| 6acdf7b7 | 29-Jan-2026 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge changes from topics "qemu-sve", "xl/simd-hash" into integration
* changes:
feat(qemu): disable fpregs traps for QEMU in BL31
feat(crypto): enable the runtime instrumentation for crypto ext
Merge changes from topics "qemu-sve", "xl/simd-hash" into integration
* changes:
feat(qemu): disable fpregs traps for QEMU in BL31
feat(crypto): enable the runtime instrumentation for crypto extension
feat(crypto): enable access to SIMD crypto in BL1 and BL2
feat(crypto): enable floating point register traps in EL3
feat(crypto): build flag for SIMD crypto extensions for v8+ platform
refactor(build): add a default filter list for lib cflags
show more ...
|
| 55877c63 | 28-Jan-2026 |
Govindraj Raja <govindraj.raja@arm.com> |
Merge changes from topic "xlnx_fix_misra_common_fdt_split" into integration
* changes:
fix(libfdt): resolve misra 10.3 violations
feat(lib): use C/assembler for HI/LO macros
fix(libfdt): addin
Merge changes from topic "xlnx_fix_misra_common_fdt_split" into integration
* changes:
fix(libfdt): resolve misra 10.3 violations
feat(lib): use C/assembler for HI/LO macros
fix(libfdt): adding missing curly braces
fix(libfdt): fix misra 14.4 and 15.6 violations
fix(libfdt): typecast operands to match data type
show more ...
|
| 993c004c | 22-Oct-2025 |
Xialin Liu <xialin.liu@arm.com> |
feat(crypto): enable the runtime instrumentation for crypto extension
Add runtime instrumentation for the authentication process in BL1
and BL2, to measure the speedup of the authentication after
en
feat(crypto): enable the runtime instrumentation for crypto extension
Add runtime instrumentation for the authentication process in BL1
and BL2, to measure the speedup of the authentication after
enabling the crypto extension.
Change-Id: Ieea927e7e8bd0d109525f28b06510acf0ab62e5c
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
show more ...
|
| 416b8613 | 05-Mar-2025 |
John Powell <john.powell@arm.com> |
fix(security): add workaround for CVE-2025-0647
This workaround fixes an issue with the CPP RCTX instruction by
issuing an instruction patch sequence to trap uses of the CPP RCTX
instruction from EL
fix(security): add workaround for CVE-2025-0647
This workaround fixes an issue with the CPP RCTX instruction by
issuing an instruction patch sequence to trap uses of the CPP RCTX
instruction from EL0, EL1, and EL2 to EL3 and perform a workaround
procedure using the implementation defined trap handler to ensure
the correct behavior of the system. In addition, it includes an EL3
API to be used if EL3 firmware needs to use the CPP RCTX instruction.
This saves the overhead of exception handling, and EL3 does not
generically support trapping EL3->EL3, and adding support for that
is not trivial due to the implications for context management.
The issue affects the following CPUs:
C1-Premium
C1-Ultra
Cortex-A710
Cortex-X2
Cortex-X3
Cortex-X4
Cortex-X925
Neoverse N2
Neoverse V2
Neoverse V3
Neoverse V3AE (handled same as V3 CPU in TF-A CPU-Lib)
Arm Security Bulletin Document:
https://developer.arm.com/documentation/111546
Change-Id: I5e7589afbeb69ebb79c01bec80e29f572aff3d89
Signed-off-by: John Powell <john.powell@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
show more ...
|
| 14215dac | 22-Jan-2026 |
Manish Pandey <manish.pandey2@arm.com> |
Merge "refactor(psci): make CMOs target the whole psci_cpu_data_t" into integration |
| 2d054940 | 19-Jan-2026 |
Suraj Kakade <suraj.hanumantkakade@amd.com> |
feat(lib): use C/assembler for HI/LO macros
Add conditional HI() and LO() macros so assembler/linker builds keep the
original shift‑and‑mask form, while C builds use a typed uint32_t
version for LO(
feat(lib): use C/assembler for HI/LO macros
Add conditional HI() and LO() macros so assembler/linker builds keep the
original shift‑and‑mask form, while C builds use a typed uint32_t
version for LO() to ensure correct typing and MISRA‑compliant masking.
Change-Id: I0c707c387bf8ec5742ea5600017343882682e100
Signed-off-by: Suraj Kakade <suraj.hanumantkakade@amd.com>
show more ...
|
| 867fe8ec | 20-Jan-2026 |
Boyan Karatotev <boyan.karatotev@arm.com> |
refactor(cpus): export midr_match to a more global location
It's a useful little helper that is horribly underused. Put it in common
code so that we can use it in future.
Change-Id: I635c581644b07a
refactor(cpus): export midr_match to a more global location
It's a useful little helper that is horribly underused. Put it in common
code so that we can use it in future.
Change-Id: I635c581644b07a6ca5ff68bb4fa475c4052da691
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 040ab75d | 19-Jan-2026 |
Manish Pandey <manish.pandey2@arm.com> |
Merge "feat(cpus): add support for Rosillo cpu" into integration |
| d62f795c | 19-Jan-2026 |
Manish Pandey <manish.pandey2@arm.com> |
Merge changes I215a84bd,I83710d84 into integration
* changes:
perf(cpus): reduce the footprint of errata reporting
refactor(cpus): make errata reporting more generic |
| c9017cbc | 05-Jan-2026 |
Govindraj Raja <govindraj.raja@arm.com> |
feat(cpus): add support for Rosillo cpu
Add basic CPU library code to support Rosillo CPU
Change-Id: I0e11e511511562297e4dccd2745842ebcfa2bff4
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com> |
| e8e8fc56 | 14-Jan-2026 |
Govindraj Raja <govindraj.raja@arm.com> |
Merge changes from topic "bk/simpler_panic" into integration
* changes:
refactor(aarch64): remove crash reporting's dependency on cpu_data
fix(el3-runtime): remove lower_el_panic() |
| 3247828c | 02-Aug-2022 |
Manoj Kumar <manoj.kumar3@arm.com> |
fix(morello): avoid capability tag fault on data access
TF-A runtime service at EL3 switches the stack pointer from SP_EL3
to SP_EL0. This creates a capability tag fault when the DDC_EL0 is
zeroed o
fix(morello): avoid capability tag fault on data access
TF-A runtime service at EL3 switches the stack pointer from SP_EL3
to SP_EL0. This creates a capability tag fault when the DDC_EL0 is
zeroed out (purecap user space) as any data accesses computes
tag/permission with DDC_EL0 value when SpSel is 0 and when EL3 is
in hybrid mode.
As a workaround, this patch creates a per cpu context variable
to store DDC_EL0 value so that when EL3 runtime is entered DDC_EL0
is saved on to stack. DDC_EL3 is then copied into DDC_EL0 after
switching SP to SP_EL0. Once the runtime finishes, during el3_exit,
the saved DDC_EL0 is restored from stack.
Signed-off-by: Selvarasu Ganesan <selvarasu.ganesan@arm.com>
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Varshit Pandya <varshit.pandya@arm.com>
Change-Id: I4e4010f0e20913cb4e35b58fb49a177bdf26feb1
show more ...
|
| 6a548c34 | 02-Aug-2022 |
Manoj Kumar <manoj.kumar3@arm.com> |
feat(morello): add capability load/store/track support to MMU
Morello architecture adds additional bits to TCR_EL3 and uses the
HWU bits of page/block descriptors to provision permission for
loading
feat(morello): add capability load/store/track support to MMU
Morello architecture adds additional bits to TCR_EL3 and uses the
HWU bits of page/block descriptors to provision permission for
loading, storing and tracking of valid capability tags.
This patch reserves bit 31 of the existing translation table
attribute field which can be used by the user to enable capability
load/store/track permission for a given memory region.
This patch also enables this permission for BL31 region.
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Varshit Pandya <varshit.pandya@arm.com>
Change-Id: I1939c70aac3585969d74b0956529681e840d6f63
show more ...
|
| ea6625c6 | 12-Jan-2026 |
Govindraj Raja <govindraj.raja@arm.com> |
Merge changes from topic "bk/amu_private" into integration
* changes:
fix(cpufeat): prevent FEAT_AMU counters 2 and 3 from counting across worlds
fix(cpufeat): disable FEAT_AMU counters on conte
Merge changes from topic "bk/amu_private" into integration
* changes:
fix(cpufeat): prevent FEAT_AMU counters 2 and 3 from counting across worlds
fix(cpufeat): disable FEAT_AMU counters on context restore
feat(per-cpu): migrate AArch32 amu_ctx to per-cpu framework
show more ...
|
| 287ad959 | 11-Aug-2025 |
Boyan Karatotev <boyan.karatotev@arm.com> |
refactor(aarch64): remove crash reporting's dependency on cpu_data
Crash reporting is useful as early as possible, even before most of the
runtime has been set up. This means that all of its depende
refactor(aarch64): remove crash reporting's dependency on cpu_data
Crash reporting is useful as early as possible, even before most of the
runtime has been set up. This means that all of its dependencies,
currently only cpu_data, must be set up as early as possible too. This
can be constraining as fiddling with the general EL3 runtime from the
early entrypoint is very difficult. So remove the cpu_data dependency.
Further benefits are that crash reporting will work even earlier (during
cpu reset functions!) and also in other BLs.
Change-Id: I92bb6b3921c6dec10560f8341b3bca5cdacfb492
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 6de7520a | 20-Jul-2025 |
Taticharla Venkata Sai <venkatasai.taticharla@amd.com> |
fix(el3-runtime): resolve essential-type mismatch
This resolves MISRA C:2012 Rule 10.7 violation
where a composite expression involved operands of differing
essential types, causing unintended impli
fix(el3-runtime): resolve essential-type mismatch
This resolves MISRA C:2012 Rule 10.7 violation
where a composite expression involved operands of differing
essential types, causing unintended implicit conversions.
The fix ensures all operands in the expression have matching
essential types by introducing explicit casts,
preventing unsafe or inconsistent arithmetic operations.
Change-Id: If01dfe78e7a5cffc8b0efa6ac969b262e236852b
Signed-off-by: Taticharla Venkata Sai <venkatasai.taticharla@amd.com>
show more ...
|
| 8cd9c18b | 08-Dec-2025 |
Boyan Karatotev <boyan.karatotev@arm.com> |
fix(cpufeat): prevent FEAT_AMU counters 2 and 3 from counting across worlds
FEAT_AMU has 4 architected counters. The lower 2, CPU_CYCLES and
CNT_CYCLES, are not considered to be side channels due to
fix(cpufeat): prevent FEAT_AMU counters 2 and 3 from counting across worlds
FEAT_AMU has 4 architected counters. The lower 2, CPU_CYCLES and
CNT_CYCLES, are not considered to be side channels due to their low
resolution and general availability of the data elsewhere. As such, they
are used for critical performance tuning and are expected to never be
turned off or context switched when switching worlds.
The upper 2 counters, INST_RETIRED and STALL_BACKEND_MEM, are different.
The data they provide is non-critical and expose new information that
could be used as a timing side channel, especially of Secure world. This
patch adds context switching of these two counters to prevent any such
side channel.
This is not done for group 1 auxiliary counters as those are IMP DEF and
are inaccessible by default unless overriden by the platform (with
AMU_RESTRICT_COUNTERS).
Change-Id: Ib4b946abb810e36736cabb9b84cd837308b4e761
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 7724f91e | 19-Dec-2025 |
Boyan Karatotev <boyan.karatotev@arm.com> |
refactor(psci): make CMOs target the whole psci_cpu_data_t
psci_cpu_data_t is tiny - on AArch64 it's 12 bytes. Cache maintenance
operations (CMOs) operate on cache lines which are much bigger - usua
refactor(psci): make CMOs target the whole psci_cpu_data_t
psci_cpu_data_t is tiny - on AArch64 it's 12 bytes. Cache maintenance
operations (CMOs) operate on cache lines which are much bigger - usually
64 bytes long. As such, issuing a cache clean for a member in the middle
of psci_cpu_data_t won't necessarily have the expected effect. The
member will be cleaned, sure, but so will the rest of the cache line
along with it. If the struct happens to straddle cache lines this will
lead to the next 52 bytes, most of which not belonging to
psci_cpu_data_t, being cleaned as well and the start of psci_cpu_data_t
not being cleaned at all.
This is not a problem because of the per-cpu (and cpu_data before it)
section - it is cache size aligned and all data within a single section
belongs to the same core so overdoing cache cleans won't have strange
side effects.
Regardless, this patch clarifies CMOs around psci_cpu_data_t by always
targeting the whole structure. To make sure there is never a situation
where it straddles cache lines and this causes weird side effect, its
alignment is set to the size of the structure to make sure it is always
on the same cache line.
Change-Id: I5d82ee6bb2ce0ed3c6a7e4abb7aa890f5e3bd0af
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 9718d0db | 19-Dec-2025 |
Boyan Karatotev <boyan.karatotev@arm.com> |
perf(cpus): reduce the footprint of errata reporting
Since the advent of spin_trylock() it's possible to combine the spinlock
with the errata_reported field. If the spinlock is only acquired with a
perf(cpus): reduce the footprint of errata reporting
Since the advent of spin_trylock() it's possible to combine the spinlock
with the errata_reported field. If the spinlock is only acquired with a
non-blocking call then a successful call means reporting should be done
and an unsuccessful one means that reporting would have been done by
whoever acquired it. This relies on the lock never being released which
this patch does. The effect is a smaller memory footprint and a smaller
runtime.
Change-Id: I215a84bd2c91e33703349c41fc59f654f7764b2f
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| e9730867 | 07-Jan-2026 |
Manish Pandey <manish.pandey2@arm.com> |
Merge changes I1a57de22,If97ea5fd into integration
* changes:
feat(locks): make spin_trylock with exclusives spin until it knows the state of the lock
fix(locks): restore spin_trylock's ability
Merge changes I1a57de22,If97ea5fd into integration
* changes:
feat(locks): make spin_trylock with exclusives spin until it knows the state of the lock
fix(locks): restore spin_trylock's ability to acquire a lock
show more ...
|
| d934b937 | 06-Jan-2026 |
Govindraj Raja <govindraj.raja@arm.com> |
Merge changes I411af9d1,I89813759 into integration
* changes:
feat(el3-runtime): translate EL3 handled exceptions to C and always call prepare_el3_entry
refactor(el3-runtime): factor out handler
Merge changes I411af9d1,I89813759 into integration
* changes:
feat(el3-runtime): translate EL3 handled exceptions to C and always call prepare_el3_entry
refactor(el3-runtime): factor out handler fetching code
show more ...
|
| e6a8b322 | 05-Jan-2026 |
Manish Pandey <manish.pandey2@arm.com> |
Merge changes I20c97011,Ia1facabb into integration
* changes:
fix(rk3576): shorten names to fit into the allocated space
fix(debugfs): allocate enough space to fit all names |
| 767852d7 | 23-Dec-2025 |
Bipin Ravi <bipin.ravi@arm.com> |
Merge changes from topic "xl/x925-errata" into integration
* changes:
fix(cpus): workaround for Cortex-X925 erratum 3865185
fix(cpus): workaround for Cortex-X925 erratum 3730893
fix(cpus): wor
Merge changes from topic "xl/x925-errata" into integration
* changes:
fix(cpus): workaround for Cortex-X925 erratum 3865185
fix(cpus): workaround for Cortex-X925 erratum 3730893
fix(cpus): workaround for Cortex-X925 erratum 3692980
fix(cpus): workaround for Cortex-X925 erratum 3324334
fix(cpus): workaround for Cortex-X925 erratum 2933290
fix(cpus): workaround for Cortex-X925 erratum 2922378
fix(cpus): workaround for Cortex-X925 erratum 2921199
show more ...
|
| dca40b8d | 19-Dec-2025 |
Xialin Liu <xialin.liu@arm.com> |
fix(cpus): workaround for Cortex-X925 erratum 3865185
Cortex-X925 erratum 3865185 is a Cat B erratum that
applies to revisions r0p0 and r0p1, it is fixed in r0p2.
Load issued to Non-Cacheable or De
fix(cpus): workaround for Cortex-X925 erratum 3865185
Cortex-X925 erratum 3865185 is a Cat B erratum that
applies to revisions r0p0 and r0p1, it is fixed in r0p2.
Load issued to Non-Cacheable or Device GRE memory can
read stale data brought in by an earlier load to the
same cache-line thereby violating ordering requirements.
This erratum can be avoided by setting CPUACTLR2[22] to 1'b1,
which will disable linking multiple Non-Cacheable or Device
GRE loads to the same read request for the cache-line. This
might have a significant performance impact to Non-cacheable
and Device GRE read bandwidth for streaming scenarios.
SDEN documentation:
https://developer.arm.com/documentation/109180/latest/
Change-Id: Iff224ef82bd1cb9aff8d6b11451e2ac1d048149f
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
show more ...
|
| ea24488d | 19-Dec-2025 |
Xialin Liu <xialin.liu@arm.com> |
fix(cpus): workaround for Cortex-X925 erratum 3730893
Cortex-X925 erratum 3730893 is a Cat B erratum that
applies to revisions r0p0 and r0p1, it is fixed in r0p2.
PE executing a load instruction th
fix(cpus): workaround for Cortex-X925 erratum 3730893
Cortex-X925 erratum 3730893 is a Cat B erratum that
applies to revisions r0p0 and r0p1, it is fixed in r0p2.
PE executing a load instruction that accesses a memory
region which crosses a 4K boundary might cause a deadlock.
This erratum can be avoided by setting CPUACTLR_EL1[60:58]
to 3'b001, which has a small perf impact.
SDEN documentation:
https://developer.arm.com/documentation/109180/latest/
Change-Id: I0245183669255afb0d3ec71cafa058aa72129de0
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
show more ...
|