feat(cpus): add sysreg_bit_toggle

Introduce a new helper to toggle bits in assembly. This allows us to
call the workaround twice, with the first call setting the workaround
and second undoing it. Th

feat(cpus): add sysreg_bit_toggle

Introduce a new helper to toggle bits in assembly. This allows us to
call the workaround twice, with the first call setting the workaround
and second undoing it. This allows the (errata) workaround functions to
be used to both apply and undo the mitigation.

This is applied to functions where the undo part will be required in
follow-up patches.

Change-Id: I058bad58f5949b2d5fe058101410e33b6be1b8ba
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "feat(tc): enable stack protector" into integration

feat(mt8196): enable appropriate errata

Booting mt8196 and grepping the logs for "errat" showed:

WARNING: BL31: cortex_a720: CPU workaround for erratum 2792132 was missing!
WARNING: BL31: corte

feat(mt8196): enable appropriate errata

Booting mt8196 and grepping the logs for "errat" showed:

WARNING: BL31: cortex_a720: CPU workaround for erratum 2792132 was missing!
WARNING: BL31: cortex_a720: CPU workaround for erratum 2844092 was missing!
WARNING: BL31: cortex_a720: CPU workaround for erratum 2926083 was missing!
WARNING: BL31: cortex_a720: CPU workaround for erratum 2940794 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 2726228 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 2740089 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 2763018 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 2816013 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 2897503 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 2923985 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 3076789 was missing!

Set defines so that all the errata are fixed. Now the above shows:

INFO: BL31: cortex_a720: CPU workaround for erratum 2792132 was applied
INFO: BL31: cortex_a720: CPU workaround for erratum 2844092 was applied
INFO: BL31: cortex_a720: CPU workaround for erratum 2926083 was applied
INFO: BL31: cortex_a720: CPU workaround for erratum 2940794 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 2726228 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 2740089 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 2763018 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 2816013 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 2897503 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 2923985 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 3076789 was applied

Change-Id: I209784c2574b99c3c275ac60adf73896e0cdd078
Signed-off-by: Douglas Anderson <dianders@chromium.org>

show more ...

Merge changes I58637b8d,I4bb1a50a,Iadac6549,I758e933f into integration

* changes:
feat(mt8196): turn on APU smpu protection
feat(mt8196): enable APU spmi operation
feat(mt8196): add Mediatek M

Merge changes I58637b8d,I4bb1a50a,Iadac6549,I758e933f into integration

* changes:
feat(mt8196): turn on APU smpu protection
feat(mt8196): enable APU spmi operation
feat(mt8196): add Mediatek MMinfra stub implementation
feat(mt8196): enable cirq for MediaTek MT8196

show more ...

Merge changes from topic "ar/smccc_arch_wa_4" into integration

* changes:
fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus
fix(security): add support in cpu_ops for CVE-2024-7881

Merge changes from topic "ar/smccc_arch_wa_4" into integration

* changes:
fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus
fix(security): add support in cpu_ops for CVE-2024-7881
fix(security): add CVE-2024-7881 mitigation to Cortex-X3
fix(security): add CVE-2024-7881 mitigation to Neoverse-V3
fix(security): add CVE-2024-7881 mitigation to Neoverse-V2
fix(security): add CVE-2024-7881 mitigation to Cortex-X925
fix(security): add CVE-2024-7881 mitigation to Cortex-X4
fix(security): enable WORKAROUND_CVE_2024_7881 build option

show more ...

feat(tc): enable stack protector

Enable the compiler's stack protector for detecting stack overflow
issues.

Though TC platform can generate RNG from RSE via MHU channel, the
stack protector canary

feat(tc): enable stack protector

Enable the compiler's stack protector for detecting stack overflow
issues.

Though TC platform can generate RNG from RSE via MHU channel, the
stack protector canary is used prior to MHU channel initialization.

Thus, currently here simply returns a value of the combination of a
timer's value and a compile-time constant.

Signed-off-by: Leo Yan <leo.yan@arm.com>
Signed-off-by: Icen Zeyada <Icen.Zeyada2@arm.com>
Change-Id: I68fcc7782637b2b6b4dbbc81bc15df8c5ce0040b

show more ...

Merge "chore(deps): add LTS Dependabot configuration" into integration

Merge "fix(intel): update debug messages to appropriate class" into integration

Merge "fix(intel): update warm reset routine and bootscratch register usage" into integration

Merge changes from topic "Id18b0341353ffc00e44e2d3c643ccdd05cc20c4f" into integration

* changes:
fix(rk3399): fix unquoted .incbin for clang
fix(rk3399): mark INCBIN-generated sections as SHF_AL

Merge changes from topic "Id18b0341353ffc00e44e2d3c643ccdd05cc20c4f" into integration

* changes:
fix(rk3399): fix unquoted .incbin for clang
fix(rk3399): mark INCBIN-generated sections as SHF_ALLOC

show more ...

Merge "fix(rdv3): add console name to checksum calculation on RD-V3" into integration

feat(qemu): add hob support for qemu platforms

This change introduces the hob support for both qemu platforms (virt and
sbsa).

As the hob list feature relies on transfer list, the transfer list
sup

feat(qemu): add hob support for qemu platforms

This change introduces the hob support for both qemu platforms (virt and
sbsa).

As the hob list feature relies on transfer list, the transfer list
support is promoted to common qemu build configuration. The platforms
specific definitions are updated accordingly.

Change-Id: I473d83388fe95408d34515bf7bcbdd64ce4e777d
Signed-off-by: Kun Qin <kuqin@microsoft.com>

show more ...

fix(simd): fix base register in fpregs_context_*

The fpregs_state_* macros require the base register
to point to the start of the simd_regs_t structure.
The fpregs_context_* functions were passing t

fix(simd): fix base register in fpregs_context_*

The fpregs_state_* macros require the base register
to point to the start of the simd_regs_t structure.
The fpregs_context_* functions were passing the
address incorrectly shifted by 512 bytes.

Signed-off-by: Andrei Homescu <ahomescu@google.com>
Change-Id: I757a26f8910c2ab648116e001e06baa3deb2eec4

show more ...

fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus

This patch implements SMCCC_ARCH_WORKAROUND_4 and
allows discovery through SMCCC_ARCH_FEATURES.
This mechanism is enabled if CVE_2024_78

fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus

This patch implements SMCCC_ARCH_WORKAROUND_4 and
allows discovery through SMCCC_ARCH_FEATURES.
This mechanism is enabled if CVE_2024_7881 [1] is enabled
by the platform. If CVE_2024_7881 mitigation
is implemented, the discovery call returns 0,
if not -1 (SMC_ARCH_CALL_NOT_SUPPORTED).

For more information about SMCCC_ARCH_WORKAROUND_4 [2], please
refer to the SMCCC Specification reference provided below.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
[2]: https://developer.arm.com/documentation/den0028/latest

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I1b1ffaa1f806f07472fd79d5525f81764d99bc79

show more ...

fix(security): add support in cpu_ops for CVE-2024-7881

This patch adds new cpu ops function extra4 and a new macro
for CVE-2024-7881 [1]. This new macro declare_cpu_ops_wa_4 allows
support for new

fix(security): add support in cpu_ops for CVE-2024-7881

This patch adds new cpu ops function extra4 and a new macro
for CVE-2024-7881 [1]. This new macro declare_cpu_ops_wa_4 allows
support for new CVE check function.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I417389f040c6ead7f96f9b720d29061833f43d37

show more ...

fix(security): add CVE-2024-7881 mitigation to Cortex-X3

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Cortex-X3 CPU.

[1]: https://developer.arm.com/Arm%20Security%20

fix(security): add CVE-2024-7881 mitigation to Cortex-X3

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Cortex-X3 CPU.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I410517d175a80fc6f459fa6ce5c30c0a38db9eaf

show more ...

fix(security): add CVE-2024-7881 mitigation to Neoverse-V3

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Neoverse-V3 CPU.

[1]: https://developer.arm.com/Arm%20Securit

fix(security): add CVE-2024-7881 mitigation to Neoverse-V3

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Neoverse-V3 CPU.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ib5c644895b8c76d3c7e8b5e6e98d7b9afef7f1ec

show more ...

fix(security): add CVE-2024-7881 mitigation to Neoverse-V2

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Neoverse-V2 CPU.

[1]: https://developer.arm.com/Arm%20Securit

fix(security): add CVE-2024-7881 mitigation to Neoverse-V2

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Neoverse-V2 CPU.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I129814eb3494b287fd76a3f7dbc50f76553b2565

show more ...

fix(security): add CVE-2024-7881 mitigation to Cortex-X925

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Cortex-X925 CPU.

[1]: https://developer.arm.com/Arm%20Securit

fix(security): add CVE-2024-7881 mitigation to Cortex-X925

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Cortex-X925 CPU.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I53e72e4dbc8937cea3c344a5ba04664c50a0792a

show more ...

fix(security): add CVE-2024-7881 mitigation to Cortex-X4

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Cortex-X4 CPU.

[1]: https://developer.arm.com/Arm%20Security%20

fix(security): add CVE-2024-7881 mitigation to Cortex-X4

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Cortex-X4 CPU.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I0bec96d4f71a08a89c6612e272ecfb173f80da20

show more ...

fix(security): enable WORKAROUND_CVE_2024_7881 build option

This patch enables build option needed to include
support for CVE_2024_7881 [1] migitation.

[1]: https://developer.arm.com/Arm%20Security

fix(security): enable WORKAROUND_CVE_2024_7881 build option

This patch enables build option needed to include
support for CVE_2024_7881 [1] migitation.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Id77f82a4dfaa4422729f7e3f2429f47cc90d9782

show more ...

Merge "docs(changelog): remove FEAT_XXXX scopes" into integration

fix(zynqmp): fix length of clock name

The CLK_NAME_LEN variable is set to 15 but with more
hardening we get the following error for the
pss_alt_ref_clk name so bump the length slightly
to take all t

fix(zynqmp): fix length of clock name

The CLK_NAME_LEN variable is set to 15 but with more
hardening we get the following error for the
pss_alt_ref_clk name so bump the length slightly
to take all the requirements into account.

plat/xilinx/zynqmp/pm_service/pm_api_clock.c:2248:25: error: initializer-string for array of ‘char’ is too long [-Werror=unterminated-string-initialization]
2248 | .name = "pss_alt_ref_clk",
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

Fixes: caae497df ("zynqmp: pm: Add clock control EEMI API and ioctl functions")
Change-Id: I399271dd257c6e40a2d319c47f2588a958a5491b
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>

show more ...

docs(changelog): remove FEAT_XXXX scopes

We have one entry per CPU features but most of the time we just add
CPU feature and its not touched again, so considering to generalize
anything with FEAT_XX

docs(changelog): remove FEAT_XXXX scopes

We have one entry per CPU features but most of the time we just add
CPU feature and its not touched again, so considering to generalize
anything with FEAT_XXXX additions to use `cpufeat` as subsection scope.

Also, some time we don't add a scope for CPU feature this causes problem
while generating release notes as CPU feature additions ends up in wrong
section.

Change-Id: Ibc80f6cdab9ae10ec3af1485640f46771b382da0
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge "fix(versal-net): remove_redundant_lock_defs" into integration