Merge "plat/arm: Use common build flag for using generic sp804 driver" into integration

plat/arm: Use common build flag for using generic sp804 driver

SP804 TIMER is not platform specific, and current code base adds
multiple defines to use this driver. Like FVP_USE_SP804_TIMER and
FVP_

plat/arm: Use common build flag for using generic sp804 driver

SP804 TIMER is not platform specific, and current code base adds
multiple defines to use this driver. Like FVP_USE_SP804_TIMER and
FVP_VE_USE_SP804_TIMER.

This patch removes platform specific build flag and adds generic
flag `USE_SP804_TIMER` to be set to 1 by platform if needed.

Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge changes from topic "sp_dual_signing" into integration

* changes:
SPM: Add owner field to cactus secure partitions
SPM: Alter sp_gen.mk entry depending on owner of partition
plat/arm: ena

Merge changes from topic "sp_dual_signing" into integration

* changes:
SPM: Add owner field to cactus secure partitions
SPM: Alter sp_gen.mk entry depending on owner of partition
plat/arm: enable support for Plat owned SPs

show more ...

SPM: Alter sp_gen.mk entry depending on owner of partition

With recently introduced dualroot CoT for SPs where they are owned
either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID
w

SPM: Alter sp_gen.mk entry depending on owner of partition

With recently introduced dualroot CoT for SPs where they are owned
either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID
while Plat owned SPs index starts at SP_PKG5_ID.

This patch modifies SP makefile generator script to take CoT as an
argument and if it is "dualroot" then generates SP_PKG in order
mentioned above, otherwise generates it sequentially.

Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: Iffad1131787be650a9462f6f8cc09b603cddb3b8

show more ...

Merge "Use abspath to dereference $BUILD_BASE" into integration

Use abspath to dereference $BUILD_BASE

If the user tries to change BUILD_BASE to put the build products outside
the build tree the compile will fail due to hard coded assumptions that
$BUILD_BASE is

Use abspath to dereference $BUILD_BASE

If the user tries to change BUILD_BASE to put the build products outside
the build tree the compile will fail due to hard coded assumptions that
$BUILD_BASE is a relative path. Fix by using $(abspath $(BUILD_BASE))
to rationalize to an absolute path every time and remove the relative
path assumptions.

This patch also adds documentation that BUILD_BASE can be specified by
the user.

Signed-off-by: Grant Likely <grant.likely@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib1af874de658484aaffc672f30029b852d2489c8

show more ...

Merge "SPM: build OP-TEE as an S-EL1 Secure Partition" into integration

Merge "Makefile, doc: Make OPENSSL_DIR variable as build option for tools" into integration

SPM: build OP-TEE as an S-EL1 Secure Partition

Provide manifest and build options to boot OP-TEE as a
guest S-EL1 Secure Partition on top of Hafnium in S-EL2.

Increase ARM_SP_MAX_SIZE to cope with

SPM: build OP-TEE as an S-EL1 Secure Partition

Provide manifest and build options to boot OP-TEE as a
guest S-EL1 Secure Partition on top of Hafnium in S-EL2.

Increase ARM_SP_MAX_SIZE to cope with OP-TEE debug build image.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Idd2686fa689a78fe2d05ed92b1d23c65e2edd4cb

show more ...

Makefile, doc: Make OPENSSL_DIR variable as build option for tools

Openssl directory path is hardcoded to '/usr' in the makefile
of certificate generation and firmware encryption tool using
'OPENSSL

Makefile, doc: Make OPENSSL_DIR variable as build option for tools

Openssl directory path is hardcoded to '/usr' in the makefile
of certificate generation and firmware encryption tool using
'OPENSSL_DIR' variable.

Hence changes are done to make 'OPENSSL_DIR' variable as
a build option so that user can provide openssl directory
path while building the certificate generation and firmware
encryption tool.

Also, updated the document for this newly created build option

Change-Id: Ib1538370d2c59263417f5db3746d1087ee1c1339
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "make, doc: Add build option to create chain of trust at runtime" into integration

make, doc: Add build option to create chain of trust at runtime

Added a build option 'COT_DESC_IN_DTB' to create chain of trust
at runtime using fconf.

Signed-off-by: Manish V Badarkhe <Manish.Bada

make, doc: Add build option to create chain of trust at runtime

Added a build option 'COT_DESC_IN_DTB' to create chain of trust
at runtime using fconf.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89

show more ...

Merge "Fix makefile to build on a Windows host PC" into integration

Fix makefile to build on a Windows host PC

The TF-A firmware build system is capable of building on both Unix like
and Windows host PCs. The commit ID 7ff088 "Enable MTE support" updated
the Makefil

Fix makefile to build on a Windows host PC

The TF-A firmware build system is capable of building on both Unix like
and Windows host PCs. The commit ID 7ff088 "Enable MTE support" updated
the Makefile to conditionally enable the MTE support if the AArch64
architecture revision was greater than 8.5. However, the Makefile changes
were dependent on shell commands that are only available on unix shells,
resulting in build failures on a Windows host PC.

This patch fixes the Makefile by using a more portable approach for
comparing the architecture revision.

Change-Id: Icb56cbecd8af5b0b9056d105970ff4a6edd1755a
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>

show more ...

Merge "TF-A: Add ARMv8.5 'bti' build option" into integration

TF-A: Add ARMv8.5 'bti' build option

This patch adds BRANCH_PROTECTION = 4 'bti' build option
which turns on branch target identification mechanism.

Change-Id: I32464a6b51726a100519f449a95aea5331f0

TF-A: Add ARMv8.5 'bti' build option

This patch adds BRANCH_PROTECTION = 4 'bti' build option
which turns on branch target identification mechanism.

Change-Id: I32464a6b51726a100519f449a95aea5331f0e82d
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge changes from topic "tegra194-ras-handling" into integration

* changes:
Tegra194: ras: verbose prints for SErrors
Prevent RAS register access from lower ELs
Tegra194: SiP: clear RAS corre

Merge changes from topic "tegra194-ras-handling" into integration

* changes:
Tegra194: ras: verbose prints for SErrors
Prevent RAS register access from lower ELs
Tegra194: SiP: clear RAS corrected error records
Tegra194: add RAS exception handling

show more ...

Prevent RAS register access from lower ELs

This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set
SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register
accesses from EL1

Prevent RAS register access from lower ELs

This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set
SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register
accesses from EL1 or EL2 to EL3.

RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438

show more ...

Merge changes from topic "sp_secure_boot" into integration

* changes:
dualroot: add chain of trust for secure partitions
sptool: append cert_tool arguments.
cert_create: add SiP owned secure p

Merge changes from topic "sp_secure_boot" into integration

* changes:
dualroot: add chain of trust for secure partitions
sptool: append cert_tool arguments.
cert_create: add SiP owned secure partitions support

show more ...

Merge "plat/fvp: Add support for dynamic description of secure interrupts" into integration

plat/fvp: Add support for dynamic description of secure interrupts

Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime.

plat/fvp: Add support for dynamic description of secure interrupts

Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime. This
feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.

Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

sptool: append cert_tool arguments.

To support secure boot of SP's update cert tool arguments while
generating sp_gen.mk which in turn is consumed by build system.

Signed-off-by: Manish Pandey <man

sptool: append cert_tool arguments.

To support secure boot of SP's update cert tool arguments while
generating sp_gen.mk which in turn is consumed by build system.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I2293cee9b7c684c27d387aba18e0294c701fb1cc

show more ...

Merge "plat/arm/fvp: Support performing SDEI platform setup in runtime" into integration

plat/arm/fvp: Support performing SDEI platform setup in runtime

This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead

plat/arm/fvp: Support performing SDEI platform setup in runtime

This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.

Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge "Implement workaround for AT speculative behaviour" into integration