refactor(auth): replace plat_convert_pk

Following discussions in the reviews of the patch that introduced
plat_convert_pk() function [1], it was decided to deprecate it to
avoid weak function declar

refactor(auth): replace plat_convert_pk

Following discussions in the reviews of the patch that introduced
plat_convert_pk() function [1], it was decided to deprecate it to
avoid weak function declaration.
A new optional function pointer convert_pk is added to crypto_lib_desc_t.
A new function crypto_mod_convert_pk() will either call
crypto_lib_desc.convert_pk() if it is defined, or do the same
as what was done by the weak function otherwise.

[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17174

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I9358867f8bfd5e96b5ee238c066877da368e43c6

show more ...

feat(auth): compare platform and certificate ROTPK for authentication

Compared the full ROTPK with the ROTPK obtained from the certificate
when the platform supports full ROTPK instead of hash of RO

feat(auth): compare platform and certificate ROTPK for authentication

Compared the full ROTPK with the ROTPK obtained from the certificate
when the platform supports full ROTPK instead of hash of ROTPK.

Additionally, changed the code to verify the ROTPK before relying on
it for signature verification.

Change-Id: I52bb9deb1a1dd5b184d3156bddad14c238692de7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3" into integration

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is runnin

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).

BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.

Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>

show more ...

Merge changes I1b092bc1,Ifc2461b4,I5176caa5 into integration

* changes:
docs(rme): update RMM-EL3 Boot Manifest structure description
feat(rme): read DRAM information from FVP DTB
feat(rme): s

Merge changes I1b092bc1,Ifc2461b4,I5176caa5 into integration

* changes:
docs(rme): update RMM-EL3 Boot Manifest structure description
feat(rme): read DRAM information from FVP DTB
feat(rme): set DRAM information in Boot Manifest platform data

show more ...

feat(rme): set DRAM information in Boot Manifest platform data

This patch adds support for setting configuration of DRAM banks
for FVP model in RMM-EL3 Boot Manifest structure.
Structure 'rmm_manife

feat(rme): set DRAM information in Boot Manifest platform data

This patch adds support for setting configuration of DRAM banks
for FVP model in RMM-EL3 Boot Manifest structure.
Structure 'rmm_manifest' is extended with 'plat_dram' structure
which contains information about platform's DRAM layout:
- number of DRAM banks;
- pointer to 'dram_bank[]' array;
- check sum: two's complement 64-bit value of the sum of
data in 'plat_dram' and 'dram_bank[] array.
Each 'dram_bank' structure holds information about DRAM
bank base address and its size. This values must be aligned
to 4KB page size.
The patch increases Boot Manifest minor version to 2 and
removes 'typedef rmm_manifest_t' as per
"3.4.15.1. Avoid anonymous typedefs of structs/enums in headers" of
https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-style.html

Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I5176caa5780e27d1e0daeb5dea3e40cf6ad5fd12

show more ...

Merge "fix(gic): wrap cache enabled assert under plat_can_cmo" into integration

fix(gic): wrap cache enabled assert under plat_can_cmo

with reference to feature 04c730 (feat(cpus): make cache ops conditional),
booting with caches in debug recovery means SCTLR_C_BIT will be 0.
W

fix(gic): wrap cache enabled assert under plat_can_cmo

with reference to feature 04c730 (feat(cpus): make cache ops conditional),
booting with caches in debug recovery means SCTLR_C_BIT will be 0.
Wrap the assert for the d-cache enabled check in CONDITIONAL_CMO and
plat_can_cmo calls to allow booting with d-cache disabled.

Signed-off-by: Channagoud kadabi <kadabi@google.com>
Change-Id: I80153df493d1ec9e5e354c7c2e6a14322d22c446

show more ...

Merge changes from topic "stm32mp1-trusted-boot" into integration

* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools

Merge changes from topic "stm32mp1-trusted-boot" into integration

* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
feat(stm32mp1): add the platform specific build for tools
fix(stm32mp13-fdts): remove secure status
feat(stm32mp1-fdts): add CoT and fuse references for authentication
feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip
feat(stm32mp1): add the decryption support
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
feat(stm32mp1): update ROM code API for header v2 management
feat(stm32mp1): remove unused function from boot API
refactor(stm32mp1): remove authentication using STM32 image mode
fix(fconf): fix type error displaying disable_auth
feat(tbbr): increase PK_DER_LEN size
fix(auth): correct sign-compare warning
feat(auth): allow to verify PublicKey with platform format PK
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
feat(stm32mp1): add RNG initialization in BL2 for STM32MP13
feat(st-crypto): remove BL32 HASH driver usage
feat(stm32mp1): add a stm32mp crypto library
feat(st-crypto): add STM32 RNG driver
feat(st-crypto): add AES decrypt/auth by SAES IP
feat(st-crypto): add ECDSA signature check with PKA
feat(st-crypto): update HASH for new hardware version used in STM32MP13

show more ...

feat(auth): allow to verify PublicKey with platform format PK

In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the

feat(auth): allow to verify PublicKey with platform format PK

In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the
signature. Typically, platform checks signature using the DER ROTPK
whereas some others add some related information. Add a new platform
weak function to transform the public key buffer used by
verify_signature to a platform specific public key.

Mark this new weak function as deprecated as it will be replaced
by another framework implementation.

Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

Merge "refactor(trng): cleanup the existing TRNG support" into integration

refactor(trng): cleanup the existing TRNG support

This patch adds the following changes to complete the existing
TRNG implementation:

1. Adds a feature specific scope for buildlog generation.
2. Up

refactor(trng): cleanup the existing TRNG support

This patch adds the following changes to complete the existing
TRNG implementation:

1. Adds a feature specific scope for buildlog generation.
2. Updates the docs on the build flag "TRNG_SUPPORT" and its values.
3. Makefile update and improves the existing comments at few sections
for better understanding of the underlying logic.

Change-Id: I3f72f0ccd5c94005a2df87158cf23199d2160d37
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache before DLME launch
feat(drtm): invalidate icache before DLME launch
feat(drtm): ensure that passed region lies within Non-Secure region of DRAM
feat(fvp): add plat API to validate that passed region is non-secure
feat(drtm): ensure that no SDEI event registered during dynamic launch
feat(drtm): prepare EL state during dynamic launch
feat(drtm): prepare DLME data for DLME launch
feat(drtm): take DRTM components measurements before DLME launch
feat(drtm): add a few DRTM DMA protection APIs
feat(drtm): add remediation driver support in DRTM
feat(fvp): add plat API to set and get the DRTM error
feat(drtm): add Event Log driver support for DRTM
feat(drtm): check drtm arguments during dynamic launch
feat(drtm): introduce drtm dynamic launch function
refactor(measured-boot): split out a few Event Log driver functions
feat(drtm): retrieve DRTM features
feat(drtm): add platform functions for DRTM
feat(sdei): add a function to return total number of events registered
feat(drtm): add PCR entries for DRTM
feat(drtm): update drtm setup function
refactor(crypto): change CRYPTO_SUPPORT flag to numeric
feat(mbedtls): update mbedTLS driver for DRTM support
feat(fvp): add crypto support in BL31
feat(crypto): update crypto module for DRTM support
build(changelog): add new scope for mbedTLS and Crypto module
feat(drtm): add standard DRTM service
build(changelog): add new scope for DRTM service
feat(fvp): increase MAX_XLAT_TABLES entries for DRTM support
feat(fvp): increase BL31's stack size for DRTM support
feat(fvp): add platform hooks for DRTM DMA protection

show more ...

feat(fvp): add plat API to set and get the DRTM error

Added a platform function to set and get DRTM error.
Also, added a platform function to reset the system.

Signed-off-by: Manish V Badarkhe <Man

feat(fvp): add plat API to set and get the DRTM error

Added a platform function to set and get DRTM error.
Also, added a platform function to reset the system.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I471f2387f8c78b21a06af063a6fa02cda3646557

show more ...

feat(fvp): add platform hooks for DRTM DMA protection

Added necessary platform hooks for DRTM DMA protection.
These calls will be used by the subsequent DRTM implementation
patches.
DRTM platform AP

feat(fvp): add platform hooks for DRTM DMA protection

Added necessary platform hooks for DRTM DMA protection.
These calls will be used by the subsequent DRTM implementation
patches.
DRTM platform API declarations have been listed down in a
separate header file.

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: Ib9726d1d3570800241bde702ee7006a64f1739ec

show more ...

Merge changes from topic "aarch32_debug_aborts" into integration

* changes:
feat(stm32mp1): add plat_report_*_abort functions
feat(debug): add helpers for aborts on AARCH32
feat(debug): add AA

Merge changes from topic "aarch32_debug_aborts" into integration

* changes:
feat(stm32mp1): add plat_report_*_abort functions
feat(debug): add helpers for aborts on AARCH32
feat(debug): add AARCH32 CP15 fault registers

show more ...

feat(debug): add helpers for aborts on AARCH32

New helper functions are created to handle data & prefetch aborts
in AARCH32. They call platform functions, just like what
report_exception is doing.
A

feat(debug): add helpers for aborts on AARCH32

New helper functions are created to handle data & prefetch aborts
in AARCH32. They call platform functions, just like what
report_exception is doing.
As extended MSR/MRS instructions (to access lr_abt in monitor mode)
are only available if CPU (Armv7) has virtualization extension,
the functions branch to original report_exception handlers if this is
not the case.
Those new helpers are created mainly to distinguish data and prefetch
aborts, as they both share the same mode.
This adds 40 bytes of code.

Change-Id: I5dd31930344ad4e3a658f8a9d366a87a300aeb67
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

Merge changes from topic "provencore-spd" into integration

* changes:
feat(zynqmp): add support for ProvenCore
feat(services): add a SPD for ProvenCore
feat(gic): add APIs to raise NS and S-EL

Merge changes from topic "provencore-spd" into integration

* changes:
feat(zynqmp): add support for ProvenCore
feat(services): add a SPD for ProvenCore
feat(gic): add APIs to raise NS and S-EL1 SGIs

show more ...

feat(gic): add APIs to raise NS and S-EL1 SGIs

This patch adds two helper functions:
- plat_ic_raise_ns_sgi to raise a NS SGI
- plat_ic_raise_s_el1_sgi to raise a S-EL1 SGI

Signed-off-by: Florian

feat(gic): add APIs to raise NS and S-EL1 SGIs

This patch adds two helper functions:
- plat_ic_raise_ns_sgi to raise a NS SGI
- plat_ic_raise_s_el1_sgi to raise a S-EL1 SGI

Signed-off-by: Florian Lugou <florian.lugou@provenrun.com>
Change-Id: I6f262dd1da1d77fec3f850eb74189e726b8e24da

show more ...

Merge changes from topic "jas/rmm-el3-ifc" into integration

* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer

Merge changes from topic "jas/rmm-el3-ifc" into integration

* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer for attest SMCs
feat(rmmd): add support for RMM Boot interface

show more ...

feat(rmmd): add support to create a boot manifest

This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Ch

feat(rmmd): add support to create a boot manifest

This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I1374f8f9cb207028f1820953cd2a5cf6d6c3b948

show more ...

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, am

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.

The RMM boot manifest is not implemented by this patch.

In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(fvp): add plat hook for memory transactions
feat(spmc): enable handling of the NS bit
feat(spmc): add support for v1.1

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(fvp): add plat hook for memory transactions
feat(spmc): enable handling of the NS bit
feat(spmc): add support for v1.1 FF-A memory data structures
feat(spmc/mem): prevent duplicated sharing of memory regions
feat(spmc/mem): support multiple endpoints in memory transactions
feat(spmc): add support for v1.1 FF-A boot protocol
feat(plat/fvp): introduce accessor function to obtain datastore
feat(spmc/mem): add FF-A memory management code

show more ...

feat(plat/fvp): introduce accessor function to obtain datastore

In order to provide the EL3 SPMC a sufficient datastore to
record memory descriptors, a accessor function is used.
This allows for the

feat(plat/fvp): introduce accessor function to obtain datastore

In order to provide the EL3 SPMC a sufficient datastore to
record memory descriptors, a accessor function is used.
This allows for the backing memory to be allocated in a
platform defined manner, to accommodate memory constraints
and desired use cases.

Provide an implementation for the Arm FVP platform to
use a default value of 512KB memory allocated in the
TZC RAM section.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I92bc55ba6e04bdad429eb52f0d2960ceda682804

show more ...

Merge changes from topic "rme-attest" into integration

* changes:
feat(rme): add dummy realm attestation key to RMMD
feat(rme): add dummy platform token to RMMD