| 6adeeb47 | 03-Oct-2023 |
laurenw-arm <lauren.wehrmeister@arm.com> |
docs(cert-create): add key size options for ecdsa
Adding the possible key sizes for the ecdsa key algorithm.
Change-Id: I58947bc749fed911766a1462a0c2ba520b8f7c69
Signed-off-by: Lauren Wehrmeister <
docs(cert-create): add key size options for ecdsa
Adding the possible key sizes for the ecdsa key algorithm.
Change-Id: I58947bc749fed911766a1462a0c2ba520b8f7c69
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
show more ...
|
| 801cd3c8 | 26-Jun-2023 |
Nishant Sharma <nishant.sharma@arm.com> |
feat(el3-spmc): add a flag to enable support to load SEL0 SP
Introduce a build flag for enabling the support for loading SEL0 SP in
EL3 SPMC.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
feat(el3-spmc): add a flag to enable support to load SEL0 SP
Introduce a build flag for enabling the support for loading SEL0 SP in
EL3 SPMC.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I1d63ae4d0d8374a732113565be90d58861506e39
show more ...
|
| 85bebe18 | 11-Oct-2023 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
refactor(console): disable getc() by default
The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A
refactor(console): disable getc() by default
The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A. It is dangerous to keep that feature enabled if not
strictly necessary, especially in production firmware builds.
Thus, we need a way to disable this feature. Moreover, when it is
disabled, all related code should be eliminated from the firmware
binaries, such that no remnant/dead getc() code remains in memory,
which could otherwise be used as a gadget as part of a bigger security
attack.
This patch disables getc() feature by default. For legitimate getc()
use cases [1], it can be explicitly enabled by building TF-A with
ENABLE_CONSOLE_GETC=1.
The following changes are introduced when getc() is disabled:
- The multi-console framework no longer provides the console_getc()
function.
- If the console driver selected by the platform attempts to register
a getc() callback into the multi-console framework then TF-A will
now fail to build.
If registered through the assembly function finish_console_register():
- On AArch64, you'll get:
Error: undefined symbol CONSOLE_T_GETC used as an immediate value.
- On AArch32, you'll get:
Error: internal_relocation (type: OFFSET_IMM) not fixed up
If registered through the C function console_register(), this requires
populating a struct console with a getc field, which will trigger:
error: 'console_t' {aka 'struct console'} has no member named 'getc'
- All console drivers which previously registered a getc() callback
have been modified to do so only when ENABLE_CONSOLE_GETC=1.
[1] Example of such use cases would be:
- Firmware recovery: retrieving a golden BL2 image over the console in
order to repair a broken firmware on a bricked board.
- Factory CLI tool: Drive some soak tests through the console.
Discussed on TF-A mailing list here:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/YS7F6RCNTWBTEOBLAXIRTXWIOYINVRW7/
Change-Id: Icb412304cd23dbdd7662df7cf8992267b7975cc5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
show more ...
|
| 8cf07ab3 | 07-Sep-2023 |
Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> |
docs(build): update GCC to 12.3.Rel1 version
Updating toolchain to the latest production release version
12.3.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-down
docs(build): update GCC to 12.3.Rel1 version
Updating toolchain to the latest production release version
12.3.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
We build TF-A in CI using x86_64 Linux hosted cross toolchains:
---------------------------------------------------------------
* AArch32 bare-metal target (arm-none-eabi)
* AArch64 bare-metal target (aarch64-none-elf)
Change-Id: Ifcabb7fb9d8e13b87e164c3c1be8c8d32c31b49a
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
show more ...
|
| 56ddb3f0 | 05-Oct-2023 |
Lauren Wehrmeister <lauren.wehrmeister@arm.com> |
Merge changes from topic "mb/psa-crypto-support" into integration
* changes:
feat(mbedtls-psa): use PSA crypto API during signature verification
feat(mbedtls-psa): use PSA crypto API during hash
Merge changes from topic "mb/psa-crypto-support" into integration
* changes:
feat(mbedtls-psa): use PSA crypto API during signature verification
feat(mbedtls-psa): use PSA crypto API during hash calculation
feat(mbedtls-psa): use PSA crypto API for hash verification
feat(mbedtls-psa): initialise mbedtls psa crypto
feat(mbedtls-psa): register an ad-hoc PSA crypto driver
feat(mbedtls-psa): introduce PSA_CRYPTO build option
docs(changelog): add scope for MbedTLS PSA Crypto
show more ...
|
| 7a8b6f64 | 05-Oct-2023 |
Bipin Ravi <bipin.ravi@arm.com> |
Merge "fix(cpus): workaround for Cortex-X3 erratum 2070301" into integration |
| 74306b2a | 04-Oct-2023 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
fix(docs): remove out-dated information about CI review comments
- Fix the name of the user account under which the CI bot posts
review comments.
- The CI has now transitioned to trustedfirmwa
fix(docs): remove out-dated information about CI review comments
- Fix the name of the user account under which the CI bot posts
review comments.
- The CI has now transitioned to trustedfirmware.org so CI results
are publically accessible.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I53dd93e200c9e119b5df6bbaf2644485cde57ce5
show more ...
|
| 2454316c | 03-Oct-2023 |
Sona Mathew <sonarebecca.mathew@arm.com> |
fix(cpus): workaround for Cortex-X3 erratum 2070301
Cortex-X3 erratum 2070301 is a Cat B erratum that applies to all
revisions <= r1p2 and is still open.
The workaround is to write the value 4'b1001
fix(cpus): workaround for Cortex-X3 erratum 2070301
Cortex-X3 erratum 2070301 is a Cat B erratum that applies to all
revisions <= r1p2 and is still open.
The workaround is to write the value 4'b1001 to the PF_MODE bits
in the IMP_CPUECTLR2_EL1 register. This places the data prefetcher
in the most conservative mode instead of disabling it.
SDEN documentation:
https://developer.arm.com/documentation/2055130/latest
Change-Id: I337c4c7bb9221715aaf973a55d0154e1c7555768
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
show more ...
|
| 5782b890 | 06-Sep-2023 |
Manish V Badarkhe <Manish.Badarkhe@arm.com> |
feat(mbedtls-psa): introduce PSA_CRYPTO build option
This is a preparatory patch to provide MbedTLS PSA Crypto
API support, with below changes -
1. Added a build macro PSA_CRYPTO to enable the Mbed
feat(mbedtls-psa): introduce PSA_CRYPTO build option
This is a preparatory patch to provide MbedTLS PSA Crypto
API support, with below changes -
1. Added a build macro PSA_CRYPTO to enable the MbedTLS PSA
Crypto API support in the subsequent patches.
2. Compile necessary PSA crypto files from MbedTLS source code
when PSA_CRYPTO=1.
Also, marked PSA_CRYPTO as an experimental feature.
Change-Id: I45188f56c5c98b169b2e21e365150b1825c6c450
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
show more ...
|
| 920aa8d4 | 03-Oct-2023 |
Soby Mathew <soby.mathew@arm.com> |
Merge "feat(rmmd): enable SME for RMM" into integration |
| f92eb7e2 | 18-May-2023 |
Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> |
feat(rmmd): enable SME for RMM
This patch enables Scalable Matrix Extension (SME) for RMM. RMM will
save/restore required registers that are shared with SVE/FPU register
state so that Realm can use
feat(rmmd): enable SME for RMM
This patch enables Scalable Matrix Extension (SME) for RMM. RMM will
save/restore required registers that are shared with SVE/FPU register
state so that Realm can use FPU or SVE.
The Relevant RMM support can be found here :
https://github.com/TF-RMM/tf-rmm/commit/0ccd7ae58b00
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I3bbdb840e7736dec00b71c85fcec3d5719413ffd
show more ...
|
| a1377a89 | 02-Oct-2023 |
Manish Pandey <manish.pandey2@arm.com> |
Merge changes from topic "rm/handoff" into integration
* changes:
feat(qemu): implement firmware handoff on qemu
feat(handoff): introduce firmware handoff library |
| b990719b | 29-Sep-2023 |
Madhukar Pappireddy <madhukar.pappireddy@arm.com> |
Merge "fix(docs): add missing line in the fiptool command for stm32mp1" into integration |
| d3fcc3f0 | 29-Sep-2023 |
Olivier Deprez <olivier.deprez@arm.com> |
Merge "docs: update TF-A v2.10 release information" into integration |
| d526d00a | 29-Sep-2023 |
Lionel Debieve <lionel.debieve@foss.st.com> |
fix(docs): add missing line in the fiptool command for stm32mp1
Add the missing trusted key certificate in the fiptool
command line.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Chang
fix(docs): add missing line in the fiptool command for stm32mp1
Add the missing trusted key certificate in the fiptool
command line.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: Ife95b0261f04b7fd07a9b01488f9e5be9b87e841
show more ...
|
| 2226b453 | 28-Sep-2023 |
Olivier Deprez <olivier.deprez@arm.com> |
docs: update TF-A v2.10 release information
Update version and release schedule for the upcoming TF-A
release v2.10.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I505fbb034a74c
docs: update TF-A v2.10 release information
Update version and release schedule for the upcoming TF-A
release v2.10.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I505fbb034a74ce1cc6bc20efdd26803e6fb8c0c1
show more ...
|
| f80323da | 29-Sep-2023 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge "refactor(ast2700): adopt RESET_TO_BL31 boot flow" into integration |
| 564e073c | 27-Sep-2023 |
Chia-Wei Wang <chiawei_wang@aspeedtech.com> |
refactor(ast2700): adopt RESET_TO_BL31 boot flow
Revise the AST2700 boot flow to the RESET_TO_BL31 scheme.
The execution of BL1/2 can be saved from ARM CA35 while most
low level platform initializat
refactor(ast2700): adopt RESET_TO_BL31 boot flow
Revise the AST2700 boot flow to the RESET_TO_BL31 scheme.
The execution of BL1/2 can be saved from ARM CA35 while most
low level platform initialization are moved to a preceding MCU.
This patch updates the build configuration and also adds
the SMP mailbox setup code to hold secondary cores until
they are being waken up.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Change-Id: I7e0aa6416b92b97036153db1d9a26baaa41b7b18
show more ...
|
| 1f6bb41d | 06-Sep-2023 |
Madhukar Pappireddy <madhukar.pappireddy@arm.com> |
refactor(el3-runtime): plat_ic_has_interrupt_type returns bool
Rather than returning 0 or 1, the above function returns bool false
or true. No functional change.
Change-Id: Iea904ffc368568208fa8203
refactor(el3-runtime): plat_ic_has_interrupt_type returns bool
Rather than returning 0 or 1, the above function returns bool false
or true. No functional change.
Change-Id: Iea904ffc368568208fa8203e0d2e0cdaa500b1e0
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
show more ...
|
| 9c447788 | 25-Sep-2023 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Merge changes If9672598,I219c49d3 into integration
* changes:
feat(cert-create): add pkcs11 engine support
fix(cert-create): key: Avoid having a temporary value for pkey in key_load |
| fcfa15d4 | 22-Sep-2023 |
Lauren Wehrmeister <lauren.wehrmeister@arm.com> |
Merge changes from topic "errata" into integration
* changes:
fix(cpus): workaround for Neoverse V2 erratum 2743011
fix(cpus): workaround for Neoverse V2 erratum 2779510
fix(cpus): workaround
Merge changes from topic "errata" into integration
* changes:
fix(cpus): workaround for Neoverse V2 erratum 2743011
fix(cpus): workaround for Neoverse V2 erratum 2779510
fix(cpus): workaround for Neoverse V2 erratum 2719105
fix(cpus): workaround for Neoverse V2 erratum 2331132
show more ...
|
| 3ba2c151 | 25-Jul-2023 |
Raymond Mao <raymond.mao@linaro.org> |
feat(handoff): introduce firmware handoff library
Add transfer list APIs and firmware handoff build option.
Change-Id: I68a0ace22c7e50fcdacd101eb76b271d7b76d8ff
Signed-off-by: Raymond Mao <raymond.
feat(handoff): introduce firmware handoff library
Add transfer list APIs and firmware handoff build option.
Change-Id: I68a0ace22c7e50fcdacd101eb76b271d7b76d8ff
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
show more ...
|
| 616b3ce2 | 12-Sep-2023 |
Robin van der Gracht <robin@protonic.nl> |
feat(cert-create): add pkcs11 engine support
Add pkcs11 engine support which allows using keys that are securely
stored on a HSM or TPM. To use this feature the user has to supply
an RFC 7512 compli
feat(cert-create): add pkcs11 engine support
Add pkcs11 engine support which allows using keys that are securely
stored on a HSM or TPM. To use this feature the user has to supply
an RFC 7512 compliant PKCS11 URI to a key instead of a file as an
argument to one of the key options. This change is fully backwards
compatible.
This change makes use of the openssl engine API which is deprecated
since openssl 3.0 and will most likely be removed in version 4. So
pkcs11 support will have to be updated to the openssl provider API
in the near future.
Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Change-Id: If96725988ca62c5613ec59123943bf15922f5d1f
show more ...
|
| 455cd0d3 | 19-Sep-2023 |
Joanna Farley <joanna.farley@arm.com> |
Merge "chore: remove MULTI_CONSOLE_API references" into integration |
| 58dd153c | 19-Sep-2023 |
Bipin Ravi <bipin.ravi@arm.com> |
fix(cpus): workaround for Neoverse V2 erratum 2743011
Neoverse V2 erratum 2743011 is a Cat B erratum that applies to
all revisions <= r0p1 and is fixed in r0p2. The workaround is to
set CPUACTLR5_EL
fix(cpus): workaround for Neoverse V2 erratum 2743011
Neoverse V2 erratum 2743011 is a Cat B erratum that applies to
all revisions <= r0p1 and is fixed in r0p2. The workaround is to
set CPUACTLR5_EL1[56:55] to 2'b01.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2332927/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I0e06ca723a1cce51fb027b7160f3dd06a4c93e64
show more ...
|