1 /*
2 * Copyright (c) 2022-2023, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <arch_features.h>
8 #include <common/debug.h>
9 #include <common/feat_detect.h>
10
11 static bool tainted;
12
13 /*******************************************************************************
14 * This section lists the wrapper modules for each feature to evaluate the
15 * feature states (FEAT_STATE_ALWAYS and FEAT_STATE_CHECK) and perform
16 * necessary action as below:
17 *
18 * It verifies whether the FEAT_XXX (eg: FEAT_SB) is supported by the PE or not.
19 * Without this check an exception would occur during context save/restore
20 * routines, if the feature is enabled but not supported by PE.
21 ******************************************************************************/
22
23 #define feat_detect_panic(a, b) ((a) ? (void)0 : feature_panic(b))
24
25 /*******************************************************************************
26 * Function : feature_panic
27 * Customised panic function with error logging mechanism to list the feature
28 * not supported by the PE.
29 ******************************************************************************/
feature_panic(char * feat_name)30 static inline void feature_panic(char *feat_name)
31 {
32 ERROR("FEAT_%s not supported by the PE\n", feat_name);
33 panic();
34 }
35
36 /*******************************************************************************
37 * Function : check_feature
38 * Check for a valid combination of build time flags (ENABLE_FEAT_xxx) and
39 * feature availability on the hardware. <min> is the smallest feature
40 * ID field value that is required for that feature.
41 * Triggers a panic later if a feature is forcefully enabled, but not
42 * available on the PE. Also will panic if the hardware feature ID field
43 * is larger than the maximum known and supported number, specified by <max>.
44 *
45 * We force inlining here to let the compiler optimise away the whole check
46 * if the feature is disabled at build time (FEAT_STATE_DISABLED).
47 ******************************************************************************/
48 static inline void __attribute((__always_inline__))
check_feature(int state,unsigned long field,const char * feat_name,unsigned int min,unsigned int max)49 check_feature(int state, unsigned long field, const char *feat_name,
50 unsigned int min, unsigned int max)
51 {
52 if (state == FEAT_STATE_ALWAYS && field < min) {
53 ERROR("FEAT_%s not supported by the PE\n", feat_name);
54 tainted = true;
55 }
56 if (state >= FEAT_STATE_ALWAYS && field > max) {
57 ERROR("FEAT_%s is version %ld, but is only known up to version %d\n",
58 feat_name, field, max);
59 tainted = true;
60 }
61 }
62
63 /************************************************
64 * Feature : FEAT_PAUTH (Pointer Authentication)
65 ***********************************************/
read_feat_pauth(void)66 static void read_feat_pauth(void)
67 {
68 #if (ENABLE_PAUTH == FEAT_STATE_ALWAYS) || (CTX_INCLUDE_PAUTH_REGS == FEAT_STATE_ALWAYS)
69 feat_detect_panic(is_armv8_3_pauth_present(), "PAUTH");
70 #endif
71 }
72
73 /************************************************
74 * Feature : FEAT_MTE (Memory Tagging Extension)
75 ***********************************************/
read_feat_mte(void)76 static void read_feat_mte(void)
77 {
78 #if (CTX_INCLUDE_MTE_REGS == FEAT_STATE_ALWAYS)
79 unsigned int mte = get_armv8_5_mte_support();
80
81 feat_detect_panic((mte != MTE_UNIMPLEMENTED), "MTE");
82 #endif
83 }
84
85 /****************************************************
86 * Feature : FEAT_BTI (Branch Target Identification)
87 ***************************************************/
read_feat_bti(void)88 static void read_feat_bti(void)
89 {
90 #if (ENABLE_BTI == FEAT_STATE_ALWAYS)
91 feat_detect_panic(is_armv8_5_bti_present(), "BTI");
92 #endif
93 }
94
95 /**************************************************
96 * Feature : FEAT_RME (Realm Management Extension)
97 *************************************************/
read_feat_rme(void)98 static void read_feat_rme(void)
99 {
100 #if (ENABLE_RME == FEAT_STATE_ALWAYS)
101 feat_detect_panic((get_armv9_2_feat_rme_support() !=
102 ID_AA64PFR0_FEAT_RME_NOT_SUPPORTED), "RME");
103 #endif
104 }
105
106 /******************************************************************
107 * Feature : FEAT_RNG_TRAP (Trapping support for RNDR/RNDRRS)
108 *****************************************************************/
read_feat_rng_trap(void)109 static void read_feat_rng_trap(void)
110 {
111 #if (ENABLE_FEAT_RNG_TRAP == FEAT_STATE_ALWAYS)
112 feat_detect_panic(is_feat_rng_trap_present(), "RNG_TRAP");
113 #endif
114 }
115
116 /***********************************************************************************
117 * TF-A supports many Arm architectural features starting from arch version
118 * (8.0 till 8.7+). These features are mostly enabled through build flags. This
119 * mechanism helps in validating these build flags in the early boot phase
120 * either in BL1 or BL31 depending on the platform and assists in identifying
121 * and notifying the features which are enabled but not supported by the PE.
122 *
123 * It reads all the enabled features ID-registers and ensures the features
124 * are supported by the PE.
125 * In case if they aren't it stops booting at an early phase and logs the error
126 * messages, notifying the platforms about the features that are not supported.
127 *
128 * Further the procedure is implemented with a tri-state approach for each feature:
129 * ENABLE_FEAT_xxx = 0 : The feature is disabled statically at compile time
130 * ENABLE_FEAT_xxx = 1 : The feature is enabled and must be present in hardware.
131 * There will be panic if feature is not present at cold boot.
132 * ENABLE_FEAT_xxx = 2 : The feature is enabled but dynamically enabled at runtime
133 * depending on hardware capability.
134 *
135 * For better readability, state values are defined with macros, namely:
136 * { FEAT_STATE_DISABLED, FEAT_STATE_ALWAYS, FEAT_STATE_CHECK }, taking values
137 * { 0, 1, 2 }, respectively, as their naming.
138 **********************************************************************************/
detect_arch_features(void)139 void detect_arch_features(void)
140 {
141 tainted = false;
142
143 /* v8.0 features */
144 check_feature(ENABLE_FEAT_SB, read_feat_sb_id_field(), "SB", 1, 1);
145 check_feature(ENABLE_FEAT_CSV2_2, read_feat_csv2_id_field(),
146 "CSV2_2", 2, 3);
147 /*
148 * Even though the PMUv3 is an OPTIONAL feature, it is always
149 * implemented and Arm prescribes so. So assume it will be there and do
150 * away with a flag for it. This is used to check minor PMUv3px
151 * revisions so that we catch them as they come along
152 */
153 check_feature(FEAT_STATE_ALWAYS, read_feat_pmuv3_id_field(),
154 "PMUv3", 1, ID_AA64DFR0_PMUVER_PMUV3P7);
155
156 /* v8.1 features */
157 check_feature(ENABLE_FEAT_PAN, read_feat_pan_id_field(), "PAN", 1, 3);
158 check_feature(ENABLE_FEAT_VHE, read_feat_vhe_id_field(), "VHE", 1, 1);
159
160 /* v8.2 features */
161 check_feature(ENABLE_SVE_FOR_NS, read_feat_sve_id_field(),
162 "SVE", 1, 1);
163 check_feature(ENABLE_FEAT_RAS, read_feat_ras_id_field(), "RAS", 1, 2);
164
165 /* v8.3 features */
166 read_feat_pauth();
167
168 /* v8.4 features */
169 check_feature(ENABLE_FEAT_DIT, read_feat_dit_id_field(), "DIT", 1, 1);
170 check_feature(ENABLE_FEAT_AMU, read_feat_amu_id_field(),
171 "AMUv1", 1, 2);
172 check_feature(ENABLE_FEAT_MPAM, read_feat_mpam_version(),
173 "MPAM", 1, 17);
174 check_feature(CTX_INCLUDE_NEVE_REGS, read_feat_nv_id_field(),
175 "NV2", 2, 2);
176 check_feature(ENABLE_FEAT_SEL2, read_feat_sel2_id_field(),
177 "SEL2", 1, 1);
178 check_feature(ENABLE_TRF_FOR_NS, read_feat_trf_id_field(),
179 "TRF", 1, 1);
180
181 /* v8.5 features */
182 read_feat_mte();
183 check_feature(ENABLE_FEAT_RNG, read_feat_rng_id_field(), "RNG", 1, 1);
184 read_feat_bti();
185 read_feat_rng_trap();
186
187 /* v8.6 features */
188 check_feature(ENABLE_FEAT_AMUv1p1, read_feat_amu_id_field(),
189 "AMUv1p1", 2, 2);
190 check_feature(ENABLE_FEAT_FGT, read_feat_fgt_id_field(), "FGT", 1, 1);
191 check_feature(ENABLE_FEAT_ECV, read_feat_ecv_id_field(), "ECV", 1, 2);
192 check_feature(ENABLE_FEAT_TWED, read_feat_twed_id_field(),
193 "TWED", 1, 1);
194
195 /*
196 * even though this is a "DISABLE" it does confusingly perform feature
197 * enablement duties like all other flags here. Check it against the HW
198 * feature when we intend to diverge from the default behaviour
199 */
200 check_feature(DISABLE_MTPMU, read_feat_mtpmu_id_field(), "MTPMU", 1, 1);
201
202 /* v8.7 features */
203 check_feature(ENABLE_FEAT_HCX, read_feat_hcx_id_field(), "HCX", 1, 1);
204
205 /* v8.9 features */
206 check_feature(ENABLE_FEAT_TCR2, read_feat_tcr2_id_field(),
207 "TCR2", 1, 1);
208 check_feature(ENABLE_FEAT_S2PIE, read_feat_s2pie_id_field(),
209 "S2PIE", 1, 1);
210 check_feature(ENABLE_FEAT_S1PIE, read_feat_s1pie_id_field(),
211 "S1PIE", 1, 1);
212 check_feature(ENABLE_FEAT_S2POE, read_feat_s2poe_id_field(),
213 "S2POE", 1, 1);
214 check_feature(ENABLE_FEAT_S1POE, read_feat_s1poe_id_field(),
215 "S1POE", 1, 1);
216 check_feature(ENABLE_FEAT_MTE_PERM, read_feat_mte_perm_id_field(),
217 "MTE_PERM", 1, 1);
218
219 /* v9.0 features */
220 check_feature(ENABLE_BRBE_FOR_NS, read_feat_brbe_id_field(),
221 "BRBE", 1, 2);
222 check_feature(ENABLE_TRBE_FOR_NS, read_feat_trbe_id_field(),
223 "TRBE", 1, 1);
224
225 /* v9.2 features */
226 check_feature(ENABLE_SME_FOR_NS, read_feat_sme_id_field(),
227 "SME", 1, 2);
228 check_feature(ENABLE_SME2_FOR_NS, read_feat_sme_id_field(),
229 "SME2", 2, 2);
230
231 /* v9.4 features */
232 check_feature(ENABLE_FEAT_GCS, read_feat_gcs_id_field(), "GCS", 1, 1);
233
234 read_feat_rme();
235
236 if (tainted) {
237 panic();
238 }
239 }
240
