fix(ras): remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT

This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
inter

fix(ras): remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT

This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
internal macro FFH_SUPPORT which gets enabled when platforms wants
to enable lower EL EA handling at EL3. The internal macro FFH_SUPPORT
will be automatically enabled if HANDLE_EA_EL3_FIRST_NS is enabled.
FFH_SUPPORT along with ENABLE_FEAT_RAS will be used in source files
to provide equivalent check which was provided by RAS_FFH_SUPPORT
earlier. In generic code we needed a macro which could abstract both
HANDLE_EA_EL3_FIRST_NS and RAS_FFH_SUPPORT macros that had limitations.
Former was tied up with NS world only while the latter was tied to RAS
feature.

This is to allow Secure/Realm world to have their own FFH macros
in future.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5692ccbf462f5dcc3f005a5beea5aa35124ac73

show more ...

fix(ras): restrict ENABLE_FEAT_RAS to have only two states

As part of migrating RAS extension to feature detection mechanism, the
macro ENABLE_FEAT_RAS was allowed to have dynamic detection (FEAT_ST

fix(ras): restrict ENABLE_FEAT_RAS to have only two states

As part of migrating RAS extension to feature detection mechanism, the
macro ENABLE_FEAT_RAS was allowed to have dynamic detection (FEAT_STATE
2). Considering this feature does impact execution of EL3 and we need
to know at compile time about the presence of this feature. Do not use
dynamic detection part of feature detection mechanism.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I23858f641f81fbd81b6b17504eb4a2cc65c1a752

show more ...

docs(spm-mm): remove reference to SEL2 SPMC

As the SEL2 SPMC design doc is migrated to Hafnium tree, remove the
reference to this implementation from TF-A's SPM-MM doc.

Signed-off-by: Olivier Depre

docs(spm-mm): remove reference to SEL2 SPMC

As the SEL2 SPMC design doc is migrated to Hafnium tree, remove the
reference to this implementation from TF-A's SPM-MM doc.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I1609c7d1d098420412dffc7b1309cc9c11502f8a

show more ...

docs: remove SEL2 SPMC threat model

The SEL2/Hafnium SPMC implementation threat model is now hosted at [1].

[1] https://hafnium.readthedocs.io/en/latest/threat_model_spm.html

Signed-off-by: Olivie

docs: remove SEL2 SPMC threat model

The SEL2/Hafnium SPMC implementation threat model is now hosted at [1].

[1] https://hafnium.readthedocs.io/en/latest/threat_model_spm.html

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I83d3f21ef0ee9364529c7b80de9872034ff92b09

show more ...

docs: remove unused SPM related diagrams

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ia60c4aa6a0aa0da5765d295e658964e6faa5960a

Merge changes from topic "mb/psa-crypto-ecdsa" into integration

* changes:
docs: mark PSA_CRYPTO as an experimental feature
feat(fvp): increase BL1 RW area for PSA_CRYPTO implementation
feat(m

Merge changes from topic "mb/psa-crypto-ecdsa" into integration

* changes:
docs: mark PSA_CRYPTO as an experimental feature
feat(fvp): increase BL1 RW area for PSA_CRYPTO implementation
feat(mbedtls-psa): mbedTLS PSA Crypto with ECDSA

show more ...

Merge changes from topic "sm/err_errata" into integration

* changes:
fix(cpus): fix the rev-var of Neoverse-V1
fix(errata-abi): update the Neoverse-N2 errata ABI struct
fix(errata-abi): update

Merge changes from topic "sm/err_errata" into integration

* changes:
fix(cpus): fix the rev-var of Neoverse-V1
fix(errata-abi): update the Neoverse-N2 errata ABI struct
fix(errata-abi): update the neoverse-N1 errata ABI struct
fix(cpus): fix the rev-var of Cortex-X2
fix(errata-abi): update the Cortex-A78C errata ABI struct
fix(cpus): update the rev-var for Cortex-A78AE
fix(errata-abi): update the Cortex-A76 errata ABI struct
fix(cpus): fix the rev-var for Cortex-A710

show more ...

docs: deletion of a few deprecated platforms not yet confirmed

Updated the 'Deprecated Platforms' table to reflect that the
deletion of sgi575 and rdn1Edge is still unconfirmed.

Change-Id: Ie8e8af5

docs: deletion of a few deprecated platforms not yet confirmed

Updated the 'Deprecated Platforms' table to reflect that the
deletion of sgi575 and rdn1Edge is still unconfirmed.

Change-Id: Ie8e8af55a735f624f5ee604d75bb497d870620cd
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

docs: mark PSA_CRYPTO as an experimental feature

Updated the documentation to mark PSA_CRYPTO as an experimental
feature.

Change-Id: I894b687d6727fe7f80df54e6b08937e171f459b6
Signed-off-by: Manish

docs: mark PSA_CRYPTO as an experimental feature

Updated the documentation to mark PSA_CRYPTO as an experimental
feature.

Change-Id: I894b687d6727fe7f80df54e6b08937e171f459b6
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(mpam): refine MPAM initialization and enablement process

Restricts MPAM to only NS world and enables trap to EL3 for access of
MPAM registers from lower ELs of Secure and Realm world.

This patc

fix(mpam): refine MPAM initialization and enablement process

Restricts MPAM to only NS world and enables trap to EL3 for access of
MPAM registers from lower ELs of Secure and Realm world.

This patch removes MPAM enablement from global context and adds it to
EL3 State context which enables/disables MPAM during world switches.
Renamed ENABLE_MPAM_FOR_LOWER_ELS to ENABLE_FEAT_MPAM and
removed mpam_init_el3() as RESET behaviour is trapping.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I131f9dba5df236a71959b2d425ee11af7f3c38c4

show more ...

Merge changes from topic "st_remove_shm" into integration

* changes:
docs(stm32mp15): mark STM32MP15_OPTEE_RSV_SHM deprecated
feat(stm32mp15): disable OP-TEE shared memory

fix(cpus): workaround for Cortex-A510 erratum 2080326

Cortex-A510 erratum 2080326 is a Cat B erratum that applies
to all revisions <= r0p2 and is fixed in r0p3.
The workaround sequence helps perform

fix(cpus): workaround for Cortex-A510 erratum 2080326

Cortex-A510 erratum 2080326 is a Cat B erratum that applies
to all revisions <= r0p2 and is fixed in r0p3.
The workaround sequence helps perform a DSB after each TLBI
instruction and can be applied only for version r0p2 and has
minimal performance impact.
The workaround is not applicable for versions < r0p2.

SDEN documentation:
https://developer.arm.com/documentation/SDEN1873361/latest

Change-Id: Ib9bce8b711c25a79f7b2f891ae6f8b366fc80ddd
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

fix(cpus): fix the rev-var of Neoverse-V1

Update the revision and variant information in the
errata ABI file, neoverse_v1.S file for erratum ID - 2294912
to match the revision and variant in the lat

fix(cpus): fix the rev-var of Neoverse-V1

Update the revision and variant information in the
errata ABI file, neoverse_v1.S file for erratum ID - 2294912
to match the revision and variant in the latest SDEN.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1401781/latest

Change-Id: I38a0f53c3515860ba442b5c0872c8ab051fdda6f
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

fix(cpus): fix the rev-var of Cortex-X2

Update the revision and variant information in the
errata ABI file, cortex_X2.S file for erratum ID - 2058056
to match the revision and variant in the latest

fix(cpus): fix the rev-var of Cortex-X2

Update the revision and variant information in the
errata ABI file, cortex_X2.S file for erratum ID - 2058056
to match the revision and variant in the latest SDEN.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775100/latest

Change-Id: I28ee39949d977c53d6f5243100f0c29bc3c0428c
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

fix(cpus): update the rev-var for Cortex-A78AE

Update the revision and variant information in the
cortex_a78_ae.s and errata ABI file for erratum ID - 2376748
based on the latest SDEN.

SDEN documen

fix(cpus): update the rev-var for Cortex-A78AE

Update the revision and variant information in the
cortex_a78_ae.s and errata ABI file for erratum ID - 2376748
based on the latest SDEN.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1707912/latest

Change-Id: I082aac41adf717b0d5d59046a8933a3f5a3de94f
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

fix(cpus): fix the rev-var for Cortex-A710

Update the revision and variant information in the
errata ABI file, cortex_A710.S file for erratum ID - 2058056
and erratum ID - 2055002 to match the revis

fix(cpus): fix the rev-var for Cortex-A710

Update the revision and variant information in the
errata ABI file, cortex_A710.S file for erratum ID - 2058056
and erratum ID - 2055002 to match the revision and variant
in the latest SDEN.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775101/latest

Change-Id: Ie010dae90dabf8670f588a06f9a606cf41e22afa
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

Merge "docs(maintainers): remove Jorge Ramirez-Ortiz from rcar3 maintainers" into integration

docs(stm32mp15): mark STM32MP15_OPTEE_RSV_SHM deprecated

TF-A is no more in charge of configuring OP-TEE shared memory.
Set the STM32MP15_OPTEE_RSV_SHM flag as deprecated (as well as the code
depend

docs(stm32mp15): mark STM32MP15_OPTEE_RSV_SHM deprecated

TF-A is no more in charge of configuring OP-TEE shared memory.
Set the STM32MP15_OPTEE_RSV_SHM flag as deprecated (as well as the code
depending on it).

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I863d9a1e45e0bfc2f45d9bd84b90d626738934ab

show more ...

docs: add code-owners for Firmare Handoff Library

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I2c64e7582a744f54b54085d3a1d7ac91e269ce3d

docs(maintainers): remove Jorge Ramirez-Ortiz from rcar3 maintainers

On behalf of Jorge himself.

Change-Id: I2dca445a240f7bc16c02365e936b064f6a246d89
Signed-off-by: Sandrine Bailleux <sandrine.bail

docs(maintainers): remove Jorge Ramirez-Ortiz from rcar3 maintainers

On behalf of Jorge himself.

Change-Id: I2dca445a240f7bc16c02365e936b064f6a246d89
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

docs(cert-create): add key size options for ecdsa

Adding the possible key sizes for the ecdsa key algorithm.

Change-Id: I58947bc749fed911766a1462a0c2ba520b8f7c69
Signed-off-by: Lauren Wehrmeister <

docs(cert-create): add key size options for ecdsa

Adding the possible key sizes for the ecdsa key algorithm.

Change-Id: I58947bc749fed911766a1462a0c2ba520b8f7c69
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

show more ...

feat(el3-spmc): add a flag to enable support to load SEL0 SP

Introduce a build flag for enabling the support for loading SEL0 SP in
EL3 SPMC.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>

feat(el3-spmc): add a flag to enable support to load SEL0 SP

Introduce a build flag for enabling the support for loading SEL0 SP in
EL3 SPMC.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I1d63ae4d0d8374a732113565be90d58861506e39

show more ...

refactor(console): disable getc() by default

The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A

refactor(console): disable getc() by default

The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A. It is dangerous to keep that feature enabled if not
strictly necessary, especially in production firmware builds.

Thus, we need a way to disable this feature. Moreover, when it is
disabled, all related code should be eliminated from the firmware
binaries, such that no remnant/dead getc() code remains in memory,
which could otherwise be used as a gadget as part of a bigger security
attack.

This patch disables getc() feature by default. For legitimate getc()
use cases [1], it can be explicitly enabled by building TF-A with
ENABLE_CONSOLE_GETC=1.

The following changes are introduced when getc() is disabled:

- The multi-console framework no longer provides the console_getc()
function.

- If the console driver selected by the platform attempts to register
a getc() callback into the multi-console framework then TF-A will
now fail to build.

If registered through the assembly function finish_console_register():
- On AArch64, you'll get:
Error: undefined symbol CONSOLE_T_GETC used as an immediate value.
- On AArch32, you'll get:
Error: internal_relocation (type: OFFSET_IMM) not fixed up

If registered through the C function console_register(), this requires
populating a struct console with a getc field, which will trigger:
error: 'console_t' {aka 'struct console'} has no member named 'getc'

- All console drivers which previously registered a getc() callback
have been modified to do so only when ENABLE_CONSOLE_GETC=1.

[1] Example of such use cases would be:
- Firmware recovery: retrieving a golden BL2 image over the console in
order to repair a broken firmware on a bricked board.
- Factory CLI tool: Drive some soak tests through the console.

Discussed on TF-A mailing list here:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/YS7F6RCNTWBTEOBLAXIRTXWIOYINVRW7/

Change-Id: Icb412304cd23dbdd7662df7cf8992267b7975cc5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>

show more ...

docs(build): update GCC to 12.3.Rel1 version

Updating toolchain to the latest production release version
12.3.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-down

docs(build): update GCC to 12.3.Rel1 version

Updating toolchain to the latest production release version
12.3.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads

We build TF-A in CI using x86_64 Linux hosted cross toolchains:
---------------------------------------------------------------
* AArch32 bare-metal target (arm-none-eabi)
* AArch64 bare-metal target (aarch64-none-elf)

Change-Id: Ifcabb7fb9d8e13b87e164c3c1be8c8d32c31b49a
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

Merge changes from topic "mb/psa-crypto-support" into integration

* changes:
feat(mbedtls-psa): use PSA crypto API during signature verification
feat(mbedtls-psa): use PSA crypto API during hash

Merge changes from topic "mb/psa-crypto-support" into integration

* changes:
feat(mbedtls-psa): use PSA crypto API during signature verification
feat(mbedtls-psa): use PSA crypto API during hash calculation
feat(mbedtls-psa): use PSA crypto API for hash verification
feat(mbedtls-psa): initialise mbedtls psa crypto
feat(mbedtls-psa): register an ad-hoc PSA crypto driver
feat(mbedtls-psa): introduce PSA_CRYPTO build option
docs(changelog): add scope for MbedTLS PSA Crypto

show more ...