Merge changes from topic "hm/evlog" into integration

* changes:
build(measured-boot)!: move to ext event log lib
feat(build): add utilities for modifying includes

build(measured-boot)!: move to ext event log lib

Removes in-tree Event Log library implementation and updates all
references to use the external submodule. Updates include paths,
Makefile macros, an

build(measured-boot)!: move to ext event log lib

Removes in-tree Event Log library implementation and updates all
references to use the external submodule. Updates include paths,
Makefile macros, and platform integration logic to link with lib as a
static library.

If you cloned TF-A without the `--recurse-submodules` flag, you can
ensure that this submodule is present by running:

git submodule update --init --recursive

BREAKING-CHANGE: LibEventLog is now included in TF-A as a submodule.
Please run `git submodule update --init --recursive` if you encounter
issues after migrating to the latest version of TF-A.

Change-Id: I723f493033c178759a45ea04118e7cc295dc2438
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge changes from topic "psa_key_id_mgmt" into integration

* changes:
feat(auth): extend REGISTER_CRYPTO_LIB calls
feat(bl): adding psa crypto - crypto_mod_finish()
feat(fvp): increase BL1 RW

Merge changes from topic "psa_key_id_mgmt" into integration

* changes:
feat(auth): extend REGISTER_CRYPTO_LIB calls
feat(bl): adding psa crypto - crypto_mod_finish()
feat(fvp): increase BL1 RW for PSA Crypto
feat(auth): mbedtls psa key id mgmt
feat(auth): add crypto_mod_finish() function
feat(auth): add update of current_pk_oid in auth
feat(auth): add util file for current pk_oid
feat(auth): increase mbedtls heap for PSA RSA
feat(auth): introducing auth.mk

show more ...

feat(auth): add crypto_mod_finish() function

Adding crypto_mod_finish() function to be run at the end of crypto usage
to cleanup.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Chan

feat(auth): add crypto_mod_finish() function

Adding crypto_mod_finish() function to be run at the end of crypto usage
to cleanup.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ib6d099ddaa278f293fe14b805070985522a85686

show more ...

Merge changes I1bfa797e,I0ec7a70e into integration

* changes:
fix(tree): correct some typos
fix(rockchip): use semicolon instead of comma

fix(tree): correct some typos

found using codespell (https://github.com/codespell-project/codespell).

Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Change-Id: I1bfa797e3460adddeefa916bb68e22beddaf6

fix(tree): correct some typos

found using codespell (https://github.com/codespell-project/codespell).

Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Change-Id: I1bfa797e3460adddeefa916bb68e22beddaf6373

show more ...

Merge changes from topic "mb/trusted-boot-update" into integration

* changes:
refactor(auth)!: unify REGISTER_CRYPTO_LIB
refactor(auth): replace plat_convert_pk
docs(auth): add auth_decrypt in

Merge changes from topic "mb/trusted-boot-update" into integration

* changes:
refactor(auth)!: unify REGISTER_CRYPTO_LIB
refactor(auth): replace plat_convert_pk
docs(auth): add auth_decrypt in CM chapter
feat(auth): compare platform and certificate ROTPK for authentication
docs(auth): add 'calc_hash' function's details in CM

show more ...

refactor(auth)!: unify REGISTER_CRYPTO_LIB

Have only one definition for REGISTER_CRYPTO_LIB macro, with all the
possible fields. Worst case adds 4 u64 to crypto_lib_desc.
While at it, correct some M

refactor(auth)!: unify REGISTER_CRYPTO_LIB

Have only one definition for REGISTER_CRYPTO_LIB macro, with all the
possible fields. Worst case adds 4 u64 to crypto_lib_desc.
While at it, correct some MISRA violations:
MC3R1.R12.1: (advisory) The precedence of operators within expressions
should be made explicit.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I1342a20e6eef2354753182c2a81ff959e03e5c81

show more ...

refactor(auth): replace plat_convert_pk

Following discussions in the reviews of the patch that introduced
plat_convert_pk() function [1], it was decided to deprecate it to
avoid weak function declar

refactor(auth): replace plat_convert_pk

Following discussions in the reviews of the patch that introduced
plat_convert_pk() function [1], it was decided to deprecate it to
avoid weak function declaration.
A new optional function pointer convert_pk is added to crypto_lib_desc_t.
A new function crypto_mod_convert_pk() will either call
crypto_lib_desc.convert_pk() if it is defined, or do the same
as what was done by the weak function otherwise.

[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17174

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I9358867f8bfd5e96b5ee238c066877da368e43c6

show more ...

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache before DLME launch
feat(drtm): invalidate icache before DLME launch
feat(drtm): ensure that passed region lies within Non-Secure region of DRAM
feat(fvp): add plat API to validate that passed region is non-secure
feat(drtm): ensure that no SDEI event registered during dynamic launch
feat(drtm): prepare EL state during dynamic launch
feat(drtm): prepare DLME data for DLME launch
feat(drtm): take DRTM components measurements before DLME launch
feat(drtm): add a few DRTM DMA protection APIs
feat(drtm): add remediation driver support in DRTM
feat(fvp): add plat API to set and get the DRTM error
feat(drtm): add Event Log driver support for DRTM
feat(drtm): check drtm arguments during dynamic launch
feat(drtm): introduce drtm dynamic launch function
refactor(measured-boot): split out a few Event Log driver functions
feat(drtm): retrieve DRTM features
feat(drtm): add platform functions for DRTM
feat(sdei): add a function to return total number of events registered
feat(drtm): add PCR entries for DRTM
feat(drtm): update drtm setup function
refactor(crypto): change CRYPTO_SUPPORT flag to numeric
feat(mbedtls): update mbedTLS driver for DRTM support
feat(fvp): add crypto support in BL31
feat(crypto): update crypto module for DRTM support
build(changelog): add new scope for mbedTLS and Crypto module
feat(drtm): add standard DRTM service
build(changelog): add new scope for DRTM service
feat(fvp): increase MAX_XLAT_TABLES entries for DRTM support
feat(fvp): increase BL31's stack size for DRTM support
feat(fvp): add platform hooks for DRTM DMA protection

show more ...

refactor(crypto): change CRYPTO_SUPPORT flag to numeric

Updated CRYPTO_SUPPORT flag to numeric to provide below
supports -
1. CRYPTO_SUPPORT = 1 -> Authentication verification only
2. CRYPTO_SUPPORT

refactor(crypto): change CRYPTO_SUPPORT flag to numeric

Updated CRYPTO_SUPPORT flag to numeric to provide below
supports -
1. CRYPTO_SUPPORT = 1 -> Authentication verification only
2. CRYPTO_SUPPORT = 2 -> Hash calculation only
3. CRYPTO_SUPPORT = 3 -> Authentication verification and
hash calculation

Change-Id: Ib34f31457a6c87d2356d736ad2d048dc787da56f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(crypto): update crypto module for DRTM support

Updated crypto module to include crypto calls necessary for a
DRTM supported build.

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Ch

feat(crypto): update crypto module for DRTM support

Updated crypto module to include crypto calls necessary for a
DRTM supported build.

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I4f945997824393f46864b7fb7fd380308a025452

show more ...

Merge changes from topic "decouple-tb-mb" into integration

* changes:
refactor(renesas): disable CRYPTO_SUPPORT option
refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
refactor(me

Merge changes from topic "decouple-tb-mb" into integration

* changes:
refactor(renesas): disable CRYPTO_SUPPORT option
refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot
build: introduce CRYPTO_SUPPORT build option

show more ...

refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot

Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by m

refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot

Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by making below
changes -
1. BL1 and BL2 main functions are used for initializing Crypto module
instead of the authentication module
2. Updated Crypto module registration macro for MEASURED_BOOT with only
necessary callbacks for calculating image hashes
3. The 'load_auth_image' function is now used for the image measurement
during Trusted or Non-Trusted Boot flow

Change-Id: I3570e80bae8ce8f5b58d84bd955aa43e925d9fff
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "refactor(measured-boot): add generic macros for using Crypto library" into integration

refactor(measured-boot): add generic macros for using Crypto library

It doesn't look correct to use mbed TLS defines directly in the Event
Log driver as this driver may use another Crypto library in

refactor(measured-boot): add generic macros for using Crypto library

It doesn't look correct to use mbed TLS defines directly in the Event
Log driver as this driver may use another Crypto library in future.
Hence mbed TLS Crypto dependency on Event Log driver is removed by
introducing generic Crypto defines and uses those in the Event Log
driver to call Crypto functions.
Also, updated mbed TLS glue layer to map these generic Crypto defines
to mbed TLS library defines.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ibc9c751f60cbce4d3f3cf049b7c53b3d05cc6735

show more ...

Merge changes from topic "tbbr/fw_enc" into integration

* changes:
docs: qemu: Add instructions to boot using FIP image
docs: Update docs with firmware encryption feature
qemu: Support optiona

Merge changes from topic "tbbr/fw_enc" into integration

* changes:
docs: qemu: Add instructions to boot using FIP image
docs: Update docs with firmware encryption feature
qemu: Support optional encryption of BL31 and BL32 images
qemu: Update flash address map to keep FIP in secure FLASH0
Makefile: Add support to optionally encrypt BL31 and BL32
tools: Add firmware authenticated encryption tool
TBB: Add an IO abstraction layer to load encrypted firmwares
drivers: crypto: Add authenticated decryption framework

show more ...

drivers: crypto: Add authenticated decryption framework

Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRY

drivers: crypto: Add authenticated decryption framework

Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271

show more ...

Merge "Measured Boot: add function for hash calculation" into integration

Measured Boot: add function for hash calculation

This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.

Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb

Measured Boot: add function for hash calculation

This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.

Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge pull request #1673 from antonio-nino-diaz-arm/an/headers

Standardise header guards across codebase

Standardise header guards across codebase

All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.

The style that this proje

Standardise header guards across codebase

All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.

The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.

The exceptions are files that are imported from other projects:

- CryptoCell driver
- dt-bindings folders
- zlib headers

Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1356 from robertovargas-arm/misra-changes

Misra changes

Fix MISRA rule 8.4 Part 4

Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined

Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd TRUSTE

Fix MISRA rule 8.4 Part 4

Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined

Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all

Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

show more ...

Fix MISRA rule 8.3 Part 4

Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers

Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1

Fix MISRA rule 8.3 Part 4

Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers

Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all

Change-Id: Ia34fe1ae1f142e89c9a6c19831e3daf4d28f5831
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

show more ...