Merge "Add support for Branch Target Identification" into integration

Add support for Branch Target Identification

This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by add

Add support for Branch Target Identification

This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.

Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Makefile: Add default warning flags

The flags are taken from the different warning levels of the build
system when they do not generate any error with the current upstreamed
platforms.

Change-Id: I

Makefile: Add default warning flags

The flags are taken from the different warning levels of the build
system when they do not generate any error with the current upstreamed
platforms.

Change-Id: Ia70cff83bedefb6d2f0dd266394ef77fe47e7f65
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

show more ...

Introduce BTI support in ROMLIB

When TF-A is compiled with BTI enabled, the branches in the ROMLIB
jumptable must be preceded by a "bti j" instruction.

Moreover, when the additional "bti" instructi

Introduce BTI support in ROMLIB

When TF-A is compiled with BTI enabled, the branches in the ROMLIB
jumptable must be preceded by a "bti j" instruction.

Moreover, when the additional "bti" instruction is inserted, the
jumptable entries have a distance of 8 bytes between them instead of 4.
Hence, the wrappers are also modified accordinly.

If TF-A is compiled without BTI enabled, the ROMLIB jumptable and
wrappers are generated as before.

Change-Id: Iaa59897668f8e59888d39046233300c2241d8de7
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

show more ...

Beautify "make help"

Changes to make the help text a bit more readable:
1) The "usage" part is now a one-liner
2) The supported platforms list is printed separately

Change-Id: I93e48a6cf1d28f0ef9f3

Beautify "make help"

Changes to make the help text a bit more readable:
1) The "usage" part is now a one-liner
2) The supported platforms list is printed separately

Change-Id: I93e48a6cf1d28f0ef9f3db16ce17725e4dff33c9
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

show more ...

Merge changes from topic "pb/sphinx-doc" into integration

* changes:
doc: Use proper note and warning annotations
doc: Refactor contributor acknowledgements
doc: Reorganise images and update l

Merge changes from topic "pb/sphinx-doc" into integration

* changes:
doc: Use proper note and warning annotations
doc: Refactor contributor acknowledgements
doc: Reorganise images and update links
doc: Set correct syntax highlighting style
doc: Add minimal glossary
doc: Remove per-page contents lists
doc: Make checkpatch ignore rst files
doc: Format security advisory titles and headings
doc: Reformat platform port documents
doc: Normalise section numbering and headings
doc: Reword document titles

show more ...

doc: Make checkpatch ignore rst files

Previously checkpatch was invoked with options to make it ignore
Markdown (md) files as this was the dominant format for TF-A
documents. Now that rst is being u

doc: Make checkpatch ignore rst files

Previously checkpatch was invoked with options to make it ignore
Markdown (md) files as this was the dominant format for TF-A
documents. Now that rst is being used everywhere this option needs
updating.

Change-Id: I59b5a0bcc45d2386df4f880b8d333baef0bbee77
Signed-off-by: Paul Beesley <paul.beesley@arm.com>

show more ...

Merge "Add Makefile check for PAuth and AArch64" into integration

Add Makefile check for PAuth and AArch64

Pointer authentication is supported only in AArch64. A relevant check is
added for that in the Makefile.

Change-Id: I021ba65a9bd5764fd33292bee42617015e04a87

Add Makefile check for PAuth and AArch64

Pointer authentication is supported only in AArch64. A relevant check is
added for that in the Makefile.

Change-Id: I021ba65a9bd5764fd33292bee42617015e04a870
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

show more ...

Merge pull request #1920 from ambroise-arm/av/deprecated

Remove deprecated interfaces

Makefile: remove extra include paths in INCLUDES

Now it is needed to use the full path of the common header files.

Commit 09d40e0e0828 ("Sanitise includes across codebase") provides more
informatio

Makefile: remove extra include paths in INCLUDES

Now it is needed to use the full path of the common header files.

Commit 09d40e0e0828 ("Sanitise includes across codebase") provides more
information.

Change-Id: Ifedc79d9f664d208ba565f5736612a3edd94c647
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

show more ...

Merge pull request #1908 from soby-mathew/sm/update_ver

Update TF-A version to 2.1

Update TF-A version to 2.1

Change-Id: I6d8a6419df4d4924214115facbce90715a1a0371
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

Merge pull request #1895 from AlexeiFedorov/af/declare_pauth_experimental

Declare ENABLE_PAUTH build option as experimental

Declare PAuth for Secure world as experimental

Declare ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS
build options as experimental.
Pointer Authentication is enabled for Non-secure world
irrespective of t

Declare PAuth for Secure world as experimental

Declare ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS
build options as experimental.
Pointer Authentication is enabled for Non-secure world
irrespective of the value of these build flags if the
CPU supports it.
The patch also fixes the description of fiptool 'help' command.

Change-Id: I46de3228fbcce774a2624cd387798680d8504c38
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge pull request #1884 from AlexeiFedorov/af/set_march_to_arch_minor

Allow setting compiler's target architecture

Merge pull request #1880 from lmayencourt/lm/pie

PIE: fix linking with pie and binutils > 2.27

Merge pull request #1861 from Yann-lms/checkpatch

Update checkpatch options

Allow setting compiler's target architecture

Change-Id: I56ea088f415bdb9077c385bd3450ff4b2cfa2eac
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

Makefile: fix linking with pie and binutils > 2.27

Since binutils 1a9ccd70f9a7[1] TFA will not link when the PIE option is
used:

aarch64-linux-gnu-ld: build/fvp/debug/bl31/bl31.elf: Not enough

Makefile: fix linking with pie and binutils > 2.27

Since binutils 1a9ccd70f9a7[1] TFA will not link when the PIE option is
used:

aarch64-linux-gnu-ld: build/fvp/debug/bl31/bl31.elf: Not enough room
for program headers, try linking with -N
aarch64-linux-gnu-ld: final link failed: Bad value

This issue was also encountered by u-boot[2] and linux powerpc kernel
[3]. The fix is to provide --no-dynamic-linker for the linker. This
tells the linker that PIE does not need loaded program program headers.

Fix https://github.com/ARM-software/tf-issues/issues/675

[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=1a9ccd70f9a7
[2] http://git.denx.de/?p=u-boot.git;a=commit;h=e391b1e64b0bd65709a28a4764afe4f32d408243
[3] https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=ff45000fcb56b5b0f1a14a865d3541746d838a0a

Change-Id: Ic3c33c795a9b7bdeab0e87c4345153ce2703a524
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

show more ...

Add the possibility to pass options for checkpatch

It can be handy for example to add --strict option which can detect more
coding issues, even if not mandated by TF-A coding rules.
To use it:
CHEC

Add the possibility to pass options for checkpatch

It can be handy for example to add --strict option which can detect more
coding issues, even if not mandated by TF-A coding rules.
To use it:
CHECKPATCH_OPTS="--strict" make checkpatch

Change-Id: I707e4cc2d1250b21f18ff16169b5f1e5ab03a7ed
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

Merge pull request #1751 from vwadekar/tegra-scatter-file-support

Tegra scatter file support

Tegra: Support for scatterfile for the BL31 image

This patch provides support for using the scatterfile format as
the linker script with the 'armlink' linker for Tegra platforms.

In order to enable

Tegra: Support for scatterfile for the BL31 image

This patch provides support for using the scatterfile format as
the linker script with the 'armlink' linker for Tegra platforms.

In order to enable the scatterfile usage the following changes
have been made:

* provide mapping for ld.S symbols in bl_common.h
* include bl_common.h from all the affected files
* update the makefile rules to use the scatterfile and armlink
to compile BL31
* update pubsub.h to add sections to the scatterfile

NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY.

Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Merge pull request #1829 from antonio-nino-diaz-arm/an/pauth

Add Pointer Authentication (ARMv8.3-PAuth) support to the TF

Add support for pointer authentication

The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable p

Add support for pointer authentication

The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.

This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.

Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...