Merge "fix(build): set ERRATA_SPECULATIVE_AT after platform.mk" into integration

fix(build): set ERRATA_SPECULATIVE_AT after platform.mk

This was introduced in
289737419: fix(build): align the cpu-ops flags with all others

That patch reduced cpu-ops.mk to an elaborate defaults.

fix(build): set ERRATA_SPECULATIVE_AT after platform.mk

This was introduced in
289737419: fix(build): align the cpu-ops flags with all others

That patch reduced cpu-ops.mk to an elaborate defaults.mk and moved it
before platform.mk was evaluated. However, that patch missed the
ERRATA_SPECULATIVE_AT setting which must happen after platform.mk,
otherwise its value will not reflect errata state. So put it in the main
Makefile with other similar flag settings after platform.mk.

Change-Id: I221dab39c417531c5a148886d3e29709ba8b51a8
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(cpufeat): don't overwrite PAuth keys with an erroneous cache clean

Accessing cpu_data when TF-A is built with HW_ASSISTED_COHERENCY=1 is
simple. Caching (SCTLR_EL3.C) is enabled along with the M

fix(cpufeat): don't overwrite PAuth keys with an erroneous cache clean

Accessing cpu_data when TF-A is built with HW_ASSISTED_COHERENCY=1 is
simple. Caching (SCTLR_EL3.C) is enabled along with the MMU and we can
rely on all accesses being coherent. However, this is not the case when
HW_ASSISTED_COHERENCY=0. Most of EL3's initialisation (especially on
warm boot) happens with the MMU on but with caching being off. Caches
are only enabled deep into CPU_ON processing when we can be certain the
core has entered coherency. This latter case is the subject of this
patch.

Prior to this patch, the way to work around that was to clean the
apiakey cpu_data storage right after writing it. The write would have
gone straight to memory as caches were off and the clean asserted that
nothing would be in the caches which were assumed to be invalid since
we've just came out of reset.

The problem with this is that we cannot assume that ALL caches are
invalid when coming out of reset. We can reasonably assume those private
to the core to be (so the L1 and/or the L2; those are guaranteed to be
invalidated out of reset for every Arm core) but that is not the case
for shared caches (eg an L2/L3 DSU cache) which can be on when a core
powers down. So the old keys could still be live in the shared cache, we
write new ones to memory and clean the old to memory too, undoing the
work.

So the correct thing to do is to clean and invalidate the cache prior to
writing the keys to memory and invalidate it after. This ensures that if
there is any other data after the apiakey, which shares the cache line,
it will be safely forwarded to memory and the caches will be invalid
when caching is turned on.

It is important to note at this point that this was never observed in
practice - every known configuration that uses PAuth has the apiakey as
the very last member of the cpu_data struct which is padded up to a
cache line and the usage of the apiakey is such that it was never
allocated into the shared caches. So the clean would effectively perform
an invalidate of only the apiakey and all worked well. This was only
spotted with a proposed patch that added data after the apiakey
(https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/39698/7).

Change-Id: I8493221dff53114c5c56dd73fbfd2a3301e2542c
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "fix(context-mgmt): correct guards for PIE and POE registers" into integration

Merge changes from topic "bk/simpler_panic" into integration

* changes:
fix(aarch64): do not print EL1 registers on EL3 panic
refactor(el3-runtime): streamline cpu_data assembly offsets using th

Merge changes from topic "bk/simpler_panic" into integration

* changes:
fix(aarch64): do not print EL1 registers on EL3 panic
refactor(el3-runtime): streamline cpu_data assembly offsets using the cpu_ops template

show more ...

feat(build): set CRYPTO_SUPPORT macro per BL

Moving the setting of CRYPTO_SUPPORT from the main Makefile to
individual component makefiles using the new build macro
make_defines for each BL-specific

feat(build): set CRYPTO_SUPPORT macro per BL

Moving the setting of CRYPTO_SUPPORT from the main Makefile to
individual component makefiles using the new build macro
make_defines for each BL-specific CPPFLAGS.

Rework romlib build command to use CRYPTO_LIB to determine mbedtls need
instead of CRYPTO_SUPPORT. If CRYPTO_SUPPORT is set for any component,
then CRYPTO_LIB will be filled, romlib can use this instead.

Add a convenience makefile macro for setting CRYPTO_SUPPORT from
component specific makefiles, have components call the macro based on
whether authenication verification (NEED_AUTH) and/or hash calculation
(NEED_HASH) is required for the specific boot stage.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I7e81fede74fb9c04694b022e8eebed460616565c

show more ...

fix(context-mgmt): correct guards for PIE and POE registers

At the moment access to the POR_EL2 system register is guarded by
either FEAT_S1POE or FEAT_S2POE being implemented. However this
register

fix(context-mgmt): correct guards for PIE and POE registers

At the moment access to the POR_EL2 system register is guarded by
either FEAT_S1POE or FEAT_S2POE being implemented. However this
register exists only with FEAT_S1POE, and the two features are
independent from each other.

Similarly access to PIRE0_EL2 and PIR_EL2 is guarded by either
FEAT_S1PIE or FEAT_S2PIE yet these only exist with FEAT_S1PIE, with the
two features also independent of each other.

Change the guards to only look at FEAT_S1PIE/FEAT_S1POE, to fix crashes
when FEAT_S2PIE/FEAT_S2POE is implemented, but FEAT_S1PIE/FEAT_S1POE is
not.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
Change-Id: I5d145c0f1b388e7bdade94920b6bf5f2d7eebfcd

show more ...

feat(cpus): add support for Dionysus cpu library

Add basic CPU library code to support the Dionysus CPU.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I4e6b3c7e7369b7cbf0

feat(cpus): add support for Dionysus cpu library

Add basic CPU library code to support the Dionysus CPU.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I4e6b3c7e7369b7cbf0e18d295e5ef5352f621e44

show more ...

fix(build): align the cpu-ops flags with all others

Since the cpu-ops file was created we've obtained the constraints.mk and
cflags.mk files and we also have the defaults.mk. The cpu-ops file is
not

fix(build): align the cpu-ops flags with all others

Since the cpu-ops file was created we've obtained the constraints.mk and
cflags.mk files and we also have the defaults.mk. The cpu-ops file is
not much different to these three, just much more complex. This patch
keeps the complicated bit in cpu-ops.mk but it makes it behave like
defaults.mk. The non-complicated bits (like cross referencing and
compiler flags) go to their corresponding files. This centralises
responsibilities and makes it nicer to keep track of.

The reason for doing this untangling is that the order of defaulting,
cross referencing, and compiler flag selection is significant and we can
run into problems where seemingly identical lines of code produce
different outcomes.

Change-Id: Id4b7714e432a0d628d33412836fd5c93f0488970
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "lfa-prime-error-handling" into integration

* changes:
fix(locks): mark spin_trylock as a public function
fix(lfa): check error code from plat_lfa_load_auth_image

Merge changes Ifbc5ab02,Ib9002609,I0276257d into integration

* changes:
fix(fvp): initialise the event log's size to avoid using gibberish values
fix(tsp): keep the tsp D128 unaware, not the dis

Merge changes Ifbc5ab02,Ib9002609,I0276257d into integration

* changes:
fix(fvp): initialise the event log's size to avoid using gibberish values
fix(tsp): keep the tsp D128 unaware, not the dispatcher
fix(dice): prevent compiler warnings

show more ...

Merge "fix(cm): correctly restore BL2's context" into integration

feat(cpufeat): enable FEAT_PFAR support

Implement support for FEAT_PFAR, which introduces the PFAR_ELx system
register, recording the faulting physical address for some aborts.
Those system register

feat(cpufeat): enable FEAT_PFAR support

Implement support for FEAT_PFAR, which introduces the PFAR_ELx system
register, recording the faulting physical address for some aborts.
Those system registers are trapped by the SCR_EL3.PFARen bit, so set the
bit for the non-secure world context to allow OSes to use the feature.

This is controlled by the ENABLE_FEAT_PFAR build flag, which follows the
usual semantics of 2 meaning the feature being runtime detected.
Let the default for this flag be 0, but set it to 2 for the FVP.

Change-Id: I5c9ae750417e75792f693732df3869e02b6e4319
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge "feat(cpufeat): enable FEAT_AIE support" into integration

fix(dice): prevent compiler warnings

LTO builds make the compiler observe possible unitialised accesses.
That's not the case, but calm it down with a 0. It also doesn't like the
declaration mismatch

fix(dice): prevent compiler warnings

LTO builds make the compiler observe possible unitialised accesses.
That's not the case, but calm it down with a 0. It also doesn't like the
declaration mismatch in tc so bring it in line.

Change-Id: I0276257d05d1cb1d4f7e1e0d914c48c8ab3d308d
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(locks): mark spin_trylock as a public function

This patch updates spinlock.S to make the spin_trylock helper
function as public. This will allow other parts of the TF-A
to use this function.

Ch

fix(locks): mark spin_trylock as a public function

This patch updates spinlock.S to make the spin_trylock helper
function as public. This will allow other parts of the TF-A
to use this function.

Change-Id: Id264a36490707a9377a221ed2b5bd27ca90bf459
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Merge changes from topic "gr/cpu_lib" into integration

* changes:
feat(cpus): add support for caddo cpu
feat(cpus): add support for veymont cpu

Merge changes Id711e387,I531a2ee1,Ic5b48514,I81f5f663,I6c529c13, ... into integration

* changes:
refactor(romlib): absorb WRAPPER_FLAGS into LDFLAGS
fix(build): simplify the -target options
fe

Merge changes Id711e387,I531a2ee1,Ic5b48514,I81f5f663,I6c529c13, ... into integration

* changes:
refactor(romlib): absorb WRAPPER_FLAGS into LDFLAGS
fix(build): simplify the -target options
feat(build): allow full LTO builds with clang
refactor(build): make sorting of sections generic
feat(build): use clang as a linker
fix(build): correctly detect that an option is missing with ld_option
feat(build): pass cflags to the linker when LTO is enabled

show more ...

Merge changes from topic "gr/spectre_bhb_updates" into integration

* changes:
fix(security): fix Neoverse V2 CVE-2022-23960
fix(security): fix Cortex-X3 CVE-2022-23960
fix(security): fix Corte

Merge changes from topic "gr/spectre_bhb_updates" into integration

* changes:
fix(security): fix Neoverse V2 CVE-2022-23960
fix(security): fix Cortex-X3 CVE-2022-23960
fix(security): fix Cortex-A715 CVE-2022-23960
fix(security): fix spectre bhb loop count for Cortex-A720

show more ...

fix(cm): correctly restore BL2's context

We have a single context management library but two BLs that use it very
differently - BL1 and BL31. Configuring it correctly is quite tricky as
in the BL1 +

fix(cm): correctly restore BL2's context

We have a single context management library but two BLs that use it very
differently - BL1 and BL31. Configuring it correctly is quite tricky as
in the BL1 + BL2 + BL31 + spmd case we have it operate on both EL1 and
EL2 context (for BL1 and BL31 respectively).

Welp, we've got that wrong - BL1 will skip EL1's register initialisation
leaving it at the mercy of UNKNOWN registers' values. If they aren't as
we expect, things don't go well.

This is not the end of the world as BL1 is expected to be the first
thing to run and UNKNOWN values generally reset to things we find
acceptable. But add the correct BL1 carveouts so they are set up
correctly.

Change-Id: Ia0d5522ac0c9f4616dd124b10f0c2fdc823a0d87
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "fix(cm): deprecate use of NS_TIMER_SWITCH" into integration

feat(cpus): add support for caddo cpu

Add basic CPU library code to support Caddo CPU

Change-Id: I4b431771ebe6f23eb02f3301ff656cfcd4956f81
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

feat(cpus): add support for veymont cpu

Add basic CPU library code to support Veymont CPU

Change-Id: I44db5650e7c9cf8fcc368c935574f4702c373dae
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

Merge "refactor(build): avoid implicit pattern rules" into integration

feat(build): use clang as a linker

To support LTO, the gcc binary is used as a compiler, assembler, and
linker. Do the same for clang and enable LTO builds with it as a side
effect.

This simplifies

feat(build): use clang as a linker

To support LTO, the gcc binary is used as a compiler, assembler, and
linker. Do the same for clang and enable LTO builds with it as a side
effect.

This simplifies code quite a bit as the gcc/clang different is much
smaller. Support for ld/lld (if overriden with LD) is maintained.

This is a good time to convert tabs to spaces to conform to make's
expectations on syntax.

Change-Id: I6c529c1393f7e9e8046ed537f871fc3ad91d599a
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...