Broadcom-s Trusted Firmware A https://git.openwrt.org/project/bcm63xx/atf/atom?h=master 2019-09-13T13:11:59Z 2019-09-13T13:11:59Z Alexei Fedorov 2019-09-13T13:11:59Z urn:sha1:ed108b56051de5da8024568a06781ce287e86c78 This patch provides the following features and makes modifications listed below: - Individual APIAKey key generation for each CPU. - New key generation on every BL31 warm boot and TSP CPU On event. - Per-CPU storage of APIAKey added in percpu_data[] of cpu_data structure. - `plat_init_apiakey()` function replaced with `plat_init_apkey()` which returns 128-bit value and uses Generic timer physical counter value to increase the randomness of the generated key. The new function can be used for generation of all ARMv8.3-PAuth keys - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`. - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively; pauth_disable_el1()` and `pauth_disable_el3()` functions disable PAuth for EL1 and EL3 respectively; `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from cpu-data structure. - Combined `save_gp_pauth_registers()` function replaces calls to `save_gp_registers()` and `pauth_context_save()`; `restore_gp_pauth_registers()` replaces `pauth_context_restore()` and `restore_gp_registers()` calls. - `restore_gp_registers_eret()` function removed with corresponding code placed in `el3_exit()`. - Fixed the issue when `pauth_t pauth_ctx` structure allocated space for 12 uint64_t PAuth registers instead of 10 by removal of macro CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h` and assigning its value to CTX_PAUTH_REGS_END. - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions in `msr spsel` instruction instead of hard-coded values. - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI. Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com> 2019-08-01T20:45:03Z Julius Werner 2019-07-09T21:02:43Z urn:sha1:402b3cf8766fe2cb4ae462f7ee7761d08a1ba56c NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__. All common C compilers pre-define the same macros to signal which architecture the code is being compiled for: __arm__ for AArch32 (or earlier versions) and __aarch64__ for AArch64. There's no need for TF-A to define its own custom macros for this. In order to unify code with the export headers (which use __aarch64__ to avoid another dependency), let's deprecate the AARCH32 and AARCH64 macros and switch the code base over to the pre-defined standard macro. (Since it is somewhat unintuitive that __arm__ only means AArch32, let's standardize on only using __aarch64__.) Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200 Signed-off-by: Julius Werner <jwerner@chromium.org> 2019-06-14T11:56:52Z Masahiro Yamada 2019-06-14T08:49:17Z urn:sha1:2f6f00dc89a31d9a9fa4a8917c9c5101ba9a8278 This linker script is so unreadable due to sprinkled #ifdef. Direct read-only data to 'ROM' and read-write data to 'RAM'. Both go to the same memory device when BL2_IN_XIP_MEM is disabled. Change-Id: Ieeac3f1a4e05e9e8599de2ec84260819c70f361e Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 2019-05-24T13:44:45Z Alexei Fedorov 2019-05-24T11:17:09Z urn:sha1:9fc59639e649f614318f78ae2ca103fe102405ec This patch adds the functionality needed for platforms to provide Branch Target Identification (BTI) extension, introduced to AArch64 in Armv8.5-A by adding BTI instruction used to mark valid targets for indirect branches. The patch sets new GP bit [50] to the stage 1 Translation Table Block and Page entries to denote guarded EL3 code pages which will cause processor to trap instructions in protected pages trying to perform an indirect branch to any instruction other than BTI. BTI feature is selected by BRANCH_PROTECTION option which supersedes the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication and is disabled by default. Enabling BTI requires compiler support and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0. The assembly macros and helpers are modified to accommodate the BTI instruction. This is an experimental feature. Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3 is now made as an internal flag and BRANCH_PROTECTION flag should be used instead to enable Pointer Authentication. Note. USE_LIBROM=1 option is currently not supported. Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com> 2019-03-13T15:32:00Z Soby Mathew 2019-03-13T15:32:00Z urn:sha1:c0ce16fba3365315fe2742f8fa96c0c259b42341 Apply stricter speculative load restriction 2019-03-13T10:08:21Z Bryan O'Donoghue 2019-03-11T15:36:07Z urn:sha1:eb20f04ef362d13fe6c230f308783bb1a9fa7b77 Prior to entry into BL32 we set the SPSR by way of msr spsr, r1. This unfortunately only writes the bits f->[31:24] and c->[7:0]. This patch updates the bl2 exit path to write the x->[15:8] and c->[7:0] fields of the SPSR. For the purposes of initial setup of the SPSR the x and c fields should be sufficient and importantly will capture the necessary lower-order control bits that f:c alone do not. This is important to do to ensure the SPSR is set to the mode the platform intends prior to performing an eret. Fixes: b1d27b484f41 ("bl2-el3: Add BL2_EL3 image") Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> 2019-03-12T11:30:33Z John Tsichritzis 2019-03-04T16:42:54Z urn:sha1:02b57943965c89887170604e8eb801e17fd8cb99 The SCTLR.DSSBS bit is zero by default thus disabling speculative loads. However, we also explicitly set it to zero for BL2 and TSP images when each image initialises its context. This is done to ensure that the image environment is initialised in a safe state, regardless of the reset value of the bit. Change-Id: If25a8396641edb640f7f298b8d3309d5cba3cd79 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com> 2019-02-27T11:58:09Z Antonio Nino Diaz 2019-01-31T17:40:44Z urn:sha1:dcbfa11bd96af98dbb93df3410008f025a131d59 The size increase after enabling options related to ARMv8.3-PAuth is: +----------------------------+-------+-------+-------+--------+ | | text | bss | data | rodata | +----------------------------+-------+-------+-------+--------+ | CTX_INCLUDE_PAUTH_REGS = 1 | +44 | +0 | +0 | +0 | | | 0.2% | | | | +----------------------------+-------+-------+-------+--------+ | ENABLE_PAUTH = 1 | +712 | +0 | +16 | +0 | | | 3.1% | | 0.9% | | +----------------------------+-------+-------+-------+--------+ The results are valid for the following build configuration: make PLAT=fvp SPD=tspd DEBUG=1 \ BL2_AT_EL3=1 \ CTX_INCLUDE_PAUTH_REGS=1 \ ENABLE_PAUTH=1 Change-Id: I1c0616e7dea30962a92b4fd113428bc30a018320 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> 2019-02-27T11:58:09Z Antonio Nino Diaz 2019-01-31T10:48:47Z urn:sha1:9d93fc2f89a00e104bfe6be31f87861c26ba2bf0 The size increase after enabling options related to ARMv8.3-PAuth is: +----------------------------+-------+-------+-------+--------+ | | text | bss | data | rodata | +----------------------------+-------+-------+-------+--------+ | CTX_INCLUDE_PAUTH_REGS = 1 | +40 | +0 | +0 | +0 | | | 0.2% | | | | +----------------------------+-------+-------+-------+--------+ | ENABLE_PAUTH = 1 | +664 | +0 | +16 | +0 | | | 3.1% | | 0.9% | | +----------------------------+-------+-------+-------+--------+ Results calculated with the following build configuration: make PLAT=fvp SPD=tspd DEBUG=1 \ SDEI_SUPPORT=1 \ EL3_EXCEPTION_HANDLING=1 \ TSP_NS_INTR_ASYNC_PREEMPT=1 \ CTX_INCLUDE_PAUTH_REGS=1 \ ENABLE_PAUTH=1 The changes for BL2_AT_EL3 aren't done in this commit. Change-Id: I8c803b40c7160525a06173bc6cdca21c4505837d Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> 2019-01-15T13:52:32Z Antonio Nino Diaz 2018-12-18T13:49:46Z urn:sha1:c9f9d9ea7d12a6d36af50869ebc4f098e623bfd9 The definitions in bl1/bl1_private.h and bl2/bl2_private.h are useful for platforms that may need to access them. Change-Id: Ifd1880f855ddafcb3bfcaf1ed4a4e0f121eda174 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>