- TF-A - lists.trustedfirmware.org

by Olivier Deprez

Hi, In the TF-A Tech Forum today Feb, 22nd 4.00pm BST, Harrison Mutai and Manish Pandey will present the Firmware hand-off framework: The presentation will address the firmware handoff framework’s objectives, key concepts, progress on FVP platform support, and plans for wider adoption across other firmware components and Arm platforms. Regards, Olivier. TF-A Tech Forum Thursday Feb 22, 2024 ⋅ 5pm – 6pm Central European Time - Paris We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   Guests tf-a(a)lists.trustedfirmware.org marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com

2 years, 1 month

1
0
0 0

Re: Request for help

by baopeng (A)

Hi Olivier Deprez, We have developed code based on the SPM_MM framework and do not want to reconstruct the code. However, we want to adapt the code to the SPMD framework. What should we do? ________________________________ Hi Baopeng, SPM_MM is the legacy implementation for a secure partition manager relying on the MM protocol. This implementation gets deprecated in favor of FF-A based implementations (what you refer to as SPMD + SPMC). Both implementations aren't compatible and it is discouraged to attempt co-locating both. It may be more palatable and future proof to transition all your SW stack to be compliant to FF-A standard. We may help you better if you tell a bit more about the reason for mixing both implementations in the same build. Regards, Olivier. ________________________________ From: baopeng (A) baopeng1(a)huawei.com<mailto:baopeng1@huawei.com> Sent: 20 February 2024 02:19 To: tf-a-owner(a)lists.trustedfirmware.org tf-a-owner(a)lists.trustedfirmware.org<mailto:tf-a-owner@lists.trustedfirmware.org> Subject: Request for help Dear Sir/ Madam, we need to support the simultaneous loading of SPMD and SPM_MM due to project reasons. However, we notice that the makefile of SPM_MM of ATF does not support the simultaneous loading of SPMD and SPM_MM by default. I would like to ask what is the main reason for making the current restrictions?

2 years, 1 month

2
1
0 0

Purpose of ENABLE_PIE in TF-A without ASLR

by Igor Zhbanov

Hello, I'm trying to understand the purpose of ENABLE_PIE build flag. IIUC, it makes the BL* executables position-independent. But I could not find any ASLR or some other addresses randomization support. Therefore, could you please clarify, what is the point of building position-independent parts, if (most of the time?) they will be loaded at the fixed addresses? Thank you.

2 years, 1 month

2
1
0 0

Re: Request for help

by Olivier Deprez

Hi Baopeng, SPM_MM is the legacy implementation for a secure partition manager relying on the MM protocol. This implementation gets deprecated in favor of FF-A based implementations (what you refer to as SPMD + SPMC). Both implementations aren't compatible and it is discouraged to attempt co-locating both. It may be more palatable and future proof to transition all your SW stack to be compliant to FF-A standard. We may help you better if you tell a bit more about the reason for mixing both implementations in the same build. Regards, Olivier. ________________________________ From: baopeng (A) <baopeng1(a)huawei.com> Sent: 20 February 2024 02:19 To: tf-a-owner(a)lists.trustedfirmware.org <tf-a-owner(a)lists.trustedfirmware.org> Subject: Request for help Dear Sir/ Madam, we need to support the simultaneous loading of SPMD and SPM_MM due to project reasons. However, we notice that the makefile of SPM_MM of ATF does not support the simultaneous loading of SPMD and SPM_MM by default. I would like to ask what is the main reason for making the current restrictions?

2 years, 1 month

1
0
0 0

Trusted Firmware-A LTS v2.10.2 Release Announcement

by Varun Wadekar

Hello, We are happy to announce the first release for the LTS v2.10 program. The code is available on the lts-v2.10 branch (https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/log/?h=lts-v2.10) and the latest tag is lts-v2.10.2. This release consists of two minor releases due to last minute defect fixes in lts-v2.10.1. The changelog for both the minor releases is pasted below for quick reference and the complete documentation is now available at https://trustedfirmware-a.readthedocs.io/en/lts-v2.10.2/change-log.html. ========================================================= Trusted Firmware-A LTS version 2.10.1 contains the following patches. 402b9a9c0 fix(cpus): workaround for Cortex-X3 erratum 2779509 [1] 25cf2844b fix(cpus): workaround for Neoverse V1 erratum 2348377 [2] 6becda5d1 fix(cpus): workaround for Cortex-A78C erratum 2743232 [3] d36d16751 fix(cpus): workaround for Neoverse V2 erratum 2662553 [4] 9cec5496d feat(security): add support for SLS mitigation [5] f9405375a fix(errata): check for SCU before accessing DSU [6] b7591e16f fix(rk3328): apply ERRATA_A53_1530924 erratum [7] f98185e1e fix(cpus): workaround for Neoverse V2 erratum 2618597 [8] b98d0b2ed docs: fix errata in RMM-EL3 Communication Interface documentation [9] bdedd844c fix(sgi): apply workarounds for N2 CPU erratum [10] e27b8ecc7 fix(cpus): workaround for Cortex-A710 erratum 2778471 [11] b312fa066 fix(cpus): workaround for Cortex-X2 erratum 2778471 [12] 4a9ed7a29 fix(cpus): workaround for Cortex-A520 erratum 2630792 [13] 0685a91fd fix(errata): add Cortex-A520 definitions [14] 8d45e30a7 fix(cpus): workaround for Cortex-A520 erratum 2858100 [15] 4f5ce871f feat(versal): enable errata management feature [16] 88a8cd0e5 fix(cpus): workaround for Cortex X3 erratum 2743088 [17] 744f07ae7 fix(cpus): workaround for Cortex-X3 erratum 2302506 [18] 7c227dc44 fix(cpus): workaround for Cortex-X3 erratum 2266875 [19] 0e5e99476 fix(cpus): workaround for Cortex-A78C erratum 2683027 [20] 35d133415 docs(security): security advisory for CVE-2023-49100 [21] 84fcd0429 fix(cpus): workaround for Cortex X3 erratum 2641945 [22] 5c972dfdf feat(spmd): initialize SCR_EL3.EEL2 bit at RESET [23] 2624951d2 fix(cpus): workaround for Cortex-A715 erratum 2561034 [24] [1] https://review.trustedfirmware.org/q/Id92dbae6f1f313b133ffaa018fbf9c078da55… [2] https://review.trustedfirmware.org/q/Ica402494f78811c85e56a262e1f60b0991516… [3] https://review.trustedfirmware.org/q/Ic62579c2dd69b7a8cbbeaa936f45b2cc94364… [4] https://review.trustedfirmware.org/q/I3bc43e7299c17db8a6771a547515ffb2a172f… [5] https://review.trustedfirmware.org/q/I59f5963c22431571f5aebe7e0c5642b32362f… [6] https://review.trustedfirmware.org/q/I38cee6085d6e49ba23de95b3de08bc98798ab… [7] https://review.trustedfirmware.org/q/Ib4130fd9d4cd16b12322f44e91196607fcb6b… [8] https://review.trustedfirmware.org/q/I23a81275d1e40cae39e6897093d6cdd3e11c0… [9] https://review.trustedfirmware.org/q/I6d6b7ff084cc731470e873cfdf37beeec0d36… [10] https://review.trustedfirmware.org/q/Ib0240f56813a913309e5a6a1902e2990979e9… [11] https://review.trustedfirmware.org/q/Id3bb4a2673e41ff237682e46784d37752daf2… [12] https://review.trustedfirmware.org/q/Ia95f0e276482283bf50e06c58c2bc5faab3f6… [13] https://review.trustedfirmware.org/q/Idb6f32f680ee1378a57c2d2f809ea847fffe5… [14] https://review.trustedfirmware.org/q/I45153a1aa2d6dace38650268a32106f5201f4… [15] https://review.trustedfirmware.org/q/I5a07163f919352583b03328abd5659bf7b268… [16] https://review.trustedfirmware.org/q/I54cda23d699abc0782f44172c28933f5cbb01… [17] https://review.trustedfirmware.org/q/I2c8577e3ca0781af8b1c3912e577d3bd77f92… [18] https://review.trustedfirmware.org/q/I048b830867915b88afa36582c6da05734a56d… [19] https://review.trustedfirmware.org/q/I9c610777e222f57f520d223bb03fc5ad05af1… [20] https://review.trustedfirmware.org/q/I2bf9e675f48b62b4cd203100f7df40f4846aa… [21] https://review.trustedfirmware.org/q/I13fa93a65e5017dae6c837e88cd80bda72d4c… [22] https://review.trustedfirmware.org/q/Ia6d6ac8a66936c63b8aa8d7698b937f42ba8f… [23] https://review.trustedfirmware.org/q/If8b2bdbb19bc65391a33dd34cc9824a0203ae… [24] https://review.trustedfirmware.org/q/I377f250a2994b6ced3ac7d93f947af6ceb690… Trusted Firmware-A LTS version 2.10.2 contains the following patches. 822bfa39c fix(build): move comment for VERSION_PATCH [1] 7bccacdde fix(build): properly manage versions in .versionrc.js [2] e8e5c7759 fix(build): update versions [3] [1] https://review.trustedfirmware.org/q/I4008ccbccd512edf33f67c645b38937ad1af9… [2] https://review.trustedfirmware.org/q/I612338fd2896f3fe614f23d14f56d58d43318… [3] https://review.trustedfirmware.org/q/Ia80bd4b28fbb7402f4ae139512fcd176bad05… Thanks, TF-A LTS team

2 years, 1 month

1
0
0 0

Trusted Firmware-A LTS v2.8.16 Release Announcement

by Varun Wadekar

Hello, Trusted Firmware-A LTS version 2.8.16 is now available. This release contains the following patches. e80174ea9 fix(cpus): workaround for Cortex X3 erratum 2641945 [1] a3cd44292 fix(cpus): workaround for Cortex-A715 erratum 2561034 [2] [1] https://review.trustedfirmware.org/q/Ia6d6ac8a66936c63b8aa8d7698b937f42ba8f… [2] https://review.trustedfirmware.org/q/I377f250a2994b6ced3ac7d93f947af6ceb690… Thanks, TF-A LTS team

2 years, 1 month

1
0
0 0

Canceled event with note: TF-A Tech Forum @ Thu Feb 8, 2024 5pm - 6pm (GMT+1) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

This event has been canceled with a note: "Hi, Cancelling as no topic planned. Regards, Olivier." TF-A Tech Forum Thursday Feb 8, 2024 ⋅ 5pm – 6pm Central European Time - Paris We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 years, 1 month

1
0
0 0

MMIO with pre/post indexing instructions

by ff

Hi, I am using hypervisors to allow execution of EL3 code directly and had to deal with MMIO caused by instructions that have post-indexing parameters. Xen community had to deal with this in 2022: https://www.mail-archive.com/xen-devel@lists.xenproject.org/msg113335.html This does not cause any trouble and have implemented ways to deal with this expeditiously. Yet, I wonder if it is desirable to from a synchronisation perspective? Cheers FF Compiling TFA 2.10 for PLAT=a80x0_mcbin The following line https://elixir.bootlin.com/arm-trusted-firmware/v2.10.0/source/drivers/marv… Is compiled as: win_reg = mmio_read_32(AMB_WIN_CR_OFFSET(win_id)); 4026d9c: f9470260 ldr x0, [x19, #3584] 4026da0: 9100e002 add x2, x0, #0x38 4026da4: b9400001 ldr w1, [x0] win_reg &= ~WIN_ENABLE_BIT; 4026da8: 121f7821 and w1, w1, #0xfffffffe *(volatile uint32_t*)addr = value; // post-indexing 4026dac: b8008401 str w1, [x0], #8 #gcc --version gcc (Ubuntu 10.3.0-1ubuntu1) 10.3.0 Copyright (C) 2020 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. #objdump --version GNU objdump (GNU Binutils for Ubuntu) 2.36.1 Copyright (C) 2021 Free Software Foundation, Inc. This program is free software; you may redistribute it under the terms of the GNU General Public License version 3 or (at your option) any later version. This program has absolutely no warranty. #I can’t get access to latests compiler and binutils versions to overcome # « ../.. array subscript 0 is outside array bounds of ‘volatile void[0] » # « ../.. has a LOAD segment with RWX permissions » # so I don’t know if this behaviour is changed when using this latests toolchain

2 years, 1 month

2
5
0 0

Handling of normal world interrupts with BL31 PSCI handler

by caleb.ethridge＠analog.com

Hello, If normal world interrupts are received while invoking TF-A's PSCI reset handler, we have observed that the reset can be aborted. In TF-A's PSCI reset handler, a call out to OP-TEE is made before performing the platform-specific reset: https://github.com/ARM-software/arm-trusted-firmware/blob/master/lib/psci/p… https://github.com/ARM-software/arm-trusted-firmware/blob/master/services/s… When OP-TEE is entered, it is possible to receive foreign (normal world) interrupts, which invokes the procedure described here: https://optee.readthedocs.io/en/3.16.0/architecture/core.html#deliver-non-s… When the SMC call is aborted as described above, this results in the reboot failing. Linux does not retry the PSCI reset (https://github.com/torvalds/linux/blob/master/drivers/firmware/psci/psci.c#…). This makes sense because it is not expecting the SMC call to fail (it expected to make an uninterruptable SMC call into the secure monitor, not a call into OP-TEE). If OP-TEE itself is setup to handle PSCI reset calls, it also handles them in (uninterruptable) SMC context: https://github.com/OP-TEE/optee_os/blob/master/core/arch/arm/sm/psci.c#L140 https://github.com/OP-TEE/optee_os/blob/master/core/arch/arm/sm/sm_a32.S#L96 Based on this, we see two possible solutions: a) Masking the non-secure interrupts in BL31 while we are doing a reset b) Removing the call to OPTEE in the reset handler so that we never leave the SMC context Which option do you suggest? Or are we missing an important detail here? Thanks, Caleb

2 years, 1 month

6
11
0 0

All if...else if constructs shall be terminated with an else statement.

by Nithin G

Hello, In the file /lib/el3_runtime/aarch64/context_mgmt.c. getting misra_c_2012_rule_15_7_violation: No non-empty terminating "else" statement. during the Coverity MISRA-C analysis. void cm_prepare_el3_exit(uint32_t security_state) { u_register_t sctlr_elx, scr_el3, mdcr_el2; if (security_state == NON_SECURE) { scr_el3 = read_ctx_reg(get_el3state_ctx(ctx), CTX_SCR_EL3); misra_c_2012_rule_15_7_violation: No non-empty terminating "else" statement. if ((scr_el3 & SCR_HCE_BIT) != 0U) { ... ... ... write_sctlr_el2(sctlr_elx); } else if (el_implemented(2) != EL_IMPL_NONE) { el2_unused = true; ... ... ... write_cnthp_ctl_el2(CNTHP_CTL_RESET_VAL & ~(CNTHP_CTL_ENABLE_BIT)); } manage_extensions_nonsecure(el2_unused, ctx); } cm_el1_sysregs_context_restore(security_state); cm_set_next_eret_context(security_state); } Resolution: added empty else statement to resolve the issue. diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c index 8e6bfc5..8996746 100644 --- a/lib/el3_runtime/aarch64/context_mgmt.c +++ b/lib/el3_runtime/aarch64/context_mgmt.c @@ -789,6 +789,8 @@ void cm_prepare_el3_exit(uint32_t security_state) */ write_cnthp_ctl_el2(CNTHP_CTL_RESET_VAL & ~(CNTHP_CTL_ENABLE_BIT)); + } else { + /* To fix the MISRA 15.7 warning - Added an empty else statement */ } manage_extensions_nonsecure(el2_unused, ctx); } -- Is it possible to add an empty else statement in this code? Please suggest. Regards, Nithin G

2 years, 1 month

2
1
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

TF-A