fconf: Add TBBR disable_authentication property

Use fconf to retrieve the `disable_authentication` property.
Move this access from arm dynamic configuration to bl common.

Change-Id: Ibf184a5c6245d0

fconf: Add TBBR disable_authentication property

Use fconf to retrieve the `disable_authentication` property.
Move this access from arm dynamic configuration to bl common.

Change-Id: Ibf184a5c6245d04839222f5457cf5e651f252b86
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

show more ...

Merge "Refactor load_auth_image_internal()." into integration

Refactor load_auth_image_internal().

The pre-processor directives make it hard to read the non-TBB version of
this function. Refactor the code to improve readability. No functional
change introduced

Refactor load_auth_image_internal().

The pre-processor directives make it hard to read the non-TBB version of
this function. Refactor the code to improve readability. No functional
change introduced.

In particular, introduce a new helper function load_image_flush(),
that simply loads an image and flushes it out to main memory. This is
the only thing load_auth_image_internal() needs to do when TBB is
disabled or when authentication is dynamically disabled.

In other cases, we need to recursively authenticate the parent images up
to the root of trust. To make this clearer, this code gets moved to a
TBB-specific helper function called load_auth_image_recursive().

As a result, load_auth_image_internal() now boils down to calling the
right helper function (depending on TBB enablement and dynamic
authentication status).

Change-Id: I20a39a3b833810b97ecf4219358e7d2cac263890
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Merge "Refactor ARMv8.3 Pointer Authentication support code" into integration

Refactor ARMv8.3 Pointer Authentication support code

This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key gene

Refactor ARMv8.3 Pointer Authentication support code

This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.

Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge "Switch AARCH32/AARCH64 to __aarch64__" into integration

Switch AARCH32/AARCH64 to __aarch64__

NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.

All common C compilers pre-define the same macros to signal which
architecture the cod

Switch AARCH32/AARCH64 to __aarch64__

NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.

All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)

Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>

show more ...

Merge pull request #1851 from antonio-nino-diaz-arm/an/pauth

Correctly check for support of Address Authentication

Correctly check for support of Address Authentication

Check for both IMPLEMENTATION_DEFINED and Architected algorithms of
Address Authentication.

Change-Id: I209dcc6087172cfef7baf8d09e0454628f02cbd

Correctly check for support of Address Authentication

Check for both IMPLEMENTATION_DEFINED and Architected algorithms of
Address Authentication.

Change-Id: I209dcc6087172cfef7baf8d09e0454628f02cbd0
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1829 from antonio-nino-diaz-arm/an/pauth

Add Pointer Authentication (ARMv8.3-PAuth) support to the TF

Add support for pointer authentication

The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable p

Add support for pointer authentication

The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.

This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.

Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1800 from sandrine-bailleux-arm/sb/load-img-v2

Remove dead code related to LOAD_IMAGE_V2=0

Remove dead code related to LOAD_IMAGE_V2=0

Commit ed51b51f7a9163a ("Remove build option LOAD_IMAGE_V2") intended
to remove all code related to LOAD_IMAGE_V2=0 but missed a few things.

Change-Id: I

Remove dead code related to LOAD_IMAGE_V2=0

Commit ed51b51f7a9163a ("Remove build option LOAD_IMAGE_V2") intended
to remove all code related to LOAD_IMAGE_V2=0 but missed a few things.

Change-Id: I16aaf52779dd4af1e134e682731328c5f1e5d622
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Merge pull request #1726 from antonio-nino-diaz-arm/an/includes

Sanitise includes across codebase

Sanitise includes across codebase

Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- inclu

Sanitise includes across codebase

Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}

The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).

For example, this patch had to be created because two headers were
called the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a282 ("drivers: add tzc380 support").

This problem was introduced in commit 4ecca33988b9 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.

Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.

Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1611 from antonio-nino-diaz-arm/an/misra-common

Remove some MISRA defects in common code

Remove some MISRA defects in common code

No functional changes.

Change-Id: I9638e02acb9b22eb794ebf45aad84348a710287e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Merge pull request #1587 from antonio-nino-diaz-arm/an/deprecated

Remove deprecated interfaces for all platforms

Remove build option LOAD_IMAGE_V2

The code of LOAD_IMAGE_V2=0 has been removed.

Change-Id: Iea03e5bebb90c66889bdb23f85c07d0c9717fffe
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Sig

Remove build option LOAD_IMAGE_V2

The code of LOAD_IMAGE_V2=0 has been removed.

Change-Id: Iea03e5bebb90c66889bdb23f85c07d0c9717fffe
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1399 from danielboulby-arm/db/MISRA

MISRA 5.1, 5.3 & 5.7 compliance changes

Fix MISRA Rule 5.3 Part 1

Conflict with function name and variable name within that function.
Change the name of the function from image_size to get_image_size
to remove conflict and make the functi

Fix MISRA Rule 5.3 Part 1

Conflict with function name and variable name within that function.
Change the name of the function from image_size to get_image_size
to remove conflict and make the function fit the normal project
naming convention.

Rule 5.3: An identifier declared in an inner scope shall not
hide an identifier declared in an outer scope

Fixed For:
make LOG_LEVEL=50 PLAT=fvp

Change-Id: I1a63d2730113e2741fffa79730459c584b0224d7
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

show more ...

Merge pull request #1386 from soby-mathew/sm/dyn_bl31

Extend dynamic configuration

Allow disabling authentication dynamically

This patch allows platforms to dynamically disable authentication of
images during cold boot. This capability is controlled via the
DYN_DISABLE_AUTH build

Allow disabling authentication dynamically

This patch allows platforms to dynamically disable authentication of
images during cold boot. This capability is controlled via the
DYN_DISABLE_AUTH build flag and is only meant for development
purposes.

Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Merge pull request #1182 from soby-mathew/sm/opt_tbbr_flush

Unify cache flush code path after image load

Unify cache flush code path after image load

Previously the cache flush happened in 2 different places in code
depending on whether TRUSTED_BOARD_BOOT is enabled or not. This
patch unifies this code

Unify cache flush code path after image load

Previously the cache flush happened in 2 different places in code
depending on whether TRUSTED_BOARD_BOOT is enabled or not. This
patch unifies this code path for both the cases. The `load_image()`
function is now made an internal static function.

Change-Id: I96a1da29d29236bbc34b1c95053e6a9a7fc98a54
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...