Commits · c2fb8ef66ccc8222c70ab802cdaf29f1592cbbb6 · Infra Solutions / Reference Design / platsw / trusted-firmware-a

Jan 11, 2023

feat(aarch64): make ID system register reads non-volatile · c2fb8ef6

Andre Przywara authored Nov 14, 2022



Our system register access function wrappers are using "volatile"
inline assembly instructions. On the first glance this is a good idea,
since many system registers have side effects, and we don't want the
compiler to optimise or reorder them (what "volatile" prevents).

However this also naturally limits the compiler's freedom to optimise
code better, and those volatile properties don't apply to every type of
system register. One example are the CPU ID registers, which have
constant values, are side-effect free and read-only.

Introduce a new wrapper type that drops the volatile keyword, and use
that for the wrappers instantiating ID register accessors.

This allows the compiler to freely optimise those instructions away, if
their result isn't actually used, which can trigger further
optimisations.

Change-Id: I3c64716ae4f4bf603f0ea57b652bd50bcc67bb0e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

c2fb8ef6

Jan 10, 2023

Merge changes from topic "bk/warnings" into integration · 601e2d43

Manish Pandey2 authored Jan 10, 2023

* changes:
  docs: describe the new warning levels
  build: add -Wunused-const-variable=2 to W=2
  build: include -Wextra in generic builds
  docs(porting-guide): update a reference
  fix(st-usb): replace redundant checks with asserts
  fix(brcm): add braces around bodies of conditionals
  fix(renesas): align incompatible function pointers
  fix(zynqmp): remove redundant api_version check
  fix: remove old-style declarations
  fix: unify fallthrough annotations

601e2d43

Jan 09, 2023
- Merge "docs(changelog): add console scope" into integration · 0e4655f8
  Madhukar Pappireddy authored Jan 09, 2023
  
  0e4655f8
- Merge "fix(libc): properly define SCHAR_MIN" into integration · bacfff8b
  Madhukar Pappireddy authored Jan 09, 2023
  
  bacfff8b
- Merge "docs(maintainers): update maintainers for total compute" into integration · c9c752e9
  Manish Badarkhe authored Jan 09, 2023
  
  c9c752e9
- docs(maintainers): update maintainers for total compute · 08f439f4
  Rupinderjit Singh authored Jan 05, 2023
```
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
Change-Id: I64e7b036f404da110339d9013aa5c17ed8bf100f
```
  08f439f4
- Merge "fix(plat/tc): increase TC_TZC_DRAM1_SIZE" into integration · 36ec4c75
  Manish Badarkhe authored Jan 09, 2023
  
  36ec4c75
Jan 06, 2023

docs(changelog): add console scope · 3c788290

Yann Gautier authored Jan 06, 2023



Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ie9426509ee4f0a4c4f0fe0296d7a7378cc8828f5

3c788290

Merge "fix(fconf): make struct fconf_populator static" into integration · 51920f0f
Madhukar Pappireddy authored Jan 06, 2023

51920f0f

fix(libc): properly define SCHAR_MIN · 06c01b08

Yann Gautier authored Jan 06, 2023



SCHAR_MIN definition should use SCHAR_MAX, and not itself.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If8c1751a381dac50fe3ec5fdf19d6a4918470b58

06c01b08

fix(fconf): make struct fconf_populator static · 40e740dc

Yann Gautier authored Nov 18, 2022



In FCONF_REGISTER_POPULATOR macro, add static for the fconf_populator
struct. This avoids this kind of sparse warning:
plat/st/common/stm32mp_fconf_io.c:181:1: warning:
 symbol 'stm32mp_io__populator' was not declared. Should it be static?

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Icaa7da3079e82497e112585150f6348ef2ebf5e6

40e740dc

Merge "feat(mt8188): update INFRA IOMMU enable flow" into integration · be737af7
Olivier Deprez authored Jan 06, 2023

be737af7

feat(mt8188): update INFRA IOMMU enable flow · 98415e1a

Chengci.Xu authored Dec 30, 2022



IOMMU kernel driver has changed the function parameters, so update
IOMMU TF-A driver to be consistent with it.

Change-Id: I2adda69bdbdc31833781fac5e6c1f4b10da161be
Signed-off-by: Chengci.Xu <chengci.xu@mediatek.com>

98415e1a

Jan 04, 2023
- Merge changes from topic "fvp_trap_rng" into integration · 0c6a0854
  Manish Pandey2 authored Jan 04, 2023
```
* changes:
  feat(fvp): emulate trapped RNDR
  feat(el3-runtime): introduce system register trap handler
```
  0c6a0854
- Merge "refactor(trng): discarding the used entropy bits" into integration · e2dcf8b4
  Manish Pandey2 authored Jan 04, 2023
  
  e2dcf8b4
- fix(plat/tc): increase TC_TZC_DRAM1_SIZE · 7e3f6a87
  Arunachalam Ganapathy authored Apr 11, 2022 and Davidson Kumaresan committed Jan 04, 2023
```
Increase TC_TZC_DRAM1_SIZE for Trusty image and its memory size.
Update OP-TEE reserved memory range in DTS

Change-Id: Iad433c3c155f28860b15bde2398df653487189dd
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
```
  7e3f6a87
- Merge "refactor(auth): avoid parsing signature algorithm twice" into integration · ef27dd23
  Sandrine Bailleux authored Jan 04, 2023
  
  ef27dd23
Jan 03, 2023

Merge changes I794d2927,Ie33205fb,Ifdbe3b4c into integration · 40fd1c02

Sandrine Bailleux authored Jan 03, 2023

* changes:
  refactor(auth): do not include SEQUENCE tag in saved extensions
  fix(auth): reject junk after certificates
  fix(auth): require bit strings to have no unused bits

40fd1c02

refactor(auth): do not include SEQUENCE tag in saved extensions · ce882b53

Demi Marie Obenour authored Dec 08, 2022 and

Sandrine Bailleux committed Jan 03, 2023



This makes the code a little bit smaller.  No functional change
intended.

Change-Id: I794d2927fcd034a79e29c9bba1f8e4410203f547
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

ce882b53

fix(auth): reject junk after certificates · ca34dbc0

Demi Marie Obenour authored Dec 08, 2022 and

Sandrine Bailleux committed Jan 03, 2023



Certificates must not allow trailing junk after them.

Change-Id: Ie33205fb051fc63af5b72c326822da7f62eec1d1
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

ca34dbc0

fix(auth): require bit strings to have no unused bits · 8816dbb3

Demi Marie Obenour authored Dec 08, 2022 and

Sandrine Bailleux committed Jan 03, 2023



This is already checked by the crypto module or by mbedTLS, but checking
it in the X.509 parser is harmless.

Change-Id: Ifdbe3b4c6d04481bb8e93106ee04b49a70f50d5d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

8816dbb3

Merge changes Ia748b6ae,Id8a48e14,Id25ab231,Ie26eed8a,Idf48f716, ... into integration · 2439a808

Sandrine Bailleux authored Jan 03, 2023

* changes:
  refactor(auth): partially validate SubjectPublicKeyInfo early
  fix(auth): reject padding after BIT STRING in signatures
  fix(auth): reject invalid padding in digests
  fix(auth): require at least one extension to be present
  fix(auth): forbid junk after extensions
  fix(auth): only accept v3 X.509 certificates

2439a808

Merge changes from topic "st_fix_sparse_warnings" into integration · a95a451b

Manish Pandey2 authored Jan 03, 2023

* changes:
  fix(st-crypto): remove platdata functions
  fix(st-crypto): set get_plain_pk_from_asn1() static
  fix(stm32mp1): add missing platform.h include
  fix(st): make metadata_block_spec static

a95a451b

Dec 30, 2022

refactor(auth): avoid parsing signature algorithm twice · 63cc49d0

Demi Marie Obenour authored Dec 08, 2022

Since the two instances of the signature algorithm in a certificate must
be bitwise identical, it is not necessary to parse both of them.
Instead, it suffices to parse one of them, and then check that the other
fits in the remaining buffer space and is equal to the first.

Change-Id: Id0a0663165f147879ac83b6a540378fd4873b0dd
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

63cc49d0

Dec 29, 2022

refactor(auth): partially validate SubjectPublicKeyInfo early · 94c0cfbb

Demi Marie Obenour authored Dec 08, 2022



This reduces the likelihood of future problems later.

Change-Id: Ia748b6ae31a7a48f17ec7f0fc08310a50cd1b135
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

94c0cfbb

fix(auth): reject padding after BIT STRING in signatures · a8c8c5ef

Demi Marie Obenour authored Dec 08, 2022



It is forbidden by ASN.1 DER.

Change-Id: Id8a48e14bb8a1a17a6481ea3fde0803723c05e31
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

a8c8c5ef

fix(auth): reject invalid padding in digests · f47547b3

Demi Marie Obenour authored Dec 08, 2022



Digests must not have padding after the SEQUENCE or OCTET STRING.

Change-Id: Id25ab23111781f8c8a97c2c3c8edf1cc4a4384c0
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

f47547b3

fix(auth): require at least one extension to be present · 72460f50

Demi Marie Obenour authored Dec 08, 2022

X.509 and RFC5280 allow omitting the extensions entirely, but require
that if the extensions field is present at all, it must contain at least
one certificate. TF-A already requires the extensions to be present,
but allows them to be empty. However, a certificate with an empty
extensions field will always fail later on, as the extensions contain
the information needed to validate the next stage in the boot chain.
Therefore, it is simpler to require the extension field to be present
and contain at least one extension. Also add a comment explaining why
the extensions field is required, even though it is OPTIONAL in the
ASN.1 syntax.

Change-Id: Ie26eed8a7924bf50937a6b27ccdf7cc9a390588d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

72460f50

fix(auth): forbid junk after extensions · fd37982a

Demi Marie Obenour authored Dec 08, 2022



The extensions must use all remaining bytes in the TBSCertificate.

Change-Id: Idf48f7168e146d050ba62dbc732638946fcd6c92
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

fd37982a

fix(auth): only accept v3 X.509 certificates · e9e4a2a6

Demi Marie Obenour authored Dec 08, 2022



v1 and v2 are forbidden as at least one extension is required.  Instead
of actually parsing the version number, just compare it with a
hard-coded string.

Change-Id: Ib8fd34304a0049787db77ec8c2359d0930cd4ba1
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

e9e4a2a6

Dec 22, 2022
- Merge "fix(qemu-sbsa): enable SVE and SME" into integration · af467fc3
  Bipin Ravi authored Dec 22, 2022
  
  af467fc3
- Merge changes Ia14738de,I6f4cffdc into integration · 8c276af3
  Manish Badarkhe authored Dec 22, 2022
```
* changes:
  fix(tc): change the properties of optee reserved memory
  feat(tc): use smmu 700
```
  8c276af3
Dec 21, 2022

Merge "fix(cpus): workaround for Neoverse N2 erratum 2743089" into integration · c3c30ff8
Madhukar Pappireddy authored Dec 21, 2022

c3c30ff8

fix(cpus): workaround for Neoverse N2 erratum 2743089 · 1ee7c823

Bipin Ravi authored Dec 07, 2022

Neoverse N2 erratum 2743089 is a Cat B erratum that applies to
all revisions <=r0p2 and is fixed in r0p3. The workaround is to
insert a dsb before the isb in the power down sequence.

SDEN documentation:
https://developer.arm.com/documentation/SDEN1982442/latest



Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Idec862226bd32c91374a8bbd5d73d7ee480a34d9

1ee7c823

Merge changes I0362da46,I8ee7c16c into integration · e7abef90

Madhukar Pappireddy authored Dec 21, 2022

* changes:
  fix(cpus): workaround for Cortex-A78 erratum 2772019
  fix(cpus): workaround for Neoverse V1 erratum 2743093

e7abef90

feat(fvp): emulate trapped RNDR · 1ae75529

Andre Przywara authored Nov 21, 2022 and

Manish Pandey2 committed Dec 21, 2022

When a platform decides to use FEAT_RNG_TRAP, every RNDR or RNDRSS read
will trap into EL3. The platform can then emulate those instructions, by
either executing the real CPU instructions, potentially conditioning the
results, or use rate-limiting or filtering to protect the hardware
entropy pool. Another possiblitiy would be to use some platform specific
TRNG device to get entropy and returning this.

To demonstrate platform specific usage, add a demo implementation for the
FVP: It will execute the actual CPU instruction and just return the
result. This should serve as reference code to implement platform specific
policies.

We change the definition of read_rndr() and read_rndrrs() to use the
alternative sysreg encoding, so that all assemblers can handle that.

Add documentation about the new platform specific RNG handler function.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ibce817b3b06ad20129d15531b81402e3cc3e9a9e

1ae75529

feat(el3-runtime): introduce system register trap handler · ccd81f1e

Andre Przywara authored Nov 21, 2022 and

Manish Pandey2 committed Dec 21, 2022



At the moment we only handle SMC traps from lower ELs, but ignore any
other synchronous traps and just panic.
To cope with system register traps, which we might need to emulate,
introduce a C function to handle those traps, and wire that up in the
exception handler to be called.

We provide a dispatcher function (in C), that will call platform
specific implementation for certain (classes of) system registers.
For now this is empty.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: If147bcb49472eb02791498700300926afbcf75ff

ccd81f1e

Dec 20, 2022

fix(cpus): workaround for Cortex-A78 erratum 2772019 · b10afcce

Bipin Ravi authored Dec 15, 2022

Cortex-A78 erratum 2772019 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.

SDEN documentation:
https://developer.arm.com/documentation/SDEN1401784/latest



Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I0362da463eca777aa7a385bcdeb39b8549799f02

b10afcce

fix(cpus): workaround for Neoverse V1 erratum 2743093 · 31747f05

Bipin Ravi authored Dec 15, 2022

Neoverse V1 erratum 2743093 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.

SDEN documentation:
https://developer.arm.com/documentation/SDEN1401781/latest



Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I8ee7c16c14c4fd6ee35d20c855273ecfce0d1b32

31747f05

Merge "fix(el3-spmc): report execution state in partition info get" into integration · f4d8ed50
Olivier Deprez authored Dec 20, 2022

f4d8ed50