Enable MTE support

Enable MTE support by adding memory tag option in Makefile
This option is available only when ARMv8.5-MemTag is implemented

MTE options are added in latest clang and armclang com

Enable MTE support

Enable MTE support by adding memory tag option in Makefile
This option is available only when ARMv8.5-MemTag is implemented

MTE options are added in latest clang and armclang compiler which
support below options:
for clang <version 11.0.0>
1. -march=arm8.5-a+memtag
2. -fsanitize=memtag

for armclang <version 6.12>
1. -march=arm8.5-a+memtag
2. -mmemtag-stack

Set the option SUPPORT_STACK_MEMTAG=yes to enable memory stack tagging.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4e0bbde4e9769ce03ead6f550158e22f32c1c413

show more ...

Merge "Build: define IMAGE_AT_EL1 or IMAGE_AT_EL3 globally for C files" into integration

Merge "Makefile: don't use $(CC) before value is explicit set" into integration

Makefile: don't use $(CC) before value is explicit set

Unless specified in the environment, $(CC) expands to some generic
host C compiler like cc or c99. We set our own value for $(CC), but
only few

Makefile: don't use $(CC) before value is explicit set

Unless specified in the environment, $(CC) expands to some generic
host C compiler like cc or c99. We set our own value for $(CC), but
only few lines later.

Move the first use of the $(CC) variable behind the definition to
correct this.

Change-Id: I45344e063d21ddfe22b7ad77954e85c1c46087bd
Fixes: 1684b8733 ("Use clang assembler when clang compiler is used")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

show more ...

Build: define IMAGE_AT_EL1 or IMAGE_AT_EL3 globally for C files

The build system defines the IMAGE_BL* macro when compiling each image.
This is useful to distinguish which image the current file is

Build: define IMAGE_AT_EL1 or IMAGE_AT_EL3 globally for C files

The build system defines the IMAGE_BL* macro when compiling each image.
This is useful to distinguish which image the current file is being
built for by using #if defined(IMAGE_BL2) or #if defined(IMAGE_BL31),
or whatever.

There are some cases where we are more interested in which exception
level the current file is being built for.

include/lib/cpus/{aarch32,aarch64}/cpu_macros.S defines IMAGE_AT_EL3,
but we do not have it globally.

Pass IMAGE_AT_EL1 or IMAGE_AT_EL3 to BL*_CFLAGS so that it is available
from all C code.

The library code (libc.a, libmbedtls.a, etc.) is exceptional cases,
where the code can be shared between BL images.

Other than that, we know the exception level at the build time, and
this macro will be useful in the shared code.

Change-Id: I7c8a1da10726906adfba981cfe8464dff111d6b0
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Merge "FVP: Add BL2 hash calculation in BL1" into integration

FVP: Add BL2 hash calculation in BL1

This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.

Change-Id: Ic074a7ed19b

FVP: Add BL2 hash calculation in BL1

This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.

Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge "fconf: Clean Arm IO" into integration

Merge "spmd: skip loading of secure partitions on pre-v8.4 platforms" into integration

spmd: skip loading of secure partitions on pre-v8.4 platforms

When SPD=spmd and SPMD_SPM_AT_SEL2=0, that is SPMC sits at S-EL1
then there is no need for TF-A to load secure partitions individually.

spmd: skip loading of secure partitions on pre-v8.4 platforms

When SPD=spmd and SPMD_SPM_AT_SEL2=0, that is SPMC sits at S-EL1
then there is no need for TF-A to load secure partitions individually.
In this configuration, SPMC handles secure partition loading at
S-EL1/EL0 levels.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I06a0d88a4811274a8c347ce57b56bb5f64e345df

show more ...

fconf: Clean Arm IO

Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.

This patch:
- replace arm_io_storage.c

fconf: Clean Arm IO

Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.

This patch:
- replace arm_io_storage.c with the content of arm_fconf_io_storage.c
- rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
- use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
- propagate DEFINES when parsing dts.
- use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
- set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
of fvp stays the same as it was before the introduction of fconf.

Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

show more ...

Merge changes from topic "mp/enhanced_pal_hw" into integration

* changes:
plat/arm/fvp: populate pwr domain descriptor dynamically
fconf: Extract topology node properties from HW_CONFIG dtb
fc

Merge changes from topic "mp/enhanced_pal_hw" into integration

* changes:
plat/arm/fvp: populate pwr domain descriptor dynamically
fconf: Extract topology node properties from HW_CONFIG dtb
fconf: necessary modifications to support fconf in BL31 & SP_MIN
fconf: enhancements to firmware configuration framework

show more ...

fconf: necessary modifications to support fconf in BL31 & SP_MIN

Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG

fconf: necessary modifications to support fconf in BL31 & SP_MIN

Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG device tree
and registered them with fconf framework. Many of the changes are
only applicable for fvp platform.

This patch:
1. Adds necessary symbols and sections in BL31, SP_MIN linker script
2. Adds necessary memory map entry for translation in BL31, SP_MIN
3. Creates an abstraction layer for hardware configuration based on
fconf framework
4. Adds necessary changes to build flow (makefiles)
5. Minimal callback to read hw_config dtb for capturing properties
related to GIC(interrupt-controller node)
6. updates the fconf documentation

Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge changes from topic "tbbr/fw_enc" into integration

* changes:
docs: qemu: Add instructions to boot using FIP image
docs: Update docs with firmware encryption feature
qemu: Support optiona

Merge changes from topic "tbbr/fw_enc" into integration

* changes:
docs: qemu: Add instructions to boot using FIP image
docs: Update docs with firmware encryption feature
qemu: Support optional encryption of BL31 and BL32 images
qemu: Update flash address map to keep FIP in secure FLASH0
Makefile: Add support to optionally encrypt BL31 and BL32
tools: Add firmware authenticated encryption tool
TBB: Add an IO abstraction layer to load encrypted firmwares
drivers: crypto: Add authenticated decryption framework

show more ...

Makefile: Add support to optionally encrypt BL31 and BL32

Following build flags have been added to support optional firmware
encryption:

- FW_ENC_STATUS: Top level firmware's encryption numeric fla

Makefile: Add support to optionally encrypt BL31 and BL32

Following build flags have been added to support optional firmware
encryption:

- FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
0: Encryption is done with Secret Symmetric Key (SSK) which is
common for a class of devices.
1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
is unique per device.

- ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
could be SSK or BSSK depending on FW_ENC_STATUS flag.

- ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
(IV) in hex string format.

- ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.

- ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.

Similar flags can be added to encrypt other firmwares as well depending
on use-cases.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I94374d6830ad5908df557f63823e58383d8ad670

show more ...

tools: Add firmware authenticated encryption tool

Add firmware authenticated encryption tool which utilizes OpenSSL
library to encrypt firmwares using a key provided via cmdline. Currently
this tool

tools: Add firmware authenticated encryption tool

Add firmware authenticated encryption tool which utilizes OpenSSL
library to encrypt firmwares using a key provided via cmdline. Currently
this tool supports AES-GCM as an authenticated encryption algorithm.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I60e296af1b98f1912a19d5f91066be7ea85836e4

show more ...

drivers: crypto: Add authenticated decryption framework

Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRY

drivers: crypto: Add authenticated decryption framework

Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271

show more ...

Merge changes from topic "spmd-sel2" into integration

* changes:
SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
SPMD: smc handler qualify secure origin using booleans
SPMD: SPMC

Merge changes from topic "spmd-sel2" into integration

* changes:
SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
SPMD: smc handler qualify secure origin using booleans
SPMD: SPMC init, SMC handler cosmetic changes
SPMD: [tegra] rename el1_sys_regs structure to sys_regs
SPMD: Adds partially supported EL2 registers.
SPMD: save/restore EL2 system registers.

show more ...

SPMD: add command line parameter to run SPM at S-EL2 or S-EL1

Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is di

SPMD: add command line parameter to run SPM at S-EL2 or S-EL1

Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled).
Removed runtime EL from SPM core manifest.

Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>

show more ...

SPMD: save/restore EL2 system registers.

NOTE: Not all EL-2 system registers are saved/restored.
This subset includes registers recognized by ARMv8.0

Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283a

SPMD: save/restore EL2 system registers.

NOTE: Not all EL-2 system registers are saved/restored.
This subset includes registers recognized by ARMv8.0

Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>

show more ...

Merge "tools: Small improvement to print_memory_map script" into integration

Merge "Read-only xlat tables for BL31 memory" into integration

Merge "SPMD: generate and add Secure Partition blobs into FIP" into integration

Read-only xlat tables for BL31 memory

This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who h

Read-only xlat tables for BL31 memory

This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.

The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.

To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.

Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.

The caches are also flushed.

Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466

show more ...

SPMD: generate and add Secure Partition blobs into FIP

Till now TF-A allows limited number of external images to be made part
of FIP. With SPM coming along, there may exist multiple SP packages
whic

SPMD: generate and add Secure Partition blobs into FIP

Till now TF-A allows limited number of external images to be made part
of FIP. With SPM coming along, there may exist multiple SP packages
which need to be inserted into FIP. To achieve this we need a more
scalable approach to feed SP packages to FIP.

This patch introduces changes in build system to generate and add SP
packages into FIP based on information provided by platform.
Platform provides information in form of JSON which contains layout
description of available Secure Partitions.
JSON parser script is invoked by build system early on and generates
a makefile which updates FIP, SPTOOL and FDT arguments which will be
used by build system later on for final packaging.

"SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A
tree. This option will be used only when SPD=spmd.

For each SP, generated makefile will have following entries
- FDT_SOURCES += sp1.dts
- SPTOOL_ARGS += -i sp1.img:sp1.dtb -o sp1.pkg
- FIP_ARGS += --blob uuid=XXXX-XXX...,file=SP1.pkg

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7

show more ...