feat(arm): ecdsa p384/p256 full key support

Add full key support for ECDSA P384 and P256.

New .S files and p384 pem file created along with new
plat_get_rotpk_info() flag ARM_ROTPK_DEVEL_FULL_DEV_E

feat(arm): ecdsa p384/p256 full key support

Add full key support for ECDSA P384 and P256.

New .S files and p384 pem file created along with new
plat_get_rotpk_info() flag ARM_ROTPK_DEVEL_FULL_DEV_ECDSA_KEY_ID.

Change-Id: I578b257eca41070bb4f4791ef429f2b8a66b1eb3
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

show more ...

Merge changes from topic "ns/spmc_at_el3" into integration

* changes:
feat(rdn2): introduce platform handler for Group0 interrupt
feat(rdn2): add plat hook for memory transaction
feat(rdn2): i

Merge changes from topic "ns/spmc_at_el3" into integration

* changes:
feat(rdn2): introduce platform handler for Group0 interrupt
feat(rdn2): add plat hook for memory transaction
feat(rdn2): introduce accessor function to obtain datastore
feat(spm): separate StMM SP specifics to add support for a S-EL0 SP
feat(rdn2): add defines needed for spmc-el3
feat(ras): reuse SPM_MM specific defines for SPMC_AT_EL3
feat(bl31): reuse SPM_MM specific defines for SPMC_AT_EL3
feat(arm): reuse SPM_MM specific defines for SPMC_AT_EL3
feat(el3-spmc): add a flag to enable support to load SEL0 SP
refactor(spm-mm): reorganize secure partition manager shim code

show more ...

feat(arm): reuse SPM_MM specific defines for SPMC_AT_EL3

For EL3 SPMC configuration enabled platforms, allow the reuse of
SPM_MM specific definitions.

Signed-off-by: Sayanta Pattanayak <sayanta.pat

feat(arm): reuse SPM_MM specific defines for SPMC_AT_EL3

For EL3 SPMC configuration enabled platforms, allow the reuse of
SPM_MM specific definitions.

Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: Ia24b97343c7b8c6b22a4d54c5bb9cee2c480241f

show more ...

Merge changes from topic "mb/spm+rme-tb-mb-support" into integration

* changes:
fix(fvp): increase the maximum size of Event Log
fix(fvp): increase maximum MMAP and XLAT entries count
fix(arm)

Merge changes from topic "mb/spm+rme-tb-mb-support" into integration

* changes:
fix(fvp): increase the maximum size of Event Log
fix(fvp): increase maximum MMAP and XLAT entries count
fix(arm): add Event Log area behind Trustzone Controller
fix(tbbr): unrecognised 'tos-fw-key-cert' option

show more ...

fix(arm): add Event Log area behind Trustzone Controller

To allow the SPD to access the Event Log on RME systems with
TrustZone Controller, the Event Log region needs to be configured
into the TZC.

fix(arm): add Event Log area behind Trustzone Controller

To allow the SPD to access the Event Log on RME systems with
TrustZone Controller, the Event Log region needs to be configured
into the TZC. This change will enable read-write access of this
region from the secure world, which is currently denied.

Change-Id: I0c32977386f3d7c22f310b2b9404d48e8e6cac29
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "mp/group0_support" into integration

* changes:
feat(tc): allow secure watchdog timer to trigger periodically
feat(sbsa): helper api for refreshing watchdog timer

feat(tc): allow secure watchdog timer to trigger periodically

This patch does the following:
1. Configures SBSA secure watchdog timer as Group0 interrupt for
TC platform while keeping it as G

feat(tc): allow secure watchdog timer to trigger periodically

This patch does the following:
1. Configures SBSA secure watchdog timer as Group0 interrupt for
TC platform while keeping it as Group1 secure interrupt for
other CSS based SoCs.
2. Programs the watchdog timer to trigger periodically
3. Provides a Group0 interrupt handler for TC platform port to
deactivate the EL3 interrupt due to expiry of secure watchdog
timer and refresh it explicitly.

Change-Id: I3847d6eb7347c6ea0e527b97b096119ca1e6701b
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge "feat(fvp): add Event Log maximum size property in DT" into integration

feat(fvp): add Event Log maximum size property in DT

Updated the code to get and set the 'tpm_event_log_max_size' property
in the event_log.dtsi.

In this change, the maximum Event Log buffer size a

feat(fvp): add Event Log maximum size property in DT

Updated the code to get and set the 'tpm_event_log_max_size' property
in the event_log.dtsi.

In this change, the maximum Event Log buffer size allocated by BL1 is
passed to BL2, rather than both relying on the maximum Event Log buffer
size macro.

Change-Id: I7aa6256390872171e362b6f166f3f7335aa6e425
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "psci-osi" into integration

* changes:
feat(sc7280): add support for PSCI_OS_INIT_MODE
feat(fvp): enable support for PSCI OS-initiated mode
feat(psci): update PSCI_FEA

Merge changes from topic "psci-osi" into integration

* changes:
feat(sc7280): add support for PSCI_OS_INIT_MODE
feat(fvp): enable support for PSCI OS-initiated mode
feat(psci): update PSCI_FEATURES
feat(psci): add support for OS-initiated mode
feat(psci): add support for PSCI_SET_SUSPEND_MODE
build(psci): add build option for OS-initiated mode
docs(psci): add design proposal for OS-initiated mode

show more ...

feat(fvp): enable support for PSCI OS-initiated mode

Change-Id: I4cd6d2bd7ec7f581bd525d5323a3b54e855e2e51
Signed-off-by: Wing Li <wingers@google.com>

Merge changes from topic "full_dev_rsa_key" into integration

* changes:
docs(arm): add ARM_ROTPK_LOCATION variant full key
feat(arm): add ARM_ROTPK_LOCATION variant full key

feat(arm): add ARM_ROTPK_LOCATION variant full key

Add support for ARM_ROTPK_LOCATION=devel_full_dev_rsa_key, which
implements the scenario where the platform provides the full ROTPK, as
opposed to

feat(arm): add ARM_ROTPK_LOCATION variant full key

Add support for ARM_ROTPK_LOCATION=devel_full_dev_rsa_key, which
implements the scenario where the platform provides the full ROTPK, as
opposed to the hash of it. This returns a 2kB development RSA key
embedded into the firmware.

The motivation for this patch is to extend our test coverage in the CI.
Right now, the authentication framework allows platforms to return
either the full ROTPK or a hash of it (*). However, the FVP platform
only supports returning a hash currently so we cannot easily exercise
the full key scenario. This patch adds that capability.

(*) Or even no key at all if it's not deployed on the platform yet, as
is typically the case on pre-production/developement platforms.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ie869cca1082410e63894e2b7dea2d31155684105

show more ...

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache before DLME launch
feat(drtm): invalidate icache before DLME launch
feat(drtm): ensure that passed region lies within Non-Secure region of DRAM
feat(fvp): add plat API to validate that passed region is non-secure
feat(drtm): ensure that no SDEI event registered during dynamic launch
feat(drtm): prepare EL state during dynamic launch
feat(drtm): prepare DLME data for DLME launch
feat(drtm): take DRTM components measurements before DLME launch
feat(drtm): add a few DRTM DMA protection APIs
feat(drtm): add remediation driver support in DRTM
feat(fvp): add plat API to set and get the DRTM error
feat(drtm): add Event Log driver support for DRTM
feat(drtm): check drtm arguments during dynamic launch
feat(drtm): introduce drtm dynamic launch function
refactor(measured-boot): split out a few Event Log driver functions
feat(drtm): retrieve DRTM features
feat(drtm): add platform functions for DRTM
feat(sdei): add a function to return total number of events registered
feat(drtm): add PCR entries for DRTM
feat(drtm): update drtm setup function
refactor(crypto): change CRYPTO_SUPPORT flag to numeric
feat(mbedtls): update mbedTLS driver for DRTM support
feat(fvp): add crypto support in BL31
feat(crypto): update crypto module for DRTM support
build(changelog): add new scope for mbedTLS and Crypto module
feat(drtm): add standard DRTM service
build(changelog): add new scope for DRTM service
feat(fvp): increase MAX_XLAT_TABLES entries for DRTM support
feat(fvp): increase BL31's stack size for DRTM support
feat(fvp): add platform hooks for DRTM DMA protection

show more ...

feat(fvp): add plat API to set and get the DRTM error

Added a platform function to set and get DRTM error.
Also, added a platform function to reset the system.

Signed-off-by: Manish V Badarkhe <Man

feat(fvp): add plat API to set and get the DRTM error

Added a platform function to set and get DRTM error.
Also, added a platform function to reset the system.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I471f2387f8c78b21a06af063a6fa02cda3646557

show more ...

Merge changes from topic "jas/rmm-el3-ifc" into integration

* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer

Merge changes from topic "jas/rmm-el3-ifc" into integration

* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer for attest SMCs
feat(rmmd): add support for RMM Boot interface

show more ...

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, am

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.

The RMM boot manifest is not implemented by this patch.

In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a

show more ...

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG
feat(plat/fvp): pass Event Log addr and size from BL1 to BL2
feat(measured_boot): update tb_fw_config with event log properties
feat(measured_boot): image hash measurement and recording in BL1
refactor(measured boot): remove platform calls from Event Log driver
refactor(measured_boot): remove passing of BL2 hash via device tree
refactor(measured boot): move BL2 measurement to platform layer
refactor(measured boot): rename add_event2()
refactor(measured boot): move image measurement to generic layer
build(measured boot): rename measured boot makefile
feat(measured boot): move init and teardown functions to platform layer
refactor(measured boot): rename tpm_record_measurement()

show more ...

feat(plat/fvp): pass Event Log addr and size from BL1 to BL2

Introduced functions to set and get Event log information
(tpm_event_log address and its size).

In FVP platform case, measured boot with

feat(plat/fvp): pass Event Log addr and size from BL1 to BL2

Introduced functions to set and get Event log information
(tpm_event_log address and its size).

In FVP platform case, measured boot with Event Log backend flow
work as below
1. event_log_init function called by BL1 to initialize Event Log
module
2. arm_set_tb_fw_info function called by BL1 to set the
'tpm_event_log_addr' and 'tpm_event_log_size' properties
in tb_fw_config
3. arm_get_tb_fw_info function called by BL2 to get tpm Event Log
parameters set by BL1. These parameters used by the BL2 to
extend the tpm Event Log records, and use these parameters
to initialize Event Log using event_log_init function
4. arm_set_nt_fw_info and arm_set_tos_fw_info function called by
BL2 to set 'tpm_event_log' address and its size properties in
nt_fw_config and tos_fw_config respectively

Alongside, this patch created a separate instances of plat_mboot_init
and plat_mboot_finish APIs for BL1 and BL2.

This patch is tested using the existing measured boot test configuration
in jenkins CI.

Change-Id: Ib9eca092afe580df014541c937868f921dff9c37
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

refactor(measured boot): remove platform calls from Event Log driver

Currently, the Event Log driver does platform layer work by invoking
a few platform functions in the 'event_log_finalise' call. D

refactor(measured boot): remove platform calls from Event Log driver

Currently, the Event Log driver does platform layer work by invoking
a few platform functions in the 'event_log_finalise' call. Doing
platform work does not seem to be the driver's responsibility, hence
moved 'event_log_finalise' function's implementation to the platform
layer.

Alongside, introduced few Event Log driver functions and done
some cosmetic changes.

Change-Id: I486160e17e5b0677c734fd202af7ccd85476a551
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

refactor(measured_boot): remove passing of BL2 hash via device tree

Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to ado

refactor(measured_boot): remove passing of BL2 hash via device tree

Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.

Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME

show more ...

feat(plat/fvp): add memory map for FVP platform for FEAT_RME

When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch intro

feat(plat/fvp): add memory map for FVP platform for FEAT_RME

When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch introduces new carveouts for the Trusted SRAM and DRAM
for the FVP platform accordingly.

The following new regions are introduced with this change:

ARM_MAP_L0_GPT_REGION: Trusted SRAM region used to store Level 0
Granule Protection Table (GPT). This region resides in the Root PAS.

ARM_MAP_GPT_L1_DRAM: DRAM region used to store Level 1 GPT. It
resides in the Root PAS.

ARM_MAP_RMM_DRAM: DRAM region used to store RMM image. It
resides in the Realm PAS.

The L0 GPT is stored on Trusted SRAM next to firmware configuration
memory. The DRAM carveout when RME is enable is modified as follow:

--------------------
| |
| AP TZC (~28MB) |
--------------------
| |
| REALM (32MB) |
--------------------
| |
| EL3 TZC (3MB) |
--------------------
| L1 GPT + SCP TZC |
| (~1MB) |
0xFFFF_FFFF --------------------

During initialization of the TrustZone controller, Root regions
are configured as Secure regions. Then they are later reconfigured
to Root upon GPT initialization.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: If2e257141d51f51f715b70d4a06f18af53607254

show more ...

Merge changes from topic "fw-update-2" into integration

* changes:
feat(sw_crc32): add software CRC32 support
refactor(hw_crc32): renamed hw_crc32 to tf_crc32
feat(fwu): avoid booting with an

Merge changes from topic "fw-update-2" into integration

* changes:
feat(sw_crc32): add software CRC32 support
refactor(hw_crc32): renamed hw_crc32 to tf_crc32
feat(fwu): avoid booting with an alternate boot source
docs(fwu): add firmware update documentation
feat(fwu): avoid NV counter upgrade in trial run state
feat(plat/arm): add FWU support in Arm platforms
feat(fwu): initialize FWU driver in BL2
feat(fwu): add FWU driver
feat(fwu): introduce FWU platform-specific functions declarations
docs(fwu_metadata): add FWU metadata build options
feat(fwu_metadata): add FWU metadata header and build options

show more ...

feat(plat/arm): add FWU support in Arm platforms

Added firmware update support in Arm platforms by using
FWU platform hooks and compiling FWU driver in BL2
component.

Change-Id: I71af06c09d95c2c58e

feat(plat/arm): add FWU support in Arm platforms

Added firmware update support in Arm platforms by using
FWU platform hooks and compiling FWU driver in BL2
component.

Change-Id: I71af06c09d95c2c58e3fd766c4a61c5652637151
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...