Merge "docs(auth): add missing AUTH_PARAM_NV_CTR value" into integration
diff --git a/Makefile b/Makefile
index ac73816..fc41697 100644
--- a/Makefile
+++ b/Makefile
@@ -160,15 +160,6 @@
################################################################################
arch-features = ${ARM_ARCH_FEATURE}
-# Set the compiler's architecture feature modifiers
-ifneq ($(arch-features), none)
- # Strip "none+" from arch-features
- arch-features := $(subst none+,,$(arch-features))
- march-directive := $(march-directive)+$(arch-features)
-# Print features
- $(info Arm Architecture Features specified: $(subst +, ,$(arch-features)))
-endif #(arch-features)
-
ifneq ($(findstring clang,$(notdir $(CC))),)
ifneq ($(findstring armclang,$(notdir $(CC))),)
TF_CFLAGS_aarch32 := -target arm-arm-none-eabi
@@ -232,8 +223,6 @@
TF_CFLAGS_aarch32 += -mno-unaligned-access
TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align
-ASFLAGS += $(march-directive)
-
##############################################################################
# WARNINGS Configuration
###############################################################################
@@ -691,6 +680,7 @@
include ${MAKE_HELPERS_DIRECTORY}march.mk
TF_CFLAGS += $(march-directive)
+ASFLAGS += $(march-directive)
# This internal flag is common option which is set to 1 for scenarios
# when the BL2 is running in EL3 level. This occurs in two scenarios -
@@ -1039,12 +1029,6 @@
endif
endif
-# Determine if FEAT_RNG is supported
-ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0)
-
-# Determine if FEAT_SB is supported
-ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0)
-
ifeq ($(PSA_CRYPTO),1)
$(info PSA_CRYPTO is an experimental feature)
endif
@@ -1170,7 +1154,6 @@
ENABLE_AMU_FCONF \
AMU_RESTRICT_COUNTERS \
ENABLE_ASSERTIONS \
- ENABLE_FEAT_SB \
ENABLE_PIE \
ENABLE_PMF \
ENABLE_PSCI_STAT \
@@ -1267,6 +1250,7 @@
ENABLE_FEAT_RNG_TRAP \
ENABLE_FEAT_SEL2 \
ENABLE_FEAT_TCR2 \
+ ENABLE_FEAT_SB \
ENABLE_FEAT_S2PIE \
ENABLE_FEAT_S1PIE \
ENABLE_FEAT_S2POE \
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 40e3df8..9959a3e 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -161,6 +161,10 @@
${MBEDTLS_SOURCES}
endif
+ifeq ($(CROS_WIDEVINE_SMC),1)
+BL31_SOURCES += services/oem/chromeos/widevine_smc_handlers.c
+endif
+
BL31_DEFAULT_LINKER_SCRIPT_SOURCE := bl31/bl31.ld.S
ifneq ($(findstring gcc,$(notdir $(LD))),)
diff --git a/docs/components/realm-management-extension.rst b/docs/components/realm-management-extension.rst
index f228e6b..39186b4 100644
--- a/docs/components/realm-management-extension.rst
+++ b/docs/components/realm-management-extension.rst
@@ -237,7 +237,7 @@
-C bp.ve_sysregs.exit_on_shutdown=1 \
-C cache_state_modelled=1 \
-C bp.dram_size=4 \
- -C bp.secure_memory=1 \
+ -C bp.secure_memory=0 \
-C pci.pci_smmuv3.mmu.SMMU_ROOT_IDR0=3 \
-C pci.pci_smmuv3.mmu.SMMU_ROOT_IIDR=0x43B \
-C pci.pci_smmuv3.mmu.root_register_page_offset=0x20000 \
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 652c142..abd9f87 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -872,6 +872,10 @@
For Cortex-A715, the following errata build flags are defined :
+- ``ERRATA_A715_2561034``: This applies errata 2561034 workaround to
+ Cortex-A715 CPU. This needs to be enabled only for revision r1p0.
+ It is fixed in r1p1.
+
- ``ERRATA_A715_2701951``: This applies erratum 2701951 workaround to Cortex-A715
CPU and affects system configurations that do not use an ARM interconnect
IP. This needs to be applied to revisions r0p0, r1p0 and r1p1. It is fixed
diff --git a/docs/plat/rockchip.rst b/docs/plat/rockchip.rst
index b7c43fb..01cf176 100644
--- a/docs/plat/rockchip.rst
+++ b/docs/plat/rockchip.rst
@@ -35,7 +35,7 @@
For AARCH64 architectures the build command looks like
- make CROSS_COMPILE=aarch64-linux-gnu- PLAT=rk3399 bl32
+ make CROSS_COMPILE=aarch64-linux-gnu- PLAT=rk3399 bl31
while AARCH32 needs a slightly different command
diff --git a/docs/process/contributing.rst b/docs/process/contributing.rst
index ef9ebd3..33b3533 100644
--- a/docs/process/contributing.rst
+++ b/docs/process/contributing.rst
@@ -7,8 +7,12 @@
- Make sure you have a Github account and you are logged on both
`developer.trustedfirmware.org`_ and `review.trustedfirmware.org`_.
+ Also make sure that you have registered your full name and email address in
+ your `review.trustedfirmware.org`_ profile. Otherwise, the Gerrit server
+ might reject patches you attempt to post for review.
+
- If you plan to contribute a major piece of work, it is usually a good idea to
- start a discussion around it on the mailing list. This gives everyone
+ start a discussion around it on the `TF-A mailing list`_. This gives everyone
visibility of what is coming up, you might learn that somebody else is
already working on something similar or the community might be able to
provide some early input to help shaping the design of the feature.
@@ -17,16 +21,16 @@
it explicitly in the email thread and ensure that the changes that include
Third Party IP are made in a separate patch (or patch series).
-- Clone `Trusted Firmware-A`_ on your own machine as described in
+- Clone the Trusted Firmware-A source code on your own machine as described in
:ref:`prerequisites_get_source`.
-- Create a local topic branch based on the `Trusted Firmware-A`_ ``master``
+- Create a local topic branch based on the Trusted Firmware-A ``master``
branch.
Making Changes
==============
-- Ensure commits adhere to the the project's :ref:`Commit Style`.
+- Ensure commits adhere to the project's :ref:`Commit Style`.
- Make commits of logical units. See these general `Git guidelines`_ for
contributing to a project.
@@ -93,13 +97,21 @@
Submitting Changes
==================
-- Submit your changes for review at https://review.trustedfirmware.org
- targeting the ``integration`` branch.
+.. note::
+ Please follow the `How to Contribute Code`_ section of the OpenCI
+ documentation for general instructions on setting up Gerrit and posting
+ patches there. The rest of this section provides details about patch
+ submission rules specifically for the TF-A project.
-- Add reviewers for your patch:
+- Submit your changes for review using the ``git review`` command.
- - At least one code owner for each module modified by the patch. See the list
- of modules and their :ref:`code owners`.
+ This will automatically rebase them onto the upstream ``integration`` branch,
+ as required by TF-A's patch submission process.
+
+- From the Gerrit web UI, add reviewers for your patch:
+
+ - At least one code owner for each module modified by the patch. See the
+ list of modules and their :ref:`code owners`.
- At least one maintainer. See the list of :ref:`maintainers`.
@@ -167,26 +179,54 @@
Add CI Configurations
=====================
-- TF-A uses Jenkins tool for Continuous Integration and testing activities.
- Various CI Jobs are deployed which run tests on every patch before being
- merged. So each of your patches go through a series of checks before they
- get merged on to the master branch. Kindly ensure, that everytime you add
- new files under your platform, they are covered under the following two sections:
+TF-A uses Jenkins for Continuous Integration and testing activities. Various CI
+jobs are deployed to run tests on every patch before being merged. Each of your
+patches go through a series of checks before they get merged on to the master
+branch. Kindly ensure that every time you add new files under your platform,
+they are covered by the following two sections.
Coverity Scan
-------------
-- ``Coverity Scan analysis`` is one of the tests we perform on our source code
- at regular intervals. We maintain a build script ``tf-cov-make`` which contains the
- build configurations of various platforms in order to cover the entire source
- code being analysed by Coverity.
+The TF-A project makes use of `Coverity Scan` for static analysis, a service
+offered by Synopsys for open-source projects. This tool is able to find defects
+and vulnerabilities in a code base, such as dereferences of NULL pointers, use
+of uninitialized data, control flow issues and many other things.
-- When you submit your patches for review containing new source files, please
- ensure to include them for the ``Coverity Scan analysis`` by adding the
- respective build configurations in the ``tf-cov-make`` build script.
+The TF-A source code is submitted daily to this service for analysis. Results of
+the latest and previous scans, as well as the complete list of defects it
+detected, are accessible online from
+https://scan.coverity.com/projects/arm-software-arm-trusted-firmware.
-- In this section you find the details on how to append your new build
- configurations for Coverity scan analysis illustrated with examples:
+The `tf-a-ci-scripts repository`_ contains scripts to run the Coverity Scan
+tools on the integration branch of the TF-A code base and make them available on
+https://scan.coverity.com. These scripts get executed daily by the
+`tf-a-coverity Jenkins job`_.
+
+In order to maintain a high level of coverage, including on newly introduced
+code, it is important to maintain the appropriate TF-A CI scripts. Details of
+when to update these scripts and how to do so follow.
+
+We maintain a build script - ``tf-cov-make`` - which contains the build
+configurations of various platforms in order to cover the entire source code
+being analysed by Coverity.
+
+When you submit your patches for review, and if they contain new source files,
+`TF-A CI static checks job`_ might report that these files are not covered. In
+this case, the job's console output will show the following error message::
+
+ ****** Newly added files detection check for Coverity Scan analysis on patch(es) ******
+
+ Result : FAILURE
+
+ New source files have been identified in your patch..
+ some/dir/file.c
+
+ please ensure to include them for the ``Coverity Scan analysis`` by adding
+ the respective build configurations in the ``tf-cov-make`` build script.
+
+In this section you find the details on how to append your new build
+configurations for Coverity scan analysis illustrated with examples:
#. We maintain a separate repository named `tf-a-ci-scripts repository`_
for placing all the test scripts which will be executed by the CI Jobs.
@@ -194,9 +234,9 @@
#. In this repository, ``tf-cov-make`` script is located at
``tf-a-ci-scripts/script/tf-coverity/tf-cov-make``
-#. Edit `tf-cov-make`_ script by appending all the possible build configurations with
- the specific ``build-flags`` relevant to your platform, so that newly added
- source files get built and analysed by Coverity.
+#. Edit the `tf-cov-make`_ script by appending all the possible build
+ configurations with the specific build flags relevant to your platform, so
+ that newly added source files get built and analysed by Coverity.
#. For better understanding follow the below specified examples listed in the
``tf-cov-make`` script.
@@ -220,45 +260,44 @@
make PLAT=hikey960 $(common_flags) ${TBB_OPTIONS} all
make PLAT=poplar $(common_flags) all
-- In this case for ``Hikey`` boards additional ``build-flags`` has been included
- along with the ``commom_flags`` to cover most of the files relevant to it.
+- In this case for ``Hikey`` boards additional build flags have been included
+ along with the ``common_flags`` to cover most of the files relevant to it.
- Similar to this you can still find many other different build configurations
of various other platforms listed in the ``tf-cov-make`` script. Kindly refer
them and append your build configurations respectively.
-Test Build Configuration (``tf-l1-build-plat``)
------------------------------------------------
+Test Build Configurations
+-------------------------
-- Coverity Scan analysis, runs on a daily basis and will not be triggered for
- every individual trusted-firmware patch.
+We have CI jobs which run a set of test configurations on every TF-A patch
+before they get merged upstream.
-- Considering this, we have other distinguished CI jobs which run a set of test
- configurations on every patch, before they are being passed to ``Coverity scan analysis``.
+At the bare minimum, TF-A code should build without any errors for every
+supported platform - and every feature of this platform. To make sure this is
+the case, we maintain a set of build tests. ``tf-l1-build-plat`` is the test
+group which holds all build tests for all platforms. So be kind enough to
+verify that your newly added files are covered by such a build test.
-- ``tf-l1-build-plat`` is the test group, which holds the test configurations
- to build all the platforms. So be kind enough to verify that your newly added
- files are built as part of one of the existing platform configurations present
- in ``tf-l1-build-plat`` test group.
+If this is not the case, please follow the instructions below to add the
+appropriate files. We will illustrate this with an example for the ``Hikey``
+platform.
-- In this section you find the details on how to add the appropriate files,
- needed to build your newly introduced platform as part of ``tf-l1-build-plat``
- test group, illustrated with an example:
-
-- Lets consider ``Hikey`` platform:
- In the `tf-a-ci-scripts repository`_ we need to add a build configuration file ``hikey-default``
- under tf_config folder, ``tf_config/hikey-default`` listing all the build parameters
- relevant to it.
+- In the `tf-a-ci-scripts repository`_ we need to add a build configuration file
+ ``hikey-default`` under ``tf_config/`` folder. ``tf_config/hikey-default``
+ must list all the build parameters relevant to it.
.. code:: shell
- #Hikey Build Parameters
+ # Hikey Build Parameters
CROSS_COMPILE=aarch64-none-elf-
PLAT=hikey
-- Further a test-configuration file ``hikey-default:nil`` need to be added under the
- test group, ``tf-l1-build-plat`` located at ``tf-a-ci-scripts/group/tf-l1-build-plat``,
- to allow the platform to be built as part of this group.
+- Further another file, ``hikey-default:nil``, needs to be added under
+ ``group/tf-l1-build-plat/`` folder to allow the platform to be built as part
+ of this test group. ``group/tf-l1-build-plat/hikey-default:nil`` file just
+ needs to exist but does not contain anything meaningful, apart from a
+ mandatory copyright notice:
.. code:: shell
@@ -268,7 +307,11 @@
# SPDX-License-Identifier: BSD-3-Clause
#
-- As illustrated above, you need to add the similar files supporting your platform.
+- As illustrated above, you need to add similar files supporting your platform.
+
+For a more elaborate explanation of the TF-A CI scripts internals, including how
+to add more complex tests beyond a simple build test, please refer to the `TF-A
+CI scripts overview`_ section of the OpenCI documentation.
Binary Components
=================
@@ -289,11 +332,10 @@
--------------
-*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.*
.. _developer.trustedfirmware.org: https://developer.trustedfirmware.org
.. _review.trustedfirmware.org: https://review.trustedfirmware.org
-.. _Trusted Firmware-A: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
.. _Git guidelines: http://git-scm.com/book/ch5-2.html
.. _Gerrit Uploading Changes documentation: https://review.trustedfirmware.org/Documentation/user-upload.html
.. _TF-A Tests: https://trustedfirmware-a-tests.readthedocs.io
@@ -302,3 +344,7 @@
.. _TF-A mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
.. _tf-a-ci-scripts repository: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/
.. _tf-cov-make: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/tree/script/tf-coverity/tf-cov-make
+.. _How to Contribute Code: https://tf-ci-users-guide.readthedocs.io/en/latest/#how-to-contribute-code
+.. _TF-A CI scripts overview: https://tf-ci-users-guide.readthedocs.io/en/latest/#tf-a-ci-scripts-overview
+.. _tf-a-coverity Jenkins job: https://ci.trustedfirmware.org/job/tf-a-coverity/
+.. _TF-A CI static checks job: https://ci.trustedfirmware.org/job/tf-a-static-checks/
diff --git a/drivers/arm/css/scmi/scmi_common.c b/drivers/arm/css/scmi/scmi_common.c
index ec749fb..ca855fe 100644
--- a/drivers/arm/css/scmi/scmi_common.c
+++ b/drivers/arm/css/scmi/scmi_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,6 +9,7 @@
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/arm/css/scmi.h>
+#include <drivers/delay_timer.h>
#include "scmi_private.h"
@@ -60,8 +61,10 @@
dmbsy();
/* Wait for channel to be free */
- while (!SCMI_IS_CHANNEL_FREE(mbx_mem->status))
- ;
+ while (!SCMI_IS_CHANNEL_FREE(mbx_mem->status)) {
+ if (ch->info->delay != 0)
+ udelay(ch->info->delay);
+ }
/*
* Ensure that any read to the SCMI payload area is done after reading
diff --git a/drivers/arm/mhu/mhu_wrapper_v2_x.c b/drivers/arm/mhu/mhu_wrapper_v2_x.c
index 60de1d3..54a5881 100644
--- a/drivers/arm/mhu/mhu_wrapper_v2_x.c
+++ b/drivers/arm/mhu/mhu_wrapper_v2_x.c
@@ -308,5 +308,10 @@
assert(num_channels != 0);
- return num_channels * sizeof(uint32_t);
+ /*
+ * Returns only usable size of memory. As one channel is specifically
+ * used to inform about the size of payload, discard it from avialable
+ * memory size.
+ */
+ return (num_channels - 1) * sizeof(uint32_t);
}
diff --git a/drivers/arm/rss/rss_comms.c b/drivers/arm/rss/rss_comms.c
index 4622af9..a905b88 100644
--- a/drivers/arm/rss/rss_comms.c
+++ b/drivers/arm/rss/rss_comms.c
@@ -59,8 +59,10 @@
* messages due to ATU configuration costs to allow access to the
* pointers.
*/
- if ((comms_embed_msg_min_size + in_size_total > comms_mhu_msg_size - sizeof(uint32_t))
- || (comms_embed_reply_min_size + out_size_total > comms_mhu_msg_size) - sizeof(uint32_t)) {
+ if ((comms_embed_msg_min_size + in_size_total >
+ comms_mhu_msg_size - sizeof(uint32_t)) ||
+ (comms_embed_reply_min_size + out_size_total >
+ comms_mhu_msg_size - sizeof(uint32_t))) {
return RSS_COMMS_PROTOCOL_POINTER_ACCESS;
} else {
return RSS_COMMS_PROTOCOL_EMBED;
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S
index a78837f..26c7578 100644
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@@ -64,9 +64,21 @@
*
* SCR_EL3.EA: Set to one to route External Aborts and SError Interrupts
* to EL3 when executing at any EL.
+ *
+ * SCR_EL3.EEL2: Set to one if S-EL2 is present and enabled.
+ *
+ * NOTE: Modifying EEL2 bit along with EA bit ensures that we mitigate
+ * against ERRATA_V2_3099206.
* ---------------------------------------------------------------------
*/
mov_imm x0, (SCR_RESET_VAL | SCR_EA_BIT | SCR_SIF_BIT)
+#if IMAGE_BL31 && defined(SPD_spmd) && SPMD_SPM_AT_SEL2
+ mrs x1, id_aa64pfr0_el1
+ and x1, x1, #(ID_AA64PFR0_SEL2_MASK << ID_AA64PFR0_SEL2_SHIFT)
+ cbz x1, 1f
+ orr x0, x0, #SCR_EEL2_BIT
+#endif
+1:
msr scr_el3, x0
/* ---------------------------------------------------------------------
diff --git a/include/drivers/arm/css/scmi.h b/include/drivers/arm/css/scmi.h
index 356012b..96e1924 100644
--- a/include/drivers/arm/css/scmi.h
+++ b/include/drivers/arm/css/scmi.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -123,6 +123,8 @@
void (*ring_doorbell)(struct scmi_channel_plat_info *plat_info);
/* cookie is unused now. But added for future enhancements. */
void *cookie;
+ /* Delay in micro-seconds while polling the channel status. */
+ uint32_t delay;
} scmi_channel_plat_info_t;
diff --git a/include/drivers/usb_device.h b/include/drivers/usb_device.h
index 8fdb6ae..d4c491c 100644
--- a/include/drivers/usb_device.h
+++ b/include/drivers/usb_device.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2021-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,7 @@
#ifndef USB_DEVICE_H
#define USB_DEVICE_H
+#include <stdbool.h>
#include <stdint.h>
#include <lib/utils_def.h>
diff --git a/include/lib/cpus/aarch64/cortex_a715.h b/include/lib/cpus/aarch64/cortex_a715.h
index 950d02f..366894d 100644
--- a/include/lib/cpus/aarch64/cortex_a715.h
+++ b/include/lib/cpus/aarch64/cortex_a715.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,11 @@
#define CORTEX_A715_BHB_LOOP_COUNT U(38)
/*******************************************************************************
+ * CPU Auxiliary Control register 2 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A715_CPUACTLR2_EL1 S3_0_C15_C1_1
+
+/*******************************************************************************
* CPU Extended Control register specific definitions
******************************************************************************/
#define CORTEX_A715_CPUECTLR_EL1 S3_0_C15_C1_4
diff --git a/include/lib/psci/psci_lib.h b/include/lib/psci/psci_lib.h
index 4b244ec..c50f8cb 100644
--- a/include/lib/psci/psci_lib.h
+++ b/include/lib/psci/psci_lib.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -94,6 +94,7 @@
bool psci_is_last_on_cpu_safe(void);
bool psci_are_all_cpus_on_safe(void);
void psci_pwrdown_cpu(unsigned int power_level);
+void psci_do_manage_extensions(void);
#endif /* __ASSEMBLER__ */
diff --git a/include/lib/smccc.h b/include/lib/smccc.h
index 8fd6093..c493105 100644
--- a/include/lib/smccc.h
+++ b/include/lib/smccc.h
@@ -111,6 +111,8 @@
#define SMC_OK ULL(0)
#define SMC_UNK -1
#define SMC_PREEMPTED -2 /* Not defined by the SMCCC */
+#define SMC_DENIED -3 /* Not defined by the SMCCC */
+#define SMC_INVALID_PARAM -4 /* Not defined by the SMCCC */
/* Return codes for Arm Architecture Service SMC calls */
#define SMC_ARCH_CALL_SUCCESS 0
diff --git a/include/plat/arm/common/arm_sip_svc.h b/include/plat/arm/common/arm_sip_svc.h
index 266092e..a6fd42b 100644
--- a/include/plat/arm/common/arm_sip_svc.h
+++ b/include/plat/arm/common/arm_sip_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019,2021-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019,2021-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -42,6 +42,16 @@
#define ARM_SIP_SET_INTERRUPT_PENDING U(0x82000100)
#endif
+/**
+ * Arm SiP Service Call for the SPM to leverage RME to protect a give memory range.
+ * Protected memory range is one whose PAS was made secure.
+ * Unprotect relates to reverting a protect operation.
+ */
+#if SPMD_SPM_AT_SEL2 && ENABLE_RME
+#define PLAT_PROTECT_MEM_SMC64 0xC2000101
+#define PLAT_UNPROTECT_MEM_SMC64 0xC2000102
+#endif
+
/* SiP handler specific to each Arm platform. */
uintptr_t plat_arm_sip_handler(uint32_t smc_fid,
u_register_t x1,
diff --git a/include/services/oem/chromeos/widevine_smc_handlers.h b/include/services/oem/chromeos/widevine_smc_handlers.h
new file mode 100644
index 0000000..a5251d7
--- /dev/null
+++ b/include/services/oem/chromeos/widevine_smc_handlers.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2024, The ChromiumOS Authors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CROS_WIDEVINE_SMC_HANDLERS_H
+#define CROS_WIDEVINE_SMC_HANDLERS_H
+
+#include <lib/smccc.h>
+
+/*******************************************************************************
+ * Defines for CrOS OEM Service queries
+ ******************************************************************************/
+
+/* 0xC300C050 - 0xC300C05F are CrOS OEM service calls */
+#define CROS_OEM_SMC_ID 0xC050
+#define CROS_OEM_SMC_CALL_ID(func_num) \
+ ((SMC_TYPE_FAST << FUNCID_TYPE_SHIFT) | \
+ ((SMC_64) << FUNCID_CC_SHIFT) | (OEN_OEM_START << FUNCID_OEN_SHIFT) | \
+ (CROS_OEM_SMC_ID) | ((func_num) & FUNCID_NUM_MASK))
+
+enum cros_drm_set {
+ CROS_DRM_SET_TPM_AUTH_PUB = 0U,
+ CROS_DRM_SET_HARDWARE_UNIQUE_KEY = 1U,
+ CROS_DRM_SET_ROOT_OF_TRUST = 2U,
+};
+
+/*******************************************************************************
+ * Defines for runtime services func ids
+ ******************************************************************************/
+
+/* Sets the TPM auth public key. The maximum size is 128 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_TPM_AUTH_PUB_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_TPM_AUTH_PUB)
+
+/* Sets the hardware unique key. The maximum size is 32 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_HARDWARE_UNIQUE_KEY_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_HARDWARE_UNIQUE_KEY)
+
+/* Sets the widevine root of trust. The maximum size is 32 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_ROOT_OF_TRUST_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_ROOT_OF_TRUST)
+
+#define is_cros_oem_smc(_call_id) (((_call_id) & 0xFFF0U) == CROS_OEM_SMC_ID)
+
+struct cros_oem_data {
+ uint8_t *buffer;
+ const uint32_t max_length;
+ uint32_t length;
+};
+
+extern struct cros_oem_data cros_oem_tpm_auth_pk;
+
+extern struct cros_oem_data cros_oem_huk;
+
+extern struct cros_oem_data cros_oem_rot;
+
+#endif /* CROS_WIDEVINE_SMC_HANDLERS_H */
diff --git a/include/services/spmd_svc.h b/include/services/spmd_svc.h
index 29dfdad..95f0707 100644
--- a/include/services/spmd_svc.h
+++ b/include/services/spmd_svc.h
@@ -34,7 +34,8 @@
uint64_t x2,
uint64_t x3,
uint64_t x4,
- void *handle);
+ void *handle,
+ uint64_t flags);
#endif /* __ASSEMBLER__ */
#endif /* SPMD_SVC_H */
diff --git a/lib/cpus/aarch64/cortex_a715.S b/lib/cpus/aarch64/cortex_a715.S
index dd4c307..0faa276 100644
--- a/lib/cpus/aarch64/cortex_a715.S
+++ b/lib/cpus/aarch64/cortex_a715.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -26,6 +26,12 @@
wa_cve_2022_23960_bhb_vector_table CORTEX_A715_BHB_LOOP_COUNT, cortex_a715
#endif /* WORKAROUND_CVE_2022_23960 */
+workaround_runtime_start cortex_a715, ERRATUM(2561034), ERRATA_A715_2561034
+ sysreg_bit_set CORTEX_A715_CPUACTLR2_EL1, BIT(26)
+workaround_runtime_end cortex_a715, ERRATUM(2561034), NO_ISB
+
+check_erratum_range cortex_a715, ERRATUM(2561034), CPU_REV(1, 0), CPU_REV(1, 0)
+
workaround_reset_start cortex_a715, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
/*
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 31430ae..dcbeba1 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -903,6 +903,10 @@
# This erratum applies to revisions r0p0, r0p1. Fixed in r0p2.
CPU_FLAG_LIST += ERRATA_V2_2801372
+# Flag to apply erratum 2561034 workaround during reset. This erratum applies
+# only to revision r1p0. It is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_A715_2561034
+
# Flag to apply erratum 2701951 workaround for non-arm interconnect ip.
# This erratum applies to revisions r0p0, r1p0, and r1p1. Its is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_A715_2701951
diff --git a/lib/extensions/spe/spe.c b/lib/extensions/spe/spe.c
index 2c25a9d..d1fb182 100644
--- a/lib/extensions/spe/spe.c
+++ b/lib/extensions/spe/spe.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,14 @@
#include <lib/el3_runtime/pubsub.h>
#include <lib/extensions/spe.h>
+#include <plat/common/platform.h>
+
+typedef struct spe_ctx {
+ u_register_t pmblimitr_el1;
+} spe_ctx_t;
+
+static struct spe_ctx spe_ctxs[PLATFORM_CORE_COUNT];
+
static inline void psb_csync(void)
{
/*
@@ -89,4 +97,35 @@
return (void *)0;
}
+static void *spe_context_save(const void *arg)
+{
+ unsigned int core_pos;
+ struct spe_ctx *ctx;
+
+ if (is_feat_spe_supported()) {
+ core_pos = plat_my_core_pos();
+ ctx = &spe_ctxs[core_pos];
+ ctx->pmblimitr_el1 = read_pmblimitr_el1();
+ }
+
+ return NULL;
+}
+
+static void *spe_context_restore(const void *arg)
+{
+ unsigned int core_pos;
+ struct spe_ctx *ctx;
+
+ if (is_feat_spe_supported()) {
+ core_pos = plat_my_core_pos();
+ ctx = &spe_ctxs[core_pos];
+ write_pmblimitr_el1(ctx->pmblimitr_el1);
+ }
+
+ return NULL;
+}
+
SUBSCRIBE_TO_EVENT(cm_entering_secure_world, spe_drain_buffers_hook);
+
+SUBSCRIBE_TO_EVENT(psci_suspend_pwrdown_start, spe_context_save);
+SUBSCRIBE_TO_EVENT(psci_suspend_pwrdown_finish, spe_context_restore);
diff --git a/lib/libc/libc.mk b/lib/libc/libc.mk
index 633386c..03e1fb3 100644
--- a/lib/libc/libc.mk
+++ b/lib/libc/libc.mk
@@ -6,3 +6,6 @@
#
include lib/libc/libc_common.mk
+
+LIBC_SRCS += $(addprefix lib/libc/, \
+ memset.c)
diff --git a/lib/libc/libc_common.mk b/lib/libc/libc_common.mk
index fb8117f..4879818 100644
--- a/lib/libc/libc_common.mk
+++ b/lib/libc/libc_common.mk
@@ -14,7 +14,6 @@
memcpy_s.c \
memmove.c \
memrchr.c \
- memset.c \
printf.c \
putchar.c \
puts.c \
diff --git a/lib/psci/psci_common.c b/lib/psci/psci_common.c
index f9de432..41c7919 100644
--- a/lib/psci/psci_common.c
+++ b/lib/psci/psci_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,12 +8,14 @@
#include <string.h>
#include <arch.h>
+#include <arch_features.h>
#include <arch_helpers.h>
#include <common/bl_common.h>
#include <common/debug.h>
#include <context.h>
#include <drivers/delay_timer.h>
#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/extensions/spe.h>
#include <lib/utils.h>
#include <plat/common/platform.h>
@@ -1164,6 +1166,8 @@
******************************************************************************/
void psci_pwrdown_cpu(unsigned int power_level)
{
+ psci_do_manage_extensions();
+
#if HW_ASSISTED_COHERENCY
/*
* With hardware-assisted coherency, the CPU drivers only initiate the
@@ -1283,3 +1287,20 @@
return true;
}
+
+/*******************************************************************************
+ * This function performs architectural feature specific management.
+ * It ensures the architectural features are disabled during cpu
+ * power off/suspend operations.
+ ******************************************************************************/
+void psci_do_manage_extensions(void)
+{
+ /*
+ * On power down we need to disable statistical profiling extensions
+ * before exiting coherency.
+ */
+ if (is_feat_spe_supported()) {
+ spe_disable();
+ }
+
+}
diff --git a/make_helpers/arch_features.mk b/make_helpers/arch_features.mk
index bb4e224..a346dac 100644
--- a/make_helpers/arch_features.mk
+++ b/make_helpers/arch_features.mk
@@ -8,65 +8,129 @@
# and enables them based on the configured architecture version.
# This file follows the following format:
-# - Enable mandatory feature if applicable to an Arch Version.
+# - Enable mandatory feature if not updated, as applicable to an Arch Version.
# - By default disable any mandatory features if they have not been defined yet.
# - Disable or enable any optional feature this would be enabled/disabled if needed by platform.
#
################################################################################
-# Enable Mandatory features based on Arch versions.
+# Enable Mandatory features if not updated yet, based on Arch versions.
################################################################################
#
# Enable the features which are mandatory from ARCH version 8.1 and upwards.
ifeq "8.1" "$(word 1, $(sort 8.1 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_PAN := 1
-ENABLE_FEAT_VHE := 1
+armv8-1-a-feats := ENABLE_FEAT_PAN ENABLE_FEAT_VHE
+
+FEAT_LIST := ${armv8-1-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.2 and upwards.
ifeq "8.2" "$(word 1, $(sort 8.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_RAS := 1
+armv8-2-a-feats := ENABLE_FEAT_RAS
+# 8.1 Compliant
+armv8-2-a-feats += ${armv8-1-a-feats}
+
+FEAT_LIST := ${armv8-2-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 8.3 and upwards.
+ifeq "8.3" "$(word 1, $(sort 8.3 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.2 Compliant
+armv8-3-a-feats += ${armv8-2-a-feats}
+
+FEAT_LIST := ${armv8-3-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.4 and upwards.
ifeq "8.4" "$(word 1, $(sort 8.4 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_SEL2 := 1
-ENABLE_TRF_FOR_NS := 1
-ENABLE_FEAT_DIT := 1
+armv8-4-a-feats := ENABLE_FEAT_SEL2 ENABLE_TRF_FOR_NS ENABLE_FEAT_DIT
+# 8.3 Compliant
+armv8-4-a-feats += ${armv8-3-a-feats}
+
+FEAT_LIST := ${armv8-4-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.5 and upwards.
ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_RNG := 1
-ENABLE_FEAT_SB := 1
+armv8-5-a-feats := ENABLE_FEAT_RNG ENABLE_FEAT_SB
+# 8.4 Compliant
+armv8-5-a-feats += ${armv8-4-a-feats}
+FEAT_LIST := ${armv8-5-a-feats}
# Enable Memory tagging, Branch Target Identification for aarch64 only.
ifeq ($(ARCH), aarch64)
- mem_tag_arch_support := yes
+ mem_tag_arch_support ?= yes
endif #(ARCH=aarch64)
endif
# Enable the features which are mandatory from ARCH version 8.6 and upwards.
ifeq "8.6" "$(word 1, $(sort 8.6 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_ECV := 1
-ENABLE_FEAT_FGT := 1
+armv8-6-a-feats := ENABLE_FEAT_ECV ENABLE_FEAT_FGT
+# 8.5 Compliant
+armv8-6-a-feats += ${armv8-5-a-feats}
+FEAT_LIST := ${armv8-6-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.7 and upwards.
ifeq "8.7" "$(word 1, $(sort 8.7 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_HCX := 1
+armv8-7-a-feats := ENABLE_FEAT_HCX
+# 8.6 Compliant
+armv8-7-a-feats += ${armv8-6-a-feats}
+FEAT_LIST := ${armv8-7-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 8.8 and upwards.
+ifeq "8.8" "$(word 1, $(sort 8.8 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.7 Compliant
+armv8-7-a-feats += ${armv8-7-a-feats}
+FEAT_LIST := ${armv8-8-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.9 and upwards.
ifeq "8.9" "$(word 1, $(sort 8.9 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_TCR2 := 1
+armv8-9-a-feats := ENABLE_FEAT_TCR2
+# 8.8 Compliant
+armv8-9-a-feats += ${armv8-8-a-feats}
+FEAT_LIST := ${armv8-9-a-feats}
endif
+# Enable the features which are mandatory from ARCH version 9.0 and upwards.
+ifeq "9.0" "$(word 1, $(sort 9.0 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.5 Compliant
+armv9-0-a-feats += ${armv8-5-a-feats}
+FEAT_LIST := ${armv9-0-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 9.1 and upwards.
+ifeq "9.1" "$(word 1, $(sort 9.1 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.6 and 9.0 Compliant
+armv9-1-a-feats += ${armv8-6-a-feats} ${armv9-0-a-feats}
+FEAT_LIST := ${armv9-1-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 9.2 and upwards.
+ifeq "9.2" "$(word 1, $(sort 9.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.7 and 9.1 Compliant
+armv9-2-a-feats += ${armv8-7-a-feats} ${armv9-1-a-feats}
+FEAT_LIST := ${armv9-2-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 9.3 and upwards.
+ifeq "9.3" "$(word 1, $(sort 9.3 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.8 and 9.2 Compliant
+armv9-3-a-feats += ${armv8-8-a-feats} ${armv9-2-a-feats}
+FEAT_LIST := ${armv9-3-a-feats}
+endif
+
+# Set all FEAT_* in FEAT_LIST to '1' if they are not yet defined or set
+# from build commandline options or platform makefile.
+$(eval $(call default_ones, ${sort ${FEAT_LIST}}))
+
#
################################################################################
-# Set mandatory features by default to zero.
+# Set mandatory features by default to zero, if they are not already updated.
################################################################################
#
@@ -298,9 +362,6 @@
# 9.0
#----
-# Flag to enable Realm Management Extension (FEAT_RME).
-ENABLE_RME ?= 0
-
# Scalable Matrix Extension for non-secure world.
ENABLE_SME_FOR_NS ?= 0
@@ -326,6 +387,9 @@
# 9.2
#----
+# Flag to enable Realm Management Extension (FEAT_RME).
+ENABLE_RME ?= 0
+
# Scalable Matrix Extension version 2 for non-secure world.
ENABLE_SME2_FOR_NS ?= 0
diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk
index 2d2f141..6edc2d6 100644
--- a/make_helpers/build_macros.mk
+++ b/make_helpers/build_macros.mk
@@ -50,6 +50,18 @@
$(foreach var,$1,$(eval $(call default_zero,$(var))))
endef
+# Convenience function for setting a variable to 1 if not previously set
+# $(eval $(call default_one,FOO))
+define default_one
+ $(eval $(1) ?= 1)
+endef
+
+# Convenience function for setting a list of variables to 1 if not previously set
+# $(eval $(call default_ones,FOO BAR))
+define default_ones
+ $(foreach var,$1,$(eval $(call default_one,$(var))))
+endef
+
# Convenience function for adding build definitions
# $(eval $(call add_define,FOO)) will have:
# -DFOO if $(FOO) is empty; -DFOO=$(FOO) otherwise
diff --git a/make_helpers/march.mk b/make_helpers/march.mk
index 2417709..1b73969 100644
--- a/make_helpers/march.mk
+++ b/make_helpers/march.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023, Arm Limited. All rights reserved.
+# Copyright (c) 2023-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -82,4 +82,13 @@
march-directive := -march=${provided-march}
+# Set the compiler's architecture feature modifiers
+ifneq ($(arch-features), none)
+ # Strip "none+" from arch-features
+ arch-features := $(subst none+,,$(arch-features))
+ march-directive := $(march-directive)+$(arch-features)
+# Print features
+ $(info Arm Architecture Features specified: $(subst +, ,$(arch-features)))
+endif #(arch-features)
+
endif # MARCH_DIRECTIVE
diff --git a/plat/arm/board/arm_fpga/fpga_def.h b/plat/arm/board/arm_fpga/fpga_def.h
index 2884ea6..5e3a0a9 100644
--- a/plat/arm/board/arm_fpga/fpga_def.h
+++ b/plat/arm/board/arm_fpga/fpga_def.h
@@ -21,7 +21,7 @@
#define FPGA_MAX_CLUSTER_COUNT 4
#define FPGA_MAX_CPUS_PER_CLUSTER 8
-#define FPGA_MAX_PE_PER_CPU 4
+#define FPGA_MAX_PE_PER_CPU 2
#define FPGA_PRIMARY_CPU 0x0
/*******************************************************************************
diff --git a/plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c b/plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c
new file mode 100644
index 0000000..5324fec
--- /dev/null
+++ b/plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <inttypes.h>
+#include <stdint.h>
+
+#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/extensions/ras.h>
+
+#include <plat/common/platform.h>
+#include <services/el3_spmd_logical_sp.h>
+#include <services/ffa_svc.h>
+#include <services/sdei.h>
+
+
+#define CACTUS_SP_RAS_DELEGATE_CMD 0x72617365
+#define EVENT_NOTIFY_OS_RAS_ERROR U(5000)
+
+/*
+ * Note: Typical RAS error handling flow with Firmware First Handling
+ *
+ * Step 1: Exception resulting from a RAS error in the normal world is routed to
+ * EL3.
+ * Step 2: This exception is typically signaled as either a synchronous external
+ * abort or SError or interrupt. TF-A (EL3 firmware) delegates the
+ * control to platform specific handler built on top of the RAS helper
+ * utilities.
+ * Step 3: With the help of a Logical Secure Partition, TF-A sends a direct
+ * message to dedicated S-EL0 (or S-EL1) RAS Partition managed by SPMC.
+ * TF-A also populates a shared buffer with a data structure containing
+ * enough information (such as system registers) to identify and triage
+ * the RAS error.
+ * Step 4: RAS SP generates the Common Platform Error Record (CPER) and shares
+ * it with normal world firmware and/or OS kernel through a reserved
+ * buffer memory.
+ * Step 5: RAS SP responds to the direct message with information necessary for
+ * TF-A to notify the OS kernel.
+ * Step 6: Consequently, TF-A dispatches an SDEI event to notify the OS kernel
+ * about the CPER records for further logging.
+ */
+
+static int injected_fault_handler(const struct err_record_info *info,
+ int probe_data, const struct err_handler_data *const data)
+{
+ /*
+ * At the moment, an FF-A compatible SP that supports RAS firmware is
+ * not available. Hence the sequence below does not exactly follow the
+ * steps outlined above. Therefore, some steps are essentially spoofed.
+ * The handling of RAS error is completely done in EL3 firmware.
+ */
+ uint64_t status, cactus_cmd_ret;
+ int ret, event_num;
+ cpu_context_t *ns_cpu_context;
+
+ /* Get a reference to the non-secure context */
+ ns_cpu_context = cm_get_context(NON_SECURE);
+ assert(ns_cpu_context != NULL);
+
+ /*
+ * The faulting error record is already selected by the SER probe
+ * function.
+ */
+ status = read_erxstatus_el1();
+
+ ERROR("Fault reported by system error record %d on 0x%lx: status=0x%" PRIx64 "\n",
+ probe_data, read_mpidr_el1(), status);
+ ERROR(" exception reason=%u syndrome=0x%" PRIx64 "\n", data->ea_reason,
+ data->flags);
+
+ /* Clear error */
+ write_erxstatus_el1(status);
+
+ /*
+ * Initiate an EL3 direct message from LSP to Cactus RAS Secure
+ * Partition (ID 8001). Currently, the payload is being spoofed.
+ * The direct message response contains the SDEI event ID for the
+ * associated RAS error.
+ */
+ (void)plat_spmd_logical_sp_smc_handler(0, 0, 0, CACTUS_SP_RAS_DELEGATE_CMD,
+ EVENT_NOTIFY_OS_RAS_ERROR,
+ NULL, ns_cpu_context, 0);
+
+ cactus_cmd_ret = read_ctx_reg(get_gpregs_ctx(ns_cpu_context), CTX_GPREG_X3);
+ event_num = (int)read_ctx_reg(get_gpregs_ctx(ns_cpu_context), CTX_GPREG_X4);
+
+ if (cactus_cmd_ret != 0) {
+ ERROR("RAS error could not be handled by SP: %lx\n", cactus_cmd_ret);
+ panic();
+ }
+
+ if (event_num != EVENT_NOTIFY_OS_RAS_ERROR) {
+ ERROR("Unexpected event id sent by RAS SP: %d\n", event_num);
+ panic();
+ }
+
+ /* Dispatch the event to the SDEI client */
+ ret = sdei_dispatch_event(event_num);
+ if (ret < 0) {
+ ERROR("Can't dispatch event to SDEI\n");
+ panic();
+ } else {
+ INFO("SDEI event dispatched\n");
+ }
+
+ return 0;
+}
+
+struct ras_interrupt fvp_ras_interrupts[] = {
+};
+
+struct err_record_info fvp_err_records[] = {
+ /* Record for injected fault */
+ ERR_RECORD_SYSREG_V1(0, 2, ras_err_ser_probe_sysreg,
+ injected_fault_handler, NULL),
+};
+
+REGISTER_ERR_RECORD_INFO(fvp_err_records);
+REGISTER_RAS_INTERRUPTS(fvp_ras_interrupts);
diff --git a/plat/arm/board/fvp/fvp_pm.c b/plat/arm/board/fvp/fvp_pm.c
index 51dda9e..b3d503e 100644
--- a/plat/arm/board/fvp/fvp_pm.c
+++ b/plat/arm/board/fvp/fvp_pm.c
@@ -1,17 +1,15 @@
/*
- * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
-#include <arch_features.h>
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/arm/gicv3.h>
#include <drivers/arm/fvp/fvp_pwrc.h>
-#include <lib/extensions/spe.h>
#include <lib/mmio.h>
#include <lib/psci/psci.h>
#include <plat/arm/common/arm_config.h>
@@ -54,14 +52,6 @@
{
uint64_t mpidr = read_mpidr_el1();
- /*
- * On power down we need to disable statistical profiling extensions
- * before exiting coherency.
- */
- if (is_feat_spe_supported()) {
- spe_disable();
- }
-
/* Disable coherency if this cluster is to be turned off */
fvp_interconnect_disable();
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index aad0417..193052d 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -416,7 +416,7 @@
#define PLAT_SDEI_DP_EVENT_MAX_CNT ARM_SDEI_DP_EVENT_MAX_CNT
#define PLAT_SDEI_DS_EVENT_MAX_CNT ARM_SDEI_DS_EVENT_MAX_CNT
#else
- #if PLATFORM_TEST_RAS_FFH
+ #if PLATFORM_TEST_RAS_FFH || PLATFORM_TEST_FFH_LSP_RAS_SP
#define PLAT_ARM_PRIVATE_SDEI_EVENTS \
ARM_SDEI_PRIVATE_EVENTS, \
SDEI_EXPLICIT_EVENT(5000, SDEI_MAPF_NORMAL), \
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index eef06d4..7501bc4 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -57,7 +57,6 @@
ENABLE_FEAT_TWED := 2
ENABLE_FEAT_GCS := 2
ifeq (${ARCH}, aarch64)
-ifneq (${SPD}, spmd)
ifeq (${SPM_MM}, 0)
ifeq (${CTX_INCLUDE_FPREGS}, 0)
ENABLE_SME_FOR_NS := 2
@@ -66,7 +65,6 @@
endif
endif
endif
-endif
# enable unconditionally for all builds
ifeq (${ARCH}, aarch64)
@@ -399,11 +397,15 @@
endif
ifeq (${HANDLE_EA_EL3_FIRST_NS},1)
-ifeq (${ENABLE_FEAT_RAS},1)
-BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ras.c
-else
-BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ea.c
-endif
+ ifeq (${ENABLE_FEAT_RAS},1)
+ ifeq (${PLATFORM_TEST_FFH_LSP_RAS_SP},1)
+ BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c
+ else
+ BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ras.c
+ endif
+ else
+ BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ea.c
+ endif
endif
ifneq (${ENABLE_STACK_PROTECTOR},0)
@@ -518,6 +520,22 @@
endif
endif
+$(eval $(call add_define,PLATFORM_TEST_FFH_LSP_RAS_SP))
+ifeq (${PLATFORM_TEST_FFH_LSP_RAS_SP}, 1)
+ ifeq (${PLATFORM_TEST_RAS_FFH}, 1)
+ $(error "PLATFORM_TEST_RAS_FFH is incompatible with PLATFORM_TEST_FFH_LSP_RAS_SP")
+ endif
+ ifeq (${ENABLE_SPMD_LP}, 0)
+ $(error "PLATFORM_TEST_FFH_LSP_RAS_SP expects ENABLE_SPMD_LP to be 1")
+ endif
+ ifeq (${ENABLE_FEAT_RAS}, 0)
+ $(error "PLATFORM_TEST_FFH_LSP_RAS_SP expects ENABLE_FEAT_RAS to be 1")
+ endif
+ ifeq (${HANDLE_EA_EL3_FIRST_NS}, 0)
+ $(error "PLATFORM_TEST_FFH_LSP_RAS_SP expects HANDLE_EA_EL3_FIRST_NS to be 1")
+ endif
+endif
+
ifeq (${ERRATA_ABI_SUPPORT}, 1)
include plat/arm/board/fvp/fvp_cpu_errata.mk
endif
diff --git a/plat/arm/common/plat_arm_sip_svc.c b/plat/arm/common/plat_arm_sip_svc.c
index b1dab16..d496d2e 100644
--- a/plat/arm/common/plat_arm_sip_svc.c
+++ b/plat/arm/common/plat_arm_sip_svc.c
@@ -1,10 +1,11 @@
/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stdint.h>
+#include <errno.h>
#include <common/debug.h>
#include <common/runtime_svc.h>
@@ -12,10 +13,73 @@
#include <plat/arm/common/arm_sip_svc.h>
#include <plat/common/platform.h>
+#if ENABLE_RME && SPMD_SPM_AT_SEL2
+#include <lib/gpt_rme/gpt_rme.h>
+#endif
+
#if ENABLE_SPMD_LP
#include <services/el3_spmd_logical_sp.h>
#endif
+#if (ENABLE_RME == 1) && (defined(SPD_spmd) && SPMD_SPM_AT_SEL2 == 1)
+static uint64_t plat_protect_memory(bool protect,
+ bool secure_origin,
+ const uint64_t base,
+ const size_t size,
+ void *handle)
+{
+ uint64_t ret = SMC_INVALID_PARAM;
+ uint64_t last_updated = 0;
+
+ if (!secure_origin) {
+ SMC_RET1(handle, SMC_UNK);
+ /* Shall not be reached. */
+ }
+
+ if ((base % PAGE_SIZE_4KB) != 0U &&
+ (size % PAGE_SIZE_4KB) != 0U) {
+ VERBOSE("Base address must be aligned to 4k.\n");
+ SMC_RET1(handle, SMC_INVALID_PARAM);
+ /* Shall not be reached. */
+ }
+
+ if ((ULONG_MAX - base) < size) {
+ VERBOSE("Base + Size results in overflow.\n");
+ SMC_RET1(handle, SMC_INVALID_PARAM);
+ /* Shall not be reached. */
+ }
+
+ for (uint64_t it = base; it < (base + size); it += PAGE_SIZE_4KB) {
+ /*
+ * If protect is true, add memory to secure PAS.
+ * Else unprotect it, making part of non-secure PAS.
+ */
+ ret = protect
+ ? gpt_delegate_pas(it, PAGE_SIZE_4KB,
+ SMC_FROM_SECURE)
+ : gpt_undelegate_pas(it, PAGE_SIZE_4KB,
+ SMC_FROM_SECURE);
+
+ switch (ret) {
+ case 0:
+ last_updated = it;
+ break;
+ case -EINVAL:
+ SMC_RET2(handle, SMC_INVALID_PARAM, last_updated);
+ break; /* Shall not be reached. */
+ case -EPERM:
+ SMC_RET2(handle, SMC_DENIED, last_updated);
+ break; /* Shall not be reached. */
+ default:
+ ERROR("Unexpected return\n");
+ panic();
+ }
+ }
+
+ SMC_RET1(handle, SMC_OK);
+}
+#endif /* ENABLE_RME && SPMD_SPM_AT_SEL2 */
+
uintptr_t plat_arm_sip_handler(uint32_t smc_fid,
u_register_t x1,
u_register_t x2,
@@ -25,13 +89,14 @@
void *handle,
u_register_t flags)
{
-#if PLAT_TEST_SPM
bool secure_origin;
/* Determine which security state this SMC originated from */
secure_origin = is_caller_secure(flags);
+ (void) secure_origin;
switch (smc_fid) {
+#if PLAT_TEST_SPM
case ARM_SIP_SET_INTERRUPT_PENDING:
if (!secure_origin) {
SMC_RET1(handle, SMC_UNK);
@@ -42,11 +107,20 @@
SMC_RET1(handle, SMC_OK);
break; /* Not reached */
- default:
- break;
- }
#endif
+#if (ENABLE_RME == 1) && (defined(SPD_spmd) && SPMD_SPM_AT_SEL2 == 1)
+ case PLAT_PROTECT_MEM_SMC64:
+ INFO("Sip Call - Protect memory\n");
+ return plat_protect_memory(true, secure_origin, x1, x2, handle);
+ break;
+ case PLAT_UNPROTECT_MEM_SMC64:
+ INFO("Sip Call - Unprotect memory\n");
+ return plat_protect_memory(false, secure_origin, x1, x2, handle);
+ break;
+#endif
+ }
+
#if ENABLE_SPMD_LP
return plat_spmd_logical_sp_smc_handler(smc_fid, x1, x2, x3, x4,
cookie, handle, flags);
diff --git a/plat/arm/css/sgi/sgi-common.mk b/plat/arm/css/sgi/sgi-common.mk
index 2cd7034..efa3cc6 100644
--- a/plat/arm/css/sgi/sgi-common.mk
+++ b/plat/arm/css/sgi/sgi-common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -50,7 +50,8 @@
BL31_SOURCES += ${INTERCONNECT_SOURCES} \
${ENT_GIC_SOURCES} \
${CSS_ENT_BASE}/sgi_bl31_setup.c \
- ${CSS_ENT_BASE}/sgi_topology.c
+ ${CSS_ENT_BASE}/sgi_topology.c \
+ drivers/delay_timer/generic_delay_timer.c
ifneq (${RESET_TO_BL31},0)
$(error "Using BL31 as the reset vector is not supported on ${PLAT} platform. \
diff --git a/plat/arm/css/sgi/sgi_bl31_setup.c b/plat/arm/css/sgi/sgi_bl31_setup.c
index 7aa7b34..ac1ea48 100644
--- a/plat/arm/css/sgi/sgi_bl31_setup.c
+++ b/plat/arm/css/sgi/sgi_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,7 @@
#include <common/debug.h>
#include <drivers/arm/css/css_mhu_doorbell.h>
#include <drivers/arm/css/scmi.h>
+#include <drivers/generic_delay_timer.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
@@ -104,6 +105,8 @@
void sgi_bl31_common_platform_setup(void)
{
+ generic_delay_timer_init();
+
arm_bl31_platform_setup();
/* Configure the warm reboot SGI for primary core */
diff --git a/plat/st/common/include/stm32mp_common.h b/plat/st/common/include/stm32mp_common.h
index 66b9310..0ff6092 100644
--- a/plat/st/common/include/stm32mp_common.h
+++ b/plat/st/common/include/stm32mp_common.h
@@ -20,6 +20,12 @@
/* FWU configuration (max supported value is 15) */
#define FWU_MAX_TRIAL_REBOOT U(3)
+/* Define maximum page size for NAND devices */
+#define PLATFORM_MTD_MAX_PAGE_SIZE U(0x1000)
+
+/* Needed by STM32CubeProgrammer support */
+#define DWL_BUFFER_SIZE U(0x01000000)
+
/* Functions to save and get boot context address given by ROM code */
void stm32mp_save_boot_ctx_address(uintptr_t address);
uintptr_t stm32mp_get_boot_ctx_address(void);
diff --git a/plat/st/stm32mp1/include/platform_def.h b/plat/st/stm32mp1/include/platform_def.h
index 75c8219..7e6d91f 100644
--- a/plat/st/stm32mp1/include/platform_def.h
+++ b/plat/st/stm32mp1/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -77,20 +77,6 @@
******************************************************************************/
#define BL33_BASE STM32MP_BL33_BASE
-/*
- * Load address of BL33 for this platform port
- */
-#define PLAT_STM32MP_NS_IMAGE_OFFSET BL33_BASE
-
-/* Needed by STM32CubeProgrammer support */
-#define DWL_BUFFER_SIZE U(0x01000000)
-
-/*
- * SSBL offset in case it's stored in eMMC boot partition.
- * We can fix it to 256K because TF-A size can't be bigger than SRAM
- */
-#define PLAT_EMMC_BOOT_SSBL_OFFSET U(0x40000)
-
/*******************************************************************************
* DTB specific defines.
******************************************************************************/
diff --git a/plat/st/stm32mp1/stm32mp1_def.h b/plat/st/stm32mp1/stm32mp1_def.h
index 8fc8c89..0d401f9 100644
--- a/plat/st/stm32mp1/stm32mp1_def.h
+++ b/plat/st/stm32mp1/stm32mp1_def.h
@@ -186,9 +186,6 @@
#endif
#define STM32MP_BL33_MAX_SIZE U(0x400000)
-/* Define maximum page size for NAND devices */
-#define PLATFORM_MTD_MAX_PAGE_SIZE U(0x1000)
-
/* Define location for the MTD scratch buffer */
#if STM32MP13
#define STM32MP_MTD_BUFFER (SRAM1_BASE + \
diff --git a/plat/st/stm32mp2/platform.mk b/plat/st/stm32mp2/platform.mk
index 0519b16..bf2952d 100644
--- a/plat/st/stm32mp2/platform.mk
+++ b/plat/st/stm32mp2/platform.mk
@@ -26,6 +26,9 @@
# such as metadata (2) and fsbl-m (2) to find all the FIP partitions (default is 2).
PLAT_PARTITION_MAX_ENTRIES := $(shell echo $$(($(STM32_TF_A_COPIES) + 6)))
+# Set load address for serial boot devices
+DWL_BUFFER_BASE ?= 0x87000000
+
# Device tree
BL2_DTSI := stm32mp25-bl2.dtsi
FDT_SOURCES := $(addprefix ${BUILD_PLAT}/fdts/, $(patsubst %.dtb,%-bl2.dts,$(DTB_FILE_NAME)))
@@ -35,6 +38,11 @@
STM32_LD_FILE := plat/st/stm32mp2/${ARCH}/stm32mp2.ld.S
STM32_BINARY_MAPPING := plat/st/stm32mp2/${ARCH}/stm32mp2.S
+$(eval $(call add_defines,\
+ $(sort \
+ DWL_BUFFER_BASE \
+)))
+
# STM32MP2x is based on Cortex-A35, which is Armv8.0, and does not support BTI
# Disable mbranch-protection to avoid adding useless code
TF_CFLAGS += -mbranch-protection=none
@@ -51,4 +59,8 @@
BL2_SOURCES += plat/st/stm32mp2/plat_bl2_mem_params_desc.c
BL2_SOURCES += plat/st/stm32mp2/bl2_plat_setup.c
+ifeq (${STM32MP_USB_PROGRAMMER},1)
+BL2_SOURCES += plat/st/stm32mp2/stm32mp2_usb_dfu.c
+endif
+
include plat/st/common/common_rules.mk
diff --git a/plat/st/stm32mp2/stm32mp2_usb_dfu.c b/plat/st/stm32mp2/stm32mp2_usb_dfu.c
new file mode 100644
index 0000000..e967964
--- /dev/null
+++ b/plat/st/stm32mp2/stm32mp2_usb_dfu.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2024, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+
+#include <drivers/usb_device.h>
+
+#include <usb_dfu.h>
+
+struct usb_handle *usb_dfu_plat_init(void)
+{
+ return NULL;
+}
+
+uint8_t usb_dfu_get_phase(uint8_t alt)
+{
+ return 0;
+}
diff --git a/services/oem/chromeos/widevine_smc_handlers.c b/services/oem/chromeos/widevine_smc_handlers.c
new file mode 100644
index 0000000..83c6ccc
--- /dev/null
+++ b/services/oem/chromeos/widevine_smc_handlers.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2024, The ChromiumOS Authors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <common/debug.h>
+#include <common/runtime_svc.h>
+#include <lib/psci/psci.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
+#include <services/oem/chromeos/widevine_smc_handlers.h>
+#include <tools_share/uuid.h>
+
+#define CROS_OEM_TPM_AUTH_PK_MAX_LEN 128
+#define CROS_OEM_HUK_LEN 32
+#define CROS_OEM_ROT_LEN 32
+
+static uint8_t cros_oem_tpm_auth_pk_buffer[CROS_OEM_TPM_AUTH_PK_MAX_LEN];
+static uint8_t cros_oem_huk_buffer[CROS_OEM_HUK_LEN];
+static uint8_t cros_oem_rot_len_buffer[CROS_OEM_ROT_LEN];
+
+struct cros_oem_data cros_oem_tpm_auth_pk = {
+ .buffer = cros_oem_tpm_auth_pk_buffer,
+ .max_length = sizeof(cros_oem_tpm_auth_pk_buffer),
+};
+
+struct cros_oem_data cros_oem_huk = {
+ .buffer = cros_oem_huk_buffer,
+ .max_length = sizeof(cros_oem_huk_buffer),
+};
+
+struct cros_oem_data cros_oem_rot = {
+ .buffer = cros_oem_rot_len_buffer,
+ .max_length = sizeof(cros_oem_rot_len_buffer),
+};
+
+static uintptr_t cros_write_data(struct cros_oem_data *data,
+ u_register_t length, u_register_t address,
+ void *handle)
+{
+ uintptr_t aligned_address;
+ uintptr_t aligned_size;
+ int32_t rc;
+
+ if (data->length) {
+ SMC_RET1(handle, PSCI_E_ALREADY_ON);
+ }
+
+ if (length > data->max_length) {
+ SMC_RET1(handle, PSCI_E_INVALID_PARAMS);
+ }
+
+ aligned_address = page_align(address, DOWN);
+ aligned_size = page_align(length + (address - aligned_address), UP);
+
+ /*
+ * We do not validate the passed in address because we are trusting the
+ * non-secure world at this point still.
+ */
+ rc = mmap_add_dynamic_region(aligned_address, aligned_address,
+ aligned_size, MT_MEMORY | MT_RO | MT_NS);
+ if (rc != 0) {
+ SMC_RET1(handle, PSCI_E_INVALID_ADDRESS);
+ }
+
+ memcpy(data->buffer, (void *)address, length);
+ data->length = length;
+
+ mmap_remove_dynamic_region(aligned_address, aligned_size);
+ SMC_RET1(handle, SMC_OK);
+}
+
+/* Handler for servicing specific SMC calls. */
+static uintptr_t cros_oem_svc_smc_handler(uint32_t smc_fid, u_register_t x1,
+ u_register_t x2, u_register_t x3,
+ u_register_t x4, void *cookie,
+ void *handle, u_register_t flags)
+{
+ switch (smc_fid) {
+ case CROS_OEM_SMC_DRM_SET_TPM_AUTH_PUB_FUNC_ID:
+ return cros_write_data(&cros_oem_tpm_auth_pk, x1, x2, handle);
+ case CROS_OEM_SMC_DRM_SET_HARDWARE_UNIQUE_KEY_FUNC_ID:
+ return cros_write_data(&cros_oem_huk, x1, x2, handle);
+ case CROS_OEM_SMC_DRM_SET_ROOT_OF_TRUST_FUNC_ID:
+ return cros_write_data(&cros_oem_rot, x1, x2, handle);
+ default:
+ WARN("Unimplemented OEM Call: 0x%x\n", smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+ }
+}
+
+/* Register OEM Service Calls as runtime service */
+DECLARE_RT_SVC(cros_oem_svc_smc_handler, OEN_OEM_START, OEN_OEM_END,
+ SMC_TYPE_FAST, NULL, cros_oem_svc_smc_handler);
diff --git a/services/spd/opteed/opteed.mk b/services/spd/opteed/opteed.mk
index f394744..289b3e7 100644
--- a/services/spd/opteed/opteed.mk
+++ b/services/spd/opteed/opteed.mk
@@ -33,3 +33,11 @@
$(eval $(call add_define,OPTEE_ALLOW_SMC_LOAD))
include lib/libfdt/libfdt.mk
endif
+
+CROS_WIDEVINE_SMC := 0
+ifeq ($(CROS_WIDEVINE_SMC),1)
+ifeq ($(OPTEE_ALLOW_SMC_LOAD),0)
+$(error When CROS_WIDEVINE_SMC=1, OPTEE_ALLOW_SMC_LOAD must also be 1)
+endif
+$(eval $(call add_define,CROS_WIDEVINE_SMC))
+endif
diff --git a/services/spd/opteed/opteed_main.c b/services/spd/opteed/opteed_main.c
index ab9896e..83b001a 100644
--- a/services/spd/opteed/opteed_main.c
+++ b/services/spd/opteed/opteed_main.c
@@ -33,6 +33,7 @@
#include <libfdt.h>
#endif /* OPTEE_ALLOW_SMC_LOAD */
#include <plat/common/platform.h>
+#include <services/oem/chromeos/widevine_smc_handlers.h>
#include <tools_share/uuid.h>
#include "opteed_private.h"
@@ -61,7 +62,7 @@
0xb1eafba3, 0x5d31, 0x4612, 0xb9, 0x06,
0xc4, 0xc7, 0xa4, 0xbe, 0x3c, 0xc0);
-#define OPTEED_FDT_SIZE 256
+#define OPTEED_FDT_SIZE 1024
static uint8_t fdt_buf[OPTEED_FDT_SIZE] __aligned(CACHE_WRITEBACK_GRANULE);
#else
@@ -299,6 +300,62 @@
}
#endif /* COREBOOT */
+#if CROS_WIDEVINE_SMC
+/*
+ * Adds a options/widevine node with the widevine table information to a device
+ * tree. Returns zero on success or if there is no widevine table information;
+ * failure code otherwise.
+ */
+static int add_options_widevine_node(void *fdt)
+{
+ int ret;
+
+ ret = fdt_begin_node(fdt, "options");
+ if (ret)
+ return ret;
+
+ ret = fdt_begin_node(fdt, "op-tee");
+ if (ret)
+ return ret;
+
+ ret = fdt_begin_node(fdt, "widevine");
+ if (ret)
+ return ret;
+
+ if (cros_oem_tpm_auth_pk.length) {
+ ret = fdt_property(fdt, "tcg,tpm-auth-public-key",
+ cros_oem_tpm_auth_pk.buffer,
+ cros_oem_tpm_auth_pk.length);
+ if (ret)
+ return ret;
+ }
+
+ if (cros_oem_huk.length) {
+ ret = fdt_property(fdt, "op-tee,hardware-unique-key",
+ cros_oem_huk.buffer, cros_oem_huk.length);
+ if (ret)
+ return ret;
+ }
+
+ if (cros_oem_rot.length) {
+ ret = fdt_property(fdt, "google,widevine-root-of-trust-ecc-p256",
+ cros_oem_rot.buffer, cros_oem_rot.length);
+ if (ret)
+ return ret;
+ }
+
+ ret = fdt_end_node(fdt);
+ if (ret)
+ return ret;
+
+ ret = fdt_end_node(fdt);
+ if (ret)
+ return ret;
+
+ return fdt_end_node(fdt);
+}
+#endif /* CROS_WIDEVINE_SMC */
+
/*
* Creates a device tree for passing into OP-TEE. Currently is populated with
* the coreboot table address.
@@ -326,6 +383,12 @@
return ret;
#endif /* COREBOOT */
+#if CROS_WIDEVINE_SMC
+ ret = add_options_widevine_node(fdt_buf);
+ if (ret)
+ return ret;
+#endif /* CROS_WIDEVINE_SMC */
+
ret = fdt_end_node(fdt_buf);
if (ret)
return ret;
diff --git a/services/std_svc/errata_abi/errata_abi_main.c b/services/std_svc/errata_abi/errata_abi_main.c
index a2669d2..811adcb 100644
--- a/services/std_svc/errata_abi/errata_abi_main.c
+++ b/services/std_svc/errata_abi/errata_abi_main.c
@@ -435,9 +435,10 @@
{
.cpu_partnumber = CORTEX_A715_MIDR,
.cpu_errata_list = {
- [0] = {2701951, 0x00, 0x11, ERRATA_A715_2701951, \
+ [0] = {2561034, 0x10, 0x10, ERRATA_A715_2561034},
+ [1] = {2701951, 0x00, 0x11, ERRATA_A715_2701951, \
ERRATA_NON_ARM_INTERCONNECT},
- [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [2 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A715_H_INC */
diff --git a/services/std_svc/spm/el3_spmc/spmc_main.c b/services/std_svc/spm/el3_spmc/spmc_main.c
index 9cfcd87..247e2c8 100644
--- a/services/std_svc/spm/el3_spmc/spmc_main.c
+++ b/services/std_svc/spm/el3_spmc/spmc_main.c
@@ -234,7 +234,7 @@
/* If we originated in the normal world then switch contexts. */
else if (!secure_origin && ffa_is_secure_world_id(dst_id)) {
return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2,
- x3, x4, handle);
+ x3, x4, handle, flags);
} else {
/* Unknown State. */
panic();
@@ -2490,9 +2490,11 @@
/*
* Forward the interrupt to the S-EL1 SP. The interrupt ID is not
* populated as the SP can determine this by itself.
+ * The flags field is forced to 0 mainly to pass the SVE hint bit
+ * cleared for consumption by the lower EL.
*/
return spmd_smc_switch_state(FFA_INTERRUPT, false,
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
- handle);
+ handle, 0ULL);
}
diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
index 5d19868..7572adf 100644
--- a/services/std_svc/spmd/spmd_main.c
+++ b/services/std_svc/spmd/spmd_main.c
@@ -667,11 +667,22 @@
uint64_t x2,
uint64_t x3,
uint64_t x4,
- void *handle)
+ void *handle,
+ uint64_t flags)
{
unsigned int secure_state_in = (secure_origin) ? SECURE : NON_SECURE;
unsigned int secure_state_out = (!secure_origin) ? SECURE : NON_SECURE;
+#if SPMD_SPM_AT_SEL2
+ if ((secure_state_out == SECURE) && (is_sve_hint_set(flags) == true)) {
+ /*
+ * Set the SVE hint bit in x0 and pass to the lower secure EL,
+ * if it was set by the caller.
+ */
+ smc_fid |= (FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT);
+ }
+#endif
+
/* Save incoming security state */
#if SPMD_SPM_AT_SEL2
if (secure_state_in == NON_SECURE) {
@@ -746,8 +757,9 @@
return spmc_smc_handler(smc_fid, secure_origin, x1, x2, x3, x4,
cookie, handle, flags);
}
+
return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2, x3, x4,
- handle);
+ handle, flags);
}
@@ -844,7 +856,7 @@
unsigned int linear_id = plat_my_core_pos();
spmd_spm_core_context_t *ctx = spmd_get_context();
bool secure_origin;
- int32_t ret;
+ int ret;
uint32_t input_version;
/* Determine which security state this SMC originated from */