<feed xmlns='http://www.w3.org/2005/Atom'>
<title>software/arm-trusted-firmware.git/bl1, branch master</title>
<subtitle>Trusted Firmware-A</subtitle>
<id>https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/atom?h=master</id>
<link rel='self' href='https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/'/>
<updated>2026-06-22T17:32:17+00:00</updated>
<entry>
<title>fix(bl): use #ifdef for __aarch64__ flags</title>
<updated>2026-06-22T17:32:17+00:00</updated>
<author>
<name>Yann Gautier</name>
<email>yann.gautier@st.com</email>
</author>
<published>2026-05-28T14:34:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/commit/?id=d313bf716639fb91e613840ce7d15c7ccadf4557'/>
<id>urn:sha1:d313bf716639fb91e613840ce7d15c7ccadf4557</id>
<content type='text'>
The __aarch64__ is only defined, without a value, it should be checked
with #ifdef.
This corrects -Wundef GCC warning.

Change-Id: I5eaced1ed72b0c45388cc4c0a896936a66fffd2c
Signed-off-by: Yann Gautier &lt;yann.gautier@st.com&gt;
</content>
</entry>
<entry>
<title>fix(bl1): harden FWU copy/auth overflow checks</title>
<updated>2026-04-13T12:00:33+00:00</updated>
<author>
<name>Manish V Badarkhe</name>
<email>Manish.Badarkhe@arm.com</email>
</author>
<published>2026-03-05T11:52:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/commit/?id=1d766b6fdb8c98ebf11500332a60511c1c313dae'/>
<id>urn:sha1:1d766b6fdb8c98ebf11500332a60511c1c313dae</id>
<content type='text'>
Use full-size overflow checks so invalid image source/size
values can’t wrap and slip past validation during copy/auth,
preventing out-of-range memory access.

Change-Id: Ie49793dd13e68f044c2ae78f33fcb1326d2853b4
Signed-off-by: Manish V Badarkhe &lt;Manish.Badarkhe@arm.com&gt;
</content>
</entry>
<entry>
<title>fix(cpus): unconstrain WORKAROUND_CVE_2025_0647</title>
<updated>2026-04-10T14:10:14+00:00</updated>
<author>
<name>Boyan Karatotev</name>
<email>boyan.karatotev@arm.com</email>
</author>
<published>2026-04-08T13:40:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/commit/?id=716c86481244772d12dea25999ac69a34406d28e'/>
<id>urn:sha1:716c86481244772d12dea25999ac69a34406d28e</id>
<content type='text'>
Conditional flag enables are strongly discouraged in TF-A because they
cause cyclic dependencies that we are not equipped to deal with. On a
real platform, ARM_ARCH_{MAJOR, MINOR} should be set in platform.mk but
WORKAROUND_CVE_2025_0647 gets its value before platform.mk is evaluated.

Further, WORKAROUND_CVE_2025_0647 is only present on cores the feature
set of which is known ahead of time. Using ARM_ARCH_{MAJOR, MINOR} is
redundant and incorrect (as it sidesteps the feature detection
mechanism).

This patch solves both of these issues by making
WORKAROUND_CVE_2025_0647 unconstrained by ARM_ARCH_{MAJOR, MINOR} and
making it buildable on a v8.0 target. Running the workaround will only
happen on affected cores which, by definition, all implement armv8.5 so
doing any checks in unnecessary.

Change-Id: Ia164077f09b552d42b558ada4f6036cabbd34f64
Signed-off-by: Boyan Karatotev &lt;boyan.karatotev@arm.com&gt;
</content>
</entry>
<entry>
<title>Merge "fix(bl1): clear loaded ID on pre-image load failure" into integration</title>
<updated>2026-04-09T12:51:38+00:00</updated>
<author>
<name>Manish V Badarkhe</name>
<email>manish.badarkhe@arm.com</email>
</author>
<published>2026-04-09T12:51:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/commit/?id=de387341ee73d99446fbbf6a7053d7b759b8b3a6'/>
<id>urn:sha1:de387341ee73d99446fbbf6a7053d7b759b8b3a6</id>
<content type='text'>
</content>
</entry>
<entry>
<title>refactor(bl1): drop ENABLE_RME check</title>
<updated>2026-03-03T10:15:40+00:00</updated>
<author>
<name>Arunachalam Ganapathy</name>
<email>arunachalam.ganapathy@arm.com</email>
</author>
<published>2025-11-03T10:27:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/commit/?id=1ac46d95278d376631f6305e045b36f3c1ac7564'/>
<id>urn:sha1:1ac46d95278d376631f6305e045b36f3c1ac7564</id>
<content type='text'>
Starting BL2 in EL3 is not tied to ENABLE_RME but to the boot flow.
In an RME-enabled boot flow, BL2 runs at EL3 and boots BL31. Therefore,
BL2_RUNS_AT_EL3 should be used to handle the transition to the next boot
image.

This change prepares the codebase for later patches that add feature
detection support for RME.

Signed-off-by: Arunachalam Ganapathy &lt;arunachalam.ganapathy@arm.com&gt;
Change-Id: Ic19b73f1edf5b5ccbd530c662c91e1d38a01fa36
</content>
</entry>
<entry>
<title>fix(bl1): clear loaded ID on pre-image load failure</title>
<updated>2026-02-19T10:30:27+00:00</updated>
<author>
<name>Manish V Badarkhe</name>
<email>Manish.Badarkhe@arm.com</email>
</author>
<published>2026-02-17T19:00:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/commit/?id=f3f88df6510e5f6c6e3f9746f0770fe3450091fd'/>
<id>urn:sha1:f3f88df6510e5f6c6e3f9746f0770fe3450091fd</id>
<content type='text'>
if bl1_plat_handle_pre_image_load() fails, remove the previously
marked loaded ID before returning -EPERM to avoid stale BL1-FWU state.

Change-Id: I6421fd764ec3d3e9ce896e4339921149fec118c6
Signed-off-by: Manish V Badarkhe &lt;Manish.Badarkhe@arm.com&gt;
</content>
</entry>
<entry>
<title>feat(crypto): enable the runtime instrumentation for crypto extension</title>
<updated>2026-01-28T16:30:41+00:00</updated>
<author>
<name>Xialin Liu</name>
<email>xialin.liu@arm.com</email>
</author>
<published>2025-10-22T20:49:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/commit/?id=993c004cab4d086ba4afe0bc6385a2640521ded2'/>
<id>urn:sha1:993c004cab4d086ba4afe0bc6385a2640521ded2</id>
<content type='text'>
Add runtime instrumentation for the authentication process in BL1
and BL2, to measure the speedup of the authentication after
enabling the crypto extension.

Change-Id: Ieea927e7e8bd0d109525f28b06510acf0ab62e5c
Signed-off-by: Xialin Liu &lt;xialin.liu@arm.com&gt;
</content>
</entry>
<entry>
<title>feat(crypto): enable access to SIMD crypto in BL1 and BL2</title>
<updated>2026-01-28T16:30:38+00:00</updated>
<author>
<name>Xialin Liu</name>
<email>xialin.liu@arm.com</email>
</author>
<published>2026-01-21T18:28:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/commit/?id=78efac713ef81a6341a2aef2731e049cb74655e6'/>
<id>urn:sha1:78efac713ef81a6341a2aef2731e049cb74655e6</id>
<content type='text'>
Disable the floating point register traps in image auth and
loading in BL1 and BL2 to allow the access to SIMD crypto
extension during the booting process.

Change-Id: I9c20715d54f5d2988aa706e91e1a657dcd06dfc2
Signed-off-by: Xialin Liu &lt;xialin.liu@arm.com&gt;
</content>
</entry>
<entry>
<title>fix(security): add workaround for CVE-2025-0647</title>
<updated>2026-01-23T21:14:36+00:00</updated>
<author>
<name>John Powell</name>
<email>john.powell@arm.com</email>
</author>
<published>2025-03-05T19:23:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/commit/?id=416b8613bc65b277d40fa43c90f36f4b65f67b96'/>
<id>urn:sha1:416b8613bc65b277d40fa43c90f36f4b65f67b96</id>
<content type='text'>
This workaround fixes an issue with the CPP RCTX instruction by
issuing an instruction patch sequence to trap uses of the CPP RCTX
instruction from EL0, EL1, and EL2 to EL3 and perform a workaround
procedure using the implementation defined trap handler to ensure
the correct behavior of the system. In addition, it includes an EL3
API to be used if EL3 firmware needs to use the CPP RCTX instruction.
This saves the overhead of exception handling, and EL3 does not
generically support trapping EL3-&gt;EL3, and adding support for that
is not trivial due to the implications for context management.

The issue affects the following CPUs:

C1-Premium
C1-Ultra
Cortex-A710
Cortex-X2
Cortex-X3
Cortex-X4
Cortex-X925
Neoverse N2
Neoverse V2
Neoverse V3
Neoverse V3AE (handled same as V3 CPU in TF-A CPU-Lib)

Arm Security Bulletin Document:
https://developer.arm.com/documentation/111546

Change-Id: I5e7589afbeb69ebb79c01bec80e29f572aff3d89
Signed-off-by: John Powell &lt;john.powell@arm.com&gt;
Signed-off-by: Govindraj Raja &lt;govindraj.raja@arm.com&gt;
</content>
</entry>
<entry>
<title>feat(el3-runtime): translate EL3 handled exceptions to C and always call prepare_el3_entry</title>
<updated>2025-12-19T07:51:40+00:00</updated>
<author>
<name>Boyan Karatotev</name>
<email>boyan.karatotev@arm.com</email>
</author>
<published>2025-10-20T13:03:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/arm/software/arm-trusted-firmware.git/commit/?id=14320bce3a5e8c213dd65c0c9c43dc8026e3bbbe'/>
<id>urn:sha1:14320bce3a5e8c213dd65c0c9c43dc8026e3bbbe</id>
<content type='text'>
Exception handling in BL31 is tricky business and to satisfy the varying
requirements of the different code paths it has thus far largely been
written in assembly. However, assembly is extremely tedious to read and
modify. Similar to context management, it is desirable to have as much
as possible in C. C code is generally easier to follow and can enable
the compiler to do more optimisations on surrounding code.

Most exceptions that BL31 deals with are the synchronous exceptions and
those are processed within BL31. They already get prepared for EL3 entry
and after the initial dispatch end up in C. So the dispatch can also be
converted in C. Interrupt exceptions are very similar so are converted
too. Finally, asynchronous external aborts share some code with
synchronous external aborts and may end up being processed deeper in
BL31. So they can safely be prepared for EL3 entry too and converted to
C so that they can share code properly.

The IMP DEF exceptions are not part of this refactor as their speed may
be important. There is currently little that uses them, but they can be
converted to C too once their use expands and usage allows it.

This refactor allows to expand the responsibilities of
prepare_el3_entry(). Its role is already to prepare context for
executing within EL3 but with this patch EL3 execution is synonymous
with C runtime execution. So it's given the responsibility of saving
spsr and elr as well as putting the runtime stack in.

When a synchronous exception happens, the only possible paths are to
enter the C EL3 runtime, exiting via el3_exit(), or to panic. In the EL3
runtime case, we always need prepare_el3_entry() and the runtime stack,
whereas in the panic case, this doesn't matter as we will never return.
So hoist the prepare_el3_entry() call and the changing of the stacks as
early as possible and make the rest of the code agnostic of this.

This patch also gets rid of smc_prohibited. It is an optimisation by
skipping prepare_el3_entry() when a bad smc call happens. However, speed
doesn't matter in this case as this is an erroneous case.

Change-Id: I411af9d17ef4046a736b1f4f5f8fbc9c28e66106
Signed-off-by: Boyan Karatotev &lt;boyan.karatotev@arm.com&gt;
</content>
</entry>
</feed>
