Merge changes from topic "ns/spmc_at_el3" into integration

* changes:
feat(rdn2): introduce platform handler for Group0 interrupt
feat(rdn2): add plat hook for memory transaction
feat(rdn2): i

Merge changes from topic "ns/spmc_at_el3" into integration

* changes:
feat(rdn2): introduce platform handler for Group0 interrupt
feat(rdn2): add plat hook for memory transaction
feat(rdn2): introduce accessor function to obtain datastore
feat(spm): separate StMM SP specifics to add support for a S-EL0 SP
feat(rdn2): add defines needed for spmc-el3
feat(ras): reuse SPM_MM specific defines for SPMC_AT_EL3
feat(bl31): reuse SPM_MM specific defines for SPMC_AT_EL3
feat(arm): reuse SPM_MM specific defines for SPMC_AT_EL3
feat(el3-spmc): add a flag to enable support to load SEL0 SP
refactor(spm-mm): reorganize secure partition manager shim code

show more ...

feat(el3-spmc): add a flag to enable support to load SEL0 SP

Introduce a build flag for enabling the support for loading SEL0 SP in
EL3 SPMC.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>

feat(el3-spmc): add a flag to enable support to load SEL0 SP

Introduce a build flag for enabling the support for loading SEL0 SP in
EL3 SPMC.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I1d63ae4d0d8374a732113565be90d58861506e39

show more ...

Merge "refactor(console): disable getc() by default" into integration

refactor(console): disable getc() by default

The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A

refactor(console): disable getc() by default

The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A. It is dangerous to keep that feature enabled if not
strictly necessary, especially in production firmware builds.

Thus, we need a way to disable this feature. Moreover, when it is
disabled, all related code should be eliminated from the firmware
binaries, such that no remnant/dead getc() code remains in memory,
which could otherwise be used as a gadget as part of a bigger security
attack.

This patch disables getc() feature by default. For legitimate getc()
use cases [1], it can be explicitly enabled by building TF-A with
ENABLE_CONSOLE_GETC=1.

The following changes are introduced when getc() is disabled:

- The multi-console framework no longer provides the console_getc()
function.

- If the console driver selected by the platform attempts to register
a getc() callback into the multi-console framework then TF-A will
now fail to build.

If registered through the assembly function finish_console_register():
- On AArch64, you'll get:
Error: undefined symbol CONSOLE_T_GETC used as an immediate value.
- On AArch32, you'll get:
Error: internal_relocation (type: OFFSET_IMM) not fixed up

If registered through the C function console_register(), this requires
populating a struct console with a getc field, which will trigger:
error: 'console_t' {aka 'struct console'} has no member named 'getc'

- All console drivers which previously registered a getc() callback
have been modified to do so only when ENABLE_CONSOLE_GETC=1.

[1] Example of such use cases would be:
- Firmware recovery: retrieving a golden BL2 image over the console in
order to repair a broken firmware on a bricked board.
- Factory CLI tool: Drive some soak tests through the console.

Discussed on TF-A mailing list here:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/YS7F6RCNTWBTEOBLAXIRTXWIOYINVRW7/

Change-Id: Icb412304cd23dbdd7662df7cf8992267b7975cc5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>

show more ...

Merge changes from topic "mb/psa-crypto-support" into integration

* changes:
feat(mbedtls-psa): use PSA crypto API during signature verification
feat(mbedtls-psa): use PSA crypto API during hash

Merge changes from topic "mb/psa-crypto-support" into integration

* changes:
feat(mbedtls-psa): use PSA crypto API during signature verification
feat(mbedtls-psa): use PSA crypto API during hash calculation
feat(mbedtls-psa): use PSA crypto API for hash verification
feat(mbedtls-psa): initialise mbedtls psa crypto
feat(mbedtls-psa): register an ad-hoc PSA crypto driver
feat(mbedtls-psa): introduce PSA_CRYPTO build option
docs(changelog): add scope for MbedTLS PSA Crypto

show more ...

Merge "feat(build): manage patch version in Makefile" into integration

feat(build): manage patch version in Makefile

Add VERSION_PATCH macro in Makefile. This will help LTS releases.
While at it, handle VERSION_PATCH macro in .versionrc.js script.

Change-Id: Id3ec359f

feat(build): manage patch version in Makefile

Add VERSION_PATCH macro in Makefile. This will help LTS releases.
While at it, handle VERSION_PATCH macro in .versionrc.js script.

Change-Id: Id3ec359f7768a90ba5c67e35d29736a46eb402b5
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

feat(mbedtls-psa): introduce PSA_CRYPTO build option

This is a preparatory patch to provide MbedTLS PSA Crypto
API support, with below changes -

1. Added a build macro PSA_CRYPTO to enable the Mbed

feat(mbedtls-psa): introduce PSA_CRYPTO build option

This is a preparatory patch to provide MbedTLS PSA Crypto
API support, with below changes -

1. Added a build macro PSA_CRYPTO to enable the MbedTLS PSA
Crypto API support in the subsequent patches.
2. Compile necessary PSA crypto files from MbedTLS source code
when PSA_CRYPTO=1.

Also, marked PSA_CRYPTO as an experimental feature.

Change-Id: I45188f56c5c98b169b2e21e365150b1825c6c450
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "feat(rmmd): enable SME for RMM" into integration

feat(rmmd): enable SME for RMM

This patch enables Scalable Matrix Extension (SME) for RMM. RMM will
save/restore required registers that are shared with SVE/FPU register
state so that Realm can use

feat(rmmd): enable SME for RMM

This patch enables Scalable Matrix Extension (SME) for RMM. RMM will
save/restore required registers that are shared with SVE/FPU register
state so that Realm can use FPU or SVE.

The Relevant RMM support can be found here :
https://github.com/TF-RMM/tf-rmm/commit/0ccd7ae58b00

Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I3bbdb840e7736dec00b71c85fcec3d5719413ffd

show more ...

Merge changes from topic "rm/handoff" into integration

* changes:
feat(qemu): implement firmware handoff on qemu
feat(handoff): introduce firmware handoff library

feat(handoff): introduce firmware handoff library

Add transfer list APIs and firmware handoff build option.

Change-Id: I68a0ace22c7e50fcdacd101eb76b271d7b76d8ff
Signed-off-by: Raymond Mao <raymond.

feat(handoff): introduce firmware handoff library

Add transfer list APIs and firmware handoff build option.

Change-Id: I68a0ace22c7e50fcdacd101eb76b271d7b76d8ff
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

show more ...

Merge "refactor(cpufeat): refactor arch feature build options" into integration

refactor(cpufeat): refactor arch feature build options

Current build infra defaults all cpufeats in defaults.mk and some
mandatory features are enabled in arch_features.mk and optional
arch features

refactor(cpufeat): refactor arch feature build options

Current build infra defaults all cpufeats in defaults.mk and some
mandatory features are enabled in arch_features.mk and optional
arch features are enabled in platform specific makefile.
This fragmentation is sometime confusing to figure out which feature
is tied to which ARCH_MAJOR.ARCH_MINOR.

So, consolidating and grouping them for tracking and enabling makes
more sense. With this change we consolidate all ARCH feature handling
within arch_features.mk and disable all optional features that need
to be enabled to platform makefile.

This is an ongoing series of effort to consolidate and going forward
platform makefile should just specify ARCH_MAJOR and ARCH MINOR and
all mandatory feature should be selected based on arch_features.mk
any optional feature needed by the platform support can be enabled
by platform makefile.

It also makes it easier for platform ports to look upto arch_features.mk
and enable any optional feature that platform may need which are
supported from TF-A.

Change-Id: I18764008856d81414256b6cbabdfa42a16b8040d
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge "build(bl32): added check for AARCH32_SP" into integration

build(bl32): added check for AARCH32_SP

If AACRH32_SP is not specified, it causes the DEFAULT_LINKER_SCRIPT
variable to be empty, and then the linker takes the variable following
it as if it was the

build(bl32): added check for AARCH32_SP

If AACRH32_SP is not specified, it causes the DEFAULT_LINKER_SCRIPT
variable to be empty, and then the linker takes the variable following
it as if it was the linker script, which is not one. This patch
addresses that issue by requiring the AARCH32_SP variable to be set
before continuing.

Change-Id: I21db7d5bd86b98faaa1a1cd3f985daa592556a2d
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>

show more ...

Merge changes from topic "el3_direct_msg" into integration

* changes:
docs(spm): document new build option
feat(fvp): spmd logical partition smc handler
feat(fvp): add spmd logical partition

Merge changes from topic "el3_direct_msg" into integration

* changes:
docs(spm): document new build option
feat(fvp): spmd logical partition smc handler
feat(fvp): add spmd logical partition
feat(spmd): get logical partitions info
feat(spmd): add partition info get regs
refactor(ff-a): move structure definitions
feat(spmd): el3 direct message API
feat(spmd): add spmd logical partitions

show more ...

Merge "feat(sptool): generate `ARM_BL2_SP_LIST_DTS` file from `sp_layout.json`" into integration

feat(sptool): generate `ARM_BL2_SP_LIST_DTS` file from `sp_layout.json`

TF-A makefile accepts a device-tree snippet to override hardcoded SP
nodes, via the `ARM_BL2_SP_LIST_DTS` variable. However th

feat(sptool): generate `ARM_BL2_SP_LIST_DTS` file from `sp_layout.json`

TF-A makefile accepts a device-tree snippet to override hardcoded SP
nodes, via the `ARM_BL2_SP_LIST_DTS` variable. However the SPs declared
in `ARM_BL2_SP_LIST_DTS` must be in the same order as they are in the
FIP image, otherwise hash authentication will fail when loaded by BL2.

This patch generates the `ARM_BL2_SP_LIST_DTS` file from the
`sp_layout.json` file. The SPs in the FIP image are also generated from
`sp_layout.json`, so this ensures that there is only one source of truth
for the SP list, removing the possibility to have the lists disagree
with each other.

Signed-off-by: Karl Meakin <karl.meakin@arm.com>
Change-Id: I7d76715135c596605c6a02aad5196d967dfeb1ce

show more ...

feat(spmd): add spmd logical partitions

Add header file to help with creation of SPMD logical partitions. Also
update linker files to create sections to record SPMD logical partitions
declared. This

feat(spmd): add spmd logical partitions

Add header file to help with creation of SPMD logical partitions. Also
update linker files to create sections to record SPMD logical partitions
declared. This follows the same pattern as the EL3 SPMC's logical
partitions. This patch also adds initialization of SPMD logical
partitions when the SPMD comes up.
ENABLE_SPMD_LP is a build flag that is used to enable support for
SPMD logical partitions.
Note that the approach chosen is to keep SPMD and SPMC logical
partition support separate, as opposed to extend the existing SPMC
logical partition support since the code would need to have a number of
ifdefs and the interactions with various build options such as
SPMC_AT_EL3 needs to be accounted for, which would make code more
complicated.

Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I9642ddbf6ea26dd3f4a283baec598d61c07e3661

show more ...

Merge "feat(mte): adds feature detection for MTE_PERM" into integration

feat(mte): adds feature detection for MTE_PERM

Adds feature detection for v8.9 feature FEAT_MTE_PERM. Adds respective
ID_AA64PFR2_EL1 definitions and ENABLE_FEAT_MTE_PERM define.

Change-Id: If24b42

feat(mte): adds feature detection for MTE_PERM

Adds feature detection for v8.9 feature FEAT_MTE_PERM. Adds respective
ID_AA64PFR2_EL1 definitions and ENABLE_FEAT_MTE_PERM define.

Change-Id: If24b42f1207154e639016b0b840b2d91c6ee13d4
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge "feat(build): march option selection" into integration

feat(build): march option selection

Current build infra uses ARM_ARCH_MAJOR/MINOR to come up with march
version and uses that march version with the compiler.

However in certain situations this is

feat(build): march option selection

Current build infra uses ARM_ARCH_MAJOR/MINOR to come up with march
version and uses that march version with the compiler.

However in certain situations this is not ideal, like for example when
we build with gcc-11 which supports only till march=armv8.5 but
we need to build for 8.8 build, this means we need to bump down
MAJOR/MINOR and we can't rely on major and minor values from the
platform to select march value and build infra doesn't even try
to compile and fails with not supported MAJOR/MINOR.

By adding a march build helper we try to check if compiler supports
given march value from MAJOR/MINOR values from platform, if compiler
doesn't support then we try to check what's the max or best supported
march version by compiler and choose that march value and try to
compile with that.

This is a supportive mechanism which will decouple march reliance on
MAJOR/MINOR values from platform and will pave way for setting up
enabling of features based on MAJOR/MINOR without worrying about the
compiler not supporting given MAJOR/MINOR.

Also in TF-A we use generic instructions without much reliance or need
for exact march necessity. So enabling and building features from
armv-8.8 using an armv-8.5 march value is still going to be fine.

Please note: Platforms are free to freeze their march values using
`MARCH_DIRECTIVE`. In absence of this define we are going to poke
the compiler and come up with a potential march value.

Change-Id: I673061a269ec9018ff12e75dc375979f5e33b7d1
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge changes from topic "bk/context_refactor" into integration

* changes:
refactor(pmu): convert FEAT_MTPMU to C and move to persistent register init
feat(pmu): introduce pmuv3 lib/extensions f

Merge changes from topic "bk/context_refactor" into integration

* changes:
refactor(pmu): convert FEAT_MTPMU to C and move to persistent register init
feat(pmu): introduce pmuv3 lib/extensions folder
fix(pmu): make MDCR_EL3.MTPME=1 out of reset
refactor(cm): introduce a real manage_extensions_nonsecure()

show more ...