Broadcom-s Trusted Firmware A https://git.openwrt.org/project/bcm63xx/atf/atom?h=master 2021-12-24T12:15:12Z 2021-12-24T12:15:12Z Rafał Miłecki 2021-12-24T12:15:12Z urn:sha1:e6d46baf3fae79f693f90bf34f7284c3dfc64aef This includes all bcm63xx families (some of them don't follow that naming schema - like BCM4908). All that code has been extracted from the RAXE500_RAXE450-V1.0.8.70_GPL_release.zip . Signed-off-by: Rafał Miłecki <rafal@milecki.pl> 2019-09-26T15:36:02Z Alexei Fedorov 2019-08-20T14:22:44Z urn:sha1:c3e8b0be9bde36d220beea5d0452ecd04dcd94c6 This patch changes implementation for disabling Secure Cycle Counter. For ARMv8.5 the counter gets disabled by setting SDCR.SCCD bit on CPU cold/warm boot. For the earlier architectures PMCR register is saved/restored on secure world entry/exit from/to Non-secure state, and cycle counting gets disabled by setting PMCR.DP bit. In 'include\aarch32\arch.h' header file new ARMv8.5-PMU related definitions were added. Change-Id: Ia8845db2ebe8de940d66dff479225a5b879316f8 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com> 2019-09-13T13:11:59Z Alexei Fedorov 2019-09-13T13:11:59Z urn:sha1:ed108b56051de5da8024568a06781ce287e86c78 This patch provides the following features and makes modifications listed below: - Individual APIAKey key generation for each CPU. - New key generation on every BL31 warm boot and TSP CPU On event. - Per-CPU storage of APIAKey added in percpu_data[] of cpu_data structure. - `plat_init_apiakey()` function replaced with `plat_init_apkey()` which returns 128-bit value and uses Generic timer physical counter value to increase the randomness of the generated key. The new function can be used for generation of all ARMv8.3-PAuth keys - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`. - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively; pauth_disable_el1()` and `pauth_disable_el3()` functions disable PAuth for EL1 and EL3 respectively; `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from cpu-data structure. - Combined `save_gp_pauth_registers()` function replaces calls to `save_gp_registers()` and `pauth_context_save()`; `restore_gp_pauth_registers()` replaces `pauth_context_restore()` and `restore_gp_registers()` calls. - `restore_gp_registers_eret()` function removed with corresponding code placed in `el3_exit()`. - Fixed the issue when `pauth_t pauth_ctx` structure allocated space for 12 uint64_t PAuth registers instead of 10 by removal of macro CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h` and assigning its value to CTX_PAUTH_REGS_END. - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions in `msr spsel` instruction instead of hard-coded values. - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI. Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com> 2019-09-09T15:23:33Z Justin Chadwell 2019-07-18T13:25:33Z urn:sha1:9dd94382bd23db0fa201b254dc3f1bebdfd627c2 This patch adds support for the new Memory Tagging Extension arriving in ARMv8.5. MTE support is now enabled by default on systems that support at EL0. To enable it at ELx for both the non-secure and the secure world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving and restoring when necessary in order to prevent register leakage between the worlds. Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c Signed-off-by: Justin Chadwell <justin.chadwell@arm.com> 2019-08-01T20:14:12Z Julius Werner 2019-07-09T20:49:11Z urn:sha1:d5dfdeb65ff5b7f24dded201d2945c7b74565ce8 NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__. All common C compilers predefine a macro called __ASSEMBLER__ when preprocessing a .S file. There is no reason for TF-A to define it's own __ASSEMBLY__ macro for this purpose instead. To unify code with the export headers (which use __ASSEMBLER__ to avoid one extra dependency), let's deprecate __ASSEMBLY__ and switch the code base over to the predefined standard. Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417 Signed-off-by: Julius Werner <jwerner@chromium.org> 2019-07-10T10:13:00Z John Tsichritzis 2019-07-05T13:22:12Z urn:sha1:bd97f83a62382633468034db1e81381c5990b62a The project has been renamed from "Arm Trusted Firmware (ATF)" to "Trusted Firmware-A (TF-A)" long ago. A few references to the old project name that still remained in various places have now been removed. This change doesn't affect any platform files. Any "ATF" references inside platform files, still remain. Change-Id: Id97895faa5b1845e851d4d50f5750de7a55bf99e Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com> 2019-05-24T13:44:45Z Alexei Fedorov 2019-05-24T11:17:09Z urn:sha1:9fc59639e649f614318f78ae2ca103fe102405ec This patch adds the functionality needed for platforms to provide Branch Target Identification (BTI) extension, introduced to AArch64 in Armv8.5-A by adding BTI instruction used to mark valid targets for indirect branches. The patch sets new GP bit [50] to the stage 1 Translation Table Block and Page entries to denote guarded EL3 code pages which will cause processor to trap instructions in protected pages trying to perform an indirect branch to any instruction other than BTI. BTI feature is selected by BRANCH_PROTECTION option which supersedes the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication and is disabled by default. Enabling BTI requires compiler support and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0. The assembly macros and helpers are modified to accommodate the BTI instruction. This is an experimental feature. Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3 is now made as an internal flag and BRANCH_PROTECTION flag should be used instead to enable Pointer Authentication. Note. USE_LIBROM=1 option is currently not supported. Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com> 2019-04-25T11:37:56Z Heiko Stuebner 2019-04-11T13:26:07Z urn:sha1:14e09cc42e95c716ed4eed73764d254052f985f0 Similar to bl31 allow sp_min to also include a platform-specific linker script. This allows for example to place specific code in other memories of the system, like resume code in sram, while the main tf-a lives in ddr. Signed-off-by: Heiko Stuebner <heiko@sntech.de> Change-Id: I67642f7bfca036b5d51eb0fa092b479a647a9cc1 2019-04-25T11:37:56Z Heiko Stuebner 2019-03-02T10:59:04Z urn:sha1:d4c98a1b20fb62deed3722252169651f5385ede1 Similar to bl31_warm_entrypoint, sp_min-based platforms may need that for special resume handling. Therefore move it from the private header to the sp_min platform header. Signed-off-by: Heiko Stuebner <heiko@sntech.de> Change-Id: I40d9eb3ff77cff88d47c1ff51d53d9b2512cbd3e 2019-03-12T11:30:33Z John Tsichritzis 2019-03-04T16:42:54Z urn:sha1:02b57943965c89887170604e8eb801e17fd8cb99 The SCTLR.DSSBS bit is zero by default thus disabling speculative loads. However, we also explicitly set it to zero for BL2 and TSP images when each image initialises its context. This is done to ensure that the image environment is initialised in a safe state, regardless of the reset value of the bit. Change-Id: If25a8396641edb640f7f298b8d3309d5cba3cd79 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>