feat(tcr2): support FEAT_TCR2

Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the n

feat(tcr2): support FEAT_TCR2

Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the new registers.

Change the FVP platform to default to handling this as a dynamic option so
the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I297452acd8646d58bac64fc15e05b06a543e5148

show more ...

chore(fvp): add the aarch32 cortex A57 to the build

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I80921b501ad9a97ddf23c371642a0a5e3f56cd99

Merge "refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3" into integration

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is runnin

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).

BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.

Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>

show more ...

Merge changes from topic "feat_state_part2" into integration

* changes:
refactor(trf): enable FEAT_TRF for FEAT_STATE_CHECKED
refactor(brbe): enable FEAT_BRBE for FEAT_STATE_CHECKED
refactor(t

Merge changes from topic "feat_state_part2" into integration

* changes:
refactor(trf): enable FEAT_TRF for FEAT_STATE_CHECKED
refactor(brbe): enable FEAT_BRBE for FEAT_STATE_CHECKED
refactor(trbe): enable FEAT_TRBE for FEAT_STATE_CHECKED
fix(cpufeat): context-switch: move FGT availability check to callers
feat(cpufeat): extend check_feature() to deal with min/max
refactor(cpufeat): wrap CPU ID register field isolation

show more ...

refactor(trf): enable FEAT_TRF for FEAT_STATE_CHECKED

At the moment we only support FEAT_TRF to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detecti

refactor(trf): enable FEAT_TRF for FEAT_STATE_CHECKED

At the moment we only support FEAT_TRF to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_TRF_FOR_NS=2), by splitting
is_feat_trf_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access TRF related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_trf_supported() function to guard its execution.

The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_TRF is an ARMv8.4 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.

Change-Id: Ia97b01adbe24970a4d837afd463dc5506b7295a3
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(brbe): enable FEAT_BRBE for FEAT_STATE_CHECKED

At the moment we only support FEAT_BRBE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime dete

refactor(brbe): enable FEAT_BRBE for FEAT_STATE_CHECKED

At the moment we only support FEAT_BRBE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_BRBE_FOR_NS=2), by splitting
is_feat_brbe_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access BRBE related registers.

The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_BRBE is an ARMv9 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.

Change-Id: I5f2e2c9648300f65f0fa9a5f8e2f34e73529d053
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(trbe): enable FEAT_TRBE for FEAT_STATE_CHECKED

At the moment we only support FEAT_TRBE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime dete

refactor(trbe): enable FEAT_TRBE for FEAT_STATE_CHECKED

At the moment we only support FEAT_TRBE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_TRBE_FOR_NS=2), by splitting
is_feat_trbe_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access TRBE related registers.

The FVP platform decided to compile in support unconditionally (=1),
even though FEAT_TRBE is an ARMv9 feature, so is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.

Change-Id: Iee7f88ea930119049543a8a4a105389997e7692c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge changes from topic "feat_state_rework" into integration

* changes:
feat(fvp): enable FEAT_HCX by default
refactor(context-mgmt): move FEAT_HCX save/restore into C
refactor(cpufeat): conv

Merge changes from topic "feat_state_rework" into integration

* changes:
feat(fvp): enable FEAT_HCX by default
refactor(context-mgmt): move FEAT_HCX save/restore into C
refactor(cpufeat): convert FEAT_HCX to new scheme
feat(fvp): enable FEAT_FGT by default
refactor(context-mgmt): move FEAT_FGT save/restore code into C
refactor(amu): convert FEAT_AMUv1 to new scheme
refactor(cpufeat): decouple FGT feature detection and build flags
refactor(cpufeat): check FEAT_FGT in a new way
refactor(cpufeat): move helpers into .c file, rename FEAT_STATE_
feat(aarch64): make ID system register reads non-volatile

show more ...

feat(fvp): enable FEAT_HCX by default

FEAT_HCX is one of the features for which Linux necessarily requires EL3
enablement, when the feature is present on a PE.

To cover the effect of different FVP

feat(fvp): enable FEAT_HCX by default

FEAT_HCX is one of the features for which Linux necessarily requires EL3
enablement, when the feature is present on a PE.

To cover the effect of different FVP command line parameters, include
the feature into the standard FVP build, but use FEAT_STATE_CHECK, to
always do runtime checks before accessing feature specific registers.

This prevents a Linux crash when the FVP is called with FEAT_HCX
enabled.

Change-Id: I01aaed15c5a6850176d092b2f0157744fe0a9e13
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

feat(fvp): enable FEAT_FGT by default

FEAT_FGT is one of the features for which Linux necessarily requires EL3
enablement, when the feature is present on a PE.

To cover the effect of different FVP

feat(fvp): enable FEAT_FGT by default

FEAT_FGT is one of the features for which Linux necessarily requires EL3
enablement, when the feature is present on a PE.

To cover the effect of different FVP command line parameters, include
the feature into the standard FVP build, but use FEAT_STATE_CHECK, to
always do runtime checks before accessing feature specific registers.

This prevents a Linux crash when the FVP is called with FEAT_FGT
enabled.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I55fbb2706aefbc3ab67c476e3f8b6ea74ae0d66c

show more ...

Merge changes from topic "fvp_trap_rng" into integration

* changes:
feat(fvp): emulate trapped RNDR
feat(el3-runtime): introduce system register trap handler

feat(fvp): emulate trapped RNDR

When a platform decides to use FEAT_RNG_TRAP, every RNDR or RNDRSS read
will trap into EL3. The platform can then emulate those instructions, by
either executing the

feat(fvp): emulate trapped RNDR

When a platform decides to use FEAT_RNG_TRAP, every RNDR or RNDRSS read
will trap into EL3. The platform can then emulate those instructions, by
either executing the real CPU instructions, potentially conditioning the
results, or use rate-limiting or filtering to protect the hardware
entropy pool. Another possiblitiy would be to use some platform specific
TRNG device to get entropy and returning this.

To demonstrate platform specific usage, add a demo implementation for the
FVP: It will execute the actual CPU instruction and just return the
result. This should serve as reference code to implement platform specific
policies.

We change the definition of read_rndr() and read_rndrrs() to use the
alternative sysreg encoding, so that all assemblers can handle that.

Add documentation about the new platform specific RNG handler function.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ibce817b3b06ad20129d15531b81402e3cc3e9a9e

show more ...

Merge "feat(fvp): build delegated attestation in BL31" into integration

feat(fvp): build delegated attestation in BL31

Right now, the delegated attestation module is not used in TF-A. This
means it's not even getting built and so the CI system cannot detect
build regres

feat(fvp): build delegated attestation in BL31

Right now, the delegated attestation module is not used in TF-A. This
means it's not even getting built and so the CI system cannot detect
build regressions.

Eventually, delegated attestation will be involved in a new runtime
service exposed by BL31 to lower exception levels. We are not there
yet but let's already include it into BL31 image, so we get build
coverage and static analysis on the code. Note that we make sure to
cover both PLAT_RSS_NOT_SUPPORTED=0 and PLAT_RSS_NOT_SUPPORTED=1
configurations.

Delegated attestation is currently made dependent on measured boot
support. This dependency is not at the source code level (attestation
code does not invoke any measured boot interfaces) but it is rather a
logical dependency: attestation without boot measurements is not very
useful...

For now, this is good enough for our purpose but the conditions under
which the attestation code is included might change in the future.

Change-Id: I616715c3dd0418a1bbf1019df3ff9acd8461e705
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Merge "feat(cpu): add library support for Hunter ELP" into integration

Merge changes from topic "delegated_attest" into integration

* changes:
fix(rss): remove dependency on attestation header
fix(rss): rename AP-RSS message size macro
feat(tc): add RSS-AP messag

Merge changes from topic "delegated_attest" into integration

* changes:
fix(rss): remove dependency on attestation header
fix(rss): rename AP-RSS message size macro
feat(tc): add RSS-AP message size macro
feat(tc): add MHU addresses for AP-RSS comms on TC2
feat(psa): add delegated attestation partition API
fix(rss): reduce input validation for measured boot

show more ...

feat(cpu): add library support for Hunter ELP

Add basic CPU library code to support the Hunter ELP CPU in TF-A.
Hunter-ELP adds v9.2 architecture support and is derived from
Makalu-ELP. As such, the

feat(cpu): add library support for Hunter ELP

Add basic CPU library code to support the Hunter ELP CPU in TF-A.
Hunter-ELP adds v9.2 architecture support and is derived from
Makalu-ELP. As such, the library code is adapted from the
Makalu-ELP support library.

Change-Id: I7e93b9af6b1f0bc4d08c3cf5caf071d2cbdbc89f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

fix(rss): rename AP-RSS message size macro

Adding PLAT_* prefix to indicate that the
platform needs to provide this definition.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I0bd02be405fd

fix(rss): rename AP-RSS message size macro

Adding PLAT_* prefix to indicate that the
platform needs to provide this definition.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I0bd02be405fd8b1e625bd2b82647ebb2b58265fc

show more ...

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache before DLME launch
feat(drtm): invalidate icache before DLME launch
feat(drtm): ensure that passed region lies within Non-Secure region of DRAM
feat(fvp): add plat API to validate that passed region is non-secure
feat(drtm): ensure that no SDEI event registered during dynamic launch
feat(drtm): prepare EL state during dynamic launch
feat(drtm): prepare DLME data for DLME launch
feat(drtm): take DRTM components measurements before DLME launch
feat(drtm): add a few DRTM DMA protection APIs
feat(drtm): add remediation driver support in DRTM
feat(fvp): add plat API to set and get the DRTM error
feat(drtm): add Event Log driver support for DRTM
feat(drtm): check drtm arguments during dynamic launch
feat(drtm): introduce drtm dynamic launch function
refactor(measured-boot): split out a few Event Log driver functions
feat(drtm): retrieve DRTM features
feat(drtm): add platform functions for DRTM
feat(sdei): add a function to return total number of events registered
feat(drtm): add PCR entries for DRTM
feat(drtm): update drtm setup function
refactor(crypto): change CRYPTO_SUPPORT flag to numeric
feat(mbedtls): update mbedTLS driver for DRTM support
feat(fvp): add crypto support in BL31
feat(crypto): update crypto module for DRTM support
build(changelog): add new scope for mbedTLS and Crypto module
feat(drtm): add standard DRTM service
build(changelog): add new scope for DRTM service
feat(fvp): increase MAX_XLAT_TABLES entries for DRTM support
feat(fvp): increase BL31's stack size for DRTM support
feat(fvp): add platform hooks for DRTM DMA protection

show more ...

feat(fvp): add plat API to set and get the DRTM error

Added a platform function to set and get DRTM error.
Also, added a platform function to reset the system.

Signed-off-by: Manish V Badarkhe <Man

feat(fvp): add plat API to set and get the DRTM error

Added a platform function to set and get DRTM error.
Also, added a platform function to reset the system.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I471f2387f8c78b21a06af063a6fa02cda3646557

show more ...

feat(drtm): add platform functions for DRTM

Added platform hooks to retrieve DRTM features and
address map.
Additionally, implemented these hooks for the FVP platform.

Signed-off-by: John Powell <j

feat(drtm): add platform functions for DRTM

Added platform hooks to retrieve DRTM features and
address map.
Additionally, implemented these hooks for the FVP platform.

Signed-off-by: John Powell <john.powell@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I5621cc9807ffff8139ae8876250147f7b2c76759

show more ...

feat(fvp): add crypto support in BL31

DRTM implementation needs crypto support in BL31 to calculate
hash of various DRTM components

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change

feat(fvp): add crypto support in BL31

DRTM implementation needs crypto support in BL31 to calculate
hash of various DRTM components

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I659ce8e54550946db253d23f150cca8b2fa7b880

show more ...

feat(fvp): add platform hooks for DRTM DMA protection

Added necessary platform hooks for DRTM DMA protection.
These calls will be used by the subsequent DRTM implementation
patches.
DRTM platform AP

feat(fvp): add platform hooks for DRTM DMA protection

Added necessary platform hooks for DRTM DMA protection.
These calls will be used by the subsequent DRTM implementation
patches.
DRTM platform API declarations have been listed down in a
separate header file.

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: Ib9726d1d3570800241bde702ee7006a64f1739ec

show more ...

Merge "feat(fvp): support building RSS comms driver" into integration