Merge changes from topic "DPE" into integration

* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level

Merge changes from topic "DPE" into integration

* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level for region validity
feat(tc): add dummy TRNG support to be able to boot pVMs
feat(tc): get the parent component provided DPE context_handle
feat(tc): share DPE context handle with child component
feat(tc): add DPE context handle node to device tree
feat(tc): add DPE backend to the measured boot framework
feat(auth): add explicit entries for key OIDs
feat(dice): add DPE driver to measured boot
feat(dice): add client API for DICE Protection Environment
feat(dice): add QCBOR library as a dependency of DPE
feat(dice): add typedefs from the Open DICE repo
docs(changelog): add 'dice' scope
refactor(tc): align image identifier string macros
refactor(fvp): align image identifier string macros
refactor(imx8m): align image identifier string macros
refactor(qemu): align image identifier string macros
fix(measured-boot): add missing image identifier string
refactor(measured-boot): move metadata size macros to a common header
refactor(measured-boot): move image identifier strings to a common header

show more ...

feat(auth): add explicit entries for key OIDs

Key-OIDs that authenticate SCP_BL2, BL32, BL33,
Trusted FW config and Non-trusted FW config images
have been explicitly entered.
Implementations of sign

feat(auth): add explicit entries for key OIDs

Key-OIDs that authenticate SCP_BL2, BL32, BL33,
Trusted FW config and Non-trusted FW config images
have been explicitly entered.
Implementations of signer-ID consume these entries.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Icfb4a4920792c475a92d190837fb24090a57ef89

show more ...

Merge changes from topic "mb/mb-signer-id" into integration

* changes:
feat(qemu): add dummy plat_mboot_measure_key() function
docs(rss): update RSS doc for signer-ID
feat(imx): add dummy 'pla

Merge changes from topic "mb/mb-signer-id" into integration

* changes:
feat(qemu): add dummy plat_mboot_measure_key() function
docs(rss): update RSS doc for signer-ID
feat(imx): add dummy 'plat_mboot_measure_key' function
feat(tc): implement platform function to measure and publish Public Key
feat(auth): measure and publicise the Public Key
feat(fvp): implement platform function to measure and publish Public Key
feat(fvp): add public key-OID information in RSS metadata structure
feat(auth): add explicit entries for key OIDs
feat(rss): set the signer-ID in the RSS metadata
feat(auth): create a zero-OID for Subject Public Key
docs: add details about plat_mboot_measure_key function
feat(measured-boot): introduce platform function to measure and publish Public Key

show more ...

feat(auth): add explicit entries for key OIDs

Key-OIDs that authenticate BL31, BL31(SOC)-FW config, and HW config
images have been explicitly entered.
Implementations of signer-ID consume these entr

feat(auth): add explicit entries for key OIDs

Key-OIDs that authenticate BL31, BL31(SOC)-FW config, and HW config
images have been explicitly entered.
Implementations of signer-ID consume these entries.

Change-Id: I24c9085ed5f266af06d40fb73302e35d857a9d5b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes I500ddbe9,I9c10dac9,I53bfff85,I06f7594d,I24bff8d4, ... into integration

* changes:
nxp lx2160a-aqds: new plat based on soc lx2160a
NXP lx2160a-rdb: new plat based on SoC lx2160a

Merge changes I500ddbe9,I9c10dac9,I53bfff85,I06f7594d,I24bff8d4, ... into integration

* changes:
nxp lx2160a-aqds: new plat based on soc lx2160a
NXP lx2160a-rdb: new plat based on SoC lx2160a
nxp lx2162aqds: new plat based on soc lx2160a
nxp: errata handling at soc level for lx2160a
nxp: make file for loading additional ddr image
nxp: adding support of soc lx2160a
nxp: deflt hdr files for soc & their platforms
nxp: platform files for bl2 and bl31 setup
nxp: warm reset support to retain ddr content
nxp: nv storage api on platforms
nxp: supports two mode of trusted board boot
nxp: fip-handler for additional fip_fuse.bin
nxp: fip-handler for additional ddr-fip.bin
nxp: image loader for loading fip image
nxp: svp & sip smc handling
nxp: psci platform functions used by lib/psci
nxp: helper function used by plat & common code
nxp: add data handler used by bl31
nxp: adding the driver.mk file
nxp-tool: for creating pbl file from bl2
nxp: adding the smmu driver
nxp: cot using nxp internal and mbedtls
nxp:driver for crypto h/w accelerator caam
nxp:add driver support for sd and emmc
nxp:add qspi driver
nxp: add flexspi driver support
nxp: adding gic apis for nxp soc
nxp: gpio driver support
nxp: added csu driver
nxp: driver pmu for nxp soc
nxp: ddr driver enablement for nxp layerscape soc
nxp: i2c driver support.
NXP: Driver for NXP Security Monitor
NXP: SFP driver support for NXP SoC
NXP: Interconnect API based on ARM CCN-CCI driver
NXP: TZC API to configure ddr region
NXP: Timer API added to enable ARM generic timer
nxp: add dcfg driver
nxp:add console driver for nxp platform
tools: add mechanism to allow platform specific image UUID
tbbr-cot: conditional definition for the macro
tbbr-cot: fix the issue of compiling time define
cert_create: updated tool for platform defined certs, keys & extensions
tbbr-tools: enable override TRUSTED_KEY_CERT

show more ...

cert_create: updated tool for platform defined certs, keys & extensions

Changes to 'tools/cert_create' folder, to include platform defined
certificates, keys, and extensions.

NXP SoC lx2160a : base

cert_create: updated tool for platform defined certs, keys & extensions

Changes to 'tools/cert_create' folder, to include platform defined
certificates, keys, and extensions.

NXP SoC lx2160a : based platforms requires additional
FIP DDR to be loaded before initializing the DDR.

To enable chain of trust on these platforms, FIP DDR
image needs to be authenticated, additionally.

Platform specific folder 'tools/nxp/cert_create_helper'
is added to support platform specific macros and definitions.

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I4752a30a9ff3aa1d403e9babe3a07ba0e6b2bf8f

show more ...

Merge changes from topic "cot-parser" into integration

* changes:
plat/arm: fvp: Increase BL2 maximum size
lib: fconf: Implement a parser to populate CoT

lib: fconf: Implement a parser to populate CoT

Implemented a parser which populates the properties of
the CoT descriptors as per the binding document [1].
'COT_DESC_IN_DTB' build option is disabled

lib: fconf: Implement a parser to populate CoT

Implemented a parser which populates the properties of
the CoT descriptors as per the binding document [1].
'COT_DESC_IN_DTB' build option is disabled by default and can
be enabled in future for all Arm platforms by making necessary
changes in the memory map.
Currently, this parser is tested only for FVP platform.

[1]:
https://trustedfirmware-a.readthedocs.io/en/latest/components/cot-binding.html

Change-Id: I2f911206087a1a2942aa728de151d2ac269d27cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "fw_config_handoff" into integration

* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/a

Merge changes from topic "fw_config_handoff" into integration

* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree

show more ...

cert_tool: Update cert_tool for fw_config image support

Updated cert_tool to add hash information of fw_config image into
the existing "trusted boot fw" certificate.

Signed-off-by: Manish V Badarkh

cert_tool: Update cert_tool for fw_config image support

Updated cert_tool to add hash information of fw_config image into
the existing "trusted boot fw" certificate.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I720319225925806a2a9f50a1ac9c8a464be975f0

show more ...

Merge changes I1b9e3ebd,I451c0333 into integration

* changes:
tbbr: add chain of trust for Secure Partitions
cert_create: extend Secure partition support for tbbr CoT

cert_create: extend Secure partition support for tbbr CoT

with sha 0792dd7, support to generate certificate for Secure
Partitions was added for dualroot CoT only, this patch extends
this support for

cert_create: extend Secure partition support for tbbr CoT

with sha 0792dd7, support to generate certificate for Secure
Partitions was added for dualroot CoT only, this patch extends
this support for tbbr CoT.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I451c0333536dd1cbe17861d454bdb0dc7a17c63f

show more ...

Merge pull request #1673 from antonio-nino-diaz-arm/an/headers

Standardise header guards across codebase

Standardise header guards across codebase

All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.

The style that this proje

Standardise header guards across codebase

All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.

The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.

The exceptions are files that are imported from other projects:

- CryptoCell driver
- dt-bindings folders
- zlib headers

Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1386 from soby-mathew/sm/dyn_bl31

Extend dynamic configuration

Dynamic cfg: Enable support on CoT for other configs

This patch implements support for adding dynamic configurations for
BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The
neces

Dynamic cfg: Enable support on CoT for other configs

This patch implements support for adding dynamic configurations for
BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The
necessary cert tool support and changes to default chain of trust are made
for these configs.

Change-Id: I25f266277b5b5501a196d2f2f79639d838794518
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Merge pull request #1263 from soby-mathew/sm/dyn_config

Dynamic Configuration Prototype

Dynamic cfg: Update the tools

This patch updates the `fiptool` and `cert_create` for the
`hw_config` and `tb_fw_config` dynamic configuration files.
The necessary UUIDs and OIDs are assigned to thes

Dynamic cfg: Update the tools

This patch updates the `fiptool` and `cert_create` for the
`hw_config` and `tb_fw_config` dynamic configuration files.
The necessary UUIDs and OIDs are assigned to these files and
the `cert_create` is updated to generate appropriate hashes
and include them in the "Trusted Boot FW Certificate". The
`fiptool` is updated to allow the configs to be specified
via cmdline and included in the generated FIP.

Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Merge pull request #1040 from sliai/support-opteed-header

Support opteed header

Support Trusted OS firmware extra images in TF tools

Since Trusted OS firmware may have extra images, need to
assign new uuid and image id for them.
The TBBR chain of trust has been extended to add

Support Trusted OS firmware extra images in TF tools

Since Trusted OS firmware may have extra images, need to
assign new uuid and image id for them.
The TBBR chain of trust has been extended to add support
for the new images within the existing Trusted OS firmware
content certificate.

Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
Signed-off-by: Summer Qin <summer.qin@arm.com>

show more ...

Merge pull request #938 from masahir0y/tools_share

Collect headers shared between TF and host-tools into include/tools_share

cert: move platform_oid.h to include/tools_share for all platforms

Platforms aligned with TBBR are supposed to use their own OIDs, but
defining the same macros with different OIDs does not provide a

cert: move platform_oid.h to include/tools_share for all platforms

Platforms aligned with TBBR are supposed to use their own OIDs, but
defining the same macros with different OIDs does not provide any
value (at least technically).

For easier use of TBBR, this commit allows platforms to reuse the OIDs
obtained by ARM Ltd. This will be useful for non-ARM vendors that
do not need their own extension fields in their certificate files.

The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h

Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the
backward compatibility.

For clarification, I inserted a blank line between headers from the
include/ directory (#include <...>) and ones from a local directory
(#include "..." ).

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...