Merge changes from topic "feat_rme" into integration

* changes:
fix(firme): granule management service
feat(gpt): move gpt support under ENABLE_FEAT_RME
feat(rmmd): replace ENABLE_RME with ENA

Merge changes from topic "feat_rme" into integration

* changes:
fix(firme): granule management service
feat(gpt): move gpt support under ENABLE_FEAT_RME
feat(rmmd): replace ENABLE_RME with ENABLE_RMM
feat(rme): split off ENABLE_FEAT_RME

show more ...

feat(gpt): move gpt support under ENABLE_FEAT_RME

Granule Protection Tables (GPT) library support is enabled only when
ENABLE_RMM is set (previously this build option was ENABLE_RME). Since
RME rela

feat(gpt): move gpt support under ENABLE_FEAT_RME

Granule Protection Tables (GPT) library support is enabled only when
ENABLE_RMM is set (previously this build option was ENABLE_RME). Since
RME related support is now enabled using feature detection option
ENABLE_FEAT_RME, this patch moves GPT support under ENABLE_FEAT_RME.

This change brings in below benefits:
- single TF-A build that works for RME and non-RME systems, when
build with ENABLE_FEAT_RME=2 (FEAT_STATE_CHECK)
- RMM loading is optional on RME systems
- SiP calls that leverages RME features to change the PAS of a memory
range from non-secure to secure is supported without need to enable
Realm PAS or RMM.
- FIRME Granule Management Interface (GMI) ABIs that handles
FEAT_RME_GPC2/FEAT_RME_GDI can be enabled without need to enable RMM

Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I88d9d4e0491af2b4ae0307c018f2d4a71ee6693f

show more ...

feat(rmmd): replace ENABLE_RME with ENABLE_RMM

RME architectural requirements are now handled under the feature
detection option ENABLE_FEAT_RME. However, the existing ENABLE_RME build
option perfor

feat(rmmd): replace ENABLE_RME with ENABLE_RMM

RME architectural requirements are now handled under the feature
detection option ENABLE_FEAT_RME. However, the existing ENABLE_RME build
option performs RMM-specific tasks such as GPT setup, loading the RMM,
and enabling RMMD support.

Since ENABLE_RME now only controls RMM-related functionality, rename it
to ENABLE_RMM to better reflect its purpose and avoid confusion with
ENABLE_FEAT_RME.

For backward compatibility, setting the legacy ENABLE_RME=1 (until it is
deprecated) will automatically enable both ENABLE_FEAT_RME and
ENABLE_RMM.

Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Iac945bdffe5002161bf1161b81a5aa7abec68192

show more ...

feat(rme): split off ENABLE_FEAT_RME

ENABLE_RME currently controls multiple, distinct aspects of RME support,
including forcing BL2 to EL3, ROOT world page table setup, GPT
initialization, and full

feat(rme): split off ENABLE_FEAT_RME

ENABLE_RME currently controls multiple, distinct aspects of RME support,
including forcing BL2 to EL3, ROOT world page table setup, GPT
initialization, and full RMM loading and handling.

While full CCA support requires all of these steps, some systems running
on FEAT_RME-capable cores do not need or want an RMM. However, such
systems still require TF-A page table entries to set the .NSE bit so
that TF-A accesses are correctly attributed to the ROOT world,
otherwise, enabling the MMU may cause the system to hang.

To address this, a new build option, ENABLE_FEAT_RME, is introduced. It
handles only the .NSE PTE setup and ignores the rest of the RME/RMM
initialization. ENABLE_FEAT_RME follows the ENABLE_FEAT_* convention and
supports values 0–2, with 2 enabling runtime detection.

Full RME functionality remains gated by ENABLE_RME, which now implicitly
enables ENABLE_FEAT_RME, allowing TF-A to run safely on FEAT_RME systems
without requiring an RMM.

Change-Id: I8391652842ff2e62a73b61829c6250c3805d4a4e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge "fix: enable FIRME interface for CCA" into integration

fix: enable FIRME interface for CCA

Set FIRME_SUPPORT to 1 under ENABLE_RME block to enable FIRME
interface as mandated by FIRME specification[1].

[1] https://developer.arm.com/documentation/den014

fix: enable FIRME interface for CCA

Set FIRME_SUPPORT to 1 under ENABLE_RME block to enable FIRME
interface as mandated by FIRME specification[1].

[1] https://developer.arm.com/documentation/den0149/latest/

Change-Id: I743251c202f5d8f48baab59e8ad57882c0b8374b
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Merge "fix(cpus)!: make ERRATA_SME_POWER_DOWN work with the recommended state ID" into integration

fix(cpus)!: make ERRATA_SME_POWER_DOWN work with the recommended state ID

The ERRATA_SME_POWER_DOWN flag doesn't account for the recommended state
ID encoding, only for the default one. This patch m

fix(cpus)!: make ERRATA_SME_POWER_DOWN work with the recommended state ID

The ERRATA_SME_POWER_DOWN flag doesn't account for the recommended state
ID encoding, only for the default one. This patch makes it work by
removing the generic flag and incorporating the functionality into the
CPU and platform layers.

The ERRATA_SME_POWER_DOWN is an awkward fix in generic code to a
platform problem. The PSCI layer shouldn't care about any CPU's inner
workings but it does. This isn't ideal once the issue is fixed since
we'll have to carry the "legacy" fix in generic code.

This patch is marked as breaking since the ERRATA_SME_POWER_DOWN flag is
removed and a couple of lines are required if CPU hotplug encounters a
powerdown with live SME state (CPU suspend will work as before). This
will get discovered with a panic at EL3 so this patch leaves a comment
to be able to trace it back.

Change-Id: Ia52865f527e81a8be3727093ed370901e55c5fef
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "test(bl): add short-read negative test scenario" into integration

test(bl): add short-read negative test scenario

Add an opt-in negative test mode that simulates a short read
for a selected image_id during image loading. This exercises
the partial-read error handl

test(bl): add short-read negative test scenario

Add an opt-in negative test mode that simulates a short read
for a selected image_id during image loading. This exercises
the partial-read error handling path and is intended for CI
validation only.

Disabled by default via build options.

Change-Id: I219b75898e1778c0b263f99a9370425098d52f8f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "el3-rmm-itf" into integration

* changes:
docs(rmm): update EL3-RMM contract
feat(rmmd): expand RMM SMC return registers
fix(cm): don't context switch GICv3 registers

Merge changes from topic "el3-rmm-itf" into integration

* changes:
docs(rmm): update EL3-RMM contract
feat(rmmd): expand RMM SMC return registers
fix(cm): don't context switch GICv3 registers on NS<->RL transitions

show more ...

fix(cm): don't context switch GICv3 registers on NS<->RL transitions

The GICv3 is architectured to solely manage interrupts targeted to
Normal and Secure world. It doesn't manage interrupts targetin

fix(cm): don't context switch GICv3 registers on NS<->RL transitions

The GICv3 is architectured to solely manage interrupts targeted to
Normal and Secure world. It doesn't manage interrupts targeting the
more recently introduced Realm world. Hence the new RMMv2.0
specification mandates that EL3 should not save and restore
the GIC registers on a world switch. This change is not backward
compatible with RMMv1.x ABI.

Note the change in implementation of cm_el2_sysregs_context_save()
and cm_el2_sysregs_context_restore() API as GIC state is not
managed by these APIs anymore.

Add new build flag RMM_V1_COMPAT to support backward compatibility
with RMMv1.x. This flag is currently enabled by default.

This patch is a reworked version of the original patch at:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/45658

NOTE: If RMM_V1_COMPAT is not enabled, then RMM_EL3_IFC_VERSION
is bumped to 1.0 which makes it incompatible with an RMM supporting
0.x.

Change-Id: If4c53b85ef31091c254b383ed7b32c39124f0dbb
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>

show more ...

Merge changes Iad777e77,I0eb24083 into integration

* changes:
feat(build): add Mbed TLS submodule
fix(brcm): fix bad Mbed TLS check

Merge changes from topic "mp/live_activate_sp" into integration

* changes:
docs(spm): describe support for SP live activation and relevant build flags
docs(spm): document ff-a manifest binding f

Merge changes from topic "mp/live_activate_sp" into integration

* changes:
docs(spm): describe support for SP live activation and relevant build flags
docs(spm): document ff-a manifest binding for SP live activation
feat(fvp): implement SP live activation callback
feat(fvp): enable discovery of two Secure Partitions for live activation
feat(fvp): introduce SP live activation component manager
feat(spmd): helpers for SP live activation framework messages
feat(lfa): build flags for SP live activation support
chore(fvp): remove the dummy function fvp_get_partition_info
feat(spmd): support for extended partition info descriptor

show more ...

feat(build): add Mbed TLS submodule

This change adds Mbed TLS 3.6.5 as a submodule to the TF-A repository.
It is no longer a requirement to pass `MBEDTLS_DIR` to the build system
when building confi

feat(build): add Mbed TLS submodule

This change adds Mbed TLS 3.6.5 as a submodule to the TF-A repository.
It is no longer a requirement to pass `MBEDTLS_DIR` to the build system
when building configurations which require it, as the build system will
now look inside the `contrib` directory if the parameter is missing.

If you cloned TF-A without the `--recurse-submodules` flag, you can
ensure that this submodule is present by running:

git submodule update --init --recursive

BREAKING-CHANGE: Mbed TLS is now included in the TF-A repository, and it
is no longer a requirement to pass `MBEDTLS_DIR` to the build system.
Please run `git submodule update --init --recursive` if you encounter
issues after migrating to the latest version of TF-A.

Change-Id: Iad777e77936d1c373065f17fe5c4aadc45e56b64
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

feat(lfa): build flags for SP live activation support

This patch introduces new build flags necessary for SP live activation
support and ensures all constraints are met.

BREAKING CHANGE: Temporaril

feat(lfa): build flags for SP live activation support

This patch introduces new build flags necessary for SP live activation
support and ensures all constraints are met.

BREAKING CHANGE: Temporarily fails to build

Change-Id: I17fba2ee935845816ae40067ca349b1eb9bb310c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge changes from topic "feat_rme" into integration

* changes:
fix(bl2): pie fixup size calculation
fix(rme): do not force set ARM_ARCH_MAJOR/MINOR for ENABLE_RME

fix(rme): do not force set ARM_ARCH_MAJOR/MINOR for ENABLE_RME

ARM_ARCH_MAJOR/MINOR is set to 9.2 when ENABLE_RME=1. It is not clear
why this is required and it is set early in the Makefile before t

fix(rme): do not force set ARM_ARCH_MAJOR/MINOR for ENABLE_RME

ARM_ARCH_MAJOR/MINOR is set to 9.2 when ENABLE_RME=1. It is not clear
why this is required and it is set early in the Makefile before the
platform specific Makefile. Also arch_features are setup based on
ARM_ARCH_MAJOR, ARM_ARCH_MINOR provided by the platform. So there is a
chance this could be overwritten by platform. This change removes
setting ARM_ARCH_MAJOR/MINOR to 9.2. If ENABLE_RME depends on other
architecture features then it must use ENABLE_FEAT option.

Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I1c74bb53e684d43c62e5f9b7259ebd76add84ff5

show more ...

Merge changes from topic "bk/new_feats" into integration

* changes:
feat(cpufeat): add support for FEAT_HACDBS
feat(cpufeat): add support for FEAT_HDBSS
feat(cpufeat): add support for FEAT_STE

Merge changes from topic "bk/new_feats" into integration

* changes:
feat(cpufeat): add support for FEAT_HACDBS
feat(cpufeat): add support for FEAT_HDBSS
feat(cpufeat): add support for FEAT_STEP2
feat(docs): update the feature guide to mention FEAT_IDTE3
fix(cpufeat): remove the feature list from arch_features.h
docs(cpufeat): add analysis of 2022 features
fix(cpus): use hint instruction instead of the psb mnemonic

show more ...

Merge "fix(build): use the correct value of host-poetry" into integration

fix(build): use the correct value of host-poetry

The build system reads the POETRY variable and
internally sets host-poetry to the correct path
of the poetry tool. Update the build files to always
u

fix(build): use the correct value of host-poetry

The build system reads the POETRY variable and
internally sets host-poetry to the correct path
of the poetry tool. Update the build files to always
use the internal variable to run the tool.

Change-Id: I5acec9530a80661b0dcda8fba64abaa9d09165e9
Signed-off-by: Andrei Homescu <ahomescu@xwf.google.com>

show more ...

feat(cpufeat): add support for FEAT_HACDBS

The Hardware accelerator for cleaning Dirty state feature also has two
register just like FEAT_HDBSS. They are guarded by a SCR_EL3 bit which
set for NS wo

feat(cpufeat): add support for FEAT_HACDBS

The Hardware accelerator for cleaning Dirty state feature also has two
register just like FEAT_HDBSS. They are guarded by a SCR_EL3 bit which
set for NS world only and are not context switched as a result. There is
no use for this feature at EL3.

Change-Id: Ica7a312d891a1671df8e9f2adbfe464d96bbcd4d
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

feat(cpufeat): add support for FEAT_HDBSS

The Hardware Dirty state tracking structure feature has two registers to
enable tracking at lower ELs which are guarded by an SCR_EL3 bit. Set
that bit for

feat(cpufeat): add support for FEAT_HDBSS

The Hardware Dirty state tracking structure feature has two registers to
enable tracking at lower ELs which are guarded by an SCR_EL3 bit. Set
that bit for NS only and do not context switch the registers. There is
no use of the feature at EL3.

Change-Id: I174a256d70a99abfafc65eed3a2fbdaea5ea946d
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

feat(cpufeat): add support for FEAT_STEP2

This feature only needs MDCR_EL3.EnSTEPOP to be written and mdstepop_el1
to be context switched when the next EL is EL1.

Change-Id: I70e2a488f4e50da4b181a0

feat(cpufeat): add support for FEAT_STEP2

This feature only needs MDCR_EL3.EnSTEPOP to be written and mdstepop_el1
to be context switched when the next EL is EL1.

Change-Id: I70e2a488f4e50da4b181a00648c4f608e1da451c
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topics "qemu-sve", "xl/simd-hash" into integration

* changes:
feat(qemu): disable fpregs traps for QEMU in BL31
feat(crypto): enable the runtime instrumentation for crypto ext

Merge changes from topics "qemu-sve", "xl/simd-hash" into integration

* changes:
feat(qemu): disable fpregs traps for QEMU in BL31
feat(crypto): enable the runtime instrumentation for crypto extension
feat(crypto): enable access to SIMD crypto in BL1 and BL2
feat(crypto): enable floating point register traps in EL3
feat(crypto): build flag for SIMD crypto extensions for v8+ platform
refactor(build): add a default filter list for lib cflags

show more ...