Merge changes from topic "stm32mp1-trusted-boot" into integration

* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools

Merge changes from topic "stm32mp1-trusted-boot" into integration

* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
feat(stm32mp1): add the platform specific build for tools
fix(stm32mp13-fdts): remove secure status
feat(stm32mp1-fdts): add CoT and fuse references for authentication
feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip
feat(stm32mp1): add the decryption support
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
feat(stm32mp1): update ROM code API for header v2 management
feat(stm32mp1): remove unused function from boot API
refactor(stm32mp1): remove authentication using STM32 image mode
fix(fconf): fix type error displaying disable_auth
feat(tbbr): increase PK_DER_LEN size
fix(auth): correct sign-compare warning
feat(auth): allow to verify PublicKey with platform format PK
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
feat(stm32mp1): add RNG initialization in BL2 for STM32MP13
feat(st-crypto): remove BL32 HASH driver usage
feat(stm32mp1): add a stm32mp crypto library
feat(st-crypto): add STM32 RNG driver
feat(st-crypto): add AES decrypt/auth by SAES IP
feat(st-crypto): add ECDSA signature check with PKA
feat(st-crypto): update HASH for new hardware version used in STM32MP13

show more ...

fix(build): ensure that the correct rule is called for tools

In case of platform specific usage for both fiptool or certtool,
we need to ensure that the Makefile will use the correct rule
to generat

fix(build): ensure that the correct rule is called for tools

In case of platform specific usage for both fiptool or certtool,
we need to ensure that the Makefile will use the correct rule
to generate the binary. Add the explicit call to the "all" rule.

Change-Id: I9724b63e01b3497daaedb9365c7d6a494aac9561
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

Merge "refactor(security): add OpenSSL 1.x compatibility" into integration

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fa

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.

This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).

In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c

show more ...

Merge "feat(cpus): make cache ops conditional" into integration

Merge changes from topic "mp/ras_refactoring" into integration

* changes:
docs: document do_panic() and panic() helper functions
fix(ras): restrict RAS support for NS world

feat(cpus): make cache ops conditional

When a core is in debug recovery mode its caches are not invalidated
upon reset, so the L1 and L2 cache contents from before reset are
observable after reset.

feat(cpus): make cache ops conditional

When a core is in debug recovery mode its caches are not invalidated
upon reset, so the L1 and L2 cache contents from before reset are
observable after reset. Similarly, debug recovery mode of DynamIQ
cluster ensures that contents of the shared L3 cache are also not
invalidated upon transition to On mode.

Booting cores in debug recovery mode means booting with caches disabled
and preserving the caches until a point where software can dump the
caches and retrieve their contents. TF-A however unconditionally cleans
and invalidates caches at multiple points during boot. This can lead to
memory corruption as well as loss of cache contents to be used for
debugging.

This patch fixes this by calling a platform hook before performing CMOs
in helper routines in cache_helpers.S. The platform hook plat_can_cmo is
an assembly routine which must not clobber x2 and x3, and avoid using
stack. The whole checking is conditional upon `CONDITIONAL_CMO` which
can be set at compile time.

Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I172e999e4acd0f872c24056e647cc947ee54b193

show more ...

Merge "refactor(trng): cleanup the existing TRNG support" into integration

refactor(trng): cleanup the existing TRNG support

This patch adds the following changes to complete the existing
TRNG implementation:

1. Adds a feature specific scope for buildlog generation.
2. Up

refactor(trng): cleanup the existing TRNG support

This patch adds the following changes to complete the existing
TRNG implementation:

1. Adds a feature specific scope for buildlog generation.
2. Updates the docs on the build flag "TRNG_SUPPORT" and its values.
3. Makefile update and improves the existing comments at few sections
for better understanding of the underlying logic.

Change-Id: I3f72f0ccd5c94005a2df87158cf23199d2160d37
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

fix(ras): restrict RAS support for NS world

Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To

fix(ras): restrict RAS support for NS world

Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To make the current design of RAS explicit, rename this macro
to HANDLE_EA_EL3_FIRST_NS and set EA bit in scr_el3 only when
switching to NS world.

Note: I am unaware of any platform which traps errors originating in
Secure world to EL3, if there is any such platform then it need to
be explicitly implemented in TF-A

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If58eb201d8fa792c16325c85c26056e9b409b750

show more ...

Merge "fix(build): fix arch32 build issue for clang" into integration

Merge changes from topic "db/deps" into integration

* changes:
feat(compiler-rt): update compiler-rt source files
fix(deps): add missing aeabi_memcpy.S
feat(zlib): update zlib source files
d

Merge changes from topic "db/deps" into integration

* changes:
feat(compiler-rt): update compiler-rt source files
fix(deps): add missing aeabi_memcpy.S
feat(zlib): update zlib source files
docs(changelog): add zlib and compiler-rt scope
feat(libfdt): upgrade libfdt source files
docs(prerequisites): upgrade to Mbed TLS 2.28.1

show more ...

fix(build): fix arch32 build issue for clang

Fixed the qemu 32 bit clang build fail caused because of
no march32 directives in TF_CFLAGS_aarch32 variable

march32_directive is initialized later in M

fix(build): fix arch32 build issue for clang

Fixed the qemu 32 bit clang build fail caused because of
no march32 directives in TF_CFLAGS_aarch32 variable

march32_directive is initialized later in Makefile and since clang build
uses Immediate set instead of Lazy set , TF_CFLAGS_aarch32 doesn't
have mcpu variable.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I09094a0912ee2d9d0e11f65135a352de8a135936

show more ...

feat(zlib): update zlib source files

Upgrade the zlib source files to the ones present in the version 1.2.13
of zlib [1]. Since 1.2.11 the use of Arm crc32 instructions has been
introduced so update

feat(zlib): update zlib source files

Upgrade the zlib source files to the ones present in the version 1.2.13
of zlib [1]. Since 1.2.11 the use of Arm crc32 instructions has been
introduced so update the files to make use of this.

[1] https://github.com/madler/zlib/tree/v1.2.13

Change-Id: Ideef78c56f05ae7daec390d00dcaa8f66b18729e
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

show more ...

Merge "fix(rme): relax RME compiler requirements" into integration

fix(rme): relax RME compiler requirements

Currently building TF-A for the FVP with RME enabled requires a
toolchain that understands the -march=armv8.6-a command line option,
even though we actually

fix(rme): relax RME compiler requirements

Currently building TF-A for the FVP with RME enabled requires a
toolchain that understands the -march=armv8.6-a command line option,
even though we actually don't need any ARMv8.6 features from the
compiler.

Relax the requirement to use ARMv8.5, since this is what's the GCC
shipped with Ubuntu 20.04 understands. This is in line what the current
RMM implementation uses as well.

Change-Id: I3806dcff90319a87f003fe2c86b7cdcdebd625e4
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache before DLME launch
feat(drtm): invalidate icache before DLME launch
feat(drtm): ensure that passed region lies within Non-Secure region of DRAM
feat(fvp): add plat API to validate that passed region is non-secure
feat(drtm): ensure that no SDEI event registered during dynamic launch
feat(drtm): prepare EL state during dynamic launch
feat(drtm): prepare DLME data for DLME launch
feat(drtm): take DRTM components measurements before DLME launch
feat(drtm): add a few DRTM DMA protection APIs
feat(drtm): add remediation driver support in DRTM
feat(fvp): add plat API to set and get the DRTM error
feat(drtm): add Event Log driver support for DRTM
feat(drtm): check drtm arguments during dynamic launch
feat(drtm): introduce drtm dynamic launch function
refactor(measured-boot): split out a few Event Log driver functions
feat(drtm): retrieve DRTM features
feat(drtm): add platform functions for DRTM
feat(sdei): add a function to return total number of events registered
feat(drtm): add PCR entries for DRTM
feat(drtm): update drtm setup function
refactor(crypto): change CRYPTO_SUPPORT flag to numeric
feat(mbedtls): update mbedTLS driver for DRTM support
feat(fvp): add crypto support in BL31
feat(crypto): update crypto module for DRTM support
build(changelog): add new scope for mbedTLS and Crypto module
feat(drtm): add standard DRTM service
build(changelog): add new scope for DRTM service
feat(fvp): increase MAX_XLAT_TABLES entries for DRTM support
feat(fvp): increase BL31's stack size for DRTM support
feat(fvp): add platform hooks for DRTM DMA protection

show more ...

Merge "build: forbid `ENABLE_RME=1` when `SEPARATE_CODE_AND_RODATA=0`" into integration

refactor(crypto): change CRYPTO_SUPPORT flag to numeric

Updated CRYPTO_SUPPORT flag to numeric to provide below
supports -
1. CRYPTO_SUPPORT = 1 -> Authentication verification only
2. CRYPTO_SUPPORT

refactor(crypto): change CRYPTO_SUPPORT flag to numeric

Updated CRYPTO_SUPPORT flag to numeric to provide below
supports -
1. CRYPTO_SUPPORT = 1 -> Authentication verification only
2. CRYPTO_SUPPORT = 2 -> Hash calculation only
3. CRYPTO_SUPPORT = 3 -> Authentication verification and
hash calculation

Change-Id: Ib34f31457a6c87d2356d736ad2d048dc787da56f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(crypto): update crypto module for DRTM support

Updated crypto module to include crypto calls necessary for a
DRTM supported build.

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Ch

feat(crypto): update crypto module for DRTM support

Updated crypto module to include crypto calls necessary for a
DRTM supported build.

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I4f945997824393f46864b7fb7fd380308a025452

show more ...

build: forbid `ENABLE_RME=1` when `SEPARATE_CODE_AND_RODATA=0`

This change mitigates against read-only data being used for malicious
execution on platforms utilizing the RME/CCA.

Change-Id: I006853

build: forbid `ENABLE_RME=1` when `SEPARATE_CODE_AND_RODATA=0`

This change mitigates against read-only data being used for malicious
execution on platforms utilizing the RME/CCA.

Change-Id: I0068535aeaa5d2515c7c54ee0dc19200c7a86ba5
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge "fix(ras): trap "RAS error record" accesses only for NS" into integration

fix(ras): trap "RAS error record" accesses only for NS

RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error
record registers (RAS ERR* & RAS ERX*) from lower EL's in any security
sta

fix(ras): trap "RAS error record" accesses only for NS

RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error
record registers (RAS ERR* & RAS ERX*) from lower EL's in any security
state. To give more fine grain control per world basis re-purpose this
macro to RAS_TRAP_NS_ERR_REC_ACCESS, which will enable the trap only
if Error record registers are accessed from NS.
This will also help in future scenarios when RAS handling(in Firmware
first handling paradigm)can be offloaded to a secure partition.

This is first patch in series to refactor RAS framework in TF-A.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ifa7f60bc8c82c9960adf029001bc36c443016d5d

show more ...

Merge "feat(rng-trap): add EL3 support for FEAT_RNG_TRAP" into integration

feat(rng-trap): add EL3 support for FEAT_RNG_TRAP

FEAT_RNG_TRAP introduces support for EL3 trapping of reads of the
RNDR and RNDRRS registers, which is enabled by setting the
SCR_EL3.TRNDR bit. This

feat(rng-trap): add EL3 support for FEAT_RNG_TRAP

FEAT_RNG_TRAP introduces support for EL3 trapping of reads of the
RNDR and RNDRRS registers, which is enabled by setting the
SCR_EL3.TRNDR bit. This patch adds a new build flag
ENABLE_FEAT_RNG_TRAP that enables the feature.
This feature is supported only in AArch64 state from Armv8.5 onwards.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Ia9f17aef3444d3822bf03809036a1f668c9f2d89

show more ...