fix(spi-nand): add Quad Enable management

The framework currently supports QE feature only for Macronix devices.
Kioxia devices also support this feature, but this feature can not be
set based on th

fix(spi-nand): add Quad Enable management

The framework currently supports QE feature only for Macronix devices.
Kioxia devices also support this feature, but this feature can not be
set based on the manufacturer ID as Kioxia first SPI NAND generation
does not support the QE feature when the second generation does.

Use a flag to manage QE feature. This flag will be added at board level
to manage the device.

Change-Id: I7a3683a2df8739967b17b4abbec32c51bf206b93
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>

show more ...

fix(measured-boot): don't strip last non-0 char

With the current implementation of stripping the last null
byte from a string, there was no way to get the TF-M measured
boot test suite to pass. It w

fix(measured-boot): don't strip last non-0 char

With the current implementation of stripping the last null
byte from a string, there was no way to get the TF-M measured
boot test suite to pass. It would expect the size of the string
passed into extend measurement to be unaffected by the call.

This fix should allow passing a string with the null char
pre-stripped, allowing the tests to exclude the null char in
their test data and not have the length decremented.

Further, This patch adds an early exit if either the version
or sw_type is larger than its buffer. Without this check,
it may be possible to pass a length one more than the maximum,
and if the last element is a null, the length will be truncated
to fit. This is instead suppsed to return an error.

Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I98e1bb53345574d4645513009883c6e7b6612531

show more ...

chore: rename Makalu to Cortex-A715

Change-Id: I017c955cb643e2befb6b01e1b5a07c22172b08b9
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

feat(cpus): wrappers to propagate AArch32 errata info

AArch32 is not being ported to the errata framework. However, the
runtime errata list is needed at runtime for the upcoming errata ABI.
Add wrap

feat(cpus): wrappers to propagate AArch32 errata info

AArch32 is not being ported to the errata framework. However, the
runtime errata list is needed at runtime for the upcoming errata ABI.
Add wrappers to populate this information and make it accessible in the
same way as AArch64.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I084720f34d6ed4e00e94b09babd3c90a5393298a

show more ...

feat(cpus): add a way to automatically report errata

Using the errata framework per-cpu data structure, errata can all be
reported automatically through a single standard errata reporter which
can r

feat(cpus): add a way to automatically report errata

Using the errata framework per-cpu data structure, errata can all be
reported automatically through a single standard errata reporter which
can replace the cpu-specific ones.

This reporter can also enforce the ordering requirement of errata.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I7d2d5ac5bcb9d21aed0d560d7d23919a323ffdab

show more ...

feat(cpus): add a concise way to implement AArch64 errata

Errata implementation involves adding a lot of boilerplate to random
places with just conventions on how to do them. Copy pasting is the
usu

feat(cpus): add a concise way to implement AArch64 errata

Errata implementation involves adding a lot of boilerplate to random
places with just conventions on how to do them. Copy pasting is the
usual method for doing this. The result is an error-prone and verbose
patch that is a nightmare to get through review.

Errata workarounds have a very large degree of similarity - most of them
involve setting a bit at reset. As such most of the boilerplate is not
strictly necessary. To solve this, add a collection of assembly macros
to wrap errata implementations such that only the actual mitigations
need to be written. A new erratum mitigation looks something like:

workaround_reset_start cortex_a77, ERRATUM(1925769), ERRATA_A77_1925769
sysreg_bit_set CORTEX_A77_CPUECTLR_EL1, CORTEX_A77_CPUECTLR_EL1_BIT_8
workaround_reset_end cortex_a77, ERRATUM(1925769)

check_erratum_ls cortex_a77, ERRATUM(1925769), CPU_REV(1, 1)

Note, that the long comment on every mitigation is missing. This is on
purpose, as this new format includes all of its contents into an easily
readable format.

The workaround wrappers add an erratum entry (24 bytes) to a per-cpu
data structure which can then be read by a standard reset function to
apply all errata automatically. This has the added benefit of collecting
all errata TF-A knows about in a central way, which was previously
missing. This can then be used at runtime with the errata ABI.

If an erratum doesn't fit this standard definition (eg. the
CVE_2022_23960), it can progressively be unwrapped to the old
convention. The only differences are that the naming format is slightly
more verbose and a call to add_erratum_entry is needed to inform the
framework about the errata.

Finally, the internal workaround names change a tiny bit, especially
CVEs.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iac644f85dcf85b8279b25e83baf1e7d08b253b16

show more ...

refactor(cpus): convert print_errata_status to C

The function is called in a fully initialised C environment and calls
into other C functions. The Aarch differences are minimal and are hidden
by the

refactor(cpus): convert print_errata_status to C

The function is called in a fully initialised C environment and calls
into other C functions. The Aarch differences are minimal and are hidden
by the pre-existing headers. Converting it results into cleaner code
that is the same across both Aarch64 and Aarch32.

To avoid having to do very ugly pointer arithmetic, define a C struct
for the cpu_ops for both Aarch64 and Aarch32.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Idc07c4064e03143c88a4a0e2d10ceda70ba19a50

show more ...

refactor(cpus): rename errata_report.h to errata.h

The ERRATA_XXX macros, used in cpu_helpers.S, are necessary for the
check_errata_xxx family of functions. The CPU_REV should be used in the
cpu fil

refactor(cpus): rename errata_report.h to errata.h

The ERRATA_XXX macros, used in cpu_helpers.S, are necessary for the
check_errata_xxx family of functions. The CPU_REV should be used in the
cpu files but for whatever reason the values have been hard-coded so far
(at the cost of readability). It's evident this file is not strictly for
status reporting.

The new purpose of this file is to make it a one-stop-shop for all
things errata.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1ce22dd36df5aa0bcfc5f2772251f91af8703dfb

show more ...

refactor(cpus): move cpu_ops field defines to a header

The cpu_macros.S file is loaded with lots of definitions for the cpu_ops
structure. However, since they are defined as .equ directives they are

refactor(cpus): move cpu_ops field defines to a header

The cpu_macros.S file is loaded with lots of definitions for the cpu_ops
structure. However, since they are defined as .equ directives they are
inaccessible for C code. Convert them to #defines, put them into order,
refactor them for readability, and extract them to a separate file to
make this possible.

This has the benefit of removing some Aarch differences and a lot of
duplicate code.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I72861794b6c9131285a9297d5918822ed718b228

show more ...

feat(cert-create): add new option for CCA NV ctr

Extends cert_create tool with a new option for CCA NV
counter: ccafw_nvctr.

And changes the non-volatile counter used to protect
the CCA Content Cer

feat(cert-create): add new option for CCA NV ctr

Extends cert_create tool with a new option for CCA NV
counter: ccafw_nvctr.

And changes the non-volatile counter used to protect
the CCA Content Certificate from the Trusted FW NV counter
to the CCA FW NV counter in the CCA CoT description.

Change-Id: I27f3ab2e25809f0dcc56fa05e5c3a25a2e861ef6
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

show more ...

Merge changes I31ec0001,Ib06cd024,I7c11f15d,Ie0d5d4c8,I285f3b59, ... into integration

* changes:
fix(el3-spmc): correctly account for emad_offset
refactor(el3-spmc): avoid unnecessarily revalida

Merge changes I31ec0001,Ib06cd024,I7c11f15d,Ie0d5d4c8,I285f3b59, ... into integration

* changes:
fix(el3-spmc): correctly account for emad_offset
refactor(el3-spmc): avoid unnecessarily revalidating offset
fix(el3-spmc): only call spmc_shm_check_obj() on complete objects
refactor(spmc): assert on out-of-bounds emad access
refactor(el3-spmc): spmc_shmem_obj_get_emad() will never fail
fix(el3-spmc): validate descriptor headers
fix(el3-spmc): use version-dependent minimum descriptor length
refactor(el3-spmc): check emad_count offset

show more ...

feat(rme): save PAuth context when RME is enabled

This patch enables CTX_INCLUDE_PAUTH_REGS for RME builds.
The RMM-EL3 specification is also updated to reflect the changes
and also version of the s

feat(rme): save PAuth context when RME is enabled

This patch enables CTX_INCLUDE_PAUTH_REGS for RME builds.
The RMM-EL3 specification is also updated to reflect the changes
and also version of the same is bumped from 0.1 to 0.2.

Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I2e96a592d2b75abaee24294240c1727c5ceba420

show more ...

fix(qemu): fix 32-bit builds with stack protector

When using the ENABLE_STACK_PROTECTOR=strong build option, the QEMU code
will try to use the RNDR CPU instructions to initialise the stack
canary. S

fix(qemu): fix 32-bit builds with stack protector

When using the ENABLE_STACK_PROTECTOR=strong build option, the QEMU code
will try to use the RNDR CPU instructions to initialise the stack
canary. Since the instructions are defined for AArch64 only, this will
fail to build for AArch32.

And even though we now always return "false" when asked about the
availability of the RNDR instruction, the compiler will still leave the
reference to read_rdnr() in, if optimisations are turned off (-O0).

Avoid this by providing a dummy read_rndr() implementation, that makes
the linker happy in any case.

This fixes the QEMU build for AArch32 with ENABLE_STACK_PROTECTOR=strong

Change-Id: Ibf450ba4a46167fdf3a14a527d338350ced8b5ba
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

feat(cpufeat): deny AArch64-only features when building for AArch32

Many newer architecture features are defined for AArch64 only, so cannot
be used in an AArch32 build.

To avoid #ifdef-ing every s

feat(cpufeat): deny AArch64-only features when building for AArch32

Many newer architecture features are defined for AArch64 only, so cannot
be used in an AArch32 build.

To avoid #ifdef-ing every single user, just provide trivial
implementations of the feature check functions is_feat_xxx_supported(),
which always return "false" in AArch32. The compiler will then optimise
out the dependent code automatically.

Change-Id: I1e7d653fca0e676a11858efd953c2d623f2d5c9e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

feat(cpufeat): add AArch32 PAN detection support

FEAT_PAN is implemented in AArch32 as well, provide the helper functions
to query the feature availability at runtime.

Change-Id: I375e3eb7b05955ea2

feat(cpufeat): add AArch32 PAN detection support

FEAT_PAN is implemented in AArch32 as well, provide the helper functions
to query the feature availability at runtime.

Change-Id: I375e3eb7b05955ea28a092ba99bb93302af48a0e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

feat(optee): add device tree for coreboot table

This adds creation of a device tree that will be passed to OP-TEE.
Currently that device tree only contains the coreboot table per the
Linux coreboot

feat(optee): add device tree for coreboot table

This adds creation of a device tree that will be passed to OP-TEE.
Currently that device tree only contains the coreboot table per the
Linux coreboot device tree specification. This device tree is then
passed to OP-TEE so it can extract the CBMEM console information from
the coreboot table for logging purposes.

Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
Change-Id: I6a26d335e16f7226018c56ad571cca77b81b0f6a

show more ...

fix: increase BL32 limit

BL32_LIMIT has been increased from 2MB to 4MB to accommodate
the latest tee.bin (it is around ~2.1MB).

Change-Id: I47b770bf23c23d38931a2b3316d076b829338d70
Signed-off-by: M

fix: increase BL32 limit

BL32_LIMIT has been increased from 2MB to 4MB to accommodate
the latest tee.bin (it is around ~2.1MB).

Change-Id: I47b770bf23c23d38931a2b3316d076b829338d70
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Co-developed-by: Juan Pablo Conde <juanpablo.conde@arm.com>

show more ...

Merge changes I1bfa797e,I0ec7a70e into integration

* changes:
fix(tree): correct some typos
fix(rockchip): use semicolon instead of comma

Merge changes from topic "mp/feat_ras" into integration

* changes:
refactor(cpufeat): enable FEAT_RAS for FEAT_STATE_CHECKED
refactor(ras): replace RAS_EXTENSION with FEAT_RAS

Merge changes from topic "srm/Errata_ABI_El3" into integration

* changes:
docs(errata_abi): document the errata abi changes
feat(fvp): enable errata management interface
fix(cpus): workaround

Merge changes from topic "srm/Errata_ABI_El3" into integration

* changes:
docs(errata_abi): document the errata abi changes
feat(fvp): enable errata management interface
fix(cpus): workaround platforms non-arm interconnect
refactor(errata_abi): factor in non-arm interconnect
feat(errata_abi): errata management firmware interface

show more ...

fix(tree): correct some typos

found using codespell (https://github.com/codespell-project/codespell).

Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Change-Id: I1bfa797e3460adddeefa916bb68e22beddaf6

fix(tree): correct some typos

found using codespell (https://github.com/codespell-project/codespell).

Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Change-Id: I1bfa797e3460adddeefa916bb68e22beddaf6373

show more ...

Merge changes I06b35f11,If80573d6 into integration

* changes:
docs: remove plat_convert_pk() interface from release doc
chore(io): remove io_dummy driver

refactor(cpufeat): enable FEAT_RAS for FEAT_STATE_CHECKED

At the moment we only support FEAT_RAS to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime det

refactor(cpufeat): enable FEAT_RAS for FEAT_STATE_CHECKED

At the moment we only support FEAT_RAS to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (FEAT_RAS=2), by splitting
is_armv8_2_feat_ras_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access RAS related registers.

Also move the context saving code from assembly to C, and use the new
is_feat_ras_supported() function to guard its execution.

Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.

Change-Id: I30498f72fd80b136850856244687400456a03d0e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>

show more ...

refactor(ras): replace RAS_EXTENSION with FEAT_RAS

The current usage of RAS_EXTENSION in TF-A codebase is to cater for two
things in TF-A :
1. Pull in necessary framework and platform hooks for Firm

refactor(ras): replace RAS_EXTENSION with FEAT_RAS

The current usage of RAS_EXTENSION in TF-A codebase is to cater for two
things in TF-A :
1. Pull in necessary framework and platform hooks for Firmware first
handling(FFH) of RAS errors.
2. Manage the FEAT_RAS extension when switching the worlds.

FFH means that all the EAs from NS are trapped in EL3 first and signaled
to NS world later after the first handling is done in firmware. There is
an alternate way of handling RAS errors viz Kernel First handling(KFH).
Tying FEAT_RAS to RAS_EXTENSION build flag was not correct as the
feature is needed for proper handling KFH in as well.

This patch breaks down the RAS_EXTENSION flag into a flag to denote the
CPU architecture `ENABLE_FEAT_RAS` which is used in context management
during world switch and another flag `RAS_FFH_SUPPORT` to pull in
required framework and platform hooks for FFH.

Proper support for KFH will be added in future patches.

BREAKING CHANGE: The previous RAS_EXTENSION is now deprecated. The
equivalent functionality can be achieved by the following
2 options:
- ENABLE_FEAT_RAS
- RAS_FFH_SUPPORT

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I1abb9ab6622b8f1b15712b12f17612804d48a6ec

show more ...

Merge changes from topic "assert_boolean_set" into integration

* changes:
build!: check boolean flags are not empty
fix(build): add a default value for INVERTED_MEMMAP
fix(a5ds): add default v

Merge changes from topic "assert_boolean_set" into integration

* changes:
build!: check boolean flags are not empty
fix(build): add a default value for INVERTED_MEMMAP
fix(a5ds): add default value for ARM_DISABLE_TRUSTED_WDOG
fix(st-crypto): move flag control into source code
fix(stm32mp1): always define PKA algos flags
fix(stm32mp1): remove boolean check on PLAT_TBBR_IMG_DEF

show more ...