Merge changes I6e4cd8b5,Id5086b3c,I070d62bb into integration

* changes:
fix(el3-runtime): allow RNDR access at EL3 even when RNG_TRAP is enabled
fix(smccc): don't panic on a feature availability

Merge changes I6e4cd8b5,Id5086b3c,I070d62bb into integration

* changes:
fix(el3-runtime): allow RNDR access at EL3 even when RNG_TRAP is enabled
fix(smccc): don't panic on a feature availability call with FEAT_RNG_TRAP
fix(bl1): use per-world context correctly

show more ...

fix(bl1): use per-world context correctly

Currently, the configuration with BL1 and BL2 at SEL1 will transition
via el3_exit which will restore per-world context. However, that context
is never writ

fix(bl1): use per-world context correctly

Currently, the configuration with BL1 and BL2 at SEL1 will transition
via el3_exit which will restore per-world context. However, that context
is never written to and so zeroes end up in registers, which is not
necessarily correct.

This patch gets BL1 to call cm_manage_extensions_per_world() whenever
BL2 runs in a lower EL. This allows the per-world registers to have the
reset values we intend. An accompanying call to
cm_manage_extensions_el3() is also added for completeness.

Doing this shows a small deficiency in cptr_el3 - bits TFP and TCPAC
change a lot. This patch makes them consistent by always setting TCPAC
and TFP to 0 which unconditionally enable access to CPTR_EL2 and FPCR by
default as they are always accessible. Other places that manipulate the
TFP bit are removed.

A nice side effect of all of this is that we're now in a position to
enable and use any architectural extension in BL2.

Change-Id: I070d62bbf8e9d9b472caf7e2c931c303523be308
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "bk/no_blx_setup" into integration

* changes:
fix: replace stray BL2_AT_EL3 with RESET_TO_BL2
refactor(aarch64): move BL31 specific setup out of the PSCI entrypoint
re

Merge changes from topic "bk/no_blx_setup" into integration

* changes:
fix: replace stray BL2_AT_EL3 with RESET_TO_BL2
refactor(aarch64): move BL31 specific setup out of the PSCI entrypoint
refactor: unify blx_setup() and blx_main()
fix(bl2): unify the BL2 EL3 and RME entrypoints

show more ...

refactor: unify blx_setup() and blx_main()

All BLs have a bl_setup() for things that need to happen early, a fall
back into assembly and then bl_main() for the main functionality. This
was necessary

refactor: unify blx_setup() and blx_main()

All BLs have a bl_setup() for things that need to happen early, a fall
back into assembly and then bl_main() for the main functionality. This
was necessary in order to fiddle with PAuth related things that tend to
break C calls. Since then PAuth's enablement has seen a lot of
refactoring and this is now worked around cleanly so the distinction can
be removed. The only tradeoff is that this requires pauth to not be used
for the top-level main function.

There are two main benefits to doing this: First, code is easier to
understand as it's all together and the entrypoint is smaller. Second,
the compiler gets to see more of the code and apply optimisations
(importantly LTO).

Change-Id: Iddb93551115a2048988017547eb7b8db441dbd37
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "psa_key_id_mgmt" into integration

* changes:
feat(auth): extend REGISTER_CRYPTO_LIB calls
feat(bl): adding psa crypto - crypto_mod_finish()
feat(fvp): increase BL1 RW

Merge changes from topic "psa_key_id_mgmt" into integration

* changes:
feat(auth): extend REGISTER_CRYPTO_LIB calls
feat(bl): adding psa crypto - crypto_mod_finish()
feat(fvp): increase BL1 RW for PSA Crypto
feat(auth): mbedtls psa key id mgmt
feat(auth): add crypto_mod_finish() function
feat(auth): add update of current_pk_oid in auth
feat(auth): add util file for current pk_oid
feat(auth): increase mbedtls heap for PSA RSA
feat(auth): introducing auth.mk

show more ...

feat(bl): adding psa crypto - crypto_mod_finish()

Adding call to crypto_mod_finish() at the end of crypto usage in the
bl mains. This is currently used for psa crytpo to destroy the
psa_key_ids in t

feat(bl): adding psa crypto - crypto_mod_finish()

Adding call to crypto_mod_finish() at the end of crypto usage in the
bl mains. This is currently used for psa crytpo to destroy the
psa_key_ids in the psa key store, but could be expanded if required
later.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I3dba9fe87b6bb64b629dda9d6c4653b116e7ee62

show more ...

Merge changes Id942c20c,Idd286bea,I8917a26e,Iec8c3477,If3c25dcd, ... into integration

* changes:
feat(cpufeat): enable FEAT_PAuth to FEAT_STATE_CHECKED
perf(cpufeat): centralise PAuth key saving

Merge changes Id942c20c,Idd286bea,I8917a26e,Iec8c3477,If3c25dcd, ... into integration

* changes:
feat(cpufeat): enable FEAT_PAuth to FEAT_STATE_CHECKED
perf(cpufeat): centralise PAuth key saving
refactor(cpufeat): convert FEAT_PAuth setup to C
refactor(cpufeat): prepare FEAT_PAuth for FEATURE_DETECTION
chore(cpufeat): remove PAuth presence checks
feat(cpufeat): enable FEAT_BTI to FEAT_STATE_CHECKED

show more ...

perf(cpufeat): centralise PAuth key saving

prepare_el3_entry() is meant to be the one-stop shop for all the context
we must fiddle with to enter EL3 proper. However, PAuth is the one
exception, happ

perf(cpufeat): centralise PAuth key saving

prepare_el3_entry() is meant to be the one-stop shop for all the context
we must fiddle with to enter EL3 proper. However, PAuth is the one
exception, happening right after. Absorb it into prepare_el3_entry(),
handling the BL1/BL31 difference.

This is a good time to also move the key saving into the enable
function, also to centralise. With this it becomes apparent that saving
keys just before CPU_SUSPEND is redundant as they will be reinitialised
when the core wakes up.

Note that the key loading, now in save_gp_pmcr_pauth_regs, does not end
in an isb. The effects of the key change are not needed until the isb
in the caller, so this isb is not needed.

Change-Id: Idd286bea91140c106ab4c933c5c44b0bc2050ca2
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

chore(cpufeat): remove PAuth presence checks

TF-A operates a policy that features must be correctly configured per
each platform. There is a tool to assist in making sure that this is the
case - FEA

chore(cpufeat): remove PAuth presence checks

TF-A operates a policy that features must be correctly configured per
each platform. There is a tool to assist in making sure that this is the
case - FEATURE_DETECTION. So performing these checks in common code is
not the right place for this. Remove them and rely on FEATURE_DETECTION.

Change-Id: If3c25dcd7bc880f1f085bc6bb5270d8d1c4caf43
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "early_console" into integration

* changes:
feat(stm32mp2): use early traces
feat(st-bsec): use early traces
refactor(st): replace STM32MP_EARLY_CONSOLE with EARLY_CON

Merge changes from topic "early_console" into integration

* changes:
feat(stm32mp2): use early traces
feat(st-bsec): use early traces
refactor(st): replace STM32MP_EARLY_CONSOLE with EARLY_CONSOLE
feat(console): introduce EARLY_CONSOLE
feat(bl32): create an sp_min_setup function

show more ...

Merge changes from topic "makefile-cleanup" into integration

* changes:
build: improve diagnostics for unrecognized toolchain tools
build(rzg): separate BL2 and BL31 SREC generation
build(rcar

Merge changes from topic "makefile-cleanup" into integration

* changes:
build: improve diagnostics for unrecognized toolchain tools
build(rzg): separate BL2 and BL31 SREC generation
build(rcar): separate BL2 and BL31 SREC generation
build: separate preprocessing from DTB compilation
build: remove `MAKE_BUILD_STRINGS` function

show more ...

build: remove `MAKE_BUILD_STRINGS` function

This function causes the build message to be generated and compiled in
two different ways, with one way done inside `build_macros.mk` and the
other done i

build: remove `MAKE_BUILD_STRINGS` function

This function causes the build message to be generated and compiled in
two different ways, with one way done inside `build_macros.mk` and the
other done inside `windows.mk`, mostly because it's done by generating
the C file on the command line.

We can instead replace this whole build message generation sequence with
a simple standard C compilation command and a normal C file.

Change-Id: I8bc136380c9585ddeec9a11154ee39ef70526f81
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge changes from topic "hm/handoff" into integration

* changes:
feat(handoff): add support for RESET_TO_BL2
feat(arm): support FW handoff b/w BL1 & BL2
feat(handoff): add TL source files to

Merge changes from topic "hm/handoff" into integration

* changes:
feat(handoff): add support for RESET_TO_BL2
feat(arm): support FW handoff b/w BL1 & BL2
feat(handoff): add TL source files to BL1
feat(handoff): add TE's for BL1 handoff interface
refactor(bl1): clean up bl2 layout calculation
feat(arm): support FW handoff b/w BL2 & BL31

show more ...

refactor(bl1): clean up bl2 layout calculation

Layout calculation is spread out between core BL1 logic and common
platform code. Relocate these into common platform code so they are
organised logica

refactor(bl1): clean up bl2 layout calculation

Layout calculation is spread out between core BL1 logic and common
platform code. Relocate these into common platform code so they are
organised logically.

Change-Id: I8b05403e41b800957a0367316cecd373d10bb1a4
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat(console): introduce EARLY_CONSOLE

This is a generic porting of what was done on ST platforms with flag
STM32MP_EARLY_CONSOLE. It creates the flag and the prototype for
plat_setup_early_console(

feat(console): introduce EARLY_CONSOLE

This is a generic porting of what was done on ST platforms with flag
STM32MP_EARLY_CONSOLE. It creates the flag and the prototype for
plat_setup_early_console(). This function depends on platform
implementation. This function call is added at the beginning of each BL
image early setup function.
The patch also introduce an extra log macro: EARLY_ERROR. This can
replace ERROR macro in code that will only be executed before the
default console is enabled, and will do nothing when the EARLY_CONSOLE
is not enabled. This can then save some space in memory.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I77bf0a0c4289b4c7df94e4bfb783a938e05bf023

show more ...

Merge "feat(fvp): capture timestamps in bl stages" into integration

feat(fvp): capture timestamps in bl stages

When ENABLE_RUNTIME_INSTRUMENTATION flag is set timestamps are captured
and output to the fvp console at various boot stages using the PMF
library (which a

feat(fvp): capture timestamps in bl stages

When ENABLE_RUNTIME_INSTRUMENTATION flag is set timestamps are captured
and output to the fvp console at various boot stages using the PMF
library (which are based on aarch timers).

Timestamps are captured at entry and exit points for Bl1, Bl2
and, Bl3 respectively.

Change-Id: I7c0c502e5dbf73d711700b2fe0085ca3eb9346d2
Signed-off-by: Thaddeus Serna <Thaddeus.Gonzalez-Serna@arm.com>

show more ...

Merge changes from topic "bk/errata_refactor" into integration

* changes:
feat(cpus): wrappers to propagate AArch32 errata info
feat(cpus): add a way to automatically report errata
feat(cpus):

Merge changes from topic "bk/errata_refactor" into integration

* changes:
feat(cpus): wrappers to propagate AArch32 errata info
feat(cpus): add a way to automatically report errata
feat(cpus): add a concise way to implement AArch64 errata
refactor(cpus): convert print_errata_status to C
refactor(cpus): rename errata_report.h to errata.h
refactor(cpus): move cpu_ops field defines to a header

show more ...

refactor(cpus): rename errata_report.h to errata.h

The ERRATA_XXX macros, used in cpu_helpers.S, are necessary for the
check_errata_xxx family of functions. The CPU_REV should be used in the
cpu fil

refactor(cpus): rename errata_report.h to errata.h

The ERRATA_XXX macros, used in cpu_helpers.S, are necessary for the
check_errata_xxx family of functions. The CPU_REV should be used in the
cpu files but for whatever reason the values have been hard-coded so far
(at the cost of readability). It's evident this file is not strictly for
status reporting.

The new purpose of this file is to make it a one-stop-shop for all
things errata.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1ce22dd36df5aa0bcfc5f2772251f91af8703dfb

show more ...

Merge changes from topic "decouple-tb-mb" into integration

* changes:
refactor(renesas): disable CRYPTO_SUPPORT option
refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
refactor(me

Merge changes from topic "decouple-tb-mb" into integration

* changes:
refactor(renesas): disable CRYPTO_SUPPORT option
refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot
build: introduce CRYPTO_SUPPORT build option

show more ...

refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot

Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by m

refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot

Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by making below
changes -
1. BL1 and BL2 main functions are used for initializing Crypto module
instead of the authentication module
2. Updated Crypto module registration macro for MEASURED_BOOT with only
necessary callbacks for calculating image hashes
3. The 'load_auth_image' function is now used for the image measurement
during Trusted or Non-Trusted Boot flow

Change-Id: I3570e80bae8ce8f5b58d84bd955aa43e925d9fff
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG
feat(plat/fvp): pass Event Log addr and size from BL1 to BL2
feat(measured_boot): update tb_fw_config with event log properties
feat(measured_boot): image hash measurement and recording in BL1
refactor(measured boot): remove platform calls from Event Log driver
refactor(measured_boot): remove passing of BL2 hash via device tree
refactor(measured boot): move BL2 measurement to platform layer
refactor(measured boot): rename add_event2()
refactor(measured boot): move image measurement to generic layer
build(measured boot): rename measured boot makefile
feat(measured boot): move init and teardown functions to platform layer
refactor(measured boot): rename tpm_record_measurement()

show more ...

feat(measured_boot): image hash measurement and recording in BL1

It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these r

feat(measured_boot): image hash measurement and recording in BL1

It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.

As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2

Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "Move static vars into functions in bl1" into integration

Move static vars into functions in bl1

This reduces the scope of these variables and resolves Misra violations
such as:
bl1/aarch64/bl1_context_mgmt.c:21:[MISRA C-2012 Rule 8.9 (advisory)]
"

Move static vars into functions in bl1

This reduces the scope of these variables and resolves Misra violations
such as:
bl1/aarch64/bl1_context_mgmt.c:21:[MISRA C-2012 Rule 8.9 (advisory)]
"bl1_cpu_context" should be defined at block scope.

Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I9b0b26395bce07e10e61d10158c67f9c22ecce44

show more ...