feat(gic): add APIs to raise NS and S-EL1 SGIs

This patch adds two helper functions:
- plat_ic_raise_ns_sgi to raise a NS SGI
- plat_ic_raise_s_el1_sgi to raise a S-EL1 SGI

Signed-off-by: Florian

feat(gic): add APIs to raise NS and S-EL1 SGIs

This patch adds two helper functions:
- plat_ic_raise_ns_sgi to raise a NS SGI
- plat_ic_raise_s_el1_sgi to raise a S-EL1 SGI

Signed-off-by: Florian Lugou <florian.lugou@provenrun.com>
Change-Id: I6f262dd1da1d77fec3f850eb74189e726b8e24da

show more ...

feat(mmc): get boot partition size

The boot partition size of an eMMC is given in ext_csd register, at
offset 226 (BOOT_SIZE_MULT), which has to be multiplied by 128kB.
Add a helper function mmc_boo

feat(mmc): get boot partition size

The boot partition size of an eMMC is given in ext_csd register, at
offset 226 (BOOT_SIZE_MULT), which has to be multiplied by 128kB.
Add a helper function mmc_boot_part_size() to get this eMMC boot
partition size.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I0e8e0fc9632f147fa1b1b3374accb78439025403

show more ...

feat(mtd): add platform function to allow using external buffer

The scratch buffer could be large. The new function allows
platform to defined its own external buffer or use the default
one.

Signed

feat(mtd): add platform function to allow using external buffer

The scratch buffer could be large. The new function allows
platform to defined its own external buffer or use the default
one.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: Ib7ab8ff19fa0a9cb06e364f058b91af58c3c471a

show more ...

feat(mmc): manage SD Switch Function for high speed mode

On SD-cards, Switch Function Command (CMD6) is used to switch
functions, like setting High Speed mode. It is useful for high capacity
cards t

feat(mmc): manage SD Switch Function for high speed mode

On SD-cards, Switch Function Command (CMD6) is used to switch
functions, like setting High Speed mode. It is useful for high capacity
cards to double frequency (from 25MHz by default to 50MHz).
If the SD-card is High Capacity, a CMD6 is issued after filling the
device information. If High Speed mode is supported and the switch is
OK, then the max_bus_freq can be set to 50MHz. The driver set_ios()
function should then be called to update peripheral configuration,
especially clock prescaler.

Change-Id: I2d6807aa7f9440d2b2f907a747cd3b47a2ba1545
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

Merge changes from topic "st_fip_uuid" into integration

* changes:
feat(stm32mp1): retrieve FIP partition by type UUID
feat(guid-partition): allow to find partition by type UUID
refactor(stm32

Merge changes from topic "st_fip_uuid" into integration

* changes:
feat(stm32mp1): retrieve FIP partition by type UUID
feat(guid-partition): allow to find partition by type UUID
refactor(stm32mp1): update PLAT_PARTITION_MAX_ENTRIES

show more ...

fix(ufs): add retries to ufs_read_capacity

This change replaces the polling loop with fixed number of retries,
returns error values and handles them in ufs_enum.

Signed-off-by: Rohit Ner <rohitner@

fix(ufs): add retries to ufs_read_capacity

This change replaces the polling loop with fixed number of retries,
returns error values and handles them in ufs_enum.

Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: Ia769ef26703c7525091e55ff46aaae4637db933c

show more ...

feat(guid-partition): allow to find partition by type UUID

Add function to return the partition by type.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: I87729dc5e68fbc45a523c

feat(guid-partition): allow to find partition by type UUID

Add function to return the partition by type.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: I87729dc5e68fbc45a523c894b67595b0079dd8fb

show more ...

Merge changes from topics "binary-format-sp", "od/meas-boot-spmc" into integration

* changes:
feat(spm): add tpm event log node to spmc manifest
fix(measured-boot): add SP entries to event_log_m

Merge changes from topics "binary-format-sp", "od/meas-boot-spmc" into integration

* changes:
feat(spm): add tpm event log node to spmc manifest
fix(measured-boot): add SP entries to event_log_metadata

show more ...

Merge "feat(auth): enable MBEDTLS_CHECK_RETURN_WARNING" into integration

Merge changes from topic "mb_hash" into integration

* changes:
refactor(imx): update config of mbedtls support
refactor(qemu): update configuring mbedtls support
refactor(measured-boot): mb al

Merge changes from topic "mb_hash" into integration

* changes:
refactor(imx): update config of mbedtls support
refactor(qemu): update configuring mbedtls support
refactor(measured-boot): mb algorithm selection

show more ...

feat(auth): enable MBEDTLS_CHECK_RETURN_WARNING

Define the MBEDTLS_CHECK_RETURN_WARNING macro in mbedTLS configuration
file to get compile-time warnings for mbedTLS functions we call and do
not chec

feat(auth): enable MBEDTLS_CHECK_RETURN_WARNING

Define the MBEDTLS_CHECK_RETURN_WARNING macro in mbedTLS configuration
file to get compile-time warnings for mbedTLS functions we call and do
not check the return value of. Right now, this does not flag anything
but it could help catching bugs in the future.

This was a new feature introduced in mbed TLS 2.28.0 release.

Change-Id: If26f3c83b6ccc8bc60e75c3e582ab20817d047aa
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Merge changes from topic "mb/gic600-errata" into integration

* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaro

Merge changes from topic "mb/gic600-errata" into integration

* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaround to forward highest priority interrupt

show more ...

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algori

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:

- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.

- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.

- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I4ddf06ebdc3835beb4d1b6c7bab5a257ffc5c71a

show more ...

refactor(nxp): use DPG0 mask from Arm GICv3 header

Removed GICR_CTLR_DPG0_MASK definition from platform GIC header file
as Arm GICv3 header file added its definition.

Change-Id: Ieec43aeef96b9b6c8a

refactor(nxp): use DPG0 mask from Arm GICv3 header

Removed GICR_CTLR_DPG0_MASK definition from platform GIC header file
as Arm GICv3 header file added its definition.

Change-Id: Ieec43aeef96b9b6c8a7f955a8d145be6e4b183c5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(gic600): implement workaround to forward highest priority interrupt

If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET com

fix(gic600): implement workaround to forward highest priority interrupt

If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET command may not
be delivered in a finite time. To workaround this, issue an unblocking
event by toggling GICR_CTLR.DPG* bits after clearing the cpu group
enable (EnableGrp* bits of GIC CPU interface register)
This fix is implemented as per the errata 2384374-part 2 workaround
mentioned here:
https://developer.arm.com/documentation/sden892601/latest/

Change-Id: I13926ceeb7740fa4c05cc5b43170e7ce49598f70
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(mmc): remove broken, unsecure, unused eMMC RPMB handling

Replay-protected memory block access is enabled by writing 0x3
to PARTITION_ACCESS (bit[2:0]). Instead the driver is using the
first boot

fix(mmc): remove broken, unsecure, unused eMMC RPMB handling

Replay-protected memory block access is enabled by writing 0x3
to PARTITION_ACCESS (bit[2:0]). Instead the driver is using the
first boot partition, which does not provide any playback protection.
Additionally, it unconditionally activates the first boot partition,
potentially breaking boot for SoCs that consult boot partitions,
require boot ack or downgrading to an old bootloader if the first
partition happens to be the inactive one.

Also, neither enabling or disabling the RPMB observes the
PARTITION_SWITCH_TIME. As there are no in-tree users for these
functions, drop them for now until a properly functional implementation
is added. That one will likely share most code with the existing boot
partition switch, which doesn't suffer from the described issues.

Change-Id: Ia4a3f738f60a0dbcc33782f868cfbb1e1c5b664a
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

show more ...

refactor(mmc): replace magic value with new PART_CFG_BOOT_PARTITION_NO_ACCESS

Disabling access to the boot partition reverts the MMC to read from the
user area. Add a macro to make this clearer.

Su

refactor(mmc): replace magic value with new PART_CFG_BOOT_PARTITION_NO_ACCESS

Disabling access to the boot partition reverts the MMC to read from the
user area. Add a macro to make this clearer.

Suggested-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: I34a5a987980bb4690d08d255f465b11a4697ed5a

show more ...

refactor(mmc): export user/boot partition switch functions

At the moment, mmc_boot_part_read_blocks() takes care to switch
to the boot partition before transfer and back afterwards.
This can introdu

refactor(mmc): export user/boot partition switch functions

At the moment, mmc_boot_part_read_blocks() takes care to switch
to the boot partition before transfer and back afterwards.
This can introduce large overhead when reading small chunks.
Give consumers of the API more control by exporting
mmc_part_switch_current_boot() and mmc_part_switch_user().

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: Ib641f188071bb8e0196f4af495ec9ad4a292284f

show more ...

fix(measured-boot): add SP entries to event_log_metadata

Add SP entries to event_log_metadata if SPD_spmd is enabled. Otherwise
the platform cannot boot with measured boot enabled.

Signed-off-by: I

fix(measured-boot): add SP entries to event_log_metadata

Add SP entries to event_log_metadata if SPD_spmd is enabled. Otherwise
the platform cannot boot with measured boot enabled.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I525eb50e7bb60796b63a8c7f81962983017bbf87

show more ...

Merge changes from topic "gpt-crc" into integration

* changes:
feat(partition): verify crc while loading gpt header
build(hikey): platform changes for verifying gpt header crc
build(agilex): p

Merge changes from topic "gpt-crc" into integration

* changes:
feat(partition): verify crc while loading gpt header
build(hikey): platform changes for verifying gpt header crc
build(agilex): platform changes for verifying gpt header crc
build(stratix10): platform changes for verifying gpt header crc
build(stm32mp1): platform changes for verifying gpt header crc

show more ...

feat(smmu): add SMMU abort transaction function

Created a function to abort all pending NS DMA transactions to
engage complete DMA protection. This call will be used by the
subsequent DRTM implement

feat(smmu): add SMMU abort transaction function

Created a function to abort all pending NS DMA transactions to
engage complete DMA protection. This call will be used by the
subsequent DRTM implementation changes.

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I94992b54c570327d6746295073822a9c0ebdc85d

show more ...

feat(partition): verify crc while loading gpt header

This change makes use of 32-bit crc for calculating gpt header crc
and compares it with the given value.

Signed-off-by: Rohit Ner <rohitner@goog

feat(partition): verify crc while loading gpt header

This change makes use of 32-bit crc for calculating gpt header crc
and compares it with the given value.

Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: I49bca7aab2c3884881c4b7d90d31786a895290e6

show more ...

feat(plat/arm/fvp): enable RSS backend based measured boot

Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with

feat(plat/arm/fvp): enable RSS backend based measured boot

Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with success and hard-code data.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I7543e9033a7a21f1b836d911d8d9498c6e09b956

show more ...

feat(drivers/measured_boot): add RSS backend

Runtime Security Subsystem (RSS) provides for the host:
- Runtime service to store measurments, which were
computed by the host during measured boot.

feat(drivers/measured_boot): add RSS backend

Runtime Security Subsystem (RSS) provides for the host:
- Runtime service to store measurments, which were
computed by the host during measured boot.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ia9e4e8a1fe8f01a28da1fd8c434b780f2a08f94e

show more ...

feat(drivers/arm/rss): add RSS communication driver

This commit adds a driver to conduct the AP's communication
with the Runtime Security Subsystem (RSS).
RSS is Arm's reference implementation for t

feat(drivers/arm/rss): add RSS communication driver

This commit adds a driver to conduct the AP's communication
with the Runtime Security Subsystem (RSS).
RSS is Arm's reference implementation for the CCA HES [1].
It can be considered as a secure enclave to which, for example,
certain services can be offloaded such as initial attestation.

RSS comms driver:
- Relies on MHU v2.x communication IP, using a generic MHU API,
- Exposes the psa_call(..) API to the upper layers.

[1] https://developer.arm.com/documentation/DEN0096/latest

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ib174ac7d1858834006bbaf8aad0eb31e3a3ad107

show more ...