fix(security): add clrbhb support

TF-A mitigates spectre-bhb(CVE-2022-23960) issue with loop
workaround based on - https://developer.arm.com/documentation/110280/latest/

On platforms that support `

fix(security): add clrbhb support

TF-A mitigates spectre-bhb(CVE-2022-23960) issue with loop
workaround based on - https://developer.arm.com/documentation/110280/latest/

On platforms that support `clrbhb` instruction it is recommended to
use `clrbhb` instruction instead of the loop workaround.

Ref- https://developer.arm.com/documentation/102898/0108/

Change-Id: Ie6e56e96378503456a1617d5e5d51bc64c2e0f0b
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

fix(security): remove CVE_2022_23960 Cortex-X4

Cortex-X4 has ECBHB implemented and is protected against X-Context
attacks.

Ref: https://developer.arm.com/documentation/110280/latest/
TRM: https://d

fix(security): remove CVE_2022_23960 Cortex-X4

Cortex-X4 has ECBHB implemented and is protected against X-Context
attacks.

Ref: https://developer.arm.com/documentation/110280/latest/
TRM: https://developer.arm.com/documentation/102484/0003/The-Cortex-X4--core/Supported-standards-and-specifications?lang=en

Remove WORKAROUND_CVE_2022_23960 for Cortex-X4 to avoid accidental
enabling of this workaround and using loop workaround.

This was accidentally added with
commit@8c87becbc64f2e233ac905aa006d5e15a63a9a8b

Change-Id: I23f5fa748377a920340b3c5a6584ccfadeea901a
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

fix(security): remove CVE_2022_23960 Neoverse V3

Neoverse V3 has ECBHB implemented and is protected against X-Context
attacks.

Ref: https://developer.arm.com/documentation/110280/latest/
TRM: https

fix(security): remove CVE_2022_23960 Neoverse V3

Neoverse V3 has ECBHB implemented and is protected against X-Context
attacks.

Ref: https://developer.arm.com/documentation/110280/latest/
TRM: https://developer.arm.com/documentation/107734/0002/The-Neoverse--V3--core/Supported-standards-and-specifications?lang=en

Remove WORKAROUND_CVE_2022_23960 to avoid accidental enabling of this
workaround and using loop workaround.

This was accidentally added with
commit@c2a15217c3053117f4d39233002cb1830fa96670

Change-Id: I13b27c04c3da5ec80fa79422b4ef4fee64738caa
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

fix(security): remove CVE_2022_23960 Cortex-A720

Cortex-A720 has ECBHB implemented and is protected against X-Context
attacks.

Ref: https://developer.arm.com/documentation/110280/latest/
TRM: https

fix(security): remove CVE_2022_23960 Cortex-A720

Cortex-A720 has ECBHB implemented and is protected against X-Context
attacks.

Ref: https://developer.arm.com/documentation/110280/latest/
TRM: https://developer.arm.com/documentation/102530/0002/The-Cortex-A720--core/Supported-standards-and-specifications?lang=en

Remove WORKAROUND_CVE_2022_23960 for Cortex-A720 to avoid accidental
enabling of this workaround and using loop workaround.

This was accidentally added with
commit@c2a15217c3053117f4d39233002cb1830fa96670

Change-Id: I3c68b5f5d85ede37a6a039369de8ed2aa9205395
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

feat(cpus): add support for venom cpu

Add basic CPU library code to support Venom CPU

Change-Id: I84d4cb77b175812811a17e55b4b290585e05d216
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

Merge "feat(scmi): add support for discovering and changing parent clocks" into integration

Merge "feat(cpus): add support for Dionysus cpu library" into integration

feat(scmi): add support for discovering and changing parent clocks

Add base support for discovering and changing parent clocks

This is the part of SCMI platform design document version 3.2,
which i

feat(scmi): add support for discovering and changing parent clocks

Add base support for discovering and changing parent clocks

This is the part of SCMI platform design document version 3.2,
which introduces SCMI clock protocol version 3.0

Add mandatory support for CLOCK_CONFIG_GET which is needed
for SCMI clock protocol version 3.0

Also, add support for clock_enable_delay parameter which got
introduced as new parameter in return values for command
CLOCK_ATTRIBUTES in same SCMI Platform design document v3.2

Change-Id: Ie5cba83dad27bf1e3b51c11c0218259a44c1af59
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>

show more ...

Merge changes from topic "xl/fwu-trial-run" into integration

* changes:
fix(fwu): fwu NV ctr upgraded on trial run
feat(docs): platform hook for whether NV ctr is shared
feat(fwu): add platfor

Merge changes from topic "xl/fwu-trial-run" into integration

* changes:
fix(fwu): fwu NV ctr upgraded on trial run
feat(docs): platform hook for whether NV ctr is shared
feat(fwu): add platform hook for shared NV ctr

show more ...

chore(libfdt): update libfdt to v1.7.2

Where previously we cherry-picked individual sources from the libfdt
project tree, this change instead integrates the entire project tree
into the TF-A reposit

chore(libfdt): update libfdt to v1.7.2

Where previously we cherry-picked individual sources from the libfdt
project tree, this change instead integrates the entire project tree
into the TF-A repository. Doing so reduces the manual overhead of
updating libfdt in the future, as we avoid the need to analyse
individual source-level dependencies.

libfdt, conveniently, also provides a Makefile designed to ease its
integration into foreign build systems (like TF-A's), which we also make
use of in this change.

Source: https://git.kernel.org/pub/scm/utils/dtc/dtc.git/tree/?h=v1.7.2
Change-Id: I8babcfd27019fdd6d255d550491e1bb733745f27
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

feat(qti): introduce basic XPU driver

Introduce basic XPU access control driver which allows currently to
bypass XPU access control until a proper XPU driver is added upstream.

Change-Id: I2b5ad50c

feat(qti): introduce basic XPU driver

Introduce basic XPU access control driver which allows currently to
bypass XPU access control until a proper XPU driver is added upstream.

Change-Id: I2b5ad50c57b0112302d3568e0e0bcf2116d3e259
Co-developed-by: Casey Connolly <casey.connolly@linaro.org>
Signed-off-by: Casey Connolly <casey.connolly@linaro.org>
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>

show more ...

refactor(qti): refactor RNG as a proper driver

Refactor QTI RNG as a proper driver rather than being present in
platform code aligning with common practice followed by other platforms.

Change-Id: I

refactor(qti): refactor RNG as a proper driver

Refactor QTI RNG as a proper driver rather than being present in
platform code aligning with common practice followed by other platforms.

Change-Id: I4c1f23b7ea2f17fdb71792319b4c403db542b757
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>

show more ...

Merge "fix(css): don't require the GICC frame to be defined on GICv3" into integration

feat(fwu): add platform hook for shared NV ctr

The NV ctr should not update when it is shared among
Bl1 and BL2. This is platform specific, therefore add
a platform hook to query the platform for th

feat(fwu): add platform hook for shared NV ctr

The NV ctr should not update when it is shared among
Bl1 and BL2. This is platform specific, therefore add
a platform hook to query the platform for this infor-
mation.

Change-Id: Ib180c8e6a183f7aaa7586e3f008273860d55b414
Signed-off-by: Xialin Liu <xialin.liu@arm.com>

show more ...

Merge "fix(smccc): fixed define when ENABLE_FEAT_FPMR is disabled" into integration

Merge "feat(mbedtls): update mbedtls to version 3.6.5" into integration

fix(css): don't require the GICC frame to be defined on GICv3

It's used for GICv2 operation, which won't happen with v3. CSS will
always use USE_GIC_DRIVER with the correct version so we can rely on

fix(css): don't require the GICC frame to be defined on GICv3

It's used for GICv2 operation, which won't happen with v3. CSS will
always use USE_GIC_DRIVER with the correct version so we can rely on
that to skip passing the GICC frame.

Change-Id: I358b99646f98bd7c6ea398bc8d8900cc80ca15bb
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "bk/simpler_panic" into integration

* changes:
fix(aarch64): do not print EL1 registers on EL3 panic
refactor(el3-runtime): streamline cpu_data assembly offsets using th

Merge changes from topic "bk/simpler_panic" into integration

* changes:
fix(aarch64): do not print EL1 registers on EL3 panic
refactor(el3-runtime): streamline cpu_data assembly offsets using the cpu_ops template

show more ...

fix(arm): derive RMM bank size from payload

Compute the RMM bank size as half of the RMM payload size instead of
using a hardcoded value. This removes duplication and keeps the bank
size automatical

fix(arm): derive RMM bank size from payload

Compute the RMM bank size as half of the RMM payload size instead of
using a hardcoded value. This removes duplication and keeps the bank
size automatically in sync with payload size changes.

Change-Id: I064390ec50115929bf6248344bf08a19fbc15344
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(arm): move lfa componet header to common and fix the helper

Move the FVP LFA component definitions to include/plat/arm/common/
so they can be shared by all Arm platforms, and update include
path

fix(arm): move lfa componet header to common and fix the helper

Move the FVP LFA component definitions to include/plat/arm/common/
so they can be shared by all Arm platforms, and update include
paths accordingly.

On FVP, rename the input parameter to lfa_component_id to match
the function declaration, and fix callers to pass the component
ID (not image_id) to the prime-complete helper.

Change-Id: Ia1485096819d6523c4bee14c602cbde3c6e144ef
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

chore(lfa): rename component_id to lfa_component_id

Refactor the function lfa_is_prime_complete to use a more specific
parameter name, lfa_component_id, enhancing code clarity. This change
improves

chore(lfa): rename component_id to lfa_component_id

Refactor the function lfa_is_prime_complete to use a more specific
parameter name, lfa_component_id, enhancing code clarity. This change
improves readability and reduces potential confusion with other
component identifiers in the codebase.

Change-Id: I00285fce4b7149bd97d6386ef471e9d1598a3fed
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(mbedtls): update mbedtls to version 3.6.5

Change-Id: Ia5366faa71007024e098a05ee391a2ff8e8676c0
Signed-off-by: Slava Andrianov <slava.andrianov@arm.com>

fix(smccc): fixed define when ENABLE_FEAT_FPMR is disabled

Define SCR_FEAT_FPMR as 0 when ENABLE_FEAT_FPMR is disabled to avoid
conditional build inconsistencies.

Signed-off-by: Arvind Ram Prakash

fix(smccc): fixed define when ENABLE_FEAT_FPMR is disabled

Define SCR_FEAT_FPMR as 0 when ENABLE_FEAT_FPMR is disabled to avoid
conditional build inconsistencies.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ibe71fa20fa4ffa98d8fff41517ccbf29755a58c3

show more ...

feat(cpus): add support for Dionysus cpu library

Add basic CPU library code to support the Dionysus CPU.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I4e6b3c7e7369b7cbf0

feat(cpus): add support for Dionysus cpu library

Add basic CPU library code to support the Dionysus CPU.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I4e6b3c7e7369b7cbf0e18d295e5ef5352f621e44

show more ...

fix(libfdt): add suffix 'U' to unsigned integers

This corrects the MISRA violation C2012-7.2:
A “u” or “U” suffix shall be applied to all integer constants that
are represented in an unsigned type.

fix(libfdt): add suffix 'U' to unsigned integers

This corrects the MISRA violation C2012-7.2:
A “u” or “U” suffix shall be applied to all integer constants that
are represented in an unsigned type.
Suffix "U" is added to unsigned integers to fix this violation.

Change-Id: I440a51d944c8772b32c1a80783d19ebcdc87221e
Signed-off-by: Suraj Kakade <suraj.hanumantkakade@amd.com>

show more ...