Clock and power management in ATF, preemption issue.
I have seen that multiple Vendors are using arm scmi protocol to do clock management in bl31[0][1].
The problem with such implementations is any long running SCMI operations (like PLL locking for example)
will hold the core in EL3 for extended period of time, adding to latency of NS EL1 interrupt handling
as ATF is not preemptible.
This problem can be solved by making ATF preemptible, similar to how OP-TEE does it by
by implementing a remote procedural call after it receives a interrupt.
[2]How Linux does SMC call with YIELD flag enabled.
[3]How OP-TEE handles the timer interrupt
[4]How Linux receives an interrupt which came in EL3->SEL1
As quoted in exception Handling document in ATF docs[5]
"Receive exceptions, but handle part of the exception in EL3, and delegate processing of
the error to dedicated software stack running at lower secure ELs (as above); additionally,
the Normal world may also be required to participate in the handling,
or be notified of such events (for example, as an event).
In this scheme, exception handling potentially and maximally spans all
ELs in both Secure and Normal worlds."
From this we can understand that we can delegate the exception to EL1 if we are already in EL3.
(way to preempt)
We are aware that ARM v8.4-A onwards arch are having a SEL2 level with which we can run a vendor specific firmware
parallel to TEE at SEL1 in a secure partition. But how we do handle clock and power management
for version which doesn't support SEL2?
We don't want to put it in TEE as it will constraint our devices to that
specific TEE.
I am starting to work on a proposal to make ATF preemptible similar to how OP-TEE is doing it.
a)Will the similar approach from OP-TEE if implemented and working be
accepted by ATF upstream?
The SMC call with YIELD option will only be preemtible so will not
affect the normal flow.
b)As quoted in Trusted Firmware-A Document[6] Page 94,
"Yielding calls are reserved exclusively for Trusted OS providers"
"Yielding 0- 1 Reserved for existing Armv7-A calls
Yielding 2-63 Trusted OS Standard Calls"
Can this range be consumed within ATF/bl31 firmware or is it necessary to forward all yielding calls to Trusted OS?
[0]https://github.com/ARM-software/arm-trusted-firmware/blob/master/plat/st/…
[1]https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/21840
[2]https://elixir.bootlin.com/linux/v6.9-rc3/source/drivers/tee/optee/smc_ab…
[3]https://github.com/OP-TEE/optee_os/blob/fc57019cb35c8c1bad66fc6d814ace5de…
[4]https://elixir.bootlin.com/linux/v6.9-rc3/source/drivers/tee/optee/smc_ab…
[5]https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/com…
[6]https://trustedfirmware-a.readthedocs.io/_/downloads/en/latest/pdf/
Regards,
Kamlesh
Hi ,
There is a contradiction present in TF-A documentation whether secure interrupts can be handled in EL3 for arm gic v2 case .
1.
Referring https://trustedfirmware-a.readthedocs.io/en/latest/design/interrupt-framewo…
It says secure interrupts can't be handled in EL3 .
Refer statement : "In Arm GICv2, all secure interrupts are assumed to be handled in Secure-EL1. They can be delivered to Secure-EL1 via EL3 but they cannot be handled in EL3."
2.
Referring https://trustedfirmware-a.readthedocs.io/en/latest/components/platform-inte…
It says secure interrupts can be handled in EL3 , When GICV2_G0_FOR_EL3 is 1 .
Refer below statements :
For interrupt type INTR_TYPE_EL3:
When GICV2_G0_FOR_EL3 is 0, it returns false, indicating no support for EL3 interrupts.
When GICV2_G0_FOR_EL3 is 1, it returns true, indicating support for EL3 interrupts.
can this be clarified ?
Regards
Amit
This event has been canceled with a note:
"Hi, Cancelling as no topic proposed this week. Thanks & Regards, Olivier. "
TF-A Tech Forum
Thursday May 16, 2024 ⋅ 5pm – 6pm
Central European Time - Paris
We run an open technical forum call for anyone to participate and it is not
restricted to Trusted Firmware project members. It will operate under the
guidance of the TF TSC. Feel free to forward this invite to colleagues.
Invites are via the TF-A mailing list and also published on the Trusted
Firmware website. Details are here:
https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted
Firmware is inviting you to a scheduled Zoom meeting.Join Zoom
Meetinghttps://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvdU84QT09
One tap mobile+16465588656,,9159704974# US (New
York)+16699009128,,9159704974# US (San Jose)Dial by your location +1
646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877
853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970
4974Find your local number: https://zoom.us/u/ad27hc6t7h
Guests
marek.bykowski(a)gmail.com
okash.khawaja(a)gmail.com
tf-a(a)lists.trustedfirmware.org
~~//~~
Invitation from Google Calendar: https://calendar.google.com/calendar/
You are receiving this email because you are an attendee on the event. To
stop receiving future updates for this event, decline this event.
Forwarding this invitation could allow any recipient to send a response to
the organizer, be added to the guest list, invite others regardless of
their own invitation status, or modify your RSVP.
Learn more https://support.google.com/calendar/answer/37135#forwarding
Hi All,
The next release of the Firmware-A bundle of projects tagged v2.10 has an expected code freeze date of Nov, 7th 2023.
Refer to the Release Cadence section from TF-A documentation (https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/about…).
Closing out the release takes around 6-10 working days after the code freeze.
Preparations tasks for v2.10 release should start in coming month.
We want to ensure that planned feature patches for the release are submitted in good time for the review process to conclude. As a kind recommendation and a matter of sharing CI resources, please launch CI jobs with care e.g.:
-For simple platform, docs changes, or one liners, use Allow-CI+1 label (no need for a full Allow-CI+2 run).
-For large patch stacks use Allow-CI+2 at top of the patch stack (and if required few individual Allow+CI+1 in the middle of the patch stack).
-Carefully analyze results and fix the change if required, before launching new jobs on the same change.
-If after issuing a Allow-CI+1 or Allow-CI+2 label a Build start notice is not added as a gerrit comment on the patch right away please be patient as under heavy load CI jobs can be queued and in extreme conditions it can be over an hour before the Build start notice is issued. Issuing another Allow-CI+1 or Allow-CI+2 label will just result in an additional job being queued.
Thanks & Regards,
Olivier.
Hi,
Referring https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/getti…
it says : ``FAULT_INJECTION_SUPPORT``: ARMv8.4 extensions introduced support for fault injection from lower Els.
Referring https://github.com/ARM-software/arm-trusted-firmware/blob/master/lib/el3_ru…
FAULT_INJECTION_SUPPORT enables FIEN bit.
#if FAULT_INJECTION_SUPPORT
/* Enable fault injection from lower ELs */
scr_el3 |= SCR_FIEN_BIT;
#endif
Question :
1.
Do we have any relevant documentation from arm which specifies FIEN bit can be enabled from armv8.4 ?
2.
In cortex a-53 technical reference manual, SCR_EL3 does not have FIEN bit , bit 21 is marked reserved .
In cortex a-78 technical reference manual , manual does not have details for SCR_EL3 .
I want to know whether on Armv8.2-a based cores like cortex a-78 , is the FIEN bit field marked reserved in SCR_EL3 register or is available functionality wise as in armv8.4 ?
Please help with above query.
Regards
Amit
Hi,
Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan.
2 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan.
14 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 425813: Memory - corruptions (OVERRUN)
/drivers/arm/css/dsu/dsu.c: 133 in cluster_on_dsu_pmu_context_restore()
________________________________________________________________________________________________________
*** CID 425813: Memory - corruptions (OVERRUN)
/drivers/arm/css/dsu/dsu.c: 133 in cluster_on_dsu_pmu_context_restore()
127 void cluster_on_dsu_pmu_context_restore(void)
128 {
129 unsigned int cluster_pos;
130
131 cluster_pos = (unsigned int) plat_cluster_id_by_mpidr(read_mpidr_el1());
132
>>> CID 425813: Memory - corruptions (OVERRUN)
>>> "&cluster_pmu_context[cluster_pos]" evaluates to an address that is at byte offset 138720 of an array of 544 bytes.
133 restore_dsu_pmu_state(&cluster_pmu_context[cluster_pos]);
** CID 425812: Memory - corruptions (OVERRUN)
/drivers/arm/css/dsu/dsu.c: 81 in cluster_off_dsu_pmu_context_save()
________________________________________________________________________________________________________
*** CID 425812: Memory - corruptions (OVERRUN)
/drivers/arm/css/dsu/dsu.c: 81 in cluster_off_dsu_pmu_context_save()
75 void cluster_off_dsu_pmu_context_save(void)
76 {
77 unsigned int cluster_pos;
78
79 cluster_pos = (unsigned int) plat_cluster_id_by_mpidr(read_mpidr_el1());
80
>>> CID 425812: Memory - corruptions (OVERRUN)
>>> "&cluster_pmu_context[cluster_pos]" evaluates to an address that is at byte offset 138720 of an array of 544 bytes.
81 save_dsu_pmu_state(&cluster_pmu_context[cluster_pos]);
82 }
83
84 /*****************************************************************************
85 * This function, restore_dsu_pmu_state, restores the state of the
86 * Performance Monitoring Unit (PMU) from a previously saved state.
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…
Hi,
Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan.
1 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan.
8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 425810: High impact quality (WRITE_CONST_FIELD)
/plat/nxp/s32/s32g274ardb2/plat_console.c: 17 in console_s32g2_register()
________________________________________________________________________________________________________
*** CID 425810: High impact quality (WRITE_CONST_FIELD)
/plat/nxp/s32/s32g274ardb2/plat_console.c: 17 in console_s32g2_register()
11
12 void console_s32g2_register(void)
13 {
14 static console_t s32g2_console;
15 int ret;
16
>>> CID 425810: High impact quality (WRITE_CONST_FIELD)
>>> A write to an aggregate overwrites a const-qualified field within the aggregate.
17 (void)memset(&s32g2_console, 0, sizeof(s32g2_console));
18
19 ret = console_linflex_register(UART_BASE, UART_CLOCK_HZ,
20 UART_BAUDRATE, &s32g2_console);
21 if (ret == 0) {
22 panic();
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…