Merge "feat: add support for poetry" into integration

feat: add support for poetry

New python dependencies are introduced by the memory mapping script.
Rather than add another `requirements.txt` utilise poetry. This is a
proper dependency management fr

feat: add support for poetry

New python dependencies are introduced by the memory mapping script.
Rather than add another `requirements.txt` utilise poetry. This is a
proper dependency management framework for Python. The two main upsides
of using poetry instead of the traditional requirements.txt are
maintainability and reproducibility.

Poetry provides a proper lock file for pinning dependencies, similar to
npm for JavaScript. This allows for separate environments (i.e. docs,
tools) to be created efficiently, and in a reproducible manner, wherever
the project is deployed. Having dependencies pinned in this manner is a
boon as a security focused project. An additional upside is that we will
receive security updates for dependencies via GitHub's Dependabot.

Change-Id: I5a3c2003769b878a464c8feac0f789e5ecf8d56c
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge changes from topic "bk/python_dependencies" into integration

* changes:
build(docs): update Python dependencies
fix(docs): make required compiler version == rather than >=
fix(deps): add

Merge changes from topic "bk/python_dependencies" into integration

* changes:
build(docs): update Python dependencies
fix(docs): make required compiler version == rather than >=
fix(deps): add missing aeabi_memset.S

show more ...

fix(docs): make required compiler version == rather than >=

TF-A carries its own compiler-rt so higher versions of the compilers may
not necessarily work. Because TF-A is only tested on the specifie

fix(docs): make required compiler version == rather than >=

TF-A carries its own compiler-rt so higher versions of the compilers may
not necessarily work. Because TF-A is only tested on the specified
versions in the CI, any breakage remains unknown. Update the
prerequisites guide to make it more apparent that this is the case.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ia5da9c5ff505ead99f579f3f5fbe3a480d697c1d

show more ...

Merge changes If90a18ee,I02e88f8c,Iea447fb5,Ie0570481,Ieeb14cfc into integration

* changes:
docs: add top level section numbering
docs(build): clarify getting started section
docs(build): clar

Merge changes If90a18ee,I02e88f8c,Iea447fb5,Ie0570481,Ieeb14cfc into integration

* changes:
docs: add top level section numbering
docs(build): clarify getting started section
docs(build): clarify docs building instructions
fix(docs): prevent a sphinx warning
fix(docs): prevent a virtual environment from failing a build

show more ...

docs(build): clarify getting started section

The Getting started section is very difficult to follow. Building the
fip comes before building the files it needs, the BL33 requirement is
given in a so

docs(build): clarify getting started section

The Getting started section is very difficult to follow. Building the
fip comes before building the files it needs, the BL33 requirement is
given in a somewhat hand wavy way, and the Arm Developer website
download provides a lot of targets and the guide is not clear which ones
are needed on download.

Swapping the initial build and supporting tools sections makes the flow
more natural and the supporting tools section then becomes clear.
Explicitly mentioning the GCC targets avoids confusion for people less
familiar with the project (eg. new starters).

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I02e88f8c279db6d8eda68f634e8473c02b733963

show more ...

Merge "fix(docs): unify referenced Ubuntu versions" into integration

fix(docs): unify referenced Ubuntu versions

Documentation is inconsistent when referring to Ubuntu versioning.
Change this to a single reference that is consistent with the stated
version for TF-A t

fix(docs): unify referenced Ubuntu versions

Documentation is inconsistent when referring to Ubuntu versioning.
Change this to a single reference that is consistent with the stated
version for TF-A tests.

The change was tested with a full build on a clean install of Ubuntu 20.04.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ibb135ed938e9d92332668fa5caf274cf61b822d3

show more ...

Merge "refactor(security): add OpenSSL 1.x compatibility" into integration

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fa

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.

This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).

In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c

show more ...

Merge changes from topic "npm-dependencies" into integration

* changes:
docs(changelog): fix invalid context management scope
docs(commit-style): fix incorrect instructions for adding scopes
d

Merge changes from topic "npm-dependencies" into integration

* changes:
docs(changelog): fix invalid context management scope
docs(commit-style): fix incorrect instructions for adding scopes
docs(prerequisites): update Node.js prerequisites documentation

show more ...

docs(prerequisites): update Node.js prerequisites documentation

This change updates the version of the Node Version Manager suggested by
the prerequisites documentation. The NVM installation command

docs(prerequisites): update Node.js prerequisites documentation

This change updates the version of the Node Version Manager suggested by
the prerequisites documentation. The NVM installation command line hint
has been replaced with the snippet provided by NVM's user guide, and the
second line now automatically installs a version of Node.js compatible
with TF-A's repository scripts.

Change-Id: I6ef5e504118238716ceb45a52083450c424c5d20
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge changes from topic "db/deps" into integration

* changes:
feat(compiler-rt): update compiler-rt source files
fix(deps): add missing aeabi_memcpy.S
feat(zlib): update zlib source files
d

Merge changes from topic "db/deps" into integration

* changes:
feat(compiler-rt): update compiler-rt source files
fix(deps): add missing aeabi_memcpy.S
feat(zlib): update zlib source files
docs(changelog): add zlib and compiler-rt scope
feat(libfdt): upgrade libfdt source files
docs(prerequisites): upgrade to Mbed TLS 2.28.1

show more ...

docs(prerequisites): upgrade to Mbed TLS 2.28.1

In anticpation of the next Trusted Firmware release update the to newest
2.x Mbed TLS library [1].

Note that the Mbed TLS project published version 3

docs(prerequisites): upgrade to Mbed TLS 2.28.1

In anticpation of the next Trusted Firmware release update the to newest
2.x Mbed TLS library [1].

Note that the Mbed TLS project published version 3.x some time ago.
However, as this is a major release with API breakages, upgrading to
this one might require some more involved changes in TF-A, which we are
not ready to do. We shall upgrade to Mbed TLS 3.x after the v2.8 release
of TF-A.

[1] https://github.com/Mbed-TLS/mbedtls/tree/v2.28.1

Change-Id: I7594ad062a693d2ecc3b1705e944dce2c3c43bb2
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

show more ...

Merge "docs(build): update GCC to 11.3.Rel1 version" into integration

docs(build): update GCC to 11.3.Rel1 version

This toolchain provides multiple cross compilers and is publicly
available on https://developer.arm.com/

We build TF-A in CI using:
AArch32 bare-metal t

docs(build): update GCC to 11.3.Rel1 version

This toolchain provides multiple cross compilers and is publicly
available on https://developer.arm.com/

We build TF-A in CI using:
AArch32 bare-metal target (arm-none-eabi)
AArch64 ELF bare-metal target (aarch64-none-elf)

Change-Id: I94e13f6c1ebe3a4a58ca6c79c1605bd300b372d3
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

Merge "docs(security): update info on use of OpenSSL 3.0" into integration

docs(security): update info on use of OpenSSL 3.0

OpenSSL 3.0 is a pre-requisite since v2.7 and can be installed
on the operating system by updating the previous version.
However, this may not be co

docs(security): update info on use of OpenSSL 3.0

OpenSSL 3.0 is a pre-requisite since v2.7 and can be installed
on the operating system by updating the previous version.
However, this may not be convenient for everyone, as some may
want to keep their previous versions of OpenSSL.

This update on the docs shows that there is an alternative to
install OpenSSL on the system by using a local build of
OpenSSL 3.0 and pointing both the build and run commands to
that build.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Ib9ad9ee5c333f7b04e2747ae02433aa66e6397f3

show more ...

Merge "docs(prerequisites): fix "Build Host" title" into integration

docs(prerequisites): fix "Build Host" title

Add an empty line just before the "Build Host" title.

Without this, the title is not properly recognized, it does not get
added to the table of contents

docs(prerequisites): fix "Build Host" title

Add an empty line just before the "Build Host" title.

Without this, the title is not properly recognized, it does not get
added to the table of contents and the underlining characters appear
as dashes, as can be seen here:

https://trustedfirmware-a.readthedocs.io/en/v2.7/getting_started/prerequisites.html#prerequisites

Change-Id: Ia89cf3de0588495cbe64b0247dc860619f5ea6a8
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Merge "fix(build): use DWARF 4 when building debug" into integration

fix(build): use DWARF 4 when building debug

GCC 11 and Clang 14 now use the DWARF 5 standard by default however
Arm-DS currently only supports up to version 4. Therefore, for debug
builds, ensure th

fix(build): use DWARF 4 when building debug

GCC 11 and Clang 14 now use the DWARF 5 standard by default however
Arm-DS currently only supports up to version 4. Therefore, for debug
builds, ensure the DWARF 4 standard is used.
Also update references for Arm DS-5 to it's successor Arm-DS (Arm
Development Studio).

Change-Id: Ica59588de3d121c1b795b3699f42c31f032cee49
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

show more ...

Merge "refactor(security): upgrade tools to OpenSSL 3.0" into integration

refactor(security): upgrade tools to OpenSSL 3.0

Host tools cert_tool and encrypt_fw refactored to be fully
compatible with OpenSSL v3.0.

Changes were made following the OpenSSL 3.0 migration guide

refactor(security): upgrade tools to OpenSSL 3.0

Host tools cert_tool and encrypt_fw refactored to be fully
compatible with OpenSSL v3.0.

Changes were made following the OpenSSL 3.0 migration guide:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
In some cases, those changes are straightforward and only
a small modification on the types or API calls was needed
(e.g.: replacing BN_pseudo_rand() with BN_rand(). Both identical
since v1.1.0).
The use of low level APIs is now deprecated. In some cases,
the new API provides a simplified solution for our goals and
therefore the code was simplified accordingly (e.g.: generating
RSA keys through EVP_RSA_gen() without the need of handling the
exponent). However, in some cases, a more
sophisticated approach was necessary, as the use of a context
object was required (e.g.: when retrieving the digest value from
an SHA file).

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I978e8578fe7ab3e71307450ebe7e7812fbcaedb6

show more ...

Merge changes from topic "hm/make-refactor" into integration

* changes:
docs(prerequisites): use LLVM utilities to build with clang
build(make): use clang binutils to compile