Workaround for CVE-2017-5715 for Cortex A9, A15 and A17

A per-cpu vbar is installed that implements the workaround by
invalidating the branch target buffer (BTB) directly in the case of A9
and A17 a

Workaround for CVE-2017-5715 for Cortex A9, A15 and A17

A per-cpu vbar is installed that implements the workaround by
invalidating the branch target buffer (BTB) directly in the case of A9
and A17 and indirectly by invalidating the icache in the case of A15.

For Cortex A57 and A72 there is currently no workaround implemented
when EL3 is in AArch32 mode so report it as missing.

For other vulnerable CPUs (e.g. Cortex A73 and Cortex A75), there are
no changes since there is currently no upstream AArch32 EL3 support
for these CPUs.

Change-Id: Ib42c6ef0b3c9ff2878a9e53839de497ff736258f
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

sp_min: Implement workaround for CVE-2017-5715

This patch introduces two workarounds for ARMv7 systems. The
workarounds need to be applied prior to any `branch` instruction in
secure world. This i

sp_min: Implement workaround for CVE-2017-5715

This patch introduces two workarounds for ARMv7 systems. The
workarounds need to be applied prior to any `branch` instruction in
secure world. This is achieved using a custom vector table where each
entry is an `add sp, sp, #1` instruction.

On entry to monitor mode, once the sequence of `ADD` instructions is
executed, the branch target buffer (BTB) is invalidated. The bottom
bits of `SP` are then used to decode the exception entry type.

A side effect of this change is that the exception vectors are
installed before the CPU specific reset function. This is now
consistent with how it is done on AArch64.

Note, on AArch32 systems, the exception vectors are typically tightly
integrated with the secure payload (e.g. the Trusted OS). This
workaround will need porting to each secure payload that requires it.

The patch to modify the AArch32 per-cpu vbar to the corresponding
workaround vector table according to the CPU type will be done in a
later patch.

Change-Id: I5786872497d359e496ebe0757e8017fa98f753fa
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Print erratum application report for CVE-2017-5715

Even though the workaround for CVE-2017-5715 is not a CPU erratum, the
code is piggybacking on the errata framework to print whether the
workaround

Print erratum application report for CVE-2017-5715

Even though the workaround for CVE-2017-5715 is not a CPU erratum, the
code is piggybacking on the errata framework to print whether the
workaround was applied, missing or not needed.

Change-Id: I821197a4b8560c73fd894cd7cd9ecf9503c72fa3
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Change the default errata format string

As we are using the errata framework to handle workarounds in a more
general sense, change the default string to reflect that.

Change-Id: I2e266af2392c9d95e1

Change the default errata format string

As we are using the errata framework to handle workarounds in a more
general sense, change the default string to reflect that.

Change-Id: I2e266af2392c9d95e18fe4e965f9a1d46fd0e95e
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

bl2-el3: Mark all the assembly functions in bl2 at el3

When BL2_AT_EL3 option is enabled some platforms are going to
need a resident part in BL2 because the boot rom may jump to it
after a reset. Th

bl2-el3: Mark all the assembly functions in bl2 at el3

When BL2_AT_EL3 option is enabled some platforms are going to
need a resident part in BL2 because the boot rom may jump to it
after a reset. This patch introduces __TEXT_RESIDENT_START__ and
__TEXT_RESIDENT_END__ linker symbols that mark the resident region.

Change-Id: Ib20c1b8ee257831bcc0ca7d3df98d0cb617a04f8
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

show more ...

Mark functions defined in assembly files

This patch change the name of the section containing the functions
defined in assembly files from text.* to text.asm.*. This change
makes possible to select

Mark functions defined in assembly files

This patch change the name of the section containing the functions
defined in assembly files from text.* to text.asm.*. This change
makes possible to select in the linker script the functions
defined in those files.

Change-Id: If35e44ef1b43ffd951dfac5e052db75d7198e2e0
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

show more ...

bl2-el3: Add BL2 at EL3 support in FVP

This patch add supports for the new API added for BL2 at EL3 for
FVP. We don't have a non-TF Boot ROM for FVP, but this option can be
tested setting specific p

bl2-el3: Add BL2 at EL3 support in FVP

This patch add supports for the new API added for BL2 at EL3 for
FVP. We don't have a non-TF Boot ROM for FVP, but this option can be
tested setting specific parameters in the model.

The bl2 image is loaded directly in memory instead of being loaded
by a non-TF Boot ROM and the reset address is changed:

--data cluster0.cpu0=bl2.bin@0x4001000
-C cluster0.cpu0.RVBAR=0x4001000

These parameters mean that in the cold boot path the processor will
jump to BL2 again. For this reason, BL2 is loaded in dram in this
case, to avoid other images reclaiming BL2 memory.

Change-Id: Ieb2ff8535a9e67ccebcd8c2212cad366e7776422
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

show more ...

bl2-el3: Add BL2_EL3 image

This patch enables BL2 to execute at the highest exception level
without any dependancy on TF BL1. This enables platforms which already
have a non-TF Boot ROM to directly

bl2-el3: Add BL2_EL3 image

This patch enables BL2 to execute at the highest exception level
without any dependancy on TF BL1. This enables platforms which already
have a non-TF Boot ROM to directly load and execute BL2 and subsequent BL
stages without need for BL1. This is not currently possible because
BL2 executes at S-EL1 and cannot jump straight to EL3.

Change-Id: Ief1efca4598560b1b8c8e61fbe26d1f44e929d69
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

show more ...

Merge pull request #1226 from masahir0y/utils

utils: rename struct mem_region_t to struct mem_region

Merge pull request #1211 from Leo-Yan/remove_ca73_cpu_nap_state

Hikey960: Remove ca73 cpu nap state

emmc: add macros CMD21, BUS_WIDTH_DDR_4 and BUS_WIDTH_DDR_8

Add some macros according to JEDEC Standard Embedded Multi-Media
Card (eMMC) Electrical Standard (5.1)": Table 145 - Bus Mode
Selection.

emmc: add macros CMD21, BUS_WIDTH_DDR_4 and BUS_WIDTH_DDR_8

Add some macros according to JEDEC Standard Embedded Multi-Media
Card (eMMC) Electrical Standard (5.1)": Table 145 - Bus Mode
Selection.

Change-Id: Iaa45e0582653ef4290efd60d039f0bdc420eeb47
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>

show more ...

utils: rename struct mem_region_t to struct mem_region

typedef mem_region_t mem_region_t;

... seems to work because they belong to different name-spaces,
but humans are confused even if compilers a

utils: rename struct mem_region_t to struct mem_region

typedef mem_region_t mem_region_t;

... seems to work because they belong to different name-spaces,
but humans are confused even if compilers are not.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Hikey960: Change CPU standby state for WFI

At early time, the CPU CA73 retention state has been supported on
Hikey960. Later we found the system has the hang issue and for
resolving this issue Hisi

Hikey960: Change CPU standby state for WFI

At early time, the CPU CA73 retention state has been supported on
Hikey960. Later we found the system has the hang issue and for
resolving this issue Hisilicon released new MCU firmware, but
unfortunately the new MCU firmware has side effect and results in the
CA73 CPU cannot really enter retention state and roll back to WFI state.

After discussion we cannot see the possibility to enable CA73 retention
state anymore on Hikey960, based on this conclusion we should remove
this state supporting from ARM-TF and roll back to WFI state only. We
will commit one patch to remove CA73 CPU retention state in kernel DT
binding as well.

Cc: Daniel Lezcano <daniel.lezcano@linaro.org>
Cc: Haojian Zhuang <haojian.zhuang@linaro.org>
Cc: Kevin Wang <jean.wangtao@linaro.org>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Leo Yan <leo.yan@linaro.org>

show more ...

Revert "Hikey960: Change to use recommended power state id format"

This reverts commit fdae60b6ba27c216fd86d13b7432a1ff4f57dd84.

The commit fdae60b6ba27c216fd86d13b7432a1ff4f57dd84 changed the
para

Revert "Hikey960: Change to use recommended power state id format"

This reverts commit fdae60b6ba27c216fd86d13b7432a1ff4f57dd84.

The commit fdae60b6ba27c216fd86d13b7432a1ff4f57dd84 changed the
parameter encoding for the hikey960. However that implies a DT change
in the kernel side. After submitting the DT change for upstreaming,
the backward compatibility issue and the interface change raise some
concerns from the Linux community about the issues related to kernel <->
ATF alignment. There is no way to detect a mis-alignment of those
without a deep knowledge of the ATF and the kernel. Furthermore, the
failing calls to PSCI in the idle path (because of bad parameters), will
lead to busy looping, implying: thermal issues and extra energy
consumption.

In regard of the Linux community concerns, the potential issues when the
ATF and the kernel are not aligned, it is preferable to revert the
commit.

Cc: Vincent Guittot <vincent.guittot@linaro.org>
Cc: Haojian Zhuang <haojian.zhuang@linaro.org>
Cc: Kevin Wang <jean.wangtao@linaro.org>
Co-authored-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Leo Yan <leo.yan@linaro.org>

show more ...

Merge pull request #1221 from hzhuang1/fix_HLE

emmc/dw_mmc: fix the assert on HLE bit

Merge pull request #1219 from antonio-nino-diaz-arm/an/mm-version

SPM: Fix version header definitions

Merge pull request #1218 from antonio-nino-diaz-arm/an/xlat-fix

xlat v2: Correctly unmap regions on map error

Merge pull request #1216 from hzhuang1/fix_psci

Hikey960: Fix hikey960 pcie mount fail

Merge pull request #1215 from vwadekar/tlkd-ns-dram-ranges

spd: tlkd: support for "NS memory ranges" function ID

Merge pull request #1217 from robertovargas-arm/doc-plat_try_next_boot_source

Add documentation about plat_try_next_boot_source to bl1_platform_setup

Merge pull request #1213 from masahir0y/uniphier

uniphier: clean-up platform makefile

Merge pull request #1225 from dp-arm/dp/amu-remove-warn

AMU: Remove unnecessary WARN()

AMU: Remove unnecessary WARN()

If AMU is not supported by the hardware but it is enabled in Trusted
Firmware, the console will be spammed with warnings every time a CPU
is brought up with a CPU ON c

AMU: Remove unnecessary WARN()

If AMU is not supported by the hardware but it is enabled in Trusted
Firmware, the console will be spammed with warnings every time a CPU
is brought up with a CPU ON call.

Remove the warning message as this is more in line with how other
extensions like SPE and SVE are handled.

Change-Id: Iba6d367e4d1375ab554d23d2eaceab3ae1362c5a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Merge pull request #1197 from dp-arm/dp/amu

AMUv1 support

Merge pull request #1214 from dp-arm/dp/cve_2017_5715

Workarounds for CVE-2017-5715 on Cortex A57/A72/A73 and A75