- TF-A - lists.trustedfirmware.org

by Julius Werner

Hi, I have a sort of generic Arm architecture question that's not directly related to TF-A (other than that TF-A controls some of the registers involved in this decision), but I'm hoping that one of the experts here can still help me out or at least refer me to someone who can. I'm trying to figure out how exception routing for SError aborts works in EL2. Specifically, I have a bootloader (BL33) running in NS-EL2 and I want the "simple" setup that it manages all its own exceptions, the same way that an OS kernel normally manages all exceptions at EL1. I assumed that I could achieve that simply by installing exception handlers, unmasking all exceptions in PSTATE, and leaving all the special trap feature bits in the MSRs at 0 (disabled). This seems to work for synchronous exceptions and external aborts, but not for SErrors. Looking at the architecture reference manual (revision L.b), table D1-14 in section D1.3.6.3 (page D1-6114), I can see that my case is represented by the first line (all special trap bits 0), which shows that SErrors caused by EL0 and EL1 would be routed to EL1 as expected (though even when PSTATE.A is 1 which seems odd?), but SErrors caused by EL2 will get ignored and remain pending (with no regard to PSTATE.A). Instead, the "default" behavior I expect (aborts get routed to the EL that caused them if PSTATE.A is 0) seems to require me to enable SCTLR_EL2.NMEA. But if you're looking at the description of SCTLR_EL2.NMEA, it says that it controls whether PSTATE.A masks SError exceptions at EL2 (and that if it is 0, SError exceptions are not taken at EL2 if PSTATE.A == 1). Doesn't that imply that SError exceptions *are* taken at EL2 if PSTATE.A == 0? What does a control that seems to be about trapping masked aborts from a lower EL have to do with unmasked aborts from my current EL? Basically, I think what I'm asking is: is that table really correct as printed (some behavior we've observed seems to indicate it is), and if so, why? Why do SError exceptions seem to behave differently by default in EL1 and EL2 (in regards to unmasked exceptions taken from the same exception level)? Why does the PSTATE.A bit only seem to apply to EL0 and EL1, not EL2 and EL3, even for exceptions taken from the same level, when this peculiarity seems to not be mentioned anywhere else in the manual? Why do SError exceptions get treated so differently from external aborts in EL2/EL3, when in EL1 they seem to mostly count as the same? Is the current description of the NMEA bit in the SCTLR_EL2 register documentation really accurate, if it also seems to make fundamental changes to cases not really mentioned in that description? Is there any way for EL2 to only handle its own SError exceptions without interfering with EL1's exception handling when FEAT_DoubleFault2 is not implemented (other than flipping HCR_EL2.AMO on every EL2 entry/exit)? And am I the only one who finds this all incredibly inconsistent and confusing? I feel like I'm missing some critical insight in how you were meant to think about this to make it make sense, would appreciate any help in that regard! Thanks, Julius

4 days, 6 hours

2
3
0 0

TF-A Tech Forum - Hafnium future looking improvements @ Thu Nov 13, 2025 11am - 12pm (UK)

by Olivier Deprez

Hi, This is a one off session for a partner to present coming improvements related to Hafnium project. Apologies for the meeting time not accommodating people in US timezones. We'll record the session and publish in the TF-A tech forum page as usual. Regards, Olivier. ________________________________ From: Google Calendar <calendar-notification(a)google.com> on behalf of Olivier Deprez via Hafnium <hafnium(a)lists.trustedfirmware.org> Sent: 07 November 2025 09:13 To: hafnium(a)lists.trustedfirmware.org <hafnium(a)lists.trustedfirmware.org> Subject: [Hafnium] Invitation: TF-A Tech Forum - Hafnium future looking improvements @ Thu Nov 13, 2025 12pm - 1pm (GMT+1) (hafnium(a)lists.trustedfirmware.org) TF-A Tech Forum - Hafnium future looking improvements Thursday Nov 13, 2025 ⋅ 12pm – 1pm Central European Time - Paris Location https://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34… https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9355786… Hi, This is a one off session for a partner to present coming improvements related to Hafnium project. Apologies for the meeting time not accommodating people in US timezones. We'll record the session and publish in the TF-A tech forum page as usual. Regards,Olivier.Trusted Firmware is inviting you to a scheduled Zoom meeting.Please download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJcocu6gqDgjEtOkyBhSQauR1sUyFwIcNKLa/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34.1Meeting ID: 935 5786 3987Passcode: 939141---One tap mobile+12532158782,,93557863987# US (Tacoma)+13017158592,,93557863987# US (Washington DC)---Dial by your location• +1 253 215 8782 US (Tacoma)• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• +1 346 248 7799 US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 689 278 1000 US• +1 719 359 4580 US• +1 253 205 0468 US• 833 548 0276 US Toll-free• 833 548 0282 US Toll-free• 833 928 4608 US Toll-free• 833 928 4609 US Toll-free• 833 928 4610 US Toll-free• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 935 5786 3987Find your local number: https://linaro-org.zoom.us/u/adoz9mILli Reply for hafnium(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=MDdmMGs0NjBkcW5q… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding -- Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org

1 week

1
1
0 0

Trusted Firmware-A LTS v2.8.40 Release Announcement

by svc_openci_enginfra＠arm.com

Hello, Trusted Firmware-A LTS version 2.8.40 is now available. This release contains the following patches: af828443d fix(spm-mm): prevent excessive racing [1] c1c4d7d5d fix(security): remove CVE_2022_23960 Cortex-A720 [2] 7d6831115 fix(security): remove CVE_2022_23960 Neoverse V3 [3] 373b22562 fix(security): remove CVE_2022_23960 Cortex-X4 [4] [1] https://review.trustedfirmware.org/q/I0861d04ed95437e4ca9f203d9e79a6296b1ea… [2] https://review.trustedfirmware.org/q/I3c68b5f5d85ede37a6a039369de8ed2aa9205… [3] https://review.trustedfirmware.org/q/I13b27c04c3da5ec80fa79422b4ef4fee64738… [4] https://review.trustedfirmware.org/q/I23f5fa748377a920340b3c5a6584ccfadeea9… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.8.40/change-log.html Thanks, TF-A LTS team

1 week, 2 days

1
0
0 0

Trusted Firmware-A LTS v2.10.26 Release Announcement

by svc_openci_enginfra＠arm.com

Hello, Trusted Firmware-A LTS version 2.10.26 is now available. This release contains the following patches: abea08e8c fix(spm-mm): prevent excessive racing [1] 91edc92e9 fix(security): fix spectre bhb loop count for Cortex-A720 [2] d12e9ecf2 fix(security): fix Cortex-A715 CVE-2022-23960 [3] f360aa51d fix(security): fix Cortex-X3 CVE-2022-23960 [4] 8ee12c187 fix(security): fix Neoverse V2 CVE-2022-23960 [5] d30e468b3 fix(security): remove CVE_2022_23960 Cortex-X4 [6] 96e666d6b fix(security): remove CVE_2022_23960 Neoverse V3 [7] a483d67c7 fix(security): remove CVE_2022_23960 Cortex-A720 [8] 07a6a7a9c refactor(cpufeat): rework check_feature() [9] 3eaacdf0c fix(security): add clrbhb support [10] f973eca20 fix(cpus): workaround for Cortex-A715 erratum 2409570 [11] f70c757d8 fix(cpus): workaround for Cortex-A715 erratum 2376701 [12] bb5add11c fix(cpus): workaround for Cortex-A715 erratum 3711916 [13] 7486be6bf build(deps): bump js-yaml in the dev-deps group across 1 directory [14] [1] https://review.trustedfirmware.org/q/I0861d04ed95437e4ca9f203d9e79a6296b1ea… [2] https://review.trustedfirmware.org/q/Ib6862dbed55e5ffcd0fcd58b45a88cf925c54… [3] https://review.trustedfirmware.org/q/Ib6b704733e474824772cb27bd048b1e179d90… [4] https://review.trustedfirmware.org/q/I3d46fa70c80129ca0085d8245ee013f11a884… [5] https://review.trustedfirmware.org/q/I859012281fc67243f050d27e364f27434389c… [6] https://review.trustedfirmware.org/q/I23f5fa748377a920340b3c5a6584ccfadeea9… [7] https://review.trustedfirmware.org/q/I13b27c04c3da5ec80fa79422b4ef4fee64738… [8] https://review.trustedfirmware.org/q/I3c68b5f5d85ede37a6a039369de8ed2aa9205… [9] https://review.trustedfirmware.org/q/Idb182b0dd2aa77a0a5c5a349fe79a42fe1256… [10] https://review.trustedfirmware.org/q/Ie6e56e96378503456a1617d5e5d51bc64c2e0… [11] https://review.trustedfirmware.org/q/Id9429831525b842779d7b7e60f103c93be4ac… [12] https://review.trustedfirmware.org/q/Idcd2a07d269d55534dc5faa59c454d37426f2… [13] https://review.trustedfirmware.org/q/Iad149a2c02a804b3f4f0f2f5b89e866675cb4… [14] https://review.trustedfirmware.org/q/Ibec1d8a3c6620daeb0e663cfab929bca7bba8… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.10.26/change-log.html Thanks, TF-A LTS team

1 week, 2 days

1
0
0 0

Changelog for v2.14 Release

by Arvind Ram Prakash

Hello Everyone, Please take a look at the changelog for your respective platforms ahead of the TF-A v2.14 release. The changelog is autogenerated from the commit messages of the patches that have been merged since the v2.13 release. Here's your chance to give us guidance on any small manual adjustments you would like to see. Patch: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/45309 Rendered Version: https://ci.trustedfirmware.org/job/tf-a-builder/890858/artifact/artefacts/r… Thanks, Arvind

1 week, 3 days

1
0
0 0

AI Policy - Guidance on AI-assisted contributions

by Shaun Longhorn

All, Please be aware that today we have published our AI policy with Guidance on AI-assisted contributions. See the full details here: https://www.trustedfirmware.org/aipolicy/ Should you have any questions feel free to raise them. Thanks, Shaun Community Manager

1 week, 3 days

1
0
0 0

Firmware-A v2.12 release code freeze notification

by Govindraj Raja

Hi All, The next release of the Firmware-A bundle of projects tagged v2.12 has an expected code freeze date of Nov, 8th 2024. Refer to the release cadence section from TF-A documentation (https://trustedfirmware-a.readthedocs.io/en/latest/about/release-informatio…). Closing out the release takes around 6-10 working days after the code freeze. v2.12 release preparation tasks start from now. We want to ensure that planned feature patches for the release are submitted in good time for the review process to conclude. As a kind recommendation and a matter of sharing CI resources, please launch CI jobs with care e.g.: -For simple platform, docs changes, or one liners, use Allow-CI+1 label (no need for a full Allow-CI+2 run). -For large patch stacks use Allow-CI+2 at top of the patch stack (and if required few individual Allow+CI+1 labels in the middle of the patch stack). -Carefully analyze results and fix the change if required, before launching new jobs on the same change. -If after issuing a Allow-CI+1 or Allow-CI+2 label a Build start notice is not added as a gerrit comment on the patch right away please be patient as under heavy load CI jobs can be queued and in extreme conditions it can be over an hour before the Build start notice is issued. Issuing another Allow-CI+1 or Allow-CI+2 label will just result in an additional job being queued. -- Thanks, Govindraj R

1 week, 5 days

2
2
0 0

Re: Question about SPM-MM SMC function ids

by Olivier Deprez

Hi, This issue was raised long time ago but unfortunately never got fixed/merged. It may be ok restoring the change and progress it: Https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/11002<https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/11002> Https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.…<https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.…> https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.… On a related note, I hope you saw the deprecation notice: https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.… Regards, Olivier. ________________________________ From: Sureshkumar Ponnusamy <sponnusamy(a)microsoft.com> Sent: 11 November 2025 05:46 To: David Daney <daviddaney(a)microsoft.com>; tf-a-owner(a)lists.trustedfirmware.org <tf-a-owner(a)lists.trustedfirmware.org> Cc: Giri Mudusuru <girimudusuru(a)microsoft.com>; Kun Qin <Kun.Qin(a)microsoft.com> Subject: RE: Question about SPM-MM SMC function ids Yes, the problem is in comparing logic and masks used. From: David Daney <daviddaney(a)microsoft.com> Sent: Monday, November 10, 2025 7:38 PM To: Sureshkumar Ponnusamy <sponnusamy(a)microsoft.com>; tf-a-owner(a)lists.trustedfirmware.org Cc: Giri Mudusuru <girimudusuru(a)microsoft.com>; Kun Qin <Kun.Qin(a)microsoft.com> Subject: Re: Question about SPM-MM SMC function ids According to the DEN0060A specification the only values used are: MM_VERSION: 0x8400 0040 MM_COMMUNICATE: 0x8400 0041/0xC400 0041 These don't overlap with the TRNG function IDs defined in DEN0098 David. ________________________________ From: Sureshkumar Ponnusamy <sponnusamy(a)microsoft.com<mailto:sponnusamy@microsoft.com>> Sent: Monday, November 10, 2025 7:32 PM To: tf-a-owner(a)lists.trustedfirmware.org<mailto:tf-a-owner@lists.trustedfirmware.org> <tf-a-owner(a)lists.trustedfirmware.org<mailto:tf-a-owner@lists.trustedfirmware.org>> Cc: Giri Mudusuru <girimudusuru(a)microsoft.com<mailto:girimudusuru@microsoft.com>>; David Daney <daviddaney(a)microsoft.com<mailto:daviddaney@microsoft.com>>; Kun Qin <Kun.Qin(a)microsoft.com<mailto:Kun.Qin@microsoft.com>> Subject: Question about SPM-MM SMC function ids Hi Manish, Levi Yun , TF-A community , I am facing an issue when enabling SPM-MM feature and it looks like there is a minor issue with the SMC ID range check. When SPM-MM is enabled, I cannot use the TRNG SMC services. /* These macros are used to identify SPM-MM calls using the SMC function ID */ #define SPM_MM_FID_MASK U(0xffff) #define SPM_MM_FID_MIN_VALUE U(0x40) #define SPM_MM_FID_MAX_VALUE U(0x7f) #define is_spm_mm_fid(_fid) \ ((((_fid) & SPM_MM_FID_MASK) >= SPM_MM_FID_MIN_VALUE) && \ (((_fid) & SPM_MM_FID_MASK) <= SPM_MM_FID_MAX_VALUE)) Here, the SPM-MM SMC ID range spans from 0x40 to 0x7F, which overlaps with the TRNG SMC service IDs: /* SMC function IDs for TRNG queries */ #define ARM_TRNG_VERSION U(0x84000050) #define ARM_TRNG_FEATURES U(0x84000051) #define ARM_TRNG_GET_UUID U(0x84000052) #define ARM_TRNG_RND32 U(0x84000053) #define ARM_TRNG_RND64 U(0xC4000053) Could you please clarify the rationale behind including the TRNG SMC IDs within the SPM-MM ID range? If this overlap was unintentional, we have to fix it. Looking forward to your insights and feedback on this matter. Thanks Suresh

1 week, 5 days

2
1
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 2 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 493664: Control flow issues (DEADCODE) /lib/libc/strtoull.c: 106 in strtoull() _____________________________________________________________________________________________ *** CID 493664: Control flow issues (DEADCODE) /lib/libc/strtoull.c: 106 in strtoull() 100 else { 101 #ifdef __aarch64__ 102 uint128_t extended = (uint128_t)acc * (unsigned)base; 103 extended += (unsigned)c; 104 105 if (extended > ULLONG_MAX) { >>> CID 493664: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "any = -1;". 106 any = -1; 107 } else { 108 acc = (unsigned long long)extended; 109 any = 1; 110 } 111 #else ** CID 493663: Control flow issues (DEADCODE) /lib/libc/strtoul.c: 105 in strtoul() _____________________________________________________________________________________________ *** CID 493663: Control flow issues (DEADCODE) /lib/libc/strtoul.c: 105 in strtoul() 99 any = -1; 100 else { 101 extended = (unsigned long long)acc * (unsigned)base; 102 extended += (unsigned)c; 103 104 if (extended > (unsigned long long)ULONG_MAX) { >>> CID 493663: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "any = -1;". 105 any = -1; 106 } else { 107 acc = (unsigned long)extended; 108 any = 1; 109 } 110 } ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/arm-software-arm-trusted-firmware?tab=ov…

1 week, 6 days

1
0
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 493457: Control flow issues (UNREACHABLE) /plat/arm/board/fvp/fvp_spmd_logical_sp.c: 37 in fvp_get_partition_info() _____________________________________________________________________________________________ *** CID 493457: Control flow issues (UNREACHABLE) /plat/arm/board/fvp/fvp_spmd_logical_sp.c: 37 in fvp_get_partition_info() 31 * SPM. 32 * 33 * TODO: Integrate this helper function for a new anticipated feature. 34 */ 35 return; 36 >>> CID 493457: Control flow issues (UNREACHABLE) >>> This code cannot be reached: "struct ffa_value ret = {0UL};". 37 struct ffa_value ret = { 0 }; 38 uint32_t target_uuid[4] = { 0 }; 39 static struct ffa_partition_info_v1_1 40 part_info[SPMD_LP_MAX_SUPPORTED_SP] = { 0 }; 41 42 uint16_t num_partitions = 0; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/arm-software-arm-trusted-firmware?tab=ov…

2 weeks, 2 days

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-A