feat(rmmd): add support to create a boot manifest

This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Ch

feat(rmmd): add support to create a boot manifest

This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I1374f8f9cb207028f1820953cd2a5cf6d6c3b948

show more ...

fix(rme): use RMM shared buffer for attest SMCs

Use the RMM shared buffer to attestation token and signing key SMCs.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id:

fix(rme): use RMM shared buffer for attest SMCs

Use the RMM shared buffer to attestation token and signing key SMCs.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I313838b26d3d9334fb0fe8cd4b229a326440d2f4

show more ...

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, am

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.

The RMM boot manifest is not implemented by this patch.

In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a

show more ...

Merge changes from topics "binary-format-sp", "od/meas-boot-spmc" into integration

* changes:
feat(spm): add tpm event log node to spmc manifest
fix(measured-boot): add SP entries to event_log_m

Merge changes from topics "binary-format-sp", "od/meas-boot-spmc" into integration

* changes:
feat(spm): add tpm event log node to spmc manifest
fix(measured-boot): add SP entries to event_log_metadata

show more ...

Merge "feat(auth): enable MBEDTLS_CHECK_RETURN_WARNING" into integration

Merge changes from topic "mb_hash" into integration

* changes:
refactor(imx): update config of mbedtls support
refactor(qemu): update configuring mbedtls support
refactor(measured-boot): mb al

Merge changes from topic "mb_hash" into integration

* changes:
refactor(imx): update config of mbedtls support
refactor(qemu): update configuring mbedtls support
refactor(measured-boot): mb algorithm selection

show more ...

feat(auth): enable MBEDTLS_CHECK_RETURN_WARNING

Define the MBEDTLS_CHECK_RETURN_WARNING macro in mbedTLS configuration
file to get compile-time warnings for mbedTLS functions we call and do
not chec

feat(auth): enable MBEDTLS_CHECK_RETURN_WARNING

Define the MBEDTLS_CHECK_RETURN_WARNING macro in mbedTLS configuration
file to get compile-time warnings for mbedTLS functions we call and do
not check the return value of. Right now, this does not flag anything
but it could help catching bugs in the future.

This was a new feature introduced in mbed TLS 2.28.0 release.

Change-Id: If26f3c83b6ccc8bc60e75c3e582ab20817d047aa
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Merge changes from topic "lw/cca_cot" into integration

* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build

Merge changes from topic "lw/cca_cot" into integration

* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build(tbbr): drive cert_create changes for cca CoT
refactor(arm): add cca CoT certificates to fconf
feat(fiptool): add cca, core_swd, plat cert in FIP
feat(cert_create): define the cca chain of trust
feat(cca): introduce new "cca" chain of trust
build(changelog): add new scope for CCA
refactor(fvp): increase bl2 size when bl31 in DRAM

show more ...

Merge changes from topic "mb/gic600-errata" into integration

* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaro

Merge changes from topic "mb/gic600-errata" into integration

* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaround to forward highest priority interrupt

show more ...

Merge "fix(errata): workaround for Neoverse-V1 erratum 2372203" into integration

Merge "fix(errata): workaround for Cortex-A77 erratum 2356587" into integration

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algori

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:

- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.

- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.

- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I4ddf06ebdc3835beb4d1b6c7bab5a257ffc5c71a

show more ...

fix(errata): workaround for Cortex-A77 erratum 2356587

Cortex-A77 erratum 2356587 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUAC

fix(errata): workaround for Cortex-A77 erratum 2356587

Cortex-A77 erratum 2356587 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1152370/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I243cfd587bca06ffd2a7be5bce28f8d2c5e68230

show more ...

fix(errata): workaround for Neoverse-V1 erratum 2372203

Neoverse-V1 erratum 2372203 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[40] of
CP

fix(errata): workaround for Neoverse-V1 erratum 2372203

Neoverse-V1 erratum 2372203 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[40] of
CPUACTLR2_EL1 to disable folding of demand requests into older
prefetches with L2 miss requests outstanding.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ice8c2e5a0152972a35219c8245a2e07e646d0557

show more ...

refactor(arm): update BL2 base address

BL2 base address updated to provide enough space for BL31 in
Trusted SRAM when building with BL2_AT_EL3 and ENABLE_PIE options.

Signed-off-by: Manish V Badark

refactor(arm): update BL2 base address

BL2 base address updated to provide enough space for BL31 in
Trusted SRAM when building with BL2_AT_EL3 and ENABLE_PIE options.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ieaba00d841648add855feb99b7923a4b0cccfb08

show more ...

refactor(nxp): use DPG0 mask from Arm GICv3 header

Removed GICR_CTLR_DPG0_MASK definition from platform GIC header file
as Arm GICv3 header file added its definition.

Change-Id: Ieec43aeef96b9b6c8a

refactor(nxp): use DPG0 mask from Arm GICv3 header

Removed GICR_CTLR_DPG0_MASK definition from platform GIC header file
as Arm GICv3 header file added its definition.

Change-Id: Ieec43aeef96b9b6c8a7f955a8d145be6e4b183c5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(gic600): implement workaround to forward highest priority interrupt

If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET com

fix(gic600): implement workaround to forward highest priority interrupt

If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET command may not
be delivered in a finite time. To workaround this, issue an unblocking
event by toggling GICR_CTLR.DPG* bits after clearing the cpu group
enable (EnableGrp* bits of GIC CPU interface register)
This fix is implemented as per the errata 2384374-part 2 workaround
mentioned here:
https://developer.arm.com/documentation/sden892601/latest/

Change-Id: I13926ceeb7740fa4c05cc5b43170e7ce49598f70
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(fiptool): add cca, core_swd, plat cert in FIP

Added support for cca CoT in the fiptool by adding the cca,
core_swd, and plat key certificates.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmei

feat(fiptool): add cca, core_swd, plat cert in FIP

Added support for cca CoT in the fiptool by adding the cca,
core_swd, and plat key certificates.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I1ba559e188ad8c33cb0e643d7a2fc6fb96736ab9

show more ...

feat(cca): introduce new "cca" chain of trust

This chain of trust is targeted at Arm CCA solutions and defines 3
independent signing domains:

1) CCA signing domain. The Arm CCA Security Model (Arm

feat(cca): introduce new "cca" chain of trust

This chain of trust is targeted at Arm CCA solutions and defines 3
independent signing domains:

1) CCA signing domain. The Arm CCA Security Model (Arm DEN-0096.A.a) [1]
refers to the CCA signing domain as the provider of CCA components
running on the CCA platform. The CCA signing domain might be independent
from other signing domains providing other firmware blobs.

The CCA platform is a collective term used to identify all hardware and
firmware components involved in delivering the CCA security guarantee.
Hence, all hardware and firmware components on a CCA enabled system that
a Realm is required to trust.

In the context of TF-A, this corresponds to BL1, BL2, BL31, RMM and
associated configuration files.

The CCA signing domain is rooted in the Silicon ROTPK, just as in the
TBBR CoT.

2) Non-CCA Secure World signing domain. This includes SPMC (and
associated configuration file) as the expected BL32 image as well as
SiP-owned secure partitions. It is rooted in a new SiP-owned key called
Secure World ROTPK, or SWD_ROTPK for short.

3) Platform owner signing domain. This includes BL33 (and associated
configuration file) and the platform owner's secure partitions. It is
rooted in the Platform ROTPK, or PROTPK.

[1] https://developer.arm.com/documentation/DEN0096/A_a

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I6ffef3f53d710e6a2072fb4374401249122a2805

show more ...

fix(errata): workaround for Neoverse-V1 erratum 2294912

Neoverse-V1 erratum 2294912 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPU

fix(errata): workaround for Neoverse-V1 erratum 2294912

Neoverse-V1 erratum 2294912 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ia7afb4c42fe66b36fdf38a7d4281a0d168f68354

show more ...

Merge "refactor(context mgmt): refactor EL2 context save and restore functions" into integration

Merge changes from topic "jc/detect_feat" into integration

* changes:
feat(trbe): add trbe under feature detection mechanism
feat(brbe): add brbe under feature detection mechanism

Merge "fix(mmc): remove broken, unsecure, unused eMMC RPMB handling" into integration

refactor(context mgmt): refactor EL2 context save and restore functions

This patch splits the el2_sysregs_context_save/restore functions
into multiple functions based on features. This will allow us

refactor(context mgmt): refactor EL2 context save and restore functions

This patch splits the el2_sysregs_context_save/restore functions
into multiple functions based on features. This will allow us to
selectively save and restore EL2 context registers based on
features enabled for a particular configuration.

For now feature build flags are used to decide which registers
to save and restore. The long term plan is to dynamically check
for features that are enabled and then save/restore registers
accordingly. Splitting el2_sysregs_context_save/restore functions
into smaller assembly functions makes that task easier. For more
information please take a look at:
https://trustedfirmware-a.readthedocs.io/en/latest/design_documents/context_mgmt_rework.html

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I1819a9de8b70fa35c8f45568908025f790c4808c

show more ...

Merge "fix(rme/fid): refactor RME fid macros" into integration