fix(context-mgmt): enable SCXTNUM access

Enable SCXTNUM_ELx access for lower ELs in non-secure state.
Make realm context setup take this build flag into account but enable it
by default when RME is

fix(context-mgmt): enable SCXTNUM access

Enable SCXTNUM_ELx access for lower ELs in non-secure state.
Make realm context setup take this build flag into account but enable it
by default when RME is used.

Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Change-Id: Ieb0186b2fdffad464bb9316fc3973772c9c28cd0

show more ...

Merge "feat(psa): interface with RSS for NV counters" into integration

feat(psa): interface with RSS for NV counters

Adding AP/RSS interface for retrieving and incrementing non-volatile
counters.

The read interface implements the psa_call:
psa_call(RSS_PLATFORM_SERVIC

feat(psa): interface with RSS for NV counters

Adding AP/RSS interface for retrieving and incrementing non-volatile
counters.

The read interface implements the psa_call:
psa_call(RSS_PLATFORM_SERVICE_HANDLE,
RSS_PLATFORM_API_ID_NV_READ,
in_vec, 1, out_vec, 1);

where the in_vec indicates which of the 3 counters we want, and the
out_vec stores the counter value we get back from RSS.

The increment interface implements the psa_call:
psa_call(RSS_PLATFORM_SERVICE_HANDLE,
RSS_PLATFORM_API_ID_NV_INCREMENT,
in_vec, 1, (psa_outvec *)NULL, 0);

where, again, in_vec indicates the counter to increment, and we don't
get any output parameter from RSS.

Through this service, we will be able to get/increment any of the 3 NV
counters used on a CCA platform:
- NV counter for CCA firmware (BL2, BL31, RMM).
- NV counter for secure firmware.
- NV counter for non-secure firmware.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Signed-off-by: Raef Coles <raef.coles@arm.com>
Change-Id: I4c1c7f4837ebff30de16bb0ce7ecd416b70b1f62

show more ...

feat(fconf): rename 'ns-load-address' to 'secondary-load-address'

The 'ns-load-address' property has been renamed to 'secondary-load-
address' in order to make it more generic. It can be used to cop

feat(fconf): rename 'ns-load-address' to 'secondary-load-address'

The 'ns-load-address' property has been renamed to 'secondary-load-
address' in order to make it more generic. It can be used to copy
the configuration to any location, be it root, secure, or non-secure.

Change-Id: I122508e155ccd99082296be3f6b8db2f908be221
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "feat(optee): add loading OP-TEE image via an SMC" into integration

feat(optee): add loading OP-TEE image via an SMC

This adds the ability to load the OP-TEE image via an SMC called from
non-secure userspace rather than loading it during boot. This should
only be ut

feat(optee): add loading OP-TEE image via an SMC

This adds the ability to load the OP-TEE image via an SMC called from
non-secure userspace rather than loading it during boot. This should
only be utilized on platforms that can ensure security is maintained up
until the point the SMC is invoked as it breaks the normal barrier
between the secure and non-secure world.

Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
Change-Id: I21cfa9699617c493fa4190f01d1cbb714e7449cc

show more ...

Merge "fix(cpus): workaround for Cortex-A78C erratum 2772121" into integration

Merge "fix(cpus): workaround for Cortex-A510 erratum 2684597" into integration

Merge "fix(psci): tighten psci_power_down_wfi behaviour" into integration

fix(cpus): workaround for Cortex-A510 erratum 2684597

Cortex-A510 erratum 2684597 is a Cat B erratum that applies to revisions
r0p0, r0p1, r0p2, r0p3, r1p0, r1p1 and r1p2. It is fixed in r1p3. The
w

fix(cpus): workaround for Cortex-A510 erratum 2684597

Cortex-A510 erratum 2684597 is a Cat B erratum that applies to revisions
r0p0, r0p1, r0p2, r0p3, r1p0, r1p1 and r1p2. It is fixed in r1p3. The
workaround is to execute a TSB CSYNC and DSB before executing WFI for
power down.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1873361/latest
https://developer.arm.com/documentation/SDEN1873351/latest

Change-Id: Ic0b24b600bc013eb59c797401fbdc9bda8058d6d
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

fix(psci): tighten psci_power_down_wfi behaviour

A processing element should never return from a wfi, however, due to a
hardware bug, certain CPUs may wake up because of an external event.
This patc

fix(psci): tighten psci_power_down_wfi behaviour

A processing element should never return from a wfi, however, due to a
hardware bug, certain CPUs may wake up because of an external event.
This patch tightens the behaviour of the common power down sequence, it
ensures the routine never returns by entering a wfi loop at its end. It
aligns with the behaviour of the platform implementations.

Change-Id: I36d8b0c64eccb71035bf164b4cd658d66ed7beb4
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

fix(mpam): run-time checks for mpam save/restore routines

With "ENABLE_MPAM_FOR_LOWER_ELS" and "CTX_INCLUDE_EL2_REGS" build
options enabled, MPAM EL2 registers would be saved/restored as part of
con

fix(mpam): run-time checks for mpam save/restore routines

With "ENABLE_MPAM_FOR_LOWER_ELS" and "CTX_INCLUDE_EL2_REGS" build
options enabled, MPAM EL2 registers would be saved/restored as part of
context management. Context save/restore routines as of now would
proceed to access all of MPAM EL2 registers without any runtime checks.
MPAM specification states that MPAMHCR_EL2 should only be accessed if
MPAMIDR_EL1.HAS_HCR is "1". Likewise, MPAMIDR_EL1.VPMR_MAX has to be
probed to obtain the maximum supported MPAMVPM<x>_EL2 before accessing
corresponding MPAMVPM<x>_EL2 registers. Since runtime checks are not
being made, an exception would be raised if the platform under test
doesn't support one of the registers. On Neoverse reference design
platforms, an exception is being raised while MPAMVPM2_EL2 or above are
accessed. Neoverse reference design platforms support only registers
till MPAMVPM1_EL2 at this point.

To resolve this, add sufficient runtime checks in MPAM EL2 context
save/restore routines. As part of the new save/restore routines,
MPAMIDR_EL1.HAS_HCR and MPAMIDR_EL1.VPMR_MAX are probed for the right
set of registers to be saved and restored.

CC: Davidson Kumaresan <davidson.kumaresan@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I2e3affd23091023b287b2bd5057a4a549037b611

show more ...

Merge changes from topic "srm/errata" into integration

* changes:
fix(cpus): workaround for Neoverse V1 errata 2779461
fix(cpus): workaround for Cortex-A78 erratum 2779479

Merge changes from topic "fix_sparse_warnings" into integration

* changes:
fix(libc): remove __putchar alias
fix(console): correct scopes for console symbols
fix(auth): use NULL instead of 0 f

Merge changes from topic "fix_sparse_warnings" into integration

* changes:
fix(libc): remove __putchar alias
fix(console): correct scopes for console symbols
fix(auth): use NULL instead of 0 for pointer check
fix(io): compare function pointers with NULL
fix(fdt-wrappers): use correct prototypes

show more ...

fix(cpus): workaround for Neoverse V1 errata 2779461

Neoverse V1 erratum 2779461 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open.

The workaround sets CPUACTLR3_EL1[47] bit

fix(cpus): workaround for Neoverse V1 errata 2779461

Neoverse V1 erratum 2779461 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open.

The workaround sets CPUACTLR3_EL1[47] bit to 1. Setting this
bit might have a small impact on power and negligible impact
on performance.

SDEN documentation:https://developer.arm.com/documentation/SDEN1401781/latest

Change-Id: I367cda1779684638063d7292fda20ca6734e6f10
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>

show more ...

fix(cpus): workaround for Cortex-A78 erratum 2779479

Cortex-A78 erratum 2779479 is a Cat B erratum that applies to
all revisions <= r1p2 and is still open.

The workaround is to set the CPUACTLR3_EL

fix(cpus): workaround for Cortex-A78 erratum 2779479

Cortex-A78 erratum 2779479 is a Cat B erratum that applies to
all revisions <= r1p2 and is still open.

The workaround is to set the CPUACTLR3_EL1[47] bit to 1. Setting this
bit might have a small impact on power and negligible impact
on performance.

SDEN documentation:
https://developer.arm.com/documentation/SDEN1401784/latest

Change-Id: I3779fd1eff3017c5961ffa101b357918070b3b36
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>

show more ...

Merge changes from topic "feat_state_rework" into integration

* changes:
feat(fvp): enable FEAT_HCX by default
refactor(context-mgmt): move FEAT_HCX save/restore into C
refactor(cpufeat): conv

Merge changes from topic "feat_state_rework" into integration

* changes:
feat(fvp): enable FEAT_HCX by default
refactor(context-mgmt): move FEAT_HCX save/restore into C
refactor(cpufeat): convert FEAT_HCX to new scheme
feat(fvp): enable FEAT_FGT by default
refactor(context-mgmt): move FEAT_FGT save/restore code into C
refactor(amu): convert FEAT_AMUv1 to new scheme
refactor(cpufeat): decouple FGT feature detection and build flags
refactor(cpufeat): check FEAT_FGT in a new way
refactor(cpufeat): move helpers into .c file, rename FEAT_STATE_
feat(aarch64): make ID system register reads non-volatile

show more ...

fix(cpus): workaround for Cortex-A78C erratum 2772121

Cortex-A78C erratum 2772121 is a Cat B erratum that applies to
all revisions <=r0p2 and is still open. The workaround is to
insert a dsb before

fix(cpus): workaround for Cortex-A78C erratum 2772121

Cortex-A78C erratum 2772121 is a Cat B erratum that applies to
all revisions <=r0p2 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.

SDEN documentation:
https://developer.arm.com/documentation/SDEN1707916/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I0e190dabffc20c4d3b9b98d1abeb50f308b80bb9

show more ...

Merge "fix(mpam): remove unwanted param for "endfunc" macro" into integration

Merge "fix(cpus): workaround for Cortex-X2 erratum 2282622" into integration

Merge "fix(cpus): workaround for Cortex-A710 erratum 2282622" into integration

fix(cpus): workaround for Cortex-X2 erratum 2282622

Cortex-X2 erratum 2282622 is a Cat B erratum that applies to
all revisions <=r2p1 and is still open. The workaround is to set
CPUACTLR2_EL1[0] to

fix(cpus): workaround for Cortex-X2 erratum 2282622

Cortex-X2 erratum 2282622 is a Cat B erratum that applies to
all revisions <=r2p1 and is still open. The workaround is to set
CPUACTLR2_EL1[0] to 1 to force PLDW/PFRM ST to behave like
PLD/PRFM LD and not cause invalidations to other PE caches.

SDEN documentation:
https://developer.arm.com/documentation/SDEN1775100/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I43956aa4898a8608eedc5d0dd1471172c641a0c6

show more ...

refactor(context-mgmt): move FEAT_HCX save/restore into C

At the moment we save and restore the HCRX_EL2 register in assembly, and
just depend on the build time flags.
To allow runtime checking, and

refactor(context-mgmt): move FEAT_HCX save/restore into C

At the moment we save and restore the HCRX_EL2 register in assembly, and
just depend on the build time flags.
To allow runtime checking, and to avoid too much code in assembly, move
that over to C, and use the new combined build/runtime feature check.

This also allows to drop the assert, since this should now be covered by
the different FEAT_STATE_x options.

Change-Id: I3e20b9ba17121d423cd08edc20bbf4e7ae7c0178
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(context-mgmt): move FEAT_FGT save/restore code into C

At the moment we do the EL2 context save/restore sequence in assembly,
where it is just guarded by #ifdef statement for the build time

refactor(context-mgmt): move FEAT_FGT save/restore code into C

At the moment we do the EL2 context save/restore sequence in assembly,
where it is just guarded by #ifdef statement for the build time flags.
This does not cover the FEAT_STATE_CHECK case, where we need to check
for the runtime availability of a feature.

To simplify this extension, and to avoid writing too much code in
assembly, move that sequence into C: it is called from C context
anyways.

This protects the C code with the new version of the is_xxx_present()
check, which combines both build time and runtime check, as necessary,
and allows the compiler to optimise the calls aways, if we don't need
them.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I7c91bec60efcc00a43429dc0381f7e1c203be780

show more ...

refactor(cpufeat): decouple FGT feature detection and build flags

Split the feature check for FEAT_FGT into two parts:
- A boolean function that just evaluates whether the feature is usable.
This

refactor(cpufeat): decouple FGT feature detection and build flags

Split the feature check for FEAT_FGT into two parts:
- A boolean function that just evaluates whether the feature is usable.
This takes build time flags into account, and only evaluates the CPU
feature ID registers when the flexible FEAT_STATE_CHECK method is
used.
- A "raw" function that returns the unfiltered CPU feature ID register.

Change the callers where needed, to give them the version they actually
want.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I9a041132d280451f5d9f653a62904f603b2a916d

show more ...