feat(cpufeat): enable FEAT_PAuth to FEAT_STATE_CHECKED

FEAT_PAuth is the second to last feature to be a boolean choice - it's
either unconditionally compiled in and must be present in hardware or
it

feat(cpufeat): enable FEAT_PAuth to FEAT_STATE_CHECKED

FEAT_PAuth is the second to last feature to be a boolean choice - it's
either unconditionally compiled in and must be present in hardware or
it's not compiled in. FEAT_PAuth is architected to be backwards
compatible - a subset of the branch guarding instructions (pacia/autia)
execute as NOPs when PAuth is not present. That subset is used with
`-mbranch-protection=standard` and -march pre-8.3. This patch adds the
necessary logic to also check accesses of the non-backward compatible
registers and allow a fully checked implementation.

Note that a checked support requires -march to be pre 8.3, as otherwise
the compiler will include branch protection instructions that are not
NOPs without PAuth (eg retaa) which cannot be checked.

Change-Id: Id942c20cae9d15d25b3d72b8161333642574ddaa
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "fix(build): update clang target for aarch64" into integration

Merge changes from topic "sm/rpkm" into integration

* changes:
docs(rmmd): document the EL3-RMM IDE KM Interface
feat(trp): test el3-rmm ide km interface
feat(rmmd): el3-rmm ide key management

Merge changes from topic "sm/rpkm" into integration

* changes:
docs(rmmd): document the EL3-RMM IDE KM Interface
feat(trp): test el3-rmm ide km interface
feat(rmmd): el3-rmm ide key management interface

show more ...

feat(rmmd): el3-rmm ide key management interface

Patch introduces the EL3-RMM SMC Interface for Root Port
Key management as per RFC discussed here:
https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM

feat(rmmd): el3-rmm ide key management interface

Patch introduces the EL3-RMM SMC Interface for Root Port
Key management as per RFC discussed here:
https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM-IDE-KM-Interface

Three IDE Key management smc calls have been added:
- RMM_IDE_KEY_PROG()
- RMM_IDE_KEY_SET_GO()
- RMM_IDE_KEY_SET_STOP()
- RMM_IDE_KM_PULL_RESPONSE()

Due to the absence of root port support in FVP, we are
currently adding placeholders in this patch for the platform
APIs to return success irrespective of the arguments being passed
by the caller(Realms). The SMCs are guarded by
`RMMD_ENABLE_IDE_KEY_PROG` build flag and is disabled by default.
We expect that once the SMCs are stabilized, this build flag will
not be required anymore.

Change-Id: I9411eb7787dac2a207bd14710d251503bd9626ce
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

fix(trng): allow FEAT_RNG_TRAP in dynamic fashion

The documentation promises for ENABLE_FEAT_RNG_TRAP to support the
numeric semantics, with a value of "2" meaning runtime detection. However
two pla

fix(trng): allow FEAT_RNG_TRAP in dynamic fashion

The documentation promises for ENABLE_FEAT_RNG_TRAP to support the
numeric semantics, with a value of "2" meaning runtime detection. However
two places in the build system did not support this, instead were just
checking for a value of "1".

Fix the AArch32 check and build the FVP specific handler routine when
the value is not "0", instead of relying on it to be exactly "1".

Change-Id: I1acd3ed6d2a461d541b9bf57e4aac9c0798ab56b
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge "fix(rme): do not trap access to MPAM system registers in Realm mode" into integration

fix(rme): do not trap access to MPAM system registers in Realm mode

Change-Id: I77496ee962727687b28f71a1a15b4fe4133c613c
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>

Merge "build(poetry): install SP dependencies with `--no-root`" into integration

Merge changes from topic "dtpm_poc" into integration

* changes:
feat(docs): update mboot threat model with dTPM
docs(tpm): add design documentation for dTPM
fix(rpi3): expose BL1_RW to BL2 ma

Merge changes from topic "dtpm_poc" into integration

* changes:
feat(docs): update mboot threat model with dTPM
docs(tpm): add design documentation for dTPM
fix(rpi3): expose BL1_RW to BL2 map for mboot
feat(rpi3): add dTPM backed measured boot
feat(tpm): add Infineon SLB9670 GPIO SPI config
feat(tpm): add tpm drivers and framework
feat(io): add generic gpio spi bit-bang driver
feat(rpi3): implement eventlog handoff to BL33
feat(rpi3): implement mboot for rpi3

show more ...

build(poetry): install SP dependencies with `--no-root`

Change-Id: I2981cb438be6f4569d069203b555310588db2627
Signed-off-by: Chris Kay <chris.kay@arm.com>

feat(tpm): add tpm drivers and framework

Add tpm2 drivers to tf-a with adequate framework
-implement a fifo spi interface that works
with discrete tpm chip.
-implement tpm command layer interfaces

feat(tpm): add tpm drivers and framework

Add tpm2 drivers to tf-a with adequate framework
-implement a fifo spi interface that works
with discrete tpm chip.
-implement tpm command layer interfaces that are used
to initialize, start and make measurements and
close the interface.
-tpm drivers are built using their own make file
to allow for ease in porting across platforms,
and across different interfaces.

Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: Ie1a189f45c80f26f4dea16c3bd71b1503709e0ea

show more ...

Merge "fix(cpufeat): add feat_hcx check before enabling FEAT_MOPS" into integration

fix(cpufeat): add feat_hcx check before enabling FEAT_MOPS

This patch also checks for FEAT_HCX before enabling FEAT_MOPS
when INIT_UNUSED_NS_EL1 = 1 and adds build dependency check.

Signed-off-by:

fix(cpufeat): add feat_hcx check before enabling FEAT_MOPS

This patch also checks for FEAT_HCX before enabling FEAT_MOPS
when INIT_UNUSED_NS_EL1 = 1 and adds build dependency check.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Iff4a068aa392fc8d29e2e4da7a2e7df0b3104e65

show more ...

Merge "feat(rmmd): add FEAT_MEC support" into integration

feat(rmmd): add FEAT_MEC support

This patch provides architectural support for further use of
Memory Encryption Contexts (MEC) by declaring the necessary
registers, bits, masks, helpers and values a

feat(rmmd): add FEAT_MEC support

This patch provides architectural support for further use of
Memory Encryption Contexts (MEC) by declaring the necessary
registers, bits, masks, helpers and values and modifying the
necessary registers to enable FEAT_MEC.

Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I670dbfcef46e131dcbf3a0b927467ebf6f438fa4

show more ...

Merge "build(poetry): install dependencies with `--no-root`" into integration

build(poetry): install dependencies with `--no-root`

More recent versions of Poetry introduced the `package-mode` key to
configure whether the project should be used for dependency management
only,

build(poetry): install dependencies with `--no-root`

More recent versions of Poetry introduced the `package-mode` key to
configure whether the project should be used for dependency management
only, but this is incompatible with the earlier versions of Poetry that
we still support.

Instead, we rely on installing with the `--no-root` flag, which behaves
similarly. Installing without passing the `--no-root` flag is
deprecated, and in recent versions of Poetry has become a hard error.

This change ensures that the build system always installs dependencies
with the required flag.

Change-Id: Ic1543511314dcd20c00b73fd9e8cfae3dd034a41
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge changes from topic "kc/stmm" into integration

* changes:
fix(build): run sp_mk_gen.py with poetry
feat(sptool): add StMM memory region descriptor
feat(sptool): specify endianness for HOB

Merge changes from topic "kc/stmm" into integration

* changes:
fix(build): run sp_mk_gen.py with poetry
feat(sptool): add StMM memory region descriptor
feat(sptool): specify endianness for HOB bin
feat(fvp): increase cactus-tertiary size
feat(sptool): include HOB file in the TL pkg
feat(sptool): invoke the HOB list creation code
feat(sptool): add the HOB list creation script
chore: add fdt dependencies to poetry

show more ...

fix(build): run sp_mk_gen.py with poetry

If Poetry is available in the build environment, use Poetry when
running sp_mk_gen.py script. This ensures dependencies that are needed
to run the script are

fix(build): run sp_mk_gen.py with poetry

If Poetry is available in the build environment, use Poetry when
running sp_mk_gen.py script. This ensures dependencies that are needed
to run the script are accounted for.

Needed to successfully run the following config:
spm-l2-boot-tests/fvp-default,fvp-spm-optee-sp,fvp-default: \
fvp-spm.optee.sp

Change-Id: Icca4249dab929f1bcf5f4454d472cf6923e3ee17
Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>

show more ...

Merge "build: ensure dependencies are installed for `memmap` target" into integration

build: ensure dependencies are installed for `memmap` target

The `memmap` build system target was recently migrated over to an
independent Poetry project, but its build system target was not updated

build: ensure dependencies are installed for `memmap` target

The `memmap` build system target was recently migrated over to an
independent Poetry project, but its build system target was not updated
to install its dependencies.

Change-Id: If46e2a4609d47467cac07426c1cde65e2e0944cb
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge changes I0396b597,I326f920f,I0437eec8,Ieadf01fc,I4e1d8c24, ... into integration

* changes:
feat(fvp): set defaults for build commandline
docs(arm): enable Linux boot from fip as BL33
fea

Merge changes I0396b597,I326f920f,I0437eec8,Ieadf01fc,I4e1d8c24, ... into integration

* changes:
feat(fvp): set defaults for build commandline
docs(arm): enable Linux boot from fip as BL33
feat(arm): enable Linux boot from fip as BL33
docs(fvp): update fvp build time options
docs(arm): add initrd props to dtb at build time
feat(arm): add initrd props to dtb at build time

show more ...

feat(arm): add initrd props to dtb at build time

Add initrd properties to the device tree blob at build time, giving
users the ability to run a linux kernel and successfully boot it to
the terminal.

feat(arm): add initrd props to dtb at build time

Add initrd properties to the device tree blob at build time, giving
users the ability to run a linux kernel and successfully boot it to
the terminal. Users can boot a linux kernel in a normal flow as well
as in RESET_TO_BL31. This function is an extension of the build time
option "ARM_LINUX_KERNEL_AS_BL33=1".

The build time options INITRD_SIZE or INITRD_PATH will trigger the
insertion of initrd properties in to the DTB. If both options are
provided then the INITRD_SIZE will take precedence.

The available options are:
INITRD_SIZE: Provide the initrd size in dec or hex (hex format must
precede with '0x'.
Example: INITRD_SIZE=0x1000000

INITRD_PATH: Provide an initrd path for the build time to find its
exact size.

INITRD_BASE: A required build time option that sets the initrd base
address in hex format. A default value can be set by the platform.
Example: INITRD_BASE=0x90000000

Change-Id: Ief8de5f00c453509bcc6e978e0a95d768f1f509c
Signed-off-by: Salman Nabi <salman.nabi@arm.com>

show more ...

Merge "refactor(memmap): migrate to Poetry" into integration

Merge changes from topic "gr/build_fix_spmd" into integration

* changes:
fix(rdv3): handle invalid build combination
fix(build): handle invalid spd build options