docs(auth): add 'calc_hash' function's details in CM

Updated the Crypto Module section to detail the 'calc_hash'
function.

Change-Id: I04a24abba150745e4eba6273bdb7cf12b66bfebc
Signed-off-by: Manish

docs(auth): add 'calc_hash' function's details in CM

Updated the Crypto Module section to detail the 'calc_hash'
function.

Change-Id: I04a24abba150745e4eba6273bdb7cf12b66bfebc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "feat: add support for poetry" into integration

docs(maintainers): make Jimmy Brisson a code owner

For the following modules:
- Trusted boot
- Measured boot
- cert_create tool
- PSA layer.

Change-Id: I18113441a947773b470904573e1b474a2c8e2941
Sig

docs(maintainers): make Jimmy Brisson a code owner

For the following modules:
- Trusted boot
- Measured boot
- cert_create tool
- PSA layer.

Change-Id: I18113441a947773b470904573e1b474a2c8e2941
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

build: deprecate Arm rde1edge

Arm has decided to deprecate the rde1edge platform. The development
of software and fast model for this platform have been discontinued.
Hence, updated the makefile to

build: deprecate Arm rde1edge

Arm has decided to deprecate the rde1edge platform. The development
of software and fast model for this platform have been discontinued.
Hence, updated the makefile to warn about the deprecation of this
platform, and also reflected it in the documentation.

Change-Id: I0d44de4590dd5dce02c7c4b433df25dc438e6c49
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat: add support for poetry

New python dependencies are introduced by the memory mapping script.
Rather than add another `requirements.txt` utilise poetry. This is a
proper dependency management fr

feat: add support for poetry

New python dependencies are introduced by the memory mapping script.
Rather than add another `requirements.txt` utilise poetry. This is a
proper dependency management framework for Python. The two main upsides
of using poetry instead of the traditional requirements.txt are
maintainability and reproducibility.

Poetry provides a proper lock file for pinning dependencies, similar to
npm for JavaScript. This allows for separate environments (i.e. docs,
tools) to be created efficiently, and in a reproducible manner, wherever
the project is deployed. Having dependencies pinned in this manner is a
boon as a security focused project. An additional upside is that we will
receive security updates for dependencies via GitHub's Dependabot.

Change-Id: I5a3c2003769b878a464c8feac0f789e5ecf8d56c
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

docs(threat-model): add a notes related to the Measured Boot

TF-A currently does not have any TPM2 driver for extending
measurements into a discrete TPM chip. In TPM-based attestation
scheme, measur

docs(threat-model): add a notes related to the Measured Boot

TF-A currently does not have any TPM2 driver for extending
measurements into a discrete TPM chip. In TPM-based attestation
scheme, measurements are just stored into a TCG-compatible event
log buffer in secure memory.

In light of the fact that Event Log measurements are taken by BL1 and
BL2, we need to trust these components to store genuine measurements,
and the Generic Threat Model always mitigates against attacks on these
components, therefore, there is no explicit document for the Measured
Boot threat model at this time is needed.

Change-Id: I41b037b2f5956d327b53cd834345e5aefdcfb5ef
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(fvp): add Event Log maximum size property in DT

Updated the code to get and set the 'tpm_event_log_max_size' property
in the event_log.dtsi.

In this change, the maximum Event Log buffer size a

feat(fvp): add Event Log maximum size property in DT

Updated the code to get and set the 'tpm_event_log_max_size' property
in the event_log.dtsi.

In this change, the maximum Event Log buffer size allocated by BL1 is
passed to BL2, rather than both relying on the maximum Event Log buffer
size macro.

Change-Id: I7aa6256390872171e362b6f166f3f7335aa6e425
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "feat(docs): allow verbose build" into integration

feat(gcs): support guarded control stack

Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the c

feat(gcs): support guarded control stack

Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the current call stack without requiring a full stack
unwind. Enable access to this feature for EL2 and below, context
switching the newly added EL2 registers as appropriate.

Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I691aa7c22e3547bb3abe98d96993baf18c5f0e7b

show more ...

Merge "docs(maintainers): update maintainers for n1sdp/morello" into integration

feat(pie/por): support permission indirection and overlay

Arm v8.9 introduces a series of features providing a new way to set memory
permissions. Instead of directly encoding the permissions in the

feat(pie/por): support permission indirection and overlay

Arm v8.9 introduces a series of features providing a new way to set memory
permissions. Instead of directly encoding the permissions in the page
tables the PTEs contain indexes into an array of permissions stored in
system registers, allowing greater flexibility and density of encoding.

Enable access to these features for EL2 and below, context switching the
newly added EL2 registers as appropriate. Since all of FEAT_S[12]P[IO]E
are separately discoverable we have separate build time options for
enabling them, but note that there is overlap in the registers that they
implement and the enable bit required for lower EL access.

Change the FVP platform to default to handling them as dynamic options so
the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: Icf89e444e39e1af768739668b505661df18fb234

show more ...

Merge "feat(zynqmp): make stack size configurable" into integration

Merge changes from topic "mb/rst-to-bl31-update" into integration

* changes:
docs: update RESET_TO_BL31 documentation
fix(bl31): avoid clearing of argument registers in RESET_TO_BL31 case
Reve

Merge changes from topic "mb/rst-to-bl31-update" into integration

* changes:
docs: update RESET_TO_BL31 documentation
fix(bl31): avoid clearing of argument registers in RESET_TO_BL31 case
Revert "docs(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"
Revert "feat(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS"

show more ...

feat(zynqmp): make stack size configurable

If PLATFORM_STACK_SIZE not already defined, use the default value of
PLATFORM_STACK_SIZE.
This makes the stack size value configurable for different interf

feat(zynqmp): make stack size configurable

If PLATFORM_STACK_SIZE not already defined, use the default value of
PLATFORM_STACK_SIZE.
This makes the stack size value configurable for different interface
like custom packages.

Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Change-Id: I87e9fcbfb4c4092378b1ac0ff8fb6d084495d320

show more ...

docs(porting): refer the reader back to the threat model

When porting TF-A to a new platform, it is essential to read the
threat model documents in conjunction with the porting guide to
understand t

docs(porting): refer the reader back to the threat model

When porting TF-A to a new platform, it is essential to read the
threat model documents in conjunction with the porting guide to
understand the security responsibilities of each platform interface
to implement.

Add a note to highlight this in the porting guide.

Change-Id: Icd1e41ae4b15032b72531690dd82a9ef95ca0db5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

docs(porting): move porting guide upper in table of contents

The porting guide is currently hosted under the 'Getting started'
section. Yet, porting the full firmware to a new platform is probably
n

docs(porting): move porting guide upper in table of contents

The porting guide is currently hosted under the 'Getting started'
section. Yet, porting the full firmware to a new platform is probably
not the first thing that one would do. Before delving into the
details, one would probably start by building the code for an emulated
platform, such as Arm FVP.

Furthermore, the porting guide is such a big and important document
that it probably deserves being visible in the main table of contents.
Thus, move it just above the list of supported platforms.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I51b3d2a93832505ab90d73c823f06f9540e84c77

show more ...

docs(porting): remove reference to xlat_table lib v1

Version 1 of the translation table library is deprecated. Refer to
version 2 instead.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.co

docs(porting): remove reference to xlat_table lib v1

Version 1 of the translation table library is deprecated. Refer to
version 2 instead.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I10a4ab7b346ea963345f82baff2deda267c5308d

show more ...

docs(porting): remove pull request terminology

The pull request terminology dates back from when TF-A repository was
hosted on Github. Use a terminology that is more suited to Gerrit
workflow.

Sign

docs(porting): remove pull request terminology

The pull request terminology dates back from when TF-A repository was
hosted on Github. Use a terminology that is more suited to Gerrit
workflow.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Ieecf47617ca1cdb76b9c4a83f63ba3c402b9e975

show more ...

Merge "docs(threat-model): refresh top-level page" into integration

docs(maintainers): update maintainers for n1sdp/morello

Signed-off-by: Anurag Koul <anurag.koul@arm.com>
Change-Id: I305d03ae664f7d6124bf73d3bfdd81d34d760065

Merge changes from topic "ethos-n" into integration

* changes:
docs(maintainers): update NPU driver files
docs(ethos-n): update porting-guide.rst for NPU
feat(ethos-n): add separate RO and RW

Merge changes from topic "ethos-n" into integration

* changes:
docs(maintainers): update NPU driver files
docs(ethos-n): update porting-guide.rst for NPU
feat(ethos-n): add separate RO and RW NSAIDs
feat(ethos-n)!: add protected NPU firmware setup
feat(ethos-n): add stream extends and attr support
feat(ethos-n): add reserved memory address support
feat(ethos-n): add event and aux control support
feat(ethos-n): add SMC call to get FW properties
refactor(ethos-n): split up SMC call handling
feat(ethos-n): add NPU firmware validation
feat(ethos-n): add check for NPU in SiP setup
feat(ethos-n)!: load NPU firmware at BL2
feat(juno): support ARM_IO_IN_DTB option for Juno
fix(fconf): fix FCONF_ARM_IO_UUID_NUMBER value
fix(fvp): incorrect UUID name in FVP tb_fw_config
fix(ethos-n): add workaround for erratum 2838783
feat(ethos-n): add support for NPU to cert_create
feat(ethos-n): add NPU support in fiptool
feat(ethos-n): add support to set up NSAID
build(fiptool): add object dependency generation
feat(ethos-n): add NPU sleeping SMC call
feat(ethos-n): add multiple asset allocators
feat(ethos-n): add reset type to reset SMC calls
feat(ethos-n): add protected NPU TZMP1 regions
build(ethos-n): add TZMP1 build flag

show more ...

docs(threat-model): refresh top-level page

The top-level page for threat model documents is evidently out-dated,
as it contains text which no longer makes sense on its own. Most
likely it relates ba

docs(threat-model): refresh top-level page

The top-level page for threat model documents is evidently out-dated,
as it contains text which no longer makes sense on its own. Most
likely it relates back to the days where we had a single threat model
document.

Reword it accordingly. While we are at it, explain the motivation and
structure of the documents.

Change-Id: I63c8f38ec32b6edbfd1b4332eeaca19a01ae70e9
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

docs(maintainers): update NPU driver owners

Mikael Olsson will no longer be working with the Arm(R) Ethos(TM)-N NPU
so Ştefana Simion will take over the ownership of the driver.

Change-Id: If22bbdc

docs(maintainers): update NPU driver owners

Mikael Olsson will no longer be working with the Arm(R) Ethos(TM)-N NPU
so Ştefana Simion will take over the ownership of the driver.

Change-Id: If22bbdcb26af9bf851efc14ad96ed76c745eadfd
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>

show more ...

docs(maintainers): update NPU driver files

New files have been added for the Arm(R) Ethos(TM)-N NPU driver with the
addition of TZMP1 support so the files in the maintainers list have been
updated a

docs(maintainers): update NPU driver files

New files have been added for the Arm(R) Ethos(TM)-N NPU driver with the
addition of TZMP1 support so the files in the maintainers list have been
updated accordingly.

Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I3768b2ab78c117c1dd4fc03b38cf35f6811fa378

show more ...

docs(ethos-n): update porting-guide.rst for NPU

Add some missing configuration that must be done for supporting NPU on
other platforms.

Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-

docs(ethos-n): update porting-guide.rst for NPU

Add some missing configuration that must be done for supporting NPU on
other platforms.

Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: Ic505ea60f73b970d0d7ded101830eb2ce8c7ab64

show more ...