Merge "fix(common): error out if image load size is zero" into integration

fix(common): error out if image load size is zero

Change the return value of function to error value when image size
check correctly passes (io_result == 0), but the image size is zero
(image_size =

fix(common): error out if image load size is zero

Change the return value of function to error value when image size
check correctly passes (io_result == 0), but the image size is zero
(image_size == 0). If such an edge case occurs, the function would
not load any data, but would return successful return code 0.

This edge case is already detected by the current conditional and a
warning is reported, but in this special case, return value 0 was
returned to the caller, which might have confused the caller into
thinking that a valid loading of data occurred, even if it did not.

Handle the edge case, and return error, to assure the caller can not
be confused.

Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Signed-off-by: Dien Pham <dien.pham.ry@renesas.com>
Signed-off-by: Hieu Nguyen <hieu.nguyen.dn@renesas.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Change-Id: Id7e4b675540971b28f451e4590064b3fb1840fd6

show more ...

Merge changes from topic "xlnx_misra_fix_gen_common" into integration

* changes:
fix(common): initialize the variables
fix(common): rename exit label
fix(common): add missing curly braces
fi

Merge changes from topic "xlnx_misra_fix_gen_common" into integration

* changes:
fix(common): initialize the variables
fix(common): rename exit label
fix(common): add missing curly braces
fix(common): add missing curly braces

show more ...

fix(common): initialize the variables

This corrects the MISRA violation C2012-9.1:
All variables are explicitly initialized with zero or default values
during declaration. This helps, even if a func

fix(common): initialize the variables

This corrects the MISRA violation C2012-9.1:
All variables are explicitly initialized with zero or default values
during declaration. This helps, even if a function fails, the
variables contain predictable values, preventing undefined behavior

Change-Id: I64ec8a1c3873eb7a2c40c123260f7bc27af2412f
Signed-off-by: Saivardhan Thatikonda <saivardhan.thatikonda@amd.com>

show more ...

fix(common): rename exit label

This corrects the MISRA violation C2012-5.8:
Renaming the label eliminates the conflict with the exit() function.

Change-Id: Icef4e9b5a3741781ac836d72962b84183c4f6fd7

fix(common): rename exit label

This corrects the MISRA violation C2012-5.8:
Renaming the label eliminates the conflict with the exit() function.

Change-Id: Icef4e9b5a3741781ac836d72962b84183c4f6fd7
Signed-off-by: Saivardhan Thatikonda <saivardhan.thatikonda@amd.com>

show more ...

fix(common): add missing curly braces

This corrects the MISRA violation C2012-15.6:
The body of an iteration-statement or a selection-statement shall
be a compound-statement.Enclosed statement body

fix(common): add missing curly braces

This corrects the MISRA violation C2012-15.6:
The body of an iteration-statement or a selection-statement shall
be a compound-statement.Enclosed statement body within the curly
braces.

Change-Id: I24a73929c589e67f9ef9ef6d756d5c451a8b9219
Signed-off-by: Saivardhan Thatikonda <saivardhan.thatikonda@amd.com>

show more ...

Merge "refactor(bl): remove un-necessary variable" into integration

refactor(bl): remove un-necessary variable

Remove un-necessary variable 'is_parent_image'
used in the 'load_auth_image_recursive' function.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com

refactor(bl): remove un-necessary variable

Remove un-necessary variable 'is_parent_image'
used in the 'load_auth_image_recursive' function.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie66f7e3cc82dd443da0b75d55adf3ae7e15b5f99

show more ...

Merge changes from topic "st-nand-backup-fwu" into integration

* changes:
refactor(st): rename plat_set_image_source
feat(st): add FWU with boot from NAND
feat(st): manage backup partitions fo

Merge changes from topic "st-nand-backup-fwu" into integration

* changes:
refactor(st): rename plat_set_image_source
feat(st): add FWU with boot from NAND
feat(st): manage backup partitions for NAND devices
feat(bl): add plat handler for image loading
refactor(bl)!: remove unused plat_try_next_boot_source

show more ...

feat(bl): add plat handler for image loading

In case of load error, platform may need to try another instance, either
from another storage, or from the same storage in case of PSA FWU. On
MTD device

feat(bl): add plat handler for image loading

In case of load error, platform may need to try another instance, either
from another storage, or from the same storage in case of PSA FWU. On
MTD devices such as NAND, it is required to define backup partitions.
A new function plat_setup_try_img_ops() should be called by platform
code to register handlers (plat_try_images_ops) to manage loading
other images.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: Ideaecaf296c0037a26fb4e6680f33e507111378a

show more ...

refactor(bl)!: remove unused plat_try_next_boot_source

The plat_try_next_boot_source() API is not used by any upstream platform
and not used by platforms that asked for this API. It is then removed.

refactor(bl)!: remove unused plat_try_next_boot_source

The plat_try_next_boot_source() API is not used by any upstream platform
and not used by platforms that asked for this API. It is then removed.
It will be replaced with a more generic interface in next patch.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I298c7acace8c5efb3c66422d8d9280ecd08e5ade

show more ...

Merge changes from topic "makefile-cleanup" into integration

* changes:
build: improve diagnostics for unrecognized toolchain tools
build(rzg): separate BL2 and BL31 SREC generation
build(rcar

Merge changes from topic "makefile-cleanup" into integration

* changes:
build: improve diagnostics for unrecognized toolchain tools
build(rzg): separate BL2 and BL31 SREC generation
build(rcar): separate BL2 and BL31 SREC generation
build: separate preprocessing from DTB compilation
build: remove `MAKE_BUILD_STRINGS` function

show more ...

build: remove `MAKE_BUILD_STRINGS` function

This function causes the build message to be generated and compiled in
two different ways, with one way done inside `build_macros.mk` and the
other done i

build: remove `MAKE_BUILD_STRINGS` function

This function causes the build message to be generated and compiled in
two different ways, with one way done inside `build_macros.mk` and the
other done inside `windows.mk`, mostly because it's done by generating
the C file on the command line.

We can instead replace this whole build message generation sequence with
a simple standard C compilation command and a normal C file.

Change-Id: I8bc136380c9585ddeec9a11154ee39ef70526f81
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge "feat(bl): add interface to query TF-A semantic ver" into integration

feat(bl): add interface to query TF-A semantic ver

Adding interface for stand-alone semantic version of TF-A
for exporting to RSS attestation, and potentially other areas
as well.

Signed-off-by: La

feat(bl): add interface to query TF-A semantic ver

Adding interface for stand-alone semantic version of TF-A
for exporting to RSS attestation, and potentially other areas
as well.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ib4a2c47aa1e42a3b850185e674c90708a05cda53

show more ...

Merge changes from topic "decouple-tb-mb" into integration

* changes:
refactor(renesas): disable CRYPTO_SUPPORT option
refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
refactor(me

Merge changes from topic "decouple-tb-mb" into integration

* changes:
refactor(renesas): disable CRYPTO_SUPPORT option
refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot
build: introduce CRYPTO_SUPPORT build option

show more ...

refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot

Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by m

refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot

Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by making below
changes -
1. BL1 and BL2 main functions are used for initializing Crypto module
instead of the authentication module
2. Updated Crypto module registration macro for MEASURED_BOOT with only
necessary callbacks for calculating image hashes
3. The 'load_auth_image' function is now used for the image measurement
during Trusted or Non-Trusted Boot flow

Change-Id: I3570e80bae8ce8f5b58d84bd955aa43e925d9fff
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG
feat(plat/fvp): pass Event Log addr and size from BL1 to BL2
feat(measured_boot): update tb_fw_config with event log properties
feat(measured_boot): image hash measurement and recording in BL1
refactor(measured boot): remove platform calls from Event Log driver
refactor(measured_boot): remove passing of BL2 hash via device tree
refactor(measured boot): move BL2 measurement to platform layer
refactor(measured boot): rename add_event2()
refactor(measured boot): move image measurement to generic layer
build(measured boot): rename measured boot makefile
feat(measured boot): move init and teardown functions to platform layer
refactor(measured boot): rename tpm_record_measurement()

show more ...

feat(measured_boot): image hash measurement and recording in BL1

It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these r

feat(measured_boot): image hash measurement and recording in BL1

It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.

As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2

Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

refactor(measured boot): move image measurement to generic layer

Right now, the assumption is that the platform post-load hook takes
care of measuring the image that just got loaded. This is how it'

refactor(measured boot): move image measurement to generic layer

Right now, the assumption is that the platform post-load hook takes
care of measuring the image that just got loaded. This is how it's
implemented on FVP.

This patch moves the measurement into the generic code
instead. load_auth_image() now calls plat_mboot_measure_image(),
which is a new platform interface introduced in this patch to measure
an image. This is called just after authenticating the image.

Implement plat_mboot_measure_image() for the Arm FVP platform. The code
is copied straight from the post-load hook.

As a result, the FVP specific implementation of
arm_bl2_plat_handle_post_image_load() is no longer needed. We can go
back to using the Arm generic implementation of it.

Change-Id: I7b4b8d28941a865e10af9d0eadaf2e4850942090
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "fw-update-2" into integration

* changes:
feat(sw_crc32): add software CRC32 support
refactor(hw_crc32): renamed hw_crc32 to tf_crc32
feat(fwu): avoid booting with an

Merge changes from topic "fw-update-2" into integration

* changes:
feat(sw_crc32): add software CRC32 support
refactor(hw_crc32): renamed hw_crc32 to tf_crc32
feat(fwu): avoid booting with an alternate boot source
docs(fwu): add firmware update documentation
feat(fwu): avoid NV counter upgrade in trial run state
feat(plat/arm): add FWU support in Arm platforms
feat(fwu): initialize FWU driver in BL2
feat(fwu): add FWU driver
feat(fwu): introduce FWU platform-specific functions declarations
docs(fwu_metadata): add FWU metadata build options
feat(fwu_metadata): add FWU metadata header and build options

show more ...

feat(fwu): avoid booting with an alternate boot source

All firmware banks should be part of the same non-volatile storage
as per PSA FWU specification, hence avoid checking for any alternate
boot so

feat(fwu): avoid booting with an alternate boot source

All firmware banks should be part of the same non-volatile storage
as per PSA FWU specification, hence avoid checking for any alternate
boot source when PSA FWU is enabled.

Change-Id: I5b016e59e87f1cbfc73f4cd29fce6017c24f88b3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "Increase type widths to satisfy width requirements" into integration

Increase type widths to satisfy width requirements

Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
T

Increase type widths to satisfy width requirements

Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
This resolves the following required rule:

bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
0x3c0U" (32 bits) is less that the right hand operand
"18446744073709547519ULL" (64 bits).

This also resolves MISRA defects such as:

bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
In the expression "3U << 20", shifting more than 7 bits, the number
of bits in the essential type of the left expression, "3U", is
not allowed.

Further, MISRA requires that all shifts don't overflow. The definition of
PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
This fixes the violation by changing the definition to 1UL << 12. Since
this uses 32bits, it should not create any issues for aarch32.

This patch also contains a fix for a build failure in the sun50i_a64
platform. Specifically, these misra fixes removed a single and
instruction,

92407e73 and x19, x19, #0xffffffff

from the cm_setup_context function caused a relocation in
psci_cpus_on_start to require a linker-generated stub. This increased the
size of the .text section and caused an alignment later on to go over a
page boundary and round up to the end of RAM before placing the .data
section. This sectionn is of non-zero size and therefore causes a link
error.

The fix included in this reorders the functions during link time
without changing their ording with respect to alignment.

Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>

show more ...

Merge changes from topic "lm/fconf" into integration

* changes:
arm-io: Panic in case of io setup failure
MISRA fix: Use boolean essential type
fconf: Add documentation
fconf: Move platform

Merge changes from topic "lm/fconf" into integration

* changes:
arm-io: Panic in case of io setup failure
MISRA fix: Use boolean essential type
fconf: Add documentation
fconf: Move platform io policies into fconf
fconf: Add mbedtls shared heap as property
fconf: Add TBBR disable_authentication property
fconf: Add dynamic config DTBs info as property
fconf: Populate properties from dtb during bl2 setup
fconf: Load config dtb from bl1
fconf: initial commit

show more ...