- TF-A - lists.trustedfirmware.org

ZynqMP regression with NUMA_AWARE_PER_CPU changes with ENABLED_LTO : Linux runtime hang due to EL3 re-entry

by Kummari, Prasad

[AMD Official Use Only - AMD Internal Distribution Only] Hello Maintainers, We are observing a reproducible runtime regression on the ZynqMP (Cortex-A53) platform after enabling LTO (ENABLED_LTO=1) and merging the changes from the topic NUMA_AWARE_PER_CPU into our integration branch (https://github.com/ARM-software/arm-trusted-firmware/commit/7303319b3823e9e…). Summary of the issue 1. Baseline behavior * Platform: ZynqMP (Cortex-A53) * Configuration: ENABLED_LTO=1 * Without NUMA_AWARE_PER_CPU: Linux boots and runs stably * After merging NUMA_AWARE_PER_CPU, Linux boots but hangs during runtime * During the hang, CPUs are observed to unexpectedly re-enter EL3 * Re-entry into EL3 should not occur during normal Linux runtime execution and strongly suggests corruption or mismanagement of PSCI and/or per-CPU state(arm-trusted-firmware/lib/per_cpu/aarch64/per_cpu_asm.S at master * ARM-software/arm-trusted-firmware<https://github.com/ARM-software/arm-trusted-firmware/blob/master/lib/per_cp…>) * Reverting the NUMA_AWARE_PER_CPU changes restores stable Linux execution * The issue is reproducible only when NUMA_AWARE_PER_CPU is present * This clearly identifies NUMA_AWARE_PER_CPU as the regression source 2. Suspect with LTO * With NUMA_AWARE_PER_CPU enabled, LTO breaks the per-CPU base calculation * BL31 contains hand-written assembly that relies on linker-script symbols (e.g., per-CPU section boundaries) * Under LTO, symbol placement and retention are no longer guaranteed in the same way, leading to incorrect per-CPU base computation * This results in corrupted per-CPU data and subsequent erroneous PSCI suspend behavior (EL3 re-entry) 3. CPU idle dependency * The following kernel configuration options are enabled: * CONFIG_CPU_IDLE=y * CONFIG_CPU_IDLE_MULTIPLE_DRIVERS=y * CONFIG_CPU_IDLE_GOV_MENU=y * CONFIG_DT_IDLE_STATES=y * This further suggests the issue is triggered during CPU idle / suspend-resume paths, where correct per-CPU state handling is critical Based on the above: * This is specific to NUMA_AWARE_PER_CPU combined with LTO * The failure mode points to per-CPU base calculation and PSCI state corruption * Reverting NUMA_AWARE_PER_CPU fully restores stability on ZynqMP We wanted to report this issue upstream and seek guidance on: * Whether NUMA_AWARE_PER_CPU is expected to be LTO-safe on platforms relying on linker-defined per-CPU sections * Or if additional constraints / fixes are required for platforms like ZynqMP We are happy to provide further logs, configuration details, or help to fixes. Regards, Prasad Kummari

4 hours

2
6
0 0

Canceled event with note: TF-A Tech Forum @ Thu Jan 8, 2026 5pm - 6pm (GMT+1) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

This event has been canceled with a note: "Cancelling as no topic this week." TF-A Tech Forum Thursday Jan 8, 2026 ⋅ 5pm – 6pm Central European Time - Paris Location https://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34… https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9355786… Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: TF-A Tech ForumTime: May 15, 2025 02:00 PM London Every 2 weeks on Thu, 78 occurrence(s)Please download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJcocu6gqDgjEtOkyBhSQauR1sUyFwIcNKLa/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34.1Meeting ID: 935 5786 3987Passcode: 939141---One tap mobile+12532158782,,93557863987# US (Tacoma)+13017158592,,93557863987# US (Washington DC)---Dial by your location• +1 253 215 8782 US (Tacoma)• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• +1 346 248 7799 US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 689 278 1000 US• +1 719 359 4580 US• +1 253 205 0468 US• 833 548 0276 US Toll-free• 833 548 0282 US Toll-free• 833 928 4608 US Toll-free• 833 928 4609 US Toll-free• 833 928 4610 US Toll-free• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 935 5786 3987Find your local number: https://linaro-org.zoom.us/u/adoz9mILli Guests qwandor(a)google.com praan(a)google.com jeremimiller(a)google.com jagdish.gediya(a)linaro.org tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

7 hours, 37 minutes

1
0
0 0

Invitation: TF-A Tech Forum Jan 22nd 10.00am -Part II Scaling Hafnium... @ Thu Jan 22, 2026 11am - 12pm (GMT+1) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

TF-A Tech Forum Jan 22nd 10.00am -Part II Scaling Hafnium for advanced mobile OS architectures Thursday Jan 22, 2026 ⋅ 11am – 12pm Central European Time - Paris Location https://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34… https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9355786… Hi, As follow up to the last session on Nov 13th 2025 [1], a new TF-A Tech Forum session with the topic'Scaling Hafnium for advanced mobile OS architectures' will be held on Jan 22nd 2026 10.00am. Regards,Olivier. [1] https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ Scaling Hafnium for advanced mobile OS architectures - Presented by Jack Suann PDF Presentation Video Recording (Access Password: *PIs1^BD) Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: TF-A Tech ForumJoin Zoom Meetinghttps://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34.1Meeting ID: 935 5786 3987Passcode: 939141---One tap mobile+12532158782,,93557863987# US (Tacoma)+13017158592,,93557863987# US (Washington DC)---Dial by your location• +1 253 215 8782 US (Tacoma)• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• +1 346 248 7799 US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 689 278 1000 US• +1 719 359 4580 US• +1 253 205 0468 US• 833 548 0276 US Toll-free• 833 548 0282 US Toll-free• 833 928 4608 US Toll-free• 833 928 4609 US Toll-free• 833 928 4610 US Toll-free• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 935 5786 3987Find your local number: https://linaro-org.zoom.us/u/adoz9mILli Guests tf-a(a)lists.trustedfirmware.org View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=NmFoYTlsdXBjYjZj… Reply for tf-a(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=NmFoYTlsdXBjYjZj… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

7 hours, 58 minutes

1
0
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 501137: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /common/runtime_svc.c: 261 in handler_sync_exception() _____________________________________________________________________________________________ *** CID 501137: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /common/runtime_svc.c: 261 in handler_sync_exception() 255 /* advance the PC to continue after the instruction */ 256 write_ctx_reg(state, CTX_ELR_EL3, read_ctx_reg(state, CTX_ELR_EL3) + 4); 257 } /* otherwise return to the trapping instruction (repeating it) */ 258 return; 259 /* If FFH Support then try to handle lower EL EA exceptions. */ 260 } else if ((exc_class == EC_IABORT_LOWER_EL || exc_class == EC_DABORT_LOWER_EL) >>> CID 501137: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "state->ctx_regs[0U /* 0U >> 3U */] | (8UL /* 1UL << 3 */)" is always 1/true regardless of the values of its operand. This occurs as the logical second operand of "&&". 261 && (read_ctx_reg(state, CTX_SCR_EL3) | SCR_EA_BIT)) { 262 #if FFH_SUPPORT 263 /* 264 * Check for Uncontainable error type. If so, route to the 265 * platform fatal error handler rather than the generic EA one. 266 */ ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/arm-software-arm-trusted-firmware?tab=ov…

1 day, 14 hours

1
0
0 0

Re: Questions about Chain-of-Trust and RSE Connectivity

by Olivier Deprez

+ TF-A list ________________________________ From: Olivier Deprez Sent: 05 January 2026 15:11 To: Taehoon Kim <gth1919(a)adtek.co.kr> Cc: Raef Coles <Raef.Coles(a)arm.com>; Jackson Cooper-Driver <Jackson.Cooper-Driver(a)arm.com>; Nishant Sharma <Nishant.Sharma(a)arm.com>; Rohit Mathew <Rohit.Mathew(a)arm.com>; Manish Pandey2 <Manish.Pandey2(a)arm.com>; Manish Badarkhe <Manish.Badarkhe(a)arm.com> Subject: Questions about Chain-of-Trust and RSE Connectivity Hi Taehoon Kim, We seem to experience an issue with the mailing list where messages are not properly dispatched. I reproduced your initial email sent Dec 18th 2025 below and Cced relevant folks just in case. Regards, Olivier. ____________________________________________________________ Hello, I'm firmware developer for RD-V3-R1 chipset. I have developed our firmware based on Neoverse Reference Platform RD-INFRA-2025.07.03, but I have also kept an eye on the code to ensure we remain in step with the latest release. While inquiring on the TF-M forum to update the TF-M code, I also developed a query regarding the TF-A section. Re: Several Questions related to RSE Provisioning - TF-M - lists.trustedfirmware.org<https://lists.trustedfirmware.org/archives/list/tf-m@lists.trustedfirmware.…> This link includes that RSE API codes are removed in the SotA TF-A codes. I check this in the TF-A commit. https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/46314 I was already aware that this API was not used outside of test code. However, I would like to know the reason why that code was removed, beyond the simple fact that it was not being used. Is it possible that Chain-of-Trust is established in whole firmware stack from RSE ROM to AP BL33 bootloader, without RSE assist? If possible, what does TF-A rely upon as the basis for trust in establishing the Root of Trust? Our team believed that CoT was established on the premise of the RSE API, and was therefore designing to ensure the trustworthiness of the entire firmware using that code. However, we recognise that to use the latest version of the code, we must abandon that belief and design in a different manner. Before the new version of RD-INFRA is released, we intend to resolve this internally as a team. Should you feel the scope of the question extends beyond what is typically addressed in the forum, please do not hesitate to let us know. Thank you for reading this mail. Best Regard, Taehoon Kim

2 days, 5 hours

3
2
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 500810: Incorrect expression (SIZEOF_MISMATCH) /contrib/libeventlog/src/event_log.c: 394 in event_log_write_specid_event() _____________________________________________________________________________________________ *** CID 500810: Incorrect expression (SIZEOF_MISMATCH) /contrib/libeventlog/src/event_log.c: 394 in event_log_write_specid_event() 388 } 389 390 /* TCG_EfiSpecIdEvent.VendorInfo */ 391 if (vendor_info_size > 0) { 392 vendor_info_ptr = 393 (tcg_vendor_info_t >>> CID 500810: Incorrect expression (SIZEOF_MISMATCH) >>> Adding "4UL /* sizeof (id_event_algorithm_size_t) */ * algo_count" to pointer "spec_id_ptr->digest_size" of type "id_event_algorithm_size_t *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 4 bytes, of the pointed-to type, "id_event_algorithm_size_t". Most likely, the multiplication by "sizeof (id_event_algorithm_size_t)" in this expression is extraneous and should be eliminated. 394 *)(spec_id_ptr->digest_size + 395 sizeof(id_event_algorithm_size_t) * 396 algo_count); 397 398 vendor_info_ptr->vendor_info_size = vendor_info_size; 399 ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/arm-software-arm-trusted-firmware?tab=ov…

2 weeks, 6 days

1
0
0 0

Questions about Chain-of-Trust and RSE Connectivity

by 김태훈

Hello, I'm firmware developer for RD-V3-R1 chipset. I have developed our firmware based on Neoverse Reference Platform RD-INFRA-2025.07.03, but I have also kept an eye on the code to ensure we remain in step with the latest release.  While inquiring on the TF-M forum to update the TF-M code, I also developed a query regarding the TF-A section. Re: Several Questions related to RSE Provisioning - TF-M - lists.trustedfirmware.org This link includes that RSE API codes are removed in the SotA TF-A codes. I check this in the TF-A commit. https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/46314 I was already aware that this API was not used outside of test code. However, I would like to know the reason why that code was removed, beyond the simple fact that it was not being used. Is it possible that Chain-of-Trust is established in whole firmware stack from RSE ROM to AP BL33 bootloader, without RSE assist? If possible, what does TF-A rely upon as the basis for trust in establishing the Root of Trust?  Our team believed that CoT was established on the premise of the RSE API, and was therefore designing to ensure the trustworthiness of the entire firmware using that code. However, we recognise that to use the latest version of the code, we must abandon that belief and design in a different manner. Before the new version of RD-INFRA is released, we intend to resolve this internally as a team. Should you feel the scope of the question extends beyond what is typically addressed in the forum, please do not hesitate to let us know. Thank you for reading this mail. Best Regard, Taehoon Kim

3 weeks

1
0
0 0

Hafnium v2.14 LTS Major Release Announcement

by Madhukar Pappireddy

3 weeks, 2 days

1
0
0 0

[RFE] lib/el3_runtime: set NS bit if secure el2 is not implemented

by Pawandeep Oza (QUIC)

Please have a look at following patch, where on our platform we try to maintain single image of TFA (for custom CPU and Cortex A55) Cortex A55 does not have Secure EL2 implemented, while on the other hand our custom CPU has secure EL2 (and we run Hafnium there) On Cortex A55 ARM AEM model: write_icc_sre_el2(read_el2_ctx_common(ctx, icc_sre_el2)); the context was set before as u_register_t icc_sre_el2_val = ICC_SRE_DIB_BIT | ICC_SRE_DFB_BIT | ICC_SRE_EN_BIT | ICC_SRE_SRE_BIT; and setting ICC_SRE_DIB_BIT | ICC_SRE_DFB_BIT causes crash since secure EL2 is not implemented. resulting into following patch which resolves the issue. seeking feedback/discussion if I can post it to upstream TFA, let me know if I am missing something here. lib/el3_runtime: set NS bit if secure el2 is not implemented before setting icc_sre_el2 set NS bit for non-secure context so that the ICC_SRE_DIB_BIT and ICC_SRE_DFB_BIT are preserved Signed-off-by: Oza Pawandeep <quic_poza(a)quicinc.com> diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c index e31255868..5100f2f00 100644 --- a/lib/el3_runtime/aarch64/context_mgmt.c +++ b/lib/el3_runtime/aarch64/context_mgmt.c @@ -1411,7 +1411,18 @@ static void el2_sysregs_context_restore_gic(el2_sysregs_t *ctx, uint32_t securit u_register_t scr_el3 = read_scr_el3(); #if defined(SPD_spmd) && SPMD_SPM_AT_SEL2 - write_icc_sre_el2(read_el2_ctx_common(ctx, icc_sre_el2)); + if (is_feat_sel2_supported()) { + write_icc_sre_el2(read_el2_ctx_common(ctx, icc_sre_el2)); + } else { + write_scr_el3(scr_el3 | SCR_NS_BIT); + isb(); + + write_icc_sre_el2(read_el2_ctx_common(ctx, icc_sre_el2)); + + write_scr_el3(scr_el3); + isb(); + } + #else write_scr_el3(scr_el3 | SCR_NS_BIT); isb(); Regards, Oza.

3 weeks, 3 days

5
5
0 0

Trusted Firmware-A v2.14 LTS Major Release Announcement

by Bipin Ravi

Hello, This is to announce the fourth TF-A LTS branch "lts-v2.14". As per the process, this LTS branch is based on the 2nd mainline TF-A release of the year, v2.14.0. Following are the lts-v2.14 branches for the TF-A related repos. 1. trusted-firmware-a : https://git.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a.git… 2. tf-a-tests: https://git.trustedfirmware.org/plugins/gitiles/TF-A/tf-a-tests.git/+/refs/… 3. tf-a-ci-scripts: https://git.trustedfirmware.org/plugins/gitiles/ci/tf-a-ci-scripts/+/refs/h… 4. tf-a-job-configs: https://git.trustedfirmware.org/plugins/gitiles/ci/tf-a-job-configs/+/refs/… Change Log: Since the lts-v2.14 branch is based on the TF-A release v2.14.0 without any additional patches, there is no separate changelog for this first release. Thanks, TF-A LTS team

3 weeks, 5 days

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

TF-A