From f14cb036903cb6203efaae833ae8649fc20ace86 Mon Sep 17 00:00:00 2001 From: Olivier Deprez Date: Tue, 14 May 2024 12:19:54 +0200 Subject: [PATCH 1/6] fix: bump TF-A/TF-a-tests/Hafnium to v2.11 Signed-off-by: Olivier Deprez --- config/hafnium-base.yaml | 2 +- config/tfa-base.yaml | 2 +- config/tftf-base.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/hafnium-base.yaml b/config/hafnium-base.yaml index 2b40273..f921215 100644 --- a/config/hafnium-base.yaml +++ b/config/hafnium-base.yaml @@ -10,7 +10,7 @@ build: hafnium: repo: remote: https://git.trustedfirmware.org/hafnium/hafnium.git - revision: v2.10 + revision: v2.11 params: PROJECT: reference diff --git a/config/tfa-base.yaml b/config/tfa-base.yaml index ea9e714..fd6f1ca 100644 --- a/config/tfa-base.yaml +++ b/config/tfa-base.yaml @@ -11,7 +11,7 @@ build: tfa: repo: remote: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git - revision: v2.10 + revision: v2.11 toolchain: aarch64-none-elf- diff --git a/config/tftf-base.yaml b/config/tftf-base.yaml index 55e1831..74cde39 100644 --- a/config/tftf-base.yaml +++ b/config/tftf-base.yaml @@ -12,7 +12,7 @@ build: tftf: repo: remote: https://git.trustedfirmware.org/TF-A/tf-a-tests.git - revision: v2.10 + revision: v2.11 toolchain: aarch64-none-elf- -- GitLab From 02fe64cfd88ea0fc88e8a3982ed73ead76a8e123 Mon Sep 17 00:00:00 2001 From: Olivier Deprez Date: Mon, 27 May 2024 12:09:18 +0200 Subject: [PATCH 2/6] fix: bump RMM to v0.5 Signed-off-by: Olivier Deprez --- config/rmm-base.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/rmm-base.yaml b/config/rmm-base.yaml index 6b7da94..162e781 100644 --- a/config/rmm-base.yaml +++ b/config/rmm-base.yaml @@ -7,7 +7,7 @@ build: rmm: repo: remote: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git - revision: tf-rmm-v0.4.0 + revision: tf-rmm-v0.5.0 toolchain: aarch64-none-elf- -- GitLab From 6648f8d7336d35507819da7d1c98570b66d188ec Mon Sep 17 00:00:00 2001 From: Olivier Deprez Date: Tue, 14 May 2024 12:17:12 +0200 Subject: [PATCH 3/6] fix: enable FVP SME option to the 4 worlds config From TF-A v2.11 Hafnium supports saving/restoring SME state on normal/secure world switches. Remove the fix disabling it in the 4 worlds config. Signed-off-by: Olivier Deprez --- config/cca-4world.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/config/cca-4world.yaml b/config/cca-4world.yaml index d732314..cbdb64e 100644 --- a/config/cca-4world.yaml +++ b/config/cca-4world.yaml @@ -56,9 +56,3 @@ run: terminals: bp.terminal_2: friendly: hafnium - - # SPMD doesn't permit use of SME options: - # https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/platform.mk?h=v2.10#n60 - # This is mainly because Hafnium/S-EL2 doesn't support (yet) saving/restoring the NS SME state across SMC calls. - params: - -C SVE.ScalableVectorExtension.has_sme: 0 -- GitLab From 30496ff9455627322a39b1961c23b3e7b67abae0 Mon Sep 17 00:00:00 2001 From: Olivier Deprez Date: Tue, 14 May 2024 12:21:34 +0200 Subject: [PATCH 4/6] fix: TF-A build options for 4 worlds Per TF-A v2.11 CTX_INCLUDE_MTE_REGS is renamed ENABLE_FEAT_MTE2. Now Hafnium supports SME state save/restore, enable SME for the secure world (aka disable SME EL3 traps). Signed-off-by: Olivier Deprez --- config/hafnium-base.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/hafnium-base.yaml b/config/hafnium-base.yaml index f921215..ad0e811 100644 --- a/config/hafnium-base.yaml +++ b/config/hafnium-base.yaml @@ -31,8 +31,9 @@ build: # still a few, which are required by Hafnium, which it can't. Given these # are hard requirements for Hafnium, define them here. GIC_EXT_INTID: 1 - CTX_INCLUDE_MTE_REGS: 1 + ENABLE_FEAT_MTE2: 1 ENABLE_SVE_FOR_SWD: 1 + ENABLE_SME_FOR_SWD: 1 run: params: -- GitLab From 4c9f27d85c49589b72b80b29f9bf841a4fd2ecef Mon Sep 17 00:00:00 2001 From: Olivier Deprez Date: Tue, 14 May 2024 12:23:26 +0200 Subject: [PATCH 5/6] fix: TF-A ARM_ARCH options for v9.0, v9.1, v9.2 From TF-A v2.11 restore the ability to specify ARM_ARCH_MAJOR/ARM_ARCH_MINOR from TF-A command line for the desired architecture extension. This was gated by the fix [1] now merged. Note config files for arch extensions beyond v9.2 are not updated by this change and deserve doing it at a later time. [1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/25886 Signed-off-by: Olivier Deprez --- config/arch/v9.0.yaml | 2 ++ config/arch/v9.1.yaml | 6 ++++++ config/arch/v9.2.yaml | 6 ++++++ 3 files changed, 14 insertions(+) diff --git a/config/arch/v9.0.yaml b/config/arch/v9.0.yaml index a5c7308..170418e 100644 --- a/config/arch/v9.0.yaml +++ b/config/arch/v9.0.yaml @@ -15,6 +15,8 @@ layers: build: tfa: params: + ARM_ARCH_MAJOR: 9 + ARM_ARCH_MINOR: 0 CTX_INCLUDE_AARCH32_REGS: 0 run: diff --git a/config/arch/v9.1.yaml b/config/arch/v9.1.yaml index 47c5697..f527e9e 100644 --- a/config/arch/v9.1.yaml +++ b/config/arch/v9.1.yaml @@ -13,6 +13,12 @@ layers: - arch/v8.6.yaml - arch/v9.0.yaml +build: + tfa: + params: + ARM_ARCH_MAJOR: 9 + ARM_ARCH_MINOR: 1 + run: params: -C cluster0.has_arm_v9-1: 1 diff --git a/config/arch/v9.2.yaml b/config/arch/v9.2.yaml index f00fb2e..e909d4a 100644 --- a/config/arch/v9.2.yaml +++ b/config/arch/v9.2.yaml @@ -13,6 +13,12 @@ layers: - arch/v8.7.yaml - arch/v9.1.yaml +build: + tfa: + params: + ARM_ARCH_MAJOR: 9 + ARM_ARCH_MINOR: 2 + run: params: -C cluster0.has_arm_v9-2: 1 -- GitLab From 7e93b7bb0d2ce394059bff0e7e25f8127127e6d4 Mon Sep 17 00:00:00 2001 From: Olivier Deprez Date: Mon, 27 May 2024 16:13:27 +0200 Subject: [PATCH 6/6] fix: FVP RME PE and system parameters FVP has separate controls for enabling RME at the PE level (clusterX.rme_support_level=2) and for enabling RME at the system level (bp.has_rme=1). Moreover legacy TZC-400 DRAM checks must be disabled when RME is enabled as DRAM access control is enforced by GPT. Leaving TZC-400 checks enabled might lead to misconfigurations and conflicts. Thus, for RME configs clear the bp.secure_memory control. Signed-off-by: Olivier Deprez --- config/cca-3world.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/config/cca-3world.yaml b/config/cca-3world.yaml index ea555e6..c7f713d 100644 --- a/config/cca-3world.yaml +++ b/config/cca-3world.yaml @@ -215,6 +215,17 @@ run: params: -C cluster0.rme_support_level: 2 -C cluster1.rme_support_level: 2 + -C bp.secure_memory: 0 # Disable security checking by TZC-400 + -C bp.has_rme: 1 # Enable Realm Management Extension(RME) support + # Only Root access to Trusted ROM and SRAM. + # SECURE/ROOT access only for below peripherals: + # -Trusted DRAM + # -REFCLK CNTControl (Generic Timer) + # -Trusted Watchdog SP805, Trustzone address space controller + # -AP_REFCLK CNTBase0 (Generic Timer) + # -Trusted RNG, Non-Volatile Counter and Root-Key Storage + # -Flash0, Flash1 + # -uart0, uart1, uart2, uart3 # Suppress "WARNING: MPAM_NS is deprecated when RME is in use. Should use MPAM_SP" -C cluster0.output_attributes: ExtendedID[62:55]=MPAM_PMG,ExtendedID[54:39]=MPAM_PARTID,ExtendedID[38:37]=MPAM_SP -- GitLab