Merge changes Ic01517d5,I43af5796,I540e113f,I15646753,I180d38fe, ... into integration

* changes:
fix(cpus): organize Cortex-X2 errata entries
fix(cpus): workaround for Cortex-X2 erratum 2291219

Merge changes Ic01517d5,I43af5796,I540e113f,I15646753,I180d38fe, ... into integration

* changes:
fix(cpus): organize Cortex-X2 errata entries
fix(cpus): workaround for Cortex-X2 erratum 2291219
fix(cpus): workaround for Cortex-X2 erratum 2267065
fix(cpus): workaround for Cortex-X2 erratum 2136059
fix(cpus): workaround for Cortex-X2 erratum 1934260
fix(cpus): workaround for Cortex-X2 erratum 1927200
fix(cpus): workaround for Cortex-X2 erratum 1917258
fix(cpus): workaround for Cortex-X2 erratum 1916945
fix(cpus): workaround for Cortex-X2 erratum 1901946

show more ...

feat(common): add support for kernel DT handoff convention

TF-A currently supports multiple DT handoff conventions:

1. Firmware Handoff (FH): DT passed in x0, with x1–x3 carrying
additional data

feat(common): add support for kernel DT handoff convention

TF-A currently supports multiple DT handoff conventions:

1. Firmware Handoff (FH): DT passed in x0, with x1–x3 carrying
additional data.
2. Kernel-compatible handoff (ARM_LINUX_KERNEL_AS_BL33): DT passed in
x0, x1–x3 zeroed.
3. Legacy TF-A convention: DT passed in x1, with x0 used for MPIDR or
NT_FW_CONFIG.

After discussions with folks in EDK2 and U-Boot, it's clear that there
is no strict requirement for placing the DT in x1. Both projects support
x0 for Arm platforms. To standardize behavior and support firmware
handoff migration, this patch introduces USE_KERNEL_DT_CONVENTION as a
configurable build flag. When enabled, the DT will be passed in x0 for
BL33.

This aligns TF-A’s behavior with Linux boot expectations and simplifies
integration across bootloaders.

Change-Id: I6bd7154fe07cb2e16e25c058f7cf862f9ae007e7
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

fix(cpus): organize Cortex-X2 errata entries

The entries in cpu-ops.mk and cpu-specific-build-macros.rst are out of
order and the formatting is not consistent. This patch corrects these
minor format

fix(cpus): organize Cortex-X2 errata entries

The entries in cpu-ops.mk and cpu-specific-build-macros.rst are out of
order and the formatting is not consistent. This patch corrects these
minor formatting issues.

Change-Id: Ic01517d58d3ca1b2d39be5282b0058c94fa5d0e7
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-X2 erratum 2291219

Cortex-X2 erratum 2291219 is a Cat B erratum that applies to
revisions r0p0, r1p0 and r2p0 and is fixed in r2p1.

The workaround is to set CPUACTL

fix(cpus): workaround for Cortex-X2 erratum 2291219

Cortex-X2 erratum 2291219 is a Cat B erratum that applies to
revisions r0p0, r1p0 and r2p0 and is fixed in r2p1.

The workaround is to set CPUACTLR2_EL1[36] before the power
down sequence that sets PWRDN_EN and executes WFI. This bit
should be be cleared after exiting WFI.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775100/latest

Change-Id: I43af57961feba3a1c001d09ad804740b996f1db7
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-X2 erratum 2267065

Cortex-X2 erratum 2267065 is a Cat B erratum that applies to
revisions r0p0, r1p0 and r2p0 and is fixed in r2p1.

The workaround is to set CPUACTL

fix(cpus): workaround for Cortex-X2 erratum 2267065

Cortex-X2 erratum 2267065 is a Cat B erratum that applies to
revisions r0p0, r1p0 and r2p0 and is fixed in r2p1.

The workaround is to set CPUACTLR_EL1[22].

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775100/latest

Change-Id: I540e113f209ef11ec7103d4ef4e48ffb52416b4e
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-X2 erratum 2136059

Cortex-X2 erratum 2136059 is a Cat B erratum that applies to
revisions r0p0, r1p0 and r2p0 and is fixed in r2p1.

The workaround is to set CPUACTL

fix(cpus): workaround for Cortex-X2 erratum 2136059

Cortex-X2 erratum 2136059 is a Cat B erratum that applies to
revisions r0p0, r1p0 and r2p0 and is fixed in r2p1.

The workaround is to set CPUACTLR5_EL1[44].

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775100/latest

Change-Id: I156467537c3f235b50fc8aa19a969f2798bd891b
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-X2 erratum 1934260

Cortex-X2 erratum 1934260 is a Cat B erratum that applies only
to revision r1p0 and is fixed in r2p0.

The workaround is to set CPUECTLR_EL1[25:18

fix(cpus): workaround for Cortex-X2 erratum 1934260

Cortex-X2 erratum 1934260 is a Cat B erratum that applies only
to revision r1p0 and is fixed in r2p0.

The workaround is to set CPUECTLR_EL1[25:18] to 0xFF. This
workaround will result in reduced performance for workloads
that benefit from write streaming.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775100/latest

Change-Id: I180d38fee27175dc8ac5fa6726e5b71c3340285f
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-X2 erratum 1927200

Cortex-X2 erratum 1927200 is a Cat B erratum that applies to
revisions r0p0 and r1p0 and is fixed in r2p0.

The workaround is to use instruction p

fix(cpus): workaround for Cortex-X2 erratum 1927200

Cortex-X2 erratum 1927200 is a Cat B erratum that applies to
revisions r0p0 and r1p0 and is fixed in r2p0.

The workaround is to use instruction patching to insert a DMB ST
before acquire atomic instructions without release semantics.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775100/latest

Change-Id: I8d9038df1907888b3c5b2520d06bc150665e74a1
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-X2 erratum 1917258

Cortex-X2 erratum 1917258 is a Cat B erratum that applies to
revisions r0p0 and r1p0 and is fixed in r2p0.

The workaround is to set CPUACTLR4_EL1

fix(cpus): workaround for Cortex-X2 erratum 1917258

Cortex-X2 erratum 1917258 is a Cat B erratum that applies to
revisions r0p0 and r1p0 and is fixed in r2p0.

The workaround is to set CPUACTLR4_EL1[43]. This has no
performance impact.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775100/latest

Change-Id: Ic18a5179856f861701f09b2556906a6722db8150
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-X2 erratum 1916945

Cortex-X2 erratum 1916945 is a Cat B erratum that applies to
revisions r0p0 and r1p0 and is fixed in r2p0.

The workaround is to set CPUECTLR_EL1[

fix(cpus): workaround for Cortex-X2 erratum 1916945

Cortex-X2 erratum 1916945 is a Cat B erratum that applies to
revisions r0p0 and r1p0 and is fixed in r2p0.

The workaround is to set CPUECTLR_EL1[8]. This has a small
performance impact (<0.5%).

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775100/latest

Change-Id: If810b1d0a07c43b3e1aa70d2ec88c1dcfa6f735f
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-X2 erratum 1901946

Cortex-X2 erratum 1901946 is a Cat B erratum that applies to
revision r1p0 and is fixed in r2p0.

The workaround is to set CPUACTLR4_EL1[15]. This

fix(cpus): workaround for Cortex-X2 erratum 1901946

Cortex-X2 erratum 1901946 is a Cat B erratum that applies to
revision r1p0 and is fixed in r2p0.

The workaround is to set CPUACTLR4_EL1[15]. This has a small
performance impact.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775100/latest

Change-Id: I5a65db60f06982191994db49815419c4d72506cf
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

Merge changes from topic "hm/handoff-cot" into integration

* changes:
docs(fconf): streamline TB_FW_CONFIG bindings
refactor(fconf): use macro to set image info

feat(smccc): add SoC name support to SMCCC_ARCH_SOC_ID

This patch adds support for getting the SoC name string
using the SMCCC_ARCH_SOC_ID interface. The SoC name query
was introduced in SMCCC versi

feat(smccc): add SoC name support to SMCCC_ARCH_SOC_ID

This patch adds support for getting the SoC name string
using the SMCCC_ARCH_SOC_ID interface. The SoC name query
was introduced in SMCCC version 1.6. It is available only
through SMC64 calls.

A new function ID, SMCCC_GET_SOC_NAME, is added. It returns
the SoC name as a null-terminated ASCII string, spread across
registers X1 to X17 in little endian order.
The total length is 136 bytes, including the null byte.
Any space after the null terminator is filled
with zeros.

A platform hook plat_get_soc_name() is added to return the
SoC name. A weak default version is also provided that returns
SMC_ARCH_CALL_NOT_SUPPORTED for platforms that do not support
this feature.

The name should follow the SMCCC rule that it must not expose
any information that is not already reported
by the SoC version and revision calls.

Reference: https://developer.arm.com/documentation/den0028/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Idc69997c509bcbfb1cecb38ed1003b29627ade4b

show more ...

Merge changes from topic "bk/pabandon_cleanup" into integration

* changes:
feat(cpus): add pabandon support to the Alto cpu
feat(psci): optimise clock init on a pabandon
feat(psci): check that

Merge changes from topic "bk/pabandon_cleanup" into integration

* changes:
feat(cpus): add pabandon support to the Alto cpu
feat(psci): optimise clock init on a pabandon
feat(psci): check that CPUs handled a pabandon
feat(psci): make pabandon support generic
refactor(psci): unify coherency exit between AArch64 and AArch32
refactor(psci): absorb psci_power_down_wfi() into common code
refactor(platforms): remove usage of psci_power_down_wfi
fix(cm): disable SPE/TRBE correctly

show more ...

Merge changes from topic "ffa_mem_perm_get_update" into integration

* changes:
feat(spm): update MM_SP_MEMORY_ATTRIBUTES_GET_AARCH64 interface
feat(el3-spmc): update FFA_MEM_PERM_GET interface

feat(psci): make pabandon support generic

Support for aborted powerdowns does not require much dedicated code.
Rather, it is largely a matter of orchestrating things to happen in the
right order.

T

feat(psci): make pabandon support generic

Support for aborted powerdowns does not require much dedicated code.
Rather, it is largely a matter of orchestrating things to happen in the
right order.

The only exception to this are older secure world dispatchers, which
assume that a CPU_SUSPEND call will be terminal and therefore can
clobber context. This was patched over in common code and hidden behind
a flag. This patch moves this to the dispatchers themselves.

Dispatchers that don't register svc_suspend{_finish} are unaffected.
Those that do must save the NS context before clobbering it and
restoring in only in case of a pabandon. Due to this operation being
non-trivial, this patch makes the assumption that these dispatchers will
only be present on hardware that does not support pabandon and therefore
does not add any contexting for them. In case this assumption ever
changes, asserts are added that should alert us of this change.

Change-Id: I94a907515b782b4d2136c0d274246cfe1d567c0e
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

refactor(psci): absorb psci_power_down_wfi() into common code

The AArch64 and AArch32 variants are not that different so there is no
need for them to be in assembly. They should also not be called f

refactor(psci): absorb psci_power_down_wfi() into common code

The AArch64 and AArch32 variants are not that different so there is no
need for them to be in assembly. They should also not be called from
non-PSCI code as PSCI is smart enough to handle this after platform
hooks. So absorb the functions into common code.

This allows for a tiny bit of optimisation: there will be no branch
(that can be missed or non-cached) to a non-inlineable function. Then in
the terminal case we can call wfi() directly with the application of the
erratum before the loop. And finally in the wakeup case, we don't have
to explicitly clear the errata as that will happen automatically on the
second call of prepare_cpu_pwr_dwn().

The A510 erratum requires a tsb csync before the dsb+wfi combo to turn
the core off. We can do this a little bit earlier in the cpu hook and
relieve common code from the responsibility. EL3 is always a prohibited
region so the buffer will stay empty.

Change-Id: I5f950df3fb7b0736df4ce25a21f78b29896de215
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

feat(spm): update MM_SP_MEMORY_ATTRIBUTES_GET_AARCH64 interface

Update MM_SP_MEMORY_ATTRIBUTES_GET_AARCH64 interface
correspondant to FF-A v1.3 memory management protocol's
FFA_MEM_PERM_GET interfac

feat(spm): update MM_SP_MEMORY_ATTRIBUTES_GET_AARCH64 interface

Update MM_SP_MEMORY_ATTRIBUTES_GET_AARCH64 interface
correspondant to FF-A v1.3 memory management protocol's
FFA_MEM_PERM_GET interface [0].

This adds one input/output parameter with page_count
to set search range and get the range having same permssion from
base_va.

This change is backward compatible.

Links: https://developer.arm.com/documentation/den0140/latest/
Change-Id: Ib1b19dd433ad018f0c39af3a9ac8dda41358fb02
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>

show more ...

docs(security): security advisory for CVE-2024-7881

Add CVE-2024-7881 security advisory document.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ide976bc8754dc94d23e76001a

docs(security): security advisory for CVE-2024-7881

Add CVE-2024-7881 security advisory document.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ide976bc8754dc94d23e76001aaecf52556e7039a

show more ...

Merge changes I801cea04,I4abb6c9d,I3c1cc0ec,I1b6f69ad,Ic4086a1f into integration

* changes:
refactor(build): pass TF_CFLAGS to the assembler
refactor(build): absorb CFLAGS into TF_CFLAGS
refac

Merge changes I801cea04,I4abb6c9d,I3c1cc0ec,I1b6f69ad,Ic4086a1f into integration

* changes:
refactor(build): pass TF_CFLAGS to the assembler
refactor(build): absorb CFLAGS into TF_CFLAGS
refactor(build): use a standard rule to run the preprocessor
refactor(build): place all cflags setting in one place
refactor(build): simplify ENABLE_LTO checking

show more ...

Merge changes from topic "ar/x3_errata" into integration

* changes:
fix(cpus): workaround for Cortex-X3 erratum 3213672
fix(cpus): workaround for Cortex-X3 erratum 3827463
fix(cpus): workaroun

Merge changes from topic "ar/x3_errata" into integration

* changes:
fix(cpus): workaround for Cortex-X3 erratum 3213672
fix(cpus): workaround for Cortex-X3 erratum 3827463
fix(cpus): workaround for Cortex-X3 erratum 3692984

show more ...

Merge "docs(security): security advisory for CVE-2024-5660" into integration

refactor(build): use a standard rule to run the preprocessor

There are a few, functionally identical, ways to call the preprocessor
on a non-C file, depending on the file. They differ in subtle, not

refactor(build): use a standard rule to run the preprocessor

There are a few, functionally identical, ways to call the preprocessor
on a non-C file, depending on the file. They differ in subtle, not
entirely correct, ways - one is missing a dependency to the makefiles,
another generates its .d inline, and the prints are different. That has
resulted in platforms reimplementing this functionality, making the
build brittle - a change to the overall build system doesn't propagate.
So add a MAKE_PRE macro that will make a rule with all the bells and
whistles to run the preprocessor on an arbitrary file.

This patch converts the arm platforms' cot_descriptors DTS rules. The
files are renamed to fit with the build rule and all extra flags are
dropped. Those flags are only necessary for building BL2 c files, which
will be passed to the output C file. Only the DTS flags are needed for
the preprocessing step, which will be passed automatically.

Change-Id: I3c1cc0ecf93b87d828f868214928c1bc9bcb5758
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(cpus): workaround for Cortex-X3 erratum 3213672

Cortex-X3 erratum 3213672 is a Cat B erratum that applies to
r0p0, r1p0, r1p1 and r1p2. It is still open.

This erratum can be worked around by se

fix(cpus): workaround for Cortex-X3 erratum 3213672

Cortex-X3 erratum 3213672 is a Cat B erratum that applies to
r0p0, r1p0, r1p1 and r1p2. It is still open.

This erratum can be worked around by setting CPUACTLR_EL1[36]
before enabling icache.

SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2055130/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ia1c03217f4e1816b4e8754a090cf5bc17546be40

show more ...

fix(cpus): workaround for Cortex-X3 erratum 3827463

Cortex-X3 erratum 3827463 is a Cat B erratum that applies to
r0p0, r1p0 and r1p1. It is fixed in r1p2.

This erratum can be avoided by setting CPU

fix(cpus): workaround for Cortex-X3 erratum 3827463

Cortex-X3 erratum 3827463 is a Cat B erratum that applies to
r0p0, r1p0 and r1p1. It is fixed in r1p2.

This erratum can be avoided by setting CPUACTLR_EL1[1]
prior to enabling MMU. This bit will disable a branch predictor
power savings feature. Disabling this power feature
results in negligible power movement and no performance impact.

SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2055130/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I1d4a2b9641400d8b9061f7cb32a8312c3995613e

show more ...