Merge changes from topic "fw-update" into integration

* changes:
docs: add build options for GPT support enablement
feat(plat/arm): add GPT parser support

feat(plat/arm): add GPT parser support

Added GPT parser support in BL2 for Arm platforms to get the entry
address and length of the FIP in the GPT image.

Also, increased BL2 maximum size for FVP pl

feat(plat/arm): add GPT parser support

Added GPT parser support in BL2 for Arm platforms to get the entry
address and length of the FIP in the GPT image.

Also, increased BL2 maximum size for FVP platform to successfully
compile ROM-enabled build with this change.

Verified this change using a patch:
https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/9654

Change-Id: Ie8026db054966653b739a82d9ba106d283f534d0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topics "af/add_measured_boot_bl1_bl2", "af/add_measured_boot_driver", "af/add_measured_boot_driver_support", "af/add_measured_boot_fconf", "af/add_measured_boot_fvp" into integrati

Merge changes from topics "af/add_measured_boot_bl1_bl2", "af/add_measured_boot_driver", "af/add_measured_boot_driver_support", "af/add_measured_boot_fconf", "af/add_measured_boot_fvp" into integration

* changes:
plat/arm/board/fvp: Add support for Measured Boot
TF-A: Add support for Measured Boot driver to FCONF
TF-A: Add support for Measured Boot driver in BL1 and BL2
TF-A: Add Event Log for Measured Boot
TF-A: Add support for Measured Boot driver

show more ...

TF-A: Add support for Measured Boot driver

This patch adds support for Measured Boot driver functionality
in common Arm platform code.

Change-Id: If049dcf8d847c39023b77c0d805a8cf5b8bcaa3e
Signed-of

TF-A: Add support for Measured Boot driver

This patch adds support for Measured Boot driver functionality
in common Arm platform code.

Change-Id: If049dcf8d847c39023b77c0d805a8cf5b8bcaa3e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge changes from topic "fw_config_handoff" into integration

* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/a

Merge changes from topic "fw_config_handoff" into integration

* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree

show more ...

plat/arm: Load and populate fw_config and tb_fw_config

Modified the code to do below changes:

1. Load tb_fw_config along with fw_config by BL1.
2. Populate fw_config device tree information in the

plat/arm: Load and populate fw_config and tb_fw_config

Modified the code to do below changes:

1. Load tb_fw_config along with fw_config by BL1.
2. Populate fw_config device tree information in the
BL1 to load tb_fw_config.
3. In BL2, populate fw_config information to retrieve
the address of tb_fw_config and then tb_fw_config
gets populated using retrieved address.
4. Avoid processing of configuration file in case of error
value returned from "fw_config_load" function.
5. Updated entrypoint information for BL2 image so
that it's arg0 should point to fw_config address.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c

show more ...

Merge "Create separate header for ARM specific SMCCC defines" into integration

Create separate header for ARM specific SMCCC defines

Moved SMCCC defines from plat_arm.h to new <smccc_def.h> header
and include this header in all ARM platforms.

Signed-off-by: Manish V Badarkhe

Create separate header for ARM specific SMCCC defines

Moved SMCCC defines from plat_arm.h to new <smccc_def.h> header
and include this header in all ARM platforms.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4cbc69c7b9307461de87b7c7bf200dd9b810e485

show more ...

Merge "FVP: Add BL2 hash calculation in BL1" into integration

FVP: Add BL2 hash calculation in BL1

This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.

Change-Id: Ic074a7ed19b

FVP: Add BL2 hash calculation in BL1

This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.

Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge "Implement SMCCC_ARCH_SOC_ID SMC call" into integration

Implement SMCCC_ARCH_SOC_ID SMC call

Implemented SMCCC_ARCH_SOC_ID call in order to get below
SOC information:

1. SOC revision
2. SOC version

Implementation done using below SMCCC specification do

Implement SMCCC_ARCH_SOC_ID SMC call

Implemented SMCCC_ARCH_SOC_ID call in order to get below
SOC information:

1. SOC revision
2. SOC version

Implementation done using below SMCCC specification document:
https://developer.arm.com/docs/den0028/c

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie0595f1c345a6429a6fb4a7f05534a0ca9c9a48b

show more ...

Merge changes from topic "mp/enhanced_pal_hw" into integration

* changes:
plat/arm/fvp: populate pwr domain descriptor dynamically
fconf: Extract topology node properties from HW_CONFIG dtb
fc

Merge changes from topic "mp/enhanced_pal_hw" into integration

* changes:
plat/arm/fvp: populate pwr domain descriptor dynamically
fconf: Extract topology node properties from HW_CONFIG dtb
fconf: necessary modifications to support fconf in BL31 & SP_MIN
fconf: enhancements to firmware configuration framework

show more ...

fconf: necessary modifications to support fconf in BL31 & SP_MIN

Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG

fconf: necessary modifications to support fconf in BL31 & SP_MIN

Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG device tree
and registered them with fconf framework. Many of the changes are
only applicable for fvp platform.

This patch:
1. Adds necessary symbols and sections in BL31, SP_MIN linker script
2. Adds necessary memory map entry for translation in BL31, SP_MIN
3. Creates an abstraction layer for hardware configuration based on
fconf framework
4. Adds necessary changes to build flow (makefiles)
5. Minimal callback to read hw_config dtb for capturing properties
related to GIC(interrupt-controller node)
6. updates the fconf documentation

Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge changes from topic "sb/dualroot" into integration

* changes:
plat/arm: Pass cookie argument down to arm_get_rotpk_info()
plat/arm: Add support for dualroot CoT
plat/arm: Provide some PRO

Merge changes from topic "sb/dualroot" into integration

* changes:
plat/arm: Pass cookie argument down to arm_get_rotpk_info()
plat/arm: Add support for dualroot CoT
plat/arm: Provide some PROTK files for development

show more ...

Merge changes I75f6d135,I4add470e,I0ecd3a2b,I67a63d73 into integration

* changes:
board/rddaniel: intialize tzc400 controllers
plat/arm/tzc: add support to configure multiple tzc400
plat/arm:

Merge changes I75f6d135,I4add470e,I0ecd3a2b,I67a63d73 into integration

* changes:
board/rddaniel: intialize tzc400 controllers
plat/arm/tzc: add support to configure multiple tzc400
plat/arm: allow boards to specify second DRAM Base address
plat/arm: allow boards to define PLAT_ARM_TZC_FILTERS

show more ...

Merge "Read-only xlat tables for BL31 memory" into integration

Read-only xlat tables for BL31 memory

This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who h

Read-only xlat tables for BL31 memory

This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.

The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.

To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.

Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.

The caches are also flushed.

Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466

show more ...

plat/arm: Pass cookie argument down to arm_get_rotpk_info()

The cookie will be leveraged in the next commit.

Change-Id: Ie8bad275d856d84c27466461cf815529dd860446
Signed-off-by: Sandrine Bailleux <s

plat/arm: Pass cookie argument down to arm_get_rotpk_info()

The cookie will be leveraged in the next commit.

Change-Id: Ie8bad275d856d84c27466461cf815529dd860446
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

plat/arm/tzc: add support to configure multiple tzc400

For platforms that have two or more TZC400 controllers instantiated,
allow the TZC400 driver to be usable with all those instances.
This is ach

plat/arm/tzc: add support to configure multiple tzc400

For platforms that have two or more TZC400 controllers instantiated,
allow the TZC400 driver to be usable with all those instances.
This is achieved by allowing 'arm_tzc400_setup' function to accept
the base address of the TZC400 controller.

Change-Id: I4add470e6ddb58432cd066145e644112400ab924
Signed-off-by: Suyash Pathak <suyash.pathak@arm.com>

show more ...

Merge changes from topic "lm/fconf" into integration

* changes:
arm-io: Panic in case of io setup failure
MISRA fix: Use boolean essential type
fconf: Add documentation
fconf: Move platform

Merge changes from topic "lm/fconf" into integration

* changes:
arm-io: Panic in case of io setup failure
MISRA fix: Use boolean essential type
fconf: Add documentation
fconf: Move platform io policies into fconf
fconf: Add mbedtls shared heap as property
fconf: Add TBBR disable_authentication property
fconf: Add dynamic config DTBs info as property
fconf: Populate properties from dtb during bl2 setup
fconf: Load config dtb from bl1
fconf: initial commit

show more ...

arm-io: Panic in case of io setup failure

Currently, an IO setup failure will be ignored on arm platform release
build. Change this to panic instead.

Change-Id: I027a045bce2422b0a0fc4ff9e9d4c6e7bf5

arm-io: Panic in case of io setup failure

Currently, an IO setup failure will be ignored on arm platform release
build. Change this to panic instead.

Change-Id: I027a045bce2422b0a0fc4ff9e9d4c6e7bf5d2f98
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

show more ...

MISRA fix: Use boolean essential type

Change the return type of "arm_io_is_toc_valid()" and
"plat_arm_bl1_fwu_needed()" to bool, to match function behavior.

Change-Id: I503fba211219a241cb263149ef36

MISRA fix: Use boolean essential type

Change the return type of "arm_io_is_toc_valid()" and
"plat_arm_bl1_fwu_needed()" to bool, to match function behavior.

Change-Id: I503fba211219a241cb263149ef36ca14e3362a1c
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

show more ...

fconf: Add dynamic config DTBs info as property

This patch introduces a better separation between the trusted-boot
related properties, and the dynamic configuration DTBs loading
information.

The dy

fconf: Add dynamic config DTBs info as property

This patch introduces a better separation between the trusted-boot
related properties, and the dynamic configuration DTBs loading
information.

The dynamic configuration DTBs properties are moved to a new node:
`dtb-registry`. All the sub-nodes present will be provided to the
dynamic config framework to be loaded. The node currently only contains
the already defined configuration DTBs, but can be extended for future
features if necessary.
The dynamic config framework is modified to use the abstraction provided
by the fconf framework, instead of directly accessing the DTBs.

The trusted-boot properties are kept under the "arm,tb_fw" compatible
string, but in a separate `tb_fw-config` node.
The `tb_fw-config` property of the `dtb-registry` node simply points
to the load address of `fw_config`, as the `tb_fw-config` is currently
part of the same DTB.

Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

show more ...

fconf: Load config dtb from bl1

Move the loading of the dtb from arm_dym_cfg to fconf. The new loading
function is not associated to arm platform anymore, and can be moved
to bl_main if wanted.

Cha

fconf: Load config dtb from bl1

Move the loading of the dtb from arm_dym_cfg to fconf. The new loading
function is not associated to arm platform anymore, and can be moved
to bl_main if wanted.

Change-Id: I847d07eaba36d31d9d3ed9eba8e58666ea1ba563
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

show more ...