| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
SCR_EL3 register is restored before esb issued and it is assumed
that EAs are unmasked at that point, which is wrong, as the SCR_EL3
value at that time is restored from the context of the world where
it is returning to.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Id1c7150a70b5f589b0dc7c50c359b4d23ee9f256
(cherry picked from commit ff1d2ef387f085fdada4a122284b3b044fdde09c)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Current code skips load of spinlock address when cache is disabled. The
following call to spin_unlock stores into the random location that x0
points to.
Move spinlock address load earlier so that x0 is always valid on
spin_unlock call.
Change-Id: Iac640289725dce2518f2fed483d7d36ca748ffe8
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
(cherry picked from commit 5fb6946ad70f5c6e82502a704633bba1dd82e507)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the generated sp_gen.mk, add a dependency to the image described in
the sp_layout.json file to make sure that the pkg file is re-generated
if the SP image is updated.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: Id936f907d6baa6b0627c4bb9608323e5157c7a9b
(cherry picked from commit 4daeaf341a347a60fd481fb4a1530f18f8e4c058)
|
|\ \
| |/
| |
| | |
lts-v2.8
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
No overflow buffer checking for param size. There is a security threat.
Update code to check for param size according to cryto param mode.
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I37a2d047edd9ff835b3f0986d85309c402887bef
(cherry picked from commit c42402cdf8a3dfc6f6e62a92b2898066e8cc46f6)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neoverse V1 erratum 2779461 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open.
The workaround sets CPUACTLR3_EL1[47] bit to 1. Setting this
bit might have a small impact on power and negligible impact
on performance.
SDEN documentation: https://developer.arm.com/documentation/SDEN1401781/latest
Change-Id: I367cda1779684638063d7292fda20ca6734e6f10
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
(cherry picked from commit 2757da06149238041308060e5cb51f0870a02a15)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cortex-A78 erratum 2779479 is a Cat B erratum that applies to
all revisions <= r1p2 and is still open.
The workaround is to set the CPUACTLR3_EL1[47] bit to 1. Setting this
bit might have a small impact on power and negligible impact
on performance.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1401784/latest
Change-Id: I3779fd1eff3017c5961ffa101b357918070b3b36
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
(cherry picked from commit 7d1700c4d475358539c9a84cb325183c86a06f33)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cortex-X2 erratum 2282622 is a Cat B erratum that applies to
all revisions <=r2p1 and is still open. The workaround is to set
CPUACTLR2_EL1[0] to 1 to force PLDW/PFRM ST to behave like
PLD/PRFM LD and not cause invalidations to other PE caches.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1775100/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I43956aa4898a8608eedc5d0dd1471172c641a0c6
(cherry picked from commit f9c6301d743405bd91b9a1fe433ce14fa60a830f)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
get_ext() does not check the return value of the various mbedtls_*
functions, as cert_parse() is assumed to have guaranteed that they will
always succeed. However, it passes the end of an extension as the end
pointer to these functions, whereas cert_parse() passes the end of the
TBSCertificate. Furthermore, cert_parse() does *not* check that the
contents of the extension have the same length as the extension itself.
Before fd37982a19a4a291 ("fix(auth): forbid junk after extensions"),
cert_parse() also does not check that the extension block extends to the
end of the TBSCertificate.
This is a problem, as mbedtls_asn1_get_tag() leaves *p and *len
undefined on failure. In practice, this results in get_ext() continuing
to parse at different offsets than were used (and validated) by
cert_parse(), which means that the in-bounds guarantee provided by
cert_parse() no longer holds.
This patch fixes the remaining flaw by enforcing that the contents of an
extension are the same length as the extension itself.
Change-Id: Id4570f911402e34d5d6c799ae01a01f184c68d7c
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
(cherry picked from commit f5c51855d36e399e6e22cc1eb94f6b58e51b3b6d)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
auth_nvctr() does not check that the buffer provided is long enough to
hold an ASN.1 INTEGER, or even that the buffer is non-empty. Since
auth_nvctr() will only ever read 6 bytes, it is possible to read up to
6 bytes past the end of the buffer.
This out-of-bounds read turns out to be harmless. The only caller of
auth_nvctr() always passes a pointer into an X.509 TBSCertificate, and
all in-tree chains of trust require that the certificate’s signature has
already been validated. This means that the signature algorithm
identifier is at least 4 bytes and the signature itself more than that.
Therefore, the data read will be from the certificate itself. Even if
the certificate signature has not been validated, an out-of-bounds read
is still not possible. Since there are at least two bytes (tag and
length) in both the signature algorithm ID and the signature itself, an
out-of-bounds read would require that the tag byte of the signature
algorithm ID would need to be either the tag or length byte of the
DER-encoded nonvolatile counter. However, this byte must be
(MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) (0x30), which is
greater than 4 and not equal to MBEDTLS_ASN1_INTEGER (2). Therefore,
auth_nvctr() will error out before reading the integer itself,
preventing an out-of-bounds read.
Change-Id: Ibdf1af702fbeb98a94c0c96456ebddd3d392ad44
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
(cherry picked from commit abb8f936fd0ad085b1966bdc2cddf040ba3865e3)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cortex-A710 erratum 2282622 is a Cat B erratum that applies to
all revisions <=r2p1 and is still open. The workaround was earlier
applied to all revisions <= r2p0, this patch extends it to r2p1.
This was thought to have been fixed in r2p1 which is not the case.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Iad38a7fe57bec3f2d8977995acd601dcd9ae69c0
(cherry picked from commit 89d85ad0aad4fef7f56a9e18968b49e2b843ca9d)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
X.509 and RFC5280 allow omitting the extensions entirely, but require
that if the extensions field is present at all, it must contain at least
one certificate. TF-A already requires the extensions to be present,
but allows them to be empty. However, a certificate with an empty
extensions field will always fail later on, as the extensions contain
the information needed to validate the next stage in the boot chain.
Therefore, it is simpler to require the extension field to be present
and contain at least one extension. Also add a comment explaining why
the extensions field is required, even though it is OPTIONAL in the
ASN.1 syntax.
Change-Id: Ie26eed8a7924bf50937a6b27ccdf7cc9a390588d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
(cherry picked from commit 72460f50e2437a85ce5229c430931aab8f4a0d5b)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
The extensions must use all remaining bytes in the TBSCertificate.
Change-Id: Idf48f7168e146d050ba62dbc732638946fcd6c92
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
(cherry picked from commit fd37982a19a4a2911912ce321b9468993a0919ad)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neoverse V1 erratum 2743093 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I8ee7c16c14c4fd6ee35d20c855273ecfce0d1b32
(cherry picked from commit 31747f057b13b5934b607b7021139e58a55f7766)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cortex-A78 erratum 2772019 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1401784/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I0362da463eca777aa7a385bcdeb39b8549799f02
(cherry picked from commit b10afcce5ff1202e1cd922dbd3c1e5980b478429)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neoverse N2 erratum 2743089 is a Cat B erratum that applies to
all revisions <=r0p2 and is fixed in r0p3. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Idec862226bd32c91374a8bbd5d73d7ee480a34d9
(cherry picked from commit 1ee7c8232c153203d104f148a33e6f641d503f96)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cortex-X2 erratum 2768515 is a Cat B erratum that applies to
all revisions <=r2p1 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1775100/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ib02688f7b6dc7f6ec305e68e8895174f6fd577a0
(cherry picked from commit 1cfde82227558a8cc1792c068bc7a7cdf8feab43)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cortex-A710 erratum 2768515 is a Cat B erratum that applies to
all revisions <=r2p1 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: If17fe04d3fda0dba6b8aabdd837a1c53e1830ed5
(cherry picked from commit b87b02cf1d93f2be2113192cd5f1927e33121a80)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch is to fix Errata #841119 and #826419 failed apply in linux
because of SMMU_CBn_ACTLR register can't be modified in non-secure
states.
Signed-off-by: Howard Lu <howard.lu@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I2b23e7c8baa809f385917eb45b10ec6b26a9ada8
(cherry picked from commit 0ca1d8fba3bee32242b123ae28ad5c83a657aa0d)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fix OCRAM ECC for lx2 platform.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Ic46de7a40c611764a6f24400663da50e6b477ae5
(cherry picked from commit e8faff3da962ce112e32d8f1fdb8155e078eae75)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add more lx2 variants support.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Iac19b2532531616f638fd8f42bb6953bd1e83eda
(cherry picked from commit c07f5e9e50959a3667e5a96ac808d1d16bb72698)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Need to initialize global data firstly.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I18c3ccc2d0c8175bf479889aa03bc1f737df678b
(cherry picked from commit 50aa0ea7acd21e7e9920a91a14db14a9f8c63700)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Setting 2MB shared memory and following 64MB secure memory.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Ia992d21f205d305a6fff92fc11435634ce7c9d21
(cherry picked from commit 07d8e34fdd5a81b6fe5f805560be44c1063cea79)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changed the size of OCRAM reserved by ROM code and increased the
size of CSF header.
Earlier, 4 keys image was exceeding boundaries and landing in
OCRAM location reserved for ROM usage.
Signed-off by:- Kshitiz Varshney <kshitiz.varshney@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I628ff7464fe0184d0553a7962d592aafd42e8137
(cherry picked from commit c0c157a680fcb100afed3e1ea9d342deea72ea05)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Timing CFG 0 and Timing CFG 4 are ddr controller registers that
have been affected by 1d phy training during cold boot. They are
needed to be stored and restored along with phy training values.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I29c55256e74456515aaeb098e2e0e3475697a466
(cherry picked from commit 00bb8c37e0fe57ae2126857ce2d2700106a76884)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
we need to apply the value of CDD write to write for the write to
read CDD delay calculations. Since the current implementation always
provide a negative value of CDDwr so a value of zero was selected.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6829997d2ea6ba6cddaaab8332b82b8c66752d7e
(cherry picked from commit fa0105693c85eacf6eda22eca63f220d304f7768)
|