+Harb
________________________________
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Vivek Prasad via TF-A <tf-a(a)lists.trustedfirmware.org>
Sent: Thursday, April 16, 2020 10:19 AM
To: Stuart Yoder <stuart.yoder(a)arm.com>; Alexei Fedorov <Alexei.Fedorov(a)arm.com>; tf-a <tf-a(a)lists.trustedfirmware.org>; Raghu Krishnamurthy <raghu.ncstate(a)icloud.com>
Cc: Loc Ho <loc.ho(a)amperecomputing.com>; Vivek Kumar <vivek(a)amperecomputing.com>; Benjamin Chaffin <bchaffin(a)amperecomputing.com>; Ard Biesheuvel <Ard.Biesheuvel(a)arm.com>; Mohamad Ammar <moe(a)amperecomputing.com>; Charles Garcia-Tobin <Charles.Garcia-Tobin(a)arm.com>
Subject: Re: [TF-A] Proposal for Measured Boot Implementation
Hello Stuart, Alexei,
Chiming-in here on Ampere's behalf...
We analysed this proposal internally. And we see a number issues with this, some of which was already raised by Raghu in the previous threads.
Here is a summary of the main issues that we see.
* Only supporting mbedtls, and this is fixed config at compile time.
* We propose that there should be a variable for the algorithm to be used, which can be setup at initialization time.
* This solution relies on taking the hash directly from the digest as the measurement, instead of the computed hash. This is not safe, especially considering measured boot may use a different hash bank, so digest hash may not be correct/valid.
* Only measuring the BL2 image, per the ARM SBSG we must be measuring and logging *all* images/boot phases
* BL31
* BL32 (all secure partitions)
* BL33 (UEFI or any other non-secure boot loader)
* Once we ERET into BL33, the measure boot flow continues and is owned by that boot loader
* Only see support for PCR0, any/all unsigned config data must be logged to PCR1.
* Passing PCRs to non-secure software before logging is not compliant with TCG Static-Root-of-Trust Measurement (SRTM) requirements
* It was discussed before in separate conversations… especially in systems where you are talked about two different signing domains where BL33 is a different trust/signing domain.
* BL33 should only do hash-log-extend… there is no need for BL33 to be aware of the current PCR value (beyond what is provided in the boot event log).
* Based on comments on the mail thread, there seem to be bad assumptions/expectations around TPM accessibility from non-secure world.
* Expecting SPI/I2C TPMs to be directly accessed from non-secure world instead of abstracting hardware details via the TCG CRB interface (which has been already standardized as the defacto mechanism for ARM on past mobile, client, and server solutions).
* CRB will "just work" for Aptio/EDK2/Linux/Windows/Hyper-V/VMWare
* NOTE: This goes back to what is a “productizable” TPM solution. We want it to be turn-key solution for customers without having to support/develop proprietary drivers.
-Vivek/Harb
Hi all,
Thanks to all who have commented on this proposal so far. I've edited
the original document to try and incorporate all feedback gathered so
far (through the TSC meeting, this email thread and the TF-A tech call).
Please have another look and flag anything I might have missed:
https://developer.trustedfirmware.org/w/collaboration/project-maintenance-p…
The major changes are:
== Removed concept of self-review ==
This is proving too controversial, several people do not want to allow
self-review.
Roles of maintainer and code owner are still cumulative but cannot be
both exercised for the same patch.
The exact method of dealing with review bottleneck is still to be
decided. In addition to the current proposal of increasing the
maintainers pool, the most popular alternatives mentioned so far are:
- Set a minimum wait time for feedback before a patch can be merged
without any further delay.
- Mandate distinct reviewers for a patch.
== Enhanced the section "Patch contribution Guidelines" ==
Mentioned that patches should be small, on-topic, with comprehensive
commit messages.
== Added a note about how to deal with disagreement ==
If reviewers cannot find a common ground, the proposal is to call out a
3rd-party maintainer.
== Removed "out-of-date" platform state ==
Squashed it into "limited support" to reduce the number of states.
== Removed "orphan" state from platform support life cycle ==
This concept is orthogonal to the level of functionality.
Added a note in the "Code Owner" section instead.
== Per-project guidelines as a complementary document ==
Added a list of things that it would typically cover.
== Added requirement on fully supported platforms to document the
features they support ==
== Added todo mentioning that the proposal might cover branching
strategies in the future ==
The full diff may be seen here:
https://developer.trustedfirmware.org/phriction/diff/73/?l=4&r=5
This proposal is still open for discussion at this stage and further
feedback is most welcome!
Regards,
Sandrine
I want to use Linux as BL33 on a Marvell Macchiatobin.
Currently I have the successful boot flow:
TFA (mainline v2.2) -> U-Boot (Mainline 2020.04rc5) -> Kernel (5.6.3)
with U-root initrd (6.0.0, https://github.com/u-root/u-root ) ->
Ubuntu 19.10
The 5.6.3 "intermediary" kernel is 5.5MB uncompressed , u-root initrd
is 3.5MB compressed (some form of golang based busybox).
I was pointed to the ARM_LINUX_KERNEL_AS_BL33 option which is not
supported on the Macchiatobin.
It does not look too difficult to add, but I'd like to have some
feedback/guidance on how to do it:
- how to add the option to the TFA platform
- how to generate a usable kernel (compile options? non relocatable
kernel? output format, i.e. Image, zImage, uImage...)
Thanks for your help
-FF
Looping-in Thomas & Deepak, responsible for the RD-N1 landing team platforms releases. They might be able to help.
Thanks
Matteo
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of ??(??) via TF-A
Sent: 14 April 2020 06:47
To: TF-A <tf-a-bounces(a)lists.trustedfirmware.org>; Raghu Krishnamurthy via TF-A <tf-a(a)lists.trustedfirmware.org>
Subject: [TF-A] 回复:Re: [RAS] BL32 UnRecognized Event - 0xC4000061 and BL31 Crashed
Hi RagHu,
Really appreciate your help.
I was downloaded this software stack from git.linaro.org. This software stack include ATF, kernel, edk2 and so on.
The user guide i used from linaro is:https://git.linaro.org/landing-teams/working/arm/arm-reference-platforms…
1) What platform you are running on? Can this issue be reproduced
outside your testing environment, perhaps on FVP or QEMU?
A: I am running on ARM N1-Edge FVP platform. It can reproduced on this FVP platform.
2) What version of TF-A and StandaloneMM is being used? Preferably the
commit-id, so that we can be sure we are looking at the same code.
A: TF-A: https://git.linaro.org/landing-teams/working/arm/arm-tf.git tag:RD-INFRA-20191024-RC0
StandloneMM seems build from edk2 & edk2-platform. so i just put edk2 and edk2-platform version information. if anything i missed, please let me know.
edk2: https://git.linaro.org/landing-teams/working/arm/edk2.git<https://git.linaro.org/landing-teams/working/arm/edk2.git/> tag:RD-INFRA-20191024-RC0
edk2-platform: https://git.linaro.org/landing-teams/working/arm/edk2-platforms.git<https://git.linaro.org/landing-teams/working/arm/edk2-platforms.git/> tag:RD-INFRA-20191024-RC0
3) What version of the kernel and sdei driver is being used?
A: kernel-release: https://git.linaro.org/landing-teams/working/arm/kernel-release.git tag:RD-INFRA-20191024-RC0
The sdei driver was included in kernel, do i need to provide sdei driver version? If need please let me know.
4) I can't tell from looking at the log but do you know if writing 0x123
to sde_ras_poison causes a DMC620 interrupt or an SError or external
abort through memory access ?
A: Sorry, linaro only refered it will inject the DMC-620 single-bit RAS error. So I am also not sure which exception type it will trigger.
BRs,
Bin Wu
------------------原始邮件 ------------------
发件人:TF-A <tf-a-bounces(a)lists.trustedfirmware.org<mailto:tf-a-bounces@lists.trustedfirmware.org>>
发送时间:Tue Apr 14 01:25:47 2020
收件人:Raghu Krishnamurthy via TF-A <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>
主题:Re: [TF-A] [RAS] BL32 UnRecognized Event - 0xC4000061 and BL31 Crashed
Hello,
>>Does BL31 need to send 0xC4000061 event to BL32 again?
I don't think it will. It is really odd that
0xC4000061(SP_EVENT_COMPLETE_AARCH64) ever reaches the BL32/MM handler.
This is from looking at the upstream code quickly but it definitely
depends on the platform you are running, what version of TF-A you are
using, build options used. Is it possible that the unhandled exception
is occurring after successful handling of the DMC620 error but there is
a following issue that occurs right after, causing the crash?
From the register dump it looks like there was an Instruction abort
exception at address 0 while running in EL3. Something seems to have
gone seriously wrong to have 0xC4000061 ever go back to BL32 and to get
an instruction abort at address 0.
>>Does current TF-A support to run RAS test? It seems BL31 will crash.
See above. The answer really depends on the factors mentioned above.
The following would be helpful to know:
1) What platform you are running on? Can this issue be reproduced
outside your testing environment, perhaps on FVP or QEMU?
2) What version of TF-A and StandaloneMM is being used? Preferably the
commit-id, so that we can be sure we are looking at the same code.
3) What version of the kernel and sdei driver is being used?
4) I can't tell from looking at the log but do you know if writing 0x123
to sde_ras_poison causes a DMC620 interrupt or an SError or external
abort through memory access ?
Thanks
Raghu
On 4/13/20 12:16 AM, 吴斌(郅隆) via TF-A wrote:
> Dear Friends,
>
> I am using TF-A to test RAS feature.
> When I triggered DMC620 RAS error in Linux(echo 0x123 >
> /sys/kernel/debug/sdei_ras_poison).
> BL32 will recieve
> UnRecognized Event - 0xC4000061(SP_EVENT_COMPLETE_AARCH64) and finally
> BL31 crashed.
>
> In my understanding, this 0xC4000061 should consumed by BL31, not send
> it to BL32 again.
>
> A piece of error log as below:
>
> *************************************
>
> CperWrite - CperAddress@0xFF610064
> CperWrite - 1 Section@FFBE91A8, Length 80, SectionType@FFBE9138
> CperWrite - Got Error Section: Platform Memory.
> MmEntryPoint Done
> Received delegated event
> X0 : 0xC4000061
> X1 : 0x0
> X2 : 0x0
> X3 : 0x0
> Received event - 0xC4000061 on cpu 0
> UnRecognized Event - 0xC4000061
> Failed delegated event 0xC4000061, Status 0x2
> Unhandled Exception in EL3.
> x30 = 0x0000000000000000
> x0 = 0x00000000ff007e00
> x1 = 0xfffffffffffffffe
> x2 = 0x00000000600003c0
> x3 = 0x0000000000000000
> x4 = 0x0000000000000000
> x5 = 0x0000000000000000
> x6 = 0x00000000ff015080
> x7 = 0x0000000000000000
> x8 = 0x00000000c4000061
> x9 = 0x0000000000000021
> x10 = 0x0000000000000040
> x11 = 0x00000000ff00f2b0
> x12 = 0x00000000ff0118c0
> x13 = 0x0000000000000002
> x14 = 0x00000000ff016b70
> x15 = 0x00000000ff003f20
> x16 = 0x0000000000000044
> x17 = 0x00000000ff010430
> x18 = 0x0000000000000e3c
> x19 = 0x0000000000000000
> More error log please refer to attachment.
>
> My question is,
> 1. Does BL31 need to send 0xC4000061 event to BL32 again?
> 2. Does current TF-A support to run RAS test? It seems BL31 will crash.
>
> Appreciate your help.
>
> BRs,
> Bin Wu
>
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org>
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
Hi RagHu,
Really appreciate your help.
I was downloaded this software stack from git.linaro.org. This software stack include ATF, kernel, edk2 and so on.
The user guide i used from linaro is:https://git.linaro.org/landing-teams/working/arm/arm-reference-platforms…
1) What platform you are running on? Can this issue be reproduced
outside your testing environment, perhaps on FVP or QEMU?
A: I am running on ARM N1-Edge FVP platform. It can reproduced on this FVP platform.
2) What version of TF-A and StandaloneMM is being used? Preferably the
commit-id, so that we can be sure we are looking at the same code.
A: TF-A: https://git.linaro.org/landing-teams/working/arm/arm-tf.git tag:RD-INFRA-20191024-RC0
StandloneMM seems build from edk2 & edk2-platform. so i just put edk2 and edk2-platform version information. if anything i missed, please let me know.
edk2: https://git.linaro.org/landing-teams/working/arm/edk2.git tag:RD-INFRA-20191024-RC0
edk2-platform: https://git.linaro.org/landing-teams/working/arm/edk2-platforms.git tag:RD-INFRA-20191024-RC0
3) What version of the kernel and sdei driver is being used?
A: kernel-release: https://git.linaro.org/landing-teams/working/arm/kernel-release.git tag:RD-INFRA-20191024-RC0
The sdei driver was included in kernel, do i need to provide sdei driver version? If need please let me know.
4) I can't tell from looking at the log but do you know if writing 0x123
to sde_ras_poison causes a DMC620 interrupt or an SError or external
abort through memory access ?
A: Sorry, linaro only refered it will inject the DMC-620 single-bit RAS error. So I am also not sure which exception type it will trigger.
BRs,
Bin Wu
------------------原始邮件 ------------------
发件人:TF-A <tf-a-bounces(a)lists.trustedfirmware.org>
发送时间:Tue Apr 14 01:25:47 2020
收件人:Raghu Krishnamurthy via TF-A <tf-a(a)lists.trustedfirmware.org>
主题:Re: [TF-A] [RAS] BL32 UnRecognized Event - 0xC4000061 and BL31 Crashed
Hello,
>>Does BL31 need to send 0xC4000061 event to BL32 again?
I don't think it will. It is really odd that
0xC4000061(SP_EVENT_COMPLETE_AARCH64) ever reaches the BL32/MM handler.
This is from looking at the upstream code quickly but it definitely
depends on the platform you are running, what version of TF-A you are
using, build options used. Is it possible that the unhandled exception
is occurring after successful handling of the DMC620 error but there is
a following issue that occurs right after, causing the crash?
From the register dump it looks like there was an Instruction abort
exception at address 0 while running in EL3. Something seems to have
gone seriously wrong to have 0xC4000061 ever go back to BL32 and to get
an instruction abort at address 0.
>>Does current TF-A support to run RAS test? It seems BL31 will crash.
See above. The answer really depends on the factors mentioned above.
The following would be helpful to know:
1) What platform you are running on? Can this issue be reproduced
outside your testing environment, perhaps on FVP or QEMU?
2) What version of TF-A and StandaloneMM is being used? Preferably the
commit-id, so that we can be sure we are looking at the same code.
3) What version of the kernel and sdei driver is being used?
4) I can't tell from looking at the log but do you know if writing 0x123
to sde_ras_poison causes a DMC620 interrupt or an SError or external
abort through memory access ?
Thanks
Raghu
On 4/13/20 12:16 AM, 吴斌(郅隆) via TF-A wrote:
> Dear Friends,
>
> I am using TF-A to test RAS feature.
> When I triggered DMC620 RAS error in Linux(echo 0x123 >
> /sys/kernel/debug/sdei_ras_poison).
> BL32 will recieve
> UnRecognized Event - 0xC4000061(SP_EVENT_COMPLETE_AARCH64) and finally
> BL31 crashed.
>
> In my understanding, this 0xC4000061 should consumed by BL31, not send
> it to BL32 again.
>
> A piece of error log as below:
>
> *************************************
>
> CperWrite - CperAddress@0xFF610064
> CperWrite - 1 Section@FFBE91A8, Length 80, SectionType@FFBE9138
> CperWrite - Got Error Section: Platform Memory.
> MmEntryPoint Done
> Received delegated event
> X0 : 0xC4000061
> X1 : 0x0
> X2 : 0x0
> X3 : 0x0
> Received event - 0xC4000061 on cpu 0
> UnRecognized Event - 0xC4000061
> Failed delegated event 0xC4000061, Status 0x2
> Unhandled Exception in EL3.
> x30 = 0x0000000000000000
> x0 = 0x00000000ff007e00
> x1 = 0xfffffffffffffffe
> x2 = 0x00000000600003c0
> x3 = 0x0000000000000000
> x4 = 0x0000000000000000
> x5 = 0x0000000000000000
> x6 = 0x00000000ff015080
> x7 = 0x0000000000000000
> x8 = 0x00000000c4000061
> x9 = 0x0000000000000021
> x10 = 0x0000000000000040
> x11 = 0x00000000ff00f2b0
> x12 = 0x00000000ff0118c0
> x13 = 0x0000000000000002
> x14 = 0x00000000ff016b70
> x15 = 0x00000000ff003f20
> x16 = 0x0000000000000044
> x17 = 0x00000000ff010430
> x18 = 0x0000000000000e3c
> x19 = 0x0000000000000000
> More error log please refer to attachment.
>
> My question is,
> 1. Does BL31 need to send 0xC4000061 event to BL32 again?
> 2. Does current TF-A support to run RAS test? It seems BL31 will crash.
>
> Appreciate your help.
>
> BRs,
> Bin Wu
>
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
Hi Varun,
1. The value of '1' sets ‘standard’ type of BP which according to GCC documentation:
"turns on all types of branch protection features. If a feature has additional tuning options, then ‘standard’ sets it to its standard level. "
It equals to "bti+pac-ret".
2. Yes. See above and use option value of '1'.
Regards.
Alexei
________________________________
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Varun Wadekar via TF-A <tf-a(a)lists.trustedfirmware.org>
Sent: 10 April 2020 19:28
To: tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org>
Cc: Kalyani Chidambaram Vaidyanathan <kalyanic(a)nvidia.com>; Anthony Zhou <anzhou(a)nvidia.com>
Subject: Re: [TF-A] BRANCH_PROTECTION
Hello,
Can someone please help clarify?
-Varun
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Varun Wadekar via TF-A
Sent: Tuesday, April 7, 2020 9:58 PM
To: tf-a(a)lists.trustedfirmware.org
Cc: Kalyani Chidambaram Vaidyanathan <kalyanic(a)nvidia.com>; Anthony Zhou <anzhou(a)nvidia.com>
Subject: [TF-A] BRANCH_PROTECTION
External email: Use caution opening links or attachments
Hello,
Can someone please help me understand if
1. a ‘value’ of ‘1’ for BRANCH_PROTECTION covers the PAuth protection provided by a value of ‘2’ and/or ‘3’?
2. there is a way to enable BTI and “pac-ret” at the same time?
The docs provide this information.
<snip>
- ``BRANCH_PROTECTION``: Numeric value to enable ARMv8.3 Pointer Authentication
and ARMv8.5 Branch Target Identification support for TF-A BL images themselves.
If enabled, it is needed to use a compiler that supports the option
``-mbranch-protection``. Selects the branch protection features to use:
- 0: Default value turns off all types of branch protection
- 1: Enables all types of branch protection features
- 2: Return address signing to its standard level
- 3: Extend the signing to include leaf functions
The table below summarizes ``BRANCH_PROTECTION`` values, GCC compilation options
and resulting PAuth/BTI<https://tegra-sw-opengrok.nvidia.com/source/s?path=PAuth/BTI&project=stage-…> features.
+-------+--------------+-------+-----+
| Value | GCC option | PAuth | BTI |
+=======+==============+=======+=====+
| 0 | none | N | N |
+-------+--------------+-------+-----+
| 1 | standard | Y | Y |
+-------+--------------+-------+-----+
| 2 | pac-ret | Y | N |
+-------+--------------+-------+-----+
| 3 | pac-ret+leaf | Y | N |
+-------+--------------+-------+-----+
This option defaults to 0 and this is an experimental feature.
Note that Pointer Authentication is enabled for Non-secure world
irrespective of the value of this option if the CPU supports it.
<snip>
Thanks,
Varun
________________________________
This email message is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
________________________________
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hello,
>>Does BL31 need to send 0xC4000061 event to BL32 again?
I don't think it will. It is really odd that
0xC4000061(SP_EVENT_COMPLETE_AARCH64) ever reaches the BL32/MM handler.
This is from looking at the upstream code quickly but it definitely
depends on the platform you are running, what version of TF-A you are
using, build options used. Is it possible that the unhandled exception
is occurring after successful handling of the DMC620 error but there is
a following issue that occurs right after, causing the crash?
From the register dump it looks like there was an Instruction abort
exception at address 0 while running in EL3. Something seems to have
gone seriously wrong to have 0xC4000061 ever go back to BL32 and to get
an instruction abort at address 0.
>>Does current TF-A support to run RAS test? It seems BL31 will crash.
See above. The answer really depends on the factors mentioned above.
The following would be helpful to know:
1) What platform you are running on? Can this issue be reproduced
outside your testing environment, perhaps on FVP or QEMU?
2) What version of TF-A and StandaloneMM is being used? Preferably the
commit-id, so that we can be sure we are looking at the same code.
3) What version of the kernel and sdei driver is being used?
4) I can't tell from looking at the log but do you know if writing 0x123
to sde_ras_poison causes a DMC620 interrupt or an SError or external
abort through memory access ?
Thanks
Raghu
On 4/13/20 12:16 AM, 吴斌(郅隆) via TF-A wrote:
> Dear Friends,
>
> I am using TF-A to test RAS feature.
> When I triggered DMC620 RAS error in Linux(echo 0x123 >
> /sys/kernel/debug/sdei_ras_poison).
> BL32 will recieve
> UnRecognized Event - 0xC4000061(SP_EVENT_COMPLETE_AARCH64) and finally
> BL31 crashed.
>
> In my understanding, this 0xC4000061 should consumed by BL31, not send
> it to BL32 again.
>
> A piece of error log as below:
>
> *************************************
>
> CperWrite - CperAddress@0xFF610064
> CperWrite - 1 Section@FFBE91A8, Length 80, SectionType@FFBE9138
> CperWrite - Got Error Section: Platform Memory.
> MmEntryPoint Done
> Received delegated event
> X0 : 0xC4000061
> X1 : 0x0
> X2 : 0x0
> X3 : 0x0
> Received event - 0xC4000061 on cpu 0
> UnRecognized Event - 0xC4000061
> Failed delegated event 0xC4000061, Status 0x2
> Unhandled Exception in EL3.
> x30 = 0x0000000000000000
> x0 = 0x00000000ff007e00
> x1 = 0xfffffffffffffffe
> x2 = 0x00000000600003c0
> x3 = 0x0000000000000000
> x4 = 0x0000000000000000
> x5 = 0x0000000000000000
> x6 = 0x00000000ff015080
> x7 = 0x0000000000000000
> x8 = 0x00000000c4000061
> x9 = 0x0000000000000021
> x10 = 0x0000000000000040
> x11 = 0x00000000ff00f2b0
> x12 = 0x00000000ff0118c0
> x13 = 0x0000000000000002
> x14 = 0x00000000ff016b70
> x15 = 0x00000000ff003f20
> x16 = 0x0000000000000044
> x17 = 0x00000000ff010430
> x18 = 0x0000000000000e3c
> x19 = 0x0000000000000000
> More error log please refer to attachment.
>
> My question is,
> 1. Does BL31 need to send 0xC4000061 event to BL32 again?
> 2. Does current TF-A support to run RAS test? It seems BL31 will crash.
>
> Appreciate your help.
>
> BRs,
> Bin Wu
>
Dear Friends,
I am using TF-A to test RAS feature.
When I triggered DMC620 RAS error in Linux(echo 0x123 > /sys/kernel/debug/sdei_ras_poison).
BL32 will recieve UnRecognized Event - 0xC4000061(SP_EVENT_COMPLETE_AARCH64) and finally BL31 crashed.
In my understanding, this 0xC4000061 should consumed by BL31, not send it to BL32 again.
A piece of error log as below:
*************************************
CperWrite - CperAddress@0xFF610064
CperWrite - 1 Section@FFBE91A8, Length 80, SectionType@FFBE9138
CperWrite - Got Error Section: Platform Memory.
MmEntryPoint Done
Received delegated event
X0 : 0xC4000061
X1 : 0x0
X2 : 0x0
X3 : 0x0
Received event - 0xC4000061 on cpu 0
UnRecognized Event - 0xC4000061
Failed delegated event 0xC4000061, Status 0x2
Unhandled Exception in EL3.
x30 = 0x0000000000000000
x0 = 0x00000000ff007e00
x1 = 0xfffffffffffffffe
x2 = 0x00000000600003c0
x3 = 0x0000000000000000
x4 = 0x0000000000000000
x5 = 0x0000000000000000
x6 = 0x00000000ff015080
x7 = 0x0000000000000000
x8 = 0x00000000c4000061
x9 = 0x0000000000000021
x10 = 0x0000000000000040
x11 = 0x00000000ff00f2b0
x12 = 0x00000000ff0118c0
x13 = 0x0000000000000002
x14 = 0x00000000ff016b70
x15 = 0x00000000ff003f20
x16 = 0x0000000000000044
x17 = 0x00000000ff010430
x18 = 0x0000000000000e3c
x19 = 0x0000000000000000
More error log please refer to attachment.
My question is,
1. Does BL31 need to send 0xC4000061 event to BL32 again?
2. Does current TF-A support to run RAS test? It seems BL31 will crash.
Appreciate your help.
BRs,
Bin Wu
Hello,
Can someone please help clarify?
-Varun
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Varun Wadekar via TF-A
Sent: Tuesday, April 7, 2020 9:58 PM
To: tf-a(a)lists.trustedfirmware.org
Cc: Kalyani Chidambaram Vaidyanathan <kalyanic(a)nvidia.com>; Anthony Zhou <anzhou(a)nvidia.com>
Subject: [TF-A] BRANCH_PROTECTION
External email: Use caution opening links or attachments
Hello,
Can someone please help me understand if
1. a 'value' of '1' for BRANCH_PROTECTION covers the PAuth protection provided by a value of '2' and/or '3'?
2. there is a way to enable BTI and "pac-ret" at the same time?
The docs provide this information.
<snip>
- ``BRANCH_PROTECTION``: Numeric value to enable ARMv8.3 Pointer Authentication
and ARMv8.5 Branch Target Identification support for TF-A BL images themselves.
If enabled, it is needed to use a compiler that supports the option
``-mbranch-protection``. Selects the branch protection features to use:
- 0: Default value turns off all types of branch protection
- 1: Enables all types of branch protection features
- 2: Return address signing to its standard level
- 3: Extend the signing to include leaf functions
The table below summarizes ``BRANCH_PROTECTION`` values, GCC compilation options
and resulting PAuth/BTI<https://tegra-sw-opengrok.nvidia.com/source/s?path=PAuth/BTI&project=stage-…> features.
+-------+--------------+-------+-----+
| Value | GCC option | PAuth | BTI |
+=======+==============+=======+=====+
| 0 | none | N | N |
+-------+--------------+-------+-----+
| 1 | standard | Y | Y |
+-------+--------------+-------+-----+
| 2 | pac-ret | Y | N |
+-------+--------------+-------+-----+
| 3 | pac-ret+leaf | Y | N |
+-------+--------------+-------+-----+
This option defaults to 0 and this is an experimental feature.
Note that Pointer Authentication is enabled for Non-secure world
irrespective of the value of this option if the CPU supports it.
<snip>
Thanks,
Varun
________________________________
This email message is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
________________________________