fix(pauth): make pauth_helpers linking generic

Pauth is a generic Arm feature that can be enabled on any platform that
implements it. It only needs a platform specific key generation hook. As
such,

fix(pauth): make pauth_helpers linking generic

Pauth is a generic Arm feature that can be enabled on any platform that
implements it. It only needs a platform specific key generation hook. As
such, the generic Pauth enablement can be included in the generic build.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ibf32f79addab3515214594bb8d7168151b450f59

show more ...

Merge changes I51c13c52,I3358c51e into integration

* changes:
build: always prefix section names with `.`
build: communicate correct page size to linker

build: communicate correct page size to linker

This change communicates the common and maximum page sizes to the
linker, which allows us to use the built-in constants that it provides
to deal with p

build: communicate correct page size to linker

This change communicates the common and maximum page sizes to the
linker, which allows us to use the built-in constants that it provides
to deal with page alignments.

We only support 4K pages today so the fact these are fixed is not too
much of an issue, but we will need to revisit this if we ever support
other page sizes.

Change-Id: I3358c51e70df794025ddf25209ae0e2a96550b0e
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge "fix(build): allow warnings when using lld" into integration

Merge changes from topic "mixed-rwx" into integration

* changes:
build: permit multiple linker scripts
build: clarify linker script generation
style: normalize linker script code style
fix(p

Merge changes from topic "mixed-rwx" into integration

* changes:
build: permit multiple linker scripts
build: clarify linker script generation
style: normalize linker script code style
fix(pie): pass `-fpie` to the preprocessor as well

show more ...

fix(pie): pass `-fpie` to the preprocessor as well

When PIE is enabled, the `-fpie` flag is passed to the compiler but not
to the preprocessor. This change ensures that both tools are aware of
when

fix(pie): pass `-fpie` to the preprocessor as well

When PIE is enabled, the `-fpie` flag is passed to the compiler but not
to the preprocessor. This change ensures that both tools are aware of
when the image is position-independent when preprocessing, which impacts
some pre-defined preprocessor definitions.

Change-Id: I5208a591d60ee01312f6bf3dd7343abe6535ee61
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge "fix(context-mgmt): enable SCXTNUM access" into integration

fix(context-mgmt): enable SCXTNUM access

Enable SCXTNUM_ELx access for lower ELs in non-secure state.
Make realm context setup take this build flag into account but enable it
by default when RME is

fix(context-mgmt): enable SCXTNUM access

Enable SCXTNUM_ELx access for lower ELs in non-secure state.
Make realm context setup take this build flag into account but enable it
by default when RME is used.

Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Change-Id: Ieb0186b2fdffad464bb9316fc3973772c9c28cd0

show more ...

fix(build): allow warnings when using lld

After https://reviews.llvm.org/D118840, ld.lld reports
below section type mismatch warnings:

LD trusted-firmware-a/build/qemu/release/bl1/bl1.elf
ld

fix(build): allow warnings when using lld

After https://reviews.llvm.org/D118840, ld.lld reports
below section type mismatch warnings:

LD trusted-firmware-a/build/qemu/release/bl1/bl1.elf
ld.lld: error: section type mismatch for base_xlat_table
>>> trusted-firmware-a/build/qemu/release/bl1/xlat_tables_context.o:
(base_xlat_table): SHT_PROGBITS
>>> output section .bss: SHT_NOBITS

ld.lld: error: section type mismatch for xlat_table
>>> trusted-firmware-a/build/qemu/release/bl1/xlat_tables_context.o:
(xlat_table): SHT_PROGBITS
>>> output section xlat_table: SHT_NOBITS

So allow warnings to make build pass.

Change-Id: I70503ad03b3be7a18ffe29ef6f2127c3f4d540f1
Signed-off-by: Yabin Cui <yabinc@google.com>

show more ...

Merge changes from topic "bk/warnings" into integration

* changes:
docs: describe the new warning levels
build: add -Wunused-const-variable=2 to W=2
build: include -Wextra in generic builds

Merge changes from topic "bk/warnings" into integration

* changes:
docs: describe the new warning levels
build: add -Wunused-const-variable=2 to W=2
build: include -Wextra in generic builds
docs(porting-guide): update a reference
fix(st-usb): replace redundant checks with asserts
fix(brcm): add braces around bodies of conditionals
fix(renesas): align incompatible function pointers
fix(zynqmp): remove redundant api_version check
fix: remove old-style declarations
fix: unify fallthrough annotations

show more ...

build: add -Wunused-const-variable=2 to W=2

TF-A is quite strict with warnings and redundant code. This flag
furthers this so it would be useful to have it. Add it to W=2 as it sets
off a few platfo

build: add -Wunused-const-variable=2 to W=2

TF-A is quite strict with warnings and redundant code. This flag
furthers this so it would be useful to have it. Add it to W=2 as it sets
off a few platforms which require a somewhat involved fix.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Id52b3d477b4ada7dd69a36101ab22c575ab4ef19

show more ...

build: include -Wextra in generic builds

TF-A is more strict with compiler warnings in comparison to other
projects (notably Linux) for security and -Wextra enables a lot of
desirable warnings. This

build: include -Wextra in generic builds

TF-A is more strict with compiler warnings in comparison to other
projects (notably Linux) for security and -Wextra enables a lot of
desirable warnings. This patch enables -Wextra by default (from W=1
previously) and reorganises the warning levels so that they can useful
when enabled and not just a build failure. This will help us move
towards fixing the warnings that are too many to fix at once and
enabling all W={1, 2} warnings.

The warning levels get new meanings:
* W=1: warnings we want the generic build to include but are too time
consuming to fix at the moment. They re-enable warnings taken out for
generic builds.
* W=2: warnings we want the generic build to include but cannot be
enabled due to external libraries.
* W=3: warnings that are informative but not necessary and generally too
verbose and frequently ignored.

Quality expectations for new contributions mean that generally they
should have no warnings up to W=2. To allow code to be developed with
them in mind, -Werror is disabled when W=x is set. This way enabling
warnings will not just fail the build due to technicalities we have and
contributors will be able to actually see if they get any.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ieb15ddd635d458a956a34b0f9d0ea2f81b9c0745

show more ...

Merge "build: restrict usage of CTX_INCLUDE_EL2_REGS" into integration

build: restrict usage of CTX_INCLUDE_EL2_REGS

CTX_INCLUDE_EL2_REGS is used to save/restore EL2 registers and
it should be only used when there is SPMD or RME enabled.

Make CTX_INCLUDE_EL2_REGS an i

build: restrict usage of CTX_INCLUDE_EL2_REGS

CTX_INCLUDE_EL2_REGS is used to save/restore EL2 registers and
it should be only used when there is SPMD or RME enabled.

Make CTX_INCLUDE_EL2_REGS an internal macro and remove
from documentation.

Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Change-Id: I6a70edfd88163423ff0482de094601cf794246d6

show more ...

Merge "docs(changelog): changelog for v2.8 release" into integration

docs(changelog): changelog for v2.8 release

Change-Id: I1d99ea46ad527993ee786c34a67f94d74470f960
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

Merge changes from topic "stm32mp1-trusted-boot" into integration

* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools

Merge changes from topic "stm32mp1-trusted-boot" into integration

* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
feat(stm32mp1): add the platform specific build for tools
fix(stm32mp13-fdts): remove secure status
feat(stm32mp1-fdts): add CoT and fuse references for authentication
feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip
feat(stm32mp1): add the decryption support
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
feat(stm32mp1): update ROM code API for header v2 management
feat(stm32mp1): remove unused function from boot API
refactor(stm32mp1): remove authentication using STM32 image mode
fix(fconf): fix type error displaying disable_auth
feat(tbbr): increase PK_DER_LEN size
fix(auth): correct sign-compare warning
feat(auth): allow to verify PublicKey with platform format PK
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
feat(stm32mp1): add RNG initialization in BL2 for STM32MP13
feat(st-crypto): remove BL32 HASH driver usage
feat(stm32mp1): add a stm32mp crypto library
feat(st-crypto): add STM32 RNG driver
feat(st-crypto): add AES decrypt/auth by SAES IP
feat(st-crypto): add ECDSA signature check with PKA
feat(st-crypto): update HASH for new hardware version used in STM32MP13

show more ...

fix(build): ensure that the correct rule is called for tools

In case of platform specific usage for both fiptool or certtool,
we need to ensure that the Makefile will use the correct rule
to generat

fix(build): ensure that the correct rule is called for tools

In case of platform specific usage for both fiptool or certtool,
we need to ensure that the Makefile will use the correct rule
to generate the binary. Add the explicit call to the "all" rule.

Change-Id: I9724b63e01b3497daaedb9365c7d6a494aac9561
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

Merge "refactor(security): add OpenSSL 1.x compatibility" into integration

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fa

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.

This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).

In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c

show more ...

Merge "feat(cpus): make cache ops conditional" into integration

Merge changes from topic "mp/ras_refactoring" into integration

* changes:
docs: document do_panic() and panic() helper functions
fix(ras): restrict RAS support for NS world

feat(cpus): make cache ops conditional

When a core is in debug recovery mode its caches are not invalidated
upon reset, so the L1 and L2 cache contents from before reset are
observable after reset.

feat(cpus): make cache ops conditional

When a core is in debug recovery mode its caches are not invalidated
upon reset, so the L1 and L2 cache contents from before reset are
observable after reset. Similarly, debug recovery mode of DynamIQ
cluster ensures that contents of the shared L3 cache are also not
invalidated upon transition to On mode.

Booting cores in debug recovery mode means booting with caches disabled
and preserving the caches until a point where software can dump the
caches and retrieve their contents. TF-A however unconditionally cleans
and invalidates caches at multiple points during boot. This can lead to
memory corruption as well as loss of cache contents to be used for
debugging.

This patch fixes this by calling a platform hook before performing CMOs
in helper routines in cache_helpers.S. The platform hook plat_can_cmo is
an assembly routine which must not clobber x2 and x3, and avoid using
stack. The whole checking is conditional upon `CONDITIONAL_CMO` which
can be set at compile time.

Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I172e999e4acd0f872c24056e647cc947ee54b193

show more ...

Merge "refactor(trng): cleanup the existing TRNG support" into integration

refactor(trng): cleanup the existing TRNG support

This patch adds the following changes to complete the existing
TRNG implementation:

1. Adds a feature specific scope for buildlog generation.
2. Up

refactor(trng): cleanup the existing TRNG support

This patch adds the following changes to complete the existing
TRNG implementation:

1. Adds a feature specific scope for buildlog generation.
2. Updates the docs on the build flag "TRNG_SUPPORT" and its values.
3. Makefile update and improves the existing comments at few sections
for better understanding of the underlying logic.

Change-Id: I3f72f0ccd5c94005a2df87158cf23199d2160d37
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...