feat(gcs): support guarded control stack

Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the c

feat(gcs): support guarded control stack

Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the current call stack without requiring a full stack
unwind. Enable access to this feature for EL2 and below, context
switching the newly added EL2 registers as appropriate.

Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I691aa7c22e3547bb3abe98d96993baf18c5f0e7b

show more ...

feat(pie/por): support permission indirection and overlay

Arm v8.9 introduces a series of features providing a new way to set memory
permissions. Instead of directly encoding the permissions in the

feat(pie/por): support permission indirection and overlay

Arm v8.9 introduces a series of features providing a new way to set memory
permissions. Instead of directly encoding the permissions in the page
tables the PTEs contain indexes into an array of permissions stored in
system registers, allowing greater flexibility and density of encoding.

Enable access to these features for EL2 and below, context switching the
newly added EL2 registers as appropriate. Since all of FEAT_S[12]P[IO]E
are separately discoverable we have separate build time options for
enabling them, but note that there is overlap in the registers that they
implement and the enable bit required for lower EL access.

Change the FVP platform to default to handling them as dynamic options so
the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: Icf89e444e39e1af768739668b505661df18fb234

show more ...

Merge changes from topic "mb/rst-to-bl31-update" into integration

* changes:
docs: update RESET_TO_BL31 documentation
fix(bl31): avoid clearing of argument registers in RESET_TO_BL31 case
Reve

Merge changes from topic "mb/rst-to-bl31-update" into integration

* changes:
docs: update RESET_TO_BL31 documentation
fix(bl31): avoid clearing of argument registers in RESET_TO_BL31 case
Revert "docs(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"
Revert "feat(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"

show more ...

docs(porting): move porting guide upper in table of contents

The porting guide is currently hosted under the 'Getting started'
section. Yet, porting the full firmware to a new platform is probably
n

docs(porting): move porting guide upper in table of contents

The porting guide is currently hosted under the 'Getting started'
section. Yet, porting the full firmware to a new platform is probably
not the first thing that one would do. Before delving into the
details, one would probably start by building the code for an emulated
platform, such as Arm FVP.

Furthermore, the porting guide is such a big and important document
that it probably deserves being visible in the main table of contents.
Thus, move it just above the list of supported platforms.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I51b3d2a93832505ab90d73c823f06f9540e84c77

show more ...

docs(porting): remove reference to xlat_table lib v1

Version 1 of the translation table library is deprecated. Refer to
version 2 instead.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.co

docs(porting): remove reference to xlat_table lib v1

Version 1 of the translation table library is deprecated. Refer to
version 2 instead.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I10a4ab7b346ea963345f82baff2deda267c5308d

show more ...

docs(porting): remove pull request terminology

The pull request terminology dates back from when TF-A repository was
hosted on Github. Use a terminology that is more suited to Gerrit
workflow.

Sign

docs(porting): remove pull request terminology

The pull request terminology dates back from when TF-A repository was
hosted on Github. Use a terminology that is more suited to Gerrit
workflow.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Ieecf47617ca1cdb76b9c4a83f63ba3c402b9e975

show more ...

docs(ethos-n): update porting-guide.rst for NPU

Add some missing configuration that must be done for supporting NPU on
other platforms.

Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-

docs(ethos-n): update porting-guide.rst for NPU

Add some missing configuration that must be done for supporting NPU on
other platforms.

Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: Ic505ea60f73b970d0d7ded101830eb2ce8c7ab64

show more ...

feat(ethos-n): add separate RO and RW NSAIDs

To be able to further restrict the memory access for the Arm(R)
Ethos(TM)-N NPU, separate read-only and read/write NSAIDs for the
non-protected and prote

feat(ethos-n): add separate RO and RW NSAIDs

To be able to further restrict the memory access for the Arm(R)
Ethos(TM)-N NPU, separate read-only and read/write NSAIDs for the
non-protected and protected memory have been added to the Juno
platform's TZMP1 TZC configuration for the NPU.

The platform definition has been updated accordingly and the NPU driver
will now only give read/write access to the streams that require it.

Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I5a173500fc1943a5cd406a3b379e1f1f554eeda6

show more ...

feat(ethos-n)!: load NPU firmware at BL2

BL2 on Juno now loads the Arm(R) Ethos(TM)-N NPU firmware into a fixed
address, using the existing image loading framework.

Includes support for TRUSTED_BOA

feat(ethos-n)!: load NPU firmware at BL2

BL2 on Juno now loads the Arm(R) Ethos(TM)-N NPU firmware into a fixed
address, using the existing image loading framework.

Includes support for TRUSTED_BOARD_BOOT, if enabled, using the firmware
content and key certificates from the FIP.

Supports the ARM_IO_IN_DTB option so can specify the firmware location
from the dtb rather than it being hardcoded to the FIP

Update makefile to automatically embed the appropriate images into the
FIP.

BREAKING CHANGE: Building the FIP when TZMP1 support is enabled in the
NPU driver now requires a parameter to specify the NPU firmware file.

Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I8cd64fb20d58f8bd539facb085606213d6cead06

show more ...

feat(ethos-n): add support to set up NSAID

For the TZC to allow the Arm(R) Ethos(TM)-N NPU to access the buffers
allocated in a protected memory region, it must include the correct
NSAID for that re

feat(ethos-n): add support to set up NSAID

For the TZC to allow the Arm(R) Ethos(TM)-N NPU to access the buffers
allocated in a protected memory region, it must include the correct
NSAID for that region in its transactions to the memory. This change
updates the SiP service to configure the NSAIDs specified by a platform
define. When doing a protected access the SiP service now configures the
NSAIDs specified by the platform define. For unprotected access the
NSAID is set to zero.

Signed-off-by: Rajasekaran Kalidoss <rajasekaran.kalidoss@arm.com>
Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I3360ef33705162aba5c67670386922420869e331

show more ...

docs(sve): update defaults for FEAT_SVE

FEAT_SVE build macro, "ENABLE_SVE_FOR_NS" default value has been updated
to 2, to support its existing behavior of dynamic detection as well as
keep it aligne

docs(sve): update defaults for FEAT_SVE

FEAT_SVE build macro, "ENABLE_SVE_FOR_NS" default value has been updated
to 2, to support its existing behavior of dynamic detection as well as
keep it aligned with the changes concerning STATE=FEAT_STATE_CHECKED(2),
part of Feature Detection procedure.

Change-Id: Iee43e899f19dc9d5eb57c235998758f462a8c397
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

feat(cpufeat): enable FEAT_SVE for FEAT_STATE_CHECKED

Add support for runtime detection (ENABLE_SVE_FOR_NS=2), by splitting
sve_supported() into an ID register reading function and a
second function

feat(cpufeat): enable FEAT_SVE for FEAT_STATE_CHECKED

Add support for runtime detection (ENABLE_SVE_FOR_NS=2), by splitting
sve_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SVE specific setup.

Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.

Change-Id: I1caaba2216e8e2a651452254944a003607503216
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

feat(cpufeat): enable FEAT_SME for FEAT_STATE_CHECKED

Add support for runtime detection (ENABLE_SME_FOR_NS=2), by splitting
feat_sme_supported() into an ID register reading function and a
second fun

feat(cpufeat): enable FEAT_SME for FEAT_STATE_CHECKED

Add support for runtime detection (ENABLE_SME_FOR_NS=2), by splitting
feat_sme_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SME specific setup.

Change the FVP platform default to the now supported dynamic option
(=2),so the right decision can be made by the code at runtime.

Change-Id: Ida9ccf737db5be20865b84f42b1f9587be0626ab
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

Merge changes from topic "psci-osi" into integration

* changes:
feat(sc7280): add support for PSCI_OS_INIT_MODE
feat(fvp): enable support for PSCI OS-initiated mode
feat(psci): update PSCI_FEA

Merge changes from topic "psci-osi" into integration

* changes:
feat(sc7280): add support for PSCI_OS_INIT_MODE
feat(fvp): enable support for PSCI OS-initiated mode
feat(psci): update PSCI_FEATURES
feat(psci): add support for OS-initiated mode
feat(psci): add support for PSCI_SET_SUSPEND_MODE
build(psci): add build option for OS-initiated mode
docs(psci): add design proposal for OS-initiated mode

show more ...

refactor(amu): unify ENABLE_AMU and ENABLE_FEAT_AMUv1

So far we have the ENABLE_AMU build option to include AMU register
handling code for enabling and context switch. There is also an
ENABLE_FEAT_A

refactor(amu): unify ENABLE_AMU and ENABLE_FEAT_AMUv1

So far we have the ENABLE_AMU build option to include AMU register
handling code for enabling and context switch. There is also an
ENABLE_FEAT_AMUv1 option, solely to protect the HAFGRTR_EL2 system
register handling. The latter needs some alignment with the new feature
scheme, but it conceptually overlaps with the ENABLE_AMU option.

Since there is no real need for two separate options, unify both into a
new ENABLE_FEAT_AMU name in a first step. This is mostly just renaming at
this point, a subsequent patch will make use of the new feature handling
scheme.

Change-Id: I97d8a55bdee2ed1e1509fa9f2b09fd0bdd82736e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): align FEAT_SB to new feature handling

FEAT_SB introduces a new speculation barrier instruction, that is more
lightweight than a "dsb; isb" combination. We use that in a hot path,

refactor(cpufeat): align FEAT_SB to new feature handling

FEAT_SB introduces a new speculation barrier instruction, that is more
lightweight than a "dsb; isb" combination. We use that in a hot path,
so cannot afford and don't want a runtime detection mechanism.
Nevertheless align the implementation of the feature detection part
with the other features, but renaming the detection function, and
updating the FEAT_DETECTION code. Also update the documentation.

Change-Id: I2b86dfd1ad259c3bb99ab5186e2911ace454b54c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): enable SYS_REG_TRACE for FEAT_STATE_CHECKED

At the moment we only support access to the trace unit by system
registers (SYS_REG_TRACE) to be either unconditionally compiled in, or

refactor(cpufeat): enable SYS_REG_TRACE for FEAT_STATE_CHECKED

At the moment we only support access to the trace unit by system
registers (SYS_REG_TRACE) to be either unconditionally compiled in, or
to be not supported at all.

Add support for runtime detection (ENABLE_SYS_REG_TRACE_FOR_NS=2), by
adding is_feat_sys_reg_trace_supported(). That function considers both
build time settings and runtime information (if needed), and is used
before we access SYS_REG_TRACE related registers.

The FVP platform decided to compile in support unconditionally (=1),
even though this is an optional feature, so it is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.

Change-Id: I450a574a4f6bd9fc269887037049c94c906f54b2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

feat(psci): add support for OS-initiated mode

This patch adds a `psci_validate_state_coordination` function that is
called by `psci_cpu_suspend_start` in OS-initiated mode.

This function validates

feat(psci): add support for OS-initiated mode

This patch adds a `psci_validate_state_coordination` function that is
called by `psci_cpu_suspend_start` in OS-initiated mode.

This function validates the request per sections 4.2.3.2, 5.4.5, and 6.3
of the PSCI spec (DEN0022D.b):
- The requested power states are consistent with the system's state
- The calling core is the last running core at the requested power level

This function differs from `psci_do_state_coordination` in that:
- The `psci_req_local_pwr_states` map is not modified if the request
were to be denied
- The `state_info` argument is never modified since it contains the
power states requested by the calling OS

This is conditionally compiled into the build depending on the value of
the `PSCI_OS_INIT_MODE` build option.

Change-Id: I667041c842d2856e9d128c98db4d5ae4e4552df3
Signed-off-by: Wing Li <wingers@google.com>

show more ...

build(psci): add build option for OS-initiated mode

Change-Id: Ie4f7b6a36926ab075ebb9c6507a3ff48ce5538fe
Signed-off-by: Wing Li <wingers@google.com>

refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED

At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detecti

refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED

At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_SPE_FOR_NS=2), by splitting
is_armv8_2_feat_spe_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access SPE related registers.

Previously SPE was enabled unconditionally for all platforms, change
this now to the runtime detection version.

Change-Id: I830c094107ce6a398bf1f4aef7ffcb79d4f36552
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): rename ENABLE_SPE_FOR_LOWER_ELS to ENABLE_SPE_FOR_NS

At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL2.E2PB accordin

refactor(cpufeat): rename ENABLE_SPE_FOR_LOWER_ELS to ENABLE_SPE_FOR_NS

At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL2.E2PB accordingly.

This should be reflected in the feature selection symbol, so rename that
to ENABLE_SPE_FOR_NS, to make it clearer that SPE is not supported in
the secure world.

Change-Id: I3f9b48eab1a45d6ccfcbb9c90a11eeb66867ad9a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge "feat(tcr2): support FEAT_TCR2" into integration

feat(tcr2): support FEAT_TCR2

Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the n

feat(tcr2): support FEAT_TCR2

Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the new registers.

Change the FVP platform to default to handling this as a dynamic option so
the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I297452acd8646d58bac64fc15e05b06a543e5148

show more ...

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is runnin

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).

BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.

Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>

show more ...

Revert "docs(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"

Adopted RESET_TO_BL31_WITH_PARAMS functionality in RESET_TO_BL31
in the subsequent patches hence reverted this patch.
This reverts commit ac4a

Revert "docs(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"

Adopted RESET_TO_BL31_WITH_PARAMS functionality in RESET_TO_BL31
in the subsequent patches hence reverted this patch.
This reverts commit ac4ac38c5443afdef38e38e9247c96359de3a2ea.

Change-Id: I5fb8eaea47d0fd6d0171260c6d834ec8de588fad
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...