feat(rmmd): add support to create a boot manifest

This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Ch

feat(rmmd): add support to create a boot manifest

This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I1374f8f9cb207028f1820953cd2a5cf6d6c3b948

show more ...

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, am

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.

The RMM boot manifest is not implemented by this patch.

In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a

show more ...

docs: add Manish Badarkhe to maintainer list

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I8fd116962bb9775e2f96faee37bbf73073e15512

Merge changes from topic "mb/gic600-errata" into integration

* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaro

Merge changes from topic "mb/gic600-errata" into integration

* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaround to forward highest priority interrupt

show more ...

Merge "docs(security): update security advisory for CVE-2022-23960" into integration

docs(security): update security advisory for CVE-2022-23960

Update advisory document following Spectre-BHB mitigation support for
additional CPUs.

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Cha

docs(security): update security advisory for CVE-2022-23960

Update advisory document following Spectre-BHB mitigation support for
additional CPUs.

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I4492397f18882f514beff4da06afe973acecf1f0

show more ...

Merge "fix(errata): workaround for Neoverse-V1 erratum 2372203" into integration

Merge "fix(errata): workaround for Cortex-A77 erratum 2356587" into integration

fix(errata): workaround for Cortex-A77 erratum 2356587

Cortex-A77 erratum 2356587 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUAC

fix(errata): workaround for Cortex-A77 erratum 2356587

Cortex-A77 erratum 2356587 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1152370/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I243cfd587bca06ffd2a7be5bce28f8d2c5e68230

show more ...

fix(errata): workaround for Neoverse-V1 erratum 2372203

Neoverse-V1 erratum 2372203 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[40] of
CP

fix(errata): workaround for Neoverse-V1 erratum 2372203

Neoverse-V1 erratum 2372203 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[40] of
CPUACTLR2_EL1 to disable folding of demand requests into older
prefetches with L2 miss requests outstanding.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ice8c2e5a0152972a35219c8245a2e07e646d0557

show more ...

fix(gic600): implement workaround to forward highest priority interrupt

If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET com

fix(gic600): implement workaround to forward highest priority interrupt

If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET command may not
be delivered in a finite time. To workaround this, issue an unblocking
event by toggling GICR_CTLR.DPG* bits after clearing the cpu group
enable (EnableGrp* bits of GIC CPU interface register)
This fix is implemented as per the errata 2384374-part 2 workaround
mentioned here:
https://developer.arm.com/documentation/sden892601/latest/

Change-Id: I13926ceeb7740fa4c05cc5b43170e7ce49598f70
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(errata): workaround for Neoverse-V1 erratum 2294912

Neoverse-V1 erratum 2294912 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPU

fix(errata): workaround for Neoverse-V1 erratum 2294912

Neoverse-V1 erratum 2294912 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ia7afb4c42fe66b36fdf38a7d4281a0d168f68354

show more ...

Merge changes from topic "jc/detect_feat" into integration

* changes:
feat(trbe): add trbe under feature detection mechanism
feat(brbe): add brbe under feature detection mechanism

fix(changelog): fix the broken link to commitlintrc.js

The link to commitlintrc.js file in the v2.7 changelog
is updated.

Change-Id: I24ee736180d8df72b2d831e110a9a3a80a6d9862
Signed-off-by: Jayanth

fix(changelog): fix the broken link to commitlintrc.js

The link to commitlintrc.js file in the v2.7 changelog
is updated.

Change-Id: I24ee736180d8df72b2d831e110a9a3a80a6d9862
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

feat(trbe): add trbe under feature detection mechanism

This change adds "FEAT_TRBE" to be part of feature detection mechanism.

Previously feature enablement flags were of boolean type, containing
e

feat(trbe): add trbe under feature detection mechanism

This change adds "FEAT_TRBE" to be part of feature detection mechanism.

Previously feature enablement flags were of boolean type, containing
either 0 or 1. With the introduction of feature detection procedure
we now support three states for feature enablement build flags(0 to 2).

Accordingly, "ENABLE_TRBE_FOR_NS" flag is now modified from boolean
to numeric type to align with the feature detection.

Change-Id: I53d3bc8dc2f6eac63feef22dfd627f3a48480afc
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

feat(brbe): add brbe under feature detection mechanism

This change adds "FEAT_BRBE" to be part of feature detection mechanism.

Previously feature enablement flags were of boolean type, possessing
e

feat(brbe): add brbe under feature detection mechanism

This change adds "FEAT_BRBE" to be part of feature detection mechanism.

Previously feature enablement flags were of boolean type, possessing
either 0 or 1. With the introduction of feature detection procedure
we now support three states for feature enablement build flags(0 to 2).

Accordingly, "ENABLE_BRBE_FOR_NS" flag is now modified from boolean
to numeric type to align with the feature detection.

Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I1eb52863b4afb10b808e2f0b6584a8a210d0f38c

show more ...

Merge "docs(changelog): changelog for v2.7 release" into integration

docs(changelog): changelog for v2.7 release

Change-Id: I573e5eb3c7fad097892292c8a967dc02d72d12e6
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

Merge changes from topic "sb/threat-model" into integration

* changes:
docs(threat-model): broaden the scope of threat #05
docs(threat-model): emphasize whether mitigations are implemented

docs(spm): refresh FF-A SPM design doc

- Move manifest binding doc as a dedicated SPM doc section.
- Highlight introduction of an EL3 FF-A SPM solution.
- Refresh TF-A build options.
- Refresh PE MM

docs(spm): refresh FF-A SPM design doc

- Move manifest binding doc as a dedicated SPM doc section.
- Highlight introduction of an EL3 FF-A SPM solution.
- Refresh TF-A build options.
- Refresh PE MMU configuration section.
- Add arch extensions for security hardening section.
- Minor corrections, typos fixes and rephrasing.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2db06c140ef5871a812ce00a4398c663d5433bb4

show more ...

docs(spm): update FF-A manifest binding

- Add security state attribute to memory and device regions.
- Rename device region reg attribution to base-address aligned with
memory regions.
- Add pages

docs(spm): update FF-A manifest binding

- Add security state attribute to memory and device regions.
- Rename device region reg attribution to base-address aligned with
memory regions.
- Add pages-count field to device regions.
- Refresh interrupt attributes description in device regions.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I901f48d410edb8b10f65bb35398b80f18105e427

show more ...

docs(threat-model): broaden the scope of threat #05

- Cite crash reports as an example of sensitive
information. Previously, it might have sounded like this was the
focus of the threat.

- W

docs(threat-model): broaden the scope of threat #05

- Cite crash reports as an example of sensitive
information. Previously, it might have sounded like this was the
focus of the threat.

- Warn about logging high-precision timing information, as well as
conditionally logging (potentially nonsensitive) information
depending on sensitive information.

Change-Id: I33232dcb1e4b5c81efd4cd621b24ab5ac7b58685
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

docs(threat-model): emphasize whether mitigations are implemented

For each threat, we now separate:
- how to mitigate against it;
- whether TF-A currently implements these mitigations.

A new "Mit

docs(threat-model): emphasize whether mitigations are implemented

For each threat, we now separate:
- how to mitigate against it;
- whether TF-A currently implements these mitigations.

A new "Mitigations implemented?" box is added to each threat to
provide the implementation status. For threats that are partially
mitigated from platform code, the original text is improved to make
these expectations clearer. The hope is that platform integrators will
have an easier time identifying what they need to carefully implement
in order to follow the security recommendations from the threat model.

Change-Id: I8473d75946daf6c91a0e15e61758c183603e195b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Merge changes from topic "ja/boot_protocol" into integration

* changes:
docs(spm): update ff-a boot protocol documentation
docs(maintainers): add code owner to sptool

docs(spm): update ff-a boot protocol documentation

Updated following sections to document implementation of the FF-A boot
information protocol:
- Describing secure partitions.
- Secure Partition Pac

docs(spm): update ff-a boot protocol documentation

Updated following sections to document implementation of the FF-A boot
information protocol:
- Describing secure partitions.
- Secure Partition Packages.
- Passing boot data to the SP.
Also updated description of the manifest field 'gp-register-num'.

Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I5c856437b60cdf05566dd636a01207c9b9f42e61

show more ...