Merge changes from topics "qemu-sve", "xl/simd-hash" into integration

* changes:
feat(qemu): disable fpregs traps for QEMU in BL31
feat(crypto): enable the runtime instrumentation for crypto ext

Merge changes from topics "qemu-sve", "xl/simd-hash" into integration

* changes:
feat(qemu): disable fpregs traps for QEMU in BL31
feat(crypto): enable the runtime instrumentation for crypto extension
feat(crypto): enable access to SIMD crypto in BL1 and BL2
feat(crypto): enable floating point register traps in EL3
feat(crypto): build flag for SIMD crypto extensions for v8+ platform
refactor(build): add a default filter list for lib cflags

show more ...

Merge "fix(cpus): workaround for Cortex-A65AE erratum 1638571" into integration

fix(cpus): workaround for Cortex-A65AE erratum 1638571

Cortex-A65AE erratum 1638571 is a Cat B erratum that applies
to revisions r0p0, r1p0, r1p1, and is still open.

This erratum can be avoided by

fix(cpus): workaround for Cortex-A65AE erratum 1638571

Cortex-A65AE erratum 1638571 is a Cat B erratum that applies
to revisions r0p0, r1p0, r1p1, and is still open.

This erratum can be avoided by disable stage1 page table walk for
lower Els (EL1 and EL0) in EL3, so 'AT' speculative fetch at any
point produces either the correct result or failure without TLB
allocation.

SDEN documentation:
https://developer.arm.com/documentation/SDEN1344564/latest

Change-Id: I861230de94a105fd52f9c8ef7e7551a2633c065b
Signed-off-by: Xialin Liu <xialin.liu@arm.com>

show more ...

feat(crypto): build flag for SIMD crypto extensions for v8+ platform

Add new build flags ENABLE_FEAT_CRYPTO to enable SIMD crypto extension
for hash256 in bootflow authentication process and ENABLE_

feat(crypto): build flag for SIMD crypto extensions for v8+ platform

Add new build flags ENABLE_FEAT_CRYPTO to enable SIMD crypto extension
for hash256 in bootflow authentication process and ENABLE_FEAT_CRYPTO_SHA3
to enable SIMD crypto extension for sha384 and sha512 in bootflow authentication
process for Arm platform greater than v8.0.

Change-Id: I6e52feb318136910d34cafd89319bf94f90e16fc
Signed-off-by: Xialin Liu <xialin.liu@arm.com>

show more ...

fix(cpus): remove C1-Premium erratum 3651221

This erratum workaround is already implemented as part
of CVE-2024-7881 [1] and is redundant. This patch removes
C1-Premium erratum 3651221 [2] support.

fix(cpus): remove C1-Premium erratum 3651221

This erratum workaround is already implemented as part
of CVE-2024-7881 [1] and is redundant. This patch removes
C1-Premium erratum 3651221 [2] support.

[1] : https://developer.arm.com/documentation/110326/latest/
[2] : https://developer.arm.com/documentation/111078/latest/
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I40b37ec62788884ae5c0a0bb3eb4b924622ffe55

show more ...

fix(cpus): remove C1-Ultra erratum 3651221

This erratum workaround is already implemented as part
of CVE-2024-7881 [1] and is redundant. This patch removes
C1-Ultra erratum 3651221 [2] support.

[1]

fix(cpus): remove C1-Ultra erratum 3651221

This erratum workaround is already implemented as part
of CVE-2024-7881 [1] and is redundant. This patch removes
C1-Ultra erratum 3651221 [2] support.

[1] : https://developer.arm.com/documentation/110326/latest/
[2] : https://developer.arm.com/documentation/111077/latest/
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: If7ea433e4614f92333e788e3f6b366db22c92f0d

show more ...

fix(cpus): correct CVE-2024-7881 workaround and drop duplicate erratum

Fix the CVE-2024-7881 [1] workaround for C1-Pro. The previously
implemented erratum 3684268 [2] programmed the same control bit

fix(cpus): correct CVE-2024-7881 workaround and drop duplicate erratum

Fix the CVE-2024-7881 [1] workaround for C1-Pro. The previously
implemented erratum 3684268 [2] programmed the same control bit and
overlapped functionally with the CVE workaround, so the duplicate
erratum is removed.

Reference:
[1] https://developer.arm.com/documentation/110326/latest/
[2] https://developer.arm.com/documentation/SDEN-3273080/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I6207c49486e4020f34c862ad40ec3137bd3684cc

show more ...

Merge changes I8d332dbe,I9d30b6f9,I2fd7eece,Ibcd65f39,I86cc5e97 into integration

* changes:
feat(bl2): support RESET_TO_BL2 and ENABLE_RME
fix(build): fix BL2_CPPFLAGS when ENABLE_RME is set
f

Merge changes I8d332dbe,I9d30b6f9,I2fd7eece,Ibcd65f39,I86cc5e97 into integration

* changes:
feat(bl2): support RESET_TO_BL2 and ENABLE_RME
fix(build): fix BL2_CPPFLAGS when ENABLE_RME is set
fix(fvp): increase resident text size of BL2
fix(arm): support FCONF when TRANSFER_LIST and RESET_BL2 is set
fix(arm): update next image's ep info with the FW config address

show more ...

feat(bl2): support RESET_TO_BL2 and ENABLE_RME

When RSE is used as the root of trust along with CPU that supports RME
there is a need to enable both RESET_TO_BL2 and ENABLE_RME.

In current bl2_main

feat(bl2): support RESET_TO_BL2 and ENABLE_RME

When RSE is used as the root of trust along with CPU that supports RME
there is a need to enable both RESET_TO_BL2 and ENABLE_RME.

In current bl2_main there are two different code paths for RESET_BL2,
one handles BL2 running in EL1 and other for BL2 running in EL3.

When RME is enabled, BL2 always runs at EL3 but the current flow calls
bl2_early_platform_setup2, bl2_plat_arch_setup instead of
bl2_el3_early_platform_setup, bl2_el3_plat_arch_setup. Adding RME,
TRANSFER_LIST, ROMLIB support in bl2_el3_* helpers makes
arm_bl2_el3_setup.c almost identical to arm_bl2_setup.c.

This patch removes bl2_el3_plat helpers and related files. Now different
combinations of RESET_TO_BL2, ENABLE_RME are handled in common bl2_setup
routines in arm_bl2_setup.c. This helps to have common place to support
new features and build flags for BL2 irrespective of which EL the BL2
runs.

BREAKING-CHANGE: This patch also changes all existing platform files and
functions that use format bl2_el3_* to bl2_plat helpers. If any platform
or out-of-tree platforms that need to support running BL2 in EL1 or EL3
must now handle it in bl2_early_platform_setup2 and bl2_plat_arch_setup.

Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I8d332dbe2de1db3b69319496c8d04626cdcf4140

show more ...

Merge "docs(maintainers): add George Cherian as Marvell platforms maintainer" into integration

fix(security): add workaround for CVE-2025-0647

This workaround fixes an issue with the CPP RCTX instruction by
issuing an instruction patch sequence to trap uses of the CPP RCTX
instruction from EL

fix(security): add workaround for CVE-2025-0647

This workaround fixes an issue with the CPP RCTX instruction by
issuing an instruction patch sequence to trap uses of the CPP RCTX
instruction from EL0, EL1, and EL2 to EL3 and perform a workaround
procedure using the implementation defined trap handler to ensure
the correct behavior of the system. In addition, it includes an EL3
API to be used if EL3 firmware needs to use the CPP RCTX instruction.
This saves the overhead of exception handling, and EL3 does not
generically support trapping EL3->EL3, and adding support for that
is not trivial due to the implications for context management.

The issue affects the following CPUs:

C1-Premium
C1-Ultra
Cortex-A710
Cortex-X2
Cortex-X3
Cortex-X4
Cortex-X925
Neoverse N2
Neoverse V2
Neoverse V3
Neoverse V3AE (handled same as V3 CPU in TF-A CPU-Lib)

Arm Security Bulletin Document:
https://developer.arm.com/documentation/111546

Change-Id: I5e7589afbeb69ebb79c01bec80e29f572aff3d89
Signed-off-by: John Powell <john.powell@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge changes I2485d583,I1374c482,I07e29dbb,I949e6486 into integration

* changes:
feat(qemu): enable ENABLE_FEAT_RAS and ENABLE_FEAT_SB
feat(cpufeat): update FEAT_SB's FEAT_STATE_CHECKED status

Merge changes I2485d583,I1374c482,I07e29dbb,I949e6486 into integration

* changes:
feat(qemu): enable ENABLE_FEAT_RAS and ENABLE_FEAT_SB
feat(cpufeat): update FEAT_SB's FEAT_STATE_CHECKED status
feat(cpufeat): advertise support for FEAT_RASv2
feat(cpufeat): enable FEAT_RAS for FEAT_STATE_CHECKED again

show more ...

Merge changes I3a2243d0,Ifeb88c8f,I8ac77336 into integration

* changes:
feat(cpufeat): add the newly analyzed features to FEATURE_DETECTION
docs(cpufeat): add analysis of 2024 features
fix(cpu

Merge changes I3a2243d0,Ifeb88c8f,I8ac77336 into integration

* changes:
feat(cpufeat): add the newly analyzed features to FEATURE_DETECTION
docs(cpufeat): add analysis of 2024 features
fix(cpufeat): add FEAT_SPE to FEATURE_DETECTION

show more ...

docs(maintainers): add George Cherian as Marvell platforms maintainer

Add George Cherian as code owner for Marvell platforms.
While at it sort the platform entry and Jaiprakash Singh's github link
a

docs(maintainers): add George Cherian as Marvell platforms maintainer

Add George Cherian as code owner for Marvell platforms.
While at it sort the platform entry and Jaiprakash Singh's github link
alphabetically.

Change-Id: I3601416faa46d99f056571c5990a426272973290
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

feat(cpufeat): update FEAT_SB's FEAT_STATE_CHECKED status

FEAT_SB is mostly FEAT_STATE_CHECKED enabled but that is not apparent
from docs and code's check is sub-optimal. Update docs to make this
ap

feat(cpufeat): update FEAT_SB's FEAT_STATE_CHECKED status

FEAT_SB is mostly FEAT_STATE_CHECKED enabled but that is not apparent
from docs and code's check is sub-optimal. Update docs to make this
apparent and update code to have a proper FEAT_STATE_CHECKED fallback.

Also enable it for FVP so it's tested a bit more.

Change-Id: I1374c4828b235ad16904f6c4ac9e39b9c2596a37
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

feat(cpufeat): enable FEAT_RAS for FEAT_STATE_CHECKED again

FEAT_RAS was originally converted to FEAT_STATE_CHECKED in 6503ff291.
However, the ability to use it was removed with 970a4a8d8 by simply

feat(cpufeat): enable FEAT_RAS for FEAT_STATE_CHECKED again

FEAT_RAS was originally converted to FEAT_STATE_CHECKED in 6503ff291.
However, the ability to use it was removed with 970a4a8d8 by simply
saying it impacts execution at EL3. That's true, but FEAT_STATE_CHECKED
can still be allowed by being a bit clever about it.

First, the remainder of common code can be converted to use the
is_feat_ras_supported() helper instead of the `#if FEATURE` pattern.
There are no corner cases to consider there. The feature is either
present (and appropriate action must be taken) or the feature is not (so
we can skip RAS code).

A conscious choice is taken to check the RAS code in synchronize_errors
despite it being in a hot path. Any fixed platform that seeks to be
performant should be setting features to 0 or 1. Then, the
SCTLR_EL3.IESB bit is always set if ENABLE_FEAT_RAS != 0 since we expect
FEAT_IESB to be present if FEAT_RAS is (despite the architecture not
guaranteeing it). If FEAT_RAS isn't present then we don't particularly
care about the status of FEAT_IESB.

Second, platforms that don't set ENABLE_FEAT_RAS must continue to work.
This is true out of the box with the is_feat_xyz_supported() helpers, as
they make sure to fully disable code within them.

Third, platforms that do set ENABLE_FEAT_RAS=1 must continue to work.
This is also true out of the box and no logical change is undertaken in
common code.

Finally, ENABLE_FEAT_RAS is set to 2 on FVP. Having RAS implies that the
whole handling machinery will be built-in and registered as appropriate.
However, when RAS is built-in but not present in hardware, these
registrations can still happen, they will only never be invoked at
runtime.

Change-Id: I949e648601dc0951ef9c2b217f34136b6ea4b3dc
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

docs(cpufeat): add analysis of 2024 features

Having gone through the list, write down the features that require no
EL3 enablement and leave out the ones that do.

Minor revisions of major features (

docs(cpufeat): add analysis of 2024 features

Having gone through the list, write down the features that require no
EL3 enablement and leave out the ones that do.

Minor revisions of major features (eg FEAT_SPE) that introduce a
mandatory feature are counted as independent features.

Change-Id: Ifeb88c8fb7a754eaa0df2edaa935090cbdfa35ad
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "fix(debug): add debug log build option" into integration

Merge changes from topic "morello_upstream" into integration

* changes:
feat(morello): add capability load/store/track support to MMU
feat(morello): add Morello capability enablement changes

fix(debug): add debug log build option

When log level set to verbose, xlat prints
alot of translation table debug logs.These
detail logs keeps on printing for minutes
and increase boot time. Also, n

fix(debug): add debug log build option

When log level set to verbose, xlat prints
alot of translation table debug logs.These
detail logs keeps on printing for minutes
and increase boot time. Also, not all users
might be interested in the xlat detail
logs when verbose is on.

LOG_DEBUG is added to print xlat detail
logs only when someone intentionally
enables logging.

Change-Id: I3308b49779a692bdce87fb6929c88fdcb713e628
Signed-off-by: Jaiprakash Singh <jaiprakashs@marvell.com>

show more ...

feat(morello): add Morello capability enablement changes

This patch adds a build macro ENABLE_FEAT_MORELLO which when set will
compile BL31 firmware with changes required to boot capability
aware so

feat(morello): add Morello capability enablement changes

This patch adds a build macro ENABLE_FEAT_MORELLO which when set will
compile BL31 firmware with changes required to boot capability
aware software.

It also adds helper function in c and assmbly to check if morello
hardware is present and if morello capability is enabled or not.

CE field, bits [23:20] in ID_AA64PFR1_EL1 defines whether morello
architecture is present or not, 0b0000 indicates that it is absent
and 0b0001 indicates that it is present. While whether capabilities
are enabled or not is decided at runtime with ENABLE_FEAT_MORELLO build
option.

Reference: https://developer.arm.com/documentation/ddi0606/latest/

Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Varshit Pandya <varshit.pandya@arm.com>
Change-Id: Ib16877acbfcb72c4bd8c08e97e44edc0a3e46089

show more ...

fix(docs): update sme disconnect on power down

With `ERRATA_SME_POWER_DOWN` enabled we disconnect SME from
core to power down the core correctly, we actually don't disable sme.

Change-Id: I42b99bd5

fix(docs): update sme disconnect on power down

With `ERRATA_SME_POWER_DOWN` enabled we disconnect SME from
core to power down the core correctly, we actually don't disable sme.

Change-Id: I42b99bd5ef125868f55a2a3ef96c0ac1b054f509
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge changes from topic "bk/amu_private" into integration

* changes:
fix(cpufeat): prevent FEAT_AMU counters 2 and 3 from counting across worlds
fix(cpufeat): disable FEAT_AMU counters on conte

Merge changes from topic "bk/amu_private" into integration

* changes:
fix(cpufeat): prevent FEAT_AMU counters 2 and 3 from counting across worlds
fix(cpufeat): disable FEAT_AMU counters on context restore
feat(per-cpu): migrate AArch32 amu_ctx to per-cpu framework

show more ...

fix(cpus): enable Neoverse-V2 external LLC support

Change-Id: I9582c7405db6862e77db240822e241d4082966f2
Signed-off-by: Jaiprakash Singh <jaiprakashs@marvell.com>

fix(cpufeat): prevent FEAT_AMU counters 2 and 3 from counting across worlds

FEAT_AMU has 4 architected counters. The lower 2, CPU_CYCLES and
CNT_CYCLES, are not considered to be side channels due to

fix(cpufeat): prevent FEAT_AMU counters 2 and 3 from counting across worlds

FEAT_AMU has 4 architected counters. The lower 2, CPU_CYCLES and
CNT_CYCLES, are not considered to be side channels due to their low
resolution and general availability of the data elsewhere. As such, they
are used for critical performance tuning and are expected to never be
turned off or context switched when switching worlds.

The upper 2 counters, INST_RETIRED and STALL_BACKEND_MEM, are different.
The data they provide is non-critical and expose new information that
could be used as a timing side channel, especially of Secure world. This
patch adds context switching of these two counters to prevent any such
side channel.

This is not done for group 1 auxiliary counters as those are IMP DEF and
are inaccessible by default unless overriden by the platform (with
AMU_RESTRICT_COUNTERS).

Change-Id: Ib4b946abb810e36736cabb9b84cd837308b4e761
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...