| #
c3170fd8 |
| 14-Nov-2022 |
Manish Pandey <manish.pandey2@arm.com> |
Merge changes from topic "stm32mp1-trusted-boot" into integration
* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
Merge changes from topic "stm32mp1-trusted-boot" into integration
* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
feat(stm32mp1): add the platform specific build for tools
fix(stm32mp13-fdts): remove secure status
feat(stm32mp1-fdts): add CoT and fuse references for authentication
feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip
feat(stm32mp1): add the decryption support
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
feat(stm32mp1): update ROM code API for header v2 management
feat(stm32mp1): remove unused function from boot API
refactor(stm32mp1): remove authentication using STM32 image mode
fix(fconf): fix type error displaying disable_auth
feat(tbbr): increase PK_DER_LEN size
fix(auth): correct sign-compare warning
feat(auth): allow to verify PublicKey with platform format PK
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
feat(stm32mp1): add RNG initialization in BL2 for STM32MP13
feat(st-crypto): remove BL32 HASH driver usage
feat(stm32mp1): add a stm32mp crypto library
feat(st-crypto): add STM32 RNG driver
feat(st-crypto): add AES decrypt/auth by SAES IP
feat(st-crypto): add ECDSA signature check with PKA
feat(st-crypto): update HASH for new hardware version used in STM32MP13
show more ...
|
| #
e78ba69e |
| 14-Nov-2022 |
Lionel Debieve <lionel.debieve@foss.st.com> |
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
Updated cert_tool to be able to select brainpool P256r/t1
or NIST prim256v1 curve for certificates signature.
Change-Id: I6e80014469706
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
Updated cert_tool to be able to select brainpool P256r/t1
or NIST prim256v1 curve for certificates signature.
Change-Id: I6e800144697069ea83660053b8ba6e21c229243a
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
show more ...
|
| #
20a43156 |
| 11-Nov-2022 |
Bipin Ravi <bipin.ravi@arm.com> |
Merge "feat(cpus): make cache ops conditional" into integration
|
| #
f41e23ea |
| 10-Nov-2022 |
Olivier Deprez <olivier.deprez@arm.com> |
Merge changes from topic "mp/ras_refactoring" into integration
* changes:
docs: document do_panic() and panic() helper functions
fix(ras): restrict RAS support for NS world
|
| #
04c7303b |
| 04-Nov-2022 |
Okash Khawaja <okash@google.com> |
feat(cpus): make cache ops conditional
When a core is in debug recovery mode its caches are not invalidated
upon reset, so the L1 and L2 cache contents from before reset are
observable after reset.
feat(cpus): make cache ops conditional
When a core is in debug recovery mode its caches are not invalidated
upon reset, so the L1 and L2 cache contents from before reset are
observable after reset. Similarly, debug recovery mode of DynamIQ
cluster ensures that contents of the shared L3 cache are also not
invalidated upon transition to On mode.
Booting cores in debug recovery mode means booting with caches disabled
and preserving the caches until a point where software can dump the
caches and retrieve their contents. TF-A however unconditionally cleans
and invalidates caches at multiple points during boot. This can lead to
memory corruption as well as loss of cache contents to be used for
debugging.
This patch fixes this by calling a platform hook before performing CMOs
in helper routines in cache_helpers.S. The platform hook plat_can_cmo is
an assembly routine which must not clobber x2 and x3, and avoid using
stack. The whole checking is conditional upon `CONDITIONAL_CMO` which
can be set at compile time.
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I172e999e4acd0f872c24056e647cc947ee54b193
show more ...
|
| #
00bf236e |
| 09-Nov-2022 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge "refactor(trng): cleanup the existing TRNG support" into integration
|
| #
0b22e591 |
| 11-Oct-2022 |
Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> |
refactor(trng): cleanup the existing TRNG support
This patch adds the following changes to complete the existing
TRNG implementation:
1. Adds a feature specific scope for buildlog generation.
2. Up
refactor(trng): cleanup the existing TRNG support
This patch adds the following changes to complete the existing
TRNG implementation:
1. Adds a feature specific scope for buildlog generation.
2. Updates the docs on the build flag "TRNG_SUPPORT" and its values.
3. Makefile update and improves the existing comments at few sections
for better understanding of the underlying logic.
Change-Id: I3f72f0ccd5c94005a2df87158cf23199d2160d37
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
show more ...
|
| #
46cc41d5 |
| 10-Oct-2022 |
Manish Pandey <manish.pandey2@arm.com> |
fix(ras): restrict RAS support for NS world
Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To
fix(ras): restrict RAS support for NS world
Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To make the current design of RAS explicit, rename this macro
to HANDLE_EA_EL3_FIRST_NS and set EA bit in scr_el3 only when
switching to NS world.
Note: I am unaware of any platform which traps errors originating in
Secure world to EL3, if there is any such platform then it need to
be explicitly implemented in TF-A
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If58eb201d8fa792c16325c85c26056e9b409b750
show more ...
|
| #
2c16b802 |
| 30-Sep-2022 |
Manish Pandey <manish.pandey2@arm.com> |
Merge "fix(ras): trap "RAS error record" accesses only for NS" into integration
|
| #
00e8f79c |
| 27-Sep-2022 |
Manish Pandey <manish.pandey2@arm.com> |
fix(ras): trap "RAS error record" accesses only for NS
RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error
record registers (RAS ERR* & RAS ERX*) from lower EL's in any security
sta
fix(ras): trap "RAS error record" accesses only for NS
RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error
record registers (RAS ERR* & RAS ERX*) from lower EL's in any security
state. To give more fine grain control per world basis re-purpose this
macro to RAS_TRAP_NS_ERR_REC_ACCESS, which will enable the trap only
if Error record registers are accessed from NS.
This will also help in future scenarios when RAS handling(in Firmware
first handling paradigm)can be offloaded to a secure partition.
This is first patch in series to refactor RAS framework in TF-A.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ifa7f60bc8c82c9960adf029001bc36c443016d5d
show more ...
|
| #
9a5dec66 |
| 02-Sep-2022 |
Olivier Deprez <olivier.deprez@arm.com> |
Merge "fix(bl31): allow use of EHF with S-EL2 SPMC" into integration
|
| #
7c2fe62f |
| 25-Jul-2022 |
Raghu Krishnamurthy <raghu.ncstate@gmail.com> |
fix(bl31): allow use of EHF with S-EL2 SPMC
Currently, when SPMC at S-EL2 is used, we cannot use the RAS framework
to handle Group 0 interrupts. This is required on platforms where first
level of tr
fix(bl31): allow use of EHF with S-EL2 SPMC
Currently, when SPMC at S-EL2 is used, we cannot use the RAS framework
to handle Group 0 interrupts. This is required on platforms where first
level of triaging needs to occur at EL3, before forwarding RAS handling
to a secure partition running atop an SPMC (hafnium).
The RAS framework depends on EHF and EHF registers for Group 0
interrupts to be trapped to EL3 when execution is both in secure world
and normal world. However, an FF-A compliant SPMC requires secure
interrupts to be trapped by the SPMC when execution is in S-EL0/S-EL1.
Consequently, the SPMC (hafnium) is incompatible with EHF, since it is
not re-entrant, and a Group 0 interrupt trapped to EL3 when execution is
in secure world, cannot be forwarded to an SP running atop SPMC.
This patch changes EHF to only register for Group 0 interrupts to be
trapped to EL3 when execution is in normal world and also makes it a
valid routing model to do so, when EL3_EXCEPTION_HANDLING is set (when
enabling the RAS framework).
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I72d4cf4d8ecc549a832d1c36055fbe95866747fe
show more ...
|
| #
3a416588 |
| 18-Aug-2022 |
Bipin Ravi <bipin.ravi@arm.com> |
Merge "feat(rng-trap): add EL3 support for FEAT_RNG_TRAP" into integration
|
| #
ff86e0b4 |
| 12-Jul-2022 |
Juan Pablo Conde <juanpablo.conde@arm.com> |
feat(rng-trap): add EL3 support for FEAT_RNG_TRAP
FEAT_RNG_TRAP introduces support for EL3 trapping of reads of the
RNDR and RNDRRS registers, which is enabled by setting the
SCR_EL3.TRNDR bit. This
feat(rng-trap): add EL3 support for FEAT_RNG_TRAP
FEAT_RNG_TRAP introduces support for EL3 trapping of reads of the
RNDR and RNDRRS registers, which is enabled by setting the
SCR_EL3.TRNDR bit. This patch adds a new build flag
ENABLE_FEAT_RNG_TRAP that enables the feature.
This feature is supported only in AArch64 state from Armv8.5 onwards.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Ia9f17aef3444d3822bf03809036a1f668c9f2d89
show more ...
|
| #
1631f9c7 |
| 09-Aug-2022 |
Olivier Deprez <olivier.deprez@arm.com> |
Merge "feat(sve): support full SVE vector length" into integration
|
| #
645557cd |
| 18-Jul-2022 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge "docs(security): update info on use of OpenSSL 3.0" into integration
|
| #
8caf10ac |
| 28-Jun-2022 |
Juan Pablo Conde <juanpablo.conde@arm.com> |
docs(security): update info on use of OpenSSL 3.0
OpenSSL 3.0 is a pre-requisite since v2.7 and can be installed
on the operating system by updating the previous version.
However, this may not be co
docs(security): update info on use of OpenSSL 3.0
OpenSSL 3.0 is a pre-requisite since v2.7 and can be installed
on the operating system by updating the previous version.
However, this may not be convenient for everyone, as some may
want to keep their previous versions of OpenSSL.
This update on the docs shows that there is an alternative to
install OpenSSL on the system by using a local build of
OpenSSL 3.0 and pointing both the build and run commands to
that build.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Ib9ad9ee5c333f7b04e2747ae02433aa66e6397f3
show more ...
|
| #
bebcf27f |
| 20-Apr-2022 |
Mark Brown <broonie@kernel.org> |
feat(sve): support full SVE vector length
Currently the SVE code hard codes a maximum vector length of 512 bits
when configuring SVE rather than the architecture supported maximum.
While this is fin
feat(sve): support full SVE vector length
Currently the SVE code hard codes a maximum vector length of 512 bits
when configuring SVE rather than the architecture supported maximum.
While this is fine for current physical implementations the architecture
allows for vector lengths up to 2048 bits and emulated implementations
generally allow any length up to this maximum.
Since there may be system specific reasons to limit the maximum vector
length make the limit configurable, defaulting to the architecture
maximum. The default should be suitable for most implementations since
the hardware will limit the actual vector length selected to what is
physically supported in the system.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I22c32c98a81c0cf9562411189d8a610a5b61ca12
show more ...
|
| #
aaf1d8df |
| 10-Jun-2022 |
Manish Pandey <manish.pandey2@arm.com> |
Merge changes from topic "jc/detect_feat" into integration
* changes:
feat(trbe): add trbe under feature detection mechanism
feat(brbe): add brbe under feature detection mechanism
|
| #
47c681b7 |
| 19-May-2022 |
Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> |
feat(trbe): add trbe under feature detection mechanism
This change adds "FEAT_TRBE" to be part of feature detection mechanism.
Previously feature enablement flags were of boolean type, containing
e
feat(trbe): add trbe under feature detection mechanism
This change adds "FEAT_TRBE" to be part of feature detection mechanism.
Previously feature enablement flags were of boolean type, containing
either 0 or 1. With the introduction of feature detection procedure
we now support three states for feature enablement build flags(0 to 2).
Accordingly, "ENABLE_TRBE_FOR_NS" flag is now modified from boolean
to numeric type to align with the feature detection.
Change-Id: I53d3bc8dc2f6eac63feef22dfd627f3a48480afc
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
show more ...
|
| #
1298f2f1 |
| 09-May-2022 |
Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> |
feat(brbe): add brbe under feature detection mechanism
This change adds "FEAT_BRBE" to be part of feature detection mechanism.
Previously feature enablement flags were of boolean type, possessing
e
feat(brbe): add brbe under feature detection mechanism
This change adds "FEAT_BRBE" to be part of feature detection mechanism.
Previously feature enablement flags were of boolean type, possessing
either 0 or 1. With the introduction of feature detection procedure
we now support three states for feature enablement build flags(0 to 2).
Accordingly, "ENABLE_BRBE_FOR_NS" flag is now modified from boolean
to numeric type to align with the feature detection.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I1eb52863b4afb10b808e2f0b6584a8a210d0f38c
show more ...
|
| #
10534b3e |
| 24-May-2022 |
Manish Pandey <manish.pandey2@arm.com> |
Merge "fix(build): use DWARF 4 when building debug" into integration
|
| #
4466cf82 |
| 03-May-2022 |
Daniel Boulby <daniel.boulby@arm.com> |
fix(build): use DWARF 4 when building debug
GCC 11 and Clang 14 now use the DWARF 5 standard by default however
Arm-DS currently only supports up to version 4. Therefore, for debug
builds, ensure th
fix(build): use DWARF 4 when building debug
GCC 11 and Clang 14 now use the DWARF 5 standard by default however
Arm-DS currently only supports up to version 4. Therefore, for debug
builds, ensure the DWARF 4 standard is used.
Also update references for Arm DS-5 to it's successor Arm-DS (Arm
Development Studio).
Change-Id: Ica59588de3d121c1b795b3699f42c31f032cee49
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
show more ...
|
| #
0a9a0edf |
| 19-May-2022 |
Manish Pandey <manish.pandey2@arm.com> |
Merge changes from topic "mb/drtm-work-phase-1" into integration
* changes:
build(changelog): add new scope for Arm SMMU driver
feat(smmu): add SMMU abort transaction function
docs(build): add
Merge changes from topic "mb/drtm-work-phase-1" into integration
* changes:
build(changelog): add new scope for Arm SMMU driver
feat(smmu): add SMMU abort transaction function
docs(build): add build option for DRTM support
build(drtm): add DRTM support build option
show more ...
|
| #
859eabd4 |
| 14-Feb-2022 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
docs(build): add build option for DRTM support
Documented the build option for DRTM support.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paul
docs(build): add build option for DRTM support
Documented the build option for DRTM support.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: Ic1543ee5f1d0046d5062d9744bd1a136d940b687
show more ...
|