Merge changes from topic "lw/cca_cot" into integration

* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build

Merge changes from topic "lw/cca_cot" into integration

* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build(tbbr): drive cert_create changes for cca CoT
refactor(arm): add cca CoT certificates to fconf
feat(fiptool): add cca, core_swd, plat cert in FIP
feat(cert_create): define the cca chain of trust
feat(cca): introduce new "cca" chain of trust
build(changelog): add new scope for CCA
refactor(fvp): increase bl2 size when bl31 in DRAM

show more ...

fix(st-clock): correct MISRA C2012 15.6

Add braces to correct MISRA C2012 15.6 warning:
The body of an iteration-statement or a selection-statement shall be a
compound-statement.

Signed-off-by: Yan

fix(st-clock): correct MISRA C2012 15.6

Add braces to correct MISRA C2012 15.6 warning:
The body of an iteration-statement or a selection-statement shall be a
compound-statement.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If26f3732d31df11bf389a16298ec9e9d8a4a2279

show more ...

fix(st-clock): correctly check ready bit

The function clk_oscillator_wait_ready() was wrongly checking the set
bit and not the ready bit. Correct that by using osc_data->gate_rdy_id
when calling _cl

fix(st-clock): correctly check ready bit

The function clk_oscillator_wait_ready() was wrongly checking the set
bit and not the ready bit. Correct that by using osc_data->gate_rdy_id
when calling _clk_stm32_gate_wait_ready().

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ida58f14d7f0f326b580ae24b98d6b9f592d2d711

show more ...

Merge changes from topic "mb/gic600-errata" into integration

* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaro

Merge changes from topic "mb/gic600-errata" into integration

* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaround to forward highest priority interrupt

show more ...

fix(nxp-ddr): fix firmware buffer re-mapping issue

Firmware buffer has already been mapped when loading 1D firmware,
so the same buffer address will be re-mapped when loading 2D
firmware. Move the b

fix(nxp-ddr): fix firmware buffer re-mapping issue

Firmware buffer has already been mapped when loading 1D firmware,
so the same buffer address will be re-mapped when loading 2D
firmware. Move the buffer mapping to be out of load_fw().

Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Idb29d504bc482a1e7ca58bc51bec09ffe6068324

show more ...

fix(measured-boot): clear the entire digest array of Startup Locality event

According to TCG PC Client Platform Firmware Profile Specification
(Section 10.2.2, TCG_PCR_EVENT2 Structure, and 10.4.5 E

fix(measured-boot): clear the entire digest array of Startup Locality event

According to TCG PC Client Platform Firmware Profile Specification
(Section 10.2.2, TCG_PCR_EVENT2 Structure, and 10.4.5 EV_NO_ACTION Event
Types), all EV_NO_ACTION events shall set TCG_PCR_EVENT2.digests to all
0x00's for each allocated Hash algorithm.

Right now, this is not enforced. Only part of the buffer is zeroed due
to the wrong macro being used for the size of the buffer in the clearing
operation (TPM_ALG_ID instead of TCG_DIGEST_SIZE). This could confuse
a TPM event log parser.

Also, add an assertion to ensure that the Event Log size is large enough
before writing the Event Log header.

Change-Id: I6d4bc3fb28fd10c227e33c8c7bb4a40b08c3fd5e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algori

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:

- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.

- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.

- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I4ddf06ebdc3835beb4d1b6c7bab5a257ffc5c71a

show more ...

fix(gic600): implement workaround to forward highest priority interrupt

If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET com

fix(gic600): implement workaround to forward highest priority interrupt

If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET command may not
be delivered in a finite time. To workaround this, issue an unblocking
event by toggling GICR_CTLR.DPG* bits after clearing the cpu group
enable (EnableGrp* bits of GIC CPU interface register)
This fix is implemented as per the errata 2384374-part 2 workaround
mentioned here:
https://developer.arm.com/documentation/sden892601/latest/

Change-Id: I13926ceeb7740fa4c05cc5b43170e7ce49598f70
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(cca): introduce new "cca" chain of trust

This chain of trust is targeted at Arm CCA solutions and defines 3
independent signing domains:

1) CCA signing domain. The Arm CCA Security Model (Arm

feat(cca): introduce new "cca" chain of trust

This chain of trust is targeted at Arm CCA solutions and defines 3
independent signing domains:

1) CCA signing domain. The Arm CCA Security Model (Arm DEN-0096.A.a) [1]
refers to the CCA signing domain as the provider of CCA components
running on the CCA platform. The CCA signing domain might be independent
from other signing domains providing other firmware blobs.

The CCA platform is a collective term used to identify all hardware and
firmware components involved in delivering the CCA security guarantee.
Hence, all hardware and firmware components on a CCA enabled system that
a Realm is required to trust.

In the context of TF-A, this corresponds to BL1, BL2, BL31, RMM and
associated configuration files.

The CCA signing domain is rooted in the Silicon ROTPK, just as in the
TBBR CoT.

2) Non-CCA Secure World signing domain. This includes SPMC (and
associated configuration file) as the expected BL32 image as well as
SiP-owned secure partitions. It is rooted in a new SiP-owned key called
Secure World ROTPK, or SWD_ROTPK for short.

3) Platform owner signing domain. This includes BL33 (and associated
configuration file) and the platform owner's secure partitions. It is
rooted in the Platform ROTPK, or PROTPK.

[1] https://developer.arm.com/documentation/DEN0096/A_a

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I6ffef3f53d710e6a2072fb4374401249122a2805

show more ...

fix(mmc): remove broken, unsecure, unused eMMC RPMB handling

Replay-protected memory block access is enabled by writing 0x3
to PARTITION_ACCESS (bit[2:0]). Instead the driver is using the
first boot

fix(mmc): remove broken, unsecure, unused eMMC RPMB handling

Replay-protected memory block access is enabled by writing 0x3
to PARTITION_ACCESS (bit[2:0]). Instead the driver is using the
first boot partition, which does not provide any playback protection.
Additionally, it unconditionally activates the first boot partition,
potentially breaking boot for SoCs that consult boot partitions,
require boot ack or downgrading to an old bootloader if the first
partition happens to be the inactive one.

Also, neither enabling or disabling the RPMB observes the
PARTITION_SWITCH_TIME. As there are no in-tree users for these
functions, drop them for now until a properly functional implementation
is added. That one will likely share most code with the existing boot
partition switch, which doesn't suffer from the described issues.

Change-Id: Ia4a3f738f60a0dbcc33782f868cfbb1e1c5b664a
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

show more ...

Merge changes from topic "stm32mp-emmc-boot-fip" into integration

* changes:
feat(stm32mp1): extend STM32MP_EMMC_BOOT support to FIP format
refactor(mmc): replace magic value with new PART_CFG_B

Merge changes from topic "stm32mp-emmc-boot-fip" into integration

* changes:
feat(stm32mp1): extend STM32MP_EMMC_BOOT support to FIP format
refactor(mmc): replace magic value with new PART_CFG_BOOT_PARTITION_NO_ACCESS
refactor(mmc): export user/boot partition switch functions

show more ...

Merge changes Idafbe02d,Ib01eb5ce into integration

* changes:
fix(scmi-msg): base: fix protocol list querying
fix(scmi-msg): base: fix protocol list response size

refactor(mmc): replace magic value with new PART_CFG_BOOT_PARTITION_NO_ACCESS

Disabling access to the boot partition reverts the MMC to read from the
user area. Add a macro to make this clearer.

Su

refactor(mmc): replace magic value with new PART_CFG_BOOT_PARTITION_NO_ACCESS

Disabling access to the boot partition reverts the MMC to read from the
user area. Add a macro to make this clearer.

Suggested-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: I34a5a987980bb4690d08d255f465b11a4697ed5a

show more ...

refactor(mmc): export user/boot partition switch functions

At the moment, mmc_boot_part_read_blocks() takes care to switch
to the boot partition before transfer and back afterwards.
This can introdu

refactor(mmc): export user/boot partition switch functions

At the moment, mmc_boot_part_read_blocks() takes care to switch
to the boot partition before transfer and back afterwards.
This can introduce large overhead when reading small chunks.
Give consumers of the API more control by exporting
mmc_part_switch_current_boot() and mmc_part_switch_user().

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: Ib641f188071bb8e0196f4af495ec9ad4a292284f

show more ...

Merge changes from topic "gpt-crc" into integration

* changes:
feat(partition): verify crc while loading gpt header
build(hikey): platform changes for verifying gpt header crc
build(agilex): p

Merge changes from topic "gpt-crc" into integration

* changes:
feat(partition): verify crc while loading gpt header
build(hikey): platform changes for verifying gpt header crc
build(agilex): platform changes for verifying gpt header crc
build(stratix10): platform changes for verifying gpt header crc
build(stm32mp1): platform changes for verifying gpt header crc

show more ...

feat(smmu): add SMMU abort transaction function

Created a function to abort all pending NS DMA transactions to
engage complete DMA protection. This call will be used by the
subsequent DRTM implement

feat(smmu): add SMMU abort transaction function

Created a function to abort all pending NS DMA transactions to
engage complete DMA protection. This call will be used by the
subsequent DRTM implementation changes.

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I94992b54c570327d6746295073822a9c0ebdc85d

show more ...

feat(partition): verify crc while loading gpt header

This change makes use of 32-bit crc for calculating gpt header crc
and compares it with the given value.

Signed-off-by: Rohit Ner <rohitner@goog

feat(partition): verify crc while loading gpt header

This change makes use of 32-bit crc for calculating gpt header crc
and compares it with the given value.

Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: I49bca7aab2c3884881c4b7d90d31786a895290e6

show more ...

fix(scmi-msg): base: fix protocol list querying

Corrects the function reporting the SCMI protocols supported by the
platform to not assume 8 protocol IDs at most can be returned. Indeed
the number o

fix(scmi-msg): base: fix protocol list querying

Corrects the function reporting the SCMI protocols supported by the
platform to not assume 8 protocol IDs at most can be returned. Indeed
the number of protocol IDs returned depends on the SCMI output buffer
size.

Change-Id: Idafbe02d2b25b3bcacaf25977c560c0ac5bb8d62
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

fix(scmi-msg): base: fix protocol list response size

Corrects the size of the SCMI response payload when querying the list
of the supported protocol. This response payload size depends on the
number

fix(scmi-msg): base: fix protocol list response size

Corrects the size of the SCMI response payload when querying the list
of the supported protocol. This response payload size depends on the
number of protocols enumerated by the response.

Change-Id: Ib01eb5cec6c6656dfd7d88ccdd5a720c1deee7a3
Reported-by: Nicolas Frattaroli <frattaroli.nicolas@gmail.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Merge changes from topic "rss/mboot-attest" into integration

* changes:
docs(maintainers): add PSA, MHU, RSS comms code owners
feat(plat/arm/fvp): enable RSS backend based measured boot
feat(l

Merge changes from topic "rss/mboot-attest" into integration

* changes:
docs(maintainers): add PSA, MHU, RSS comms code owners
feat(plat/arm/fvp): enable RSS backend based measured boot
feat(lib/psa): mock PSA APIs
feat(drivers/measured_boot): add RSS backend
feat(drivers/arm/rss): add RSS communication driver
feat(lib/psa): add initial attestation API
feat(lib/psa): add measured boot API
feat(drivers/arm/mhu): add MHU driver

show more ...

feat(drivers/measured_boot): add RSS backend

Runtime Security Subsystem (RSS) provides for the host:
- Runtime service to store measurments, which were
computed by the host during measured boot.

feat(drivers/measured_boot): add RSS backend

Runtime Security Subsystem (RSS) provides for the host:
- Runtime service to store measurments, which were
computed by the host during measured boot.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ia9e4e8a1fe8f01a28da1fd8c434b780f2a08f94e

show more ...

feat(drivers/arm/rss): add RSS communication driver

This commit adds a driver to conduct the AP's communication
with the Runtime Security Subsystem (RSS).
RSS is Arm's reference implementation for t

feat(drivers/arm/rss): add RSS communication driver

This commit adds a driver to conduct the AP's communication
with the Runtime Security Subsystem (RSS).
RSS is Arm's reference implementation for the CCA HES [1].
It can be considered as a secure enclave to which, for example,
certain services can be offloaded such as initial attestation.

RSS comms driver:
- Relies on MHU v2.x communication IP, using a generic MHU API,
- Exposes the psa_call(..) API to the upper layers.

[1] https://developer.arm.com/documentation/DEN0096/latest

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ib174ac7d1858834006bbaf8aad0eb31e3a3ad107

show more ...

feat(drivers/arm/mhu): add MHU driver

The Arm Message Handling Unit (MHU) is a mailbox controller used to
communicate with other processing element(s). Adding a driver to
enable the communication:
-

feat(drivers/arm/mhu): add MHU driver

The Arm Message Handling Unit (MHU) is a mailbox controller used to
communicate with other processing element(s). Adding a driver to
enable the communication:
- Adding generic MHU driver interface,
- Adding MHU_v2_x driver.

Driver supports:
- Discovering available MHU channels,
- Sending / receiving words over MHU channels,
- Signaling happens over a dedicated channel.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: I41a5b968f6b8319cdbdf7907d70bd8837839862e

show more ...

fix(st-spi): remove SR_BUSY bit check before sending command

Waiting for SR_BUSY bit when receiving a new command is not needed.
SR_BUSY bit is already managed in the previous command treatment.

Ch

fix(st-spi): remove SR_BUSY bit check before sending command

Waiting for SR_BUSY bit when receiving a new command is not needed.
SR_BUSY bit is already managed in the previous command treatment.

Change-Id: I736e8488d354cb165ae765022d864cca1dbdc9ee
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>

show more ...

fix(st-spi): always check SR_TCF flags in stm32_qspi_wait_cmd()

Currently, SR_TCF flag is checked in case there is data, this criteria
is not correct.

SR_TCF flags is set when programmed number of

fix(st-spi): always check SR_TCF flags in stm32_qspi_wait_cmd()

Currently, SR_TCF flag is checked in case there is data, this criteria
is not correct.

SR_TCF flags is set when programmed number of bytes have been
transferred to the memory device ("bytes" comprised command and data
send to the SPI device).
So even if there is no data, we must check SR_TCF flag.

Change-Id: I99c4145e639c1b842feb3690dd78329179c18132
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>

show more ...