fix(cm): disable SPE/TRBE correctly

SPE and TRBE are unusual features. They have multi-bit enables whose
function is not immediately apparent and disabling them is not
straightforward.

While attemp

fix(cm): disable SPE/TRBE correctly

SPE and TRBE are unusual features. They have multi-bit enables whose
function is not immediately apparent and disabling them is not
straightforward.

While attempting to figure this out, the disables were made a mess of.
Patch fc7dca72b began changing the owning security state of SPE and
TRBE. This was first used in patch 79c0c7fac0 with calls to
spe_disable() and trbe_disbale(). However, patch 13f4a2525 reverted the
security state ownership, making the spe_disable() and trbe_disable()
redundant and their comments incorrect - the DoS protection is achieved
by the psb/tsb barriers on context switch, introduces separately in
f80887337 and 73d98e375.

Those patches got the behaviour full circle to what it was in fc7dca72b
so the disables can be fully removed for clarity.

However, the original method for disabling these features is not fully
correct - letting the "disabled" state be all zeroes made the features
seem enabled for secure world but they would trap. That is not a problem
while secure world doesn't use them, but could lead to some confusing
debugging in the future. NS and Realm worlds were not affected. This
patch fully establishes the pattern for SPE and TRBE's enablement,
documents it, and implements it such.

The description comments in the features boil down to 2 rules. There is
a third rule possible:
3. To enable TRBE/SPE for world X with a dirty buffer:
* world X owns the buffer
* trapping enabled
This is not listed as it would not work correctly with
SMCCC_ARCH_FEATURE_AVAILABILITY which relies on trapping to be disabled
to report correctly. If that is ever implemented, the SMCCC
implementation should be considered too.

Change-Id: I5588a3d5fc074c2445470954d8c3b172bec77d43
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

refactor(cm): unify RMM context

setup_realm_context() is the de facto place to put any code that relates
to the RMM's context. It is frequently updated and contains the vast
majority of code. manage

refactor(cm): unify RMM context

setup_realm_context() is the de facto place to put any code that relates
to the RMM's context. It is frequently updated and contains the vast
majority of code. manage_extensions_realm() on the other hand is out of
date and obscure.

So absorb manage_extensions_realm() and rmm_el2_context_init() into
setup_realm_context().

We can also combine the write to sctlr_el2 for all worlds as they should
all observe the RES1 values.

Finally, the SPSR_EL2.PAN comment in the realm copy is updated.

Change-Id: I21dccad0c13301e3249db6f6e292beb5d853563e
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(cpus): check minor revision before applying runtime errata

Patch db9ee83432 removed cpu_rev checking for runtime errata
within cpu functions with the argument that if we're in the cpu file,
we'v

fix(cpus): check minor revision before applying runtime errata

Patch db9ee83432 removed cpu_rev checking for runtime errata
within cpu functions with the argument that if we're in the cpu file,
we've already check the MIDR and matched against the CPU. However, that
also removes the revision check which being in the cpu file does not
guarantee. Reintroduce the MIDR checking so that the revision check
happens and errata can be skipped if they don't apply.

Change-Id: I46b2ba8b524a073e02b4b5de641ae97795bc176b
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

feat(el3-spmc): update FFA_MEM_PERM_GET interface

Update FFA_MEM_PERM_GET interface
according to FF-A v1.3 memory management protocol modification [0].
This adds one input/output parameter with page

feat(el3-spmc): update FFA_MEM_PERM_GET interface

Update FFA_MEM_PERM_GET interface
according to FF-A v1.3 memory management protocol modification [0].
This adds one input/output parameter with page_count
to set search range and get the range having the same
permission from base_va.

This change is backward compatible with former FF-A v1.2 interface.

Links: https://developer.arm.com/documentation/den0140/latest/
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Change-Id: I5c9679c9da1126b1df65f22a803776029ab52b12

show more ...

feat(libc): add __2snprintf alias for armclang-specific name mangling

The Arm Compiler (armclang) toolchain replaces standard library calls
like `snprintf` with renamed versions such as `__2snprintf

feat(libc): add __2snprintf alias for armclang-specific name mangling

The Arm Compiler (armclang) toolchain replaces standard library calls
like `snprintf` with renamed versions such as `__2snprintf` in
generated object files and binaries. This name mangling is part of
armclang’s internal handling of standard functions and can lead to
undefined reference errors if these symbols are not defined.

To resolve this, this patch introduces a new assembly stub for
`__2snprintf` in AArch64-specific implementation.
This stub is a minimal alias that branch directly to the
underlying `snprintf` implementation. This mirrors the existing
solution for `__0printf`, `__1printf`, and `__2printf` aliases that
redirect to `printf`.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Id64d490fc3ff19ae619af03279f30338e8aa8bba

show more ...

fix(cpus): workaround for Cortex-X3 erratum 3213672

Cortex-X3 erratum 3213672 is a Cat B erratum that applies to
r0p0, r1p0, r1p1 and r1p2. It is still open.

This erratum can be worked around by se

fix(cpus): workaround for Cortex-X3 erratum 3213672

Cortex-X3 erratum 3213672 is a Cat B erratum that applies to
r0p0, r1p0, r1p1 and r1p2. It is still open.

This erratum can be worked around by setting CPUACTLR_EL1[36]
before enabling icache.

SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2055130/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ia1c03217f4e1816b4e8754a090cf5bc17546be40

show more ...

fix(cpus): workaround for Cortex-X3 erratum 3827463

Cortex-X3 erratum 3827463 is a Cat B erratum that applies to
r0p0, r1p0 and r1p1. It is fixed in r1p2.

This erratum can be avoided by setting CPU

fix(cpus): workaround for Cortex-X3 erratum 3827463

Cortex-X3 erratum 3827463 is a Cat B erratum that applies to
r0p0, r1p0 and r1p1. It is fixed in r1p2.

This erratum can be avoided by setting CPUACTLR_EL1[1]
prior to enabling MMU. This bit will disable a branch predictor
power savings feature. Disabling this power feature
results in negligible power movement and no performance impact.

SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2055130/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I1d4a2b9641400d8b9061f7cb32a8312c3995613e

show more ...

fix(cpus): workaround for Cortex-X3 erratum 3692984

Cortex-X3 erratum 3692984 is a Cat B erratum that applies to
r0p0, r1p0, r1p1 and r1p2 and is still open.

The erratum can be avoided by disabling

fix(cpus): workaround for Cortex-X3 erratum 3692984

Cortex-X3 erratum 3692984 is a Cat B erratum that applies to
r0p0, r1p0, r1p1 and r1p2 and is still open.

The erratum can be avoided by disabling the
affected prefetcher setting CPUACTLR6_EL1[41].

SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2055130/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I054b47d33fd1ff7bde3ae12e8ee3d99e9203965f

show more ...

feat(cpufeat): add support for FEAT_FGWTE3

Enable write traps for key EL3 system registers as per FEAT_FGWTE3,
ensuring their values remain unchanged after boot.

Excluded Registers:
MDCR_EL3 and MP

feat(cpufeat): add support for FEAT_FGWTE3

Enable write traps for key EL3 system registers as per FEAT_FGWTE3,
ensuring their values remain unchanged after boot.

Excluded Registers:
MDCR_EL3 and MPAM3_EL3: Not trapped as they are part of the EL3 context.
SCTLR_EL3: Not trapped since it is overwritten during
powerdown sequence(Included when HW_ASSISTED_COHERENCY=1)

TPIDR_EL3: Excluded due to its use in crash reporting(It is included
when CRASH_REPORTING=0)

Reference:
https://developer.arm.com/documentation/ddi0601/2025-06/AArch64-Registers/FGWTE3-EL3--Fine-Grained-Write-Traps-EL3

Change-Id: Idcb32aaac7d65a0b0e5c90571af00e01a4e9edb1
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>

show more ...

Merge changes from topic "xlnx_fix_gen_op_datatype" into integration

* changes:
fix(el3-runtime): typecast operands to match data type
fix(arm): typecast operands to match data type

Merge "fix(psci): add missing curly braces" into integration

fix(el3-runtime): typecast operands to match data type

This corrects the MISRA violation C2012-10.3:
The value of an expression shall not be assigned to an object with a
narrower essential type or o

fix(el3-runtime): typecast operands to match data type

This corrects the MISRA violation C2012-10.3:
The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category.
Replaced usage of 'unsigned int' with 'size_t' to ensure type
consistency and prevent assignment to a narrower or different
essential type.

Change-Id: I79501e216a04753ebd005d64375357b9332440d9
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>

show more ...

Merge "feat(locks): add non-blocking spinlock_try() API" into integration

refactor(cm): gather per-world context management to the same place

The per-world calls are disparate - they get called in different places,
are guarded in different ways, and the code is apart.

Si

refactor(cm): gather per-world context management to the same place

The per-world calls are disparate - they get called in different places,
are guarded in different ways, and the code is apart.

Since they just need to be called once at boot, add a function that we
can call from BL31 and be done with it.

Change-Id: Id0ade302e35f2b00ca37c552a53038942ab7b58e
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(psci): initialise variable to default zero

This corrects the MISRA violation C2012-9.1:

The value of an object with automatic storage duration shall
not be read before it has been set.Initializ

fix(psci): initialise variable to default zero

This corrects the MISRA violation C2012-9.1:

The value of an object with automatic storage duration shall
not be read before it has been set.Initialized the variable
to default value zero.

Change-Id: Ib3a2a853b82ce3c3ba1f518705d7ac2e01130e37
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Signed-off-by: Saivardhan Thatikonda <saivardhan.thatikonda@amd.com>

show more ...

fix(psci): add missing curly braces

This corrects the MISRA violation C2012-15.6:

The body of an iteration-statement or a selection-statement
shall be a compound-statement.Enclosed statement body w

fix(psci): add missing curly braces

This corrects the MISRA violation C2012-15.6:

The body of an iteration-statement or a selection-statement
shall be a compound-statement.Enclosed statement body within
the curly braces.

Change-Id: Ibd402a52e44e59d1c37613d8925aac8e115aa31c
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Signed-off-by: Saivardhan Thatikonda <saivardhan.thatikonda@amd.com>

show more ...

Merge "fix(cpus): workaround for Cortex-A710 erratum 1927200" into integration

fix(psci): do not modify higher levels for standby in OSI mode

The OSI mode for the CPU standby fast path updates the requested power
states incorrectly. psci_update_req_local_pwr_states() will not

fix(psci): do not modify higher levels for standby in OSI mode

The OSI mode for the CPU standby fast path updates the requested power
states incorrectly. psci_update_req_local_pwr_states() will not bother
saving level 0. It will also clamp the level it accesses to the
end_pwrlvl argument. Well, in the fast path, this argument is always 0
(as a condition of entering the fast path). The result is that it reads
the level 0 power state (retention) and writes it to the level 1 power
state, even though by definition, the fast path will not update higher
power levels.

The fix is to pass PLAT_MAX_PWR_LVL instead of target_pwrlvl to
psci_update_req_local_pwr_states(). However, doing that makes it
apparent that this call will not change anything and therefore there is
nothing to save - the level 0 power state is written by
psci_set_cpu_local_state(). So the save + restore are redundant. Remove
them to save on a bunch of work.

Another thing that is not considered is locking. No locks are held in
the fast path, so these updates are not safe.

Change-Id: Icc785df87b294b938b59705116369abd80ccf4da
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "build(handoff)!: switch to LibTL submodule" into integration

fix(psci): typecast operands to match data type

This corrects the MISRA violation C2012-10.3:
The value of an expression shall not be assigned to an object with a
narrower essential type or of a dif

fix(psci): typecast operands to match data type

This corrects the MISRA violation C2012-10.3:
The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.

Change-Id: Ic4a109cb55fdf9b60c8d26df68f61811b59a1a9f
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>

show more ...

build(handoff)!: switch to LibTL submodule

Removes in-tree Transfer List implementation and updates all references
to use the external LibTL submodule. Updates include paths, Makefile
macros, and pl

build(handoff)!: switch to LibTL submodule

Removes in-tree Transfer List implementation and updates all references
to use the external LibTL submodule. Updates include paths, Makefile
macros, and platform integration logic to link with LibTL as a static
library.

If you cloned TF-A without the `--recurse-submodules` flag, you can
ensure that this submodule is present by running:

git submodule update --init --recursive

BREAKING-CHANGE: LibTL is now included in TF-A as a submodule.
Please run `git submodule update --init --recursive` if you encounter
issues after migrating to the latest version of TF-A.

Change-Id: I1fa31f7b730066c27985d968698e553b00b07c38
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge "perf(bl31): convert cpu_data fetching to C" into integration

perf(bl31): convert cpu_data fetching to C

The assembly routines are opaque to the compiler and it can't inline
them. There is also no requirement for them to be called without a
stack - each of the

perf(bl31): convert cpu_data fetching to C

The assembly routines are opaque to the compiler and it can't inline
them. There is also no requirement for them to be called without a
stack - each of their calls has a stack available. So convert them to C
so that the compiler can do its inlining magic.

On AArch32 we need to be able to call _cpu_data from the entrypoint so
it has to stay as a slight exception.

We can also straighten out the type of the cpu_ops_ptr member so we
don't have to cast it everywhere.

Change-Id: I9c2939a955b396edf26b99ef36318eebeaab13e6
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes I1fae91a5,I54793492,I703f0e6e into integration

* changes:
fix(cpus): workaround for Cortex-A710 erratum 1917258
fix(cpus): workaround for Cortex-A710 erratum 1916945
fix(cpus): w

Merge changes I1fae91a5,I54793492,I703f0e6e into integration

* changes:
fix(cpus): workaround for Cortex-A710 erratum 1917258
fix(cpus): workaround for Cortex-A710 erratum 1916945
fix(cpus): workaround for Cortex-A710 erratum 1901946

show more ...

fix(cpus): workaround for Cortex-A710 erratum 1927200

Cortex-A710 erratum 1927200 is a Cat B erratum that applies
to revisions r0p0 and r1p0 and is fixed in r2p0.

The fix is to insert DMB ST before

fix(cpus): workaround for Cortex-A710 erratum 1927200

Cortex-A710 erratum 1927200 is a Cat B erratum that applies
to revisions r0p0 and r1p0 and is fixed in r2p0.

The fix is to insert DMB ST before acquire atomic instructions
without release semantics via instruction patching.

SDEN documentation:
https://developer.arm.com/documentation/SDEN1775101

Change-Id: I53c4aa17c1c2dc85b68f17d58f93bb1ee6b3d488
Signed-off-by: John Powell <john.powell@arm.com>

show more ...