refactor(measured boot): rename tpm_record_measurement()

tpm_record_measurement() function name suggests that:

- It only records a measurement but does not compute it.
This is not the case, the

refactor(measured boot): rename tpm_record_measurement()

tpm_record_measurement() function name suggests that:

- It only records a measurement but does not compute it.
This is not the case, the function does both.

- It stores this measurement into a TPM (discrete chip or fTPM).
This is not the case either, the measurement is just stored into
the event log, which is a data structure hold in memory, there is
no TPM involvement here.

To better convey the intent of the function, rename it into
event_log_measure_and_record().

Change-Id: I0102eeda477d6c6761151ac96759b31b6997e9fb
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

fix(nxp/scfg): fix endianness checking

It is a typo to check NXP_GUR_LE in scfg driver.

Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I4b952bf4136dd626d88fc4797dba2be445395801

Merge "feat(fvp_r): configure system registers to boot rich OS" into integration

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME

show more ...

feat(fvp_r): configure system registers to boot rich OS

Following system registers are modified before exiting EL2 to allow
u-boot/Linux to boot
1. CNTHCTL_EL2.EL1PCTEN -> 1
Allows U-boot to

feat(fvp_r): configure system registers to boot rich OS

Following system registers are modified before exiting EL2 to allow
u-boot/Linux to boot
1. CNTHCTL_EL2.EL1PCTEN -> 1
Allows U-boot to use physical counters at EL1
2. VTCR_EL2.MSA -> 1
Enables VMSA at EL1, which is required by U-Boot and Linux.
3. HCR_EL2.APK = 1 & HCR_EL2.API = 1
Disables PAuth instruction and register traps in EL1

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I58f45b6669a9ad1debb80265b243015c054a9bb1

show more ...

fix(include/drivers/flexspi): fix warm boot wait time for MT35XU512A

Now lx2 which use MT35XU512A supports warm boot, fix the macro
define caused by the commit:
feat(driver/nxp/xspi): add MT35XU02G

fix(include/drivers/flexspi): fix warm boot wait time for MT35XU512A

Now lx2 which use MT35XU512A supports warm boot, fix the macro
define caused by the commit:
feat(driver/nxp/xspi): add MT35XU02G flash info

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I83eb8cb9a30ac7c7efd5a010acbd03eddebed52b

show more ...

refactor(stpmic1): use BIT and GENMASK helpers

Use BIT and GENMASK macros to ease stpmic1.h reading.

Change-Id: I808a62818d4188bb2f3686ab37518d369b6c41cb
Signed-off-by: Yann Gautier <yann.gautier@f

refactor(stpmic1): use BIT and GENMASK helpers

Use BIT and GENMASK macros to ease stpmic1.h reading.

Change-Id: I808a62818d4188bb2f3686ab37518d369b6c41cb
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>

show more ...

Merge "refactor(measured boot): remove unused extern" into integration

refactor(gpt): productize and refactor GPT library

This patch updates and refactors the GPT library and fixes bugs.

- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are

refactor(gpt): productize and refactor GPT library

This patch updates and refactors the GPT library and fixes bugs.

- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are set at runtime, L0GPTSZ is read from GPCCR_EL3.
- Use compiler definitions to simplify code.
- Renaming functions to better suit intended uses.
- MMU enabled before GPT APIs called.
- Add comments to make function usage more clear in GPT library.
- Added _rme suffix to file names to differentiate better from the
GPT file system code.
- Renamed gpt_defs.h to gpt_rme_private.h to better separate private
and public code.
- Renamed gpt_core.c to gpt_rme.c to better conform to TF-A precedent.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I4cbb23b0f81e697baa9fb23ba458aa3f7d1ed919

show more ...

Merge "fix(errata): workaround for Cortex-A710 erratum 2058056" into integration

Merge changes from topic "ethosn-multi-device" into integration

* changes:
feat(drivers/arm/ethosn)!: multi-device support
feat(fdt): add for_each_compatible_node macro

Merge changes If7dec725,Iedcb84a7,Ife0a4bec into integration

* changes:
errata: workaround for Cortex-A78 erratum 2132060
errata: workaround for Neoverse-V1 erratum 2108267
fix(errata): workar

Merge changes If7dec725,Iedcb84a7,Ife0a4bec into integration

* changes:
errata: workaround for Cortex-A78 erratum 2132060
errata: workaround for Neoverse-V1 erratum 2108267
fix(errata): workaround for Neoverse-N2 erratum 2138953

show more ...

feat(plat/arm): add GPT initialization code for Arm platforms

When RME is enabled, during configuration of the TrustZone controller,
Root regions are initially configured as Secure regions, and Real

feat(plat/arm): add GPT initialization code for Arm platforms

When RME is enabled, during configuration of the TrustZone controller,
Root regions are initially configured as Secure regions, and Realm
regions as Non-secure regions. Then later these regions are configured
as Root and Realm regions respectively in the GPT. According to the RME
architecture reference manual, Root firmware must ensure that Granule
Protection Check is enabled before enabling any stage of translation.
Therefore initializations are done as follows when RME is enabled :

Initialize/enable the TrustZone controller (plat_arm_security_setup) -->
Initialize/enable GPC (arm_bl2_plat_gpt_setup) -->
enable MMU (enable_mmu_el3)

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I91094e8259079437bee02de1f65edb9ad51e43cf

show more ...

feat(plat/fvp): add memory map for FVP platform for FEAT_RME

When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch intro

feat(plat/fvp): add memory map for FVP platform for FEAT_RME

When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch introduces new carveouts for the Trusted SRAM and DRAM
for the FVP platform accordingly.

The following new regions are introduced with this change:

ARM_MAP_L0_GPT_REGION: Trusted SRAM region used to store Level 0
Granule Protection Table (GPT). This region resides in the Root PAS.

ARM_MAP_GPT_L1_DRAM: DRAM region used to store Level 1 GPT. It
resides in the Root PAS.

ARM_MAP_RMM_DRAM: DRAM region used to store RMM image. It
resides in the Realm PAS.

The L0 GPT is stored on Trusted SRAM next to firmware configuration
memory. The DRAM carveout when RME is enable is modified as follow:

--------------------
| |
| AP TZC (~28MB) |
--------------------
| |
| REALM (32MB) |
--------------------
| |
| EL3 TZC (3MB) |
--------------------
| L1 GPT + SCP TZC |
| (~1MB) |
0xFFFF_FFFF --------------------

During initialization of the TrustZone controller, Root regions
are configured as Secure regions. Then they are later reconfigured
to Root upon GPT initialization.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: If2e257141d51f51f715b70d4a06f18af53607254

show more ...

refactor(plat/arm): modify memory region attributes to account for FEAT_RME

If FEAT_RME is enabled, EL3 runs in the Root world as opposed to
Secure world. This patch changes EL3 memory region attrib

refactor(plat/arm): modify memory region attributes to account for FEAT_RME

If FEAT_RME is enabled, EL3 runs in the Root world as opposed to
Secure world. This patch changes EL3 memory region attributes for
Arm platforms accordingly.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ie176f8b440ff34330e4e44bd3bf8d9703b3892ff

show more ...

feat(rme): add GPT Library

This patch introduces the Granule Protection Table (GPT)
library code. This implementation will be updated later to
be more flexible, as the current implementation is very

feat(rme): add GPT Library

This patch introduces the Granule Protection Table (GPT)
library code. This implementation will be updated later to
be more flexible, as the current implementation is very rigid.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I3af824a28c6e9a5d36459c0c51d2d9bebfba1505

show more ...

feat(rme): add ENABLE_RME build option and support for RMM image

The changes include:

- A new build option (ENABLE_RME) to enable FEAT_RME

- New image called RMM. RMM is R-EL2 firmware that manage

feat(rme): add ENABLE_RME build option and support for RMM image

The changes include:

- A new build option (ENABLE_RME) to enable FEAT_RME

- New image called RMM. RMM is R-EL2 firmware that manages Realms.
When building TF-A, a path to RMM image can be specified using
the "RMM" build flag. If RMM image is not provided, TRP is built
by default and used as RMM image.

- Support for RMM image in fiptool

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I017c23ef02e465a5198baafd665a60858ecd1b25

show more ...

feat(rme): add context management changes for FEAT_RME

This patch adds a new context for realm world and realm world
awareness in context management.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm

feat(rme): add context management changes for FEAT_RME

This patch adds a new context for realm world and realm world
awareness in context management.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: Ic17469393603e789d7adc025880346bc3d6233d7

show more ...

feat(rme): add Test Realm Payload (TRP)

TRP is a small test payload that implements Realm Monitor
Management (RMM) functionalities. RMM runs in the Realm world
(R-EL2) and manages the execution of R

feat(rme): add Test Realm Payload (TRP)

TRP is a small test payload that implements Realm Monitor
Management (RMM) functionalities. RMM runs in the Realm world
(R-EL2) and manages the execution of Realm VMs and their
interaction with the hypervisor in Normal world.

TRP is used to test the interface between RMM and Normal world
software, known as Realm Management Interface (RMI). Current
functions includes returning RMM version and transitioning
granules from Non-secure to Realm world and vice versa.

More information about RMM can be found at:
https://developer.arm.com/documentation/den0125/latest

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ic7b9a1e1f3142ef6458d40150d0b4ba6bd723ea2

show more ...

feat(rme): add RMM dispatcher (RMMD)

This patch introduces the RMM dispatcher into BL31. This
will be the mechanism that will enable communication to
take place between the Realm and non-secure worl

feat(rme): add RMM dispatcher (RMMD)

This patch introduces the RMM dispatcher into BL31. This
will be the mechanism that will enable communication to
take place between the Realm and non-secure world. Currently
gives the capability for granules to be
transitioned from non-secure type to realm and vice versa.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I1fdc99a4bdd42bc14911aa0c6954b131de309511

show more ...

feat(rme): run BL2 in root world when FEAT_RME is enabled

This patch enables BL2 to run in root world (EL3) which is
needed as per the security model of RME-enabled systems.

Using the existing BL2_

feat(rme): run BL2 in root world when FEAT_RME is enabled

This patch enables BL2 to run in root world (EL3) which is
needed as per the security model of RME-enabled systems.

Using the existing BL2_AT_EL3 TF-A build option is not convenient
because that option assumes TF-A BL1 doesn't exist, which is not
the case for RME-enabled systems. For the purposes of RME, we use
a normal BL1 image but we also want to run BL2 in EL3 as normally as
possible, therefore rather than use the special bl2_entrypoint
function in bl2_el3_entrypoint.S, we use a new bl2_entrypoint
function (in bl2_rme_entrypoint.S) which doesn't need reset or
mailbox initialization code seen in the el3_entrypoint_common macro.

The patch also cleans up bl2_el3_entrypoint.S, moving the
bl2_run_next_image function to its own file to avoid duplicating
code.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I99821b4cd550cadcb701f4c0c4dc36da81c7ef55

show more ...

feat(rme): add xlat table library changes for FEAT_RME

FEAT_RME adds a new bit (NSE) in the translation table descriptor
to determine the Physical Address Space (PAS) of an EL3 stage 1
translation a

feat(rme): add xlat table library changes for FEAT_RME

FEAT_RME adds a new bit (NSE) in the translation table descriptor
to determine the Physical Address Space (PAS) of an EL3 stage 1
translation according to the following mapping:

TTD.NSE TTD.NS | PAS
=================================
0 0 | Secure
0 1 | Non-secure
1 0 | Root
1 1 | Realm

This patch adds modifications to version 2 of the translation table
library accordingly. Bits 4 and 5 in mmap attribute are used to
determine the PAS.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I82790f6900b7a1ab9494c732eac7b9808a388103

show more ...

Merge "refactor(drivers/st/clk): change fdt_get_rcc_node as static" into integration

refactor(measured boot): remove unused extern

Change-Id: I4fb7a79c2f31973a3cd181feaface9a42bc3246f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

feat(rme): add Realm security state definition

FEAT_RME introduces two additional security states,
Root and Realm security states. This patch adds Realm
security state awareness to SMCCC helpers and

feat(rme): add Realm security state definition

FEAT_RME introduces two additional security states,
Root and Realm security states. This patch adds Realm
security state awareness to SMCCC helpers and entry point info
structure.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9cdefcc1aa71259b2de46e5fb62b28d658fa59bd

show more ...