docs(threat-model): remove some redundant text in threat #08

The threat description was repeating the threat title.

Change-Id: I67de2c0aab6e86bf33eb91e7562e075fcb76259b
Signed-off-by: Sandrine Bail

docs(threat-model): remove some redundant text in threat #08

The threat description was repeating the threat title.

Change-Id: I67de2c0aab6e86bf33eb91e7562e075fcb76259b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

docs(threat-model): revamp threat #9

Reword the description of threat #9 to make it more future-proof for
Arm CCA. By avoiding specific references to secure or non-secure
contexts, in favour of "wor

docs(threat-model): revamp threat #9

Reword the description of threat #9 to make it more future-proof for
Arm CCA. By avoiding specific references to secure or non-secure
contexts, in favour of "worlds" and "security contexts", we make the
description equally applicable to 2-world and 4-world architectures.

Note that there are other threats that would benefit from such a
similar revamp but this is out of scope of this patch.

Also list malicious secure world code as a potential threat
agent. This seems to be an oversight in the first version of the
threat model (i.e. this change is not related to Arm CCA).

Change-Id: Id8c8424b0a801104c4f3dc70e344ee702d2b259a
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

docs(threat-model): make experimental features out of scope

By nature, experimental features are incomplete pieces of work,
sometimes going under rapid change. Typically, the threat model
implicatio

docs(threat-model): make experimental features out of scope

By nature, experimental features are incomplete pieces of work,
sometimes going under rapid change. Typically, the threat model
implications have not been fully considered yet.

Change-Id: Ice8d4273a789558e912f82cde592da4747b37fdf
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

docs(threat-model): cosmetic changes

- Add empty lines after titles.

- Reduce number of highlighting characters to fit title length.

- Remove most ``monospaced text``.
I think most of it loo

docs(threat-model): cosmetic changes

- Add empty lines after titles.

- Reduce number of highlighting characters to fit title length.

- Remove most ``monospaced text``.
I think most of it looked weird in the rendered HTML version and
it had no obvious meaning.

Change-Id: I5f746a3de035d8ac59eec0af491c187bfe86dad7
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

refactor(security): upgrade tools to OpenSSL 3.0

Host tools cert_tool and encrypt_fw refactored to be fully
compatible with OpenSSL v3.0.

Changes were made following the OpenSSL 3.0 migration guide

refactor(security): upgrade tools to OpenSSL 3.0

Host tools cert_tool and encrypt_fw refactored to be fully
compatible with OpenSSL v3.0.

Changes were made following the OpenSSL 3.0 migration guide:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
In some cases, those changes are straightforward and only
a small modification on the types or API calls was needed
(e.g.: replacing BN_pseudo_rand() with BN_rand(). Both identical
since v1.1.0).
The use of low level APIs is now deprecated. In some cases,
the new API provides a simplified solution for our goals and
therefore the code was simplified accordingly (e.g.: generating
RSA keys through EVP_RSA_gen() without the need of handling the
exponent). However, in some cases, a more
sophisticated approach was necessary, as the use of a context
object was required (e.g.: when retrieving the digest value from
an SHA file).

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I978e8578fe7ab3e71307450ebe7e7812fbcaedb6

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmd): allow forwarding of FFA_FRAG_RX/TX calls
feat(spmc): add support for FFA_SPM_ID_GET
feat(spmc): add support for

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmd): allow forwarding of FFA_FRAG_RX/TX calls
feat(spmc): add support for FFA_SPM_ID_GET
feat(spmc): add support for forwarding a secure interrupt to the SP
feat(spmc): add support for FF-A power mgmt. messages in the EL3 SPMC

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): enable the SPMC to pass the linear core ID in a register
feat(spmc): add FFA_RX_RELEASE handler
feat(spmc): add

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): enable the SPMC to pass the linear core ID in a register
feat(spmc): add FFA_RX_RELEASE handler
feat(spmc): add FFA_RUN handler
feat(spmc): support FFA_ID_GET ABI
feat(spmc): add FFA_FEATURES handler
feat(spmc): add FFA_PARTITION_INFO_GET handler
feat(spmc): enable handling FF-A RX/TX Mapping ABIs
docs(maintainers): introduce SPMC maintainer section

show more ...

feat(spmc): add support for FF-A power mgmt. messages in the EL3 SPMC

This patch adds support for forwarding the following PSCI messages
received by the SPMC at EL3 to the S-EL1 SP if the SP has ind

feat(spmc): add support for FF-A power mgmt. messages in the EL3 SPMC

This patch adds support for forwarding the following PSCI messages
received by the SPMC at EL3 to the S-EL1 SP if the SP has indicated
that it wishes to receive the appropriate message via its manifest.

1. A PSCI CPU_OFF message in response to a cpu hot unplug request
from the OS.
2. A message to indicate warm boot of a cpu in response to a cpu
hot plug request from the OS.
3. A PSCI CPU_SUSPEND message in response to a cpu idle event
initiated from the OS.
4. A message to indicate warm boot of a cpu from a shallow power
state in response to a cpu resume power event.

This patch also implements the FFA_SECONDARY_EP_REGISTER function to
enable the SP specify its secondary entrypoint.

Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I375d0655b2c6fc27445facc39213d1d0678557f4

show more ...

Merge changes from topic "rss/mboot-attest" into integration

* changes:
docs(maintainers): add PSA, MHU, RSS comms code owners
feat(plat/arm/fvp): enable RSS backend based measured boot
feat(l

Merge changes from topic "rss/mboot-attest" into integration

* changes:
docs(maintainers): add PSA, MHU, RSS comms code owners
feat(plat/arm/fvp): enable RSS backend based measured boot
feat(lib/psa): mock PSA APIs
feat(drivers/measured_boot): add RSS backend
feat(drivers/arm/rss): add RSS communication driver
feat(lib/psa): add initial attestation API
feat(lib/psa): add measured boot API
feat(drivers/arm/mhu): add MHU driver

show more ...

docs(maintainers): add PSA, MHU, RSS comms code owners

Adding Sandrine Bailleux for the PSA APIs and myself for the
MHU and RSS comms drivers as code owner.

Change-Id: Ib948479cc6e46163aae59c938877

docs(maintainers): add PSA, MHU, RSS comms code owners

Adding Sandrine Bailleux for the PSA APIs and myself for the
MHU and RSS comms drivers as code owner.

Change-Id: Ib948479cc6e46163aae59c938877a2d0bcf91754
Signed-off-by: David Vincze <david.vincze@arm.com>

show more ...

Merge "docs(versal): fix the versal platform emu name" into integration

fix(errata): workaround for DSU-110 erratum 2313941

DSU-110 erratum 2313941 is a Cat B erratum and applies to revisions
r0p0, r1p0, r2p0, r2p1, r3p0, r3p1 and is still open.

The workaround sets IMP

fix(errata): workaround for DSU-110 erratum 2313941

DSU-110 erratum 2313941 is a Cat B erratum and applies to revisions
r0p0, r1p0, r2p0, r2p1, r3p0, r3p1 and is still open.

The workaround sets IMP_CLUSTERACTLR_EL1[16:15] bits to 0b11 to disable
clock gating of the SCLK domain. This will increase the idle power
consumption.

This patch applies the fix for Cortex-X2/A510/A710 and Neoverse N2.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1781796/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I54d948b23e8e01aaf1898ed9fe4e2255dd209318
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>

show more ...

Merge "docs: update release and code freeze dates" into integration

feat(lib/psa): mock PSA APIs

Introduce PLAT_RSS_NOT_SUPPORTED build config to
provide a mocked version of PSA APIs. The goal is
to test the RSS backend based measured boot and
attestation token requ

feat(lib/psa): mock PSA APIs

Introduce PLAT_RSS_NOT_SUPPORTED build config to
provide a mocked version of PSA APIs. The goal is
to test the RSS backend based measured boot and
attestation token request integration on such
a platform (AEM FVP) where RSS is otherwise
unsupported. The mocked PSA API version does
not send a request to the RSS, it only returns
with success and hard-coded values.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ice8d174adf828c1df08fc589f0e17abd1e382a4d

show more ...

fix(errata): workarounds for cortex-x1 errata

This patch adds workarounds for following cortex-x1 errata:

- 1821534 (CatB)
- 1688305 (CatB)
- 1827429 (CatB)

SDEN can be found here:
https://develop

fix(errata): workarounds for cortex-x1 errata

This patch adds workarounds for following cortex-x1 errata:

- 1821534 (CatB)
- 1688305 (CatB)
- 1827429 (CatB)

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401782/latest

Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I10ebe8d5c56a6d273820bb2c682f21bf98daa7a5

show more ...

docs: update release and code freeze dates

Change-Id: I72d200a0cfbcb4ef53b732faa5b7125dce91395d
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

docs(maintainers): introduce SPMC maintainer section

Renamed the existing SPM entry to the SPMD and add myself
as the SPMC maintainer.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id:

docs(maintainers): introduce SPMC maintainer section

Renamed the existing SPM entry to the SPMD and add myself
as the SPMC maintainer.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ic74659b119986df5fc229a4470049d289eeef21a

show more ...

docs(versal): fix the versal platform emu name

Fix the versal platform emu itr6 name.

Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Id9f3272c85513d8258fbbb3bd71

docs(versal): fix the versal platform emu name

Fix the versal platform emu itr6 name.

Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Id9f3272c85513d8258fbbb3bd719c032053b3ada

show more ...

Merge "fix(errata): workaround for Cortex-A710 erratum 2008768" into integration

fix(errata): workaround for Cortex-A78 erratum 2395406

Cortex-A78 erratum 2395406 is a cat B erratum that applies to revisions
r0p0 - r1p2 and is still open. The workaround is to set bit[40] of
CPUA

fix(errata): workaround for Cortex-A78 erratum 2395406

Cortex-A78 erratum 2395406 is a cat B erratum that applies to revisions
r0p0 - r1p2 and is still open. The workaround is to set bit[40] of
CPUACTLR2 which will disable folding of demand requests into older
prefetches with L2 miss requests outstanding.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401784

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If06f988f05f925c2a4bed3e6a9414b6acdfec894

show more ...

fix(errata): workaround for Cortex-A710 erratum 2008768

Cortex-A710 erratum 2008768 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to clea

fix(errata): workaround for Cortex-A710 erratum 2008768

Cortex-A710 erratum 2008768 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to clear
the ED bit in each ERXCTLR_EL1 register before setting the PWRDN bit in
CPUPWRCTLR_EL1.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ib2171c06da762dd4155b02c03d86766f1616381d

show more ...

fix(errata): workaround for Cortex-A78 erratum 2376745

Cortex-A78 erratum 2376745 is a cat B erratum that applies to revisions
r0p0 - r1p2 and is still open. The workaround is to set bit[0] of
CPUAC

fix(errata): workaround for Cortex-A78 erratum 2376745

Cortex-A78 erratum 2376745 is a cat B erratum that applies to revisions
r0p0 - r1p2 and is still open. The workaround is to set bit[0] of
CPUACTLR2 which will force PLDW/PFRM ST to behave like PLD/PRFM LD and
not cause invalidation to other PE caches.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401784

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I6f1a3a7d613c5ed182a7028f912e0f6ae3aa7f98

show more ...

docs(maintainers): add new owners for Trusty SPD

Split TLK/Trusty SPD into two separate components and add additional
owners for Trusty SPD.

Signed-off-by: Marco Nelissen <marcone@google.com>
Chang

docs(maintainers): add new owners for Trusty SPD

Split TLK/Trusty SPD into two separate components and add additional
owners for Trusty SPD.

Signed-off-by: Marco Nelissen <marcone@google.com>
Change-Id: Ifabd1bb630fe4976e304fa29eac1c516ec6e2e18

show more ...

Merge "feat(brbe): add BRBE support for NS world" into integration

Merge "docs(maintainers): update measured boot code owners" into integration