refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED

At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detecti

refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED

At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_SPE_FOR_NS=2), by splitting
is_armv8_2_feat_spe_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access SPE related registers.

Previously SPE was enabled unconditionally for all platforms, change
this now to the runtime detection version.

Change-Id: I830c094107ce6a398bf1f4aef7ffcb79d4f36552
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): rename ENABLE_SPE_FOR_LOWER_ELS to ENABLE_SPE_FOR_NS

At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL2.E2PB accordin

refactor(cpufeat): rename ENABLE_SPE_FOR_LOWER_ELS to ENABLE_SPE_FOR_NS

At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL2.E2PB accordingly.

This should be reflected in the feature selection symbol, so rename that
to ENABLE_SPE_FOR_NS, to make it clearer that SPE is not supported in
the secure world.

Change-Id: I3f9b48eab1a45d6ccfcbb9c90a11eeb66867ad9a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge "feat(tcr2): support FEAT_TCR2" into integration

feat(tcr2): support FEAT_TCR2

Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the n

feat(tcr2): support FEAT_TCR2

Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the new registers.

Change the FVP platform to default to handling this as a dynamic option so
the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I297452acd8646d58bac64fc15e05b06a543e5148

show more ...

Merge "refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3" into integration

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is runnin

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).

BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.

Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>

show more ...

Merge changes I9430f5fa,I23680085 into integration

* changes:
feat(build): add support for new binutils versions
build(makefile): add helper to detect linker options

feat(build): add support for new binutils versions

Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:

ld.bfd: warning:

feat(build): add support for new binutils versions

Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:

ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions

These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774

Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/

Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.

Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617

show more ...

Revert "feat(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"

Adopted RESET_TO_BL31_WITH_PARAMS functionality in RESET_TO_BL31
in the subsequent patches hence reverted this patch.
This reverts commit 2584

Revert "feat(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"

Adopted RESET_TO_BL31_WITH_PARAMS functionality in RESET_TO_BL31
in the subsequent patches hence reverted this patch.
This reverts commit 25844ff728e4a0e5430ba2032457aba7b780a701.

Change-Id: Ia0bfa22fc45754f15c82638662dde93f604992c3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(pauth): make pauth_helpers linking generic

Pauth is a generic Arm feature that can be enabled on any platform that
implements it. It only needs a platform specific key generation hook. As
such,

fix(pauth): make pauth_helpers linking generic

Pauth is a generic Arm feature that can be enabled on any platform that
implements it. It only needs a platform specific key generation hook. As
such, the generic Pauth enablement can be included in the generic build.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ibf32f79addab3515214594bb8d7168151b450f59

show more ...

Merge changes I51c13c52,I3358c51e into integration

* changes:
build: always prefix section names with `.`
build: communicate correct page size to linker

build: communicate correct page size to linker

This change communicates the common and maximum page sizes to the
linker, which allows us to use the built-in constants that it provides
to deal with p

build: communicate correct page size to linker

This change communicates the common and maximum page sizes to the
linker, which allows us to use the built-in constants that it provides
to deal with page alignments.

We only support 4K pages today so the fact these are fixed is not too
much of an issue, but we will need to revisit this if we ever support
other page sizes.

Change-Id: I3358c51e70df794025ddf25209ae0e2a96550b0e
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge "fix(build): allow warnings when using lld" into integration

Merge changes from topic "mixed-rwx" into integration

* changes:
build: permit multiple linker scripts
build: clarify linker script generation
style: normalize linker script code style
fix(p

Merge changes from topic "mixed-rwx" into integration

* changes:
build: permit multiple linker scripts
build: clarify linker script generation
style: normalize linker script code style
fix(pie): pass `-fpie` to the preprocessor as well

show more ...

fix(pie): pass `-fpie` to the preprocessor as well

When PIE is enabled, the `-fpie` flag is passed to the compiler but not
to the preprocessor. This change ensures that both tools are aware of
when

fix(pie): pass `-fpie` to the preprocessor as well

When PIE is enabled, the `-fpie` flag is passed to the compiler but not
to the preprocessor. This change ensures that both tools are aware of
when the image is position-independent when preprocessing, which impacts
some pre-defined preprocessor definitions.

Change-Id: I5208a591d60ee01312f6bf3dd7343abe6535ee61
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge "fix(context-mgmt): enable SCXTNUM access" into integration

fix(context-mgmt): enable SCXTNUM access

Enable SCXTNUM_ELx access for lower ELs in non-secure state.
Make realm context setup take this build flag into account but enable it
by default when RME is

fix(context-mgmt): enable SCXTNUM access

Enable SCXTNUM_ELx access for lower ELs in non-secure state.
Make realm context setup take this build flag into account but enable it
by default when RME is used.

Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Change-Id: Ieb0186b2fdffad464bb9316fc3973772c9c28cd0

show more ...

fix(build): allow warnings when using lld

After https://reviews.llvm.org/D118840, ld.lld reports
below section type mismatch warnings:

LD trusted-firmware-a/build/qemu/release/bl1/bl1.elf
ld

fix(build): allow warnings when using lld

After https://reviews.llvm.org/D118840, ld.lld reports
below section type mismatch warnings:

LD trusted-firmware-a/build/qemu/release/bl1/bl1.elf
ld.lld: error: section type mismatch for base_xlat_table
>>> trusted-firmware-a/build/qemu/release/bl1/xlat_tables_context.o:
(base_xlat_table): SHT_PROGBITS
>>> output section .bss: SHT_NOBITS

ld.lld: error: section type mismatch for xlat_table
>>> trusted-firmware-a/build/qemu/release/bl1/xlat_tables_context.o:
(xlat_table): SHT_PROGBITS
>>> output section xlat_table: SHT_NOBITS

So allow warnings to make build pass.

Change-Id: I70503ad03b3be7a18ffe29ef6f2127c3f4d540f1
Signed-off-by: Yabin Cui <yabinc@google.com>

show more ...

Merge changes from topic "bk/warnings" into integration

* changes:
docs: describe the new warning levels
build: add -Wunused-const-variable=2 to W=2
build: include -Wextra in generic builds

Merge changes from topic "bk/warnings" into integration

* changes:
docs: describe the new warning levels
build: add -Wunused-const-variable=2 to W=2
build: include -Wextra in generic builds
docs(porting-guide): update a reference
fix(st-usb): replace redundant checks with asserts
fix(brcm): add braces around bodies of conditionals
fix(renesas): align incompatible function pointers
fix(zynqmp): remove redundant api_version check
fix: remove old-style declarations
fix: unify fallthrough annotations

show more ...

build: add -Wunused-const-variable=2 to W=2

TF-A is quite strict with warnings and redundant code. This flag
furthers this so it would be useful to have it. Add it to W=2 as it sets
off a few platfo

build: add -Wunused-const-variable=2 to W=2

TF-A is quite strict with warnings and redundant code. This flag
furthers this so it would be useful to have it. Add it to W=2 as it sets
off a few platforms which require a somewhat involved fix.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Id52b3d477b4ada7dd69a36101ab22c575ab4ef19

show more ...

build: include -Wextra in generic builds

TF-A is more strict with compiler warnings in comparison to other
projects (notably Linux) for security and -Wextra enables a lot of
desirable warnings. This

build: include -Wextra in generic builds

TF-A is more strict with compiler warnings in comparison to other
projects (notably Linux) for security and -Wextra enables a lot of
desirable warnings. This patch enables -Wextra by default (from W=1
previously) and reorganises the warning levels so that they can useful
when enabled and not just a build failure. This will help us move
towards fixing the warnings that are too many to fix at once and
enabling all W={1, 2} warnings.

The warning levels get new meanings:
* W=1: warnings we want the generic build to include but are too time
consuming to fix at the moment. They re-enable warnings taken out for
generic builds.
* W=2: warnings we want the generic build to include but cannot be
enabled due to external libraries.
* W=3: warnings that are informative but not necessary and generally too
verbose and frequently ignored.

Quality expectations for new contributions mean that generally they
should have no warnings up to W=2. To allow code to be developed with
them in mind, -Werror is disabled when W=x is set. This way enabling
warnings will not just fail the build due to technicalities we have and
contributors will be able to actually see if they get any.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ieb15ddd635d458a956a34b0f9d0ea2f81b9c0745

show more ...

Merge "build: restrict usage of CTX_INCLUDE_EL2_REGS" into integration

build: restrict usage of CTX_INCLUDE_EL2_REGS

CTX_INCLUDE_EL2_REGS is used to save/restore EL2 registers and
it should be only used when there is SPMD or RME enabled.

Make CTX_INCLUDE_EL2_REGS an i

build: restrict usage of CTX_INCLUDE_EL2_REGS

CTX_INCLUDE_EL2_REGS is used to save/restore EL2 registers and
it should be only used when there is SPMD or RME enabled.

Make CTX_INCLUDE_EL2_REGS an internal macro and remove
from documentation.

Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Change-Id: I6a70edfd88163423ff0482de094601cf794246d6

show more ...

Merge "docs(changelog): changelog for v2.8 release" into integration

docs(changelog): changelog for v2.8 release

Change-Id: I1d99ea46ad527993ee786c34a67f94d74470f960
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>