The link to the Developer Certificate of Origin was mistakenly removed
in a patch some time ago. This change re-adds it.
Change-Id: Ia8aed055cb449cdf4c1aaeac9b81ca15099e73f5
Signed-off-by: Chris Kay <chris.kay@arm.com>
panic() and do_panic() are widely used helper functions called when
encountering a critical failure that cannot be recovered from.
Document them in porting guide. Also, remove panic() documentation
from PSCI guide(where it is unused anyways).
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib0965cce56c03d0de5ac0d05d5714a6942793ede
This patch adds the following changes to complete the existing
TRNG implementation:
1. Adds a feature specific scope for buildlog generation.
2. Updates the docs on the build flag "TRNG_SUPPORT" and its values.
3. Makefile update and improves the existing comments at few sections
for better understanding of the underlying logic.
Change-Id: I3f72f0ccd5c94005a2df87158cf23199d2160d37
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
- Remove mentions of Arm SGM-775 and MediaTek MT6795 platforms.
Both platform ports were deleted from TF-A source tree in the
last release (v2.7).
- Remove mention of Arm Morello platform, as it now has a dedicated
documentation page accessible from the table of contents
(see docs/plat/arm/morello/).
Change-Id: Ie3acdddab81f5589bb36114a8a766200f5b08ad4
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To make the current design of RAS explicit, rename this macro
to HANDLE_EA_EL3_FIRST_NS and set EA bit in scr_el3 only when
switching to NS world.
Note: I am unaware of any platform which traps errors originating in
Secure world to EL3, if there is any such platform then it need to
be explicitly implemented in TF-A
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If58eb201d8fa792c16325c85c26056e9b409b750
get_el_str() was implemented under ENABLE_BACKTRACE macro but being
used at generic places too, this causes multiple definition of this
function.
Remove duplicate definition of this function and move it out of
backtrace scope. Also, this patch fixes a small bug where in default
case S-EL1 is returned which ideally should be EL1, as there is no
notion of security state in EL string.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib186ea03b776e2478eff556065449ebd478c3538
SMCCCv1.3 introduces the SVE hint bit added to the SMC FID (bit 16)
denoting that the world issuing an SMC doesn't expect the callee to
preserve the SVE state (FFR, predicates, Zn vector bits greater than
127). Update the generic SMC handler to copy the SVE hint bit state
to SMC flags and mask out the bit by default for the services called
by the standard dispatcher. It is permitted by the SMCCC standard to
ignore the bit as long as the SVE state is preserved. In any case a
callee must preserve the NEON state (FPCR/FPSR, Vn 128b vectors)
whichever the SVE hint bit state.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2b163ed83dc311b8f81f96b23c942829ae9fa1b5
Add Muhammad Arsath K F in qti maintainer
Signed-off-by: Muhammad Arsath K F <quic_mkf@quicinc.com>
Change-Id: I71e6cc72b3c658730abe5255977f3b93dd7e4563
Add missing scopes from commits for the upcoming release.
Change-Id: I22e38fb0658e42b45591c82aa30e063f7a7edc86
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Following hardening done around ESR_EL3 register usage
- Panic if exception is anyting other than SError
- AET bit is only valid if DFSC is 0x11, move DFSC check before AET.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib15159920f6cad964332fd40f88943aee2bc73b4
Ensure that the provided descriptor size used when reserving space
for a memory descriptor does not overflow to prevent scope for
memory corruption. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: If06985c4de9a88ff82ce60d10e346da948ed383f
Ensure that the fragment_length parameter is validated to prevent
a buffer overflow before it is used. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0323c096ffd988fbd85bbd4ade3abd8427aea977
The current logic does not cover all scenarios of overlapping
memory regions. Update the implementation to verify non-overlapping
regions instead. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I16c53d081e4455bc0e28399d28a1b27b1a9eb49c
Ensure that the full memory transaction descriptor has been transmitted
before a request to reclaim the memory transaction is permitted.
This prevents any potential accesses to the incomplete descriptor.
Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I33e993c6b754632051e899ab20edd19b18b6cf65
If ARM_ARCH_MAJOR is 9 and ARM_ARCH_MINOR is 0 we don't want need to
have "-march=armv8-a+crc" in BL2_CPPFLAGS.
Change-Id: I9ac11522fde00953da40b95eebf82ff8ab2559ba
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
This change updates the version of the Node Version Manager suggested by
the prerequisites documentation. The NVM installation command line hint
has been replaced with the snippet provided by NVM's user guide, and the
second line now automatically installs a version of Node.js compatible
with TF-A's repository scripts.
Change-Id: I6ef5e504118238716ceb45a52083450c424c5d20
Signed-off-by: Chris Kay <chris.kay@arm.com>
* changes:
feat(hikey960): read serial number from UFS
feat(hikey960): add a FF-A logical partition
feat(hikey960): add memory sharing hooks for SPMC_AT_EL3
feat(hikey960): add plat-defines for SPMC_AT_EL3
feat(hikey960): define a datastore for SPMC_AT_EL3
feat(hikey960): add SP manifest for SPMC_AT_EL3
feat(hikey960): increase secure workspace to 64MB
feat(hikey960): upgrade to xlat_tables_v2
Cortex-A76 erratum 2743102 is a Cat B erratum that applies to
all revisions <=r4p1 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN885749/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ie2cd73bd91417d30b5633d80b2fbee32944bc2de
Neoverse N1 erratum 2743102 is a Cat B erratum that applies to
all revisions <=r4p1 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN885747/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I81a8793c1a118764df3ac97b67f5e088f56f6a20
SMCCC_GET_SOC_VERSION SMC will return soc id to distinguish
different varaints in sc7180 and sc7280
Signed-off-by: Bharath N <quic_bharn@quicinc.com>
Change-Id: I72ea4bdb8193c816ba249c1e0755784c9b9bb7da
Added DRTM parameters structure version check that as per
the current released DRTM specification [1].
Mainly to cater below mentioned in the specification [1]
section 3.12 -
For a given DRTM major version number this structure will
always be extended in a backwards compatible manner.
[1]: https://developer.arm.com/documentation/den0113/a
Change-Id: I9f312c7f9f20152c5d7e40a22b462c7fe8db70bc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added action in response to Non-secure interrupt attribute to the
partition manifest.
Change-Id: I1d4f85e58b2f1fea7230dffc6a4361f7fd65be15
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Serial number is written into UFS by fastboot
Pass BL2 params to BL31 (serial number)
Change-Id: I9a490db07ca10088da69191a2f2c1621d44a278c
Signed-off-by: vallau01 <valentin.laurent@trustonic.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
Required to compile with SPMC_AT_EL3=1
Copied from FVP, sample code for platforms
Change-Id: I7d8a4d8846a328b05cf45a5044802ea3e2f7fb67
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
These allows a platform to do any System-MMU/IOMMU configuration
in line with FF-A memory sharing.
Change-Id: Id517759198421a32c5d16bf5bb99590275e77736
Signed-off-by: vallau01 <valentin.laurent@trustonic.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
To use SPMC_AT_EL3, a platform must define a few configuration
options. Copied them from fvp platform to hikey960.
Change-Id: Ifd60d69bf79f2f340fe93fe030ab8c538b3a56e4
Signed-off-by: vallau01 <valentin.laurent@trustonic.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
The purpose of this patch is to show silicon partners how to upgrade
existing TF-A port to include a manifest that is required with FF-A.
The manifest values are consumed by TF-A SPMC_AT_EL3 and by the TEE.
Change-Id: Ied81187d6b1cfb72ad2e9020dfc19ad73d80186f
Signed-off-by: Cedric Chan <cedric.chan@trustonic.com>
Signed-off-by: vallau01 <valentin.laurent@trustonic.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
Error check must be done on the previously allocated pointer, not a
random one from the code.
Change-Id: I1c8253eacbe778cc4a9a8d71081fc615fa7e5293
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
Do not forget to pass via err_unlock_mailbox: label.
Change-Id: Icfb997b1c7cce196003af2c28bffc50dc73e30b4
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
This patch fixes an issue in spmc_ffa_fill_desc.
In order to compute the spmc_shm_get_v1_1_descriptor_size,
fragment_length which is a fraction of the descriptor size is used as
desc_size parameter. It has to be replaced with the
full V1.0 descriptor size(obj->desc_filled).
Ran a subset of our tests and they are passing.
Change-Id: Ia4bbc5dabf0b77fa53d923ff609ee48ecd5bf549
Signed-off-by: vallau01 <valentin.laurent@trustonic.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
