feat(sme): enable SME2 functionality for NS world

FEAT_SME2 is an extension of FEAT_SME and an optional feature
from v9.2. Its an extension of SME, wherein it not only
processes matrix operations ef

feat(sme): enable SME2 functionality for NS world

FEAT_SME2 is an extension of FEAT_SME and an optional feature
from v9.2. Its an extension of SME, wherein it not only
processes matrix operations efficiently, but also provides
outer-product instructions to accelerate matrix operations.
It affords instructions for multi-vector operations.
Further, it adds an 512 bit architectural register ZT0.

This patch implements all the changes introduced with FEAT_SME2
to ensure that the instructions are allowed to access ZT0
register from Non-secure lower exception levels.

Additionally, it adds support to ensure FEAT_SME2 is aligned
with the existing FEATURE DETECTION mechanism, and documented.

Change-Id: Iee0f61943304a9cfc3db8f986047b1321d0a6463
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

Merge "feat(gcs): support guarded control stack" into integration

feat(gcs): support guarded control stack

Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the c

feat(gcs): support guarded control stack

Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the current call stack without requiring a full stack
unwind. Enable access to this feature for EL2 and below, context
switching the newly added EL2 registers as appropriate.

Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I691aa7c22e3547bb3abe98d96993baf18c5f0e7b

show more ...

Merge "feat(pie/por): support permission indirection and overlay" into integration

feat(pie/por): support permission indirection and overlay

Arm v8.9 introduces a series of features providing a new way to set memory
permissions. Instead of directly encoding the permissions in the

feat(pie/por): support permission indirection and overlay

Arm v8.9 introduces a series of features providing a new way to set memory
permissions. Instead of directly encoding the permissions in the page
tables the PTEs contain indexes into an array of permissions stored in
system registers, allowing greater flexibility and density of encoding.

Enable access to these features for EL2 and below, context switching the
newly added EL2 registers as appropriate. Since all of FEAT_S[12]P[IO]E
are separately discoverable we have separate build time options for
enabling them, but note that there is overlap in the registers that they
implement and the enable bit required for lower EL access.

Change the FVP platform to default to handling them as dynamic options so
the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: Icf89e444e39e1af768739668b505661df18fb234

show more ...

Merge changes from topic "mb/rst-to-bl31-update" into integration

* changes:
docs: update RESET_TO_BL31 documentation
fix(bl31): avoid clearing of argument registers in RESET_TO_BL31 case
Reve

Merge changes from topic "mb/rst-to-bl31-update" into integration

* changes:
docs: update RESET_TO_BL31 documentation
fix(bl31): avoid clearing of argument registers in RESET_TO_BL31 case
Revert "docs(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"
Revert "feat(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"

show more ...

Merge changes from topic "jc/cpu_feat" into integration

* changes:
feat(cpufeat): enable FEAT_SVE for FEAT_STATE_CHECKED
feat(cpufeat): enable FEAT_SME for FEAT_STATE_CHECKED

feat(cpufeat): enable FEAT_SVE for FEAT_STATE_CHECKED

Add support for runtime detection (ENABLE_SVE_FOR_NS=2), by splitting
sve_supported() into an ID register reading function and a
second function

feat(cpufeat): enable FEAT_SVE for FEAT_STATE_CHECKED

Add support for runtime detection (ENABLE_SVE_FOR_NS=2), by splitting
sve_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SVE specific setup.

Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.

Change-Id: I1caaba2216e8e2a651452254944a003607503216
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

feat(cpufeat): enable FEAT_SME for FEAT_STATE_CHECKED

Add support for runtime detection (ENABLE_SME_FOR_NS=2), by splitting
feat_sme_supported() into an ID register reading function and a
second fun

feat(cpufeat): enable FEAT_SME for FEAT_STATE_CHECKED

Add support for runtime detection (ENABLE_SME_FOR_NS=2), by splitting
feat_sme_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SME specific setup.

Change the FVP platform default to the now supported dynamic option
(=2),so the right decision can be made by the code at runtime.

Change-Id: Ida9ccf737db5be20865b84f42b1f9587be0626ab
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

Merge changes from topic "psci-osi" into integration

* changes:
feat(sc7280): add support for PSCI_OS_INIT_MODE
feat(fvp): enable support for PSCI OS-initiated mode
feat(psci): update PSCI_FEA

Merge changes from topic "psci-osi" into integration

* changes:
feat(sc7280): add support for PSCI_OS_INIT_MODE
feat(fvp): enable support for PSCI OS-initiated mode
feat(psci): update PSCI_FEATURES
feat(psci): add support for OS-initiated mode
feat(psci): add support for PSCI_SET_SUSPEND_MODE
build(psci): add build option for OS-initiated mode
docs(psci): add design proposal for OS-initiated mode

show more ...

Merge changes from topic "feat_amu_rework" into integration

* changes:
refactor(amu): use new AMU feature check routines
refactor(amu): unify ENABLE_AMU and ENABLE_FEAT_AMUv1

refactor(amu): unify ENABLE_AMU and ENABLE_FEAT_AMUv1

So far we have the ENABLE_AMU build option to include AMU register
handling code for enabling and context switch. There is also an
ENABLE_FEAT_A

refactor(amu): unify ENABLE_AMU and ENABLE_FEAT_AMUv1

So far we have the ENABLE_AMU build option to include AMU register
handling code for enabling and context switch. There is also an
ENABLE_FEAT_AMUv1 option, solely to protect the HAFGRTR_EL2 system
register handling. The latter needs some alignment with the new feature
scheme, but it conceptually overlaps with the ENABLE_AMU option.

Since there is no real need for two separate options, unify both into a
new ENABLE_FEAT_AMU name in a first step. This is mostly just renaming at
this point, a subsequent patch will make use of the new feature handling
scheme.

Change-Id: I97d8a55bdee2ed1e1509fa9f2b09fd0bdd82736e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

build(psci): add build option for OS-initiated mode

Change-Id: Ie4f7b6a36926ab075ebb9c6507a3ff48ce5538fe
Signed-off-by: Wing Li <wingers@google.com>

Merge changes from topic "feat_state_part3" into integration

* changes:
refactor(cpufeat): enable FEAT_VHE for FEAT_STATE_CHECKED
refactor(mpam): enable FEAT_MPAM for FEAT_STATE_CHECKED
feat(l

Merge changes from topic "feat_state_part3" into integration

* changes:
refactor(cpufeat): enable FEAT_VHE for FEAT_STATE_CHECKED
refactor(mpam): enable FEAT_MPAM for FEAT_STATE_CHECKED
feat(libc): add support for fallthrough statement
refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED
refactor(cpufeat): rename ENABLE_SPE_FOR_LOWER_ELS to ENABLE_SPE_FOR_NS
fix(spe): drop SPE EL2 context switch code

show more ...

refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED

At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detecti

refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED

At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_SPE_FOR_NS=2), by splitting
is_armv8_2_feat_spe_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access SPE related registers.

Previously SPE was enabled unconditionally for all platforms, change
this now to the runtime detection version.

Change-Id: I830c094107ce6a398bf1f4aef7ffcb79d4f36552
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): rename ENABLE_SPE_FOR_LOWER_ELS to ENABLE_SPE_FOR_NS

At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL2.E2PB accordin

refactor(cpufeat): rename ENABLE_SPE_FOR_LOWER_ELS to ENABLE_SPE_FOR_NS

At the moment we hardcode the SPE functionality to be available on the
non-secure side only, by setting MDCR_EL2.E2PB accordingly.

This should be reflected in the feature selection symbol, so rename that
to ENABLE_SPE_FOR_NS, to make it clearer that SPE is not supported in
the secure world.

Change-Id: I3f9b48eab1a45d6ccfcbb9c90a11eeb66867ad9a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge "feat(tcr2): support FEAT_TCR2" into integration

feat(tcr2): support FEAT_TCR2

Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the n

feat(tcr2): support FEAT_TCR2

Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the new registers.

Change the FVP platform to default to handling this as a dynamic option so
the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I297452acd8646d58bac64fc15e05b06a543e5148

show more ...

Merge "refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3" into integration

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is runnin

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).

BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.

Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>

show more ...

Revert "feat(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"

Adopted RESET_TO_BL31_WITH_PARAMS functionality in RESET_TO_BL31
in the subsequent patches hence reverted this patch.
This reverts commit 2584

Revert "feat(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"

Adopted RESET_TO_BL31_WITH_PARAMS functionality in RESET_TO_BL31
in the subsequent patches hence reverted this patch.
This reverts commit 25844ff728e4a0e5430ba2032457aba7b780a701.

Change-Id: Ia0bfa22fc45754f15c82638662dde93f604992c3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "build: restrict usage of CTX_INCLUDE_EL2_REGS" into integration

build: restrict usage of CTX_INCLUDE_EL2_REGS

CTX_INCLUDE_EL2_REGS is used to save/restore EL2 registers and
it should be only used when there is SPMD or RME enabled.

Make CTX_INCLUDE_EL2_REGS an i

build: restrict usage of CTX_INCLUDE_EL2_REGS

CTX_INCLUDE_EL2_REGS is used to save/restore EL2 registers and
it should be only used when there is SPMD or RME enabled.

Make CTX_INCLUDE_EL2_REGS an internal macro and remove
from documentation.

Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Change-Id: I6a70edfd88163423ff0482de094601cf794246d6

show more ...

Merge "refactor(security): add OpenSSL 1.x compatibility" into integration

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fa

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.

This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).

In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c

show more ...