry.lock
index decec59..ea1b750 100644
--- a/tools/tlc/poetry.lock
+++ b/tools/tlc/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.5 and should not be changed by hand.
[[package]]
name = "astroid"
@@ -495,13 +495,13 @@
[[package]]
name = "jinja2"
-version = "3.1.4"
+version = "3.1.5"
description = "A very fast and expressive template engine."
optional = false
python-versions = ">=3.7"
files = [
- {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"},
- {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"},
+ {file = "jinja2-3.1.5-py3-none-any.whl", hash = "sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"},
+ {file = "jinja2-3.1.5.tar.gz", hash = "sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb"},
]
[package.dependencies]
@@ -1331,13 +1331,13 @@
[[package]]
name = "virtualenv"
-version = "20.26.5"
+version = "20.26.6"
description = "Virtual Python Environment builder"
optional = false
python-versions = ">=3.7"
files = [
- {file = "virtualenv-20.26.5-py3-none-any.whl", hash = "sha256:4f3ac17b81fba3ce3bd6f4ead2749a72da5929c01774948e243db9ba41df4ff6"},
- {file = "virtualenv-20.26.5.tar.gz", hash = "sha256:ce489cac131aa58f4b25e321d6d186171f78e6cb13fafbf32a840cee67733ff4"},
+ {file = "virtualenv-20.26.6-py3-none-any.whl", hash = "sha256:7345cc5b25405607a624d8418154577459c3e0277f5466dd79c49d5e492995f2"},
+ {file = "virtualenv-20.26.6.tar.gz", hash = "sha256:280aede09a2a5c317e409a00102e7077c6432c5a38f0ef938e643805a7ad2c48"},
]
[package.dependencies]
@@ -1431,4 +1431,4 @@
[metadata]
lock-version = "2.0"
python-versions = "^3.8"
-content-hash = "aac9123f3fa544b8c3e9b085f41f5a1c6c4ed2d59ce3236dcda6ea2aef5a694c"
+content-hash = "a4b9c3bababadba14f49a8de0ccee1f5a141b6cea23d02a19ab8bf4f8c45533f"
diff --git a/tools/tlc/pyproject.toml b/tools/tlc/pyproject.toml
index b606238..e9ff26f 100644
--- a/tools/tlc/pyproject.toml
+++ b/tools/tlc/pyproject.toml
@@ -39,7 +39,7 @@
click = "^8.1.7"
pyyaml = "^6.0.1"
tox = "^4.18.0"
-jinja2 = "^3.1.4"
+jinja2 = "^3.1.5"
[tool.poetry.group.dev]
optional = true