Merge "chore: update to use Arm word across TF-A" into integration

chore: update to use Arm word across TF-A

Align entire TF-A to use Arm in copyright header.

Change-Id: Ief9992169efdab61d0da6bd8c5180de7a4bc2244
Signed-off-by: Govindraj Raja <govindraj.raja@arm.co

chore: update to use Arm word across TF-A

Align entire TF-A to use Arm in copyright header.

Change-Id: Ief9992169efdab61d0da6bd8c5180de7a4bc2244
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): add support for direct req/resp
feat(spmc): add support for handling FFA_ERROR ABI
feat(spmc): add support for F

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): add support for direct req/resp
feat(spmc): add support for handling FFA_ERROR ABI
feat(spmc): add support for FFA_MSG_WAIT
feat(spmc): add function to determine the return path from the SPMC
feat(spmd): enable handling of FF-A SMCs with the SPMC at EL3
feat(spmd): update SPMC init flow to use EL3 implementation
feat(spmc): add FF-A secure partition manager core
feat(spmc): prevent read only xlat tables with the EL3 SPMC
feat(spmc): enable building of the SPMC at EL3
refactor(spm_mm): reorganize secure partition manager code

show more ...

feat(spmc): prevent read only xlat tables with the EL3 SPMC

If using the EL3 SPMC ensure that we don't mark the translation
tables as read only. The SPMC requires the ability to map and
unmap a part

feat(spmc): prevent read only xlat tables with the EL3 SPMC

If using the EL3 SPMC ensure that we don't mark the translation
tables as read only. The SPMC requires the ability to map and
unmap a partitions RX/TX buffers at runtime.

Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ibb78a6a2e3847ce4ec74ce81a9bb61ce34fec24c

show more ...

Merge "Read-only xlat tables for BL31 memory" into integration

Read-only xlat tables for BL31 memory

This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who h

Read-only xlat tables for BL31 memory

This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.

The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.

To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.

Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.

The caches are also flushed.

Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466

show more ...