| dbe5353e | 27-Oct-2025 |
Ahmed Azeem <ahmed.azeem@arm.com> |
docs(rdaspen): bl32 and GPT support
Added optional BL32 support for the RDaspen platform to enable
Trusted OS integration when required.
Updated documentation to clarify that if BL32 is not set, BL
docs(rdaspen): bl32 and GPT support
Added optional BL32 support for the RDaspen platform to enable
Trusted OS integration when required.
Updated documentation to clarify that if BL32 is not set, BL33 will
load directly after BL31.
Revised the ARM_GPT_SUPPORT description to note that it must be
enabled when the FIP image resides in a GPT partition on Secure Flash.
Change-Id: I79905efd026994290d0bc6c07cdf1f5a903c9194
Signed-off-by: Ahmed Azeem <ahmed.azeem@arm.com>
show more ...
|
| 6af10753 | 27-Oct-2025 |
Lauren Wehrmeister <lauren.wehrmeister@arm.com> |
Merge changes from topic "xl/fwu-trial-run" into integration
* changes:
fix(fwu): fwu NV ctr upgraded on trial run
feat(docs): platform hook for whether NV ctr is shared
feat(fwu): add platfor
Merge changes from topic "xl/fwu-trial-run" into integration
* changes:
fix(fwu): fwu NV ctr upgraded on trial run
feat(docs): platform hook for whether NV ctr is shared
feat(fwu): add platform hook for shared NV ctr
show more ...
|
| c1582b72 | 29-Sep-2025 |
Sumit Garg <sumit.garg@oss.qualcomm.com> |
docs(maintainers): update QTI platform maintainers
Add myself to the list of QTI platform maintainers.
Change-Id: I779f457cf075bf42acb62b75223912d7b4f1e95b
Signed-off-by: Sumit Garg <sumit.garg@oss
docs(maintainers): update QTI platform maintainers
Add myself to the list of QTI platform maintainers.
Change-Id: I779f457cf075bf42acb62b75223912d7b4f1e95b
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
show more ...
|
| 75685d3c | 25-Sep-2025 |
Sumit Garg <sumit.garg@oss.qualcomm.com> |
docs(qti): add RB3Gen2 platform documentation
Add documentation for RB3Gen2 platform listing down step to build, flash
and boot up the platform with TF-A BL2 and BL31 support.
Change-Id: I361fec8fb
docs(qti): add RB3Gen2 platform documentation
Add documentation for RB3Gen2 platform listing down step to build, flash
and boot up the platform with TF-A BL2 and BL31 support.
Change-Id: I361fec8fb7a98b92fed3b1000f6f0c6f510c4887
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
show more ...
|
| 368a1dd3 | 25-Sep-2025 |
Sumit Garg <sumit.garg@oss.qualcomm.com> |
docs(qti): move documentation under docs/plat/qti/
Move documentation under docs/plat/qti/ to become a consolidated place
for QTI platforms documentation.
Change-Id: Ief6f1f811de504761f00ce1acbd608
docs(qti): move documentation under docs/plat/qti/
Move documentation under docs/plat/qti/ to become a consolidated place
for QTI platforms documentation.
Change-Id: Ief6f1f811de504761f00ce1acbd608663eee344f
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
show more ...
|
| 6091f03d | 25-Sep-2025 |
Sumit Garg <sumit.garg@oss.qualcomm.com> |
refactor(qti): introduce SoC codename as Kodiak
Qualcomm has recently started using SoC codenames for upstream support
with Linux kernel being the first adoptor. Using SoC codenames for
upstream pro
refactor(qti): introduce SoC codename as Kodiak
Qualcomm has recently started using SoC codenames for upstream support
with Linux kernel being the first adoptor. Using SoC codenames for
upstream projects removes the need to follow different product names
like for kodiak which is also known as sc7280, qcm6490 etc.
Let's follow this practice of using SoC codenames for TF-A project too
beginning with Kodiak. While doing that let's refactor SoC and board
specific files where the existing support for sc7280 has been renamed to
sc7280_chrome to reflect it's usage.
Change-Id: I236fadf8ae9550f94deb05ebfed17e2ddbd69509
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
show more ...
|
| 0bff7887 | 24-Oct-2025 |
Olivier Deprez <olivier.deprez@arm.com> |
Merge "fix(cpufeat): don't overwrite PAuth keys with an erroneous cache clean" into integration |
| 4d9903bd | 02-Oct-2025 |
Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> |
docs(build): update GCC toolchain requirement to 14.3.Rel1
Update documentation to reflect the use of GCC version 14.3.Rel1,
the latest production release available at:
https://developer.arm.com/dow
docs(build): update GCC toolchain requirement to 14.3.Rel1
Update documentation to reflect the use of GCC version 14.3.Rel1,
the latest production release available at:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I4387ccf519593b804d3e8541e8aaf9723a2aedeb
show more ...
|
| e77cd73f | 23-Oct-2025 |
Boyan Karatotev <boyan.karatotev@arm.com> |
feat(docs): update context management's threat model
Improperly configuring cpu features (ENABLE_FEAT_XYZ) can lead to broken
firmware or, in rare cases, panic at EL3. This makes Denial of service a
feat(docs): update context management's threat model
Improperly configuring cpu features (ENABLE_FEAT_XYZ) can lead to broken
firmware or, in rare cases, panic at EL3. This makes Denial of service a
valid threat on the Availability asset.
Since the original model, we've gained FEATURE_DETECTION which is meant
to help get platforms configured correctly.
Change-Id: I10f9870173fc4b24ea14a24197537d46ead9f789
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 95ed23a1 | 24-Sep-2025 |
Xialin Liu <xialin.liu@arm.com> |
feat(docs): platform hook for whether NV ctr is shared
Add documentation on platform hook for inquiry if the
NV ctr is shared across all secure images (BL1, BL2, BL31 etc.).
Change-Id: If0859fe1fb7
feat(docs): platform hook for whether NV ctr is shared
Add documentation on platform hook for inquiry if the
NV ctr is shared across all secure images (BL1, BL2, BL31 etc.).
Change-Id: If0859fe1fb7a072b6e8fc25f77218785a4fc0da8
Signed-off-by: Xialin Liu <xialin.liu@arm.com>
show more ...
|
| 072e8aeb | 11-Sep-2025 |
Boyan Karatotev <boyan.karatotev@arm.com> |
fix(cpufeat): don't overwrite PAuth keys with an erroneous cache clean
Accessing cpu_data when TF-A is built with HW_ASSISTED_COHERENCY=1 is
simple. Caching (SCTLR_EL3.C) is enabled along with the M
fix(cpufeat): don't overwrite PAuth keys with an erroneous cache clean
Accessing cpu_data when TF-A is built with HW_ASSISTED_COHERENCY=1 is
simple. Caching (SCTLR_EL3.C) is enabled along with the MMU and we can
rely on all accesses being coherent. However, this is not the case when
HW_ASSISTED_COHERENCY=0. Most of EL3's initialisation (especially on
warm boot) happens with the MMU on but with caching being off. Caches
are only enabled deep into CPU_ON processing when we can be certain the
core has entered coherency. This latter case is the subject of this
patch.
Prior to this patch, the way to work around that was to clean the
apiakey cpu_data storage right after writing it. The write would have
gone straight to memory as caches were off and the clean asserted that
nothing would be in the caches which were assumed to be invalid since
we've just came out of reset.
The problem with this is that we cannot assume that ALL caches are
invalid when coming out of reset. We can reasonably assume those private
to the core to be (so the L1 and/or the L2; those are guaranteed to be
invalidated out of reset for every Arm core) but that is not the case
for shared caches (eg an L2/L3 DSU cache) which can be on when a core
powers down. So the old keys could still be live in the shared cache, we
write new ones to memory and clean the old to memory too, undoing the
work.
So the correct thing to do is to clean and invalidate the cache prior to
writing the keys to memory and invalidate it after. This ensures that if
there is any other data after the apiakey, which shares the cache line,
it will be safely forwarded to memory and the caches will be invalid
when caching is turned on.
It is important to note at this point that this was never observed in
practice - every known configuration that uses PAuth has the apiakey as
the very last member of the cpu_data struct which is padded up to a
cache line and the usage of the apiakey is such that it was never
allocated into the shared caches. So the clean would effectively perform
an invalidate of only the apiakey and all worked well. This was only
spotted with a proposed patch that added data after the apiakey
(https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/39698/7).
Change-Id: I8493221dff53114c5c56dd73fbfd2a3301e2542c
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 5affb6a7 | 16-Oct-2025 |
Slava Andrianov <slava.andrianov@arm.com> |
feat(mbedtls): update mbedtls to version 3.6.5
Change-Id: Ia5366faa71007024e098a05ee391a2ff8e8676c0
Signed-off-by: Slava Andrianov <slava.andrianov@arm.com> |
| ed2cb229 | 16-Oct-2025 |
Bipin Ravi <bipin.ravi@arm.com> |
Merge "docs: update TF-A May'26 release dates" into integration |
| 50cb1b6d | 16-Oct-2025 |
Govindraj Raja <govindraj.raja@arm.com> |
docs: update TF-A May'26 release dates
Tentatively updating the plan for TF-A v2.15 release in May'26.
Change-Id: I43de74567c57139023844a55ca90d354b6cc680d
Signed-off-by: Govindraj Raja <govindraj.
docs: update TF-A May'26 release dates
Tentatively updating the plan for TF-A v2.15 release in May'26.
Change-Id: I43de74567c57139023844a55ca90d354b6cc680d
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
show more ...
|
| b3bcfd12 | 14-Aug-2025 |
Andre Przywara <andre.przywara@arm.com> |
feat(cpufeat): enable FEAT_PFAR support
Implement support for FEAT_PFAR, which introduces the PFAR_ELx system
register, recording the faulting physical address for some aborts.
Those system register
feat(cpufeat): enable FEAT_PFAR support
Implement support for FEAT_PFAR, which introduces the PFAR_ELx system
register, recording the faulting physical address for some aborts.
Those system registers are trapped by the SCR_EL3.PFARen bit, so set the
bit for the non-secure world context to allow OSes to use the feature.
This is controlled by the ENABLE_FEAT_PFAR build flag, which follows the
usual semantics of 2 meaning the feature being runtime detected.
Let the default for this flag be 0, but set it to 2 for the FVP.
Change-Id: I5c9ae750417e75792f693732df3869e02b6e4319
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
show more ...
|
| aa05796e | 15-Oct-2025 |
Manish Pandey <manish.pandey2@arm.com> |
Merge "feat(cpufeat): enable FEAT_AIE support" into integration |
| 90329375 | 14-Oct-2025 |
Bipin Ravi <bipin.ravi@arm.com> |
Merge "fix(docs): fix some broken links" into integration |
| 7e8b7096 | 14-Oct-2025 |
Govindraj Raja <govindraj.raja@arm.com> |
Merge changes Id711e387,I531a2ee1,Ic5b48514,I81f5f663,I6c529c13, ... into integration
* changes:
refactor(romlib): absorb WRAPPER_FLAGS into LDFLAGS
fix(build): simplify the -target options
fe
Merge changes Id711e387,I531a2ee1,Ic5b48514,I81f5f663,I6c529c13, ... into integration
* changes:
refactor(romlib): absorb WRAPPER_FLAGS into LDFLAGS
fix(build): simplify the -target options
feat(build): allow full LTO builds with clang
refactor(build): make sorting of sections generic
feat(build): use clang as a linker
fix(build): correctly detect that an option is missing with ld_option
feat(build): pass cflags to the linker when LTO is enabled
show more ...
|
| 5be66449 | 08-Oct-2025 |
Boyan Karatotev <boyan.karatotev@arm.com> |
refactor(build): make it standard to request a custom linker script
Hoist the add_define to a global location so that platforms only have to
declare its usage. Fix up #ifdef to #if since we will now
refactor(build): make it standard to request a custom linker script
Hoist the add_define to a global location so that platforms only have to
declare its usage. Fix up #ifdef to #if since we will now always pass a
definition.
Change-Id: Ia52ad5ed4dcbd157d139c8ca2fb3d35b32343b93
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 80684b7e | 13-Oct-2025 |
Olivier Deprez <olivier.deprez@arm.com> |
Merge "fix(cm): deprecate use of NS_TIMER_SWITCH" into integration |
| f74d03a1 | 10-Oct-2025 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge changes from topic "lfa-plat-activate" into integration
* changes:
feat(fvp): add stub implementation for plat_lfa_notify_activate()
feat(lfa): add platform hook for activation notification |
| 532350d2 | 29-Sep-2025 |
Yann Gautier <yann.gautier@st.com> |
docs: add dependabot patches for LTS
The GitHub dependabot creates patches for Node.js or python tools used
by TF-A. Those patches are created for main branch but also for LTS
branches. They should
docs: add dependabot patches for LTS
The GitHub dependabot creates patches for Node.js or python tools used
by TF-A. Those patches are created for main branch but also for LTS
branches. They should be cherry-picked in LTS branches. Add some
directives about that in the LTS documentation.
Change-Id: Ibb730d98818d1b2913d479d25c25ac36b4476864
Signed-off-by: Yann Gautier <yann.gautier@st.com>
show more ...
|
| ddc918b1 | 29-Apr-2025 |
Boyan Karatotev <boyan.karatotev@arm.com> |
feat(build): allow full LTO builds with clang
GCC doesn't like LTOing __builtins. This has been broken for time
immemorial (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63215) and
there is no fi
feat(build): allow full LTO builds with clang
GCC doesn't like LTOing __builtins. This has been broken for time
immemorial (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63215) and
there is no fix coming. Prior to GCC 14 a build of the libc with LTO
will simply not work. From GCC14 a workaround is possible passing
-ffat-lto-objects. The underlying issue is that the linker "forgets"
about builtin symbols it added during LTO. The non-LTO copies make these
forgotten functions available during final resolution. However, this
still does not LTO the libc, it just allows for it to build with -flto.
Since GCC is our main compiler, and we do not differentiate the libc
from any other lib we build, we have simply not built libs with LTO so
far. However, there is no need to kneecap clang for GCC's failings, so
LTO all libs on clang when enabled.
When GCC14 becomes the oldest reasonable compiler we support, this can
be done for GCC too, although with the workaround above. This still
won't LTO the libc, but it will at least LTO other libs.
Change-Id: Ic5b4851480131f4e8aefd678cc05d4dd02ee01ef
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| 6c2e5bf6 | 11-Apr-2025 |
Boyan Karatotev <boyan.karatotev@arm.com> |
feat(build): use clang as a linker
To support LTO, the gcc binary is used as a compiler, assembler, and
linker. Do the same for clang and enable LTO builds with it as a side
effect.
This simplifies
feat(build): use clang as a linker
To support LTO, the gcc binary is used as a compiler, assembler, and
linker. Do the same for clang and enable LTO builds with it as a side
effect.
This simplifies code quite a bit as the gcc/clang different is much
smaller. Support for ld/lld (if overriden with LD) is maintained.
This is a good time to convert tabs to spaces to conform to make's
expectations on syntax.
Change-Id: I6c529c1393f7e9e8046ed537f871fc3ad91d599a
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
show more ...
|
| cc2523bb | 14-Aug-2025 |
Andre Przywara <andre.przywara@arm.com> |
feat(cpufeat): enable FEAT_AIE support
Implement support for FEAT_AIE, which introduces the AMAIR2_ELx and
MAIR2_ELx system registers, extending the memory attributes described
by {A}MAIR_ELx.
Those
feat(cpufeat): enable FEAT_AIE support
Implement support for FEAT_AIE, which introduces the AMAIR2_ELx and
MAIR2_ELx system registers, extending the memory attributes described
by {A}MAIR_ELx.
Those system registers are trapped by the SCR_EL3.AIEn bit, so set the
bit for the non-secure world context to allow OSes to use the feature.
This is controlled by the ENABLE_FEAT_AIE build flag, which follows the
usual semantics of 2 meaning the feature being runtime detected.
Let the default for this flag be 0, but set it to 2 for the FVP.
Change-Id: Iba2011719013a89f9cb3a4317bde18254f45cd25
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
show more ...
|