Merge "docs(spm): update FF-A manifest binding" into integration

docs: add top level section numbering

Top level sections are not numbered. Adding numbers makes referring to
sections easier. For example the Maintainers page changes from
"about/3.1" to simply "1.3

docs: add top level section numbering

Top level sections are not numbered. Adding numbers makes referring to
sections easier. For example the Maintainers page changes from
"about/3.1" to simply "1.3.1".

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: If90a18ee8d6a6858d58f0687f31ea62b69399e04

show more ...

docs(build): clarify getting started section

The Getting started section is very difficult to follow. Building the
fip comes before building the files it needs, the BL33 requirement is
given in a so

docs(build): clarify getting started section

The Getting started section is very difficult to follow. Building the
fip comes before building the files it needs, the BL33 requirement is
given in a somewhat hand wavy way, and the Arm Developer website
download provides a lot of targets and the guide is not clear which ones
are needed on download.

Swapping the initial build and supporting tools sections makes the flow
more natural and the supporting tools section then becomes clear.
Explicitly mentioning the GCC targets avoids confusion for people less
familiar with the project (eg. new starters).

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I02e88f8c279db6d8eda68f634e8473c02b733963

show more ...

docs(build): clarify docs building instructions

Using virtual environments with pip is a generally recommended good
practice but the docs do not acknowledge it. As a result fresh installs
might fail

docs(build): clarify docs building instructions

Using virtual environments with pip is a generally recommended good
practice but the docs do not acknowledge it. As a result fresh installs
might fail builds due to missing $PATH entries. The Prerequisites
section is also a bit verbose which is difficult to read.

This patch adds the virtual environment mention and clarifies wording.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iea447fb59dc471a502454650c8548192d93ba879

show more ...

fix(docs): prevent a sphinx warning

Some newer versions of sphinx (tried on v5.3) will warn about language
being None which will fail the build. Change it to the default (en) to
prevent this.

Signe

fix(docs): prevent a sphinx warning

Some newer versions of sphinx (tried on v5.3) will warn about language
being None which will fail the build. Change it to the default (en) to
prevent this.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie0570481f42aeb293e885ca936e0765f6cb299a8

show more ...

fix(docs): prevent a virtual environment from failing a build

sphinx-build is passed a blanket "." to build all docs. However, if a
virtual environment is placed within the docs directory, sphinx wi

fix(docs): prevent a virtual environment from failing a build

sphinx-build is passed a blanket "." to build all docs. However, if a
virtual environment is placed within the docs directory, sphinx will try
to build it which will fail due to some weird files it has.

This excludes the most common virtual environment directories from the
build to prevent this.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ieeb14cfc5730d21c986611feb0ed379c58dfcae2

show more ...

fix(docs): unify referenced Ubuntu versions

Documentation is inconsistent when referring to Ubuntu versioning.
Change this to a single reference that is consistent with the stated
version for TF-A t

fix(docs): unify referenced Ubuntu versions

Documentation is inconsistent when referring to Ubuntu versioning.
Change this to a single reference that is consistent with the stated
version for TF-A tests.

The change was tested with a full build on a clean install of Ubuntu 20.04.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ibb135ed938e9d92332668fa5caf274cf61b822d3

show more ...

docs(spm): s-el0 partition support update

S-EL0 partitions already support indirect messaging and notifications
so add that to supported features.

Signed-off-by: J-Alves <joao.alves@arm.com>
Change

docs(spm): s-el0 partition support update

S-EL0 partitions already support indirect messaging and notifications
so add that to supported features.

Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I08e04593653ba38a2b82395f6f2d3ca7b212d494

show more ...

Merge changes I256959d7,I721376bf into integration

* changes:
fix(cpus): remove plat_can_cmo check for aarch32
fix(cpus): update doc and check for plat_can_cmo

fix(cpus): update doc and check for plat_can_cmo

plat_can_cmo must not clobber x1 but the doc doesn't mention that. This
patch updates the doc to mention x1. It also adds check for plat_can_cmo
to `

fix(cpus): update doc and check for plat_can_cmo

plat_can_cmo must not clobber x1 but the doc doesn't mention that. This
patch updates the doc to mention x1. It also adds check for plat_can_cmo
to `dcsw_op_louis` which was missed out in original patch.

Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I721376bf3726520d0d5b0df0f33f98ce92257287

show more ...

refactor(stm32mp1): remove STM32MP_USE_STM32IMAGE

The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.

Change-Id: I04452453ed84567b0de39e900594a81526562

refactor(stm32mp1): remove STM32MP_USE_STM32IMAGE

The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.

Change-Id: I04452453ed84567b0de39e900594a81526562259
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

docs(st): update documentation for TRUSTED_BOARD_BOOT

Update the documentation to indicate commands needed for
TRUSTED_BOARD_BOOT management.

Change-Id: I7b8781eaa7f8b6b8d675a625c7ff2e1ee767222a
Si

docs(st): update documentation for TRUSTED_BOARD_BOOT

Update the documentation to indicate commands needed for
TRUSTED_BOARD_BOOT management.

Change-Id: I7b8781eaa7f8b6b8d675a625c7ff2e1ee767222a
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

feat(auth): allow to verify PublicKey with platform format PK

In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the

feat(auth): allow to verify PublicKey with platform format PK

In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the
signature. Typically, platform checks signature using the DER ROTPK
whereas some others add some related information. Add a new platform
weak function to transform the public key buffer used by
verify_signature to a platform specific public key.

Mark this new weak function as deprecated as it will be replaced
by another framework implementation.

Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

feat(cert-create): update for ECDSA brainpoolP256r/t1 support

Updated cert_tool to be able to select brainpool P256r/t1
or NIST prim256v1 curve for certificates signature.

Change-Id: I6e80014469706

feat(cert-create): update for ECDSA brainpoolP256r/t1 support

Updated cert_tool to be able to select brainpool P256r/t1
or NIST prim256v1 curve for certificates signature.

Change-Id: I6e800144697069ea83660053b8ba6e21c229243a
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

Merge "refactor(security): add OpenSSL 1.x compatibility" into integration

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fa

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.

This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).

In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c

show more ...

Merge "fix(docs): add LTS maintainers" into integration

Merge "feat(cpus): make cache ops conditional" into integration

fix(docs): add LTS maintainers

Adding the maintainers for the TF-A LTS releases.

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I683885b8b52c0d004218fa52f71a245bd26b1229

build: deprecate Arm TC0 FVP platform

Arm has decided to deprecate the TC0 platform. The development of
software and fast models for TC0 platform has been discontinued.
TC0 platform has been superse

build: deprecate Arm TC0 FVP platform

Arm has decided to deprecate the TC0 platform. The development of
software and fast models for TC0 platform has been discontinued.
TC0 platform has been superseded by the TC1 and TC2 platforms,
which are already supported in TF-A and CI repositories.

Change-Id: I0269816a6ee733f732669027eae4e14cd60b6084
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "fix(cpus): workaround for Cortex-A77 erratum 2743100" into integration

Merge "fix(docs): update maintainers list" into integration

fix(docs): update maintainers list

As part of release process revisit list of maintainers to keep
it updated.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I63b87265a6bff00ad05d8

fix(docs): update maintainers list

As part of release process revisit list of maintainers to keep
it updated.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I63b87265a6bff00ad05d8b3b7cad694cdf48e9ea

show more ...

Merge "chore(docs): fix broken url references to arm procedure call" into integration

Merge changes from topic "mp/ras_refactoring" into integration

* changes:
docs: document do_panic() and panic() helper functions
fix(ras): restrict RAS support for NS world