docs(st): set OP-TEE as default BL32

Recommend OP-TEE as the default BL32 for STMicroelectronics platforms.
SP_MIN is no more supported in STMicroelectronics software [1].
It will then no more recei

docs(st): set OP-TEE as default BL32

Recommend OP-TEE as the default BL32 for STMicroelectronics platforms.
SP_MIN is no more supported in STMicroelectronics software [1].
It will then no more receive new features, but should still remain
as it is in the TF-A code.

[1]: https://wiki.st.com/stm32mpu/wiki/STM32_MPU_OpenSTLinux_release_note_-_v5.0.0#TF-A

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic49338dbba3fdcebcb1e477e6a1dbde32783482b

show more ...

docs(st): one device flag for ST platforms

Due to embedded SRAM used to load BL2 and BL31 or BL32 has a limited
size, only one storage device or serial device flag should be selected
in TF-A build c

docs(st): one device flag for ST platforms

Due to embedded SRAM used to load BL2 and BL31 or BL32 has a limited
size, only one storage device or serial device flag should be selected
in TF-A build command line for ST platforms.
This is in line with STMicroelectionics recommendation [1] about those
compilation flags.

[1]: https://wiki.st.com/stm32mpu/wiki/How_to_configure_TF-A_BL2#Build_command_details

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I6f6ab17d45d00289989a606d15c143e5710c64ce

show more ...

Merge "refactor(mbedtls): remove mbedtls 2.x support" into integration

refactor(mbedtls): remove mbedtls 2.x support

Deprecation notice was sent to the community and no objection was
raised, so removing mbedtls 2.x support.

Change-Id: Id3eb98b55692df98aabe6a7c5a5ec910

refactor(mbedtls): remove mbedtls 2.x support

Deprecation notice was sent to the community and no objection was
raised, so removing mbedtls 2.x support.

Change-Id: Id3eb98b55692df98aabe6a7c5a5ec910222c8abd
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

show more ...

docs(maintainers): add missing ST files

The files under tools/fiptool/plat_fiptool/st/ directory were not listed
as files maintained by STMicroelectronics.

Signed-off-by: Yann Gautier <yann.gautier

docs(maintainers): add missing ST files

The files under tools/fiptool/plat_fiptool/st/ directory were not listed
as files maintained by STMicroelectronics.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I4120368253447d4dadc4ce4b6957ffbe6310da86

show more ...

docs(maintainers): add Maxime as co-maintainer for ST platforms

Add Maxime Méré as a co-maintainer for STMicroelectronics platforms.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I05

docs(maintainers): add Maxime as co-maintainer for ST platforms

Add Maxime Méré as a co-maintainer for STMicroelectronics platforms.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I05dda2049000d99f0e482492ec43d02ad1d5d0c8

show more ...

docs(maintainers): update ST platform ports title

STM32MP1 is no more the only product to be supported in TF-A with the
new STM32MP2. Change "STM32MP1 platform port" to "STMicroelectronics
platform

docs(maintainers): update ST platform ports title

STM32MP1 is no more the only product to be supported in TF-A with the
new STM32MP2. Change "STM32MP1 platform port" to "STMicroelectronics
platform ports" to better reflect this.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I30b1fd4310d38092e3e815cb635b474fc84bdc30

show more ...

docs(maintainers): sort github aliases

The aliases for github were added either by alphabetical order or at the
end of list. Sort them alphabetically with Linux sort tool, regardless
of uppercase/lo

docs(maintainers): sort github aliases

The aliases for github were added either by alphabetical order or at the
end of list. Sort them alphabetically with Linux sort tool, regardless
of uppercase/lowercase letters.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ia247e102ab5fb0f7b8b6de76f23a869cc3f83d2c

show more ...

fix(cpus): workaround for Cortex-A715 erratum 2413290

Cortex-A715 erratum 2413290 is a Cat B erratum that is present
only in revision r1p0 and is fixed in r1p1. The errata is only
present when SPE(S

fix(cpus): workaround for Cortex-A715 erratum 2413290

Cortex-A715 erratum 2413290 is a Cat B erratum that is present
only in revision r1p0 and is fixed in r1p1. The errata is only
present when SPE(Statistical Profiling Extension) is enabled.

The workaround is to set bits[58:57] of the CPUACTLR_EL1 to 'b11
when SPE is enabled, ENABLE_SPE_FOR_NS=1.

SDEN documentation:
https://developer.arm.com/documentation/SDEN2148827/latest

Change-Id: Iaeb258c8b0a92e93d70b7dad6ba59d1056aeb135
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

docs: remove entries of the deleted platforms

Remove the details of the platforms from the 'deprecated
platforms' table those are already deleted.
This is in-sync with other depreaction tables [1] w

docs: remove entries of the deleted platforms

Remove the details of the platforms from the 'deprecated
platforms' table those are already deleted.
This is in-sync with other depreaction tables [1] which
only has deprecation entries and not deleted entries.

[1]: https://trustedfirmware-a.readthedocs.io/en/latest/about/release-information.html#removal-of-deprecated-interfaces

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: If8c8e4ba4e7fa88ea83632202d17c7d35cdc200a

show more ...

feat(rpi): add Raspberry Pi 5 support

The Raspberry Pi 5 is a single-board computer based on BCM2712 that
contains four Arm Cortex-A76 cores.

This change introduces minimal BL31 support with PSCI t

feat(rpi): add Raspberry Pi 5 support

The Raspberry Pi 5 is a single-board computer based on BCM2712 that
contains four Arm Cortex-A76 cores.

This change introduces minimal BL31 support with PSCI that has been
validated to boot Linux and a private EDK2 build.

It's a drop-in replacement for the custom TF-A armstub now included in
the EEPROM images.

Change-Id: Id72a0370f54e71ac97c3daa1bacedacb7dec148f
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>

show more ...

docs: add documentation for `entry_point_info`

Change-Id: I20b5f2cf70bfff09126f3c0645f40d3e410a4c70
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

Merge changes from topic "xlnx_smc_doc" into integration

* changes:
docs(versal-net): update SMC convention
docs(versal): update SMC convention
docs(zynqmp): update SMC convention

Merge changes from topic "DPE" into integration

* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level

Merge changes from topic "DPE" into integration

* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level for region validity
feat(tc): add dummy TRNG support to be able to boot pVMs
feat(tc): get the parent component provided DPE context_handle
feat(tc): share DPE context handle with child component
feat(tc): add DPE context handle node to device tree
feat(tc): add DPE backend to the measured boot framework
feat(auth): add explicit entries for key OIDs
feat(dice): add DPE driver to measured boot
feat(dice): add client API for DICE Protection Environment
feat(dice): add QCBOR library as a dependency of DPE
feat(dice): add typedefs from the Open DICE repo
docs(changelog): add 'dice' scope
refactor(tc): align image identifier string macros
refactor(fvp): align image identifier string macros
refactor(imx8m): align image identifier string macros
refactor(qemu): align image identifier string macros
fix(measured-boot): add missing image identifier string
refactor(measured-boot): move metadata size macros to a common header
refactor(measured-boot): move image identifier strings to a common header

show more ...

Merge "fix(cpus): workaround for Cortex-A715 erratum 2344187" into integration

fix(cpus): workaround for Cortex-A715 erratum 2344187

Cortex-A715 erratum 2344187 is a Cat B erratum that applies to r0p0,
r1p0 and is fixed in r1p1. The workaround is to set GCR_EL1.RRND to
0b1, an

fix(cpus): workaround for Cortex-A715 erratum 2344187

Cortex-A715 erratum 2344187 is a Cat B erratum that applies to r0p0,
r1p0 and is fixed in r1p1. The workaround is to set GCR_EL1.RRND to
0b1, and apply an implementation specific patch sequence.

SDEN: https://developer.arm.com/documentation/SDEN2148827/latest

Change-Id: I78ea39a91254765c964bff89f771af33b23f29c1
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

fix(cpus): workaround for Cortex-X4 erratum 2701112

Cortex-X4 erratum 2701112 is cat B erratum that applies to
revision r0p0 and is fixed in r0p1. This erratum affects
system configurations that do

fix(cpus): workaround for Cortex-X4 erratum 2701112

Cortex-X4 erratum 2701112 is cat B erratum that applies to
revision r0p0 and is fixed in r0p1. This erratum affects
system configurations that do not use an Arm interconnect IP.

The workaround for this erratum is not implemented in EL3.
The erratum can be enabled/disabled on a platform level.
The flag is used when the errata ABI feature is enabled and can
assist the Kernel in the process of mitigation of the erratum.

SDEN Documentation:
https://developer.arm.com/documentation/SDEN2432808/latest

Change-Id: I8ede1ee75b0ea1658369a0646d8af91d44a8759b
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

Merge changes from topic "errata" into integration

* changes:
fix(cpus): workaround for Cortex-A715 erratum 2331818
fix(cpus): workaround for Cortex-A715 erratum 2420947

Merge "fix(gic600): workaround for Part 1 of GIC600 erratum 2384374" into integration

fix(gic600): workaround for Part 1 of GIC600 erratum 2384374

GIC600 erratum 2384374 is a Category B erratum. Part 1 is fixed
in this patch, and the Part 1 failure mode is described as
'If the packet

fix(gic600): workaround for Part 1 of GIC600 erratum 2384374

GIC600 erratum 2384374 is a Category B erratum. Part 1 is fixed
in this patch, and the Part 1 failure mode is described as
'If the packet to be sent is a SET packet, then a higher priority SET
may not be sent when it should be until an unblocking event occurs.'

This is handled by calling gicv3_apply_errata_wa_2384374() in the
ehf_deactivate_priority() path, so that when EHF restores the priority
to the original priority, the interrupt packet buffered
in the GIC can be sent.

gicv3_apply_errata_wa_2384374() is the workaround for
the Part 2 of erratum 2384374 which flush packets from the GIC buffer
and is being used in this patch.

SDEN can be found here:
https://developer.arm.com/documentation/sden892601/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I4bb6dcf86c94125cbc574e0dc5119abe43e84731

show more ...

fix(cpus): workaround for Cortex-A715 erratum 2331818

Cortex-A715 erratum 2331818 is a cat B erratum that applies to
revisions r0p0 and r1p0 and is fixed in r1p1. The workaround is to
set bit[20] of

fix(cpus): workaround for Cortex-A715 erratum 2331818

Cortex-A715 erratum 2331818 is a cat B erratum that applies to
revisions r0p0 and r1p0 and is fixed in r1p1. The workaround is to
set bit[20] of CPUACTLR2_EL1. Setting this bit is expected to have
a negligible performance impact.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN2148827/latest

Change-Id: If3b1ed78b145ab6515cdd41135314350ed556381
Signed-off-by: Bipin Ravi <biprav01@u203721.austin.arm.com>

show more ...

fix(cpus): workaround for Cortex-A715 erratum 2420947

Cortex-A715 erratum 2420947 is a cat B erratum that applies only
to revision r1p0 and is fixed in r1p1. The workaround is to set
bit[33] of CPUA

fix(cpus): workaround for Cortex-A715 erratum 2420947

Cortex-A715 erratum 2420947 is a cat B erratum that applies only
to revision r1p0 and is fixed in r1p1. The workaround is to set
bit[33] of CPUACTLR2_EL1. This will prevent store and store-release
to merge inside the write buffer, and it is not expected to have
much performance impacts.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN2148827/latest

Change-Id: I01a71b878cd958e742ff8357f8cdfbfc5625de47
Signed-off-by: Bipin Ravi <biprav01@u203721.austin.arm.com>

show more ...

feat(tc): add DPE backend to the measured boot framework

The client platform relies on the DICE attestation
scheme. RSS provides the DICE Protection Environment
(DPE) service. TF-A measured boot fra

feat(tc): add DPE backend to the measured boot framework

The client platform relies on the DICE attestation
scheme. RSS provides the DICE Protection Environment
(DPE) service. TF-A measured boot framework supports
multiple backends. A given platform always enables
the corresponding backend which is required by the
attestation scheme.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Idc3360d0d7216e4859e99b5db3d377407e0aeee5

show more ...

Merge "docs(maintainers): add myself as SynQuacer platform co-maintainer" into integration

feat(dice): add QCBOR library as a dependency of DPE

DPE commands are CBOR encoded. QCBOR library is used
in TF-A for CBOR encoding.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ifd01e1e

feat(dice): add QCBOR library as a dependency of DPE

DPE commands are CBOR encoded. QCBOR library is used
in TF-A for CBOR encoding.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ifd01e1e6e1477cf991e765b97c446684fc6ef9b9

show more ...