fix(ras): trap "RAS error record" accesses only for NS

RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error
record registers (RAS ERR* & RAS ERX*) from lower EL's in any security
sta

fix(ras): trap "RAS error record" accesses only for NS

RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error
record registers (RAS ERR* & RAS ERX*) from lower EL's in any security
state. To give more fine grain control per world basis re-purpose this
macro to RAS_TRAP_NS_ERR_REC_ACCESS, which will enable the trap only
if Error record registers are accessed from NS.
This will also help in future scenarios when RAS handling(in Firmware
first handling paradigm)can be offloaded to a secure partition.

This is first patch in series to refactor RAS framework in TF-A.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ifa7f60bc8c82c9960adf029001bc36c443016d5d

show more ...

Merge "refactor(libc): clean up dependencies in libc" into integration

refactor(libc): clean up dependencies in libc

- Removing platform dependencies from libc modules.
- Replacing panicking with actual error handling.
- Debug macros are included indirectly from assert

refactor(libc): clean up dependencies in libc

- Removing platform dependencies from libc modules.
- Replacing panicking with actual error handling.
- Debug macros are included indirectly from assert.h. Removing
"platform_def.h" from assert.h and adding "common/debug.h"
where the macros are used.
- Removing hack for fixing PLAT_LOG_LEVEL_ASSERT to 40.
Instead removing assert with expression, as this
does not provide additional information.

Signed-off-by: Claus Pedersen <claustbp@google.com>
Change-Id: Icc201ea7b63c1277e423c1cfd13fd6816c2bc568

show more ...

Merge "fix(context mgmt): remove explicit ICC_SRE_EL2 register read" into integration

fix(context mgmt): remove explicit ICC_SRE_EL2 register read

ICC_SRE_EL2 has only 4 bits, while others are RES0. The library programs
all four of them already, so there is no need to read the previo

fix(context mgmt): remove explicit ICC_SRE_EL2 register read

ICC_SRE_EL2 has only 4 bits, while others are RES0. The library programs
all four of them already, so there is no need to read the previous
settings from the actual register.

This patch removes the explicit register read as a result.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Iff0cb3b0d6fd85e5ae891068e440d855973a1c5e

show more ...

Merge "feat(rng-trap): add EL3 support for FEAT_RNG_TRAP" into integration

feat(rng-trap): add EL3 support for FEAT_RNG_TRAP

FEAT_RNG_TRAP introduces support for EL3 trapping of reads of the
RNDR and RNDRRS registers, which is enabled by setting the
SCR_EL3.TRNDR bit. This

feat(rng-trap): add EL3 support for FEAT_RNG_TRAP

FEAT_RNG_TRAP introduces support for EL3 trapping of reads of the
RNDR and RNDRRS registers, which is enabled by setting the
SCR_EL3.TRNDR bit. This patch adds a new build flag
ENABLE_FEAT_RNG_TRAP that enables the feature.
This feature is supported only in AArch64 state from Armv8.5 onwards.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Ia9f17aef3444d3822bf03809036a1f668c9f2d89

show more ...

Merge "refactor(context mgmt): refactor EL2 context save and restore functions" into integration

refactor(context mgmt): refactor EL2 context save and restore functions

This patch splits the el2_sysregs_context_save/restore functions
into multiple functions based on features. This will allow us

refactor(context mgmt): refactor EL2 context save and restore functions

This patch splits the el2_sysregs_context_save/restore functions
into multiple functions based on features. This will allow us to
selectively save and restore EL2 context registers based on
features enabled for a particular configuration.

For now feature build flags are used to decide which registers
to save and restore. The long term plan is to dynamically check
for features that are enabled and then save/restore registers
accordingly. Splitting el2_sysregs_context_save/restore functions
into smaller assembly functions makes that task easier. For more
information please take a look at:
https://trustedfirmware-a.readthedocs.io/en/latest/design_documents/context_mgmt_rework.html

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I1819a9de8b70fa35c8f45568908025f790c4808c

show more ...

Merge "refactor(context mgmt): refactor initialization of EL1 context registers" into integration

refactor(context mgmt): refactor initialization of EL1 context registers

When SPMC is present at S-EL2, EL1 context registers don't need to be
initialized for Secure state. This patch makes sure tha

refactor(context mgmt): refactor initialization of EL1 context registers

When SPMC is present at S-EL2, EL1 context registers don't need to be
initialized for Secure state. This patch makes sure that EL1 context
registers are initialized only for Non-secure state, and when SPMC is
not present at S-EL2

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I4a60b258c31ce5f6472a243e2687159cc495259b

show more ...

Merge "fix(amu): limit virtual offset register access to NS world" into integration

Merge "fix(cm): add barrier before el3 ns exit" into integration

fix(cm): add barrier before el3 ns exit

In cm_prepare_el3_exit_ns, SCR_EL3.NS bit change (to non-secure) is not
committed before the EL2 restoration sequence happens.
At ICC_SRE_EL2 write in cm_el2_

fix(cm): add barrier before el3 ns exit

In cm_prepare_el3_exit_ns, SCR_EL3.NS bit change (to non-secure) is not
committed before the EL2 restoration sequence happens.
At ICC_SRE_EL2 write in cm_el2_sysregs_context_restore, NS is still 0
from CPU perspective (with EEL2=0) which is an invalid condition and
triggers a fault. By adding ISB, SCR_EL3 gets synced with NS=1/EEL2=0
before ICC_SRE_EL2 write.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ie72a6152aa7729e66b3344c1b7b0749f54cafb6f

show more ...

Merge "feat(brbe): add BRBE support for NS world" into integration

feat(brbe): add BRBE support for NS world

This patch enables access to the branch record buffer control registers
in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS.
It is disab

feat(brbe): add BRBE support for NS world

This patch enables access to the branch record buffer control registers
in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS.
It is disabled for all secure world, and cannot be used with ENABLE_RME.

This option is disabled by default, however, the FVP platform makefile
enables it for FVP builds.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I576a49d446a8a73286ea6417c16bd0b8de71fca0

show more ...

fix(amu): limit virtual offset register access to NS world

Previously the SCR_EL3.AMVOFFEN bit was set for all contexts, this
behavior is incorrect as it allows secure world to access the virtual
of

fix(amu): limit virtual offset register access to NS world

Previously the SCR_EL3.AMVOFFEN bit was set for all contexts, this
behavior is incorrect as it allows secure world to access the virtual
offset registers when it should not be able to. This patch only sets
AMVOFFEN for non-secure world.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I2c61fe0a8a0092df089f1cb2c0d8a45c8c8ad0d3

show more ...

Merge "refactor(twed): improve TWED enablement in EL-3" into integration

refactor(twed): improve TWED enablement in EL-3

The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved fo

refactor(twed): improve TWED enablement in EL-3

The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved for that purpose. In addition, the function has a
weak definition which is not encouraged in TF-A.

Henceforth, removing the weak API with a configurable macro "TWED_DELAY"
of numeric data type in generic code and simplifying the implementation.
By default "TWED_DELAY" is defined to zero, and the delay value need to
be explicitly set by the platforms during buildtime.

Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I25cd6f628e863dc40415ced3a82d0662fdf2d75a

show more ...

Merge "refactor(context mgmt): add cm_prepare_el3_exit_ns function" into integration

Merge "refactor(context mgmt): refactor the cm_setup_context function" into integration

refactor(context mgmt): add cm_prepare_el3_exit_ns function

As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' fun

refactor(context mgmt): add cm_prepare_el3_exit_ns function

As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' function. The function is
a wrapper to 'cm_prepare_el3_exit' function for Non-secure state.

When EL2 sysregs context exists (CTX_INCLUDE_EL2_REGS is
enabled) EL1 and EL2 sysreg values are restored from the context
instead of directly updating the registers.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9b071030576bb05500d54090e2a03b3f125d1653

show more ...

refactor(context mgmt): refactor the cm_setup_context function

This patch splits the function 'cm_setup_context' into four
functions to make it more readable and easier to maintain.

The function is

refactor(context mgmt): refactor the cm_setup_context function

This patch splits the function 'cm_setup_context' into four
functions to make it more readable and easier to maintain.

The function is split into the following functions based on
the security state of the context.

- setup_context_common - performs common initializations
- setup_secure_context - performs Secure state specific
initializations
- setup_realm_context - performs Realm state specific
initializations
- setup_ns_context - performs Non-secure state specific
initializations

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ie14a1c2fc6586087e7aa36537cf9064c80802f8f

show more ...

Merge "feat(sme): enable SME functionality" into integration

feat(sme): enable SME functionality

This patch adds two new compile time options to enable SME in TF-A:
ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and
secure worlds respectively.

feat(sme): enable SME functionality

This patch adds two new compile time options to enable SME in TF-A:
ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and
secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable
SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions
in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these
traps, but support for SME context management does not yet exist in
SPM so building with SPD=spmd will fail.

The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot
be used with SME as it is a superset of SVE and will enable SVE and
FPU/SIMD along with SME.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73

show more ...