fix(cpus): remove errata setting PF_MODE to conservative

The erratum titled “Disabling of data prefetcher with outstanding
prefetch TLB miss might cause a deadlock” should not be handled within
TF-A

fix(cpus): remove errata setting PF_MODE to conservative

The erratum titled “Disabling of data prefetcher with outstanding
prefetch TLB miss might cause a deadlock” should not be handled within
TF-A. The current workaround attempts to follow option 2 but
misapplies it. Specifically, it statically sets PF_MODE to
conservative, which is not the recommended approach. According to the
erratum documentation, PF_MODE should be configured in conservative
mode only when we disable data prefetcher however this is not done
in TF-A and thus the workaround is not needed in TF-A.

The static setting of PF_MODE in TF-A does not correctly address the
erratum and may introduce unnecessary performance degradation on
platforms that adopt it without fully understanding its implications.

To prevent incorrect or unintended use, the current implementation of
this erratum workaround should be removed from TF-A and not adopted by
platforms.

List of Impacted CPU's with Errata Numbers and reference to SDEN -

Cortex-A78 - 2132060 - https://developer.arm.com/documentation/SDEN1401784/latest
Cortex-A78C - 2132064 - https://developer.arm.com/documentation/SDEN-2004089/latest
Cortex-A710 - 2058056 - https://developer.arm.com/documentation/SDEN-1775101/latest
Cortex-X2 - 2058056 - https://developer.arm.com/documentation/SDEN-1775100/latest
Cortex-X3 - 2070301 - https://developer.arm.com/documentation/SDEN2055130/latest
Neoverse-N2 - 2138953 - https://developer.arm.com/documentation/SDEN-1982442/latest
Neoverse-V1 - 2108267 - https://developer.arm.com/documentation/SDEN-1401781/latest
Neoverse-V2 - 2331132 - https://developer.arm.com/documentation/SDEN-2332927/latest

Change-Id: Icf4048508ae070b2df073cc46c63be058b2779df
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

docs: clarify multiple UUID support in ffa manifest

If a partition supports multiple UUID, the UUID property in the list
of partition properties in the FF-A manifest must be a list or array.
Update

docs: clarify multiple UUID support in ffa manifest

If a partition supports multiple UUID, the UUID property in the list
of partition properties in the FF-A manifest must be a list or array.
Update the document to clarify the same.

Change-Id: Id13fe8dbf57a00e5cd186158270b716a4a9aedf7
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>

show more ...

docs: clarify packing of UUID in ffa manifest

Update the ffa-manifest-bindings to clarify how the
Partition property 'UUID' must be packed.

Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Change

docs: clarify packing of UUID in ffa manifest

Update the ffa-manifest-bindings to clarify how the
Partition property 'UUID' must be packed.

Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Change-Id: Ic5ee67c9606dec30ed3a3234a5f40a976ecbb72c

show more ...

Merge "feat(rme): add SMMU and PCIe information to Boot manifest" into integration

feat(rme): add SMMU and PCIe information to Boot manifest

- Define information structures for SMMU, root complex,
root port and BDF mappings.
- Add entries for SMMU and PCIe root complexes to Boot

feat(rme): add SMMU and PCIe information to Boot manifest

- Define information structures for SMMU, root complex,
root port and BDF mappings.
- Add entries for SMMU and PCIe root complexes to Boot manifest.
- Update RMMD_MANIFEST_VERSION_MINOR from 4 to 5.

Change-Id: I0a76dc18edbaaff40116f376aeb56c750d57c7c1
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>

show more ...

Merge "chore(docs): explain what the plat_amu_aux_enables array does" into integration

Merge changes from topic "dtpm_poc" into integration

* changes:
feat(docs): update mboot threat model with dTPM
docs(tpm): add design documentation for dTPM
fix(rpi3): expose BL1_RW to BL2 ma

Merge changes from topic "dtpm_poc" into integration

* changes:
feat(docs): update mboot threat model with dTPM
docs(tpm): add design documentation for dTPM
fix(rpi3): expose BL1_RW to BL2 map for mboot
feat(rpi3): add dTPM backed measured boot
feat(tpm): add Infineon SLB9670 GPIO SPI config
feat(tpm): add tpm drivers and framework
feat(io): add generic gpio spi bit-bang driver
feat(rpi3): implement eventlog handoff to BL33
feat(rpi3): implement mboot for rpi3

show more ...

Merge changes from topic "mec" into integration

* changes:
feat(qemu): add plat_rmmd_mecid_key_update()
feat(rmmd): add RMM_MECID_KEY_UPDATE call

chore(docs): explain what the plat_amu_aux_enables array does

Change-Id: I90f1bcaa8bec133d3be81785aea11948208ca0a5
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

feat(rmmd): add RMM_MECID_KEY_UPDATE call

With this addition, TF-A now has an SMC call to handle the
update of MEC keys associated to MECIDs.

The behavior of this newly added call is empty for now

feat(rmmd): add RMM_MECID_KEY_UPDATE call

With this addition, TF-A now has an SMC call to handle the
update of MEC keys associated to MECIDs.

The behavior of this newly added call is empty for now until an
implementation for the MPE (Memory Protection Engine) driver is
available. Only parameter sanitization has been implemented.

Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I2a969310b47e8c6da1817a79be0cd56158c6efc3

show more ...

feat(docs): update mboot threat model with dTPM

Add the discrete TPM to the TCG event log section of the measured boot
threat model. Include the example of a physical vurnerability that can
be used

feat(docs): update mboot threat model with dTPM

Add the discrete TPM to the TCG event log section of the measured boot
threat model. Include the example of a physical vurnerability that can
be used to compromise a dTPM.

Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: I2c06edf5e9031adc970c24426a8ae52b06efb614

show more ...

docs(tpm): add design documentation for dTPM

-documentation for Discrete TPM drivers.
-documentation for a proof of concept on rpi3;
Measured Boot using Discrete TPM.

Signed-off-by: Abhi Singh <ab

docs(tpm): add design documentation for dTPM

-documentation for Discrete TPM drivers.
-documentation for a proof of concept on rpi3;
Measured Boot using Discrete TPM.

Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: If8e7c14a1c0b9776af872104aceeff21a13bd821

show more ...

fix(errata): workaround for Cortex-A510 erratum 2971420

Cortex-A510 erratum 2971420 applies to revisions r0p1, r0p2, r0p3,
r1p0, r1p1, r1p2 and r1p3, and is still open.

Under some conditions, data

fix(errata): workaround for Cortex-A510 erratum 2971420

Cortex-A510 erratum 2971420 applies to revisions r0p1, r0p2, r0p3,
r1p0, r1p1, r1p2 and r1p3, and is still open.

Under some conditions, data might be corrupted if Trace Buffer
Extension (TRBE) is enabled. The workaround is to disable trace
collection via TRBE by programming MDCR_EL3.NSTB[1] to the opposite
value of SCR_EL3.NS on a security state switch. Since we only enable
TRBE for non-secure world, the workaround is to disable TRBE by
setting the NSTB field to 00 so accesses are trapped to EL3 and
secure state owns the buffer.

SDEN: https://developer.arm.com/documentation/SDEN-1873361/latest/

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ia77051f6b64c726a8c50596c78f220d323ab7d97

show more ...

fix(cpus): workaround for Cortex-A715 erratum 2804830

Cortex-A715 erratum 2804830 applies to r0p0, r1p0, r1p1 and r1p2,
and is fixed in r1p3.

Under some conditions, writes of a 64B-aligned, 64B gra

fix(cpus): workaround for Cortex-A715 erratum 2804830

Cortex-A715 erratum 2804830 applies to r0p0, r1p0, r1p1 and r1p2,
and is fixed in r1p3.

Under some conditions, writes of a 64B-aligned, 64B granule of
memory might cause data corruption without this workaround. See SDEN
for details.

Since this workaround disables write streaming, it is expected to
have a significant performance impact for code that is heavily
reliant on write streaming, such as memcpy or memset.

SDEN: https://developer.arm.com/documentation/SDEN-2148827/latest/

Change-Id: Ia12f6c7de7c92f6ea4aec3057b228b828d48724c
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

Merge "feat(rmmd): add FEAT_MEC support" into integration

feat(rmmd): add FEAT_MEC support

This patch provides architectural support for further use of
Memory Encryption Contexts (MEC) by declaring the necessary
registers, bits, masks, helpers and values a

feat(rmmd): add FEAT_MEC support

This patch provides architectural support for further use of
Memory Encryption Contexts (MEC) by declaring the necessary
registers, bits, masks, helpers and values and modifying the
necessary registers to enable FEAT_MEC.

Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I670dbfcef46e131dcbf3a0b927467ebf6f438fa4

show more ...

build(poetry): install dependencies with `--no-root`

More recent versions of Poetry introduced the `package-mode` key to
configure whether the project should be used for dependency management
only,

build(poetry): install dependencies with `--no-root`

More recent versions of Poetry introduced the `package-mode` key to
configure whether the project should be used for dependency management
only, but this is incompatible with the earlier versions of Poetry that
we still support.

Instead, we rely on installing with the `--no-root` flag, which behaves
similarly. Installing without passing the `--no-root` flag is
deprecated, and in recent versions of Poetry has become a hard error.

This change ensures that the build system always installs dependencies
with the required flag.

Change-Id: Ic1543511314dcd20c00b73fd9e8cfae3dd034a41
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge changes I0396b597,I326f920f,I0437eec8,Ieadf01fc,I4e1d8c24, ... into integration

* changes:
feat(fvp): set defaults for build commandline
docs(arm): enable Linux boot from fip as BL33
fea

Merge changes I0396b597,I326f920f,I0437eec8,Ieadf01fc,I4e1d8c24, ... into integration

* changes:
feat(fvp): set defaults for build commandline
docs(arm): enable Linux boot from fip as BL33
feat(arm): enable Linux boot from fip as BL33
docs(fvp): update fvp build time options
docs(arm): add initrd props to dtb at build time
feat(arm): add initrd props to dtb at build time

show more ...

Merge "docs(ras): document RAS considerations with powerdown" into integration

docs(psci): add a mention to the pwr_domain_pwr_down_wfi()

The function got renamed to pwr_domain_pwr_down() but have a reference
to it for anyone wondering where it went.

Change-Id: Ica5fa11b9f18a

docs(psci): add a mention to the pwr_domain_pwr_down_wfi()

The function got renamed to pwr_domain_pwr_down() but have a reference
to it for anyone wondering where it went.

Change-Id: Ica5fa11b9f18a7446c188e37b9f1d5508f4cf749
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

docs(arm): enable Linux boot from fip as BL33

Document additional functionality of TF-A to package the Linux kernel in
the fip image as a BL33 and boot it. A ramdisk is used as a file system.
The ra

docs(arm): enable Linux boot from fip as BL33

Document additional functionality of TF-A to package the Linux kernel in
the fip image as a BL33 and boot it. A ramdisk is used as a file system.
The ramdisk properties are injected in to the device tree at build time.

Change-Id: I326f920fdac4bd20572f6f0da07d012def114274
Signed-off-by: Salman Nabi <salman.nabi@arm.com>

show more ...

docs(fvp): update fvp build time options

Add new fvp specific build time options. Specifically the below:

- INITRD_SIZE
- INITRD_PATH
- INITRD_BASE

Change-Id: Ieadf01fce7a0a0a8e9e7582d7b7e371b2472

docs(fvp): update fvp build time options

Add new fvp specific build time options. Specifically the below:

- INITRD_SIZE
- INITRD_PATH
- INITRD_BASE

Change-Id: Ieadf01fce7a0a0a8e9e7582d7b7e371b247207c2
Signed-off-by: Salman Nabi <salman.nabi@arm.com>

show more ...

docs(arm): add initrd props to dtb at build time

Document the ability of the FVP platform to boot a Linux Kernel as a
preloaded image. A preloaded Linux Kernel can be booted in a normal
flow as well

docs(arm): add initrd props to dtb at build time

Document the ability of the FVP platform to boot a Linux Kernel as a
preloaded image. A preloaded Linux Kernel can be booted in a normal
flow as well as in RESET_TO_BL31. This is made possible by updating
the device tree with initrd properties at build time.

Change-Id: I4e1d8c24f82510d21b2afa06b429a18da4d623bd
Signed-off-by: Salman Nabi <salman.nabi@arm.com>

show more ...

Merge "refactor(memmap): migrate to Poetry" into integration

docs(maintainers): update Sumit Garg's email address

Update Sumit Garg's email address to @kernel.org.

Change-Id: I405ce9b0f59643dd7cb05d69ceadd15dcd536eef
Signed-off-by: Sumit Garg <sumit.garg@lin

docs(maintainers): update Sumit Garg's email address

Update Sumit Garg's email address to @kernel.org.

Change-Id: I405ce9b0f59643dd7cb05d69ceadd15dcd536eef
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>

show more ...