docs(threat-model): add a notes related to the Measured Boot

TF-A currently does not have any TPM2 driver for extending
measurements into a discrete TPM chip. In TPM-based attestation
scheme, measur

docs(threat-model): add a notes related to the Measured Boot

TF-A currently does not have any TPM2 driver for extending
measurements into a discrete TPM chip. In TPM-based attestation
scheme, measurements are just stored into a TCG-compatible event
log buffer in secure memory.

In light of the fact that Event Log measurements are taken by BL1 and
BL2, we need to trust these components to store genuine measurements,
and the Generic Threat Model always mitigates against attacks on these
components, therefore, there is no explicit document for the Measured
Boot threat model at this time is needed.

Change-Id: I41b037b2f5956d327b53cd834345e5aefdcfb5ef
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(fvp): add Event Log maximum size property in DT

Updated the code to get and set the 'tpm_event_log_max_size' property
in the event_log.dtsi.

In this change, the maximum Event Log buffer size a

feat(fvp): add Event Log maximum size property in DT

Updated the code to get and set the 'tpm_event_log_max_size' property
in the event_log.dtsi.

In this change, the maximum Event Log buffer size allocated by BL1 is
passed to BL2, rather than both relying on the maximum Event Log buffer
size macro.

Change-Id: I7aa6256390872171e362b6f166f3f7335aa6e425
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "feat(docs): allow verbose build" into integration

feat(gcs): support guarded control stack

Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the c

feat(gcs): support guarded control stack

Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the current call stack without requiring a full stack
unwind. Enable access to this feature for EL2 and below, context
switching the newly added EL2 registers as appropriate.

Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I691aa7c22e3547bb3abe98d96993baf18c5f0e7b

show more ...

Merge "docs(maintainers): update maintainers for n1sdp/morello" into integration

feat(pie/por): support permission indirection and overlay

Arm v8.9 introduces a series of features providing a new way to set memory
permissions. Instead of directly encoding the permissions in the

feat(pie/por): support permission indirection and overlay

Arm v8.9 introduces a series of features providing a new way to set memory
permissions. Instead of directly encoding the permissions in the page
tables the PTEs contain indexes into an array of permissions stored in
system registers, allowing greater flexibility and density of encoding.

Enable access to these features for EL2 and below, context switching the
newly added EL2 registers as appropriate. Since all of FEAT_S[12]P[IO]E
are separately discoverable we have separate build time options for
enabling them, but note that there is overlap in the registers that they
implement and the enable bit required for lower EL access.

Change the FVP platform to default to handling them as dynamic options so
the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: Icf89e444e39e1af768739668b505661df18fb234

show more ...

Merge "feat(zynqmp): make stack size configurable" into integration

Merge changes from topic "mb/rst-to-bl31-update" into integration

* changes:
docs: update RESET_TO_BL31 documentation
fix(bl31): avoid clearing of argument registers in RESET_TO_BL31 case
Reve

Merge changes from topic "mb/rst-to-bl31-update" into integration

* changes:
docs: update RESET_TO_BL31 documentation
fix(bl31): avoid clearing of argument registers in RESET_TO_BL31 case
Revert "docs(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"
Revert "feat(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"

show more ...

feat(zynqmp): make stack size configurable

If PLATFORM_STACK_SIZE not already defined, use the default value of
PLATFORM_STACK_SIZE.
This makes the stack size value configurable for different interf

feat(zynqmp): make stack size configurable

If PLATFORM_STACK_SIZE not already defined, use the default value of
PLATFORM_STACK_SIZE.
This makes the stack size value configurable for different interface
like custom packages.

Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Change-Id: I87e9fcbfb4c4092378b1ac0ff8fb6d084495d320

show more ...

docs(porting): refer the reader back to the threat model

When porting TF-A to a new platform, it is essential to read the
threat model documents in conjunction with the porting guide to
understand t

docs(porting): refer the reader back to the threat model

When porting TF-A to a new platform, it is essential to read the
threat model documents in conjunction with the porting guide to
understand the security responsibilities of each platform interface
to implement.

Add a note to highlight this in the porting guide.

Change-Id: Icd1e41ae4b15032b72531690dd82a9ef95ca0db5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

docs(porting): move porting guide upper in table of contents

The porting guide is currently hosted under the 'Getting started'
section. Yet, porting the full firmware to a new platform is probably
n

docs(porting): move porting guide upper in table of contents

The porting guide is currently hosted under the 'Getting started'
section. Yet, porting the full firmware to a new platform is probably
not the first thing that one would do. Before delving into the
details, one would probably start by building the code for an emulated
platform, such as Arm FVP.

Furthermore, the porting guide is such a big and important document
that it probably deserves being visible in the main table of contents.
Thus, move it just above the list of supported platforms.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I51b3d2a93832505ab90d73c823f06f9540e84c77

show more ...

docs(porting): remove reference to xlat_table lib v1

Version 1 of the translation table library is deprecated. Refer to
version 2 instead.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.co

docs(porting): remove reference to xlat_table lib v1

Version 1 of the translation table library is deprecated. Refer to
version 2 instead.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I10a4ab7b346ea963345f82baff2deda267c5308d

show more ...

docs(porting): remove pull request terminology

The pull request terminology dates back from when TF-A repository was
hosted on Github. Use a terminology that is more suited to Gerrit
workflow.

Sign

docs(porting): remove pull request terminology

The pull request terminology dates back from when TF-A repository was
hosted on Github. Use a terminology that is more suited to Gerrit
workflow.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Ieecf47617ca1cdb76b9c4a83f63ba3c402b9e975

show more ...

Merge "docs(threat-model): refresh top-level page" into integration

docs(maintainers): update maintainers for n1sdp/morello

Signed-off-by: Anurag Koul <anurag.koul@arm.com>
Change-Id: I305d03ae664f7d6124bf73d3bfdd81d34d760065

Merge changes from topic "ethos-n" into integration

* changes:
docs(maintainers): update NPU driver files
docs(ethos-n): update porting-guide.rst for NPU
feat(ethos-n): add separate RO and RW

Merge changes from topic "ethos-n" into integration

* changes:
docs(maintainers): update NPU driver files
docs(ethos-n): update porting-guide.rst for NPU
feat(ethos-n): add separate RO and RW NSAIDs
feat(ethos-n)!: add protected NPU firmware setup
feat(ethos-n): add stream extends and attr support
feat(ethos-n): add reserved memory address support
feat(ethos-n): add event and aux control support
feat(ethos-n): add SMC call to get FW properties
refactor(ethos-n): split up SMC call handling
feat(ethos-n): add NPU firmware validation
feat(ethos-n): add check for NPU in SiP setup
feat(ethos-n)!: load NPU firmware at BL2
feat(juno): support ARM_IO_IN_DTB option for Juno
fix(fconf): fix FCONF_ARM_IO_UUID_NUMBER value
fix(fvp): incorrect UUID name in FVP tb_fw_config
fix(ethos-n): add workaround for erratum 2838783
feat(ethos-n): add support for NPU to cert_create
feat(ethos-n): add NPU support in fiptool
feat(ethos-n): add support to set up NSAID
build(fiptool): add object dependency generation
feat(ethos-n): add NPU sleeping SMC call
feat(ethos-n): add multiple asset allocators
feat(ethos-n): add reset type to reset SMC calls
feat(ethos-n): add protected NPU TZMP1 regions
build(ethos-n): add TZMP1 build flag

show more ...

docs(threat-model): refresh top-level page

The top-level page for threat model documents is evidently out-dated,
as it contains text which no longer makes sense on its own. Most
likely it relates ba

docs(threat-model): refresh top-level page

The top-level page for threat model documents is evidently out-dated,
as it contains text which no longer makes sense on its own. Most
likely it relates back to the days where we had a single threat model
document.

Reword it accordingly. While we are at it, explain the motivation and
structure of the documents.

Change-Id: I63c8f38ec32b6edbfd1b4332eeaca19a01ae70e9
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

docs(maintainers): update NPU driver owners

Mikael Olsson will no longer be working with the Arm(R) Ethos(TM)-N NPU
so Ştefana Simion will take over the ownership of the driver.

Change-Id: If22bbdc

docs(maintainers): update NPU driver owners

Mikael Olsson will no longer be working with the Arm(R) Ethos(TM)-N NPU
so Ştefana Simion will take over the ownership of the driver.

Change-Id: If22bbdcb26af9bf851efc14ad96ed76c745eadfd
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>

show more ...

docs(maintainers): update NPU driver files

New files have been added for the Arm(R) Ethos(TM)-N NPU driver with the
addition of TZMP1 support so the files in the maintainers list have been
updated a

docs(maintainers): update NPU driver files

New files have been added for the Arm(R) Ethos(TM)-N NPU driver with the
addition of TZMP1 support so the files in the maintainers list have been
updated accordingly.

Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I3768b2ab78c117c1dd4fc03b38cf35f6811fa378

show more ...

docs(ethos-n): update porting-guide.rst for NPU

Add some missing configuration that must be done for supporting NPU on
other platforms.

Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-

docs(ethos-n): update porting-guide.rst for NPU

Add some missing configuration that must be done for supporting NPU on
other platforms.

Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: Ic505ea60f73b970d0d7ded101830eb2ce8c7ab64

show more ...

feat(ethos-n): add separate RO and RW NSAIDs

To be able to further restrict the memory access for the Arm(R)
Ethos(TM)-N NPU, separate read-only and read/write NSAIDs for the
non-protected and prote

feat(ethos-n): add separate RO and RW NSAIDs

To be able to further restrict the memory access for the Arm(R)
Ethos(TM)-N NPU, separate read-only and read/write NSAIDs for the
non-protected and protected memory have been added to the Juno
platform's TZMP1 TZC configuration for the NPU.

The platform definition has been updated accordingly and the NPU driver
will now only give read/write access to the streams that require it.

Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I5a173500fc1943a5cd406a3b379e1f1f554eeda6

show more ...

feat(ethos-n)!: load NPU firmware at BL2

BL2 on Juno now loads the Arm(R) Ethos(TM)-N NPU firmware into a fixed
address, using the existing image loading framework.

Includes support for TRUSTED_BOA

feat(ethos-n)!: load NPU firmware at BL2

BL2 on Juno now loads the Arm(R) Ethos(TM)-N NPU firmware into a fixed
address, using the existing image loading framework.

Includes support for TRUSTED_BOARD_BOOT, if enabled, using the firmware
content and key certificates from the FIP.

Supports the ARM_IO_IN_DTB option so can specify the firmware location
from the dtb rather than it being hardcoded to the FIP

Update makefile to automatically embed the appropriate images into the
FIP.

BREAKING CHANGE: Building the FIP when TZMP1 support is enabled in the
NPU driver now requires a parameter to specify the NPU firmware file.

Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I8cd64fb20d58f8bd539facb085606213d6cead06

show more ...

feat(ethos-n): add support to set up NSAID

For the TZC to allow the Arm(R) Ethos(TM)-N NPU to access the buffers
allocated in a protected memory region, it must include the correct
NSAID for that re

feat(ethos-n): add support to set up NSAID

For the TZC to allow the Arm(R) Ethos(TM)-N NPU to access the buffers
allocated in a protected memory region, it must include the correct
NSAID for that region in its transactions to the memory. This change
updates the SiP service to configure the NSAIDs specified by a platform
define. When doing a protected access the SiP service now configures the
NSAIDs specified by the platform define. For unprotected access the
NSAID is set to zero.

Signed-off-by: Rajasekaran Kalidoss <rajasekaran.kalidoss@arm.com>
Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I3360ef33705162aba5c67670386922420869e331

show more ...

build(ethos-n): add TZMP1 build flag

For the Arm(R) Ethos(TM)-N NPU Driver to support running inference with
protected memory the TZC must be configured with appropriate regions.

This is controlled

build(ethos-n): add TZMP1 build flag

For the Arm(R) Ethos(TM)-N NPU Driver to support running inference with
protected memory the TZC must be configured with appropriate regions.

This is controlled in build time by the now added build flag.

The new build flag is only supported with the Arm Juno platform and the
TZC is configured with default memory regions as if TZMP1 wasn't
enabled to facilitate adding the new memory regions later.

Signed-off-by: Bjorn Engstrom <bjoern.engstroem@arm.com>
Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I9dc49ac5d091cfbc8c20d7c3ab394a2836438b0f

show more ...

docs(sve): update defaults for FEAT_SVE

FEAT_SVE build macro, "ENABLE_SVE_FOR_NS" default value has been updated
to 2, to support its existing behavior of dynamic detection as well as
keep it aligne

docs(sve): update defaults for FEAT_SVE

FEAT_SVE build macro, "ENABLE_SVE_FOR_NS" default value has been updated
to 2, to support its existing behavior of dynamic detection as well as
keep it aligned with the changes concerning STATE=FEAT_STATE_CHECKED(2),
part of Feature Detection procedure.

Change-Id: Iee43e899f19dc9d5eb57c235998758f462a8c397
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...