- TF-A - lists.trustedfirmware.org

Re: Questions about the Fault Handling of GPFs

by Olivier Deprez

Hi Feifan Qian, Trapping GPF to EL3 is permitted by the architecture, however I don't believe TF-A provides such option. In general for TF-A's reference software stacks, a GPF is trapped first at EL2 (hence SCR_EL3.GPF=0). E.g. In a system implementing RME, the RMM (@ R-EL2) traps a GPF occurring in an R-EL1/0 Realm (or R-EL2 itself). Similarly, in the secure world, the SPM (@ S-EL2) traps a GPF occurring in a S-EL1/0 secure partition (or S-EL2 itself). Regards, Olivier. ________________________________ From: 钱非凡 <qianfeifan(a)iie.ac.cn> Sent: 01 July 2024 08:52 To: tf-a-owner(a)lists.trustedfirmware.org <tf-a-owner(a)lists.trustedfirmware.org> Subject: Questions about the Fault Handling of GPFs Dear experts, I have been learning the Fault Handling of the Granule Protection Fault in Arm CCA. Upon studying the Arm Document, I discovered that the GPF bit in the SCR_EL3 register controls whether the fault handling of GPFs occurs in EL3 or not. In addition, I noted that `include/arch/aarch64/arch.h` defines a macro `#define SCR_GPF_BIT (UL(1) << 48)`, yet I could not find any reference to this macro in the source code. I want to know that whether ATF has implemented the fault handling of GPFs or if this is a feature to be expected in the future. If its not, how can I implement this. Any guidance or advice you could provide would be greatly appreciated. Sincerely, Feifan Qian

5 months, 3 weeks

1
0
0 0

Trusted Firmware-A LTS v2.8.20 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.8.20 is now available. This release contains the following patches: 4da2210db chore: add encrypt_fw to gitignore [1] e0124e1ba feat(build): allow additional CFLAGS for library build [2] d7f618143 refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE [3] fd566c3cd feat(mbedtls): add support for mbedtls-3.3 [4] bf740eba7 feat(fvp): increase BL1_RW and BL2 size [5] ef7aac710 refactor(fvp): minor cleanup with TRUSTED_BOARD_BOOT [6] c82afd25b feat(stm32mp1): add mbedtls-3.3 support config [7] 488514a66 docs(prerequisites): update software and libraries prerequisites [8] a353e39e8 feat(mbedtls): update to 3.4.1 [9] 07126ffb4 build(mbedtls): add deprecation notice [10] 87f4a6305 refactor(mbedtls): remove mbedtls 2.x support [11] e8ae4fa2b feat(mbedtls): update config for 3.6.0 [12] b437905e2 docs(prerequisites): update mbedtls version used [13] [1] https://review.trustedfirmware.org/q/I2f4ddbe1c11848513fe20f7c8b448a041988c… [2] https://review.trustedfirmware.org/q/Ic99af22b229f8089c82110d6545f762c14a62… [3] https://review.trustedfirmware.org/q/I029992311be2a38b588ebbb350875b03ea29a… [4] https://review.trustedfirmware.org/q/Ib034036c09fbdc573d9427b1eda6f2387bda2… [5] https://review.trustedfirmware.org/q/I8a423711ac50b3d615c1d9650086cdbca5051… [6] https://review.trustedfirmware.org/q/I800524d54ea56dc27b6c6da26c75a07f5f6de… [7] https://review.trustedfirmware.org/q/I4581cb0ea7b2c7022e71aefd7ff05ee3a72f5… [8] https://review.trustedfirmware.org/q/I384aab4dfee9cae9453eebf4091abe82ef9cc… [9] https://review.trustedfirmware.org/q/Ifc31c2fc825a2fc9ca318ea8baadd51b670e7… [10] https://review.trustedfirmware.org/q/I669b423ee9af9f5c5255fce370413fffaf38e… [11] https://review.trustedfirmware.org/q/Id3eb98b55692df98aabe6a7c5a5ec910222c8… [12] https://review.trustedfirmware.org/q/Ib345b0bd4f2994f366629ed162d18814fd05a… [13] https://review.trustedfirmware.org/q/I6bd8fcca795373a05bc6beb2e085d24fdd149… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.8.20/change-log.html Thanks, TF-A LTS team

5 months, 3 weeks

1
0
0 0

Trusted Firmware-A LTS v2.10.5 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.10.5 is now available. This release contains the following patches: 1d3bb2fe6 refactor(mbedtls): remove mbedtls 2.x support [1] 05ec367ba feat(mbedtls): update config for 3.6.0 [2] aa84a9dad docs(prerequisites): update mbedtls version used [3] ee945f1d2 fix(mbedtls): sign verification issue with invalid Key/Signature [4] [1] https://review.trustedfirmware.org/q/Id3eb98b55692df98aabe6a7c5a5ec910222c8… [2] https://review.trustedfirmware.org/q/Ib345b0bd4f2994f366629ed162d18814fd05a… [3] https://review.trustedfirmware.org/q/I6bd8fcca795373a05bc6beb2e085d24fdd149… [4] https://review.trustedfirmware.org/q/Ib484d97a04b7a82dd72592c8b5b153d577d01… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.10.5/change-log.html Thanks, TF-A LTS team

5 months, 3 weeks

1
0
0 0

Canceled event with note: TF-A Tech Forum @ Thu Jun 27, 2024 5pm - 6pm (GMT+2) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

This event has been canceled with a note: "Hi, Cancelling as no topic planned. Regards, Olivier. " TF-A Tech Forum Thursday Jun 27, 2024 ⋅ 5pm – 6pm Central European Time - Paris We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvdU84QT09 One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

5 months, 4 weeks

1
0
0 0

Canceled event with note: TF-A Tech Forum @ Thu Jun 13, 2024 5pm - 6pm (GMT+2) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

This event has been canceled with a note: "Hi, Cancelling this instance as no topic proposed. Thanks, Olivier. " TF-A Tech Forum Thursday Jun 13, 2024 ⋅ 5pm – 6pm Central European Time - Paris We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvdU84QT09 One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

6 months, 1 week

1
0
0 0

Canceled event with note: TF-A Tech Forum @ Thu May 30, 2024 5pm - 6pm (GMT+2) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

This event has been canceled with a note: "Hi, Cancelling for this week as no topic proposed. Thanks, Olivier. " TF-A Tech Forum Thursday May 30, 2024 ⋅ 5pm – 6pm Central European Time - Paris We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvdU84QT09 One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

6 months, 3 weeks

1
0
0 0

Trusted Firmware v2.10 Release Announcement

by Olivier Deprez

Hi All, We are pleased to announce the formal release of Trusted Firmware-A version 2.10 bundle of project deliverables. This includes Trusted Firmware-A, Trusted Firmware-A Tests, Hafnium, RMM and TF-A OpenCI Scripts/Jobs 2.10 releases involving the tagging of multiple repositories. These went live on 22nd November 2023. Please find references to tags and change logs at the end of this email. Many thanks to the community for the active engagement in delivering this release! Notable Features of the Version 2.10 Release are as follows: TF-A/EL3 Root World * New Features: * Firmware handoff library support * Improvements to BL31 runtime exception handling * Context management refactoring for RME/4 worlds * Gelas, Nevis & Travis CPUs support * V8.9 features enabled (FEAT_ HAFT, RPRFM, LRCPC3, MTE_PERM) TF-A Boot BL1/BL2 * New Features * Trusted Boot support for ECDSA (Elliptic Curve Digital Signature Algorithm) * Migrated to PSA crypto API’s * Improved the GUID Partition Table (GPT) parser. * Various security Improvements and threat Model updates for ARM CCA * Signer id extraction Implementation Hafnium/SEL2 SPM * New Features: * FF-A v1.2: FFA_YIELD with time-out; EL3 SPMDs LSPs communication; memory sharing updates. * Memory region relative base address field support in SP manifests. * Interrupt re-configuration hypervisor calls. * Memory management: S2 PT NS/S IPA split * SMCCCv1.2+ compliance fixes. * Feature parity test improvements, EL3 SPMC and Hafnium (S-EL2 SPMC) TF-RMM/REL2 * New Feature/Support * Fenimore v1.0 EAC5 aligned implementation. * TFTF Enhancements for RME testing * Initial CBMC support * NS SME support in RMM * BTI support for RMM Errata * Errata implemented (1xCortex-X2/ Matterhorn-ELP, 1xCortex-A710/Matterhorn, 1xNeoverse N2/Perseus, 2xNeoverse V2/Demeter, Makalu ELP/Cortex X3, Klein/Cortex-A510) * Fix some minor defects with version in a few errata that applies for some follow up revisions of the CPUs. (Neoverse V1, Cortex-X2, Cortex-A710) TF-A Tests * Core * Added errata management firmware interface tests. * Added firmware handoff tests. * Introduced RAS KFH support test. * SPM/FF-A * Support SMCCCv1.2 extended GP registers set. * Test SMCCC compliance at the non-secure physical instance. * Test secure eSPI interrupt handling. * Test FF-A v1.2 FFA_PARTITION_INFO_GET_REGS interface. * RMM * Added FPU/SVE/SME tests * Added multiple REC single CPU tests. * Added PAuth support in Realms tests. * Added PMU tests. Platform Support * New platforms added: * Aspeed AST2700, NXP IMX93, Intel Agilex5, Nuvoton NPCM845x, QTI MDM9607, MSM8909, MSM8939, ST STM32MP2 Release tags across repositories: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tag/?h=v2.10 https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tag/?h=v2.10 https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/tag/?h=v2.10 https://git.trustedfirmware.org/ci/tf-a-job-configs.git/tag/?h=v2.10 https://git.trustedfirmware.org/hafnium/hafnium.git/tag/?h=v2.10 https://git.trustedfirmware.org/ci/hafnium-ci-scripts.git/tag/?h=v2.10 https://git.trustedfirmware.org/ci/hafnium-job-configs.git/tag/?h=v2.10 https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tag/?h=tf-rmm-v0.4.0 Change logs: https://trustedfirmware-a.readthedocs.io/en/v2.10/change-log.html#id1 https://trustedfirmware-a-tests.readthedocs.io/en/v2.10/change-log.html#ver… https://hafnium.readthedocs.io/en/latest/change-log.html#v2-10 https://tf-rmm.readthedocs.io/en/tf-rmm-v0.4.0/about/change-log.html#v0-4-0 Regards, Olivier.

6 months, 3 weeks

1
1
0 0

regarding AS and AR values with clang compiler

by Nagal, Amit

Hi , We are trying to build the TF-A code using clang compiler . Instructions are followed as per the conf page https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/initial-… 1. export CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-none-elf- 2. make CC=<path-to-armclang>/bin/armclang PLAT=<platform> all in our side , make CC=/tools/installs/arm/safety/armcc/6.6.2/bin/armclang PLAT=zynqmp distclean 3. with steps 1) and 2) , we observe the value of AS and AR getting set as below: AS = /tools/installs/arm/safety/armcc/6.6.2/bin/armclang -c -x assembler-with-cpp -target aarch64-arm-none-eabi -march=armv8-a AR = <path-to-aarch64-gcc>/bin/aarch64-linux-gnu-ar 4. However in /tools/installs/arm/safety/armcc/6.6.2/bin , clang tool specific AS points to armasm and AR points to armar utility. 5. From above output in point 4 , we can see that AS and AR does not refer to clang toolchain utilities armasm and armar. From point 3) , AS still points to armclang utility only instead of armasm , while AR still points to aarch64-linux-gnu-ar instead of armar . 6. Can we be guided if the above outputs are correct to use wrt TF-A code build using clang compiler ? And whether any modifications can be done to point AS and AR to clang toolchain specific utilities as mentioned in step 4. Regards Amit

6 months, 4 weeks

2
1
0 0

Maintainer for Marvell platforms

by Manish Pandey2

Hi, We do not have active maintainer for Marvell platform. As per docs/about/maintainers.rst the current maintainer is "Konstantin Porotchkin <kostap(a)marvell.com>". Is anybody willing to take ownership of the platform, preferably people who have contributed to this platform in past. Thanks Manish

7 months

4
3
0 0

Make TF-A (bl31) (El3 firmware) preemtible

by Kamlesh Gurudasani

Clock and power management in ATF, preemption issue. I have seen that multiple Vendors are using arm scmi protocol to do clock management in bl31[0][1]. The problem with such implementations is any long running SCMI operations (like PLL locking for example) will hold the core in EL3 for extended period of time, adding to latency of NS EL1 interrupt handling as ATF is not preemptible. This problem can be solved by making ATF preemptible, similar to how OP-TEE does it by by implementing a remote procedural call after it receives a interrupt. [2]How Linux does SMC call with YIELD flag enabled. [3]How OP-TEE handles the timer interrupt [4]How Linux receives an interrupt which came in EL3->SEL1 As quoted in exception Handling document in ATF docs[5] "Receive exceptions, but handle part of the exception in EL3, and delegate processing of the error to dedicated software stack running at lower secure ELs (as above); additionally, the Normal world may also be required to participate in the handling, or be notified of such events (for example, as an event). In this scheme, exception handling potentially and maximally spans all ELs in both Secure and Normal worlds." From this we can understand that we can delegate the exception to EL1 if we are already in EL3. (way to preempt) We are aware that ARM v8.4-A onwards arch are having a SEL2 level with which we can run a vendor specific firmware parallel to TEE at SEL1 in a secure partition. But how we do handle clock and power management for version which doesn't support SEL2? We don't want to put it in TEE as it will constraint our devices to that specific TEE. I am starting to work on a proposal to make ATF preemptible similar to how OP-TEE is doing it. a)Will the similar approach from OP-TEE if implemented and working be accepted by ATF upstream? The SMC call with YIELD option will only be preemtible so will not affect the normal flow. b)As quoted in Trusted Firmware-A Document[6] Page 94, "Yielding calls are reserved exclusively for Trusted OS providers" "Yielding 0- 1 Reserved for existing Armv7-A calls Yielding 2-63 Trusted OS Standard Calls" Can this range be consumed within ATF/bl31 firmware or is it necessary to forward all yielding calls to Trusted OS? [0]https://github.com/ARM-software/arm-trusted-firmware/blob/master/plat/st/… [1]https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/21840 [2]https://elixir.bootlin.com/linux/v6.9-rc3/source/drivers/tee/optee/smc_ab… [3]https://github.com/OP-TEE/optee_os/blob/fc57019cb35c8c1bad66fc6d814ace5de… [4]https://elixir.bootlin.com/linux/v6.9-rc3/source/drivers/tee/optee/smc_ab… [5]https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/com… [6]https://trustedfirmware-a.readthedocs.io/_/downloads/en/latest/pdf/ Regards, Kamlesh

7 months

6
10
0 0

2024

2023

2022

2021

2020

2019

2018

TF-A