4185 Commits

Author SHA1 Message Date
Manish Pandey
b934b7478e Merge changes from topic "gr/CVE-2026-0095" into integration
* changes:
  feat(tc): enable workaround for CVE-2026-0995
  fix(security): workaround for C1-Pro/CME CVE-2026-0995
  feat(psci): add psci_cpu_off_start event
  feat(smccc): add support for CPU Service calls
2026-05-20 11:34:53 +00:00
Govindraj Raja
e9b6d2ae27 fix(security): workaround for C1-Pro/CME CVE-2026-0995
This SME erratum in C1-Pro means memory accesses from the CME unit can
remain outstanding after another CPU issues TLBI+DSB. This means SME
can access memory after it has been re-allocated, potentially
overwriting the new owner's data. With pKVM, this could allow the host
access to guest memory if the SME accesses survived the page being
donated to HYP and allocated to the guest.

The workaround is for all affected CPUs to issue DSB locally whenever
another CPU does TLB maintenance. The local DSB completes all
outstanding accesses.

Linux and pKVM share a security state in the GIC, meaning pKVM would
be exposed to interrupt blackouts caused by linux. It is difficult
for the non secure world to avoid races when an SGI is sent to a CPU
that is about go offline and can no longer take the interrupt.
(this would violate the PSCI rules for CPU_OFF calls).

Implement the workaround in EL3 using an SMC in the 'CPU vendor' space.
The workaround uses atomic_inc_return on a global counter to order
parallel callers. This gives each caller a deadline.
Secure SGI are sent to the affected C1 Pro CPUs causing them to run
the workaround, and update their local counter from the global counter.
The CPU that issued the SMC then waits for each SGI'd CPU to update
to at least the deadline from its call.

An SGI being sent can race with an SMC to PSCI CPU_OFF. To avoid
this SGI preventing the CPU from enterring WFI to power off, the
workaround is run pre-emptively and the SGI is masked at the GIC
redistributor.

This mitigation is coordinated with corresponding Operating System
updates for CVE-2026-0995. Both EL3 (TF-A) and the OS must include
their respective fixes to ensure complete mitigation. For example,
the Linux kernel implements a complementary workaround that must
be deployed alongside this TF-A update.

Linux commit:
https://lore.kernel.org/all/20260302165801.3014607-1-catalin.marinas@arm.com/

Ref: https://developer.arm.com/documentation/111823/latest/

Change-Id: Ie969354ad0693fe172d921953b87cfbf4a39ea8e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
2026-05-18 10:34:03 +01:00
Andre Przywara
e0b614c259 feat(psci): add psci_cpu_off_start event
Together with the psci_cpu_on_finish event this is useful to track the
online state of cores.
We cannot trigger the event much later, as then the CPU will be partly
off already (left coherency, for instance).

Change-Id: I072647ece6847b11af1d0e3a0686f5dfd1f2ea58
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
2026-05-15 15:57:58 +01:00
Govindraj Raja
7a42d35ef2 feat(smccc): add support for CPU Service calls
Add support for CPU Service Calls SMC.

SMCCC Documentation reference:
https://developer.arm.com/docs/den0028/latest

Change-Id: Ie415af366de84350bd5f20dec869c2f57a37c0d1
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
2026-05-15 15:57:47 +01:00
Boyan Karatotev
067c4bcd27 fix: update utils_def.h to use assembly compatible integer literal suffixes
Newer compilers accept C style integer literal suffixes (like `1ULL`) in
assembly code. Unfortunately, this seems to be a recent development and
older compilers do not. Convert uses of these suffixes to use the
helpers from utils_def_exp.h that will expand correctly.

Change-Id: I5a6e4a52e3c9c85b964fd9fc88548af68cc9998e
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
2026-05-15 09:06:28 +00:00
Manish V Badarkhe
07627389cd Merge changes I4bdc021d,Iaf90eb1f,Id04915a3,I749629f9 into integration
* changes:
  refactor(cpufeat): clump FEAT_PACQARMA3 with FEAT_PAuth
  refactor(cpufeat): simplify FEAT_MTPMU helpers
  refactor(cpufeat): bring MPAM and DIT to the feat_detect pattern
  refactor(cpufeat): drop redundant comments from arch_features.h
2026-05-14 08:59:25 +00:00
Harrison Mutai
88f8c8d12c Merge "feat(mbedtls): update mbedTLS to version 3.6.6" into integration 2026-05-14 08:13:41 +00:00
Manish Pandey
5744cba65d Merge "fix(cpufeat): always allow accesses of FEAT_RAS registers" into integration 2026-05-13 15:05:09 +00:00
Boyan Karatotev
4945956b7b fix(cpufeat): always allow accesses of FEAT_RAS registers
FEAT_RAS does not provide an architectural way to disable its system
registers from lower ELs. It does provide a way to trap their accesses
to EL3 but no way to communicate this to lower ELs (eg. with ID
registers). As such, from a lower ELs perspective if FEAT_RAS is
implemented, then it is perfectly valid to issue accesses to any
FEAT_RAS registers.

Today that is not the case. When lower EL software issues such an access
it will instead get an UNDEF exception (injected by EL3) which is not
architecturally correct. It's not illogical to do this - the RAS System
Architecture mandates very little and it leaves access control to be an
IMPDEF choice of being handled in hardware of firmware without a
discovery mechanism and so we must assume no hardware access control.

So to comply with both requirements, implement a rudimentary software
based access control. This reuses the old flags (FAULT_INJECTION_SUPPORT
and RAS_TRAP_NS_ERR_REC_ACCESS). If they do not permit access, emulate
them as RAZ/WI. If access is permitted, do not trap in the first place.

Change-Id: Ie202291b096f0394230387a8d58ff56ebb7f68a3
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
2026-05-13 09:48:23 +01:00
Harrison Mutai
66e22f5ab6 Merge changes Ifcc85bec,I8d38addc,Icf8f658c into integration
* changes:
  refactor(arm): use validation framework for SiP
  docs: add SMC validation guidelines
  feat(common): introduce SMC validation framework
2026-05-13 08:17:52 +00:00
Boyan Karatotev
e9f6b01db8 refactor(cpufeat): clump FEAT_PACQARMA3 with FEAT_PAuth
They two are inherently related and the ID register update helper
already treats them as one. Combine them to save on some code.

Change-Id: I4bdc021d98e053cece6619889334828a5b679d28
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
2026-05-13 09:02:25 +01:00
Boyan Karatotev
f73a0182fa refactor(cpufeat): simplify FEAT_MTPMU helpers
The ID register field follows the general convention: 0 means missing,
anything over 1 means implemented. The special value of 0b1111 has the
semantics of "feature unconditionally enabled" which follows this rule.
There is no need to special case the feature and code can be simpler.

Change-Id: Iaf90eb1f8abb22a48054b4e564dad669e1703dcb
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
2026-05-13 09:02:21 +01:00
Boyan Karatotev
a92e87b68d refactor(cpufeat): bring MPAM and DIT to the feat_detect pattern
The enablement for FEAT_MPAM and FEAT_DIT happened when the feat_state
framework was fairly fresh so they don't follow the patterns that have
emerged since. Convert them to follow these patterns.

Change-Id: Id04915a3d1d5c3e4f8702f03e53494703e6de6dc
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
2026-05-13 09:02:17 +01:00
Boyan Karatotev
18a8df195b refactor(cpufeat): drop redundant comments from arch_features.h
The definitions of each feature include all necessary information to
fully understand what it is about. The expansion of the name is also
duplicate to the explanations in defaults.mk and the docs and adds to
cognitive load during review. Further, the comments aren't particularly
consistent.

Drop the comments to reduce duplication. These are always documented in
the Arm ARM.

Change-Id: I749629f924dd818285b7970e52ef8c413787d291
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
2026-05-13 09:02:16 +01:00
Olivier Deprez
8bcd40a58d Merge "feat(mbedtls): enable AESCE under ENABLE_FEAT_CRYPTO for AES-GCM" into integration 2026-05-12 10:59:22 +00:00
Manish V Badarkhe
4c65186a7d Merge changes I1c20eeee,I4e5eeec7,Ie4f73cc1 into integration
* changes:
  refactor(build): remove FEAT_CSV2_2 enable from ENABLE_RMM
  fix(arm): clean up FEAT_RME #ifdefs
  fix(cpufeat): add arch_extension directives to bit_lock() too
2026-05-12 09:01:46 +00:00
Manish V Badarkhe
28aa61ddc0 feat(mbedtls): update mbedTLS to version 3.6.6
Update the mbed TLS submodule to the 3.6.6 release and bump
MBEDTLS_CONFIG_VERSION in default_mbedtls_config.h so the
Trusted Firmware-A configuration matches the imported version.

Change-Id: I9f90eecfbce203a89c61e864ef3f85677efad1c4
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2026-05-12 08:41:45 +01:00
Manish V Badarkhe
79e9edb42a feat(mbedtls): enable AESCE under ENABLE_FEAT_CRYPTO for AES-GCM
When AES-GCM is enabled, use the AESCE backend and set
MBEDTLS_AES_USE_HARDWARE_ONLY to avoid falling back to the
plain-C AES implementation when FEAT_CRYPTO is available.

Change-Id: I17750618646aea962a91c4fae551bff65acf30f3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2026-05-11 13:10:07 +00:00
Manish V Badarkhe
c47f0e4785 Merge "refactor(measured-boot): remove old tcg.h" into integration 2026-05-06 08:45:07 +00:00
Thomas Bourgoin
c3ac6ca04e feat(st-iwdg): remove unused flags
Remove flags used for configuring watchdog during low power phases.
The configuration to stop watchdog during standby and s2idle is done in
OP-TEE.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Change-Id: Ib68d5bf31d7f97791af6b25327b374771b75fd4e
2026-05-06 10:05:10 +02:00
kennethkabogo
8cbf605b98 refactor(arm): use validation framework for SiP
Demonstrate the migration of Arm platform SiP handlers to the new SMC
validation framework with type-safe smc_get_mem_range() usage.

Change-Id: Ifcc85becd146f2e638b1e08be6a1cdba43b91d3b
Signed-off-by: Kenneth Kabogo <kennethkabogo2@gmail.com>
2026-05-05 18:46:05 +03:00
kennethkabogo
92d6ae607e feat(common): introduce SMC validation framework
This patch introduces a standardized framework for validating SiP SMC
arguments in EL3 runtime services to mitigate Privilege-Blind Forwarding
(PBF) and TOCTOU race conditions.

The framework provides:
- Atomic Shadow-Copy with smc_get_mem_range() inline function
- Type-safe validation using uintptr_t and size_t
- Integer overflow protection for memory range tuples
- Architecture-aware register mapping in common/smc_validation.c

Change-Id: Icf8f658c16fb25989eb757b71f70668c787c3153
Signed-off-by: Kenneth Kabogo <kennethkabogo2@gmail.com>
2026-05-05 18:28:45 +03:00
Boyan Karatotev
fb6218df18 fix(cpufeat): correctly set PSTATE.NZCV on trapped RNDR(RS)
The Arm ARM says that a successful read of RNDR(RS) should return with
PSTATE.NZCV == 0 and a failed one should read 0 and PSTATE.NZCV ==
0b0100. No platform hooks emulate this PSTATE behaviours and neither
does generic code.

This patch adds the emulation in generic code so that platform hooks
don't have to. To do this, simplify the platform hook even further - it
now has one job: to return the value and if it was successful. All the
architectural parsing is now fully generic.

Change-Id: Ica35aa6f10cc3dd6fa6ba91e6de1bec68260953d
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
2026-05-05 15:23:52 +01:00
Boyan Karatotev
62759f70a1 fix(arm): clean up FEAT_RME #ifdefs
The pattern for is_feat_xyz_supported() is to not use any #if directives
around it and instead to rely on the compiler to do the right thing an
compile the redundant branches away. This does require a bit of dancing
to appease the compiler - there needs to be an empty function when
FEAT_XYZ is 0 to prevent linker errors.

Change-Id: I4e5eeec7c47d0d1a3dba45757d3d820d380d8e36
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
2026-05-01 10:46:39 +01:00
Boyan Karatotev
e7b88d470e Merge changes from topic "xl/cortex_a57-errata" into integration
* changes:
  fix(cpus): workaround for Cortex-A57 erratum 836019
  fix(cpus): workaround for Cortex-A57 erratum 817171
2026-04-30 15:17:38 +00:00
Xialin Liu
5c53650378 fix(cpus): workaround for Cortex-A57 erratum 817171
Cortex-A57 erratum 817171 is a Cat B erratum that applies to revisions
r0p0, r0p1. It is fixed in r1p0.

Set L2ACTLR_EL1[26] to 1'b1 to disable L2 regional clock gating.

SDEN documentation:
https://developer.arm.com/documentation/epm049219/latest

Change-Id: I3cf8e70a6abcab8f51098fb22a1d383e123a53d6
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-30 10:07:17 -05:00
Yann Gautier
9b0de099df Merge changes from topic "qti_refactor_drivers" into integration
* changes:
  refactor(qti): refactor QTI SMMU driver inclusion
  refactor(qti): refactor QTI xPU bypass driver inclusion
2026-04-30 15:02:09 +00:00
Xialin Liu
681fec3bf6 fix(cpus): workaround for Cortex-X1 erratum 2779479
Cortex-X1 erratum 2779479 is a Cat B erratum that applies to revisions
r0p0, r1p0, r1p1, r1p2. It is still open.

The erratum can be avoided by setting CPUACTLR3_EL1[47]. Setting this
chicken bit might have a small impact on power and negligible impact
on performance.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1401782/latest

Change-Id: I4926f7054be48b08f02f0a4de66114b4d51a5738
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-30 09:22:41 -05:00
Xialin Liu
f7771724fd fix(cpus): workaround for Cortex-X1 erratum 1515634
Cortex-X1 erratum 1515634 is a Cat B erratum that applies to revision
r0p0. It is fixed in r1p0.

Set CPUACTLR_EL1[11] to one, which flushes the L0 Macro-op cache for
all context synchronization events.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1401782/latest

Change-Id: I39bfe27c8dfe575994323aeedf0ed73d1e83745d
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-30 09:22:41 -05:00
Xialin Liu
e168af34f9 fix(cpus): workaround for Cortex-X1 erratum 1492189
Cortex-X1 erratum 1492189 is a Cat B erratum that applies to revision
r0p0. It is fixed in r1p0.

The workaround is to set CPUACTLR5_EL1[8] to 1'b1. The workaround
might result in a small increase in core power consumption.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1401782/latest

Change-Id: I288f88f092ee05c15cefb2e764663f4d17fc10a5
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-30 09:22:41 -05:00
Boyan Karatotev
f41aef3bd7 Merge changes from topic "xl/cortex_x4-errata" into integration
* changes:
  fix(cpus): workaround for Cortex-X4 erratum 2646977
  fix(cpus): workaround for Cortex-X4 erratum 2631888
  fix(cpus): workaround for Cortex-X4 erratum 2620954
  fix(cpus): workaround for Cortex-X4 erratum 2302507
2026-04-30 07:38:19 +00:00
Xialin Liu
6f7739413f fix(cpus): workaround for Cortex-X4 erratum 2646977
Cortex-X4 erratum 2646977 is a Cat B erratum that applies to revision
r0p0. It is fixed in r0p1.

This erratum can be avoided by setting CPUACTLR5_EL1[56:55] to 0b01.

SDEN documentation:
https://developer.arm.com/documentation/109148/latest

Change-Id: Ica7e339280aa97c7d9f6fd8100bd463e4dd978ac
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-29 08:42:36 -05:00
Boyan Karatotev
7aaac5bfe1 Merge changes from topic "xl/cortex_a510-errata" into integration
* changes:
  fix(cpus): workaround for Cortex-A510 erratum 2002389
  fix(cpus): workaround for Cortex-A510 erratum 1976290
  fix(cpus): workaround for Cortex-A510 erratum 2028010
  fix(cpus): workaround for Cortex-A510 erratum 2027318
  fix(cpus): workaround for Cortex-A510 erratum 1975068
  fix(cpus): workaround for Cortex-A510 erratum 1966377
  fix(cpus): workaround for Cortex-A510 erratum 1952872
  fix(cpus): workaround for Cortex-A510 erratum 1942494
  fix(cpus): workaround for Cortex-A510 erratum 1937669
  fix(cpus): workaround for Cortex-A510 erratum 1910738
2026-04-28 15:10:10 +00:00
Xialin Liu
6fb793f91e fix(cpus): workaround for Cortex-A510 erratum 1975068
Cortex-A510 erratum 1975068 is a Cat B erratum that applies to
revision r0p0. It is fixed in r0p1.

In some systems, software can avoid using Non-shareable mappings.
Where that is not possible, software can set IMP_CMPXECTLR_EL1[9:8] =
0b11. This disables early forwarding of L2 hardware prefetches to
subsequent requests, and may incur a small but not negligible
performance impact.

SDEN documentation:
https://developer.arm.com/documentation/SDEN1873351/latest

Change-Id: I3ac6cbf43a0bbb798b5e39ee1030376afc1b125a
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-28 09:21:18 -05:00
Bipin Ravi
c4351f7f62 Merge changes Ic3a4f2b8,Iaaf0e4bd into integration
* changes:
  refactor(cpus): use sysreg_lazy_* for batched register writes
  feat(cpus): add sysreg_lazy_* macros for batched read-modify-write
2026-04-27 13:21:01 +00:00
Sumit Garg
4bcfd892ec refactor(qti): refactor QTI SMMU driver inclusion
QTI SMMU driver is only enabled on Kodiak without QTISECLIB being
enabled. So clean up the driver inclusion and remove any #ifdefry
from common code to make it more readable.

Change-Id: I6d7d4b2f12e1e8fc1b4126895a6ddf6c9a516f7e
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
2026-04-27 11:12:19 +05:30
Xialin Liu
84f62805f0 fix(cpus): workaround for Cortex-A510 erratum 1910738
Cortex-A510 erratum 1910738 is a Cat B erratum that applies to
revision r0p0. It is fixed in r0p1.

This erratum can be avoided by setting IMP_CPUECTLR_EL1[19] = 1,
IMP_CPUACTLR_EL1[4] = 1 and IMP_CPUACTLR_EL1[26] = 1.

SDEN documentation:
https://developer.arm.com/documentation/SDEN1873351/latest

Change-Id: I93ebe8dc7908c52239cfe10d063016a58855f17f
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-24 12:50:08 -05:00
Boyan Karatotev
e7e231d39c Merge changes Ic8700325,I6a3a9f28,I91a28b5f,Ia69289bf,I81d9b73a, ... into integration
* changes:
  feat(cpufeat): constrain RAS_TRAP_NS_ERR_REC_ACCESS on ENABLE_FEAT_RAS
  fix(build): set defaults to feature flags before platform.mk
  refactor(cpufeat): unify FEAT_IDTE3's definitions with arch.h
  refactor(el3-runtime): generalise sysreg trapping
  refactor(el3-runtime): use contexted SCR_EL3 instead of the register
  build: rename default_ones to set_ones
2026-04-24 13:54:45 +00:00
Sumit Garg
70f777f163 refactor(qti): refactor QTI xPU bypass driver inclusion
QTI xPU bypass driver is only needed on Kodiak when QTISECLIB is
enabled to workaround an issue observed during Linux boot. So clean
up the driver inclusion and remove any #ifdefry from common code to
make it more readable.

Change-Id: Ieca67a8298443a672b718dff34c79c1b49918251
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
2026-04-24 09:57:56 +05:30
Bipin Ravi
c039a8a67e Merge changes from topic "xl/cortex_a77-errata" into integration
* changes:
  fix(cpus): workaround for Cortex-A77 erratum 3888015
  fix(cpus): update Cortex-A77 applied revision for CVE-2024-5660
  fix(cpus): workaround for Cortex-A77 erratum 1515815
  fix(cpus): workaround for Cortex-A77 erratum 1273521
  fix(cpus): workaround for Cortex-A77 erratum 1253791
  fix(cpus): workaround for Cortex-A77 erratum 1220737
  fix(cpus): workaround for Cortex-A77 erratum 1204882
  fix(cpus): workaround for Cortex-A77 erratum 1160841
2026-04-23 21:44:29 +00:00
Varun Wadekar
b5b57691b9 feat(cpus): add sysreg_lazy_* macros for batched read-modify-write
This patch introduces five assembly macros that collapse multiple
bit-manipulation operations on the same system register into a
single mrs/msr pair:

  sysreg_lazy_start  _reg   -- read register into x1
  sysreg_lazy_set    _bit   -- ORR bit into x1 (any 64-bit mask)
  sysreg_lazy_clear  _bit   -- BIC bit from x1 (any 64-bit mask)
  sysreg_lazy_insert _src, _lsb, _width -- BFI into x1
  sysreg_lazy_commit _reg   -- write x1 back to register

Each sysreg_bit_set / sysreg_bit_clear / sysreg_bitfield_insert call
issues its own mrs+msr pair.  When several of those target the same
register the reads and writes are redundant.  The lazy helpers
replace N reads and N writes with one read and one write.

x1 holds the accumulated register value between start and commit.
x0 is used as a scratch register by sysreg_lazy_set,
sysreg_lazy_clear, and sysreg_lazy_insert.  mov_imm is used for bit
values to support arbitrary 64-bit masks, consistent with the
existing hand-written mrs/mov_imm/orr/msr patterns in CPU files.

Change-Id: Iaaf0e4bd7ba85c69d9063b012a9066b3ba40b58e
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
2026-04-23 17:47:39 +00:00
Xialin Liu
874d48d875 fix(cpus): workaround for Cortex-A77 erratum 1515815
Cortex-A77 erratum 1515815 is a Cat B erratum that applies to
revisions r0p0, r1p0. It is fixed in r1p1.

Set CPUACTLR_EL1[11] to 1 so that the L0 Macro-op cache is flushed for
all context synchronization events, ensuring that only a single
instruction is executed before a software step or halt step exception
is taken.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1152370/latest

Change-Id: I1e6faf5a699734f9a5be848807e9c3fa5110d569
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-23 09:20:35 -05:00
Xialin Liu
9b73520c9a fix(cpus): workaround for Cortex-A77 erratum 1253791
Cortex-A77 erratum 1253791 is a Cat B erratum that applies to revision
r0p0. It is fixed in r1p0.

This erratum can be avoided by setting CPUACTLR3_EL1[10] to 1, which
prevents parallel execution of divide and square root instructions.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1152370/latest

Change-Id: I76895d167a477246ff5bc6c87237fb4f9724c547
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-23 09:20:35 -05:00
Xialin Liu
ed3c0646e6 fix(cpus): workaround for Cortex-A77 erratum 1220737
Cortex-A77 erratum 1220737 is a Cat B erratum that applies to revision
r0p0. It is fixed in r1p0.

This erratum can be avoided by setting CPUECTLR_EL1[25:24] to 0b11,
which disables write streaming to the L2. This will have an impact on
performance for streaming workloads.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1152370/latest

Change-Id: Iad21fad2b774234b1df808a4074eb3aabc01f2f3
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-23 09:20:31 -05:00
Xialin Liu
183e1d799d fix(cpus): workaround for Cortex-A78AE erratum 2779481
Cortex-A78AE erratum 2779481 is a Cat B erratum that applies to
revisions r0p0, r0p1, r0p2. It is fixed in r0p3.

The erratum can be avoided by setting CPUACTLR3_EL1[47].

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1707912/latest

Change-Id: If45cd8efe24768aaa0d31f56b3b297ba1c10980f
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-23 08:41:28 -05:00
Xialin Liu
16ec568592 fix(cpus): workaround for Cortex-A78AE erratum 2743229
Cortex-A78AE erratum 2743229 is a Cat B erratum that applies to
revisions r0p0, r0p1, r0p2. It is fixed in r0p3.

This erratum can be avoided by setting CPUACTLR5_EL1[56:55] to 0b01.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1707912/latest

Change-Id: Ic9a60a695eb00574c25490376337a4ad09b9b2c7
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-23 08:41:28 -05:00
Matthew Ellis
8694619500 refactor(measured-boot): remove old tcg.h
libeventlog provides its own tcg.h, and this should be used.
Remove old tcg.h from TF-A source tree.

Change-Id: I58c6af9480d4bee11751aeebd53829da0bde52c4
Signed-off-by: Matthew Ellis <Matthew.Ellis@arm.com>
2026-04-23 14:03:34 +01:00
Bipin Ravi
118d150188 Merge changes from topic "xl/cortex_a715-errata" into integration
* changes:
  fix(cpus): workaround for Cortex-A715 erratum 2238661
  fix(cpus): workaround for Cortex-A715 erratum 2275754
  fix(cpus): workaround for Cortex-A715 erratum 2284544
  fix(cpus): workaround for Cortex-A715 erratum 2239006
  fix(cpus): workaround for Cortex-A715 erratum 2292761
2026-04-21 22:55:43 +00:00
Xialin Liu
b246d9d545 fix(cpus): workaround for Cortex-A715 erratum 2292761
Cortex-A715 erratum 2292761 is a Cat B erratum that applies to
revision r0p0. It is fixed in r1p0.

This erratum can be avoided by setting CPUACTLR4_EL1[13] to 1. Using
this workaround has no performance impact.

SDEN documentation:
https://developer.arm.com/documentation/SDEN2148827/latest

Change-Id: Ie2bddb8535a0070da1a58a7753ad3a95c5005646
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-20 16:44:48 -05:00
Xialin Liu
d8b97cf4e7 fix(cpus): workaround for Cortex-A78 erratum 1479939
Cortex-A78 erratum 1479939 is a Cat B erratum that applies to
revision r0p0. It is fixed in r1p0.

This erratum can be avoided by setting CPUACTLR_EL1[13] to 1 to
disable a performance feature. This should be done before enabling the
MMU.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1401784/latest

Change-Id: I553697b5d34da00298526ee0988f52dea8e9e93f
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
2026-04-20 14:48:49 -05:00