Merge changes from topic "rss_rse_rename" into integration

* changes:
refactor(changelog): change all occurrences of RSS to RSE
refactor(qemu): change all occurrences of RSS to RSE
refactor(fv

Merge changes from topic "rss_rse_rename" into integration

* changes:
refactor(changelog): change all occurrences of RSS to RSE
refactor(qemu): change all occurrences of RSS to RSE
refactor(fvp): change all occurrences of RSS to RSE
refactor(fiptool): change all occurrences of RSS to RSE
refactor(psa): change all occurrences of RSS to RSE
refactor(fvp): remove leftovers from rss measured boot support
refactor(tc): change all occurrences of RSS to RSE
docs: change all occurrences of RSS to RSE
refactor(measured-boot): change all occurrences of RSS to RSE
refactor(rse): change all occurrences of RSS to RSE
refactor(psa): rename all 'rss' files to 'rse'
refactor(tc): rename all 'rss' files to 'rse'
docs: rename all 'rss' files to 'rse'
refactor(measured-boot): rename all 'rss' files to 'rse'
refactor(rss): rename all 'rss' files to 'rse'

show more ...

refactor(psa): change all occurrences of RSS to RSE

Changes all occurrences of "RSS" and "rss" in the code and build files
to "RSE" and "rse".

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id

refactor(psa): change all occurrences of RSS to RSE

Changes all occurrences of "RSS" and "rss" in the code and build files
to "RSE" and "rse".

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I606e2663fb3719edf6372d6ffa4f1982eef45994

show more ...

Merge changes from topic "DPE" into integration

* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level

Merge changes from topic "DPE" into integration

* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level for region validity
feat(tc): add dummy TRNG support to be able to boot pVMs
feat(tc): get the parent component provided DPE context_handle
feat(tc): share DPE context handle with child component
feat(tc): add DPE context handle node to device tree
feat(tc): add DPE backend to the measured boot framework
feat(auth): add explicit entries for key OIDs
feat(dice): add DPE driver to measured boot
feat(dice): add client API for DICE Protection Environment
feat(dice): add QCBOR library as a dependency of DPE
feat(dice): add typedefs from the Open DICE repo
docs(changelog): add 'dice' scope
refactor(tc): align image identifier string macros
refactor(fvp): align image identifier string macros
refactor(imx8m): align image identifier string macros
refactor(qemu): align image identifier string macros
fix(measured-boot): add missing image identifier string
refactor(measured-boot): move metadata size macros to a common header
refactor(measured-boot): move image identifier strings to a common header

show more ...

feat(dice): add client API for DICE Protection Environment

RSS provides the DICE Protection Environment
service (DPE). It partially implements the
DPE specification from TCG.

As a DPE profile, it s

feat(dice): add client API for DICE Protection Environment

RSS provides the DICE Protection Environment
service (DPE). It partially implements the
DPE specification from TCG.

As a DPE profile, it supports the
Open Profile for DICE specification.
https://pigweed.googlesource.com/open-dice/+/refs/heads/main/docs/specification.md

In order to communicate with the service, commands
must be CBOR encoded.
The API implementation:
- Expose a C API to the upper layer,
- Do the CBOR encoding, decoding of the DPE
commands,
- Rely on the PSA framework to communicate
with the RSS through an MHU.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I26a08f0c7cbffe07e725a7defbb6c60fd7735efe

show more ...

Merge changes from topics "rotpk_rss_interface", "rss_interfaces" into integration

* changes:
refactor(tc): print RSS interface test PSA status
test(tc): test for AP/RSS interface for ROTPK
fe

Merge changes from topics "rotpk_rss_interface", "rss_interfaces" into integration

* changes:
refactor(tc): print RSS interface test PSA status
test(tc): test for AP/RSS interface for ROTPK
feat(psa): interface with RSS for retrieving ROTPK

show more ...

feat(psa): interface with RSS for retrieving ROTPK

Adding the AP/RSS interface for reading the ROTPK.

The read interface implements the psa_call:
psa_call(RSS_CRYPTO_HANDLE, PSA_IPC_CALL,

feat(psa): interface with RSS for retrieving ROTPK

Adding the AP/RSS interface for reading the ROTPK.

The read interface implements the psa_call:
psa_call(RSS_CRYPTO_HANDLE, PSA_IPC_CALL,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));

where the in_vec indicates which of the 3 ROTPKs we want,
and the out_vec stores the ROTPK value we get back from RSS.

Through this service, we will be able to read any of the 3
ROTPKs used on a CCA platform:
- ROTPK for CCA firmware (BL2, BL31, RMM).
- ROTPK for secure firmware.
- ROTPK for non-secure firmware.

Change-Id: I44c615588235cc797fdf38870b74b4c422be0a72
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

show more ...

Merge "feat(psa): interface with RSS for NV counters" into integration

feat(psa): interface with RSS for NV counters

Adding AP/RSS interface for retrieving and incrementing non-volatile
counters.

The read interface implements the psa_call:
psa_call(RSS_PLATFORM_SERVIC

feat(psa): interface with RSS for NV counters

Adding AP/RSS interface for retrieving and incrementing non-volatile
counters.

The read interface implements the psa_call:
psa_call(RSS_PLATFORM_SERVICE_HANDLE,
RSS_PLATFORM_API_ID_NV_READ,
in_vec, 1, out_vec, 1);

where the in_vec indicates which of the 3 counters we want, and the
out_vec stores the counter value we get back from RSS.

The increment interface implements the psa_call:
psa_call(RSS_PLATFORM_SERVICE_HANDLE,
RSS_PLATFORM_API_ID_NV_INCREMENT,
in_vec, 1, (psa_outvec *)NULL, 0);

where, again, in_vec indicates the counter to increment, and we don't
get any output parameter from RSS.

Through this service, we will be able to get/increment any of the 3 NV
counters used on a CCA platform:
- NV counter for CCA firmware (BL2, BL31, RMM).
- NV counter for secure firmware.
- NV counter for non-secure firmware.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Signed-off-by: Raef Coles <raef.coles@arm.com>
Change-Id: I4c1c7f4837ebff30de16bb0ce7ecd416b70b1f62

show more ...

Merge changes from topic "delegated_attest" into integration

* changes:
feat(psa): remove initial attestation partition API
docs: add PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE to porting-guide.rst

Merge changes from topic "delegated_attest" into integration

* changes:
fix(rss): remove dependency on attestation header
fix(rss): rename AP-RSS message size macro
feat(tc): add RSS-AP messag

Merge changes from topic "delegated_attest" into integration

* changes:
fix(rss): remove dependency on attestation header
fix(rss): rename AP-RSS message size macro
feat(tc): add RSS-AP message size macro
feat(tc): add MHU addresses for AP-RSS comms on TC2
feat(psa): add delegated attestation partition API
fix(rss): reduce input validation for measured boot

show more ...

feat(psa): remove initial attestation partition API

The attestation key derivation and platform attestation token
creation functionality is provided by the Delegated Attestation
partition in RSS.

S

feat(psa): remove initial attestation partition API

The attestation key derivation and platform attestation token
creation functionality is provided by the Delegated Attestation
partition in RSS.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I2d8c0e6589d11e7c81c698adf75ee2a993e3a0c6

show more ...

feat(psa): add delegated attestation partition API

Delegated attestation is a service provided by RSS to:
- Derive a delegated attestation key: Realm Attestation Key
- Query the platform attestation

feat(psa): add delegated attestation partition API

Delegated attestation is a service provided by RSS to:
- Derive a delegated attestation key: Realm Attestation Key
- Query the platform attestation token

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I3edf09fcbef24bca7c8a000ffac8c1ab64dfb812

show more ...

Merge "fix(lib/psa): update measured boot handle" into integration

fix(lib/psa): update measured boot handle

When the measured boot service was upstreamed to TF-M, its static
handle was reallocated into the user partitions range. This change
updates the static hand

fix(lib/psa): update measured boot handle

When the measured boot service was upstreamed to TF-M, its static
handle was reallocated into the user partitions range. This change
updates the static handle here to make the service accessible.

Also removes the SIDs and Versions, since they are unused when a
service is accessed through a stateless handle, which encodes both
service ID and version. The attestation and measured boot services
only support access through their handles.

Signed-off-by: Jamie Fox <jamie.fox@arm.com>
Change-Id: I9d2ff1aad19470728289d574be3d5d11bdabeef4

show more ...

Merge changes from topic "rss/mboot-attest" into integration

* changes:
docs(maintainers): add PSA, MHU, RSS comms code owners
feat(plat/arm/fvp): enable RSS backend based measured boot
feat(l

Merge changes from topic "rss/mboot-attest" into integration

* changes:
docs(maintainers): add PSA, MHU, RSS comms code owners
feat(plat/arm/fvp): enable RSS backend based measured boot
feat(lib/psa): mock PSA APIs
feat(drivers/measured_boot): add RSS backend
feat(drivers/arm/rss): add RSS communication driver
feat(lib/psa): add initial attestation API
feat(lib/psa): add measured boot API
feat(drivers/arm/mhu): add MHU driver

show more ...

feat(lib/psa): add measured boot API

A secure enclave could provide an alternate
backend for measured boot. This API can be used
to store measurements in a secure enclave, which
provides the measure

feat(lib/psa): add measured boot API

A secure enclave could provide an alternate
backend for measured boot. This API can be used
to store measurements in a secure enclave, which
provides the measured boot runtime service.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I2448e324e7ece6b318403c5937dfe7abea53d0f3

show more ...