feat(fwu): add platform hook for shared NV ctr

The NV ctr should not update when it is shared among
Bl1 and BL2. This is platform specific, therefore add
a platform hook to query the platform for th

feat(fwu): add platform hook for shared NV ctr

The NV ctr should not update when it is shared among
Bl1 and BL2. This is platform specific, therefore add
a platform hook to query the platform for this infor-
mation.

Change-Id: Ib180c8e6a183f7aaa7586e3f008273860d55b414
Signed-off-by: Xialin Liu <xialin.liu@arm.com>

show more ...

Merge changes from topic "lfa-plat-activate" into integration

* changes:
feat(fvp): add stub implementation for plat_lfa_notify_activate()
feat(lfa): add platform hook for activation notification

feat(guid-partition): platform hook to log corrupted GPT

Notification of the GPT corruption can be beneficial,
using the handoff structure from BL2 to
BL32 for logging the GPT corruption information

feat(guid-partition): platform hook to log corrupted GPT

Notification of the GPT corruption can be beneficial,
using the handoff structure from BL2 to
BL32 for logging the GPT corruption information

Change-Id: Ie1af7eb6d97ec76f3f6d1cffad292782bdedda21
Signed-off-by: Xialin Liu <xialin.liu@arm.com>

show more ...

feat(lfa): add platform hook for activation notification

Introduce a new platform API, plat_lfa_notify_activate(), which allows
the platform to notify its security engine to begin component
activati

feat(lfa): add platform hook for activation notification

Introduce a new platform API, plat_lfa_notify_activate(), which allows
the platform to notify its security engine to begin component
activation. The function accepts a component identifier and should
return 0 on success or an error code on failure.

Documentation and header files are updated accordingly, and the call is
integrated into the LFA activation path.

Change-Id: Ic66aa675bba62633cc92992b965d144a6f9ef129
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(platforms): typedef operands to match data type

This corrects the MISRA violation C2012-10.3:
The value of an expression shall not be assigned to an object with a
narrower essential type or of a

fix(platforms): typedef operands to match data type

This corrects the MISRA violation C2012-10.3:
The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.

Change-Id: I1ed3b7fc1866b34f1086e449ffe648f53c33b008
Signed-off-by: Saivardhan Thatikonda <saivardhan.thatikonda@amd.com>

show more ...

refactor(rmmd): modify MEC update call to meet FIRME

Previous version of MEC refresh call was not compliant with FIRME [1].
This patch modifies the call so it is compliant with the specification.

[

refactor(rmmd): modify MEC update call to meet FIRME

Previous version of MEC refresh call was not compliant with FIRME [1].
This patch modifies the call so it is compliant with the specification.

[1] https://developer.arm.com/documentation/den0149/1-0alp0/

Change-Id: I15a652a021561edca16e79d127e6f08975cf1361
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>

show more ...

feat(rmmd): add RMM_RESERVE_MEMORY SMC handler

At the moment any memory required by an R-EL2 manager (RMM) needs to
be known at compile time: that sets the size of the .data and .bss
segments. Some

feat(rmmd): add RMM_RESERVE_MEMORY SMC handler

At the moment any memory required by an R-EL2 manager (RMM) needs to
be known at compile time: that sets the size of the .data and .bss
segments. Some resources depend on the particular machine this will be
running on, the prime example is TF-RMM's granule array, which needs to
know the maximum memory supported beforehand. Other data structures
might depend on the number of CPU cores.

To provide more flexibility, but keep the memory footprint as small as
possible, let's introduce some memory reservation SMC. Any RMM
implementation can ask EL3 for some memory, and would get the physical
address of a usable chunk of memory back. This must happen at RMM boot
time, so before the RMM concluded the boot phase with the
RMM_BOOT_COMPLETE SMC call. Also there is no provision to free memory
again, this would not be needed for the use case of sizing platform
resources, and avoids the complexity of a full-fledged memory allocator.

Add the new RMM_RESERVE_MEMORY command to the implementation defined
RMM-EL3 SMC interface, both in code and documentation. The actual memory
reservation is made a platform implementation, but a simple
implementation is provided, which is used for the FVP platform already:
it will just pick the next matching chunk of memory from the top end of
the RMM carveout. This way the memory reservation will grow down from
the end of the carveout, in a stack-like fashion, until it reaches the
end of the RMM payload, located at the beginning of the carveout. Since
secondary cores might also reserve memory at boot time, there is a
spinlock to protect the simple allocation algorithm.
Other platforms can choose to provide a more sophisticated reservation
algorithm, for instance one taking NUMA locality into account.

This patch just provides the call, at this point there is no obligation
to use the feature, although future TF-RMM versions would rely on it.

Change-Id: I096ac8870ee38f44e18850779fcae829a43a8fd1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

fix(drtm): remove plat_system_reset()

The name plat_system_reset() has been in use for some time by a mediatek
platform (in plat/mediatek/mt8173/plat_pm.c). However, DRTM added a
global hook, that i

fix(drtm): remove plat_system_reset()

The name plat_system_reset() has been in use for some time by a mediatek
platform (in plat/mediatek/mt8173/plat_pm.c). However, DRTM added a
global hook, that is only implemented on FVP, that conflicts with it.
This sometimes results in failed builds.

DRTM remediation ends with a platform reset. However, there is currently
an error message printed that this is not supported. In this case, the
correct thing to do is to panic and as such this hook is not needed.

Further, the correct sequence to reset the system is different and is
only fully implemented by psci_system_reset(). This is a portable
implementation supported by a wide variety of platform.

So remove plat_system_reset(). Once DRTM remediation properly supports
resetting, the psci_system_reset() function should be used to achieve
reset correctly and portably.

Change-Id: Ia4e150c51aeec613838464fbb0e1d0542f19ccab
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

feat(common): add support for kernel DT handoff convention

TF-A currently supports multiple DT handoff conventions:

1. Firmware Handoff (FH): DT passed in x0, with x1–x3 carrying
additional data

feat(common): add support for kernel DT handoff convention

TF-A currently supports multiple DT handoff conventions:

1. Firmware Handoff (FH): DT passed in x0, with x1–x3 carrying
additional data.
2. Kernel-compatible handoff (ARM_LINUX_KERNEL_AS_BL33): DT passed in
x0, x1–x3 zeroed.
3. Legacy TF-A convention: DT passed in x1, with x0 used for MPIDR or
NT_FW_CONFIG.

After discussions with folks in EDK2 and U-Boot, it's clear that there
is no strict requirement for placing the DT in x1. Both projects support
x0 for Arm platforms. To standardize behavior and support firmware
handoff migration, this patch introduces USE_KERNEL_DT_CONVENTION as a
configurable build flag. When enabled, the DT will be passed in x0 for
BL33.

This aligns TF-A’s behavior with Linux boot expectations and simplifies
integration across bootloaders.

Change-Id: I6bd7154fe07cb2e16e25c058f7cf862f9ae007e7
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat(smccc): add SoC name support to SMCCC_ARCH_SOC_ID

This patch adds support for getting the SoC name string
using the SMCCC_ARCH_SOC_ID interface. The SoC name query
was introduced in SMCCC versi

feat(smccc): add SoC name support to SMCCC_ARCH_SOC_ID

This patch adds support for getting the SoC name string
using the SMCCC_ARCH_SOC_ID interface. The SoC name query
was introduced in SMCCC version 1.6. It is available only
through SMC64 calls.

A new function ID, SMCCC_GET_SOC_NAME, is added. It returns
the SoC name as a null-terminated ASCII string, spread across
registers X1 to X17 in little endian order.
The total length is 136 bytes, including the null byte.
Any space after the null terminator is filled
with zeros.

A platform hook plat_get_soc_name() is added to return the
SoC name. A weak default version is also provided that returns
SMC_ARCH_CALL_NOT_SUPPORTED for platforms that do not support
this feature.

The name should follow the SMCCC rule that it must not expose
any information that is not already reported
by the SoC version and revision calls.

Reference: https://developer.arm.com/documentation/den0028/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Idc69997c509bcbfb1cecb38ed1003b29627ade4b

show more ...

feat(fvp): implement platform API for load and auth image

Introduce and implement a stub implementation of
`plat_lfa_load_auth_image()` for the FVP platform. For AEM FVP, no
actual image loading or

feat(fvp): implement platform API for load and auth image

Introduce and implement a stub implementation of
`plat_lfa_load_auth_image()` for the FVP platform. For AEM FVP, no
actual image loading or authentication is required as of now, as
images are assumed to be pre-loaded and authenticated.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I82e51f5d18db6d5b9c61f9081b451619d761abe8

show more ...

feat(fvp): implement platform API for LFA cancel operation

Introduce and implement a stub implementation of `plat_lfa_cancel()`
for the FVP platform. This function will later be expanded to handle
c

feat(fvp): implement platform API for LFA cancel operation

Introduce and implement a stub implementation of `plat_lfa_cancel()`
for the FVP platform. This function will later be expanded to handle
component-specific LFA cancellation logic.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9690b011313bbe0fd458cbe47f32445f8d2d79fa

show more ...

feat(fvp): implement platform API for LFA activation pending check

Introduce and implement `is_plat_lfa_activation_pending()' API for the
FVP platform. Currently, only the RMM component is marked as

feat(fvp): implement platform API for LFA activation pending check

Introduce and implement `is_plat_lfa_activation_pending()' API for the
FVP platform. Currently, only the RMM component is marked as pending.

Change-Id: I6cc84c65ba5fe1b47cc65cbeeb349aac9235533a
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(fvp): initialize LFA component activators in platform layer

Update the FVP platform's LFA component table to populate the
'activator' and 'activation_pending' by introducing fields
in plat_lfa_

feat(fvp): initialize LFA component activators in platform layer

Update the FVP platform's LFA component table to populate the
'activator' and 'activation_pending' by introducing fields
in plat_lfa_component_info_t.
- 'activator': function pointers for component-specific
activation logic
- 'activation_pending': tracks whether the component's activation
is pending

Set the activator function pointers for supported components:
- BL31 via get_bl31_activator()
- RMM (if RME is enabled) via get_rmm_activator()

This allows the LFA service to invoke component-specific prime
and activate callbacks through platform-registered hooks.

Change-Id: Ifd997a8b8cab209c25aabb2e9d4eab59e909ea4d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(fvp): implement LFA get components API

Introduce platform-specific implementation of
`plat_lfa_get_components()` for the Arm FVP platform. This function
returns LFA component metadata, includin

feat(fvp): implement LFA get components API

Introduce platform-specific implementation of
`plat_lfa_get_components()` for the Arm FVP platform. This function
returns LFA component metadata, including component ID, UUID for
each supported firmware image and number of components.

Change-Id: I9e7cbce5865becf3e4babcb770bc5eb3b69a0be8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(rmmd): el3-rmm ide key management interface

Patch introduces the EL3-RMM SMC Interface for Root Port
Key management as per RFC discussed here:
https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM

feat(rmmd): el3-rmm ide key management interface

Patch introduces the EL3-RMM SMC Interface for Root Port
Key management as per RFC discussed here:
https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM-IDE-KM-Interface

Three IDE Key management smc calls have been added:
- RMM_IDE_KEY_PROG()
- RMM_IDE_KEY_SET_GO()
- RMM_IDE_KEY_SET_STOP()
- RMM_IDE_KM_PULL_RESPONSE()

Due to the absence of root port support in FVP, we are
currently adding placeholders in this patch for the platform
APIs to return success irrespective of the arguments being passed
by the caller(Realms). The SMCs are guarded by
`RMMD_ENABLE_IDE_KEY_PROG` build flag and is disabled by default.
We expect that once the SMCs are stabilized, this build flag will
not be required anymore.

Change-Id: I9411eb7787dac2a207bd14710d251503bd9626ce
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

fix(platforms): remove platform_core_pos_helper()

Its last user was removed some time ago so it is no longer necessary.

Change-Id: I28264367abd2902ed0d3f207f686538a82a44eba
Signed-off-by: Boyan Kar

fix(platforms): remove platform_core_pos_helper()

Its last user was removed some time ago so it is no longer necessary.

Change-Id: I28264367abd2902ed0d3f207f686538a82a44eba
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

feat(rmmd): verify FEAT_MEC present before calling plat hoook

Some platforms do not support FEAT_MEC. Hence, they do not provide
an interface to update the update of the key corresponding to a
MECID

feat(rmmd): verify FEAT_MEC present before calling plat hoook

Some platforms do not support FEAT_MEC. Hence, they do not provide
an interface to update the update of the key corresponding to a
MECID.

This patch adds a condition in order to verify FEAT_MEC is present
before calling the corresponding platform hook, thus preventing it
from being called when the platform does not support the feature.

Change-Id: Ib1eb9e42f475e27ec31529569e888b93b207148c
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>

show more ...

feat(rmmd): add RMM_MECID_KEY_UPDATE call

With this addition, TF-A now has an SMC call to handle the
update of MEC keys associated to MECIDs.

The behavior of this newly added call is empty for now

feat(rmmd): add RMM_MECID_KEY_UPDATE call

With this addition, TF-A now has an SMC call to handle the
update of MEC keys associated to MECIDs.

The behavior of this newly added call is empty for now until an
implementation for the MPE (Memory Protection Engine) driver is
available. Only parameter sanitization has been implemented.

Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I2a969310b47e8c6da1817a79be0cd56158c6efc3

show more ...

feat(drtm): introduce plat API for DLME authentication features

This patch introduces a platform-specific function to provide DLME
authentication features. While no platforms currently support DLME

feat(drtm): introduce plat API for DLME authentication features

This patch introduces a platform-specific function to provide DLME
authentication features. While no platforms currently support DLME
authentication, this change offers a structured way for platforms
to define and expose their DLME authentication features, with the
flexibility to extend support in the future if needed.

Change-Id: Ia708914477c4d8cfee4809a9daade9a3e91ed073
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(drtm): add platform API to retrieve ACPI tables region size

Introduces a platform-specific API to retrieve the ACPI table
region size. This will be used in a subsequent patch to specify
the min

feat(drtm): add platform API to retrieve ACPI tables region size

Introduces a platform-specific API to retrieve the ACPI table
region size. This will be used in a subsequent patch to specify
the minimum DLME size requirement for the DCE preamble.

Change-Id: I44ce9241733b22fea3cbce9d42f1c2cc5ef20852
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(qemu): statically allocate bitlocks array

gpt_runtime_init() now takes the bitlock array's address and size as
argument. Rather than reserving space at the end of the L0 GPT for
storing bitlocks

fix(qemu): statically allocate bitlocks array

gpt_runtime_init() now takes the bitlock array's address and size as
argument. Rather than reserving space at the end of the L0 GPT for
storing bitlocks, allocate a static array and pass its address to
gpt_runtime_init(). This frees up a little bit of space formerly
reserved for alignment of the GPT.

Change-Id: I48a1a2bc230f64e13e3ed08b18ebdc2d387d77d0
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>

show more ...

chore(gpt): define PPS in platform header files

Define protected physical address size in bytes
PLAT_ARM_PPS macro for FVP and RDV3 in platform_def.h
files.

Change-Id: I7f6529dfbb8df864091fbefc0813

chore(gpt): define PPS in platform header files

Define protected physical address size in bytes
PLAT_ARM_PPS macro for FVP and RDV3 in platform_def.h
files.

Change-Id: I7f6529dfbb8df864091fbefc08131a0e6d689eb6
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>

show more ...

feat(handoff): common API for TPM event log handoff

Create a common BL2 API to add a TE for TPM event log.

Change-Id: I459e70f40069aa9ea0625977e0bad8ec316439e6
Signed-off-by: Raymond Mao <raymond.m

feat(handoff): common API for TPM event log handoff

Create a common BL2 API to add a TE for TPM event log.

Change-Id: I459e70f40069aa9ea0625977e0bad8ec316439e6
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

show more ...

feat(rmmd): el3 token sign during attestation

Add required SMCs by RMM to push attestation signing requests to EL3
and get responses. EL3 may then choose to push these requests to a HES
as suitable

feat(rmmd): el3 token sign during attestation

Add required SMCs by RMM to push attestation signing requests to EL3
and get responses. EL3 may then choose to push these requests to a HES
as suitable for a platform. This patch also supports the new
RMM_EL3_FEATURES interface, that RMM can use to query for support for
HES based signing. The new interface exposes a feature register with
different bits defining different discoverable features. This new
interface is available starting the 0.4 version of the RMM-EL3
interface, causing the version to bump up. This patch also adds a
platform port for FVP that implements the platform hooks required to
enable the new SMCs, but it does not push to a HES and instead copies a
zeroed buffer in EL3.

Change-Id: I69c110252835122a9533e71bdcce10b5f2a686b2
Signed-off-by: Raghu Krishnamurthy <raghupathyk@nvidia.com>

show more ...