Revert "subtree updates"
Needs to go through CI
This reverts commit fc7e7973f3119e2bad511209aa336537dc5ffbed.
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch
index 9ae4b39..a9a839e 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch
@@ -1,4 +1,4 @@
-From 3bc797e097ef2b29acf36560e4d2bfeec31f8d81 Mon Sep 17 00:00:00 2001
+From f526797b83113cc64e3e658c22d8a5d269896a2a Mon Sep 17 00:00:00 2001
From: Ben Horgan <ben.horgan@arm.com>
Date: Fri, 4 Mar 2022 16:48:14 +0000
Subject: [PATCH] feat: emulate cntp timer register accesses using cnthps
@@ -19,7 +19,7 @@
create mode 100644 src/arch/aarch64/hypervisor/timer_el1.h
diff --git a/Makefile b/Makefile
-index 95cab9a56bfd..21cca938531d 100644
+index 95cab9a5..21cca938 100644
--- a/Makefile
+++ b/Makefile
@@ -60,7 +60,8 @@ CHECKPATCH := $(CURDIR)/third_party/linux/scripts/checkpatch.pl \
@@ -33,7 +33,7 @@
OUT ?= out/$(PROJECT)
OUT_DIR = out/$(PROJECT)
diff --git a/src/arch/aarch64/hypervisor/BUILD.gn b/src/arch/aarch64/hypervisor/BUILD.gn
-index 6068d1e8f075..de1a414dac68 100644
+index 6068d1e8..de1a414d 100644
--- a/src/arch/aarch64/hypervisor/BUILD.gn
+++ b/src/arch/aarch64/hypervisor/BUILD.gn
@@ -45,6 +45,7 @@ source_set("hypervisor") {
@@ -45,7 +45,7 @@
]
diff --git a/src/arch/aarch64/hypervisor/cpu.c b/src/arch/aarch64/hypervisor/cpu.c
-index 5e025b596674..edd5df134cfc 100644
+index bcf5ffce..d2df77d8 100644
--- a/src/arch/aarch64/hypervisor/cpu.c
+++ b/src/arch/aarch64/hypervisor/cpu.c
@@ -98,13 +98,20 @@ void arch_regs_reset(struct vcpu *vcpu)
@@ -72,7 +72,7 @@
}
diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c
-index 3422ff7b8265..c495df40f3f5 100644
+index 4bd8a3b4..4c1b6e48 100644
--- a/src/arch/aarch64/hypervisor/handler.c
+++ b/src/arch/aarch64/hypervisor/handler.c
@@ -34,6 +34,7 @@
@@ -83,8 +83,8 @@
/**
* Hypervisor Fault Address Register Non-Secure.
-@@ -1295,6 +1296,11 @@ void handle_system_register_access(uintreg_t esr_el2)
- inject_el1_sysreg_trap_exception(vcpu, esr_el2);
+@@ -1277,6 +1278,11 @@ void handle_system_register_access(uintreg_t esr_el2)
+ inject_el1_unknown_exception(vcpu, esr_el2);
return;
}
+ } else if (timer_el1_is_register_access(esr_el2)) {
@@ -93,11 +93,11 @@
+ return;
+ }
} else {
- inject_el1_sysreg_trap_exception(vcpu, esr_el2);
+ inject_el1_unknown_exception(vcpu, esr_el2);
return;
diff --git a/src/arch/aarch64/hypervisor/timer_el1.c b/src/arch/aarch64/hypervisor/timer_el1.c
new file mode 100644
-index 000000000000..c30e5543f436
+index 00000000..c30e5543
--- /dev/null
+++ b/src/arch/aarch64/hypervisor/timer_el1.c
@@ -0,0 +1,104 @@
@@ -207,7 +207,7 @@
+}
diff --git a/src/arch/aarch64/hypervisor/timer_el1.h b/src/arch/aarch64/hypervisor/timer_el1.h
new file mode 100644
-index 000000000000..04a43b6ca335
+index 00000000..04a43b6c
--- /dev/null
+++ b/src/arch/aarch64/hypervisor/timer_el1.h
@@ -0,0 +1,20 @@
@@ -232,10 +232,10 @@
+bool timer_el1_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
+ uintreg_t esr);
diff --git a/src/arch/aarch64/msr.h b/src/arch/aarch64/msr.h
-index 6edc39f2af48..bf1a66d1d4c5 100644
+index cd6778b4..55e78330 100644
--- a/src/arch/aarch64/msr.h
+++ b/src/arch/aarch64/msr.h
-@@ -131,3 +131,11 @@
+@@ -126,3 +126,11 @@
#define MSR_ELR_EL12 S3_5_C4_C0_1
#endif
@@ -247,3 +247,4 @@
+#define MSR_CNTHPS_CTL_EL2 S3_4_C14_C5_1
+#define MSR_CNTHPS_CVAL_EL2 S3_4_C14_C5_2
+#define MSR_CNTHPS_TVAL_EL2 S3_4_C14_C5_0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-tc-increase-heap-pages.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-tc-increase-heap-pages.patch
new file mode 100644
index 0000000..fa35efc
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-tc-increase-heap-pages.patch
@@ -0,0 +1,27 @@
+From 613dea068fa546956717ce0b60328e39d451f661 Mon Sep 17 00:00:00 2001
+From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
+Date: Fri, 29 Apr 2022 20:07:50 +0100
+Subject: [PATCH] tc: increase heap pages
+
+Upstream-Status: Pending
+Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
+---
+ BUILD.gn | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/BUILD.gn b/BUILD.gn
+index 6b9b383..62ba763 100644
+--- a/BUILD.gn
++++ b/BUILD.gn
+@@ -235,7 +235,7 @@ aarch64_toolchains("secure_tc") {
+ gicd_base_address = "0x30000000"
+ gicr_base_address = "0x30080000"
+ gicr_frames = 8
+- heap_pages = 60
++ heap_pages = 120
+ max_cpus = 8
+ max_vms = 16
+ branch_protection = "standard"
+--
+2.30.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch
index 3e67615..d9ec6e2 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch
@@ -1,4 +1,4 @@
-From 9f5b07e30c82713b9598ea60d9f802bd419b560f Mon Sep 17 00:00:00 2001
+From 97a8ca1835f5d9512dacda497540d5523e56c7dd Mon Sep 17 00:00:00 2001
From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Date: Tue, 26 Apr 2022 14:43:58 +0100
Subject: [PATCH] feat: emulate interrupt controller register access
@@ -16,10 +16,10 @@
4 files changed, 97 insertions(+)
diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c
-index c495df40f3f5..13578fc99670 100644
+index 4c1b6e48..cd5146bd 100644
--- a/src/arch/aarch64/hypervisor/handler.c
+++ b/src/arch/aarch64/hypervisor/handler.c
-@@ -1301,6 +1301,11 @@ void handle_system_register_access(uintreg_t esr_el2)
+@@ -1283,6 +1283,11 @@ void handle_system_register_access(uintreg_t esr_el2)
inject_el1_unknown_exception(vcpu, esr_el2);
return;
}
@@ -29,10 +29,10 @@
+ return;
+ }
} else {
- inject_el1_sysreg_trap_exception(vcpu, esr_el2);
+ inject_el1_unknown_exception(vcpu, esr_el2);
return;
diff --git a/src/arch/aarch64/hypervisor/perfmon.c b/src/arch/aarch64/hypervisor/perfmon.c
-index f13b035480d8..05e216c84c2e 100644
+index f13b0354..05e216c8 100644
--- a/src/arch/aarch64/hypervisor/perfmon.c
+++ b/src/arch/aarch64/hypervisor/perfmon.c
@@ -116,6 +116,10 @@
@@ -131,7 +131,7 @@
+ return true;
+}
diff --git a/src/arch/aarch64/hypervisor/perfmon.h b/src/arch/aarch64/hypervisor/perfmon.h
-index 81669ba1c401..c90d45bfc239 100644
+index 81669ba1..c90d45bf 100644
--- a/src/arch/aarch64/hypervisor/perfmon.h
+++ b/src/arch/aarch64/hypervisor/perfmon.h
@@ -70,3 +70,8 @@ bool perfmon_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
@@ -144,13 +144,14 @@
+bool intr_ctrl_el1_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
+ uintreg_t esr);
diff --git a/src/arch/aarch64/msr.h b/src/arch/aarch64/msr.h
-index bf1a66d1d4c5..b88a14b52f68 100644
+index 55e78330..82aa8846 100644
--- a/src/arch/aarch64/msr.h
+++ b/src/arch/aarch64/msr.h
-@@ -139,3 +139,6 @@
+@@ -134,3 +134,6 @@
#define MSR_CNTHPS_CTL_EL2 S3_4_C14_C5_1
#define MSR_CNTHPS_CVAL_EL2 S3_4_C14_C5_2
#define MSR_CNTHPS_TVAL_EL2 S3_4_C14_C5_0
+
+#define ICC_IGRPEN1_EL1 S3_0_C12_C12_7
+#define ICC_SGI1R_EL1 S3_0_C12_C11_5
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch
similarity index 80%
rename from meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch
index 9627a76..9960f65 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch
@@ -11,22 +11,21 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BUILD.gn b/BUILD.gn
-index cc6a78f4fdb8..acd1f9d1634b 100644
+index 62ba763..f26ce03 100644
--- a/BUILD.gn
+++ b/BUILD.gn
-@@ -245,7 +245,6 @@ aarch64_toolchains("secure_tc") {
- heap_pages = 180
+@@ -238,7 +238,6 @@ aarch64_toolchains("secure_tc") {
+ heap_pages = 120
max_cpus = 8
max_vms = 16
- branch_protection = "standard"
toolchain_args = {
plat_ffa = "//src/arch/aarch64/plat/ffa:spmc"
plat_psci = "//src/arch/aarch64/plat/psci:spmc"
-@@ -254,6 +253,7 @@ aarch64_toolchains("secure_tc") {
+@@ -247,5 +246,6 @@ aarch64_toolchains("secure_tc") {
secure_world = "1"
pl011_base_address = "0x7ff80000"
enable_mte = "1"
+ enable_vhe = "1"
- plat_log_level = "LOG_LEVEL_INFO"
}
}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-feat-disable-alignment-check-for-EL0-partitions.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-feat-disable-alignment-check-for-EL0-partitions.patch
new file mode 100644
index 0000000..5e620cf
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-feat-disable-alignment-check-for-EL0-partitions.patch
@@ -0,0 +1,318 @@
+From 1c4d28493faed6cf189c75fa91d19131e6a34e04 Mon Sep 17 00:00:00 2001
+From: Olivier Deprez <olivier.deprez@arm.com>
+Date: Mon, 8 Aug 2022 19:14:23 +0200
+Subject: [PATCH] feat: disable alignment check for EL0 partitions
+
+Relax hw alignment check specifically for (S-)EL0 partitions when
+Hafnium runs with VHE enabled. EL1 partitions have a specific control
+for EL1 and EL0 with respect to alignment check.
+Create a hyp_state structure (from already defined flying registers)
+within the vCPU context to hold the Hypervisor EL2 static configuration
+applied when a vCPU runs. This state is switched back and forth when
+running the Hypervisor or the VM.
+Add SCTLR_EL2 to this context. An EL0 partition context is initialized
+with SCTLR_EL2.A=0 such that alignment check is disabled when EL0 runs
+in the EL2&0 translation regime. SCTLR_EL2.A is set back when returning
+to the Hypervisor such that Hypervisor execution runs with aligment
+check enabled at EL2.
+Remove HCR_EL2 saving from vCPU exit path provided this register state
+is static and doesn't change while a vCPU runs.
+The rationale for such change is to permit running upstream SW stacks
+such as the EDKII/StandaloneMm [1] for which default build assumes
+unaligned accesses are permitted. Similar query exists for running
+Trusted Services on top of Hafnium [2].
+
+[1] https://github.com/tianocore/edk2/tree/master/StandaloneMmPkg
+[2] https://trusted-services.readthedocs.io/en/integration/
+
+Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
+Change-Id: I2906f4c712425fcfb31adbf89e2e3b9ca293f181
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/hafnium/hafnium/+/16195]
+---
+ src/arch/aarch64/hypervisor/cpu.c | 9 ++++---
+ src/arch/aarch64/hypervisor/exceptions.S | 32 ++++++++++++++++--------
+ src/arch/aarch64/hypervisor/feature_id.c | 6 ++---
+ src/arch/aarch64/hypervisor/handler.c | 18 +++++++------
+ src/arch/aarch64/inc/hf/arch/types.h | 9 +++++--
+ src/arch/aarch64/mm.c | 2 +-
+ src/arch/aarch64/sysregs.c | 11 ++++++--
+ src/arch/aarch64/sysregs.h | 2 +-
+ 8 files changed, 59 insertions(+), 30 deletions(-)
+
+diff --git a/src/arch/aarch64/hypervisor/cpu.c b/src/arch/aarch64/hypervisor/cpu.c
+index d2df77d8..a000159b 100644
+--- a/src/arch/aarch64/hypervisor/cpu.c
++++ b/src/arch/aarch64/hypervisor/cpu.c
+@@ -115,7 +115,9 @@ void arch_regs_reset(struct vcpu *vcpu)
+ }
+ }
+
+- r->hcr_el2 = get_hcr_el2_value(vm_id, vcpu->vm->el0_partition);
++ r->hyp_state.hcr_el2 =
++ get_hcr_el2_value(vm_id, vcpu->vm->el0_partition);
++ r->hyp_state.sctlr_el2 = get_sctlr_el2_value(vcpu->vm->el0_partition);
+ r->lazy.cnthctl_el2 = cnthctl;
+ if (vcpu->vm->el0_partition) {
+ CHECK(has_vhe_support());
+@@ -125,10 +127,11 @@ void arch_regs_reset(struct vcpu *vcpu)
+ * are ignored and treated as 0. There is no need to mask the
+ * VMID (used as asid) to only 8 bits.
+ */
+- r->ttbr0_el2 = pa_addr(table) | ((uint64_t)vm_id << 48);
++ r->hyp_state.ttbr0_el2 =
++ pa_addr(table) | ((uint64_t)vm_id << 48);
+ r->spsr = PSR_PE_MODE_EL0T;
+ } else {
+- r->ttbr0_el2 = read_msr(ttbr0_el2);
++ r->hyp_state.ttbr0_el2 = read_msr(ttbr0_el2);
+ r->lazy.vtcr_el2 = arch_mm_get_vtcr_el2();
+ r->lazy.vttbr_el2 = pa_addr(table) | ((uint64_t)vm_id << 48);
+ #if SECURE_WORLD == 1
+diff --git a/src/arch/aarch64/hypervisor/exceptions.S b/src/arch/aarch64/hypervisor/exceptions.S
+index 539e196d..d3732f86 100644
+--- a/src/arch/aarch64/hypervisor/exceptions.S
++++ b/src/arch/aarch64/hypervisor/exceptions.S
+@@ -20,6 +20,9 @@
+ #define ID_AA64PFR0_SVE_SHIFT (32)
+ #define ID_AA64PFR0_SVE_LENGTH (4)
+
++#define SCTLR_EL2_A_SHIFT (1)
++#define HCR_EL2_TGE_SHIFT (27)
++
+ /**
+ * Saves the volatile registers into the register buffer of the current vCPU.
+ */
+@@ -51,8 +54,6 @@
+ mrs x1, elr_el2
+ mrs x2, spsr_el2
+ stp x1, x2, [x18, #VCPU_REGS + 8 * 31]
+- mrs x1, hcr_el2
+- str x1, [x18, #VCPU_REGS + 8 * 33]
+ .endm
+
+ /**
+@@ -871,12 +872,13 @@ vcpu_restore_volatile_and_run:
+ msr elr_el2, x1
+ msr spsr_el2, x2
+
+- ldr x1, [x0, #VCPU_REGS + 8 * 33]
++ ldp x1, x2, [x0, #VCPU_REGS + 8 * 33]
+ msr hcr_el2, x1
++ msr ttbr0_el2, x2
+ isb
+
+- ldr x1, [x0, #VCPU_REGS + 8 * 34]
+- msr ttbr0_el2, x1
++ ldr x1, [x0, #VCPU_REGS + 8 * 35]
++ msr sctlr_el2, x1
+ isb
+
+ /* Restore x0..x3, which we have used as scratch before. */
+@@ -886,15 +888,17 @@ vcpu_restore_volatile_and_run:
+
+ #if ENABLE_VHE
+ enable_vhe_tge:
++ mrs x0, id_aa64mmfr1_el1
++ tst x0, #0xf00
++ b.eq 1f
++
+ /**
+ * Switch to host mode ({E2H, TGE} = {1,1}) when VHE is enabled.
+ * Note that E2H is always set when VHE is enabled.
+ */
+- mrs x0, id_aa64mmfr1_el1
+- tst x0, #0xf00
+- b.eq 1f
+- orr x1, x1, #(1 << 27)
+- msr hcr_el2, x1
++ mrs x0, hcr_el2
++ orr x0, x0, #(1 << HCR_EL2_TGE_SHIFT)
++ msr hcr_el2, x0
+ isb
+
+ /**
+@@ -905,6 +909,14 @@ enable_vhe_tge:
+ ldr x0, [x0]
+ msr ttbr0_el2, x0
+ isb
++
++ /**
++ * Enable alignment check while Hypervisor runs.
++ */
++ mrs x0, sctlr_el2
++ orr x0, x0, #(1 << SCTLR_EL2_A_SHIFT)
++ msr sctlr_el2, x0
++ isb
+ 1:
+ ret
+ #endif
+diff --git a/src/arch/aarch64/hypervisor/feature_id.c b/src/arch/aarch64/hypervisor/feature_id.c
+index ed3bf8f1..57f32627 100644
+--- a/src/arch/aarch64/hypervisor/feature_id.c
++++ b/src/arch/aarch64/hypervisor/feature_id.c
+@@ -175,7 +175,7 @@ void feature_set_traps(struct vm *vm, struct arch_regs *regs)
+ ~(ID_AA64MMFR1_EL1_VH_MASK << ID_AA64MMFR1_EL1_VH_SHIFT);
+
+ if (features & HF_FEATURE_RAS) {
+- regs->hcr_el2 |= HCR_EL2_TERR;
++ regs->hyp_state.hcr_el2 |= HCR_EL2_TERR;
+ vm->arch.tid3_masks.id_aa64mmfr1_el1 &=
+ ~ID_AA64MMFR1_EL1_SPEC_SEI;
+ vm->arch.tid3_masks.id_aa64pfr0_el1 &= ~ID_AA64PFR0_EL1_RAS;
+@@ -221,14 +221,14 @@ void feature_set_traps(struct vm *vm, struct arch_regs *regs)
+ }
+
+ if (features & HF_FEATURE_LOR) {
+- regs->hcr_el2 |= HCR_EL2_TLOR;
++ regs->hyp_state.hcr_el2 |= HCR_EL2_TLOR;
+
+ vm->arch.tid3_masks.id_aa64mmfr1_el1 &= ~ID_AA64MMFR1_EL1_LO;
+ }
+
+ if (features & HF_FEATURE_PAUTH) {
+ /* APK and API bits *enable* trapping when cleared. */
+- regs->hcr_el2 &= ~(HCR_EL2_APK | HCR_EL2_API);
++ regs->hyp_state.hcr_el2 &= ~(HCR_EL2_APK | HCR_EL2_API);
+
+ vm->arch.tid3_masks.id_aa64isar1_el1 &= ~ID_AA64ISAR1_EL1_GPI;
+ vm->arch.tid3_masks.id_aa64isar1_el1 &= ~ID_AA64ISAR1_EL1_GPA;
+diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c
+index cd5146bd..8a3d6289 100644
+--- a/src/arch/aarch64/hypervisor/handler.c
++++ b/src/arch/aarch64/hypervisor/handler.c
+@@ -272,9 +272,9 @@ noreturn void sync_current_exception_noreturn(uintreg_t elr, uintreg_t spsr)
+ static void set_virtual_irq(struct arch_regs *r, bool enable)
+ {
+ if (enable) {
+- r->hcr_el2 |= HCR_EL2_VI;
++ r->hyp_state.hcr_el2 |= HCR_EL2_VI;
+ } else {
+- r->hcr_el2 &= ~HCR_EL2_VI;
++ r->hyp_state.hcr_el2 &= ~HCR_EL2_VI;
+ }
+ }
+
+@@ -283,14 +283,15 @@ static void set_virtual_irq(struct arch_regs *r, bool enable)
+ */
+ static void set_virtual_irq_current(bool enable)
+ {
+- uintreg_t hcr_el2 = current()->regs.hcr_el2;
++ struct vcpu *vcpu = current();
++ uintreg_t hcr_el2 = vcpu->regs.hyp_state.hcr_el2;
+
+ if (enable) {
+ hcr_el2 |= HCR_EL2_VI;
+ } else {
+ hcr_el2 &= ~HCR_EL2_VI;
+ }
+- current()->regs.hcr_el2 = hcr_el2;
++ vcpu->regs.hyp_state.hcr_el2 = hcr_el2;
+ }
+
+ /**
+@@ -300,9 +301,9 @@ static void set_virtual_irq_current(bool enable)
+ static void set_virtual_fiq(struct arch_regs *r, bool enable)
+ {
+ if (enable) {
+- r->hcr_el2 |= HCR_EL2_VF;
++ r->hyp_state.hcr_el2 |= HCR_EL2_VF;
+ } else {
+- r->hcr_el2 &= ~HCR_EL2_VF;
++ r->hyp_state.hcr_el2 &= ~HCR_EL2_VF;
+ }
+ }
+
+@@ -311,14 +312,15 @@ static void set_virtual_fiq(struct arch_regs *r, bool enable)
+ */
+ static void set_virtual_fiq_current(bool enable)
+ {
+- uintreg_t hcr_el2 = current()->regs.hcr_el2;
++ struct vcpu *vcpu = current();
++ uintreg_t hcr_el2 = vcpu->regs.hyp_state.hcr_el2;
+
+ if (enable) {
+ hcr_el2 |= HCR_EL2_VF;
+ } else {
+ hcr_el2 &= ~HCR_EL2_VF;
+ }
+- current()->regs.hcr_el2 = hcr_el2;
++ vcpu->regs.hyp_state.hcr_el2 = hcr_el2;
+ }
+
+ #if SECURE_WORLD == 1
+diff --git a/src/arch/aarch64/inc/hf/arch/types.h b/src/arch/aarch64/inc/hf/arch/types.h
+index 6379d73e..6b8b24f1 100644
+--- a/src/arch/aarch64/inc/hf/arch/types.h
++++ b/src/arch/aarch64/inc/hf/arch/types.h
+@@ -79,8 +79,13 @@ struct arch_regs {
+ uintreg_t r[NUM_GP_REGS];
+ uintreg_t pc;
+ uintreg_t spsr;
+- uintreg_t hcr_el2;
+- uintreg_t ttbr0_el2;
++
++ /* Hypervisor configuration while a vCPU runs. */
++ struct {
++ uintreg_t hcr_el2;
++ uintreg_t ttbr0_el2;
++ uintreg_t sctlr_el2;
++ } hyp_state;
+
+ /*
+ * System registers.
+diff --git a/src/arch/aarch64/mm.c b/src/arch/aarch64/mm.c
+index 8ee65ca0..487ae353 100644
+--- a/src/arch/aarch64/mm.c
++++ b/src/arch/aarch64/mm.c
+@@ -886,7 +886,7 @@ bool arch_mm_init(paddr_t table)
+ #endif
+ (0xff << (8 * STAGE1_NORMALINDX)),
+
+- .sctlr_el2 = get_sctlr_el2_value(),
++ .sctlr_el2 = get_sctlr_el2_value(false),
+ .vstcr_el2 = (1U << 31) | /* RES1. */
+ (0 << 30) | /* SA. */
+ (0 << 29) | /* SW. */
+diff --git a/src/arch/aarch64/sysregs.c b/src/arch/aarch64/sysregs.c
+index e8c154b1..087ba4ed 100644
+--- a/src/arch/aarch64/sysregs.c
++++ b/src/arch/aarch64/sysregs.c
+@@ -159,7 +159,7 @@ uintreg_t get_cptr_el2_value(void)
+ /**
+ * Returns the value for SCTLR_EL2 for the CPU.
+ */
+-uintreg_t get_sctlr_el2_value(void)
++uintreg_t get_sctlr_el2_value(bool is_el0_partition)
+ {
+ uintreg_t sctlr_el2_value = 0;
+
+@@ -173,7 +173,14 @@ uintreg_t get_sctlr_el2_value(void)
+
+ /* MMU-related bits. */
+ sctlr_el2_value |= SCTLR_EL2_M;
+- sctlr_el2_value |= SCTLR_EL2_A;
++
++ /*
++ * Alignment check enabled, but in the case of an EL0 partition
++ * with VHE enabled.
++ */
++ if (!(has_vhe_support() && is_el0_partition)) {
++ sctlr_el2_value |= SCTLR_EL2_A;
++ }
+ sctlr_el2_value |= SCTLR_EL2_C;
+ sctlr_el2_value |= SCTLR_EL2_SA;
+ sctlr_el2_value |= SCTLR_EL2_I;
+diff --git a/src/arch/aarch64/sysregs.h b/src/arch/aarch64/sysregs.h
+index babd2375..6fdab58e 100644
+--- a/src/arch/aarch64/sysregs.h
++++ b/src/arch/aarch64/sysregs.h
+@@ -668,7 +668,7 @@ uintreg_t get_mdcr_el2_value(void);
+
+ uintreg_t get_cptr_el2_value(void);
+
+-uintreg_t get_sctlr_el2_value(void);
++uintreg_t get_sctlr_el2_value(bool is_el0_partition);
+
+ /**
+ * Branch Target Identification mechanism support in AArch64 state.
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch
similarity index 90%
rename from meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch
index cd19f63..cfa7cfb 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch
@@ -1,4 +1,4 @@
-From 41f3ff2f011da69ff81234769353955e51c7e588 Mon Sep 17 00:00:00 2001
+From 4b59905d2fec01cc17038b1c167b4e57e7835adf Mon Sep 17 00:00:00 2001
From: Davidson K <davidson.kumaresan@arm.com>
Date: Thu, 7 Oct 2021 12:20:08 +0530
Subject: [PATCH] feat(vhe): set STAGE1_NS while mapping memory from NWd to SWd
@@ -17,10 +17,10 @@
1 file changed, 12 insertions(+)
diff --git a/src/ffa_memory.c b/src/ffa_memory.c
-index 5826cb2fdd4b..bae677633dea 100644
+index 048cca9c..8910cc79 100644
--- a/src/ffa_memory.c
+++ b/src/ffa_memory.c
-@@ -2618,6 +2618,18 @@ struct ffa_value ffa_memory_retrieve(struct vm_locked to_locked,
+@@ -2483,6 +2483,18 @@ struct ffa_value ffa_memory_retrieve(struct vm_locked to_locked,
memory_to_attributes = ffa_memory_permissions_to_mode(
permissions, share_state->sender_orig_mode);