| b0521a16 | 06-Sep-2024 |
Arvind Ram Prakash <arvind.ramprakash@arm.com> |
fix(security): add CVE-2024-7881 mitigation to Cortex-X3
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Cortex-X3 CPU.
[1]: https://developer.arm.com/Arm%20Security%20
fix(security): add CVE-2024-7881 mitigation to Cortex-X3
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Cortex-X3 CPU.
[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: I410517d175a80fc6f459fa6ce5c30c0a38db9eaf
show more ...
|
| 037a15f5 | 06-Sep-2024 |
Arvind Ram Prakash <arvind.ramprakash@arm.com> |
fix(security): add CVE-2024-7881 mitigation to Neoverse-V3
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Neoverse-V3 CPU.
[1]: https://developer.arm.com/Arm%20Securit
fix(security): add CVE-2024-7881 mitigation to Neoverse-V3
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Neoverse-V3 CPU.
[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: Ib5c644895b8c76d3c7e8b5e6e98d7b9afef7f1ec
show more ...
|
| 56bb1d17 | 06-Sep-2024 |
Arvind Ram Prakash <arvind.ramprakash@arm.com> |
fix(security): add CVE-2024-7881 mitigation to Neoverse-V2
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Neoverse-V2 CPU.
[1]: https://developer.arm.com/Arm%20Securit
fix(security): add CVE-2024-7881 mitigation to Neoverse-V2
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Neoverse-V2 CPU.
[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: I129814eb3494b287fd76a3f7dbc50f76553b2565
show more ...
|
| 520c2207 | 06-Sep-2024 |
Arvind Ram Prakash <arvind.ramprakash@arm.com> |
fix(security): add CVE-2024-7881 mitigation to Cortex-X925
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Cortex-X925 CPU.
[1]: https://developer.arm.com/Arm%20Securit
fix(security): add CVE-2024-7881 mitigation to Cortex-X925
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Cortex-X925 CPU.
[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: I53e72e4dbc8937cea3c344a5ba04664c50a0792a
show more ...
|
| 6ce6acac | 06-Sep-2024 |
Arvind Ram Prakash <arvind.ramprakash@arm.com> |
fix(security): add CVE-2024-7881 mitigation to Cortex-X4
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Cortex-X4 CPU.
[1]: https://developer.arm.com/Arm%20Security%20
fix(security): add CVE-2024-7881 mitigation to Cortex-X4
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Cortex-X4 CPU.
[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: I0bec96d4f71a08a89c6612e272ecfb173f80da20
show more ...
|
| 23721794 | 06-Sep-2024 |
Arvind Ram Prakash <arvind.ramprakash@arm.com> |
fix(security): enable WORKAROUND_CVE_2024_7881 build option
This patch enables build option needed to include support for CVE_2024_7881 [1] migitation.
[1]: https://developer.arm.com/Arm%20Security
fix(security): enable WORKAROUND_CVE_2024_7881 build option
This patch enables build option needed to include support for CVE_2024_7881 [1] migitation.
[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: Id77f82a4dfaa4422729f7e3f2429f47cc90d9782
show more ...
|
| b53089d8 | 27-Jan-2025 |
Manish Pandey <manish.pandey2@arm.com> |
Merge "feat(pmuv3): setup per world MDCR_EL3" into integration |
| c95aa2eb | 14-Jan-2025 |
Mateusz Sulimowicz <matsul@google.com> |
feat(pmuv3): setup per world MDCR_EL3
MDCR_EL3 register will context switch across all worlds. Thus the pmuv3 init has to be part of context management initialization.
Change-Id: I10ef7a3071c0fc5c1
feat(pmuv3): setup per world MDCR_EL3
MDCR_EL3 register will context switch across all worlds. Thus the pmuv3 init has to be part of context management initialization.
Change-Id: I10ef7a3071c0fc5c11a93d3c9c2a95ec8c6493bf Signed-off-by: Mateusz Sulimowicz <matsul@google.com>
show more ...
|
| f532cd30 | 15-Jan-2025 |
Govindraj Raja <govindraj.raja@arm.com> |
Merge changes I137f69be,Ia2e7168f,I0e569d12,I614272ec,Ib68293f2 into integration
* changes: perf(psci): pass my_core_pos around instead of calling it repeatedly refactor(psci): move timestamp co
Merge changes I137f69be,Ia2e7168f,I0e569d12,I614272ec,Ib68293f2 into integration
* changes: perf(psci): pass my_core_pos around instead of calling it repeatedly refactor(psci): move timestamp collection to psci_pwrdown_cpu refactor(psci): factor common code out of the standby finisher refactor(psci): don't use PSCI_INVALID_PWR_LVL to signal OFF state docs(psci): drop outdated cache maintenance comment
show more ...
|
| 6b8df7b9 | 09-Jan-2025 |
Arvind Ram Prakash <arvind.ramprakash@arm.com> |
feat(mops): enable FEAT_MOPS in EL3 when INIT_UNUSED_NS_EL2=1
FEAT_MOPS, mandatory from Arm v8.8, is typically managed in EL2. However, in configurations where NS_EL2 is not enabled, EL3 must set th
feat(mops): enable FEAT_MOPS in EL3 when INIT_UNUSED_NS_EL2=1
FEAT_MOPS, mandatory from Arm v8.8, is typically managed in EL2. However, in configurations where NS_EL2 is not enabled, EL3 must set the HCRX_EL2.MSCEn bit to 1 to enable the feature.
This patch ensures FEAT_MOPS is enabled by setting HCRX_EL2.MSCEn to 1.
Change-Id: Ic4960e0cc14a44279156b79ded50de475b3b21c5 Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
show more ...
|
| 3b802105 | 06-Nov-2024 |
Boyan Karatotev <boyan.karatotev@arm.com> |
perf(psci): pass my_core_pos around instead of calling it repeatedly
On some platforms plat_my_core_pos is a nontrivial function that takes a bit of time and the compiler really doesn't like to inli
perf(psci): pass my_core_pos around instead of calling it repeatedly
On some platforms plat_my_core_pos is a nontrivial function that takes a bit of time and the compiler really doesn't like to inline. In the PSCI library, at least, we have no need to keep repeatedly calling it and we can instead pass it around as an argument. This saves on a lot of redundant calls, speeding the library up a bit.
Change-Id: I137f69bea80d7cac90d7a20ffe98e1ba8d77246f Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 9b1e800e | 10-Oct-2024 |
Boyan Karatotev <boyan.karatotev@arm.com> |
refactor(psci): move timestamp collection to psci_pwrdown_cpu
psci_pwrdown_cpu has two callers, both of which save timestamps meant to measure how much time the cache maintenance operations take. Mo
refactor(psci): move timestamp collection to psci_pwrdown_cpu
psci_pwrdown_cpu has two callers, both of which save timestamps meant to measure how much time the cache maintenance operations take. Move the timestamp collection inside to save on a bit of code duplication.
Change-Id: Ia2e7168faf7773d99b696cbdb6c98db7b58e31cf Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 44ee7714 | 30-Sep-2024 |
Boyan Karatotev <boyan.karatotev@arm.com> |
refactor(psci): factor common code out of the standby finisher
psci_suspend_to_standby_finisher and psci_cpu_suspend_finish do mostly the same stuff, besides the system management associated with th
refactor(psci): factor common code out of the standby finisher
psci_suspend_to_standby_finisher and psci_cpu_suspend_finish do mostly the same stuff, besides the system management associated with their respective wakeup paths. So bring the wake from standby path in line with the wake from reset path - caller acquires locks and manages context. This way both behave in vaguely the same way. We can also bring their names in line so it's more apparent how they are different.
This is in preparation for cores waking from sleep, coming in another patch. No functional change is expected.
Change-Id: I0e569d12f65d231606080faa0149d22efddc386d Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 0c836554 | 30-Sep-2024 |
Boyan Karatotev <boyan.karatotev@arm.com> |
refactor(psci): don't use PSCI_INVALID_PWR_LVL to signal OFF state
The target_pwrlvl field in the psci cpu data struct only stores the highest power domain that a CPU_SUSPEND call affected, and is u
refactor(psci): don't use PSCI_INVALID_PWR_LVL to signal OFF state
The target_pwrlvl field in the psci cpu data struct only stores the highest power domain that a CPU_SUSPEND call affected, and is used to resume those same domains on warm reset. If the cpu is otherwise OFF (never turned on or CPU_OFF), then this needs to be the highest power level because we don't know the highest level that will be off.
So skip the invalidation and always keep the field to the maximum value. During suspend the field will be lowered to the appropriate value and then put back after wakeup.
Also, do that in the suspend to standby path as well as it will have been written before the sleep and it might end up incorrect.
Change-Id: I614272ec387e1d83023c94700780a0f538a9a6b6 Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 39fba640 | 30-Sep-2024 |
Boyan Karatotev <boyan.karatotev@arm.com> |
docs(psci): drop outdated cache maintenance comment
The comment was written when cache maintenance had to be considered when calling this function. But that argument was dropped a while back and thi
docs(psci): drop outdated cache maintenance comment
The comment was written when cache maintenance had to be considered when calling this function. But that argument was dropped a while back and this comment no longer makes any sense.
Change-Id: Ib68293f23cc3edca3010164dfe8866956b8e1a63 Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 13f4a252 | 10-Jan-2025 |
Boyan Karatotev <boyan.karatotev@arm.com> |
fix(cm): change back owning security state when a feature is disabled
Patch fc7dca72ba656e5f147487b20f9f0fb6eb39e116 changed the owning security states of the TRBE and SPE buffers to NS. The thinkin
fix(cm): change back owning security state when a feature is disabled
Patch fc7dca72ba656e5f147487b20f9f0fb6eb39e116 changed the owning security states of the TRBE and SPE buffers to NS. The thinking was that this would assist SMCCC feature availability to more easily determine if the feature is enabled or disabled. However, that only changed bit 0 while the SMCCC feature only looks at bit 1 so this change is redundant.
It was also meant to tighten security but that was done by 73d98e37593f4a4044dd28f52127cdc890911c0c instead.
Annoyingly, FEAT_TRBE has TRBIDR_EL1 which reports that programming is allowed when the current security state owns the buffer even when the MDCR_EL3 setting disallows this in practice.
So revert the functional aspect of the patch as it causes linux panics with ERRATA_A520_2938996. Keep the defines as they are used elsewhere.
Change-Id: I39463d585df89aee44d1996137616da85d678f41 Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 79c0c7fa | 10-Dec-2024 |
Boyan Karatotev <boyan.karatotev@arm.com> |
refactor(cm): clean up per-world context
In preparation for SMCCC_ARCH_FEATURE_AVAILABILITY, it is useful for context to be directly related to the underlying system. Currently, certain bits like SC
refactor(cm): clean up per-world context
In preparation for SMCCC_ARCH_FEATURE_AVAILABILITY, it is useful for context to be directly related to the underlying system. Currently, certain bits like SCR_EL3.APK are always set with the understanding that they will only take effect if the feature is present.
However, that is problematic for SMCCC_ARCH_FEATURE_AVAILABILITY (an SMCCC call to report which features firmware enables), as simply reading the enable bit may contradict the ID register, like the APK bit above for a system with no Pauth present.
This patch is to clean up these cases. Add a check for PAuth's presence so that the APK bit remains unset if not present. Also move SPE and TRBE enablement to only the NS context. They already only enable the features for NS only and disable them for Secure and Realm worlds. This change only makes these worlds' context read 0 for easy bitmasking.
There's only a single snag on SPE and TRBE. Currently, their fields have the same values and any world asymmetry is handled by hardware. Since we don't want to do that, the buffers' ownership will change if we just set the fields to 0 for non-NS worlds. Doing that, however, exposes Secure state to a potential denial of service attack - a malicious NS can enable profiling and call an SMC. Then, the owning security state will change and since no SPE/TRBE registers are contexted, Secure state will start generating records. Always have NS world own the buffers to prevent this.
Finally, get rid of manage_extensions_common() as it's just a level of indirection to enable a single feature.
Change-Id: I487bd4c70ac3e2105583917a0e5499e0ee248ed9 Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| fc7dca72 | 16-Dec-2024 |
Boyan Karatotev <boyan.karatotev@arm.com> |
refactor(cm): change owning security state when a feature is disabled
SPE and TRBE don't have an outright EL3 disable, there are only constraints on what's allowed. Since we only enable them for NS
refactor(cm): change owning security state when a feature is disabled
SPE and TRBE don't have an outright EL3 disable, there are only constraints on what's allowed. Since we only enable them for NS at the moment, we want NS to own the buffers even when the feature should be "disabled" for a world. This means that when we're running in NS everything is as normal but when running in S/RL then tracing is prohibited (since the buffers are owned by NS). This allows us to fiddle with context a bit more without having to context switch registers.
Change-Id: Ie1dc7c00e4cf9bcc746f02ae43633acca32d3758 Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| b41b9997 | 19-Dec-2024 |
Manish Pandey <manish.pandey2@arm.com> |
Merge changes from topic "bk/smccc_feature" into integration
* changes: fix(trbe): add a tsb before context switching fix(spe): add a psb before updating context and remove context saving |
| fded3a48 | 18-Dec-2024 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge changes from topic "hm/heap-info" into integration
* changes: fix(handoff): remove XFERLIST_TB_FW_CONFIG feat(arm): migrate heap info to fw handoff feat(mbedtls): introduce crypto lib he
Merge changes from topic "hm/heap-info" into integration
* changes: fix(handoff): remove XFERLIST_TB_FW_CONFIG feat(arm): migrate heap info to fw handoff feat(mbedtls): introduce crypto lib heap info struct feat(handoff): add Mbed-TLS heap info entry tag refactor(arm): refactor secure TL initialization fix(handoff): fix message formatting of hex values feat(handoff): add func to check and init a tl fix(arm): resolve dangling comments around macros
show more ...
|
| 24e1ae2f | 28-Nov-2024 |
Harrison Mutai <harrison.mutai@arm.com> |
fix(handoff): fix message formatting of hex values
Our implementation of printf does not support flag format specifiers. Our previous format specification as a result was causing the integer values
fix(handoff): fix message formatting of hex values
Our implementation of printf does not support flag format specifiers. Our previous format specification as a result was causing the integer values to be omitted. This change updates the formatting to ensure accurate and complete error messages are displayed.
Change-Id: I80cfb5fd7ff26e44cfad4e06803d9e0912488136 Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
show more ...
|
| f1d94593 | 06-Nov-2024 |
Harrison Mutai <harrison.mutai@arm.com> |
feat(handoff): add func to check and init a tl
Add a function to check whether a transfer list has been initialized at the input address. If not, initialize a transfer list at the specified location
feat(handoff): add func to check and init a tl
Add a function to check whether a transfer list has been initialized at the input address. If not, initialize a transfer list at the specified location with the given size. This is to help ensure that we don't accidently overwrite a transfer list that's been passed from a previous stage.
Change-Id: Ic5906626df09d3801435488e258490765e8f81eb Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
show more ...
|
| ebc090fb | 03-Jun-2024 |
Sona Mathew <sonarebecca.mathew@arm.com> |
fix(cpus): workaround for CVE-2024-5660 for Cortex-X925
Implements mitigation for CVE-2024-5660 that affects Cortex-X925 revisions r0p0, r0p1. The workaround is to disable the hardware page aggregat
fix(cpus): workaround for CVE-2024-5660 for Cortex-X925
Implements mitigation for CVE-2024-5660 that affects Cortex-X925 revisions r0p0, r0p1. The workaround is to disable the hardware page aggregation at EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I9d5a07ca6b89b27d8876f4349eff2af26c962d8a Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
show more ...
|
| 5b58142c | 18-Jun-2024 |
Sona Mathew <sonarebecca.mathew@arm.com> |
fix(cpus): workaround for CVE-2024-5660 for Cortex-X2
Implements mitigation for CVE-2024-5660 that affects Cortex-X2 revisions r0p0, r1p0, r2p0, r2p1. The workaround is to disable the hardware page
fix(cpus): workaround for CVE-2024-5660 for Cortex-X2
Implements mitigation for CVE-2024-5660 that affects Cortex-X2 revisions r0p0, r1p0, r2p0, r2p1. The workaround is to disable the hardware page aggregation at EL3 by setting CPUECTLR_EL1[46] = 1'b1
Public Documentation: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: If28804e154617a39d7d52c40b3a00a14a39df929 Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
show more ...
|
| aed3e8b5 | 23-May-2024 |
Sona Mathew <sonarebecca.mathew@arm.com> |
fix(cpus): workaround for CVE-2024-5660 for Cortex-A77
Implements mitigation for CVE-2024-5660 that affects Cortex-A77 revisions r0p0, r1p0, r1p1. The workaround is to disable the hardware page aggr
fix(cpus): workaround for CVE-2024-5660 for Cortex-A77
Implements mitigation for CVE-2024-5660 that affects Cortex-A77 revisions r0p0, r1p0, r1p1. The workaround is to disable the hardware page aggregation at EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: Ic71b163883ea624e9f2f77deb8b30c69612938b9 Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
show more ...
|