fix(rse): remove host ROTPK support and test

Remove support for the retrieving a host ROTPK from the RSE, as the RSE
no longer has host ROTPKs provisioned by default. Also remove the TC
test which v

fix(rse): remove host ROTPK support and test

Remove support for the retrieving a host ROTPK from the RSE, as the RSE
no longer has host ROTPKs provisioned by default. Also remove the TC
test which verified this feature.

BREAKING CHANGE: platforms can no longer retrieve the host ROTPK from
the RSE as these are no longer provisioned.

Change-Id: I2c852855e53c36e77f639f17f4c181290d95ccff
Signed-off-by: Jackson Cooper-Driver <jackson.cooper-driver@arm.com>

show more ...

Merge "feat(cpufeat): enable USE_SPINLOCK_CAS to FEAT_STATE_CHECKED" into integration

Merge "feat(rmmd): extend RMI function ID range validation" into integration

feat(rmmd): extend RMI function ID range validation

Add support for the extended RMI function number range (RMI_FNUM1)in
the is_rmi_fid() macro. The macro now validates FIDs in both:
- Original rang

feat(rmmd): extend RMI function ID range validation

Add support for the extended RMI function number range (RMI_FNUM1)in
the is_rmi_fid() macro. The macro now validates FIDs in both:
- Original range: 0x150 - 0x18F (RMI_FNUM_MIN_VALUE to RMI_FNUM_MAX_VALUE)
- Extended range: 0x1D0 - 0x2CF (RMI_FNUM1_MIN_VALUE to RMI_FNUM1_MAX_VALUE)

This change ensures proper identification and handling of RMI calls
across the full function ID space as defined by the RMM specification.

Change-Id: Ie65999ffeacc94057389e056761e57586f804b63
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

feat(cpufeat): enable USE_SPINLOCK_CAS to FEAT_STATE_CHECKED

The FEAT_LSE enablement predates the FEAT_STATE framework and has never
been converted. Since the introduction of USE_SPINLOCK_CAS we've

feat(cpufeat): enable USE_SPINLOCK_CAS to FEAT_STATE_CHECKED

The FEAT_LSE enablement predates the FEAT_STATE framework and has never
been converted. Since the introduction of USE_SPINLOCK_CAS we've gained
lots of quality of life features that allow for better feature
enablement. This patch converts USE_SPINLOCK_CAS to tri-state and adds
it to FEATURE_DETECTION to align with all other features.

Instead of introducing the assembly checking for tri-state, this patch
translates all locking routines to C inline assembly and uses the
standard C helpers. The main benefit is that this gives greater
visibility to the compiler about what the functions are doing and lets
it optimise better. Namely, it is able to allocate registers itself and
inline the functions when LTO is enabled.

An unsuccessful attempt was made to use the instructions directly and
have even flow control in C. This, however, made code very complicated
and less efficient in the tight loops of the spinlock.

The last use of ARM_ARCH_AT_LEAST goes away with this change and so this
macro is removed. It has now been fully superseded by the FEAT_STATE
framework.

This change exposes a limitation - RME_GPT_BITLOCK_BLOCK requires
USE_SPINLOCK_CAS. This patch does not address this in any way but makes
the relationship explicit.

Change-Id: I580081549aceded2dca3e0f4564ee7510a7e56ae
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(drtm): use crypto-agile measured boot
refactor(imx): use crypto-agile measured boot
refactor(qemu): use crypto-agile me

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(drtm): use crypto-agile measured boot
refactor(imx): use crypto-agile measured boot
refactor(qemu): use crypto-agile measured boot
refactor(juno): use crypto-agile measured boot
refactor(rpi3): use crypto-agile measured boot
refactor(fvp): use crypto-agile measured boot
feat(measured-boot): enable dynamic hash provisioning
feat: add TPM/TCG hashing helper to crypto module
chore: bump event log library

show more ...

Merge changes I4d50d138,Ie16b2e40,I574893fa into integration

* changes:
refactor(tpm): remove TPM code from TF-A
feat(tpm): changes to support TPM lib
feat: add libtpm submodule

feat(measured-boot): enable dynamic hash provisioning

Introduce dynamic hash provisioning for Measured Boot by removing the
previous static hash-selection path and allowing platforms to supply
algor

feat(measured-boot): enable dynamic hash provisioning

Introduce dynamic hash provisioning for Measured Boot by removing the
previous static hash-selection path and allowing platforms to supply
algorithm metadata at runtime. Add mboot_find_event_log_metadata() as a
common helper for resolving image metadata. Update the Event Log build
logic to use MAX_DIGEST_SIZE and MAX_HASH_COUNT, deprecate legacy
MBOOT_EL_HASH_ALG, and warn when it is used. Adjust MbedTLS
configuration to enable hash algorithms automatically when Measured Boot
is enabled.

Change-Id: I704e1a5005f6caad3d51d868bacc53699b6dd64f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat: add TPM/TCG hashing helper to crypto module

Introduce crypto_mod_tcg_hash(), a helper that maps TPM/TCG algorithm
identifiers to the platform crypto backend. This ensures that Event Log
measur

feat: add TPM/TCG hashing helper to crypto module

Introduce crypto_mod_tcg_hash(), a helper that maps TPM/TCG algorithm
identifiers to the platform crypto backend. This ensures that Event Log
measurements use the same digest implementation as the platform PCR
backend regardless of whether hashing is performed in software,
hardware, or a discrete TPM. Update the measured boot design document,
expose the new API via public headers, and implement the helper in the
common crypto module.

Change-Id: Id4f7f1d0014ab42064c46819965417daef71555b
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

refactor(tpm): remove TPM code from TF-A

git rm of TPM source and header files from platform tree.

Change-Id: I4d50d138166fe25b4d51bb3f1955797aa3d025ab
Signed-off-by: Matthew Ellis <Matthew.Ellis@a

refactor(tpm): remove TPM code from TF-A

git rm of TPM source and header files from platform tree.

Change-Id: I4d50d138166fe25b4d51bb3f1955797aa3d025ab
Signed-off-by: Matthew Ellis <Matthew.Ellis@arm.com>

show more ...

feat(tpm): changes to support TPM lib

The build system sets TPM_INTERFACE to FIFO_SPI, but this cannot be
tested by the C preprocessor. So, create new build define
TPM_INTERFACE_FIFO_SPI. Correct th

feat(tpm): changes to support TPM lib

The build system sets TPM_INTERFACE to FIFO_SPI, but this cannot be
tested by the C preprocessor. So, create new build define
TPM_INTERFACE_FIFO_SPI. Correct the #if statements to use it.

Make spi_init() in rpi3_spi.c static.
Pass timer functions as ops structure to TPM.
Remove implicit interface between TPM library and main firmware by
introducing explicit interface to allow firmware to pass structure
of function pointers to setup a timer and check whether it has elapsed.

Update build system for new TPM lib location.
Change #include statements in TPM source and header files to allow
for new directory structure.

Change-Id: Ie16b2e402b963161d7d4f35a187b9bd2765a1faa
Signed-off-by: Matthew Ellis <Matthew.Ellis@arm.com>

show more ...

fix(cpufeat): always provide pauth context helper

We need to be able to work on the structure with or without pauth.
Arrange the getter so that it can compile even if it wouldn't be
functional.

Cha

fix(cpufeat): always provide pauth context helper

We need to be able to work on the structure with or without pauth.
Arrange the getter so that it can compile even if it wouldn't be
functional.

Change-Id: I563680fc76f4e08d3e77e01ed7525d09c7c617ab
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "fix(cm): remove set_aapcs_args functions" into integration

fix(cm): remove set_aapcs_args functions

These functions were added as wrappers on context but were never used,
mainly because we sometimes only have a reference to the gpregs
sub-struct. Remove the

fix(cm): remove set_aapcs_args functions

These functions were added as wrappers on context but were never used,
mainly because we sometimes only have a reference to the gpregs
sub-struct. Remove them to reduce clutter.

Change-Id: If10dade6ea9cc90384344cf0149482574cf0e116
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(security): add CVE-2024-7881 mitigation to C1-Ultra CPU

This patch mitigates Cat B erratum 3651221 [2] / CVE-2024-7881 [1]
for C1-Ultra CPU. This CVE applies to r0p0 and is fixed in r1p0 [2].

T

fix(security): add CVE-2024-7881 mitigation to C1-Ultra CPU

This patch mitigates Cat B erratum 3651221 [2] / CVE-2024-7881 [1]
for C1-Ultra CPU. This CVE applies to r0p0 and is fixed in r1p0 [2].

This CVE can be mitigated by disabling the affected prefetcher
setting CPUACTLR6_EL1[41].

[1] https://developer.arm.com/documentation/110326/latest/
[2] https://developer.arm.com/documentation/111077/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I7815d6fc9af812c38b1c05881c850b8209d6ad7c

show more ...

fix(security): add CVE-2024-7881 mitigation to C1-Premium CPU

This patch mitigates Cat B erratum 3651221 [2] / CVE-2024-7881 [1]
for C1-Premium CPU. This CVE applies to r0p0 and
is fixed in r1p0 [2]

fix(security): add CVE-2024-7881 mitigation to C1-Premium CPU

This patch mitigates Cat B erratum 3651221 [2] / CVE-2024-7881 [1]
for C1-Premium CPU. This CVE applies to r0p0 and
is fixed in r1p0 [2].

This CVE can be mitigated by disabling the affected prefetcher
setting CPUACTLR6_EL1[41].

[1] https://developer.arm.com/documentation/110326/latest/
[2] https://developer.arm.com/documentation/111078/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I70b50700bc1618e0f8f4121efc9fe89e2742ed74

show more ...

Merge changes from topic "xl/a725-errata" into integration

* changes:
fix(cpus): workaround for Cortex-A725 erratum 3456106
fix(cpus): workaround for Cortex-A725 erratum 3711914
fix(cpus): wor

Merge changes from topic "xl/a725-errata" into integration

* changes:
fix(cpus): workaround for Cortex-A725 erratum 3456106
fix(cpus): workaround for Cortex-A725 erratum 3711914
fix(cpus): workaround for Cortex-A725 erratum 2936490
fix(cpus): workaround for Cortex-A725 erratum 2874943

show more ...

Merge changes from topic "ar/feat_uinj" into integration

* changes:
feat(cpufeat): add support for FEAT_UINJ
feat(cpufeat): enable mandatory Armv9.4–Armv9.6 features by default
fix(cpufeat): u

Merge changes from topic "ar/feat_uinj" into integration

* changes:
feat(cpufeat): add support for FEAT_UINJ
feat(cpufeat): enable mandatory Armv9.4–Armv9.6 features by default
fix(cpufeat): update feature names and comments
fix(cpufeat): simplify AArch32 feature disablement

show more ...

Merge changes from topic "xl/a76ae-errata" into integration

* changes:
fix(cpus): workaround for Cortex-A76AE erratum 2371140
fix(cpus): workaround for Cortex-A76AE erratum 1969401
fix(cpus):

Merge changes from topic "xl/a76ae-errata" into integration

* changes:
fix(cpus): workaround for Cortex-A76AE erratum 2371140
fix(cpus): workaround for Cortex-A76AE erratum 1969401
fix(cpus): workaround for Cortex-A76AE erratum 1931435
fix(cpus): workaround for Cortex-A76AE erratum 1931427

show more ...

Merge "feat(clk): add get_possible_parents_num callback" into integration

fix(cpus): workaround for Cortex-A725 erratum 3711914

Cortex-A725 erratum 3711914 is a Cat B erratum that applies
to revisions r0p0 and r0p1 and it is fixed in r0p2.

This erratum can be avoided by

fix(cpus): workaround for Cortex-A725 erratum 3711914

Cortex-A725 erratum 3711914 is a Cat B erratum that applies
to revisions r0p0 and r0p1 and it is fixed in r0p2.

This erratum can be avoided by inserting a DMB LD after each DSB ST instruction.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-2832921/latest/

Change-Id: If3b9d3a0f495b3a172d3e6e5ca7afa8c30aeb4ea
Signed-off-by: Xialin Liu <xialin.liu@arm.com>

show more ...

fix(cpus): workaround for Cortex-A725 erratum 2936490

Cortex-A725 erratum 2936490 is a Cat B erratum that applies
to revisions in r0p0, and is fixed in r0p1.

This erratum can be avoided by setting

fix(cpus): workaround for Cortex-A725 erratum 2936490

Cortex-A725 erratum 2936490 is a Cat B erratum that applies
to revisions in r0p0, and is fixed in r0p1.

This erratum can be avoided by setting CPUACTLR2_EL1[37] to 1.
Setting this bit is expected to have a negligible performance impact.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-2832921/latest/

Change-Id: I9833f8831ba3735a94763791a65be11b95c00bdb
Signed-off-by: Xialin Liu <xialin.liu@arm.com>

show more ...

fix(cpus): workaround for Cortex-A725 erratum 2874943

Cortex-A725 erratum 2874943 is a Cat B erratum that applies
to revision r0p0 when FEAT_SPE is enabled, it is fixed in r0p1.

This erratum can be

fix(cpus): workaround for Cortex-A725 erratum 2874943

Cortex-A725 erratum 2874943 is a Cat B erratum that applies
to revision r0p0 when FEAT_SPE is enabled, it is fixed in r0p1.

This erratum can be avoided by setting bits[58:57] to 0b11 in CPUACTLR_EL1.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-2832921/latest/

Change-Id: I686bbde8756d52afee92097ec05b97138b550025
Signed-off-by: Xialin Liu <xialin.liu@arm.com>

show more ...

fix(cpus): workaround for Cortex-A76AE erratum 1969401

Cortex-A76AE erratum 1969401 is a Cat B erratum that applies
to r0p0 and r1p0, it is fixed in r1p1.

This erratum can be avoided by inserting a

fix(cpus): workaround for Cortex-A76AE erratum 1969401

Cortex-A76AE erratum 1969401 is a Cat B erratum that applies
to r0p0 and r1p0, it is fixed in r1p1.

This erratum can be avoided by inserting a DMB ST before acquire
atomic instructions without release semantics.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1277541/1700/?lang=en

Change-Id: I893452450d430833e6c5a8e33a1e37b708218576
Signed-off-by: Xialin Liu <xialin.liu@arm.com>

show more ...

fix(cpus): workaround for Cortex-A76AE erratum 1931435

Cortex-A76AE erratum 1931435 is a Cat B erratum that applies
to r0p0 and r1p0, it is fixed in r1p1.

This erratum can be avoided by setting CPU

fix(cpus): workaround for Cortex-A76AE erratum 1931435

Cortex-A76AE erratum 1931435 is a Cat B erratum that applies
to r0p0 and r1p0, it is fixed in r1p1.

This erratum can be avoided by setting CPUACTLR_EL1[13] to 1. This bit
delays instruction fetch after branch misprediction. This workaround
will have a small impact on performance.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1277541/1700/?lang=en

Change-Id: I1baba8752f5f2e2ab5c873030e1f00cbb8cf1e60
Signed-off-by: Xialin Liu <xialin.liu@arm.com>

show more ...