refactor(cm): introduce INIT_UNUSED_NS_EL2 macro

Introducing INIT_UNUSED_NS_EL2 macro which guards the code that
disables the unused EL2 when a platform hands off from EL3
to NS-EL1 instead of NS-EL

refactor(cm): introduce INIT_UNUSED_NS_EL2 macro

Introducing INIT_UNUSED_NS_EL2 macro which guards the code that
disables the unused EL2 when a platform hands off from EL3
to NS-EL1 instead of NS-EL2. Platforms without NS-EL2 in use
must enable this flag.

BREAKING CHANGE: Initialisation code for handoff from EL3 to NS-EL1
disabled by default. Platforms which do that need to enable this macro
going forward

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I61431cc4f7e2feb568d472828e5fd79cc73e51f5

show more ...

fix(build): don't generate build-id

1. build-id takes space in memory
2. in some cases for lto build linker decided to put new
.note.gnu.build-id section before .text section. The result was
non-wor

fix(build): don't generate build-id

1. build-id takes space in memory
2. in some cases for lto build linker decided to put new
.note.gnu.build-id section before .text section. The result was
non-working image, because entry point wasn't at __BLXX_START__
anymore.

Signed-off-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Change-Id: Id78ccbc51e5ef82296069444ab438a1964a74e78

show more ...

Merge "docs: add TF-A version numbering information" into integration

docs: add TF-A version numbering information

Add a chapter "Version numbering" in release information file that
explains macros used for TF-A version. It also introduces VERSION_PATCH
macro that is

docs: add TF-A version numbering information

Add a chapter "Version numbering" in release information file that
explains macros used for TF-A version. It also introduces VERSION_PATCH
macro that is used for LTS releases. A comment for this macro is also
added in Makefile.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I946b6cb91bb8454131f07b24534d28ab1aef1771

show more ...

Merge "fix(build): remove duplicated include order" into integration

Merge changes from topic "mp/exceptions" into integration

* changes:
docs(ras): update RAS documentation
docs(el3-runtime): update BL31 exception vector handling
fix(el3-runtime): restrict low

Merge changes from topic "mp/exceptions" into integration

* changes:
docs(ras): update RAS documentation
docs(el3-runtime): update BL31 exception vector handling
fix(el3-runtime): restrict lower el EA handlers in FFH mode
fix(ras): remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT
fix(ras): restrict ENABLE_FEAT_RAS to have only two states
feat(ras): use FEAT_IESB for error synchronization
feat(el3-runtime): modify vector entry paths

show more ...

fix(build): remove duplicated include order

Commit(3547270f5 refactor(build): reorder platform Makefile
evaluation) re-ordered platform makefile inclusion before
arch_features evaluations, but then

fix(build): remove duplicated include order

Commit(3547270f5 refactor(build): reorder platform Makefile
evaluation) re-ordered platform makefile inclusion before
arch_features evaluations, but then it fails to remove the dependency
that were moved and thus have double evaluation of some build
variables apparently this breaks BUILD_PLAT.

Additionally remove duplicate checks in SPMD similar checks are in
place in main level makefile.

Change-Id: I5a71624fc43977054467ec6502ce359fb1d08838
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

fix(ras): remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT

This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
inter

fix(ras): remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT

This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
internal macro FFH_SUPPORT which gets enabled when platforms wants
to enable lower EL EA handling at EL3. The internal macro FFH_SUPPORT
will be automatically enabled if HANDLE_EA_EL3_FIRST_NS is enabled.
FFH_SUPPORT along with ENABLE_FEAT_RAS will be used in source files
to provide equivalent check which was provided by RAS_FFH_SUPPORT
earlier. In generic code we needed a macro which could abstract both
HANDLE_EA_EL3_FIRST_NS and RAS_FFH_SUPPORT macros that had limitations.
Former was tied up with NS world only while the latter was tied to RAS
feature.

This is to allow Secure/Realm world to have their own FFH macros
in future.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5692ccbf462f5dcc3f005a5beea5aa35124ac73

show more ...

fix(ras): restrict ENABLE_FEAT_RAS to have only two states

As part of migrating RAS extension to feature detection mechanism, the
macro ENABLE_FEAT_RAS was allowed to have dynamic detection (FEAT_ST

fix(ras): restrict ENABLE_FEAT_RAS to have only two states

As part of migrating RAS extension to feature detection mechanism, the
macro ENABLE_FEAT_RAS was allowed to have dynamic detection (FEAT_STATE
2). Considering this feature does impact execution of EL3 and we need
to know at compile time about the presence of this feature. Do not use
dynamic detection part of feature detection mechanism.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I23858f641f81fbd81b6b17504eb4a2cc65c1a752

show more ...

Merge changes from topic "gr/build_refactor" into integration

* changes:
build(refactor): avoid ifdef comparison
refactor(build): avoid using values for comparison
refactor(build): reorder arc

Merge changes from topic "gr/build_refactor" into integration

* changes:
build(refactor): avoid ifdef comparison
refactor(build): avoid using values for comparison
refactor(build): reorder arch features handling
build(n1sdp): add ARM_ARCH_MAJOR.ARM_ARCH_MINOR
refactor(build): reorder platform Makefile evaluation

show more ...

refactor(build): avoid using values for comparison

With changes to refactor to use first platform makefiles
then parse arch_features.mk file 'ENABLE_RME' will be initialised
only when we define duri

refactor(build): avoid using values for comparison

With changes to refactor to use first platform makefiles
then parse arch_features.mk file 'ENABLE_RME' will be initialised
only when we define during build or at arch_features.mk thus
making comparison of 'ENABLE_RME' to '0' incorrect.

So keep BRBE disabled when RME is enabled at main makefile level.

Change-Id: I7e3d99eb444678d63585bd5971ada627cfc4fcc9
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

refactor(build): reorder platform Makefile evaluation

Commit(f5211420b refactor(cpufeat): refactor arch feature build
options) ensures mandatory arch features are enabled based on
ARM_ARCH_MAJOR and

refactor(build): reorder platform Makefile evaluation

Commit(f5211420b refactor(cpufeat): refactor arch feature build
options) ensures mandatory arch features are enabled based on
ARM_ARCH_MAJOR and ARM_ARCH_MINOR, which would be expected to be
provided from platform makefile. However it missed ensuring platform
makefile is included before parsing and enabling any mandatory arch
features.

Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Change-Id: Ia0ccb7d73b2d24c87d3d235babed4704230bec28

show more ...

Merge "fix(mpam): refine MPAM initialization and enablement process" into integration

fix(mpam): refine MPAM initialization and enablement process

Restricts MPAM to only NS world and enables trap to EL3 for access of
MPAM registers from lower ELs of Secure and Realm world.

This patc

fix(mpam): refine MPAM initialization and enablement process

Restricts MPAM to only NS world and enables trap to EL3 for access of
MPAM registers from lower ELs of Secure and Realm world.

This patch removes MPAM enablement from global context and adds it to
EL3 State context which enables/disables MPAM during world switches.
Renamed ENABLE_MPAM_FOR_LOWER_ELS to ENABLE_FEAT_MPAM and
removed mpam_init_el3() as RESET behaviour is trapping.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I131f9dba5df236a71959b2d425ee11af7f3c38c4

show more ...

Merge changes from topic "gcc_linker_aarch32" into integration

* changes:
feat(st): support gcc as linker
fix(build): allow gcc linker on Aarch32 platforms

fix(build): allow gcc linker on Aarch32 platforms

When trying to compile and link with gcc on an Aarch32 platform, there
is the following error:
arm-none-eabi-gcc: error: unrecognized command-line o

fix(build): allow gcc linker on Aarch32 platforms

When trying to compile and link with gcc on an Aarch32 platform, there
is the following error:
arm-none-eabi-gcc: error: unrecognized command-line option
'-mno-fix-cortex-a53-843419'; did you mean '-mno-fix-cortex-m3-ldrd'?

This option seems specific to Aarch64 version of GCC.
Enclose it with a check on ARCH=aarch64.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I8c8cb784ce2f2938c4c6999745dda09ee9a5669d

show more ...

Merge changes from topic "ns/spmc_at_el3" into integration

* changes:
feat(rdn2): introduce platform handler for Group0 interrupt
feat(rdn2): add plat hook for memory transaction
feat(rdn2): i

Merge changes from topic "ns/spmc_at_el3" into integration

* changes:
feat(rdn2): introduce platform handler for Group0 interrupt
feat(rdn2): add plat hook for memory transaction
feat(rdn2): introduce accessor function to obtain datastore
feat(spm): separate StMM SP specifics to add support for a S-EL0 SP
feat(rdn2): add defines needed for spmc-el3
feat(ras): reuse SPM_MM specific defines for SPMC_AT_EL3
feat(bl31): reuse SPM_MM specific defines for SPMC_AT_EL3
feat(arm): reuse SPM_MM specific defines for SPMC_AT_EL3
feat(el3-spmc): add a flag to enable support to load SEL0 SP
refactor(spm-mm): reorganize secure partition manager shim code

show more ...

feat(el3-spmc): add a flag to enable support to load SEL0 SP

Introduce a build flag for enabling the support for loading SEL0 SP in
EL3 SPMC.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>

feat(el3-spmc): add a flag to enable support to load SEL0 SP

Introduce a build flag for enabling the support for loading SEL0 SP in
EL3 SPMC.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I1d63ae4d0d8374a732113565be90d58861506e39

show more ...

Merge "refactor(console): disable getc() by default" into integration

refactor(console): disable getc() by default

The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A

refactor(console): disable getc() by default

The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A. It is dangerous to keep that feature enabled if not
strictly necessary, especially in production firmware builds.

Thus, we need a way to disable this feature. Moreover, when it is
disabled, all related code should be eliminated from the firmware
binaries, such that no remnant/dead getc() code remains in memory,
which could otherwise be used as a gadget as part of a bigger security
attack.

This patch disables getc() feature by default. For legitimate getc()
use cases [1], it can be explicitly enabled by building TF-A with
ENABLE_CONSOLE_GETC=1.

The following changes are introduced when getc() is disabled:

- The multi-console framework no longer provides the console_getc()
function.

- If the console driver selected by the platform attempts to register
a getc() callback into the multi-console framework then TF-A will
now fail to build.

If registered through the assembly function finish_console_register():
- On AArch64, you'll get:
Error: undefined symbol CONSOLE_T_GETC used as an immediate value.
- On AArch32, you'll get:
Error: internal_relocation (type: OFFSET_IMM) not fixed up

If registered through the C function console_register(), this requires
populating a struct console with a getc field, which will trigger:
error: 'console_t' {aka 'struct console'} has no member named 'getc'

- All console drivers which previously registered a getc() callback
have been modified to do so only when ENABLE_CONSOLE_GETC=1.

[1] Example of such use cases would be:
- Firmware recovery: retrieving a golden BL2 image over the console in
order to repair a broken firmware on a bricked board.
- Factory CLI tool: Drive some soak tests through the console.

Discussed on TF-A mailing list here:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/YS7F6RCNTWBTEOBLAXIRTXWIOYINVRW7/

Change-Id: Icb412304cd23dbdd7662df7cf8992267b7975cc5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>

show more ...

Merge changes from topic "mb/psa-crypto-support" into integration

* changes:
feat(mbedtls-psa): use PSA crypto API during signature verification
feat(mbedtls-psa): use PSA crypto API during hash

Merge changes from topic "mb/psa-crypto-support" into integration

* changes:
feat(mbedtls-psa): use PSA crypto API during signature verification
feat(mbedtls-psa): use PSA crypto API during hash calculation
feat(mbedtls-psa): use PSA crypto API for hash verification
feat(mbedtls-psa): initialise mbedtls psa crypto
feat(mbedtls-psa): register an ad-hoc PSA crypto driver
feat(mbedtls-psa): introduce PSA_CRYPTO build option
docs(changelog): add scope for MbedTLS PSA Crypto

show more ...

Merge "feat(build): manage patch version in Makefile" into integration

feat(build): manage patch version in Makefile

Add VERSION_PATCH macro in Makefile. This will help LTS releases.
While at it, handle VERSION_PATCH macro in .versionrc.js script.

Change-Id: Id3ec359f

feat(build): manage patch version in Makefile

Add VERSION_PATCH macro in Makefile. This will help LTS releases.
While at it, handle VERSION_PATCH macro in .versionrc.js script.

Change-Id: Id3ec359f7768a90ba5c67e35d29736a46eb402b5
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

feat(mbedtls-psa): introduce PSA_CRYPTO build option

This is a preparatory patch to provide MbedTLS PSA Crypto
API support, with below changes -

1. Added a build macro PSA_CRYPTO to enable the Mbed

feat(mbedtls-psa): introduce PSA_CRYPTO build option

This is a preparatory patch to provide MbedTLS PSA Crypto
API support, with below changes -

1. Added a build macro PSA_CRYPTO to enable the MbedTLS PSA
Crypto API support in the subsequent patches.
2. Compile necessary PSA crypto files from MbedTLS source code
when PSA_CRYPTO=1.

Also, marked PSA_CRYPTO as an experimental feature.

Change-Id: I45188f56c5c98b169b2e21e365150b1825c6c450
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "feat(rmmd): enable SME for RMM" into integration