2018-09-07 |
SDEI: Mask events after CPU wakeup
...
The specification requires that, after wakeup from a CPU suspend, the
dispatcher must mask all events on the CPU. This patch adds the feature
to the SDEI dispatcher by subscribing to the PSCI suspend to power down
event, and masking all events on the PE.
Change-Id: I9fe1d1bc2a58379ba7bba953a8d8b275fc18902c
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 7 Sep 2018
|
2018-08-22 |
libc: Fix all includes in codebase
...
The codebase was using non-standard headers. It is needed to replace
them by the correct ones so that we can use the new libc headers.
Change-Id: I530f71d9510cb036e69fe79823c8230afe890b9d
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 22 Aug 2018
|
2018-08-20 |
SDEI: Fix locking issues
...
The event lock for a shared event was being unlocked twice, and the
locking sequence for event complete was misplaced. This patch fixes both
issues.
Change-Id: Ie2fb15c6ec240af132d7d438946ca160bd5c63dc
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 20 Aug 2018
|
SDEI: MISRA fixes
...
These changes address most of the required MISRA rules. In the process,
some from generic code is also fixed.
No functional changes.
Change-Id: I6235a355e006f0b1c7c1c4d811b3964a64d0434f
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 20 Aug 2018
|
2018-08-06 |
xlat v2: Cleanup get/change mem attr helpers
...
Changed the names for consistency with the rest of the library. Introduced
new helpers that manipulate the active translation tables context.
Change-Id: Icaca56b67fcf6a96e88aa3c7e47411162e8e6856
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 6 Aug 2018
|
2018-07-19 |
Merge pull request #1481 from antonio-nino-diaz-arm/an/xlat-refactor
...
xlat: More refactoring
danh-arm
authored
on 19 Jul 2018
GitHub
committed
on 19 Jul 2018
|
2018-07-15 |
SPM: Use generic MMU setup functions
...
Instead of having a different initialization routine than the rest of
the codebase, use the common implementation.
Change-Id: I27c03b9905f3cf0af8810aad9e43092005387a1a
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 15 Jul 2018
|
2018-07-13 |
Fix verbose messages in SDEI code
...
Fix mismatches between the format specifier and the corresponding
variable type.
Change-Id: Ib9004bd9baa9ba24a50000bea4f2418e1bf7e743
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 13 Jul 2018
|
2018-07-11 |
Add end_vector_entry assembler macro
...
Check_vector_size checks if the size of the vector fits
in the size reserved for it. This check creates problems in
the Clang assembler. A new macro, end_vector_entry, is added
and check_vector_size is deprecated.
This new macro fills the current exception vector until the next
exception vector. If the size of the current vector is bigger
than 32 instructions then it gives an error.
Change-Id: Ie8545cf1003a1e31656a1018dd6b4c28a4eaf671
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 11 Jul 2018
|
2018-06-22 |
Merge pull request #1406 from robertovargas-arm/uuid
...
Make TF UUID RFC 4122 compliant
Dimitris Papastamos
authored
on 22 Jun 2018
GitHub
committed
on 22 Jun 2018
|
SDEI: Fix name of internal function
...
The function end_sdei_explicit_dispatch() was intended to be
end_sdei_synchronous_dispatch() which does the opposite of
begin_sdei_synchronous_dispatch(). This patch fixes that.
No functional changes.
Change-Id: I141bd91eb342ecf4ddfd05b49513eee4549e7a56
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 22 Jun 2018
|
SDEI: Fix determining client EL
...
commit 2ccfcb2 ("SDEI: Determine client
EL from NS context's SCR_EL3") intended to read from SCR_EL3, but
wrongly read from SPSR_EL3 instead. This patch fixes that.
Change-Id: I8ffea39cc98ef59cb8e7a4c6ef4cb12011c58536
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 22 Jun 2018
|
SDEI: Fix dispatch bug
...
The Commit cdb6ac9 introduced a bug
because of which the SDEI dispatcher wrongly panic when an SDEI event
dispatched earlier as a result of interrupt. This patch fixes the check
for a bound interrupt.
Change-Id: If55c8f0422ff781731248bbbc9c1b59fa0d3c4b0
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 22 Jun 2018
|
Merge pull request #1437 from jeenu-arm/ras-remaining
...
SDEI dispatch changes to enable RAS use cases
Dimitris Papastamos
authored
on 22 Jun 2018
GitHub
committed
on 22 Jun 2018
|
2018-06-21 |
SDEI: Make dispatches synchronous
...
SDEI event dispatches currently only sets up the Non-secure context
before returning to the caller. The actual dispatch only happens upon
exiting EL3 next time.
However, for various error handling scenarios, it's beneficial to have
the dispatch happen synchronously. I.e. when receiving SDEI interrupt,
or for a successful sdei_dispatch_event() call, the event handler is
executed; and upon the event completion, dispatcher execution resumes
after the point of dispatch. The jump primitives introduced in the
earlier patch facilitates this feature.
With this patch:
- SDEI interrupts and calls to sdei_dispatch_event prepares the NS
context for event dispatch, then sets a jump point, and immediately
exits EL3. This results in the client handler executing in
Non-secure.
- When the SDEI client completes the dispatched event, the SDEI
dispatcher does a longjmp to the jump pointer created earlier. For
the caller of the sdei_dispatch_event() in particular, this would
appear as if call returned successfully.
The dynamic workaround for CVE_2018_3639 is slightly shifted around as
part of related minor refactoring. It doesn't affect the workaround
functionality.
Documentation updated.
NOTE: This breaks the semantics of the explicit dispatch API, and any
exiting usages should be carefully reviewed.
Change-Id: Ib9c876d27ea2af7fb22de49832e55a0da83da3f9
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 21 Jun 2018
|
SDEI: Determine client EL from NS context's SCR_EL3
...
Currently, the dispatcher reads from SCR_EL3 register directly to
determine the EL of SDEI client. This is with the assumption that
SCR_EL3 is not modified throughout. However, with RAS work flows, it's
possible that SCR_EL3 register contains values corresponding to Secure
world, and therefore EL determination can go wrong. To mitigate this,
always read the register from the saved Non-secure context.
Change-Id: Ic85e4021deb18eb58757f676f9a001174998543a
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 21 Jun 2018
|
SDEI: Allow platforms to define explicit events
...
The current macros only allow to define dynamic and statically-bound
SDEI events. However, there ought be a mechanism to define SDEI events
that are explicitly dispatched; i.e., events that are dispatched as a
result of a previous secure interrupt or other exception
This patch introduces SDEI_EXPLICIT_EVENT() macro to define an explicit
event. They must be placed under private mappings. Only the priority
flags are allowed to be additionally specified.
Documentation updated.
Change-Id: I2e12f5571381195d6234c9dfbd5904608ad41db3
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 21 Jun 2018
|
2018-06-20 |
SPM: Allow entering the SP without needing a SMC
...
It may be needed to enter the Secure Partition through other means than
an MM_COMMUNICATE SMC. This patch enables this behaviour by extracting
the necessary code from mm_communicate() and allowing other parts of the
code to use it.
Change-Id: I59f6638d22d9c9d0baff0984f39d056298a8dc8e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 20 Jun 2018
|
2018-06-15 |
SPM: Refactor entry and exit of the SP
...
Only use synchronous calls to enter the Secure Partition in order to
simplify the SMC handling code.
Change-Id: Ia501a045585ee0836b9151141ad3bd11d0971be2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 15 Jun 2018
|
2018-06-14 |
Make TF UUID RFC 4122 compliant
...
RFC4122 defines that fields are stored in network order (big endian),
but TF-A stores them in machine order (little endian by default in TF-A).
We cannot change the future UUIDs that are already generated, but we can store
all the bytes using arrays and modify fiptool to generate the UUIDs with
the correct byte order.
Change-Id: I97be2d3168d91f4dee7ccfafc533ea55ff33e46f
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 14 Jun 2018
|
2018-06-13 |
xlat v2: Introduce xlat granule size helpers
...
The function xlat_arch_is_granule_size_supported() can be used to check
if a specific granule size is supported. In Armv8, AArch32 only supports
4 KiB pages. AArch64 supports 4 KiB, 16 KiB or 64 KiB depending on the
implementation, which is detected at runtime.
The function xlat_arch_get_max_supported_granule_size() returns the max
granule size supported by the implementation.
Even though right now they are only used by SPM, they may be useful in
other places in the future. This patch moves the code currently in SPM
to the xlat tables lib so that it can be reused.
Change-Id: If54624a5ecf20b9b9b7f38861b56383a03bbc8a4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 13 Jun 2018
|
SPM: Initialize SP args as expected by cm library
...
In the context management library, cm_setup_context() takes the
information in ep_info to fill the registers x0-x7. This patch replaces
the current code that sets them manually by the correct initialization
code.
Change-Id: Id1fdf4681b154026c2e3af1f9b05b19582b7d16d
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 13 Jun 2018
|
2018-06-08 |
SDEI: Ensure SDEI handler executes with CVE-2018-3639 mitigation enabled
...
When dynamic mitigation is used, the SDEI handler is required to
execute with the mitigation enabled by default, regardless of the
mitigation state for lower ELs. This means that if the kernel or
hypervisor explicitly disables the mitigation and then later when the
event is dispatched, the dispatcher will remember the mitigation state
for the lower ELs but force the mitigation to be on during the SDEI
handler execution. When the SDEI handler returns, it will restore the
mitigation state.
This behaviour is described in "Firmware interfaces for mitigating
cache speculation vulnerabilities System Software on Arm Systems"[0].
[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
Change-Id: I8dd60b736be0aa9e832b0f92d67a401fdeb417f4
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos
committed
on 8 Jun 2018
|
2018-05-23 |
SPM: Extract code out of the SMC handler
...
Simplify the code of the SMC handler by extracting the code of
SP_EVENT_COMPLETE and MM_COMMUNICATE.
Change-Id: I9250a3f5e4b807b35c9d044592c1074a45ab9a07
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 23 May 2018
|
SPM: Replace SP init flag by generic state enum
...
Instead of just knowing if the Secure Partition is being initialized or
not, this generic state enum can be used to tell if the Secure Partition
is busy and to add more states in the future if needed.
Also, the spinlock of the secure_partition_context_t structure now only
protects against concurrent accesses to the state of the secure
partition. Previously, it used to lock down the whole structure, thus
preventing one CPU to access any of its fields while another CPU was
executing the partition.
Change-Id: I51215328e2ca8ea2452f92e4a1cb237415958b22
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 23 May 2018
|
SPM: Shorten names of types and functions
...
The current internal names are too long, which makes it hard to write
code as many lines overflow the limit and need to be split, which may
not help the reader.
Change-Id: I072bdc8f3dd125255063ffa7f02500e5228fc9a1
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 23 May 2018
|
SPM: Move xlat-related functions to separate file
...
This is done in order to make it easier to read the file spm_main.c.
Change-Id: I21e765154c1682a319a3bc47a19a42fd736e910e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 23 May 2018
|
SPM: Move all SP-related info to SP context struct
...
Move all information related to a Secure Partition to the struct
secure_partition_context_t.
This requires an in-depth refactor because most of the previous code of
SPM relied on global information.
Change-Id: I0a23e93817dcc191ce1d7506b8bc671d376123c4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 23 May 2018
|
2018-05-15 |
SPM: Do not trap S-EL0 access to SVE/SIMD/FP regs
...
This allows secure partitions to access these registers. This is
needed in some cases. For example, it has been reported that in order
to implement secure storage services, a secure partition needs to
encrypt/decrypt some authentication variables, which requires FP/SIMD
support.
Note that SPM will not do any saving/restoring of these registers on
behalf of the SP. This falls under the SP's responsibility.
Also note that if the SP gets preempted, it might not get a chance to
save/restore FP/SIMD registers first. This patch does not address this
problem. It only serves as a temporary solution to unblock development
on the secure partition side.
Change-Id: I3b8ccdebdac0219f6ac96ad66ab2be0be8374ad3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 15 May 2018
|
2018-04-17 |
Fix some MISRA defects in SPM code
...
Change-Id: I989c1f4aef8e3cb20d5d19e6347575e6449bb60b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 17 Apr 2018
|