Merge changes from topic "revert-ti-dm-workaround" into integration
* changes:
Revert "fix(ti): do not take system power reference in bl31_platform_setup()"
refactor(ti): remove ti_sci_init function
fix(k3): increment while reading trail bytes
diff --git a/.versionrc.js b/.versionrc.js
index c7ee4a2..ac473b0 100644
--- a/.versionrc.js
+++ b/.versionrc.js
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -84,9 +84,9 @@
"filename": "pyproject.toml",
"updater": {
"readVersion": function (contents) {
- const _ver = contents.match(/version\s=.*"(\d)\.(\d)\.(\d)/);
+ const _ver = contents.match(/version\s=.*"(\d+?)\.(\d+?)\.(\d+?)/);
- return `${_ver[1]}.${_ver[2]}.${_ver[2]}`;
+ return `${_ver[1]}.${_ver[2]}.${_ver[3]}`;
},
"writeVersion": function (contents, version) {
@@ -104,9 +104,9 @@
"filename": "docs/conf.py",
"updater": {
"readVersion": function (contents) {
- const _ver = contents.match(/version\s=.*"(\d)\.(\d)\.(\d)/);
+ const _ver = contents.match(/version\s=.*"(\d+?)\.(\d+?)\.(\d+?)/);
- return `${_ver[1]}.${_ver[2]}.${_ver[2]}`;
+ return `${_ver[1]}.${_ver[2]}.${_ver[3]}`;
},
"writeVersion": function (contents, version) {
diff --git a/Makefile b/Makefile
index ac73816..c1448fa 100644
--- a/Makefile
+++ b/Makefile
@@ -9,7 +9,8 @@
#
VERSION_MAJOR := 2
VERSION_MINOR := 10
-VERSION_PATCH := 0 # Only used for LTS releases
+# VERSION_PATCH is only used for LTS releases
+VERSION_PATCH := 0
VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}
# Default goal is build all images
@@ -160,15 +161,6 @@
################################################################################
arch-features = ${ARM_ARCH_FEATURE}
-# Set the compiler's architecture feature modifiers
-ifneq ($(arch-features), none)
- # Strip "none+" from arch-features
- arch-features := $(subst none+,,$(arch-features))
- march-directive := $(march-directive)+$(arch-features)
-# Print features
- $(info Arm Architecture Features specified: $(subst +, ,$(arch-features)))
-endif #(arch-features)
-
ifneq ($(findstring clang,$(notdir $(CC))),)
ifneq ($(findstring armclang,$(notdir $(CC))),)
TF_CFLAGS_aarch32 := -target arm-arm-none-eabi
@@ -232,8 +224,6 @@
TF_CFLAGS_aarch32 += -mno-unaligned-access
TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align
-ASFLAGS += $(march-directive)
-
##############################################################################
# WARNINGS Configuration
###############################################################################
@@ -691,6 +681,7 @@
include ${MAKE_HELPERS_DIRECTORY}march.mk
TF_CFLAGS += $(march-directive)
+ASFLAGS += $(march-directive)
# This internal flag is common option which is set to 1 for scenarios
# when the BL2 is running in EL3 level. This occurs in two scenarios -
@@ -1039,12 +1030,6 @@
endif
endif
-# Determine if FEAT_RNG is supported
-ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0)
-
-# Determine if FEAT_SB is supported
-ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0)
-
ifeq ($(PSA_CRYPTO),1)
$(info PSA_CRYPTO is an experimental feature)
endif
@@ -1170,7 +1155,6 @@
ENABLE_AMU_FCONF \
AMU_RESTRICT_COUNTERS \
ENABLE_ASSERTIONS \
- ENABLE_FEAT_SB \
ENABLE_PIE \
ENABLE_PMF \
ENABLE_PSCI_STAT \
@@ -1267,6 +1251,7 @@
ENABLE_FEAT_RNG_TRAP \
ENABLE_FEAT_SEL2 \
ENABLE_FEAT_TCR2 \
+ ENABLE_FEAT_SB \
ENABLE_FEAT_S2PIE \
ENABLE_FEAT_S1PIE \
ENABLE_FEAT_S2POE \
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 40e3df8..9959a3e 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -161,6 +161,10 @@
${MBEDTLS_SOURCES}
endif
+ifeq ($(CROS_WIDEVINE_SMC),1)
+BL31_SOURCES += services/oem/chromeos/widevine_smc_handlers.c
+endif
+
BL31_DEFAULT_LINKER_SCRIPT_SOURCE := bl31/bl31.ld.S
ifneq ($(findstring gcc,$(notdir $(LD))),)
diff --git a/docs/components/realm-management-extension.rst b/docs/components/realm-management-extension.rst
index f228e6b..39186b4 100644
--- a/docs/components/realm-management-extension.rst
+++ b/docs/components/realm-management-extension.rst
@@ -237,7 +237,7 @@
-C bp.ve_sysregs.exit_on_shutdown=1 \
-C cache_state_modelled=1 \
-C bp.dram_size=4 \
- -C bp.secure_memory=1 \
+ -C bp.secure_memory=0 \
-C pci.pci_smmuv3.mmu.SMMU_ROOT_IDR0=3 \
-C pci.pci_smmuv3.mmu.SMMU_ROOT_IIDR=0x43B \
-C pci.pci_smmuv3.mmu.root_register_page_offset=0x20000 \
diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst
index 281f35f..6dc2245 100644
--- a/docs/design/auth-framework.rst
+++ b/docs/design/auth-framework.rst
@@ -505,11 +505,12 @@
typedef enum {
AUTH_PARAM_NONE,
- AUTH_PARAM_RAW_DATA, /* Raw image data */
+ AUTH_PARAM_RAW_DATA, /* Raw image data */
AUTH_PARAM_SIG, /* The image signature */
AUTH_PARAM_SIG_ALG, /* The image signature algorithm */
AUTH_PARAM_HASH, /* A hash (including the algorithm) */
AUTH_PARAM_PUB_KEY, /* A public key */
+ AUTH_PARAM_NV_CTR, /* A non-volatile counter */
} auth_param_type_t;
The AM defines the following structure to identify an authentication parameter
@@ -1018,4 +1019,4 @@
*Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.*
-.. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 652c142..abd9f87 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -872,6 +872,10 @@
For Cortex-A715, the following errata build flags are defined :
+- ``ERRATA_A715_2561034``: This applies errata 2561034 workaround to
+ Cortex-A715 CPU. This needs to be enabled only for revision r1p0.
+ It is fixed in r1p1.
+
- ``ERRATA_A715_2701951``: This applies erratum 2701951 workaround to Cortex-A715
CPU and affects system configurations that do not use an ARM interconnect
IP. This needs to be applied to revisions r0p0, r1p0 and r1p1. It is fixed
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index 24efabe..bddff16 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -2866,7 +2866,7 @@
.. _PSCI: https://developer.arm.com/documentation/den0022/latest/
.. _Arm ARM: https://developer.arm.com/docs/ddi0487/latest
.. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
-.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT) Armv8-A (ARM DEN0006D): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT) Armv8-A (ARM DEN0006D): https://developer.arm.com/docs/den0006/latest
.. _Arm Confidential Compute Architecture (Arm CCA): https://www.arm.com/why-arm/architecture/security-features/arm-confidential-compute-architecture
.. _AArch64 exception vector table: https://developer.arm.com/documentation/100933/0100/AArch64-exception-vector-table
diff --git a/docs/design/trusted-board-boot.rst b/docs/design/trusted-board-boot.rst
index fed202a..10fb7fb 100644
--- a/docs/design/trusted-board-boot.rst
+++ b/docs/design/trusted-board-boot.rst
@@ -1,24 +1,45 @@
Trusted Board Boot
==================
-The Trusted Board Boot (TBB) feature prevents malicious firmware from running on
-the platform by authenticating all firmware images up to and including the
-normal world bootloader. It does this by establishing a Chain of Trust using
+The `Trusted Board Boot` (TBB) feature prevents malicious firmware from running
+on the platform by authenticating all firmware images up to and including the
+normal world bootloader. It does this by establishing a `Chain of Trust` using
Public-Key-Cryptography Standards (PKCS).
This document describes the design of Trusted Firmware-A (TF-A) TBB, which is an
implementation of the `Trusted Board Boot Requirements (TBBR)`_ specification,
-Arm DEN0006D. It should be used in conjunction with the
-:ref:`Firmware Update (FWU)` design document, which implements a specific aspect
-of the TBBR.
+Arm DEN0006D. It should be used in conjunction with the :ref:`Firmware Update
+(FWU)` design document, which implements a specific aspect of the TBBR.
Chain of Trust
--------------
-A Chain of Trust (CoT) starts with a set of implicitly trusted components. On
-the Arm development platforms, these components are:
+A Chain of Trust (CoT) starts with a set of implicitly trusted components, which
+are used to establish trust in the next layer of components, and so on, in a
+`chained` manner.
-- A SHA-256 hash of the Root of Trust Public Key (ROTPK). It is stored in the
+The chain of trust depends on several factors, including:
+
+- The set of firmware images in use on this platform.
+ Typically, most platforms share a common set of firmware images (BL1, BL2,
+ BL31, BL33) but extra platform-specific images might be required.
+
+- The key provisioning scheme: which keys need to programmed into the device
+ and at which stage during the platform's manufacturing lifecycle.
+
+- The key ownership model: who owns which key.
+
+As these vary across platforms, chains of trust also vary across
+platforms. Although each platform is free to define its own CoT based on its
+needs, TF-A provides a set of "default" CoTs fitting some typical trust models,
+which platforms may reuse. The rest of this section presents general concepts
+which apply to all these default CoTs.
+
+The implicitly trusted components forming the trust anchor are:
+
+- A Root of Trust Public Key (ROTPK), or a hash of it.
+
+ On Arm development platforms, a SHA-256 hash of the ROTPK is stored in the
trusted root-key storage registers. Alternatively, a development ROTPK might
be used and its hash embedded into the BL1 and BL2 images (only for
development purposes).
@@ -31,11 +52,11 @@
enables adding custom extensions to the certificates, which are used to store
essential information to establish the CoT.
-In the TBB CoT all certificates are self-signed. There is no need for a
-Certificate Authority (CA) because the CoT is not established by verifying the
-validity of a certificate's issuer but by the content of the certificate
-extensions. To sign the certificates, different signature schemes are available,
-please refer to the :ref:`Build Options` for more details.
+All certificates are self-signed. There is no need for a Certificate Authority
+(CA) because the CoT is not established by verifying the validity of a
+certificate's issuer but by the content of the certificate extensions. To sign
+the certificates, different signature schemes are available, please refer to the
+:ref:`Build Options` for more details.
The certificates are categorised as "Key" and "Content" certificates. Key
certificates are used to verify public keys which have been used to sign content
@@ -43,10 +64,23 @@
image. An image can be authenticated by calculating its hash and matching it
with the hash extracted from the content certificate. Various hash algorithms
are supported to calculate all hashes, please refer to the :ref:`Build Options`
-for more details.. The public keys and hashes are included as non-standard
+for more details. The public keys and hashes are included as non-standard
extension fields in the `X.509 v3`_ certificates.
-The keys used to establish the CoT are:
+The next sections now present specificities of each default CoT provided in
+TF-A.
+
+Default CoT #1: TBBR
+~~~~~~~~~~~~~~~~~~~~
+
+The `TBBR` CoT is named after the specification it follows to the letter.
+
+In the TBBR CoT, all firmware binaries and certificates are (directly or
+indirectly) linked to the Root of Trust Public Key (ROTPK). Typically, the same
+vendor owns the ROTPK, the Trusted key and the Non-Trusted Key. Thus, this vendor
+is involved in signing every BL3x Key Certificate.
+
+The keys used to establish this CoT are:
- **Root of trust key**
@@ -133,6 +167,40 @@
The SCP_BL2 and BL32 certificates are optional, but they must be present if the
corresponding SCP_BL2 or BL32 images are present.
+The following diagram summarizes the part of the TBBR CoT enforced by BL2. Some
+images (SCP, debug certificates, secure partitions, configuration files) are not
+shown here for conciseness:
+
+.. image:: ../resources/diagrams/cot-tbbr.jpg
+
+Default CoT #2: Dualroot
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+The `dualroot` CoT is targeted at systems where the Normal World firmware is
+owned by a different entity than the Secure World Firmware, and those 2 entities
+do not wish to share any keys or have any dependency between each other when it
+comes to signing their respective images. It establishes 2 separate signing
+domains, each with its own Root of Trust key. In that sense, this CoT has 2
+roots of trust, hence the `dualroot` name.
+
+Although the dualroot CoT reuses some of the TBBR CoT components and concepts,
+it differs on the BL33 image's chain of trust, which is rooted into a new key,
+called `Platform ROTPK`, or `PROTPK` for short.
+
+The following diagram summarizes the part of the dualroot CoT enforced by
+BL2. Some images (SCP, debug certificates, secure partitions, configuration
+files) are not shown here for conciseness:
+
+.. image:: ../resources/diagrams/cot-dualroot.jpg
+
+Default CoT #3: CCA
+~~~~~~~~~~~~~~~~~~~
+
+This CoT is targeted at Arm CCA systems. The Arm CCA security model recommends
+making supply chains for the Arm CCA firmware, the secure world firmware and the
+platform owner firmware, independent. Hence, this CoT has 3 roots of trust, one
+for each supply chain.
+
Trusted Board Boot Sequence
---------------------------
@@ -261,4 +329,4 @@
*Copyright (c) 2015-2020, Arm Limited and Contributors. All rights reserved.*
.. _X.509 v3: https://tools.ietf.org/rfc/rfc5280.txt
-.. _Trusted Board Boot Requirements (TBBR): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements (TBBR): https://developer.arm.com/docs/den0006/latest
diff --git a/docs/index.rst b/docs/index.rst
index a7a5993..cdb237a 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -91,7 +91,7 @@
.. _Armv7-A and Armv8-A: https://developer.arm.com/products/architecture/a-profile
.. _Secure Monitor: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php
.. _Power State Coordination Interface (PSCI): https://developer.arm.com/documentation/den0022/latest/
-.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest
.. _System Control and Management Interface (SCMI): http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
.. _Software Delegated Exception Interface (SDEI): http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
.. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
diff --git a/docs/plat/rockchip.rst b/docs/plat/rockchip.rst
index b7c43fb..01cf176 100644
--- a/docs/plat/rockchip.rst
+++ b/docs/plat/rockchip.rst
@@ -35,7 +35,7 @@
For AARCH64 architectures the build command looks like
- make CROSS_COMPILE=aarch64-linux-gnu- PLAT=rk3399 bl32
+ make CROSS_COMPILE=aarch64-linux-gnu- PLAT=rk3399 bl31
while AARCH32 needs a slightly different command
diff --git a/docs/process/contributing.rst b/docs/process/contributing.rst
index ef9ebd3..33b3533 100644
--- a/docs/process/contributing.rst
+++ b/docs/process/contributing.rst
@@ -7,8 +7,12 @@
- Make sure you have a Github account and you are logged on both
`developer.trustedfirmware.org`_ and `review.trustedfirmware.org`_.
+ Also make sure that you have registered your full name and email address in
+ your `review.trustedfirmware.org`_ profile. Otherwise, the Gerrit server
+ might reject patches you attempt to post for review.
+
- If you plan to contribute a major piece of work, it is usually a good idea to
- start a discussion around it on the mailing list. This gives everyone
+ start a discussion around it on the `TF-A mailing list`_. This gives everyone
visibility of what is coming up, you might learn that somebody else is
already working on something similar or the community might be able to
provide some early input to help shaping the design of the feature.
@@ -17,16 +21,16 @@
it explicitly in the email thread and ensure that the changes that include
Third Party IP are made in a separate patch (or patch series).
-- Clone `Trusted Firmware-A`_ on your own machine as described in
+- Clone the Trusted Firmware-A source code on your own machine as described in
:ref:`prerequisites_get_source`.
-- Create a local topic branch based on the `Trusted Firmware-A`_ ``master``
+- Create a local topic branch based on the Trusted Firmware-A ``master``
branch.
Making Changes
==============
-- Ensure commits adhere to the the project's :ref:`Commit Style`.
+- Ensure commits adhere to the project's :ref:`Commit Style`.
- Make commits of logical units. See these general `Git guidelines`_ for
contributing to a project.
@@ -93,13 +97,21 @@
Submitting Changes
==================
-- Submit your changes for review at https://review.trustedfirmware.org
- targeting the ``integration`` branch.
+.. note::
+ Please follow the `How to Contribute Code`_ section of the OpenCI
+ documentation for general instructions on setting up Gerrit and posting
+ patches there. The rest of this section provides details about patch
+ submission rules specifically for the TF-A project.
-- Add reviewers for your patch:
+- Submit your changes for review using the ``git review`` command.
- - At least one code owner for each module modified by the patch. See the list
- of modules and their :ref:`code owners`.
+ This will automatically rebase them onto the upstream ``integration`` branch,
+ as required by TF-A's patch submission process.
+
+- From the Gerrit web UI, add reviewers for your patch:
+
+ - At least one code owner for each module modified by the patch. See the
+ list of modules and their :ref:`code owners`.
- At least one maintainer. See the list of :ref:`maintainers`.
@@ -167,26 +179,54 @@
Add CI Configurations
=====================
-- TF-A uses Jenkins tool for Continuous Integration and testing activities.
- Various CI Jobs are deployed which run tests on every patch before being
- merged. So each of your patches go through a series of checks before they
- get merged on to the master branch. Kindly ensure, that everytime you add
- new files under your platform, they are covered under the following two sections:
+TF-A uses Jenkins for Continuous Integration and testing activities. Various CI
+jobs are deployed to run tests on every patch before being merged. Each of your
+patches go through a series of checks before they get merged on to the master
+branch. Kindly ensure that every time you add new files under your platform,
+they are covered by the following two sections.
Coverity Scan
-------------
-- ``Coverity Scan analysis`` is one of the tests we perform on our source code
- at regular intervals. We maintain a build script ``tf-cov-make`` which contains the
- build configurations of various platforms in order to cover the entire source
- code being analysed by Coverity.
+The TF-A project makes use of `Coverity Scan` for static analysis, a service
+offered by Synopsys for open-source projects. This tool is able to find defects
+and vulnerabilities in a code base, such as dereferences of NULL pointers, use
+of uninitialized data, control flow issues and many other things.
-- When you submit your patches for review containing new source files, please
- ensure to include them for the ``Coverity Scan analysis`` by adding the
- respective build configurations in the ``tf-cov-make`` build script.
+The TF-A source code is submitted daily to this service for analysis. Results of
+the latest and previous scans, as well as the complete list of defects it
+detected, are accessible online from
+https://scan.coverity.com/projects/arm-software-arm-trusted-firmware.
-- In this section you find the details on how to append your new build
- configurations for Coverity scan analysis illustrated with examples:
+The `tf-a-ci-scripts repository`_ contains scripts to run the Coverity Scan
+tools on the integration branch of the TF-A code base and make them available on
+https://scan.coverity.com. These scripts get executed daily by the
+`tf-a-coverity Jenkins job`_.
+
+In order to maintain a high level of coverage, including on newly introduced
+code, it is important to maintain the appropriate TF-A CI scripts. Details of
+when to update these scripts and how to do so follow.
+
+We maintain a build script - ``tf-cov-make`` - which contains the build
+configurations of various platforms in order to cover the entire source code
+being analysed by Coverity.
+
+When you submit your patches for review, and if they contain new source files,
+`TF-A CI static checks job`_ might report that these files are not covered. In
+this case, the job's console output will show the following error message::
+
+ ****** Newly added files detection check for Coverity Scan analysis on patch(es) ******
+
+ Result : FAILURE
+
+ New source files have been identified in your patch..
+ some/dir/file.c
+
+ please ensure to include them for the ``Coverity Scan analysis`` by adding
+ the respective build configurations in the ``tf-cov-make`` build script.
+
+In this section you find the details on how to append your new build
+configurations for Coverity scan analysis illustrated with examples:
#. We maintain a separate repository named `tf-a-ci-scripts repository`_
for placing all the test scripts which will be executed by the CI Jobs.
@@ -194,9 +234,9 @@
#. In this repository, ``tf-cov-make`` script is located at
``tf-a-ci-scripts/script/tf-coverity/tf-cov-make``
-#. Edit `tf-cov-make`_ script by appending all the possible build configurations with
- the specific ``build-flags`` relevant to your platform, so that newly added
- source files get built and analysed by Coverity.
+#. Edit the `tf-cov-make`_ script by appending all the possible build
+ configurations with the specific build flags relevant to your platform, so
+ that newly added source files get built and analysed by Coverity.
#. For better understanding follow the below specified examples listed in the
``tf-cov-make`` script.
@@ -220,45 +260,44 @@
make PLAT=hikey960 $(common_flags) ${TBB_OPTIONS} all
make PLAT=poplar $(common_flags) all
-- In this case for ``Hikey`` boards additional ``build-flags`` has been included
- along with the ``commom_flags`` to cover most of the files relevant to it.
+- In this case for ``Hikey`` boards additional build flags have been included
+ along with the ``common_flags`` to cover most of the files relevant to it.
- Similar to this you can still find many other different build configurations
of various other platforms listed in the ``tf-cov-make`` script. Kindly refer
them and append your build configurations respectively.
-Test Build Configuration (``tf-l1-build-plat``)
------------------------------------------------
+Test Build Configurations
+-------------------------
-- Coverity Scan analysis, runs on a daily basis and will not be triggered for
- every individual trusted-firmware patch.
+We have CI jobs which run a set of test configurations on every TF-A patch
+before they get merged upstream.
-- Considering this, we have other distinguished CI jobs which run a set of test
- configurations on every patch, before they are being passed to ``Coverity scan analysis``.
+At the bare minimum, TF-A code should build without any errors for every
+supported platform - and every feature of this platform. To make sure this is
+the case, we maintain a set of build tests. ``tf-l1-build-plat`` is the test
+group which holds all build tests for all platforms. So be kind enough to
+verify that your newly added files are covered by such a build test.
-- ``tf-l1-build-plat`` is the test group, which holds the test configurations
- to build all the platforms. So be kind enough to verify that your newly added
- files are built as part of one of the existing platform configurations present
- in ``tf-l1-build-plat`` test group.
+If this is not the case, please follow the instructions below to add the
+appropriate files. We will illustrate this with an example for the ``Hikey``
+platform.
-- In this section you find the details on how to add the appropriate files,
- needed to build your newly introduced platform as part of ``tf-l1-build-plat``
- test group, illustrated with an example:
-
-- Lets consider ``Hikey`` platform:
- In the `tf-a-ci-scripts repository`_ we need to add a build configuration file ``hikey-default``
- under tf_config folder, ``tf_config/hikey-default`` listing all the build parameters
- relevant to it.
+- In the `tf-a-ci-scripts repository`_ we need to add a build configuration file
+ ``hikey-default`` under ``tf_config/`` folder. ``tf_config/hikey-default``
+ must list all the build parameters relevant to it.
.. code:: shell
- #Hikey Build Parameters
+ # Hikey Build Parameters
CROSS_COMPILE=aarch64-none-elf-
PLAT=hikey
-- Further a test-configuration file ``hikey-default:nil`` need to be added under the
- test group, ``tf-l1-build-plat`` located at ``tf-a-ci-scripts/group/tf-l1-build-plat``,
- to allow the platform to be built as part of this group.
+- Further another file, ``hikey-default:nil``, needs to be added under
+ ``group/tf-l1-build-plat/`` folder to allow the platform to be built as part
+ of this test group. ``group/tf-l1-build-plat/hikey-default:nil`` file just
+ needs to exist but does not contain anything meaningful, apart from a
+ mandatory copyright notice:
.. code:: shell
@@ -268,7 +307,11 @@
# SPDX-License-Identifier: BSD-3-Clause
#
-- As illustrated above, you need to add the similar files supporting your platform.
+- As illustrated above, you need to add similar files supporting your platform.
+
+For a more elaborate explanation of the TF-A CI scripts internals, including how
+to add more complex tests beyond a simple build test, please refer to the `TF-A
+CI scripts overview`_ section of the OpenCI documentation.
Binary Components
=================
@@ -289,11 +332,10 @@
--------------
-*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.*
.. _developer.trustedfirmware.org: https://developer.trustedfirmware.org
.. _review.trustedfirmware.org: https://review.trustedfirmware.org
-.. _Trusted Firmware-A: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
.. _Git guidelines: http://git-scm.com/book/ch5-2.html
.. _Gerrit Uploading Changes documentation: https://review.trustedfirmware.org/Documentation/user-upload.html
.. _TF-A Tests: https://trustedfirmware-a-tests.readthedocs.io
@@ -302,3 +344,7 @@
.. _TF-A mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
.. _tf-a-ci-scripts repository: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/
.. _tf-cov-make: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/tree/script/tf-coverity/tf-cov-make
+.. _How to Contribute Code: https://tf-ci-users-guide.readthedocs.io/en/latest/#how-to-contribute-code
+.. _TF-A CI scripts overview: https://tf-ci-users-guide.readthedocs.io/en/latest/#tf-a-ci-scripts-overview
+.. _tf-a-coverity Jenkins job: https://ci.trustedfirmware.org/job/tf-a-coverity/
+.. _TF-A CI static checks job: https://ci.trustedfirmware.org/job/tf-a-static-checks/
diff --git a/docs/resources/diagrams/cot-dualroot.jpg b/docs/resources/diagrams/cot-dualroot.jpg
new file mode 100644
index 0000000..c56392e
--- /dev/null
+++ b/docs/resources/diagrams/cot-dualroot.jpg
Binary files differ
diff --git a/docs/resources/diagrams/cot-tbbr.jpg b/docs/resources/diagrams/cot-tbbr.jpg
new file mode 100644
index 0000000..7ecd69d
--- /dev/null
+++ b/docs/resources/diagrams/cot-tbbr.jpg
Binary files differ
diff --git a/drivers/arm/css/scmi/scmi_common.c b/drivers/arm/css/scmi/scmi_common.c
index ec749fb..ca855fe 100644
--- a/drivers/arm/css/scmi/scmi_common.c
+++ b/drivers/arm/css/scmi/scmi_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,6 +9,7 @@
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/arm/css/scmi.h>
+#include <drivers/delay_timer.h>
#include "scmi_private.h"
@@ -60,8 +61,10 @@
dmbsy();
/* Wait for channel to be free */
- while (!SCMI_IS_CHANNEL_FREE(mbx_mem->status))
- ;
+ while (!SCMI_IS_CHANNEL_FREE(mbx_mem->status)) {
+ if (ch->info->delay != 0)
+ udelay(ch->info->delay);
+ }
/*
* Ensure that any read to the SCMI payload area is done after reading
diff --git a/drivers/arm/gic/v3/gicv3_main.c b/drivers/arm/gic/v3/gicv3_main.c
index 3c99517..3190f66 100644
--- a/drivers/arm/gic/v3/gicv3_main.c
+++ b/drivers/arm/gic/v3/gicv3_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2023, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -34,8 +34,8 @@
#pragma weak gicv3_rdistif_off
#pragma weak gicv3_rdistif_on
-/* Check interrupt ID for SGI/(E)PPI and (E)SPIs */
-static bool is_sgi_ppi(unsigned int id);
+/* Check for valid SGI/PPI or SPI interrupt ID */
+static bool is_valid_interrupt(unsigned int id);
/*
* Helper macros to save and restore GICR and GICD registers
@@ -447,8 +447,12 @@
return INTR_GROUP1NS;
}
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
+
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* SGIs: 0-15, PPIs: 16-31, EPPIs: 1056-1119 */
assert(gicv3_driver_data->rdistif_base_addrs != NULL);
gicr_base = gicv3_driver_data->rdistif_base_addrs[proc_num];
@@ -942,8 +946,11 @@
assert(proc_num < gicv3_driver_data->rdistif_num);
assert(gicv3_driver_data->rdistif_base_addrs != NULL);
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
return gicr_get_isactiver(
gicv3_driver_data->rdistif_base_addrs[proc_num], id);
@@ -973,9 +980,11 @@
* interrupt trigger are observed before enabling interrupt.
*/
dsbishst();
-
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_set_isenabler(
gicv3_driver_data->rdistif_base_addrs[proc_num], id);
@@ -1004,9 +1013,11 @@
* Disable interrupt, and ensure that any shared variable updates
* depending on out of band interrupt trigger are observed afterwards.
*/
-
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_set_icenabler(
gicv3_driver_data->rdistif_base_addrs[proc_num], id);
@@ -1041,8 +1052,11 @@
assert(proc_num < gicv3_driver_data->rdistif_num);
assert(gicv3_driver_data->rdistif_base_addrs != NULL);
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_base = gicv3_driver_data->rdistif_base_addrs[proc_num];
gicr_set_ipriorityr(gicr_base, id, priority);
@@ -1088,8 +1102,11 @@
break;
}
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_base = gicv3_driver_data->rdistif_base_addrs[proc_num];
@@ -1228,12 +1245,14 @@
* Clear pending interrupt, and ensure that any shared variable updates
* depending on out of band interrupt trigger are observed afterwards.
*/
-
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_set_icpendr(
- gicv3_driver_data->rdistif_base_addrs[proc_num], id);
+ gicv3_driver_data->rdistif_base_addrs[proc_num], id);
} else {
/* For SPIs: 32-1019 and ESPIs: 4096-5119 */
gicd_base = gicv3_get_multichip_base(id, gicv3_driver_data->gicd_base);
@@ -1263,8 +1282,12 @@
*/
dsbishst();
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
+
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_set_ispendr(
gicv3_driver_data->rdistif_base_addrs[proc_num], id);
@@ -1371,21 +1394,19 @@
}
/******************************************************************************
- * This function checks the interrupt ID and returns true for SGIs and (E)PPIs
- * and false for (E)SPIs IDs.
+ * This function checks the interrupt ID and returns true for SGIs, (E)PPIs
+ * and (E)SPIs IDs. Any interrupt ID outside the range is invalid and returns
+ * false.
*****************************************************************************/
-static bool is_sgi_ppi(unsigned int id)
+static bool is_valid_interrupt(unsigned int id)
{
- /* SGIs: 0-15, PPIs: 16-31, EPPIs: 1056-1119 */
- if (IS_SGI_PPI(id)) {
+ /* Valid interrupts:
+ * SGIs: 0-15, PPIs: 16-31, EPPIs: 1056-1119
+ * SPIs: 32-1019, ESPIs: 4096-5119
+ */
+ if ((IS_SGI_PPI(id)) || (IS_SPI(id))) {
return true;
}
- /* SPIs: 32-1019, ESPIs: 4096-5119 */
- if (IS_SPI(id)) {
- return false;
- }
-
- assert(false);
- panic();
+ return false;
}
diff --git a/drivers/arm/mhu/mhu_wrapper_v2_x.c b/drivers/arm/mhu/mhu_wrapper_v2_x.c
index 60de1d3..54a5881 100644
--- a/drivers/arm/mhu/mhu_wrapper_v2_x.c
+++ b/drivers/arm/mhu/mhu_wrapper_v2_x.c
@@ -308,5 +308,10 @@
assert(num_channels != 0);
- return num_channels * sizeof(uint32_t);
+ /*
+ * Returns only usable size of memory. As one channel is specifically
+ * used to inform about the size of payload, discard it from avialable
+ * memory size.
+ */
+ return (num_channels - 1) * sizeof(uint32_t);
}
diff --git a/drivers/arm/rss/rss_comms.c b/drivers/arm/rss/rss_comms.c
index 4622af9..a905b88 100644
--- a/drivers/arm/rss/rss_comms.c
+++ b/drivers/arm/rss/rss_comms.c
@@ -59,8 +59,10 @@
* messages due to ATU configuration costs to allow access to the
* pointers.
*/
- if ((comms_embed_msg_min_size + in_size_total > comms_mhu_msg_size - sizeof(uint32_t))
- || (comms_embed_reply_min_size + out_size_total > comms_mhu_msg_size) - sizeof(uint32_t)) {
+ if ((comms_embed_msg_min_size + in_size_total >
+ comms_mhu_msg_size - sizeof(uint32_t)) ||
+ (comms_embed_reply_min_size + out_size_total >
+ comms_mhu_msg_size - sizeof(uint32_t))) {
return RSS_COMMS_PROTOCOL_POINTER_ACCESS;
} else {
return RSS_COMMS_PROTOCOL_EMBED;
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S
index a78837f..26c7578 100644
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@@ -64,9 +64,21 @@
*
* SCR_EL3.EA: Set to one to route External Aborts and SError Interrupts
* to EL3 when executing at any EL.
+ *
+ * SCR_EL3.EEL2: Set to one if S-EL2 is present and enabled.
+ *
+ * NOTE: Modifying EEL2 bit along with EA bit ensures that we mitigate
+ * against ERRATA_V2_3099206.
* ---------------------------------------------------------------------
*/
mov_imm x0, (SCR_RESET_VAL | SCR_EA_BIT | SCR_SIF_BIT)
+#if IMAGE_BL31 && defined(SPD_spmd) && SPMD_SPM_AT_SEL2
+ mrs x1, id_aa64pfr0_el1
+ and x1, x1, #(ID_AA64PFR0_SEL2_MASK << ID_AA64PFR0_SEL2_SHIFT)
+ cbz x1, 1f
+ orr x0, x0, #SCR_EEL2_BIT
+#endif
+1:
msr scr_el3, x0
/* ---------------------------------------------------------------------
diff --git a/include/drivers/arm/css/scmi.h b/include/drivers/arm/css/scmi.h
index 356012b..96e1924 100644
--- a/include/drivers/arm/css/scmi.h
+++ b/include/drivers/arm/css/scmi.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -123,6 +123,8 @@
void (*ring_doorbell)(struct scmi_channel_plat_info *plat_info);
/* cookie is unused now. But added for future enhancements. */
void *cookie;
+ /* Delay in micro-seconds while polling the channel status. */
+ uint32_t delay;
} scmi_channel_plat_info_t;
diff --git a/include/drivers/usb_device.h b/include/drivers/usb_device.h
index 8fdb6ae..d4c491c 100644
--- a/include/drivers/usb_device.h
+++ b/include/drivers/usb_device.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2021-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,7 @@
#ifndef USB_DEVICE_H
#define USB_DEVICE_H
+#include <stdbool.h>
#include <stdint.h>
#include <lib/utils_def.h>
diff --git a/include/lib/cpus/aarch64/cortex_a715.h b/include/lib/cpus/aarch64/cortex_a715.h
index 950d02f..366894d 100644
--- a/include/lib/cpus/aarch64/cortex_a715.h
+++ b/include/lib/cpus/aarch64/cortex_a715.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,11 @@
#define CORTEX_A715_BHB_LOOP_COUNT U(38)
/*******************************************************************************
+ * CPU Auxiliary Control register 2 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A715_CPUACTLR2_EL1 S3_0_C15_C1_1
+
+/*******************************************************************************
* CPU Extended Control register specific definitions
******************************************************************************/
#define CORTEX_A715_CPUECTLR_EL1 S3_0_C15_C1_4
diff --git a/include/lib/psci/psci_lib.h b/include/lib/psci/psci_lib.h
index 4b244ec..c50f8cb 100644
--- a/include/lib/psci/psci_lib.h
+++ b/include/lib/psci/psci_lib.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -94,6 +94,7 @@
bool psci_is_last_on_cpu_safe(void);
bool psci_are_all_cpus_on_safe(void);
void psci_pwrdown_cpu(unsigned int power_level);
+void psci_do_manage_extensions(void);
#endif /* __ASSEMBLER__ */
diff --git a/include/lib/smccc.h b/include/lib/smccc.h
index 8fd6093..c493105 100644
--- a/include/lib/smccc.h
+++ b/include/lib/smccc.h
@@ -111,6 +111,8 @@
#define SMC_OK ULL(0)
#define SMC_UNK -1
#define SMC_PREEMPTED -2 /* Not defined by the SMCCC */
+#define SMC_DENIED -3 /* Not defined by the SMCCC */
+#define SMC_INVALID_PARAM -4 /* Not defined by the SMCCC */
/* Return codes for Arm Architecture Service SMC calls */
#define SMC_ARCH_CALL_SUCCESS 0
diff --git a/include/plat/arm/common/arm_sip_svc.h b/include/plat/arm/common/arm_sip_svc.h
index 266092e..a6fd42b 100644
--- a/include/plat/arm/common/arm_sip_svc.h
+++ b/include/plat/arm/common/arm_sip_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019,2021-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019,2021-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -42,6 +42,16 @@
#define ARM_SIP_SET_INTERRUPT_PENDING U(0x82000100)
#endif
+/**
+ * Arm SiP Service Call for the SPM to leverage RME to protect a give memory range.
+ * Protected memory range is one whose PAS was made secure.
+ * Unprotect relates to reverting a protect operation.
+ */
+#if SPMD_SPM_AT_SEL2 && ENABLE_RME
+#define PLAT_PROTECT_MEM_SMC64 0xC2000101
+#define PLAT_UNPROTECT_MEM_SMC64 0xC2000102
+#endif
+
/* SiP handler specific to each Arm platform. */
uintptr_t plat_arm_sip_handler(uint32_t smc_fid,
u_register_t x1,
diff --git a/include/services/oem/chromeos/widevine_smc_handlers.h b/include/services/oem/chromeos/widevine_smc_handlers.h
new file mode 100644
index 0000000..a5251d7
--- /dev/null
+++ b/include/services/oem/chromeos/widevine_smc_handlers.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2024, The ChromiumOS Authors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CROS_WIDEVINE_SMC_HANDLERS_H
+#define CROS_WIDEVINE_SMC_HANDLERS_H
+
+#include <lib/smccc.h>
+
+/*******************************************************************************
+ * Defines for CrOS OEM Service queries
+ ******************************************************************************/
+
+/* 0xC300C050 - 0xC300C05F are CrOS OEM service calls */
+#define CROS_OEM_SMC_ID 0xC050
+#define CROS_OEM_SMC_CALL_ID(func_num) \
+ ((SMC_TYPE_FAST << FUNCID_TYPE_SHIFT) | \
+ ((SMC_64) << FUNCID_CC_SHIFT) | (OEN_OEM_START << FUNCID_OEN_SHIFT) | \
+ (CROS_OEM_SMC_ID) | ((func_num) & FUNCID_NUM_MASK))
+
+enum cros_drm_set {
+ CROS_DRM_SET_TPM_AUTH_PUB = 0U,
+ CROS_DRM_SET_HARDWARE_UNIQUE_KEY = 1U,
+ CROS_DRM_SET_ROOT_OF_TRUST = 2U,
+};
+
+/*******************************************************************************
+ * Defines for runtime services func ids
+ ******************************************************************************/
+
+/* Sets the TPM auth public key. The maximum size is 128 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_TPM_AUTH_PUB_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_TPM_AUTH_PUB)
+
+/* Sets the hardware unique key. The maximum size is 32 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_HARDWARE_UNIQUE_KEY_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_HARDWARE_UNIQUE_KEY)
+
+/* Sets the widevine root of trust. The maximum size is 32 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_ROOT_OF_TRUST_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_ROOT_OF_TRUST)
+
+#define is_cros_oem_smc(_call_id) (((_call_id) & 0xFFF0U) == CROS_OEM_SMC_ID)
+
+struct cros_oem_data {
+ uint8_t *buffer;
+ const uint32_t max_length;
+ uint32_t length;
+};
+
+extern struct cros_oem_data cros_oem_tpm_auth_pk;
+
+extern struct cros_oem_data cros_oem_huk;
+
+extern struct cros_oem_data cros_oem_rot;
+
+#endif /* CROS_WIDEVINE_SMC_HANDLERS_H */
diff --git a/include/services/spmd_svc.h b/include/services/spmd_svc.h
index 29dfdad..95f0707 100644
--- a/include/services/spmd_svc.h
+++ b/include/services/spmd_svc.h
@@ -34,7 +34,8 @@
uint64_t x2,
uint64_t x3,
uint64_t x4,
- void *handle);
+ void *handle,
+ uint64_t flags);
#endif /* __ASSEMBLER__ */
#endif /* SPMD_SVC_H */
diff --git a/lib/cpus/aarch64/cortex_a715.S b/lib/cpus/aarch64/cortex_a715.S
index dd4c307..0faa276 100644
--- a/lib/cpus/aarch64/cortex_a715.S
+++ b/lib/cpus/aarch64/cortex_a715.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -26,6 +26,12 @@
wa_cve_2022_23960_bhb_vector_table CORTEX_A715_BHB_LOOP_COUNT, cortex_a715
#endif /* WORKAROUND_CVE_2022_23960 */
+workaround_runtime_start cortex_a715, ERRATUM(2561034), ERRATA_A715_2561034
+ sysreg_bit_set CORTEX_A715_CPUACTLR2_EL1, BIT(26)
+workaround_runtime_end cortex_a715, ERRATUM(2561034), NO_ISB
+
+check_erratum_range cortex_a715, ERRATUM(2561034), CPU_REV(1, 0), CPU_REV(1, 0)
+
workaround_reset_start cortex_a715, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
/*
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 31430ae..dcbeba1 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -903,6 +903,10 @@
# This erratum applies to revisions r0p0, r0p1. Fixed in r0p2.
CPU_FLAG_LIST += ERRATA_V2_2801372
+# Flag to apply erratum 2561034 workaround during reset. This erratum applies
+# only to revision r1p0. It is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_A715_2561034
+
# Flag to apply erratum 2701951 workaround for non-arm interconnect ip.
# This erratum applies to revisions r0p0, r1p0, and r1p1. Its is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_A715_2701951
diff --git a/lib/extensions/spe/spe.c b/lib/extensions/spe/spe.c
index 2c25a9d..d1fb182 100644
--- a/lib/extensions/spe/spe.c
+++ b/lib/extensions/spe/spe.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,14 @@
#include <lib/el3_runtime/pubsub.h>
#include <lib/extensions/spe.h>
+#include <plat/common/platform.h>
+
+typedef struct spe_ctx {
+ u_register_t pmblimitr_el1;
+} spe_ctx_t;
+
+static struct spe_ctx spe_ctxs[PLATFORM_CORE_COUNT];
+
static inline void psb_csync(void)
{
/*
@@ -89,4 +97,35 @@
return (void *)0;
}
+static void *spe_context_save(const void *arg)
+{
+ unsigned int core_pos;
+ struct spe_ctx *ctx;
+
+ if (is_feat_spe_supported()) {
+ core_pos = plat_my_core_pos();
+ ctx = &spe_ctxs[core_pos];
+ ctx->pmblimitr_el1 = read_pmblimitr_el1();
+ }
+
+ return NULL;
+}
+
+static void *spe_context_restore(const void *arg)
+{
+ unsigned int core_pos;
+ struct spe_ctx *ctx;
+
+ if (is_feat_spe_supported()) {
+ core_pos = plat_my_core_pos();
+ ctx = &spe_ctxs[core_pos];
+ write_pmblimitr_el1(ctx->pmblimitr_el1);
+ }
+
+ return NULL;
+}
+
SUBSCRIBE_TO_EVENT(cm_entering_secure_world, spe_drain_buffers_hook);
+
+SUBSCRIBE_TO_EVENT(psci_suspend_pwrdown_start, spe_context_save);
+SUBSCRIBE_TO_EVENT(psci_suspend_pwrdown_finish, spe_context_restore);
diff --git a/lib/libc/libc.mk b/lib/libc/libc.mk
index 633386c..03e1fb3 100644
--- a/lib/libc/libc.mk
+++ b/lib/libc/libc.mk
@@ -6,3 +6,6 @@
#
include lib/libc/libc_common.mk
+
+LIBC_SRCS += $(addprefix lib/libc/, \
+ memset.c)
diff --git a/lib/libc/libc_common.mk b/lib/libc/libc_common.mk
index fb8117f..4879818 100644
--- a/lib/libc/libc_common.mk
+++ b/lib/libc/libc_common.mk
@@ -14,7 +14,6 @@
memcpy_s.c \
memmove.c \
memrchr.c \
- memset.c \
printf.c \
putchar.c \
puts.c \
diff --git a/lib/psci/psci_common.c b/lib/psci/psci_common.c
index f9de432..41c7919 100644
--- a/lib/psci/psci_common.c
+++ b/lib/psci/psci_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,12 +8,14 @@
#include <string.h>
#include <arch.h>
+#include <arch_features.h>
#include <arch_helpers.h>
#include <common/bl_common.h>
#include <common/debug.h>
#include <context.h>
#include <drivers/delay_timer.h>
#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/extensions/spe.h>
#include <lib/utils.h>
#include <plat/common/platform.h>
@@ -1164,6 +1166,8 @@
******************************************************************************/
void psci_pwrdown_cpu(unsigned int power_level)
{
+ psci_do_manage_extensions();
+
#if HW_ASSISTED_COHERENCY
/*
* With hardware-assisted coherency, the CPU drivers only initiate the
@@ -1283,3 +1287,20 @@
return true;
}
+
+/*******************************************************************************
+ * This function performs architectural feature specific management.
+ * It ensures the architectural features are disabled during cpu
+ * power off/suspend operations.
+ ******************************************************************************/
+void psci_do_manage_extensions(void)
+{
+ /*
+ * On power down we need to disable statistical profiling extensions
+ * before exiting coherency.
+ */
+ if (is_feat_spe_supported()) {
+ spe_disable();
+ }
+
+}
diff --git a/make_helpers/arch_features.mk b/make_helpers/arch_features.mk
index bb4e224..a346dac 100644
--- a/make_helpers/arch_features.mk
+++ b/make_helpers/arch_features.mk
@@ -8,65 +8,129 @@
# and enables them based on the configured architecture version.
# This file follows the following format:
-# - Enable mandatory feature if applicable to an Arch Version.
+# - Enable mandatory feature if not updated, as applicable to an Arch Version.
# - By default disable any mandatory features if they have not been defined yet.
# - Disable or enable any optional feature this would be enabled/disabled if needed by platform.
#
################################################################################
-# Enable Mandatory features based on Arch versions.
+# Enable Mandatory features if not updated yet, based on Arch versions.
################################################################################
#
# Enable the features which are mandatory from ARCH version 8.1 and upwards.
ifeq "8.1" "$(word 1, $(sort 8.1 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_PAN := 1
-ENABLE_FEAT_VHE := 1
+armv8-1-a-feats := ENABLE_FEAT_PAN ENABLE_FEAT_VHE
+
+FEAT_LIST := ${armv8-1-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.2 and upwards.
ifeq "8.2" "$(word 1, $(sort 8.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_RAS := 1
+armv8-2-a-feats := ENABLE_FEAT_RAS
+# 8.1 Compliant
+armv8-2-a-feats += ${armv8-1-a-feats}
+
+FEAT_LIST := ${armv8-2-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 8.3 and upwards.
+ifeq "8.3" "$(word 1, $(sort 8.3 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.2 Compliant
+armv8-3-a-feats += ${armv8-2-a-feats}
+
+FEAT_LIST := ${armv8-3-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.4 and upwards.
ifeq "8.4" "$(word 1, $(sort 8.4 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_SEL2 := 1
-ENABLE_TRF_FOR_NS := 1
-ENABLE_FEAT_DIT := 1
+armv8-4-a-feats := ENABLE_FEAT_SEL2 ENABLE_TRF_FOR_NS ENABLE_FEAT_DIT
+# 8.3 Compliant
+armv8-4-a-feats += ${armv8-3-a-feats}
+
+FEAT_LIST := ${armv8-4-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.5 and upwards.
ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_RNG := 1
-ENABLE_FEAT_SB := 1
+armv8-5-a-feats := ENABLE_FEAT_RNG ENABLE_FEAT_SB
+# 8.4 Compliant
+armv8-5-a-feats += ${armv8-4-a-feats}
+FEAT_LIST := ${armv8-5-a-feats}
# Enable Memory tagging, Branch Target Identification for aarch64 only.
ifeq ($(ARCH), aarch64)
- mem_tag_arch_support := yes
+ mem_tag_arch_support ?= yes
endif #(ARCH=aarch64)
endif
# Enable the features which are mandatory from ARCH version 8.6 and upwards.
ifeq "8.6" "$(word 1, $(sort 8.6 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_ECV := 1
-ENABLE_FEAT_FGT := 1
+armv8-6-a-feats := ENABLE_FEAT_ECV ENABLE_FEAT_FGT
+# 8.5 Compliant
+armv8-6-a-feats += ${armv8-5-a-feats}
+FEAT_LIST := ${armv8-6-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.7 and upwards.
ifeq "8.7" "$(word 1, $(sort 8.7 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_HCX := 1
+armv8-7-a-feats := ENABLE_FEAT_HCX
+# 8.6 Compliant
+armv8-7-a-feats += ${armv8-6-a-feats}
+FEAT_LIST := ${armv8-7-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 8.8 and upwards.
+ifeq "8.8" "$(word 1, $(sort 8.8 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.7 Compliant
+armv8-7-a-feats += ${armv8-7-a-feats}
+FEAT_LIST := ${armv8-8-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.9 and upwards.
ifeq "8.9" "$(word 1, $(sort 8.9 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_TCR2 := 1
+armv8-9-a-feats := ENABLE_FEAT_TCR2
+# 8.8 Compliant
+armv8-9-a-feats += ${armv8-8-a-feats}
+FEAT_LIST := ${armv8-9-a-feats}
endif
+# Enable the features which are mandatory from ARCH version 9.0 and upwards.
+ifeq "9.0" "$(word 1, $(sort 9.0 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.5 Compliant
+armv9-0-a-feats += ${armv8-5-a-feats}
+FEAT_LIST := ${armv9-0-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 9.1 and upwards.
+ifeq "9.1" "$(word 1, $(sort 9.1 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.6 and 9.0 Compliant
+armv9-1-a-feats += ${armv8-6-a-feats} ${armv9-0-a-feats}
+FEAT_LIST := ${armv9-1-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 9.2 and upwards.
+ifeq "9.2" "$(word 1, $(sort 9.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.7 and 9.1 Compliant
+armv9-2-a-feats += ${armv8-7-a-feats} ${armv9-1-a-feats}
+FEAT_LIST := ${armv9-2-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 9.3 and upwards.
+ifeq "9.3" "$(word 1, $(sort 9.3 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.8 and 9.2 Compliant
+armv9-3-a-feats += ${armv8-8-a-feats} ${armv9-2-a-feats}
+FEAT_LIST := ${armv9-3-a-feats}
+endif
+
+# Set all FEAT_* in FEAT_LIST to '1' if they are not yet defined or set
+# from build commandline options or platform makefile.
+$(eval $(call default_ones, ${sort ${FEAT_LIST}}))
+
#
################################################################################
-# Set mandatory features by default to zero.
+# Set mandatory features by default to zero, if they are not already updated.
################################################################################
#
@@ -298,9 +362,6 @@
# 9.0
#----
-# Flag to enable Realm Management Extension (FEAT_RME).
-ENABLE_RME ?= 0
-
# Scalable Matrix Extension for non-secure world.
ENABLE_SME_FOR_NS ?= 0
@@ -326,6 +387,9 @@
# 9.2
#----
+# Flag to enable Realm Management Extension (FEAT_RME).
+ENABLE_RME ?= 0
+
# Scalable Matrix Extension version 2 for non-secure world.
ENABLE_SME2_FOR_NS ?= 0
diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk
index 2d2f141..6edc2d6 100644
--- a/make_helpers/build_macros.mk
+++ b/make_helpers/build_macros.mk
@@ -50,6 +50,18 @@
$(foreach var,$1,$(eval $(call default_zero,$(var))))
endef
+# Convenience function for setting a variable to 1 if not previously set
+# $(eval $(call default_one,FOO))
+define default_one
+ $(eval $(1) ?= 1)
+endef
+
+# Convenience function for setting a list of variables to 1 if not previously set
+# $(eval $(call default_ones,FOO BAR))
+define default_ones
+ $(foreach var,$1,$(eval $(call default_one,$(var))))
+endef
+
# Convenience function for adding build definitions
# $(eval $(call add_define,FOO)) will have:
# -DFOO if $(FOO) is empty; -DFOO=$(FOO) otherwise
diff --git a/make_helpers/march.mk b/make_helpers/march.mk
index 2417709..1b73969 100644
--- a/make_helpers/march.mk
+++ b/make_helpers/march.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023, Arm Limited. All rights reserved.
+# Copyright (c) 2023-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -82,4 +82,13 @@
march-directive := -march=${provided-march}
+# Set the compiler's architecture feature modifiers
+ifneq ($(arch-features), none)
+ # Strip "none+" from arch-features
+ arch-features := $(subst none+,,$(arch-features))
+ march-directive := $(march-directive)+$(arch-features)
+# Print features
+ $(info Arm Architecture Features specified: $(subst +, ,$(arch-features)))
+endif #(arch-features)
+
endif # MARCH_DIRECTIVE
diff --git a/plat/arm/board/arm_fpga/fpga_def.h b/plat/arm/board/arm_fpga/fpga_def.h
index 2884ea6..5e3a0a9 100644
--- a/plat/arm/board/arm_fpga/fpga_def.h
+++ b/plat/arm/board/arm_fpga/fpga_def.h
@@ -21,7 +21,7 @@
#define FPGA_MAX_CLUSTER_COUNT 4
#define FPGA_MAX_CPUS_PER_CLUSTER 8
-#define FPGA_MAX_PE_PER_CPU 4
+#define FPGA_MAX_PE_PER_CPU 2
#define FPGA_PRIMARY_CPU 0x0
/*******************************************************************************
diff --git a/plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c b/plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c
new file mode 100644
index 0000000..5324fec
--- /dev/null
+++ b/plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <inttypes.h>
+#include <stdint.h>
+
+#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/extensions/ras.h>
+
+#include <plat/common/platform.h>
+#include <services/el3_spmd_logical_sp.h>
+#include <services/ffa_svc.h>
+#include <services/sdei.h>
+
+
+#define CACTUS_SP_RAS_DELEGATE_CMD 0x72617365
+#define EVENT_NOTIFY_OS_RAS_ERROR U(5000)
+
+/*
+ * Note: Typical RAS error handling flow with Firmware First Handling
+ *
+ * Step 1: Exception resulting from a RAS error in the normal world is routed to
+ * EL3.
+ * Step 2: This exception is typically signaled as either a synchronous external
+ * abort or SError or interrupt. TF-A (EL3 firmware) delegates the
+ * control to platform specific handler built on top of the RAS helper
+ * utilities.
+ * Step 3: With the help of a Logical Secure Partition, TF-A sends a direct
+ * message to dedicated S-EL0 (or S-EL1) RAS Partition managed by SPMC.
+ * TF-A also populates a shared buffer with a data structure containing
+ * enough information (such as system registers) to identify and triage
+ * the RAS error.
+ * Step 4: RAS SP generates the Common Platform Error Record (CPER) and shares
+ * it with normal world firmware and/or OS kernel through a reserved
+ * buffer memory.
+ * Step 5: RAS SP responds to the direct message with information necessary for
+ * TF-A to notify the OS kernel.
+ * Step 6: Consequently, TF-A dispatches an SDEI event to notify the OS kernel
+ * about the CPER records for further logging.
+ */
+
+static int injected_fault_handler(const struct err_record_info *info,
+ int probe_data, const struct err_handler_data *const data)
+{
+ /*
+ * At the moment, an FF-A compatible SP that supports RAS firmware is
+ * not available. Hence the sequence below does not exactly follow the
+ * steps outlined above. Therefore, some steps are essentially spoofed.
+ * The handling of RAS error is completely done in EL3 firmware.
+ */
+ uint64_t status, cactus_cmd_ret;
+ int ret, event_num;
+ cpu_context_t *ns_cpu_context;
+
+ /* Get a reference to the non-secure context */
+ ns_cpu_context = cm_get_context(NON_SECURE);
+ assert(ns_cpu_context != NULL);
+
+ /*
+ * The faulting error record is already selected by the SER probe
+ * function.
+ */
+ status = read_erxstatus_el1();
+
+ ERROR("Fault reported by system error record %d on 0x%lx: status=0x%" PRIx64 "\n",
+ probe_data, read_mpidr_el1(), status);
+ ERROR(" exception reason=%u syndrome=0x%" PRIx64 "\n", data->ea_reason,
+ data->flags);
+
+ /* Clear error */
+ write_erxstatus_el1(status);
+
+ /*
+ * Initiate an EL3 direct message from LSP to Cactus RAS Secure
+ * Partition (ID 8001). Currently, the payload is being spoofed.
+ * The direct message response contains the SDEI event ID for the
+ * associated RAS error.
+ */
+ (void)plat_spmd_logical_sp_smc_handler(0, 0, 0, CACTUS_SP_RAS_DELEGATE_CMD,
+ EVENT_NOTIFY_OS_RAS_ERROR,
+ NULL, ns_cpu_context, 0);
+
+ cactus_cmd_ret = read_ctx_reg(get_gpregs_ctx(ns_cpu_context), CTX_GPREG_X3);
+ event_num = (int)read_ctx_reg(get_gpregs_ctx(ns_cpu_context), CTX_GPREG_X4);
+
+ if (cactus_cmd_ret != 0) {
+ ERROR("RAS error could not be handled by SP: %lx\n", cactus_cmd_ret);
+ panic();
+ }
+
+ if (event_num != EVENT_NOTIFY_OS_RAS_ERROR) {
+ ERROR("Unexpected event id sent by RAS SP: %d\n", event_num);
+ panic();
+ }
+
+ /* Dispatch the event to the SDEI client */
+ ret = sdei_dispatch_event(event_num);
+ if (ret < 0) {
+ ERROR("Can't dispatch event to SDEI\n");
+ panic();
+ } else {
+ INFO("SDEI event dispatched\n");
+ }
+
+ return 0;
+}
+
+struct ras_interrupt fvp_ras_interrupts[] = {
+};
+
+struct err_record_info fvp_err_records[] = {
+ /* Record for injected fault */
+ ERR_RECORD_SYSREG_V1(0, 2, ras_err_ser_probe_sysreg,
+ injected_fault_handler, NULL),
+};
+
+REGISTER_ERR_RECORD_INFO(fvp_err_records);
+REGISTER_RAS_INTERRUPTS(fvp_ras_interrupts);
diff --git a/plat/arm/board/fvp/fvp_bl1_measured_boot.c b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
index dc95ba1..477ae27 100644
--- a/plat/arm/board/fvp/fvp_bl1_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
@@ -7,7 +7,6 @@
#include <stdint.h>
#include <drivers/measured_boot/event_log/event_log.h>
-#include <drivers/measured_boot/rss/rss_measured_boot.h>
#include <plat/arm/common/plat_arm.h>
#include <tools_share/zero_oid.h>
@@ -23,42 +22,10 @@
{ EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
-/* FVP table with platform specific image IDs and metadata. Intentionally not a
- * const struct, some members might set by bootloaders during trusted boot.
- */
-struct rss_mboot_metadata fvp_rss_mboot_metadata[] = {
- {
- .id = FW_CONFIG_ID,
- .slot = U(6),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_FW_CONFIG_STRING,
- .pk_oid = ZERO_OID,
- .lock_measurement = true },
- {
- .id = TB_FW_CONFIG_ID,
- .slot = U(7),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_TB_FW_CONFIG_STRING,
- .pk_oid = ZERO_OID,
- .lock_measurement = true },
- {
- .id = BL2_IMAGE_ID,
- .slot = U(8),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_BL2_STRING,
- .pk_oid = ZERO_OID,
- .lock_measurement = true },
-
- {
- .id = RSS_MBOOT_INVALID_ID }
-};
-
void bl1_plat_mboot_init(void)
{
event_log_init(event_log, event_log + sizeof(event_log));
event_log_write_header();
-
- rss_measured_boot_init(fvp_rss_mboot_metadata);
}
void bl1_plat_mboot_finish(void)
diff --git a/plat/arm/board/fvp/fvp_bl2_measured_boot.c b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
index 349e064..369bcb4 100644
--- a/plat/arm/board/fvp/fvp_bl2_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
@@ -8,7 +8,6 @@
#include <common/tbbr/tbbr_img_def.h>
#include <drivers/measured_boot/event_log/event_log.h>
-#include <drivers/measured_boot/rss/rss_measured_boot.h>
#if defined(ARM_COT_cca)
#include <tools_share/cca_oid.h>
#else
@@ -57,44 +56,6 @@
{ EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
-/* FVP table with platform specific image IDs and metadata. Intentionally not a
- * const struct, some members might set by bootloaders during trusted boot.
- */
-struct rss_mboot_metadata fvp_rss_mboot_metadata[] = {
- {
- .id = BL31_IMAGE_ID,
- .slot = U(9),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_BL31_STRING,
- .pk_oid = BL31_IMAGE_KEY_OID,
- .lock_measurement = true },
- {
- .id = HW_CONFIG_ID,
- .slot = U(10),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_HW_CONFIG_STRING,
- .pk_oid = HW_CONFIG_KEY_OID,
- .lock_measurement = true },
- {
- .id = SOC_FW_CONFIG_ID,
- .slot = U(11),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_SOC_FW_CONFIG_STRING,
- .pk_oid = SOC_FW_CONFIG_KEY_OID,
- .lock_measurement = true },
-#if ENABLE_RME
- {
- .id = RMM_IMAGE_ID,
- .slot = U(12),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_RMM_STRING,
- .pk_oid = RMM_IMAGE_KEY_OID,
- .lock_measurement = true },
-#endif /* ENABLE_RME */
- {
- .id = RSS_MBOOT_INVALID_ID }
-};
-
void bl2_plat_mboot_init(void)
{
uint8_t *event_log_start;
@@ -126,8 +87,6 @@
event_log_max_size);
event_log_init((uint8_t *)event_log_start, event_log_finish);
-
- rss_measured_boot_init(fvp_rss_mboot_metadata);
}
int plat_mboot_measure_critical_data(unsigned int critical_data_id,
diff --git a/plat/arm/board/fvp/fvp_pm.c b/plat/arm/board/fvp/fvp_pm.c
index 51dda9e..b3d503e 100644
--- a/plat/arm/board/fvp/fvp_pm.c
+++ b/plat/arm/board/fvp/fvp_pm.c
@@ -1,17 +1,15 @@
/*
- * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
-#include <arch_features.h>
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/arm/gicv3.h>
#include <drivers/arm/fvp/fvp_pwrc.h>
-#include <lib/extensions/spe.h>
#include <lib/mmio.h>
#include <lib/psci/psci.h>
#include <plat/arm/common/arm_config.h>
@@ -54,14 +52,6 @@
{
uint64_t mpidr = read_mpidr_el1();
- /*
- * On power down we need to disable statistical profiling extensions
- * before exiting coherency.
- */
- if (is_feat_spe_supported()) {
- spe_disable();
- }
-
/* Disable coherency if this cluster is to be turned off */
fvp_interconnect_disable();
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index aad0417..193052d 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -416,7 +416,7 @@
#define PLAT_SDEI_DP_EVENT_MAX_CNT ARM_SDEI_DP_EVENT_MAX_CNT
#define PLAT_SDEI_DS_EVENT_MAX_CNT ARM_SDEI_DS_EVENT_MAX_CNT
#else
- #if PLATFORM_TEST_RAS_FFH
+ #if PLATFORM_TEST_RAS_FFH || PLATFORM_TEST_FFH_LSP_RAS_SP
#define PLAT_ARM_PRIVATE_SDEI_EVENTS \
ARM_SDEI_PRIVATE_EVENTS, \
SDEI_EXPLICIT_EVENT(5000, SDEI_MAPF_NORMAL), \
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index eef06d4..35086e4 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -57,7 +57,6 @@
ENABLE_FEAT_TWED := 2
ENABLE_FEAT_GCS := 2
ifeq (${ARCH}, aarch64)
-ifneq (${SPD}, spmd)
ifeq (${SPM_MM}, 0)
ifeq (${CTX_INCLUDE_FPREGS}, 0)
ENABLE_SME_FOR_NS := 2
@@ -66,7 +65,6 @@
endif
endif
endif
-endif
# enable unconditionally for all builds
ifeq (${ARCH}, aarch64)
@@ -399,11 +397,15 @@
endif
ifeq (${HANDLE_EA_EL3_FIRST_NS},1)
-ifeq (${ENABLE_FEAT_RAS},1)
-BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ras.c
-else
-BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ea.c
-endif
+ ifeq (${ENABLE_FEAT_RAS},1)
+ ifeq (${PLATFORM_TEST_FFH_LSP_RAS_SP},1)
+ BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c
+ else
+ BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ras.c
+ endif
+ else
+ BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ea.c
+ endif
endif
ifneq (${ENABLE_STACK_PROTECTOR},0)
@@ -441,22 +443,6 @@
override BL1_SOURCES =
endif
-# Include Measured Boot makefile before any Crypto library makefile.
-# Crypto library makefile may need default definitions of Measured Boot build
-# flags present in Measured Boot makefile.
-ifeq (${MEASURED_BOOT},1)
- RSS_MEASURED_BOOT_MK := drivers/measured_boot/rss/rss_measured_boot.mk
- $(info Including ${RSS_MEASURED_BOOT_MK})
- include ${RSS_MEASURED_BOOT_MK}
-
- ifneq (${MBOOT_RSS_HASH_ALG}, sha256)
- $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
- endif
-
- BL1_SOURCES += ${MEASURED_BOOT_SOURCES}
- BL2_SOURCES += ${MEASURED_BOOT_SOURCES}
-endif
-
include plat/arm/board/common/board_common.mk
include plat/arm/common/arm_common.mk
@@ -518,6 +504,22 @@
endif
endif
+$(eval $(call add_define,PLATFORM_TEST_FFH_LSP_RAS_SP))
+ifeq (${PLATFORM_TEST_FFH_LSP_RAS_SP}, 1)
+ ifeq (${PLATFORM_TEST_RAS_FFH}, 1)
+ $(error "PLATFORM_TEST_RAS_FFH is incompatible with PLATFORM_TEST_FFH_LSP_RAS_SP")
+ endif
+ ifeq (${ENABLE_SPMD_LP}, 0)
+ $(error "PLATFORM_TEST_FFH_LSP_RAS_SP expects ENABLE_SPMD_LP to be 1")
+ endif
+ ifeq (${ENABLE_FEAT_RAS}, 0)
+ $(error "PLATFORM_TEST_FFH_LSP_RAS_SP expects ENABLE_FEAT_RAS to be 1")
+ endif
+ ifeq (${HANDLE_EA_EL3_FIRST_NS}, 0)
+ $(error "PLATFORM_TEST_FFH_LSP_RAS_SP expects HANDLE_EA_EL3_FIRST_NS to be 1")
+ endif
+endif
+
ifeq (${ERRATA_ABI_SUPPORT}, 1)
include plat/arm/board/fvp/fvp_cpu_errata.mk
endif
diff --git a/plat/arm/common/plat_arm_sip_svc.c b/plat/arm/common/plat_arm_sip_svc.c
index b1dab16..d496d2e 100644
--- a/plat/arm/common/plat_arm_sip_svc.c
+++ b/plat/arm/common/plat_arm_sip_svc.c
@@ -1,10 +1,11 @@
/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stdint.h>
+#include <errno.h>
#include <common/debug.h>
#include <common/runtime_svc.h>
@@ -12,10 +13,73 @@
#include <plat/arm/common/arm_sip_svc.h>
#include <plat/common/platform.h>
+#if ENABLE_RME && SPMD_SPM_AT_SEL2
+#include <lib/gpt_rme/gpt_rme.h>
+#endif
+
#if ENABLE_SPMD_LP
#include <services/el3_spmd_logical_sp.h>
#endif
+#if (ENABLE_RME == 1) && (defined(SPD_spmd) && SPMD_SPM_AT_SEL2 == 1)
+static uint64_t plat_protect_memory(bool protect,
+ bool secure_origin,
+ const uint64_t base,
+ const size_t size,
+ void *handle)
+{
+ uint64_t ret = SMC_INVALID_PARAM;
+ uint64_t last_updated = 0;
+
+ if (!secure_origin) {
+ SMC_RET1(handle, SMC_UNK);
+ /* Shall not be reached. */
+ }
+
+ if ((base % PAGE_SIZE_4KB) != 0U &&
+ (size % PAGE_SIZE_4KB) != 0U) {
+ VERBOSE("Base address must be aligned to 4k.\n");
+ SMC_RET1(handle, SMC_INVALID_PARAM);
+ /* Shall not be reached. */
+ }
+
+ if ((ULONG_MAX - base) < size) {
+ VERBOSE("Base + Size results in overflow.\n");
+ SMC_RET1(handle, SMC_INVALID_PARAM);
+ /* Shall not be reached. */
+ }
+
+ for (uint64_t it = base; it < (base + size); it += PAGE_SIZE_4KB) {
+ /*
+ * If protect is true, add memory to secure PAS.
+ * Else unprotect it, making part of non-secure PAS.
+ */
+ ret = protect
+ ? gpt_delegate_pas(it, PAGE_SIZE_4KB,
+ SMC_FROM_SECURE)
+ : gpt_undelegate_pas(it, PAGE_SIZE_4KB,
+ SMC_FROM_SECURE);
+
+ switch (ret) {
+ case 0:
+ last_updated = it;
+ break;
+ case -EINVAL:
+ SMC_RET2(handle, SMC_INVALID_PARAM, last_updated);
+ break; /* Shall not be reached. */
+ case -EPERM:
+ SMC_RET2(handle, SMC_DENIED, last_updated);
+ break; /* Shall not be reached. */
+ default:
+ ERROR("Unexpected return\n");
+ panic();
+ }
+ }
+
+ SMC_RET1(handle, SMC_OK);
+}
+#endif /* ENABLE_RME && SPMD_SPM_AT_SEL2 */
+
uintptr_t plat_arm_sip_handler(uint32_t smc_fid,
u_register_t x1,
u_register_t x2,
@@ -25,13 +89,14 @@
void *handle,
u_register_t flags)
{
-#if PLAT_TEST_SPM
bool secure_origin;
/* Determine which security state this SMC originated from */
secure_origin = is_caller_secure(flags);
+ (void) secure_origin;
switch (smc_fid) {
+#if PLAT_TEST_SPM
case ARM_SIP_SET_INTERRUPT_PENDING:
if (!secure_origin) {
SMC_RET1(handle, SMC_UNK);
@@ -42,11 +107,20 @@
SMC_RET1(handle, SMC_OK);
break; /* Not reached */
- default:
- break;
- }
#endif
+#if (ENABLE_RME == 1) && (defined(SPD_spmd) && SPMD_SPM_AT_SEL2 == 1)
+ case PLAT_PROTECT_MEM_SMC64:
+ INFO("Sip Call - Protect memory\n");
+ return plat_protect_memory(true, secure_origin, x1, x2, handle);
+ break;
+ case PLAT_UNPROTECT_MEM_SMC64:
+ INFO("Sip Call - Unprotect memory\n");
+ return plat_protect_memory(false, secure_origin, x1, x2, handle);
+ break;
+#endif
+ }
+
#if ENABLE_SPMD_LP
return plat_spmd_logical_sp_smc_handler(smc_fid, x1, x2, x3, x4,
cookie, handle, flags);
diff --git a/plat/arm/css/sgi/sgi-common.mk b/plat/arm/css/sgi/sgi-common.mk
index 2cd7034..efa3cc6 100644
--- a/plat/arm/css/sgi/sgi-common.mk
+++ b/plat/arm/css/sgi/sgi-common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -50,7 +50,8 @@
BL31_SOURCES += ${INTERCONNECT_SOURCES} \
${ENT_GIC_SOURCES} \
${CSS_ENT_BASE}/sgi_bl31_setup.c \
- ${CSS_ENT_BASE}/sgi_topology.c
+ ${CSS_ENT_BASE}/sgi_topology.c \
+ drivers/delay_timer/generic_delay_timer.c
ifneq (${RESET_TO_BL31},0)
$(error "Using BL31 as the reset vector is not supported on ${PLAT} platform. \
diff --git a/plat/arm/css/sgi/sgi_bl31_setup.c b/plat/arm/css/sgi/sgi_bl31_setup.c
index 7aa7b34..ac1ea48 100644
--- a/plat/arm/css/sgi/sgi_bl31_setup.c
+++ b/plat/arm/css/sgi/sgi_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,7 @@
#include <common/debug.h>
#include <drivers/arm/css/css_mhu_doorbell.h>
#include <drivers/arm/css/scmi.h>
+#include <drivers/generic_delay_timer.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
@@ -104,6 +105,8 @@
void sgi_bl31_common_platform_setup(void)
{
+ generic_delay_timer_init();
+
arm_bl31_platform_setup();
/* Configure the warm reboot SGI for primary core */
diff --git a/plat/st/common/include/stm32mp_common.h b/plat/st/common/include/stm32mp_common.h
index 66b9310..0ff6092 100644
--- a/plat/st/common/include/stm32mp_common.h
+++ b/plat/st/common/include/stm32mp_common.h
@@ -20,6 +20,12 @@
/* FWU configuration (max supported value is 15) */
#define FWU_MAX_TRIAL_REBOOT U(3)
+/* Define maximum page size for NAND devices */
+#define PLATFORM_MTD_MAX_PAGE_SIZE U(0x1000)
+
+/* Needed by STM32CubeProgrammer support */
+#define DWL_BUFFER_SIZE U(0x01000000)
+
/* Functions to save and get boot context address given by ROM code */
void stm32mp_save_boot_ctx_address(uintptr_t address);
uintptr_t stm32mp_get_boot_ctx_address(void);
diff --git a/plat/st/stm32mp1/include/platform_def.h b/plat/st/stm32mp1/include/platform_def.h
index 75c8219..7e6d91f 100644
--- a/plat/st/stm32mp1/include/platform_def.h
+++ b/plat/st/stm32mp1/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -77,20 +77,6 @@
******************************************************************************/
#define BL33_BASE STM32MP_BL33_BASE
-/*
- * Load address of BL33 for this platform port
- */
-#define PLAT_STM32MP_NS_IMAGE_OFFSET BL33_BASE
-
-/* Needed by STM32CubeProgrammer support */
-#define DWL_BUFFER_SIZE U(0x01000000)
-
-/*
- * SSBL offset in case it's stored in eMMC boot partition.
- * We can fix it to 256K because TF-A size can't be bigger than SRAM
- */
-#define PLAT_EMMC_BOOT_SSBL_OFFSET U(0x40000)
-
/*******************************************************************************
* DTB specific defines.
******************************************************************************/
diff --git a/plat/st/stm32mp1/stm32mp1_def.h b/plat/st/stm32mp1/stm32mp1_def.h
index 8fc8c89..0d401f9 100644
--- a/plat/st/stm32mp1/stm32mp1_def.h
+++ b/plat/st/stm32mp1/stm32mp1_def.h
@@ -186,9 +186,6 @@
#endif
#define STM32MP_BL33_MAX_SIZE U(0x400000)
-/* Define maximum page size for NAND devices */
-#define PLATFORM_MTD_MAX_PAGE_SIZE U(0x1000)
-
/* Define location for the MTD scratch buffer */
#if STM32MP13
#define STM32MP_MTD_BUFFER (SRAM1_BASE + \
diff --git a/plat/st/stm32mp2/platform.mk b/plat/st/stm32mp2/platform.mk
index 0519b16..bf2952d 100644
--- a/plat/st/stm32mp2/platform.mk
+++ b/plat/st/stm32mp2/platform.mk
@@ -26,6 +26,9 @@
# such as metadata (2) and fsbl-m (2) to find all the FIP partitions (default is 2).
PLAT_PARTITION_MAX_ENTRIES := $(shell echo $$(($(STM32_TF_A_COPIES) + 6)))
+# Set load address for serial boot devices
+DWL_BUFFER_BASE ?= 0x87000000
+
# Device tree
BL2_DTSI := stm32mp25-bl2.dtsi
FDT_SOURCES := $(addprefix ${BUILD_PLAT}/fdts/, $(patsubst %.dtb,%-bl2.dts,$(DTB_FILE_NAME)))
@@ -35,6 +38,11 @@
STM32_LD_FILE := plat/st/stm32mp2/${ARCH}/stm32mp2.ld.S
STM32_BINARY_MAPPING := plat/st/stm32mp2/${ARCH}/stm32mp2.S
+$(eval $(call add_defines,\
+ $(sort \
+ DWL_BUFFER_BASE \
+)))
+
# STM32MP2x is based on Cortex-A35, which is Armv8.0, and does not support BTI
# Disable mbranch-protection to avoid adding useless code
TF_CFLAGS += -mbranch-protection=none
@@ -51,4 +59,8 @@
BL2_SOURCES += plat/st/stm32mp2/plat_bl2_mem_params_desc.c
BL2_SOURCES += plat/st/stm32mp2/bl2_plat_setup.c
+ifeq (${STM32MP_USB_PROGRAMMER},1)
+BL2_SOURCES += plat/st/stm32mp2/stm32mp2_usb_dfu.c
+endif
+
include plat/st/common/common_rules.mk
diff --git a/plat/st/stm32mp2/stm32mp2_usb_dfu.c b/plat/st/stm32mp2/stm32mp2_usb_dfu.c
new file mode 100644
index 0000000..e967964
--- /dev/null
+++ b/plat/st/stm32mp2/stm32mp2_usb_dfu.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2024, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+
+#include <drivers/usb_device.h>
+
+#include <usb_dfu.h>
+
+struct usb_handle *usb_dfu_plat_init(void)
+{
+ return NULL;
+}
+
+uint8_t usb_dfu_get_phase(uint8_t alt)
+{
+ return 0;
+}
diff --git a/readme.rst b/readme.rst
index 148d477..171b32b 100644
--- a/readme.rst
+++ b/readme.rst
@@ -39,7 +39,7 @@
.. _Secure Monitor: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php
.. _Power State Coordination Interface (PSCI): PSCI_
.. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf
-.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest
.. _SMC Calling Convention: http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf
.. _System Control and Management Interface (SCMI): SCMI_
.. _SCMI: http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
diff --git a/services/oem/chromeos/widevine_smc_handlers.c b/services/oem/chromeos/widevine_smc_handlers.c
new file mode 100644
index 0000000..83c6ccc
--- /dev/null
+++ b/services/oem/chromeos/widevine_smc_handlers.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2024, The ChromiumOS Authors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <common/debug.h>
+#include <common/runtime_svc.h>
+#include <lib/psci/psci.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
+#include <services/oem/chromeos/widevine_smc_handlers.h>
+#include <tools_share/uuid.h>
+
+#define CROS_OEM_TPM_AUTH_PK_MAX_LEN 128
+#define CROS_OEM_HUK_LEN 32
+#define CROS_OEM_ROT_LEN 32
+
+static uint8_t cros_oem_tpm_auth_pk_buffer[CROS_OEM_TPM_AUTH_PK_MAX_LEN];
+static uint8_t cros_oem_huk_buffer[CROS_OEM_HUK_LEN];
+static uint8_t cros_oem_rot_len_buffer[CROS_OEM_ROT_LEN];
+
+struct cros_oem_data cros_oem_tpm_auth_pk = {
+ .buffer = cros_oem_tpm_auth_pk_buffer,
+ .max_length = sizeof(cros_oem_tpm_auth_pk_buffer),
+};
+
+struct cros_oem_data cros_oem_huk = {
+ .buffer = cros_oem_huk_buffer,
+ .max_length = sizeof(cros_oem_huk_buffer),
+};
+
+struct cros_oem_data cros_oem_rot = {
+ .buffer = cros_oem_rot_len_buffer,
+ .max_length = sizeof(cros_oem_rot_len_buffer),
+};
+
+static uintptr_t cros_write_data(struct cros_oem_data *data,
+ u_register_t length, u_register_t address,
+ void *handle)
+{
+ uintptr_t aligned_address;
+ uintptr_t aligned_size;
+ int32_t rc;
+
+ if (data->length) {
+ SMC_RET1(handle, PSCI_E_ALREADY_ON);
+ }
+
+ if (length > data->max_length) {
+ SMC_RET1(handle, PSCI_E_INVALID_PARAMS);
+ }
+
+ aligned_address = page_align(address, DOWN);
+ aligned_size = page_align(length + (address - aligned_address), UP);
+
+ /*
+ * We do not validate the passed in address because we are trusting the
+ * non-secure world at this point still.
+ */
+ rc = mmap_add_dynamic_region(aligned_address, aligned_address,
+ aligned_size, MT_MEMORY | MT_RO | MT_NS);
+ if (rc != 0) {
+ SMC_RET1(handle, PSCI_E_INVALID_ADDRESS);
+ }
+
+ memcpy(data->buffer, (void *)address, length);
+ data->length = length;
+
+ mmap_remove_dynamic_region(aligned_address, aligned_size);
+ SMC_RET1(handle, SMC_OK);
+}
+
+/* Handler for servicing specific SMC calls. */
+static uintptr_t cros_oem_svc_smc_handler(uint32_t smc_fid, u_register_t x1,
+ u_register_t x2, u_register_t x3,
+ u_register_t x4, void *cookie,
+ void *handle, u_register_t flags)
+{
+ switch (smc_fid) {
+ case CROS_OEM_SMC_DRM_SET_TPM_AUTH_PUB_FUNC_ID:
+ return cros_write_data(&cros_oem_tpm_auth_pk, x1, x2, handle);
+ case CROS_OEM_SMC_DRM_SET_HARDWARE_UNIQUE_KEY_FUNC_ID:
+ return cros_write_data(&cros_oem_huk, x1, x2, handle);
+ case CROS_OEM_SMC_DRM_SET_ROOT_OF_TRUST_FUNC_ID:
+ return cros_write_data(&cros_oem_rot, x1, x2, handle);
+ default:
+ WARN("Unimplemented OEM Call: 0x%x\n", smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+ }
+}
+
+/* Register OEM Service Calls as runtime service */
+DECLARE_RT_SVC(cros_oem_svc_smc_handler, OEN_OEM_START, OEN_OEM_END,
+ SMC_TYPE_FAST, NULL, cros_oem_svc_smc_handler);
diff --git a/services/spd/opteed/opteed.mk b/services/spd/opteed/opteed.mk
index f394744..289b3e7 100644
--- a/services/spd/opteed/opteed.mk
+++ b/services/spd/opteed/opteed.mk
@@ -33,3 +33,11 @@
$(eval $(call add_define,OPTEE_ALLOW_SMC_LOAD))
include lib/libfdt/libfdt.mk
endif
+
+CROS_WIDEVINE_SMC := 0
+ifeq ($(CROS_WIDEVINE_SMC),1)
+ifeq ($(OPTEE_ALLOW_SMC_LOAD),0)
+$(error When CROS_WIDEVINE_SMC=1, OPTEE_ALLOW_SMC_LOAD must also be 1)
+endif
+$(eval $(call add_define,CROS_WIDEVINE_SMC))
+endif
diff --git a/services/spd/opteed/opteed_main.c b/services/spd/opteed/opteed_main.c
index ab9896e..83b001a 100644
--- a/services/spd/opteed/opteed_main.c
+++ b/services/spd/opteed/opteed_main.c
@@ -33,6 +33,7 @@
#include <libfdt.h>
#endif /* OPTEE_ALLOW_SMC_LOAD */
#include <plat/common/platform.h>
+#include <services/oem/chromeos/widevine_smc_handlers.h>
#include <tools_share/uuid.h>
#include "opteed_private.h"
@@ -61,7 +62,7 @@
0xb1eafba3, 0x5d31, 0x4612, 0xb9, 0x06,
0xc4, 0xc7, 0xa4, 0xbe, 0x3c, 0xc0);
-#define OPTEED_FDT_SIZE 256
+#define OPTEED_FDT_SIZE 1024
static uint8_t fdt_buf[OPTEED_FDT_SIZE] __aligned(CACHE_WRITEBACK_GRANULE);
#else
@@ -299,6 +300,62 @@
}
#endif /* COREBOOT */
+#if CROS_WIDEVINE_SMC
+/*
+ * Adds a options/widevine node with the widevine table information to a device
+ * tree. Returns zero on success or if there is no widevine table information;
+ * failure code otherwise.
+ */
+static int add_options_widevine_node(void *fdt)
+{
+ int ret;
+
+ ret = fdt_begin_node(fdt, "options");
+ if (ret)
+ return ret;
+
+ ret = fdt_begin_node(fdt, "op-tee");
+ if (ret)
+ return ret;
+
+ ret = fdt_begin_node(fdt, "widevine");
+ if (ret)
+ return ret;
+
+ if (cros_oem_tpm_auth_pk.length) {
+ ret = fdt_property(fdt, "tcg,tpm-auth-public-key",
+ cros_oem_tpm_auth_pk.buffer,
+ cros_oem_tpm_auth_pk.length);
+ if (ret)
+ return ret;
+ }
+
+ if (cros_oem_huk.length) {
+ ret = fdt_property(fdt, "op-tee,hardware-unique-key",
+ cros_oem_huk.buffer, cros_oem_huk.length);
+ if (ret)
+ return ret;
+ }
+
+ if (cros_oem_rot.length) {
+ ret = fdt_property(fdt, "google,widevine-root-of-trust-ecc-p256",
+ cros_oem_rot.buffer, cros_oem_rot.length);
+ if (ret)
+ return ret;
+ }
+
+ ret = fdt_end_node(fdt);
+ if (ret)
+ return ret;
+
+ ret = fdt_end_node(fdt);
+ if (ret)
+ return ret;
+
+ return fdt_end_node(fdt);
+}
+#endif /* CROS_WIDEVINE_SMC */
+
/*
* Creates a device tree for passing into OP-TEE. Currently is populated with
* the coreboot table address.
@@ -326,6 +383,12 @@
return ret;
#endif /* COREBOOT */
+#if CROS_WIDEVINE_SMC
+ ret = add_options_widevine_node(fdt_buf);
+ if (ret)
+ return ret;
+#endif /* CROS_WIDEVINE_SMC */
+
ret = fdt_end_node(fdt_buf);
if (ret)
return ret;
diff --git a/services/std_svc/errata_abi/errata_abi_main.c b/services/std_svc/errata_abi/errata_abi_main.c
index a2669d2..811adcb 100644
--- a/services/std_svc/errata_abi/errata_abi_main.c
+++ b/services/std_svc/errata_abi/errata_abi_main.c
@@ -435,9 +435,10 @@
{
.cpu_partnumber = CORTEX_A715_MIDR,
.cpu_errata_list = {
- [0] = {2701951, 0x00, 0x11, ERRATA_A715_2701951, \
+ [0] = {2561034, 0x10, 0x10, ERRATA_A715_2561034},
+ [1] = {2701951, 0x00, 0x11, ERRATA_A715_2701951, \
ERRATA_NON_ARM_INTERCONNECT},
- [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [2 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A715_H_INC */
diff --git a/services/std_svc/spm/el3_spmc/spmc_main.c b/services/std_svc/spm/el3_spmc/spmc_main.c
index 9cfcd87..247e2c8 100644
--- a/services/std_svc/spm/el3_spmc/spmc_main.c
+++ b/services/std_svc/spm/el3_spmc/spmc_main.c
@@ -234,7 +234,7 @@
/* If we originated in the normal world then switch contexts. */
else if (!secure_origin && ffa_is_secure_world_id(dst_id)) {
return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2,
- x3, x4, handle);
+ x3, x4, handle, flags);
} else {
/* Unknown State. */
panic();
@@ -2490,9 +2490,11 @@
/*
* Forward the interrupt to the S-EL1 SP. The interrupt ID is not
* populated as the SP can determine this by itself.
+ * The flags field is forced to 0 mainly to pass the SVE hint bit
+ * cleared for consumption by the lower EL.
*/
return spmd_smc_switch_state(FFA_INTERRUPT, false,
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
- handle);
+ handle, 0ULL);
}
diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
index 5d19868..7572adf 100644
--- a/services/std_svc/spmd/spmd_main.c
+++ b/services/std_svc/spmd/spmd_main.c
@@ -667,11 +667,22 @@
uint64_t x2,
uint64_t x3,
uint64_t x4,
- void *handle)
+ void *handle,
+ uint64_t flags)
{
unsigned int secure_state_in = (secure_origin) ? SECURE : NON_SECURE;
unsigned int secure_state_out = (!secure_origin) ? SECURE : NON_SECURE;
+#if SPMD_SPM_AT_SEL2
+ if ((secure_state_out == SECURE) && (is_sve_hint_set(flags) == true)) {
+ /*
+ * Set the SVE hint bit in x0 and pass to the lower secure EL,
+ * if it was set by the caller.
+ */
+ smc_fid |= (FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT);
+ }
+#endif
+
/* Save incoming security state */
#if SPMD_SPM_AT_SEL2
if (secure_state_in == NON_SECURE) {
@@ -746,8 +757,9 @@
return spmc_smc_handler(smc_fid, secure_origin, x1, x2, x3, x4,
cookie, handle, flags);
}
+
return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2, x3, x4,
- handle);
+ handle, flags);
}
@@ -844,7 +856,7 @@
unsigned int linear_id = plat_my_core_pos();
spmd_spm_core_context_t *ctx = spmd_get_context();
bool secure_origin;
- int32_t ret;
+ int ret;
uint32_t input_version;
/* Determine which security state this SMC originated from */
