| 40f9f644 | 09-Nov-2020 |
Nicolas Toromanoff <nicolas.toromanoff@st.com> |
feat(auth): allow to verify PublicKey with platform format PK
In some platform the digest of the public key saved in the OTP is not the digest of the exact same public key buffer needed to check the
feat(auth): allow to verify PublicKey with platform format PK
In some platform the digest of the public key saved in the OTP is not the digest of the exact same public key buffer needed to check the signature. Typically, platform checks signature using the DER ROTPK whereas some others add some related information. Add a new platform weak function to transform the public key buffer used by verify_signature to a platform specific public key.
Mark this new weak function as deprecated as it will be replaced by another framework implementation.
Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com> Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
show more ...
|
| e78ba69e | 14-Nov-2022 |
Lionel Debieve <lionel.debieve@foss.st.com> |
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
Updated cert_tool to be able to select brainpool P256r/t1 or NIST prim256v1 curve for certificates signature.
Change-Id: I6e80014469706
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
Updated cert_tool to be able to select brainpool P256r/t1 or NIST prim256v1 curve for certificates signature.
Change-Id: I6e800144697069ea83660053b8ba6e21c229243a Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com> Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
show more ...
|
| 797d7446 | 11-Nov-2022 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge "refactor(security): add OpenSSL 1.x compatibility" into integration |
| cf2dd17d | 25-Oct-2022 |
Juan Pablo Conde <juanpablo.conde@arm.com> |
refactor(security): add OpenSSL 1.x compatibility
When updated to work with OpenSSL 3.0, the host tools lost their compatibility with previous versions (1.x) of OpenSSL. This is mainly due to the fa
refactor(security): add OpenSSL 1.x compatibility
When updated to work with OpenSSL 3.0, the host tools lost their compatibility with previous versions (1.x) of OpenSSL. This is mainly due to the fact that 1.x APIs became deprecated in 3.0 and therefore their use cause compiling errors. In addition, updating for a newer version of OpenSSL meant improving the stability against security threats. However, although version 1.1.1 is now deprecated, it still receives security updates, so it would not imply major security issues to keep compatibility with it too.
This patch adds backwards compatibility with OpenSSL 1.x versions by adding back 1.x API code. It defines a macro USING_OPENSSL3, which will select the appropriate OpenSSL API version depending on the OpenSSL library path chosen (which is determined by the already-existing OPENSSL_DIR variable).
In addition, cleanup items were packed in functions and moved to the proper modules in order to make the code more maintainable and legible.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com> Change-Id: I8deceb5e419edc73277792861882404790ccd33c
show more ...
|
| 20a43156 | 11-Nov-2022 |
Bipin Ravi <bipin.ravi@arm.com> |
Merge "feat(cpus): make cache ops conditional" into integration |
| f41e23ea | 10-Nov-2022 |
Olivier Deprez <olivier.deprez@arm.com> |
Merge changes from topic "mp/ras_refactoring" into integration
* changes: docs: document do_panic() and panic() helper functions fix(ras): restrict RAS support for NS world |
| 04c7303b | 04-Nov-2022 |
Okash Khawaja <okash@google.com> |
feat(cpus): make cache ops conditional
When a core is in debug recovery mode its caches are not invalidated upon reset, so the L1 and L2 cache contents from before reset are observable after reset.
feat(cpus): make cache ops conditional
When a core is in debug recovery mode its caches are not invalidated upon reset, so the L1 and L2 cache contents from before reset are observable after reset. Similarly, debug recovery mode of DynamIQ cluster ensures that contents of the shared L3 cache are also not invalidated upon transition to On mode.
Booting cores in debug recovery mode means booting with caches disabled and preserving the caches until a point where software can dump the caches and retrieve their contents. TF-A however unconditionally cleans and invalidates caches at multiple points during boot. This can lead to memory corruption as well as loss of cache contents to be used for debugging.
This patch fixes this by calling a platform hook before performing CMOs in helper routines in cache_helpers.S. The platform hook plat_can_cmo is an assembly routine which must not clobber x2 and x3, and avoid using stack. The whole checking is conditional upon `CONDITIONAL_CMO` which can be set at compile time.
Signed-off-by: Okash Khawaja <okash@google.com> Change-Id: I172e999e4acd0f872c24056e647cc947ee54b193
show more ...
|
| 0d41e174 | 10-Nov-2022 |
Manish Pandey <manish.pandey2@arm.com> |
Merge "chore(docs): move deprecated platforms information around" into integration |
| 00bf236e | 09-Nov-2022 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge "refactor(trng): cleanup the existing TRNG support" into integration |
| a6a1dcbe | 08-Nov-2022 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
chore(docs): move deprecated platforms information around
We used to have a dedicated page for deprecated platforms information. This document contained 2 pieces of information:
a) the process for
chore(docs): move deprecated platforms information around
We used to have a dedicated page for deprecated platforms information. This document contained 2 pieces of information:
a) the process for deprecating a platform port; b) the list of deprecated platforms to this day.
I think it makes more sense to move b) to the platforms ports landing page, such that it is more visible.
This also has the nice effect to move the 'Deprecated platforms' title as the last entry of the 'Platform ports' table of contents, like so:
- Platform ports - 1. Allwinner ARMv8 SoCs - 2. Arm Development Platforms ... - 39. Broadcom Stingray - Deprecated platforms
instead of it being lost in the middle of supported platform ports.
Regarding a), this gets moved under the "Processes & Policies" section. More specifically, it gets clubbed with the existing platform compatibility policy. The combined document gets renamed into a "Platforms Ports Policy" document.
Change-Id: I6e9ce2abc68b8a8ac88e7bd5f21749c14c9a2af6 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
show more ...
|
| 5988a807 | 02-Nov-2022 |
Manish Pandey <manish.pandey2@arm.com> |
docs: document do_panic() and panic() helper functions
panic() and do_panic() are widely used helper functions called when encountering a critical failure that cannot be recovered from. Document the
docs: document do_panic() and panic() helper functions
panic() and do_panic() are widely used helper functions called when encountering a critical failure that cannot be recovered from. Document them in porting guide. Also, remove panic() documentation from PSCI guide(where it is unused anyways).
Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ib0965cce56c03d0de5ac0d05d5714a6942793ede
show more ...
|
| 0b22e591 | 11-Oct-2022 |
Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> |
refactor(trng): cleanup the existing TRNG support
This patch adds the following changes to complete the existing TRNG implementation:
1. Adds a feature specific scope for buildlog generation. 2. Up
refactor(trng): cleanup the existing TRNG support
This patch adds the following changes to complete the existing TRNG implementation:
1. Adds a feature specific scope for buildlog generation. 2. Updates the docs on the build flag "TRNG_SUPPORT" and its values. 3. Makefile update and improves the existing comments at few sections for better understanding of the underlying logic.
Change-Id: I3f72f0ccd5c94005a2df87158cf23199d2160d37 Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
show more ...
|
| 46cc41d5 | 10-Oct-2022 |
Manish Pandey <manish.pandey2@arm.com> |
fix(ras): restrict RAS support for NS world
Current RAS framework in TF-A only supports handling errors originating from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all lower Els. To
fix(ras): restrict RAS support for NS world
Current RAS framework in TF-A only supports handling errors originating from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all lower Els. To make the current design of RAS explicit, rename this macro to HANDLE_EA_EL3_FIRST_NS and set EA bit in scr_el3 only when switching to NS world.
Note: I am unaware of any platform which traps errors originating in Secure world to EL3, if there is any such platform then it need to be explicitly implemented in TF-A
Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: If58eb201d8fa792c16325c85c26056e9b409b750
show more ...
|
| 10c969c5 | 10-Oct-2022 |
Chris Kay <chris.kay@arm.com> |
docs(prerequisites): update Node.js prerequisites documentation
This change updates the version of the Node Version Manager suggested by the prerequisites documentation. The NVM installation command
docs(prerequisites): update Node.js prerequisites documentation
This change updates the version of the Node Version Manager suggested by the prerequisites documentation. The NVM installation command line hint has been replaced with the snippet provided by NVM's user guide, and the second line now automatically installs a version of Node.js compatible with TF-A's repository scripts.
Change-Id: I6ef5e504118238716ceb45a52083450c424c5d20 Signed-off-by: Chris Kay <chris.kay@arm.com>
show more ...
|
| 9900d4eb | 28-Oct-2022 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge changes from topic "db/deps" into integration
* changes: feat(compiler-rt): update compiler-rt source files fix(deps): add missing aeabi_memcpy.S feat(zlib): update zlib source files d
Merge changes from topic "db/deps" into integration
* changes: feat(compiler-rt): update compiler-rt source files fix(deps): add missing aeabi_memcpy.S feat(zlib): update zlib source files docs(changelog): add zlib and compiler-rt scope feat(libfdt): upgrade libfdt source files docs(prerequisites): upgrade to Mbed TLS 2.28.1
show more ...
|
| 028c4e42 | 05-Oct-2022 |
Boyan Karatotev <boyan.karatotev@arm.com> |
fix(rpi3): tighten platform pwr_domain_pwr_down_wfi behaviour
Platforms which implement pwr_domain_pwr_down_wfi differ substantially in behaviour. However, different cpus require similar sequences t
fix(rpi3): tighten platform pwr_domain_pwr_down_wfi behaviour
Platforms which implement pwr_domain_pwr_down_wfi differ substantially in behaviour. However, different cpus require similar sequences to power down. This patch tightens the behaviour of these platforms to end on a wfi loop after performing platform power down. This is required so that platforms behave more consistently on power down, in cases where the wfi can fall through.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com> Change-Id: Ie29bd3a5e654780bacb4e07a6d123ac6d2467c1f
show more ...
|
| 81f4abb8 | 23-Sep-2022 |
Daniel Boulby <daniel.boulby@arm.com> |
docs(prerequisites): upgrade to Mbed TLS 2.28.1
In anticpation of the next Trusted Firmware release update the to newest 2.x Mbed TLS library [1].
Note that the Mbed TLS project published version 3
docs(prerequisites): upgrade to Mbed TLS 2.28.1
In anticpation of the next Trusted Firmware release update the to newest 2.x Mbed TLS library [1].
Note that the Mbed TLS project published version 3.x some time ago. However, as this is a major release with API breakages, upgrading to this one might require some more involved changes in TF-A, which we are not ready to do. We shall upgrade to Mbed TLS 3.x after the v2.8 release of TF-A.
[1] https://github.com/Mbed-TLS/mbedtls/tree/v2.28.1
Change-Id: I7594ad062a693d2ecc3b1705e944dce2c3c43bb2 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
show more ...
|
| 1bc78557 | 16-Sep-2022 |
Tamas Ban <tamas.ban@arm.com> |
docs: add PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE to porting-guide.rst
Signed-off-by: Tamas Ban <tamas.ban@arm.com> Change-Id: I79761347919a0dfa86a29b5424f1d34fc4ab91cb |
| b3b227ff | 22-Jun-2022 |
Lucian Paul-Trifu <lucian.paultrifu@gmail.com> |
docs(drtm): add platform APIs for DRTM
Documented platform APIs for DRTM
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com> Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com> Cha
docs(drtm): add platform APIs for DRTM
Documented platform APIs for DRTM
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com> Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com> Change-Id: I22749c26bbe7b3271705dd3db07e8597fce6225b
show more ...
|
| 00e8f79c | 27-Sep-2022 |
Manish Pandey <manish.pandey2@arm.com> |
fix(ras): trap "RAS error record" accesses only for NS
RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error record registers (RAS ERR* & RAS ERX*) from lower EL's in any security sta
fix(ras): trap "RAS error record" accesses only for NS
RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error record registers (RAS ERR* & RAS ERX*) from lower EL's in any security state. To give more fine grain control per world basis re-purpose this macro to RAS_TRAP_NS_ERR_REC_ACCESS, which will enable the trap only if Error record registers are accessed from NS. This will also help in future scenarios when RAS handling(in Firmware first handling paradigm)can be offloaded to a secure partition.
This is first patch in series to refactor RAS framework in TF-A.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ifa7f60bc8c82c9960adf029001bc36c443016d5d
show more ...
|
| 49154435 | 12-Sep-2022 |
Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> |
docs(build): update GCC to 11.3.Rel1 version
This toolchain provides multiple cross compilers and is publicly available on https://developer.arm.com/
We build TF-A in CI using: AArch32 bare-metal t
docs(build): update GCC to 11.3.Rel1 version
This toolchain provides multiple cross compilers and is publicly available on https://developer.arm.com/
We build TF-A in CI using: AArch32 bare-metal target (arm-none-eabi) AArch64 ELF bare-metal target (aarch64-none-elf)
Change-Id: I94e13f6c1ebe3a4a58ca6c79c1605bd300b372d3 Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
show more ...
|
| 5c60b8c8 | 08-Sep-2022 |
Max Yu <maxlyu@google.com> |
docs(porting-guide): correct typo of "bits" to "bytes"
The CACHE_WRITEBACK_GRANULE is documented to be in bits, but specifying the value in bits broke a build. Further investigation suggests that th
docs(porting-guide): correct typo of "bits" to "bytes"
The CACHE_WRITEBACK_GRANULE is documented to be in bits, but specifying the value in bits broke a build. Further investigation suggests that the value should in fact be in bytes. See https://github.com/ARM-software/arm-trusted-firmware/blob/master/include/arch/aarch64/ smccc_helpers.h#L101 and https://gcc.gnu.org/onlinedocs/gcc-12.2.0/gcc/Common-Type-Attributes.html
Change-Id: I9a2b2fbe18d5a58a8f9aeb2726a0623f3484c88e Signed-off-by: Max Yu <maxlyu@google.com>
show more ...
|
| 9a5dec66 | 02-Sep-2022 |
Olivier Deprez <olivier.deprez@arm.com> |
Merge "fix(bl31): allow use of EHF with S-EL2 SPMC" into integration |
| 7c2fe62f | 25-Jul-2022 |
Raghu Krishnamurthy <raghu.ncstate@gmail.com> |
fix(bl31): allow use of EHF with S-EL2 SPMC
Currently, when SPMC at S-EL2 is used, we cannot use the RAS framework to handle Group 0 interrupts. This is required on platforms where first level of tr
fix(bl31): allow use of EHF with S-EL2 SPMC
Currently, when SPMC at S-EL2 is used, we cannot use the RAS framework to handle Group 0 interrupts. This is required on platforms where first level of triaging needs to occur at EL3, before forwarding RAS handling to a secure partition running atop an SPMC (hafnium). The RAS framework depends on EHF and EHF registers for Group 0 interrupts to be trapped to EL3 when execution is both in secure world and normal world. However, an FF-A compliant SPMC requires secure interrupts to be trapped by the SPMC when execution is in S-EL0/S-EL1. Consequently, the SPMC (hafnium) is incompatible with EHF, since it is not re-entrant, and a Group 0 interrupt trapped to EL3 when execution is in secure world, cannot be forwarded to an SP running atop SPMC. This patch changes EHF to only register for Group 0 interrupts to be trapped to EL3 when execution is in normal world and also makes it a valid routing model to do so, when EL3_EXCEPTION_HANDLING is set (when enabling the RAS framework).
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com> Change-Id: I72d4cf4d8ecc549a832d1c36055fbe95866747fe
show more ...
|
| 3a416588 | 18-Aug-2022 |
Bipin Ravi <bipin.ravi@arm.com> |
Merge "feat(rng-trap): add EL3 support for FEAT_RNG_TRAP" into integration |