Add support for Branch Target Identification

This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by add

Add support for Branch Target Identification

This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.

Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge pull request #1829 from antonio-nino-diaz-arm/an/pauth

Add Pointer Authentication (ARMv8.3-PAuth) support to the TF

BL31: Enable pointer authentication support

The size increase after enabling options related to ARMv8.3-PAuth is:

+----------------------------+-------+-------+-------+--------+
|

BL31: Enable pointer authentication support

The size increase after enabling options related to ARMv8.3-PAuth is:

+----------------------------+-------+-------+-------+--------+
| | text | bss | data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 | +192 | +1536 | +0 | +0 |
| | 0.3% | 3.1% | | |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1 | +1848 | +1536 | +16 | +0 |
| | 3.3% | 3.1% | 3.1% | |
+----------------------------+-------+-------+-------+--------+

Results calculated with the following build configuration:

make PLAT=fvp SPD=tspd DEBUG=1 \
SDEI_SUPPORT=1 \
EL3_EXCEPTION_HANDLING=1 \
TSP_NS_INTR_ASYNC_PREEMPT=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
ENABLE_PAUTH=1

Change-Id: I43db7e509a4f39da6599ec2faa690d197573ec1b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1810 from antonio-nino-diaz-arm/an/setjmp

Make setjmp/longjmp compliant with the C standard and move them to libc

libc: Move setjmp to libc folder

Now that setjmp() and longjmp() are compliant with the standard they can
be moved with the other libc files.

Change-Id: Iea3b91c34eb353ace5e171e72f331602d57774d5
Si

libc: Move setjmp to libc folder

Now that setjmp() and longjmp() are compliant with the standard they can
be moved with the other libc files.

Change-Id: Iea3b91c34eb353ace5e171e72f331602d57774d5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1770 from antonio-nino-diaz-arm/an/spm-mm

Undeprecate MM-based SPM

SPM: Rename folder of SPM based on MM

This implementation is no longer deprecated.

Change-Id: I68552d0fd5ba9f08fad4345e4657e8e3c5362a36
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Rename SPM_DEPRECATED flag to SPM_MM

The SPM implementation based on MM is going to be kept for the
foreseeable future.

Change-Id: I11e96778a4f52a1aa803e7e048d9a7cb24a53954
Signed-off-by: Anto

SPM: Rename SPM_DEPRECATED flag to SPM_MM

The SPM implementation based on MM is going to be kept for the
foreseeable future.

Change-Id: I11e96778a4f52a1aa803e7e048d9a7cb24a53954
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Acked-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

Merge pull request #1707 from antonio-nino-diaz-arm/an/spm

SPM: Initial prototype based on SPCI and SPRT

SPM: Deprecate the current implementation

The current SPM is a prototype that only supports one secure partition
in EL0. The objective of SPM is to have multiple partitions. The current
MM interface

SPM: Deprecate the current implementation

The current SPM is a prototype that only supports one secure partition
in EL0. The objective of SPM is to have multiple partitions. The current
MM interface isn't adequate for this, so it is needed to modify heavily
the code to add proper support for it.

However, there are platforms which are already using this (like SGI) and
removing the code would break it. For this reason, the current SPM code
has been duplicated in order to temporarily preserve compatibility. All
new improvements/changes to SPM will be done in the non-deprecated copy,
that may change without notice.

The new build option SPM_DEPRECATED has been introduced to select the SPM
implementation. It defaults to 1, that selects the deprecated SPM.

Change-Id: Ic9f80b53b450e97b4d3f47e4ef4a138ee8d87443
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1675 from SNG-ARM/integration

SPM priority level changes

SPM: EHF: Build EHF module along with Secure Partition Manager

Add a dependency for building EL3 exception handling framework(EHF)
module with the secure partition manager(SPM).

The EHF module is n

SPM: EHF: Build EHF module along with Secure Partition Manager

Add a dependency for building EL3 exception handling framework(EHF)
module with the secure partition manager(SPM).

The EHF module is needed for raising the core's running priority
before the core enters the secure partition, and lowering it
subsequently on exit from the secure partition.

Change-Id: Icbe2d0a63f00b46dc593ff3d86b676c9333506c3
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>

show more ...

Merge pull request #1533 from jeenu-arm/mpam

AArch64: Enable MPAM for lower ELs

Merge pull request #1523 from jts-arm/dsu

DSU erratum 936184 workaround

AArch64: Enable MPAM for lower ELs

Memory Partitioning And Monitoring is an Armv8.4 feature that enables
various memory system components and resources to define partitions.
Software running at vari

AArch64: Enable MPAM for lower ELs

Memory Partitioning And Monitoring is an Armv8.4 feature that enables
various memory system components and resources to define partitions.
Software running at various ELs can then assign themselves to the
desired partition to control their performance aspects.

With this patch, when ENABLE_MPAM_FOR_LOWER_ELS is set to 1, EL3 allows
lower ELs to access their own MPAM registers without trapping to EL3.
This patch however doesn't make use of partitioning in EL3; platform
initialisation code should configure and use partitions in EL3 if
required.

Change-Id: I5a55b6771ccaa0c1cffc05543d2116b60cbbcdcd
Co-authored-by: James Morse <james.morse@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

DSU erratum 936184 workaround

If the system is in near idle conditions, this erratum could cause a
deadlock or data corruption. This patch applies the workaround that
prevents this.

This DSU erratu

DSU erratum 936184 workaround

If the system is in near idle conditions, this erratum could cause a
deadlock or data corruption. This patch applies the workaround that
prevents this.

This DSU erratum affects only the DSUs that contain the ACP interface
and it was fixed in r2p0. The workaround is applied only to the DSUs
that are actually affected.

Link to respective Arm documentation:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm138168/index.html

Change-Id: I033213b3077685130fc1e3f4f79c4d15d7483ec9
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

show more ...

Merge pull request #1485 from jeenu-arm/ras

Double-fault and fatal error handling support

RAS: Move EA handling to a separate file

A new file ea_delegate.S is introduced, and all EA-related functions are
moved into it. This makes runtime_exceptions.S less crowded and reads
better.

No fu

RAS: Move EA handling to a separate file

A new file ea_delegate.S is introduced, and all EA-related functions are
moved into it. This makes runtime_exceptions.S less crowded and reads
better.

No functional changes.

Change-Id: I64b653b3931984cffd420563f8e8d1ba263f329f
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

Merge pull request #1437 from jeenu-arm/ras-remaining

SDEI dispatch changes to enable RAS use cases

SDEI: Make dispatches synchronous

SDEI event dispatches currently only sets up the Non-secure context
before returning to the caller. The actual dispatch only happens upon
exiting EL3 next time.

Ho

SDEI: Make dispatches synchronous

SDEI event dispatches currently only sets up the Non-secure context
before returning to the caller. The actual dispatch only happens upon
exiting EL3 next time.

However, for various error handling scenarios, it's beneficial to have
the dispatch happen synchronously. I.e. when receiving SDEI interrupt,
or for a successful sdei_dispatch_event() call, the event handler is
executed; and upon the event completion, dispatcher execution resumes
after the point of dispatch. The jump primitives introduced in the
earlier patch facilitates this feature.

With this patch:

- SDEI interrupts and calls to sdei_dispatch_event prepares the NS
context for event dispatch, then sets a jump point, and immediately
exits EL3. This results in the client handler executing in
Non-secure.

- When the SDEI client completes the dispatched event, the SDEI
dispatcher does a longjmp to the jump pointer created earlier. For
the caller of the sdei_dispatch_event() in particular, this would
appear as if call returned successfully.

The dynamic workaround for CVE_2018_3639 is slightly shifted around as
part of related minor refactoring. It doesn't affect the workaround
functionality.

Documentation updated.

NOTE: This breaks the semantics of the explicit dispatch API, and any
exiting usages should be carefully reviewed.

Change-Id: Ib9c876d27ea2af7fb22de49832e55a0da83da3f9
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

BL31: Introduce jump primitives

This patch introduces setjmp() and ongjmp() primitives to enable
standard setjmp/longjmp style execution. Both APIs parameters take a
pointer to struct jmpbuf type, w

BL31: Introduce jump primitives

This patch introduces setjmp() and ongjmp() primitives to enable
standard setjmp/longjmp style execution. Both APIs parameters take a
pointer to struct jmpbuf type, which hosts CPU registers saved/restored
during jump.

As per the standard usage:

- setjmp() return 0 when a jump is setup; and a non-zero value when
returning from jump.

- The caller of setjmp() must not return, or otherwise update stack
pointer since.

Change-Id: I4af1d32e490cfa547979631b762b4cba188d0551
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

Merge pull request #1392 from dp-arm/dp/cve_2018_3639

Implement workaround for CVE-2018-3639 on Cortex A57/A72/A73 and A75

Rename symbols and files relating to CVE-2017-5715

This patch renames symbols and files relating to CVE-2017-5715 to make
it easier to introduce new symbols and files for new CVE mitigations.

Chang

Rename symbols and files relating to CVE-2017-5715

This patch renames symbols and files relating to CVE-2017-5715 to make
it easier to introduce new symbols and files for new CVE mitigations.

Change-Id: I24c23822862ca73648c772885f1690bed043dbc7
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Merge pull request #1305 from dp-arm/dp/smccc

Implement support for v1.2 of firmware interfaces spec (ARM DEN 0070A)

Fixup `SMCCC_ARCH_FEATURES` semantics

When querying `SMCCC_ARCH_WORKAROUND_1` through `SMCCC_ARCH_FEATURES`,
return either:
* -1 to indicate the PE on which `SMCCC_ARCH_FEATURES` is called
req

Fixup `SMCCC_ARCH_FEATURES` semantics

When querying `SMCCC_ARCH_WORKAROUND_1` through `SMCCC_ARCH_FEATURES`,
return either:
* -1 to indicate the PE on which `SMCCC_ARCH_FEATURES` is called
requires firmware mitigation for CVE-2017-5715 but the mitigation
is not compiled in.
* 0 to indicate that firmware mitigation is required, or
* 1 to indicate that no firmware mitigation is required.

This patch complies with v1.2 of the firmware interfaces
specification (ARM DEN 0070A).

Change-Id: Ibc32d6620efdac6c340758ec502d95554a55f02a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...