fix(cpufeat): require FEAT_AMUv1p1 to enable the auxiliary counters

The auxiliary counters are a feature of FEAT_AMUv1p1 but it's possible
to enable them (ENABLE_AMU_AUXILIARY_COUNTERS=1) without en

fix(cpufeat): require FEAT_AMUv1p1 to enable the auxiliary counters

The auxiliary counters are a feature of FEAT_AMUv1p1 but it's possible
to enable them (ENABLE_AMU_AUXILIARY_COUNTERS=1) without enabling
FEAT_AMUv1p1. As a result, the AMU_RESTRICT_COUNTERS may not take
effect, making this configuration potentially insecure.

Fix this by adding a constraints and rejigging auxiliary counter enables
such that they only happen when FEAT_AMUv1p1 has been enabled so that's
more apparent.

Change-Id: I5b5061d603013598f07d70401d68915c016a1a1b
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "gr/cov_fixes" into integration

* changes:
fix(libc): fix coverity overflowed constant
fix(libc): fix coverity overflowed constant
fix(psci): fix coverity issue with o

Merge changes from topic "gr/cov_fixes" into integration

* changes:
fix(libc): fix coverity overflowed constant
fix(libc): fix coverity overflowed constant
fix(psci): fix coverity issue with out-of-bounds read
fix(fvp): fix coverity issue unsigned_compare

show more ...

feat(cpufeat): add support for FEAT_IDTE3

This patch adds support for FEAT_IDTE3, which introduces support
for handling the trapping of Group 3 and Group 5 (only GMID_EL1)
registers to EL3 (unless t

feat(cpufeat): add support for FEAT_IDTE3

This patch adds support for FEAT_IDTE3, which introduces support
for handling the trapping of Group 3 and Group 5 (only GMID_EL1)
registers to EL3 (unless trapped to EL2). IDTE3 allows EL3 to
modify the view of ID registers for lower ELs, and this capability
is used to disable fields of ID registers tied to disabled features.

The ID registers are initially read as-is and stored in context.
Then, based on the feature enablement status for each world, if a
particular feature is disabled, its corresponding field in the
cached ID register is set to Res0. When lower ELs attempt to read
an ID register, the cached ID register value is returned. This
allows EL3 to prevent lower ELs from accessing feature-specific
system registers that are disabled in EL3, even though the hardware
implements them.

The emulated ID register values are stored primarily in per-world
context, except for certain debug-related ID registers such as
ID_AA64DFR0_EL1 and ID_AA64DFR1_EL1, which are stored in the
cpu_data and are unique to each PE. This is done to support feature
asymmetry that is commonly seen in debug features.

FEAT_IDTE3 traps all Group 3 ID registers in the range
op0 == 3, op1 == 0, CRn == 0, CRm == {2–7}, op2 == {0–7} and the
Group 5 GMID_EL1 register. However, only a handful of ID registers
contain fields used to detect features enabled in EL3. Hence, we
only cache those ID registers, while the rest are transparently
returned as is to the lower EL.

This patch updates the CREATE_FEATURE_FUNCS macro to generate
update_feat_xyz_idreg_field() functions that disable ID register
fields on a per-feature basis. The enabled_worlds scope is used to
disable ID register fields for security states where the feature is
not enabled.

This EXPERIMENTAL feature is controlled by the ENABLE_FEAT_IDTE3
build flag and is currently disabled by default.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I5f998eeab81bb48c7595addc5595313a9ebb96d5

show more ...

feat(per-cpu): migrate amu_ctx to per-cpu framework

migrate amu_ctx object to the NUMA-aware per-cpu framework
to optimize memory access and to efficiently utilize memory.

Signed-off-by: Sammit Jos

feat(per-cpu): migrate amu_ctx to per-cpu framework

migrate amu_ctx object to the NUMA-aware per-cpu framework
to optimize memory access and to efficiently utilize memory.

Signed-off-by: Sammit Joshi <sammit.joshi@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I55e5e923ddd7307039e0cd9a35e91d908f910d10

show more ...

feat(per-cpu): migrate psci_ns_context to per-cpu framework

migrate psci_ns_context object to the NUMA-aware per-cpu
framework to optimize memory access and to efficiently
utilize memory.

Signed-of

feat(per-cpu): migrate psci_ns_context to per-cpu framework

migrate psci_ns_context object to the NUMA-aware per-cpu
framework to optimize memory access and to efficiently
utilize memory.

Signed-off-by: Sammit Joshi <sammit.joshi@arm.com>
Change-Id: Ie8b9f4eea8c61d4de9996d9370634cbd08ff1d8d

show more ...

feat(per-cpu): migrate psci_cpu_pd_nodes to per-cpu framework

migrate psci_cpu_pd_nodes object to the NUMA-aware per-cpu
framework to optimize memory access and to efficiently
utilize memory.

Signe

feat(per-cpu): migrate psci_cpu_pd_nodes to per-cpu framework

migrate psci_cpu_pd_nodes object to the NUMA-aware per-cpu
framework to optimize memory access and to efficiently
utilize memory.

Signed-off-by: Sammit Joshi <sammit.joshi@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: Idec3e3b74ecf03b420b339a183be2b9e00f8a78f

show more ...

feat(per-cpu): integrate per-cpu framework into BL31/BL32

Integrate per-cpu support into BL31/BL32 by extending the following
areas:

Zero-initialization: Treats per-cpu sections like .bss and clear

feat(per-cpu): integrate per-cpu framework into BL31/BL32

Integrate per-cpu support into BL31/BL32 by extending the following
areas:

Zero-initialization: Treats per-cpu sections like .bss and clears them
during early C runtime initialization. For platforms that enable
NUMA_AWARE_PER_CPU, invokes a platform hook to zero-initialize
node-specific per-cpu regions.

Cache maintenance: Extends the BL31 exit path to clean dcache lines
covering the per-cpu region, ensuring data written by the primary core
is visible to secondary cores.

tpidr_el3 setup: Initializes tpidr_el3 with the base address of the
current CPU’s per-cpu section. This allows per-cpu framework to
resolve local cpu accesses efficiently.

The percpu_data object is currently stored in tpidr_el3. Since the
per-cpu framework will use tpidr_el3 for this-cpu access, percpu_data
must be migrated to avoid conflict. This commit moves percpu_data to
the per-cpu framework.

Signed-off-by: Sammit Joshi <sammit.joshi@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: Iff0c2e1f8c0ebd25c4bb0b09bfe15dd4fbe20561

show more ...

feat(per-cpu): introduce framework accessors/definers

Introduce per-cpu framework definers and accessors for allocation and
access of per-cpu objects. The accessors support "per_cpu_cur" variants
fo

feat(per-cpu): introduce framework accessors/definers

Introduce per-cpu framework definers and accessors for allocation and
access of per-cpu objects. The accessors support "per_cpu_cur" variants
for access on the calling CPU as well as "per_cpu_by_index" variants for
access on any CPU. Additionally, the framework supports NUMA-aware
allocation, allowing the per-cpu data to be distributed across different
memory nodes. This enables the system to allocate per-cpu data on memory
nodes closest to the respective CPU, optimising memory access and
performance.

Signed-off-by: Sammit Joshi <sammit.joshi@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I8361602ff626dcfe9405e7e2a28c5d143aaac574

show more ...

feat(cpufeat): introduce FEAT_RME_GDI support

This patch adds a new build flag ENABLE_FEAT_RME_GDI to enable this
feature, along with defining various related register fields. At this
point, when en

feat(cpufeat): introduce FEAT_RME_GDI support

This patch adds a new build flag ENABLE_FEAT_RME_GDI to enable this
feature, along with defining various related register fields. At this
point, when enabled, this feature enables the SA and NSP GPI encodings
by setting the corresponding bits in GPCCR_EL3.

Change-Id: I54152fbb3d19b176264e5d16acbcc866725dc290
Signed-off-by: John Powell <john.powell@arm.com>
Signed-off-by: Timothy Hayes <timothy.hayes@arm.com>

show more ...

feat(cpufeat): add support for FEAT_RME_GPC2

This change adds support for FEAT_RME_GPC2 and Non-Secure-Only (NSO)
Physical Address Space.

Previously, all non-secure (NS) memory was accessible to th

feat(cpufeat): add support for FEAT_RME_GPC2

This change adds support for FEAT_RME_GPC2 and Non-Secure-Only (NSO)
Physical Address Space.

Previously, all non-secure (NS) memory was accessible to the secure
world and realm world. With GPC2 and the NSO bit in the GPT, memory
can now be restricted to the non-secure world only. This is enabled
automatically on supported systems when ENABLE_RME is true.

Change-Id: I9b70c3a23c5ec7d83bd787d0fb3edd55934f1d05
Signed-off-by: John Powell <john.powell@arm.com>
Signed-off-by: Girish Pathak <girish.pathak@arm.com>

show more ...

fix(libc): fix coverity overflowed constant

Avoid overflow that may occur from math operations.

Coverity message:
-----------------
CID 457888: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)34.

fix(libc): fix coverity overflowed constant

Avoid overflow that may occur from math operations.

Coverity message:
-----------------
CID 457888: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)34.
overflow_const: Expression acc, where base is known to be equal to 16,
overflows the type of acc, which is type unsigned long long.

Change-Id: I41f22e22625a17826b2cedff101120918e23c8e8
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

fix(libc): fix coverity overflowed constant

Assigning acc which of type unsigned long(long) with (L)LONG_MAX or (L)LONG_MIN
will cause a overflow of type acc.

Coverity Message:
-----------------
Ov

fix(libc): fix coverity overflowed constant

Assigning acc which of type unsigned long(long) with (L)LONG_MAX or (L)LONG_MIN
will cause a overflow of type acc.

Coverity Message:
-----------------
Overflowed constant (INTEGER_OVERFLOW)
overflow_const: Expression acc, where
neg ? -9223372036854775808L : 9223372036854775807L is known to be equal
to -9223372036854775808, underflows the type of acc, which is type
unsigned long.

Change-Id: Ic97c3ad8a2a281dfe7ef6b28b2500fd48e45f19e
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

fix(psci): fix coverity issue with out-of-bounds read

Avoid OVERRUN on parent indices if accidental return negative value
from `get_pwr_lvl_state_idx`, so convert everything to use unsigned
int to a

fix(psci): fix coverity issue with out-of-bounds read

Avoid OVERRUN on parent indices if accidental return negative value
from `get_pwr_lvl_state_idx`, so convert everything to use unsigned
int to avoid Out-of-bounds read (OVERRUN)

Change-Id: Ie6d6fd34db9903e99b29e004fb46908aea8acd46
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge changes Iad149a2c,Idcd2a07d,Id9429831 into integration

* changes:
fix(cpus): workaround for Cortex-A715 erratum 3711916
fix(cpus): workaround for Cortex-A715 erratum 2376701
fix(cpus): w

Merge changes Iad149a2c,Idcd2a07d,Id9429831 into integration

* changes:
fix(cpus): workaround for Cortex-A715 erratum 3711916
fix(cpus): workaround for Cortex-A715 erratum 2376701
fix(cpus): workaround for Cortex-A715 erratum 2409570

show more ...

fix(cpus): workaround for Cortex-A715 erratum 3711916

Cortex-A715 erratum 3711916 is a Cat B erratum that applies to
revisions r0p0, r1p0, r1p1, r1p2 and r1p3, and is still open.

SDEN documentation

fix(cpus): workaround for Cortex-A715 erratum 3711916

Cortex-A715 erratum 3711916 is a Cat B erratum that applies to
revisions r0p0, r1p0, r1p1, r1p2 and r1p3, and is still open.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-2148827

Change-Id: Iad149a2c02a804b3f4f0f2f5b89e866675cb4093
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-A715 erratum 2376701

Cortex-A715 erratum 2376701 is a Cat B erratum that applies to
revisions r0p0 and r1p0, and is fixed in r1p1.

This workaround is not expected t

fix(cpus): workaround for Cortex-A715 erratum 2376701

Cortex-A715 erratum 2376701 is a Cat B erratum that applies to
revisions r0p0 and r1p0, and is fixed in r1p1.

This workaround is not expected to have a significant performance
impact.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-2148827

Change-Id: Idcd2a07d269d55534dc5faa59c454d37426f2cfa
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-A715 erratum 2409570

Cortex-A715 erratum 2409570 is a Cat B erratum that applies to
revisions r0p0 and r1p0, and is fixed in r1p1.

This workaround could have a sign

fix(cpus): workaround for Cortex-A715 erratum 2409570

Cortex-A715 erratum 2409570 is a Cat B erratum that applies to
revisions r0p0 and r1p0, and is fixed in r1p1.

This workaround could have a significant performance impact for
software that relies heavily on using store-release instructions.

This workaround only applies to r1p0, r0p0 has a different
workaround but is not used in production hardware so has not been
implemented.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-2148827

Change-Id: Id9429831525b842779d7b7e60f103c93be4acd67
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpufeat): extend FEAT_EBEP handling to delegate PMU control to EL2

Currently, the FEAT_EBEP feature presence check is only used for UNDEF
injection into lower ELs. However, this feature also aff

fix(cpufeat): extend FEAT_EBEP handling to delegate PMU control to EL2

Currently, the FEAT_EBEP feature presence check is only used for UNDEF
injection into lower ELs. However, this feature also affects the access
behavior of MDCR_EL2. Specifically, if the PMEE bits in MDCR_EL3 are not
set to 0b01, then the MDCR_EL2.PMEE bits cannot be configured by EL2.

This patch extends the use of FEAT_EBEP to delegate PMU IRQ and
profiling exception control to EL2 by setting MDCR_EL3.PMEE = 0b01.This
ensures that lower ELs can manage PMU configuration.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib7e1d5c72f017b8ffc2131fc57309dd9d811c973

show more ...

Merge changes from topic "ck/tf-a/tpip-updates" into integration

* changes:
chore(compiler-rt): update compiler-rt to v21.1.4
chore(zlib): update zlib to v1.3.1
chore(libfdt): update libfdt to

Merge changes from topic "ck/tf-a/tpip-updates" into integration

* changes:
chore(compiler-rt): update compiler-rt to v21.1.4
chore(zlib): update zlib to v1.3.1
chore(libfdt): update libfdt to v1.7.2

show more ...

Merge "fix(cpufeat): use of additional breakpoints" into integration

feat(cpus): add support for Neoverse-N2 prefetcher

To get accurate and repeatable L2 cache performance metrics,
the L2 region prefetcher must be disabled. This prevents
speculative fetches from inte

feat(cpus): add support for Neoverse-N2 prefetcher

To get accurate and repeatable L2 cache performance metrics,
the L2 region prefetcher must be disabled. This prevents
speculative fetches from interfering with the measurements.

This patch adds a build-time option, NEOVERSE_N2_PREFETCHER_DISABLE,
to set the PF_DIS bit (bit 15) in the CPUECTLR_EL1 register for this
purpose.

Change-Id: Ie7ab9e84bb29d042d0bb2ec697e0c1e39ad5032e
Signed-off-by: Rohit Ner <rohitner@google.com>

show more ...

fix(cpufeat): use of additional breakpoints

Extended Breakpoints access through mdcr_el3.ebwe is available
only when there are greater than 16 breakpoints implemented.
Otherwise the EBWE Bit is RES0

fix(cpufeat): use of additional breakpoints

Extended Breakpoints access through mdcr_el3.ebwe is available
only when there are greater than 16 breakpoints implemented.
Otherwise the EBWE Bit is RES0 and we could skip enabling Extended
Breakpoint access.

Ref: https://developer.arm.com/documentation/111107/2025-09/AArch64-Registers/MDCR-EL3--Monitor-Debug-Configuration-Register--EL3-?lang=en

Change-Id: I2b2147e83d65ee9b0492d3cf3adafd5c8cbe17f5
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

fix(bl1): use per-world context correctly

Currently, the configuration with BL1 and BL2 at SEL1 will transition
via el3_exit which will restore per-world context. However, that context
is never writ

fix(bl1): use per-world context correctly

Currently, the configuration with BL1 and BL2 at SEL1 will transition
via el3_exit which will restore per-world context. However, that context
is never written to and so zeroes end up in registers, which is not
necessarily correct.

This patch gets BL1 to call cm_manage_extensions_per_world() whenever
BL2 runs in a lower EL. This allows the per-world registers to have the
reset values we intend. An accompanying call to
cm_manage_extensions_el3() is also added for completeness.

Doing this shows a small deficiency in cptr_el3 - bits TFP and TCPAC
change a lot. This patch makes them consistent by always setting TCPAC
and TFP to 0 which unconditionally enable access to CPTR_EL2 and FPCR by
default as they are always accessible. Other places that manipulate the
TFP bit are removed.

A nice side effect of all of this is that we're now in a position to
enable and use any architectural extension in BL2.

Change-Id: I070d62bbf8e9d9b472caf7e2c931c303523be308
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "feat(cpus): enable Maximum Power Mitigation Mechanism" into integration

Merge "feat(cpus): add support for venom cpu" into integration