Merge "feat(crypto): enable SIMD crypto extensions for S-EL1" into integration

feat(crypto): enable SIMD crypto extensions for S-EL1

Enable the SIMD in arch setup to enable SIMD crypto
extension for S-EL1 for BL2

Change-Id: I5573b5f214ca5d520ee45b380375df4c2344acf1
Signed-off

feat(crypto): enable SIMD crypto extensions for S-EL1

Enable the SIMD in arch setup to enable SIMD crypto
extension for S-EL1 for BL2

Change-Id: I5573b5f214ca5d520ee45b380375df4c2344acf1
Signed-off-by: Xialin Liu <xialin.liu@arm.com>

show more ...

Merge changes from topic "bk/no_blx_setup" into integration

* changes:
fix: replace stray BL2_AT_EL3 with RESET_TO_BL2
refactor(aarch64): move BL31 specific setup out of the PSCI entrypoint
re

Merge changes from topic "bk/no_blx_setup" into integration

* changes:
fix: replace stray BL2_AT_EL3 with RESET_TO_BL2
refactor(aarch64): move BL31 specific setup out of the PSCI entrypoint
refactor: unify blx_setup() and blx_main()
fix(bl2): unify the BL2 EL3 and RME entrypoints

show more ...

refactor: unify blx_setup() and blx_main()

All BLs have a bl_setup() for things that need to happen early, a fall
back into assembly and then bl_main() for the main functionality. This
was necessary

refactor: unify blx_setup() and blx_main()

All BLs have a bl_setup() for things that need to happen early, a fall
back into assembly and then bl_main() for the main functionality. This
was necessary in order to fiddle with PAuth related things that tend to
break C calls. Since then PAuth's enablement has seen a lot of
refactoring and this is now worked around cleanly so the distinction can
be removed. The only tradeoff is that this requires pauth to not be used
for the top-level main function.

There are two main benefits to doing this: First, code is easier to
understand as it's all together and the entrypoint is smaller. Second,
the compiler gets to see more of the code and apply optimisations
(importantly LTO).

Change-Id: Iddb93551115a2048988017547eb7b8db441dbd37
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "psa_key_id_mgmt" into integration

* changes:
feat(auth): extend REGISTER_CRYPTO_LIB calls
feat(bl): adding psa crypto - crypto_mod_finish()
feat(fvp): increase BL1 RW

Merge changes from topic "psa_key_id_mgmt" into integration

* changes:
feat(auth): extend REGISTER_CRYPTO_LIB calls
feat(bl): adding psa crypto - crypto_mod_finish()
feat(fvp): increase BL1 RW for PSA Crypto
feat(auth): mbedtls psa key id mgmt
feat(auth): add crypto_mod_finish() function
feat(auth): add update of current_pk_oid in auth
feat(auth): add util file for current pk_oid
feat(auth): increase mbedtls heap for PSA RSA
feat(auth): introducing auth.mk

show more ...

feat(bl): adding psa crypto - crypto_mod_finish()

Adding call to crypto_mod_finish() at the end of crypto usage in the
bl mains. This is currently used for psa crytpo to destroy the
psa_key_ids in t

feat(bl): adding psa crypto - crypto_mod_finish()

Adding call to crypto_mod_finish() at the end of crypto usage in the
bl mains. This is currently used for psa crytpo to destroy the
psa_key_ids in the psa key store, but could be expanded if required
later.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I3dba9fe87b6bb64b629dda9d6c4653b116e7ee62

show more ...

Merge changes Id942c20c,Idd286bea,I8917a26e,Iec8c3477,If3c25dcd, ... into integration

* changes:
feat(cpufeat): enable FEAT_PAuth to FEAT_STATE_CHECKED
perf(cpufeat): centralise PAuth key saving

Merge changes Id942c20c,Idd286bea,I8917a26e,Iec8c3477,If3c25dcd, ... into integration

* changes:
feat(cpufeat): enable FEAT_PAuth to FEAT_STATE_CHECKED
perf(cpufeat): centralise PAuth key saving
refactor(cpufeat): convert FEAT_PAuth setup to C
refactor(cpufeat): prepare FEAT_PAuth for FEATURE_DETECTION
chore(cpufeat): remove PAuth presence checks
feat(cpufeat): enable FEAT_BTI to FEAT_STATE_CHECKED

show more ...

feat(cpufeat): enable FEAT_PAuth to FEAT_STATE_CHECKED

FEAT_PAuth is the second to last feature to be a boolean choice - it's
either unconditionally compiled in and must be present in hardware or
it

feat(cpufeat): enable FEAT_PAuth to FEAT_STATE_CHECKED

FEAT_PAuth is the second to last feature to be a boolean choice - it's
either unconditionally compiled in and must be present in hardware or
it's not compiled in. FEAT_PAuth is architected to be backwards
compatible - a subset of the branch guarding instructions (pacia/autia)
execute as NOPs when PAuth is not present. That subset is used with
`-mbranch-protection=standard` and -march pre-8.3. This patch adds the
necessary logic to also check accesses of the non-backward compatible
registers and allow a fully checked implementation.

Note that a checked support requires -march to be pre 8.3, as otherwise
the compiler will include branch protection instructions that are not
NOPs without PAuth (eg retaa) which cannot be checked.

Change-Id: Id942c20cae9d15d25b3d72b8161333642574ddaa
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

chore(cpufeat): remove PAuth presence checks

TF-A operates a policy that features must be correctly configured per
each platform. There is a tool to assist in making sure that this is the
case - FEA

chore(cpufeat): remove PAuth presence checks

TF-A operates a policy that features must be correctly configured per
each platform. There is a tool to assist in making sure that this is the
case - FEATURE_DETECTION. So performing these checks in common code is
not the right place for this. Remove them and rely on FEATURE_DETECTION.

Change-Id: If3c25dcd7bc880f1f085bc6bb5270d8d1c4caf43
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "early_console" into integration

* changes:
feat(stm32mp2): use early traces
feat(st-bsec): use early traces
refactor(st): replace STM32MP_EARLY_CONSOLE with EARLY_CON

Merge changes from topic "early_console" into integration

* changes:
feat(stm32mp2): use early traces
feat(st-bsec): use early traces
refactor(st): replace STM32MP_EARLY_CONSOLE with EARLY_CONSOLE
feat(console): introduce EARLY_CONSOLE
feat(bl32): create an sp_min_setup function

show more ...

Merge changes from topic "makefile-cleanup" into integration

* changes:
build: improve diagnostics for unrecognized toolchain tools
build(rzg): separate BL2 and BL31 SREC generation
build(rcar

Merge changes from topic "makefile-cleanup" into integration

* changes:
build: improve diagnostics for unrecognized toolchain tools
build(rzg): separate BL2 and BL31 SREC generation
build(rcar): separate BL2 and BL31 SREC generation
build: separate preprocessing from DTB compilation
build: remove `MAKE_BUILD_STRINGS` function

show more ...

build: remove `MAKE_BUILD_STRINGS` function

This function causes the build message to be generated and compiled in
two different ways, with one way done inside `build_macros.mk` and the
other done i

build: remove `MAKE_BUILD_STRINGS` function

This function causes the build message to be generated and compiled in
two different ways, with one way done inside `build_macros.mk` and the
other done inside `windows.mk`, mostly because it's done by generating
the C file on the command line.

We can instead replace this whole build message generation sequence with
a simple standard C compilation command and a normal C file.

Change-Id: I8bc136380c9585ddeec9a11154ee39ef70526f81
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

feat(console): introduce EARLY_CONSOLE

This is a generic porting of what was done on ST platforms with flag
STM32MP_EARLY_CONSOLE. It creates the flag and the prototype for
plat_setup_early_console(

feat(console): introduce EARLY_CONSOLE

This is a generic porting of what was done on ST platforms with flag
STM32MP_EARLY_CONSOLE. It creates the flag and the prototype for
plat_setup_early_console(). This function depends on platform
implementation. This function call is added at the beginning of each BL
image early setup function.
The patch also introduce an extra log macro: EARLY_ERROR. This can
replace ERROR macro in code that will only be executed before the
default console is enabled, and will do nothing when the EARLY_CONSOLE
is not enabled. This can then save some space in memory.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I77bf0a0c4289b4c7df94e4bfb783a938e05bf023

show more ...

Merge "feat(fvp): capture timestamps in bl stages" into integration

feat(fvp): capture timestamps in bl stages

When ENABLE_RUNTIME_INSTRUMENTATION flag is set timestamps are captured
and output to the fvp console at various boot stages using the PMF
library (which a

feat(fvp): capture timestamps in bl stages

When ENABLE_RUNTIME_INSTRUMENTATION flag is set timestamps are captured
and output to the fvp console at various boot stages using the PMF
library (which are based on aarch timers).

Timestamps are captured at entry and exit points for Bl1, Bl2
and, Bl3 respectively.

Change-Id: I7c0c502e5dbf73d711700b2fe0085ca3eb9346d2
Signed-off-by: Thaddeus Serna <Thaddeus.Gonzalez-Serna@arm.com>

show more ...

Merge "refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3" into integration

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is runnin

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).

BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.

Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>

show more ...

Merge changes from topic "decouple-tb-mb" into integration

* changes:
refactor(renesas): disable CRYPTO_SUPPORT option
refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
refactor(me

Merge changes from topic "decouple-tb-mb" into integration

* changes:
refactor(renesas): disable CRYPTO_SUPPORT option
refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot
build: introduce CRYPTO_SUPPORT build option

show more ...

refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot

Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by m

refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot

Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by making below
changes -
1. BL1 and BL2 main functions are used for initializing Crypto module
instead of the authentication module
2. Updated Crypto module registration macro for MEASURED_BOOT with only
necessary callbacks for calculating image hashes
3. The 'load_auth_image' function is now used for the image measurement
during Trusted or Non-Trusted Boot flow

Change-Id: I3570e80bae8ce8f5b58d84bd955aa43e925d9fff
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG
feat(plat/fvp): pass Event Log addr and size from BL1 to BL2
feat(measured_boot): update tb_fw_config with event log properties
feat(measured_boot): image hash measurement and recording in BL1
refactor(measured boot): remove platform calls from Event Log driver
refactor(measured_boot): remove passing of BL2 hash via device tree
refactor(measured boot): move BL2 measurement to platform layer
refactor(measured boot): rename add_event2()
refactor(measured boot): move image measurement to generic layer
build(measured boot): rename measured boot makefile
feat(measured boot): move init and teardown functions to platform layer
refactor(measured boot): rename tpm_record_measurement()

show more ...

feat(measured boot): move init and teardown functions to platform layer

Right now, the measured boot driver is strongly coupled with the TCG
event log driver. It would not be possible to push the me

feat(measured boot): move init and teardown functions to platform layer

Right now, the measured boot driver is strongly coupled with the TCG
event log driver. It would not be possible to push the measurements
somewhere else, for instance to a physical TPM.

To enable this latter use case, turn the driver's init and teardown
functions into platform hooks. Call them bl2_plat_mboot_init()/finish().
This allows each platform to implement them appropriately, depending on
the type of measured boot backend they use. For example, on a platform
with a physical TPM, the plat_mboot_init() hook would startup the TPM
and setup it underlying bus (e.g. SPI).

Move the current implementation of the init and teardown function to the
FVP platform layer.

Finally move the conditional compilation logic (#if MEASURED_BOOT) out
of bl2_main() to improve its readability. Provide a dummy implementation
in the case measured boot is not included in the build.

Change-Id: Ib6474cb5a9c1e3d4a30c7f228431b22d1a6e85e3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME

show more ...

feat(rme): run BL2 in root world when FEAT_RME is enabled

This patch enables BL2 to run in root world (EL3) which is
needed as per the security model of RME-enabled systems.

Using the existing BL2_

feat(rme): run BL2 in root world when FEAT_RME is enabled

This patch enables BL2 to run in root world (EL3) which is
needed as per the security model of RME-enabled systems.

Using the existing BL2_AT_EL3 TF-A build option is not convenient
because that option assumes TF-A BL1 doesn't exist, which is not
the case for RME-enabled systems. For the purposes of RME, we use
a normal BL1 image but we also want to run BL2 in EL3 as normally as
possible, therefore rather than use the special bl2_entrypoint
function in bl2_el3_entrypoint.S, we use a new bl2_entrypoint
function (in bl2_rme_entrypoint.S) which doesn't need reset or
mailbox initialization code seen in the el3_entrypoint_common macro.

The patch also cleans up bl2_el3_entrypoint.S, moving the
bl2_run_next_image function to its own file to avoid duplicating
code.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I99821b4cd550cadcb701f4c0c4dc36da81c7ef55

show more ...

Merge changes from topic "fw-update-2" into integration

* changes:
feat(sw_crc32): add software CRC32 support
refactor(hw_crc32): renamed hw_crc32 to tf_crc32
feat(fwu): avoid booting with an

Merge changes from topic "fw-update-2" into integration

* changes:
feat(sw_crc32): add software CRC32 support
refactor(hw_crc32): renamed hw_crc32 to tf_crc32
feat(fwu): avoid booting with an alternate boot source
docs(fwu): add firmware update documentation
feat(fwu): avoid NV counter upgrade in trial run state
feat(plat/arm): add FWU support in Arm platforms
feat(fwu): initialize FWU driver in BL2
feat(fwu): add FWU driver
feat(fwu): introduce FWU platform-specific functions declarations
docs(fwu_metadata): add FWU metadata build options
feat(fwu_metadata): add FWU metadata header and build options

show more ...

feat(fwu): initialize FWU driver in BL2

Initialized FWU driver module in BL2 component under
build flag PSA_FWU_SUPPORT.

Change-Id: I08b191599835925c355981d695667828561b9a21
Signed-off-by: Manish V

feat(fwu): initialize FWU driver in BL2

Initialized FWU driver module in BL2 component under
build flag PSA_FWU_SUPPORT.

Change-Id: I08b191599835925c355981d695667828561b9a21
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...