- Feb 14, 2025
-
-
Release CI authored
Change-Id: I00abacb9426e515cd7f1ded4ab483c5d39ce83d5 Signed-off-by:Release CI <ci@trustedfirmware.org>
-
- Feb 11, 2025
-
-
TrustedFirmware Code Review authored
* changes: fix(cpus): workaround for Neoverse-V3 erratum 3701767 fix(cpus): workaround for Neoverse-N3 erratum 3699563 fix(cpus): workaround for Neoverse-N2 erratum 3701773 fix(cpus): workaround for Cortex-X925 erratum 3701747 fix(cpus): workaround for Cortex-X4 erratum 3701758 fix(cpus): workaround for Cortex-X3 erratum 3701769 fix(cpus): workaround for Cortex-X2 erratum 3701772 fix(cpus): workaround for Cortex-A725 erratum 3699564 fix(cpus): workaround for Cortex-A720 erratum 3699561 fix(cpus): workaround for Cortex-A715 erratum 3699560 fix(cpus): workaround for Cortex-A710 erratum 3701772 fix(cpus): workaround for accessing ICH_VMCR_EL2 refactor(errata-abi): move EXTRACT_PARTNUM to arch.h chore(cpus): fix incorrect header macro chore: rename hermes to neoverse-n3 refactor(fvp): move cpus with nomodel fix(cm): update gic el2 sysregs save/restore mechanism fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus fix(security): add support in cpu_ops for CVE-2024-7881 fix(security): add CVE-2024-7881 mitigation to Cortex-X3 fix(security): add CVE-2024-7881 mitigation to Neoverse-V3 fix(security): add CVE-2024-7881 mitigation to Neoverse-V2 fix(security): add CVE-2024-7881 mitigation to Cortex-X925 fix(security): add CVE-2024-7881 mitigation to Cortex-X4 fix(security): enable WORKAROUND_CVE_2024_7881 build option
-
- Feb 04, 2025
-
-
Govindraj Raja authored
Neoverse-V3 erratum 3701767 that applies to r0p0, r0p1, r0p2 is still Open. The workaround is for EL3 software that performs context save/restore on a change of Security state to use a value of SCR_EL3.NS when accessing ICH_VMCR_EL2 that reflects the Security state that owns the data being saved or restored. SDEN documentation: https://developer.arm.com/documentation/SDEN-2891958/latest/ Change-Id: I5be0de881f408a9e82a07b8459d79490e9065f94 Signed-off-by:
Govindraj Raja <govindraj.raja@arm.com> (cherry picked from commit e25fc9df)
-
Govindraj Raja authored
Neoverse-N3 erratum 3699563 that applies to r0p0 is still Open. The workaround is for EL3 software that performs context save/restore on a change of Security state to use a value of SCR_EL3.NS when accessing ICH_VMCR_EL2 that reflects the Security state that owns the data being saved or restored. SDEN documentation: https://developer.arm.com/documentation/SDEN-3050973/latest/ Change-Id: I77aaf8ae0afff3adde9a85f4a1a13ac9d1daf0af Signed-off-by:
-
Govindraj Raja authored
Neoverse-N2 erratum 3701773 that applies to r0p0, r0p1, r0p2 and r0p3 is still Open. The workaround is for EL3 software that performs context save/restore on a change of Security state to use a value of SCR_EL3.NS when accessing ICH_VMCR_EL2 that reflects the Security state that owns the data being saved or restored. SDEN documentation: https://developer.arm.com/documentation/SDEN-1982442/latest/ Change-Id: If95bd67363228c8083724b31f630636fb27f3b61 Signed-off-by:
-
Govindraj Raja authored
Cortex-X925 erratum 3701747 that applies to r0p0, r0p1 and is still Open. The workaround is for EL3 software that performs context save/restore on a change of Security state to use a value of SCR_EL3.NS when accessing ICH_VMCR_EL2 that reflects the Security state that owns the data being saved or restored. SDEN documentation: https://developer.arm.com/documentation/109180/latest/ Change-Id: I080296666f89276b3260686c2bdb8de63fc174c1 Signed-off-by:
-
Govindraj Raja authored
Cortex-X4 erratum 3701758 that applies to r0p0, r0p1, r0p2 and r0p3 is still Open. The workaround is for EL3 software that performs context save/restore on a change of Security state to use a value of SCR_EL3.NS when accessing ICH_VMCR_EL2 that reflects the Security state that owns the data being saved or restored. SDEN documentation: https://developer.arm.com/documentation/109148/latest/ Change-Id: I4ee941d1e7653de7a12d69f538ca05f7f9f9961d Signed-off-by:
-
Govindraj Raja authored
Cortex-X3 erratum 3701769 that applies to r0p0, r1p0, r1p1 and r1p2 is still Open. The workaround is for EL3 software that performs context save/restore on a change of Security state to use a value of SCR_EL3.NS when accessing ICH_VMCR_EL2 that reflects the Security state that owns the data being saved or restored. SDEN documentation: https://developer.arm.com/documentation/SDEN-2055130/latest/ Change-Id: Ifd722e1bb8616ada2ad158297a7ca80b19a3370b Signed-off-by:
-
Govindraj Raja authored
Cortex-X2 erratum 3701772 that applies to r0p0, r1p0, r2p0, r2p1 is still Open. The workaround is for EL3 software that performs context save/restore on a change of Security state to use a value of SCR_EL3.NS when accessing ICH_VMCR_EL2 that reflects the Security state that owns the data being saved or restored. SDEN documentation: https://developer.arm.com/documentation/SDEN-1775100/latest/ Change-Id: I2ffc5e7d7467f1bcff8b895fea52a1daa7d14495 Signed-off-by:
-
Govindraj Raja authored
Cortex-A725 erratum 3699564 that applies to r0p0, r0p1 and is fixed in r0p2. The workaround is for EL3 software that performs context save/restore on a change of Security state to use a value of SCR_EL3.NS when accessing ICH_VMCR_EL2 that reflects the Security state that owns the data being saved or restored. SDEN documentation: https://developer.arm.com/documentation/SDEN-2832921/latest Change-Id: Ifad1f6c3f5b74060273f897eb5e4b79dd9f088f7 Signed-off-by:
-
Govindraj Raja authored
Cortex-A720 erratum 3699561 that applies to all revisions <= r0p2 and is still Open. The workaround is for EL3 software that performs context save/restore on a change of Security state to use a value of SCR_EL3.NS when accessing ICH_VMCR_EL2 that reflects the Security state that owns the data being saved or restored. SDEN documentation: https://developer.arm.com/documentation/SDEN-2439421/latest/ Change-Id: I7ea3aaf3e7bf6b4f3648f6872e505a41247b14ba Signed-off-by:
-
Govindraj Raja authored
Cortex-A715 erratum 3699560 that applies to all revisions <= r1p3 and is still Open. The workaround is for EL3 software that performs context save/restore on a change of Security state to use a value of SCR_EL3.NS when accessing ICH_VMCR_EL2 that reflects the Security state that owns the data being saved or restored. SDEN documentation: https://developer.arm.com/documentation/SDEN-2148827/latest/ Change-Id: I183aa921b4b6f715d64eb6b70809de2566017d31 Signed-off-by:
-
Govindraj Raja authored
Cortex-A710 erratum 3701772 that applies to all revisions <= r2p1 and is still Open. The workaround is for EL3 software that performs context save/restore on a change of Security state to use a value of SCR_EL3.NS when accessing ICH_VMCR_EL2 that reflects the Security state that owns the data being saved or restored. SDEN documentation: https://developer.arm.com/documentation/SDEN-1775101/latest/ Change-Id: I997c9cfaa75321f22b4f690c4d3f234c0b51c670 Signed-off-by:
-
Govindraj Raja authored
When ICH_VMCR_EL2.VBPR1 is written in Secure state (SCR_EL3.NS==0) and then subsequently read in Non-secure state (SCR_EL3.NS==1), a wrong value might be returned. The same issue exists in the opposite way. Adding workaround in EL3 software that performs context save/restore on a change of Security state to use a value of SCR_EL3.NS when accessing ICH_VMCR_EL2 that reflects the Security state that owns the data being saved or restored. For example, EL3 software should set SCR_EL3.NS to 1 when saving or restoring the value ICH_VMCR_EL2 for Non-secure(or Realm) state. EL3 software should clear SCR_EL3.NS to 0 when saving or restoring the value ICH_VMCR_EL2 for Secure state. SDEN documentation: https://developer.arm.com/documentation/SDEN-1775101/latest/ Change-Id: I9f0403601c6346276e925f02eab55908b009d957 Signed-off-by:
-
Arvind Ram Prakash authored
This patch moves EXTRACT_PARTNUM from errata abi includes to arch.h which is part of common includes Change-Id: Id8bbaf21566f3145a75cfa0dafec6823ed2df3a9 Signed-off-by:
Arvind Ram Prakash <arvind.ramprakash@arm.com> (cherry picked from commit 1073bf3d)
-
Govindraj Raja authored
- errata.h is using incorrect header macro ERRATA_REPORT_H fix this. - Group errata function utilities. Change-Id: I6a4a8ec6546adb41e24d8885cb445fa8be830148 Signed-off-by:
-
Govindraj Raja authored
Rename hermes cpu to Neoverse-N3 Change-Id: I912d4c824c5004a8c1909c68fef77f1f5e202b8a Signed-off-by:
-
Govindraj Raja authored
Move CPUs which are not tested in CI under a new build option. We have added some CPUs for which there is no FVP models available yet to test. Move those CPUs under a new FVP build option. Change-Id: I3da12d2f8d9c246b435b31adfac61c79dc1ab0cb Signed-off-by:
-
Manish Pandey authored
This patch does following two changes - Create a separate routine for saving/restoring GIC el2 system registers - To access ICC_SRE_EL2 register there was a workaround to set SCR_EL3.NS before accessing it. This was required because SCR_EL3.EEL2 was zero. But with commit f105dd5fa this bit has been set to one early on in booting process for a system with FEAT_SEL2 present and S-EL2 enabled. However, we still need the workaround for a system which needs save/restore of EL2 registers without secure EL2 being enabled e.g. system with Non-secure and Realm world present. Signed-off-by:
Manish Pandey <manish.pandey2@arm.com> Change-Id: I8d55c3dc6a17c4749748822d4a738912c1e13298 (cherry picked from commit 937d6fdb)
-
- Feb 03, 2025
-
-
Arvind Ram Prakash authored
This patch implements SMCCC_ARCH_WORKAROUND_4 and allows discovery through SMCCC_ARCH_FEATURES. This mechanism is enabled if CVE_2024_7881 [1] is enabled by the platform. If CVE_2024_7881 mitigation is implemented, the discovery call returns 0, if not -1 (SMC_ARCH_CALL_NOT_SUPPORTED). For more information about SMCCC_ARCH_WORKAROUND_4 [2], please refer to the SMCCC Specification reference provided below. [1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881 [2]: https://developer.arm.com/documentation/den0028/latest Signed-off-by:
-
Arvind Ram Prakash authored
This patch adds new cpu ops function extra4 and a new macro for CVE-2024-7881 [1]. This new macro declare_cpu_ops_wa_4 allows support for new CVE check function. [1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881 Signed-off-by:
-
Arvind Ram Prakash authored
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Cortex-X3 CPU. [1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881 Signed-off-by:
-
Arvind Ram Prakash authored
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Neoverse-V3 CPU. [1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881 Signed-off-by:
-
Arvind Ram Prakash authored
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Neoverse-V2 CPU. [1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881 Signed-off-by:
-
Arvind Ram Prakash authored
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Cortex-X925 CPU. [1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881 Signed-off-by:
-
Arvind Ram Prakash authored
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1 for Cortex-X4 CPU. [1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881 Signed-off-by:
-
Arvind Ram Prakash authored
This patch enables build option needed to include support for CVE_2024_7881 [1] migitation. [1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881 Signed-off-by:
-
- Jan 27, 2025
-
-
Release CI authored
Change-Id: I0a3044f82666a879f731bbc536819c97fa5532c0 Signed-off-by:
-
- Jan 24, 2025
-
-
TrustedFirmware Code Review authored
-
Govindraj Raja authored
Updating LTS maintainers list as agreed with other LTS maintainers. Change-Id: Ibf087c6b0e24d6faa9dafb6f8a0955a47f583f28 Signed-off-by: -
TrustedFirmware Code Review authored
* changes: chore(deps): bump cross-spawn chore(deps): bump jinja2 in the pip group across 1 directory
-
TrustedFirmware Code Review authored
* changes: docs: updates to LTS docs: add inital lts doc
-
dependabot[bot] authored
Bumps the npm_and_yarn group with 1 update in the / directory: [cross-spawn](https://github.com/moxystudio/node-cross-spawn). Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6 ) --- updated-dependencies: - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn ... Change-Id: I78624d7ef8c3842a2271d091bf2d3213d9455d87 Signed-off-by:
dependabot[bot] <support@github.com> Signed-off-by:
Chris Kay <chris.kay@arm.com> (cherry picked from commit 3dfe675b)
-
dependabot[bot] authored
Bumps the pip group with 1 update in the / directory: [jinja2](https://github.com/pallets/jinja). Updates `jinja2` from 3.1.4 to 3.1.5 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.4...3.1.5 ) --- updated-dependencies: - dependency-name: jinja2 dependency-type: indirect dependency-group: pip ... Change-Id: I4502ed17a6ce37f53ac64370a5d7fe756875fee6 Signed-off-by:
-
- Jan 22, 2025
-
-
Govindraj Raja authored
Adding updates to LTS process - - This is based on review comments in here - https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/34069/3/docs/lts.rst#37 - Based on discussions with other LTS maintainers. Change-Id: Iafc606a66ea3ea69c51b433867b5025b8debebe9 Signed-off-by:
-
Govindraj Raja authored
Ref: https://linaro.atlassian.net/browse/TFC-669 The initial LTS document was created as pdf and was maintained in a shared folder location, to avoid pdf getting lost and trying to find where it is we decided to have LTS details part of docs in TF-A. This patch directly reflects the data from pdf attached to TFC-669. Any improvements or amends to this will be done at later phases based on LTS maintainers comments and agreements. Change-Id: I1434c29f0236161d2a127596e2cc528bf4cc3e85 Signed-off-by:
-
- Jan 17, 2025
-
-
TrustedFirmware Code Review authored
* changes: feat(mbedtls): mbedtls config update for v3.6.2 docs(prerequisites): update mbedtls to version 3.6.2 refactor(mbedtls): rename default mbedtls confs fix(arm): add extra hash config to validate ROTPK
-
- Jan 13, 2025
-
-
Ryan Everett authored
This new update to the LTS branch of MbedTLS provides the fix for a buffer underrun vulnerability. TF-A does not use the previously vulnerable functions `mbedtls_pk_write_key_der` or `mbedtls_pk_write_key_pem`. Full patch notes to this MbedTLS update can be found at https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2 . We now enforce the mbedtls version to be greater than or equal to 3.6.2 in our default configs. Change-Id: I79027f6c741ab3f419f7b555321507e6a78b977b Signed-off-by:
Ryan Everett <ryan.everett@arm.com> (cherry picked from commit c307efce)
-
Yann Gautier authored
This new update to the LTS branch of MbedTLS provides the fix for a buffer underrun vulnerability. TF-A does not use the previously vulnerable functions `mbedtls_pk_write_key_der` or `mbedtls_pk_write_key_pem`. Full patch notes to this MbedTLS update can be found at https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2 . Change-Id: Ibc4a8712c92019648fe0e75390cd3540d86b735d Signed-off-by:
-
Ryan Everett authored
Change the name of these confs to be version agnostic, we will later use these configs to enforce the mbedtls minimum version Change-Id: I1f665c2471877ecc833270c511749ff845046f10 Signed-off-by:
-
![dependabot[bot]'s avatar](https://secure.gravatar.com/avatar/bd5a8d6c673b738d52b0ac42a110045f3f964b3ebfc1d60ea805af743b1dc0e6?s=64&d=identicon "dependabot[bot]")
