feat(measured-boot): enable dynamic hash provisioning

Introduce dynamic hash provisioning for Measured Boot by removing the
previous static hash-selection path and allowing platforms to supply
algor

feat(measured-boot): enable dynamic hash provisioning

Introduce dynamic hash provisioning for Measured Boot by removing the
previous static hash-selection path and allowing platforms to supply
algorithm metadata at runtime. Add mboot_find_event_log_metadata() as a
common helper for resolving image metadata. Update the Event Log build
logic to use MAX_DIGEST_SIZE and MAX_HASH_COUNT, deprecate legacy
MBOOT_EL_HASH_ALG, and warn when it is used. Adjust MbedTLS
configuration to enable hash algorithms automatically when Measured Boot
is enabled.

Change-Id: I704e1a5005f6caad3d51d868bacc53699b6dd64f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat: add TPM/TCG hashing helper to crypto module

Introduce crypto_mod_tcg_hash(), a helper that maps TPM/TCG algorithm
identifiers to the platform crypto backend. This ensures that Event Log
measur

feat: add TPM/TCG hashing helper to crypto module

Introduce crypto_mod_tcg_hash(), a helper that maps TPM/TCG algorithm
identifiers to the platform crypto backend. This ensures that Event Log
measurements use the same digest implementation as the platform PCR
backend regardless of whether hashing is performed in software,
hardware, or a discrete TPM. Update the measured boot design document,
expose the new API via public headers, and implement the helper in the
common crypto module.

Change-Id: Id4f7f1d0014ab42064c46819965417daef71555b
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

refactor(tpm): remove TPM code from TF-A

git rm of TPM source and header files from platform tree.

Change-Id: I4d50d138166fe25b4d51bb3f1955797aa3d025ab
Signed-off-by: Matthew Ellis <Matthew.Ellis@a

refactor(tpm): remove TPM code from TF-A

git rm of TPM source and header files from platform tree.

Change-Id: I4d50d138166fe25b4d51bb3f1955797aa3d025ab
Signed-off-by: Matthew Ellis <Matthew.Ellis@arm.com>

show more ...

feat(tpm): changes to support TPM lib

The build system sets TPM_INTERFACE to FIFO_SPI, but this cannot be
tested by the C preprocessor. So, create new build define
TPM_INTERFACE_FIFO_SPI. Correct th

feat(tpm): changes to support TPM lib

The build system sets TPM_INTERFACE to FIFO_SPI, but this cannot be
tested by the C preprocessor. So, create new build define
TPM_INTERFACE_FIFO_SPI. Correct the #if statements to use it.

Make spi_init() in rpi3_spi.c static.
Pass timer functions as ops structure to TPM.
Remove implicit interface between TPM library and main firmware by
introducing explicit interface to allow firmware to pass structure
of function pointers to setup a timer and check whether it has elapsed.

Update build system for new TPM lib location.
Change #include statements in TPM source and header files to allow
for new directory structure.

Change-Id: Ie16b2e402b963161d7d4f35a187b9bd2765a1faa
Signed-off-by: Matthew Ellis <Matthew.Ellis@arm.com>

show more ...

fix(gicv3): add an isb between the ICC_SRE_EL2 and ICC_SRE_EL1 writes

While ICC_SRE_EL2.SRE is 0, ICC_SRE_EL1.SRE is RAZ/WI. Except for an
isb between the two writes, there is nothing to guarantee t

fix(gicv3): add an isb between the ICC_SRE_EL2 and ICC_SRE_EL1 writes

While ICC_SRE_EL2.SRE is 0, ICC_SRE_EL1.SRE is RAZ/WI. Except for an
isb between the two writes, there is nothing to guarantee that the
ICC_SRE_EL2.SRE write has taken effect by the time the ICC_SRE_EL1.SRE
write occurs. Add the isb to guarantee that the write is successful.

Change-Id: Ib84193f49e67ed0a64d6e2c6c71fb99b5b58a211
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "feat(clk): add get_possible_parents_num callback" into integration

feat(clk): add get_possible_parents_num callback

This callback will be used to get number of possible parents if
the underlying clock driver supports this option.

Change-Id: I9459c878dd2155ff24b72c

feat(clk): add get_possible_parents_num callback

This callback will be used to get number of possible parents if
the underlying clock driver supports this option.

Change-Id: I9459c878dd2155ff24b72cef6851180e105be432
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>

show more ...

feat(rcar): add initial BL31 support for Renesas R-Car X5H

This patch introduces initial BL31 (EL3 firmware) support for the
Renesas R-Car Gen5 (X5H) platform.

Key features and changes include:
- P

feat(rcar): add initial BL31 support for Renesas R-Car X5H

This patch introduces initial BL31 (EL3 firmware) support for the
Renesas R-Car Gen5 (X5H) platform.

Key features and changes include:
- Platform definitions and memory map for R-Car X5H
(Cortex-A720AE, 8 clusters x 4 cores)
- Platform-specific PSCI power management and topology
- SCMI-based power domain and system power management
- GICv4/Fainlight-AE interrupt controller initialization and support
- Trusted SRAM, shared memory, and crash log region setup
- SCIF console support
- Stack protector implementation for enhanced security
- Platform-specific linker script and build integration
- Various helper and initialization routines for MMU, GIC, and SCMI
- Platform-specific mailbox and boot flow handling
- Basic suspend implementation via SCP-FW
- AMU counters, SVE, PAUTH accessible to EL1

Signed-off-by: Hieu Nguyen <hieu.nguyen.dn@renesas.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Change-Id: I04be48a55a618fe952b28283d2f85f48f7761c9a

show more ...

fix(scmi): fix coverity issue INTEGER_OVERFLOW

Use round_up_overflow to avoid any integer overflow from
protocol count.

Thsi fixes below coverity issue -

CID 457880: (#1 of 1): Overflowed constant

fix(scmi): fix coverity issue INTEGER_OVERFLOW

Use round_up_overflow to avoid any integer overflow from
protocol count.

Thsi fixes below coverity issue -

CID 457880: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
4. overflow_const: Expression count - 1U, where count is known
to be equal to 0, underflows the type of count - 1U, which is
type unsigned int.

Change-Id: Ib55599fcb2a522e57271a6a07fb9bfd07e6953b9
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

fix(gic): fix coverity issue INTEGER_OVERFLOW

Avoid unsigned underflow when spi_id_min is below the base.
Make all shifts in the CHIPR value composition 64-bit, to
avoid flagging overflow.

Change-I

fix(gic): fix coverity issue INTEGER_OVERFLOW

Avoid unsigned underflow when spi_id_min is below the base.
Make all shifts in the CHIPR value composition 64-bit, to
avoid flagging overflow.

Change-Id: I376809fc110ff45dd0682b4bcf8dab43cf03d300
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

fix(scmi): fix coverity issue INTEGER_OVERFLOW

Fixes the following coverity issue -

CID 457917: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
overflow_const: Expression lvl - 1U, where lvl is k

fix(scmi): fix coverity issue INTEGER_OVERFLOW

Fixes the following coverity issue -

CID 457917: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
overflow_const: Expression lvl - 1U, where lvl is known to be equal
to 0, underflows the type of lvl - 1U, which is type unsigned int.

Change-Id: Id965c4b95159793944b3ef4658fd92e881d53c59
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge changes from topic "qti-rb3gen2" into integration

* changes:
docs(maintainers): update QTI platform maintainers
docs(qti): add RB3Gen2 platform documentation
docs(qti): move documentatio

Merge changes from topic "qti-rb3gen2" into integration

* changes:
docs(maintainers): update QTI platform maintainers
docs(qti): add RB3Gen2 platform documentation
docs(qti): move documentation under docs/plat/qti/
feat(kodiak): add support for RB3Gen2 platform
feat(qti): introduce basic XPU driver
refactor(qti): introduce SoC codename as Kodiak
feat(qti): add TF-A BL2 common platform framework
refactor(qti): refactor RNG as a proper driver
fix(qti): fix config PLAT_XLAT_TABLES_DYNAMIC
feat(qti): add BL32 support
refactor(qti): make UART config independent
refactor(qti): make CNTFRQ config independent
fix(qti): fix build without coreboot

show more ...

Merge changes from topic "st-usb-coverity" into integration

* changes:
fix(st-usb): init endpoint with fixed value if only one is used
fix(st-usb): correct phy_epnum type for error trace
fix(s

Merge changes from topic "st-usb-coverity" into integration

* changes:
fix(st-usb): init endpoint with fixed value if only one is used
fix(st-usb): correct phy_epnum type for error trace
fix(st-usb): stub dead code

show more ...

Merge changes from topic "little-build-fixes" into integration

* changes:
fix(build): don't rely on Event Log build tree
fix(build): link Event Log library directly
fix(build): scan symbols un

Merge changes from topic "little-build-fixes" into integration

* changes:
fix(build): don't rely on Event Log build tree
fix(build): link Event Log library directly
fix(build): scan symbols until all are resolved
fix(build): add include directory dependencies

show more ...

Merge "fix(rcar4): assure SCIF and HSCIF clock are always enabled" into integration

fix(build): don't rely on Event Log build tree

Follow proper CMake usage by installing libeventlog and referring to
the installed artifacts rather than the build directory. The previous
approach rel

fix(build): don't rely on Event Log build tree

Follow proper CMake usage by installing libeventlog and referring to
the installed artifacts rather than the build directory. The previous
approach relied on build-tree paths, which is considered an anti-
pattern and may break across CMake versions since the build layout is
not stable or part of the public interface.

This change installs libeventlog into a staging directory and updates
the TF-A build to use the installed include and library paths. This
improves portability, stability, and compliance with CMake idioms.

Change-Id: I740a558fd6f3163a6af3b122e9e1df558a045872
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

fix(st-usb): init endpoint with fixed value if only one is used

Use a fixed value when initializing PHY endpoint, in case only one is
used.

This silences the Coverity issue CID 491154:
Integer hand

fix(st-usb): init endpoint with fixed value if only one is used

Use a fixed value when initializing PHY endpoint, in case only one is
used.

This silences the Coverity issue CID 491154:
Integer handling issues (CONSTANT_EXPRESSION_RESULT).

Change-Id: I082ba1a608439e0bdc15ddd8a514704e616d53b8
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

fix(st-usb): correct phy_epnum type for error trace

The variable phy_epnum is an uint8_t, we should use %u to display it,
and not %lu.

This corrects Coverity issue CID 491155:
API usage errors (PW.

fix(st-usb): correct phy_epnum type for error trace

The variable phy_epnum is an uint8_t, we should use %u to display it,
and not %lu.

This corrects Coverity issue CID 491155:
API usage errors (PW.PRINTF_ARG_MISMATCH).

Change-Id: I6be371277f641b08921f070d0a7dfeee9324a3fb
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

fix(st-usb): stub dead code

In case USB_DWC3_NUM_OUT_EP or USB_DWC3_NUM_IN_EP are set to 1, some
loops become dead code. Put them under a pre-processor check.

This corrects an issue reported by Cov

fix(st-usb): stub dead code

In case USB_DWC3_NUM_OUT_EP or USB_DWC3_NUM_IN_EP are set to 1, some
loops become dead code. Put them under a pre-processor check.

This corrects an issue reported by Coverity: CID 491156 (DEADCODE).

Change-Id: I90e92af4468b05dc256ea744265baec582427611
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

fix(build): link Event Log library directly

The `libraries` target is a `.PHONY` target to which various real
library targets, including the Event Log library, have been added over
the years. This t

fix(build): link Event Log library directly

The `libraries` target is a `.PHONY` target to which various real
library targets, including the Event Log library, have been added over
the years. This target is added as a dependency to any target created
with the `MAKE_BL` function. While this might look convenient on the
surface, it also dictates that a library must be linked even to images
it is totally irrelevant for.

The Event Log library is a good example of this; the library is not
typically used by all images, but by attaching itself to the `libraries`
target it becomes mandatory for all of them.

This change returns some of the control over when and where the Event
Log goes to platform maintainers via the introduction of two new
variables:

- `LIBEVLOG_LIBS`: the path to the Event Log static library.
- `LIBEVLOG_INCLUDE_DIRS`: include directories for the public API.

These can be appended to `BLx_LIBS` and `BLx_INCLUDE_DIRS` to include
the Event Log library in the relevant bootloaders.

Change-Id: I3e1a48cd45493334590b34b2ade0c6e29cbfd47a
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge changes from topic "upstream_deassert_ddr_reset" into integration

* changes:
feat(s32g274ardb): add DDR clock source support
feat(s32g274ardb): add mc_rgm_release_periph func

fix(st-clock): prevent panic when external oscillator is absent

To deactivate the external oscillator, the frequency must be set to 0
in the device tree.
The frequency check for 0 was implemented in

fix(st-clock): prevent panic when external oscillator is absent

To deactivate the external oscillator, the frequency must be set to 0
in the device tree.
The frequency check for 0 was implemented in clk_stm32_osc_gate_enable()
and clk_stm32_osc_gate_disable(), but missing in
clk_stm32_osc_gate_is_enabled().
Since clk_stm32_osc_gate_is_enabled() is called by clk_enable()
to verify if the clock is actually enabled, this fix prevents a panic
when the oscillator is not present.

Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Change-Id: I90dc671f39bd46d0db19d7532aee9ec7b449ba9d

show more ...

feat(st-clock): rename RCC_USBTCCFGR register into RCC_UCPDCFGR

Rename this register to be aligned with the reference manual.

Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Change

feat(st-clock): rename RCC_USBTCCFGR register into RCC_UCPDCFGR

Rename this register to be aligned with the reference manual.

Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Change-Id: Ia10c287bf4068742a7add9016c1a87e300eebff0

show more ...

fix(st-clock): force ARM_DIVSEL for flexgen63 config at 400MHz

The clkext2f frequency at 400MHZ, the default flexgen63 config,
is not supported without a divider by 2 as described in reference Manue

fix(st-clock): force ARM_DIVSEL for flexgen63 config at 400MHz

The clkext2f frequency at 400MHZ, the default flexgen63 config,
is not supported without a divider by 2 as described in reference Manuel,
chapter 3.3 Cortex-A35 clocking:

The clock for the Cortex-A35 subsystem can be selected among:
a clock from the device clock generator (aka ck_cpu1_ext2f). The maximum
frequency on this clock is 400 MHz with a divider by two, enabled thanks
to the CA35SS_SSC_CHGCLKREQ SSC register.

In OpenSTLinux clock tree you assume flexgen63 = 400MHz,
so we force divider by 2 for ck_cpu1_ext2f clock, the CA35 bypass clock
with ARM_DIVSEL = 0.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I9d11f9316ce3a2c7280a9bb7652d241b164ce5a1

show more ...

feat(st-drivers): add RIFSC driver

RIFSC (RIF Security Controller) is responsible for the isolation
of hardware resources like memory or peripherals. It is composed of:

-RISC registers(slave periph

feat(st-drivers): add RIFSC driver

RIFSC (RIF Security Controller) is responsible for the isolation
of hardware resources like memory or peripherals. It is composed of:

-RISC registers(slave peripherals) with RISUP(Resource Isolation
Slave Unit for Peripherals) OR RISAL(Resource Isolation Slave Unit
for Address space - Lite) logics.
-RIMC registers(Non RIF-Aware masters counterpart) with RIMU
(Resource Isolation Master Unit) logic. It is possible for a master to
inherit from its slave port(RISUP) configuration.

This doesn't support semaphore acquisition.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Change-Id: Iba4cdbf53243292fa0b42cad8392c43734dd9bc2

show more ...