Add missing support for BL2_AT_EL3 in XIP memory

Add the missing flag for aarch32 XIP memory mode. It was
previously added in aarch64 only.
Minor: Correct the aarch64 missing flag.

Signed-off-by: L

Add missing support for BL2_AT_EL3 in XIP memory

Add the missing flag for aarch32 XIP memory mode. It was
previously added in aarch64 only.
Minor: Correct the aarch64 missing flag.

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iac0a7581a1fd580aececa75f97deb894858f776f

show more ...

Merge "Cortex_hercules: Add support for Hercules-AE" into integration

Cortex_hercules: Add support for Hercules-AE

Not tested on FVP Model.

Change-Id: Iedebc5c1fbc7ea577e94142b7feafa5546f1f4f9
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>

Merge "AArch32: Disable Secure Cycle Counter" into integration

Merge changes from topic "ld/stm32-authentication" into integration

* changes:
stm32mp1: add authentication support for stm32image
bsec: move bsec_mode_is_closed_device() service to platform
c

Merge changes from topic "ld/stm32-authentication" into integration

* changes:
stm32mp1: add authentication support for stm32image
bsec: move bsec_mode_is_closed_device() service to platform
crypto: stm32_hash: Add HASH driver

show more ...

Merge changes from topic "mp/giv3-discovery" into integration

* changes:
Migrate ARM platforms to use the new GICv3 API
Adding new optional PSCI hook pwr_domain_on_finish_late
GICv3: Enable mu

Merge changes from topic "mp/giv3-discovery" into integration

* changes:
Migrate ARM platforms to use the new GICv3 API
Adding new optional PSCI hook pwr_domain_on_finish_late
GICv3: Enable multi socket GIC redistributor frame discovery

show more ...

AArch32: Disable Secure Cycle Counter

This patch changes implementation for disabling Secure Cycle
Counter. For ARMv8.5 the counter gets disabled by setting
SDCR.SCCD bit on CPU cold/warm boot. For

AArch32: Disable Secure Cycle Counter

This patch changes implementation for disabling Secure Cycle
Counter. For ARMv8.5 the counter gets disabled by setting
SDCR.SCCD bit on CPU cold/warm boot. For the earlier
architectures PMCR register is saved/restored on secure
world entry/exit from/to Non-secure state, and cycle counting
gets disabled by setting PMCR.DP bit.
In 'include\aarch32\arch.h' header file new
ARMv8.5-PMU related definitions were added.

Change-Id: Ia8845db2ebe8de940d66dff479225a5b879316f8
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge changes I0283fc2e,Ib476d024,Iada05f7c into integration

* changes:
hikey: fix to load FIP by partition table.
hikey960: fix to load FIP by partition table
drivers: partition: support diff

Merge changes I0283fc2e,Ib476d024,Iada05f7c into integration

* changes:
hikey: fix to load FIP by partition table.
hikey960: fix to load FIP by partition table
drivers: partition: support different block size

show more ...

Migrate ARM platforms to use the new GICv3 API

This patch invokes the new function gicv3_rdistif_probe() in the
ARM platform specific gicv3 driver. Since this API modifies the
shared GIC related dat

Migrate ARM platforms to use the new GICv3 API

This patch invokes the new function gicv3_rdistif_probe() in the
ARM platform specific gicv3 driver. Since this API modifies the
shared GIC related data structure, it must be invoked coherently
by using the platform specific pwr_domain_on_finish_late hook.

Change-Id: I6efb17d5da61545a1c5a6641b8f58472b31e62a8
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Adding new optional PSCI hook pwr_domain_on_finish_late

This PSCI hook is similar to pwr_domain_on_finish but is
guaranteed to be invoked with the respective core and cluster are
participating in co

Adding new optional PSCI hook pwr_domain_on_finish_late

This PSCI hook is similar to pwr_domain_on_finish but is
guaranteed to be invoked with the respective core and cluster are
participating in coherency. This will be necessary to safely invoke
the new GICv3 API which modifies shared GIC data structures concurrently.

Change-Id: I8e54f05c9d4ef5712184c9c18ba45ac97a29eb7a
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

GICv3: Enable multi socket GIC redistributor frame discovery

This patch provides declaration and definition of new GICv3 driver
API: gicv3_rdistif_probe().This function delegates the responsibility

GICv3: Enable multi socket GIC redistributor frame discovery

This patch provides declaration and definition of new GICv3 driver
API: gicv3_rdistif_probe().This function delegates the responsibility
of discovering the corresponding Redistributor base frame to each CPU
itself. It is a modified version of gicv3_rdistif_base_addrs_probe()
and is executed by each CPU in the platform unlike the previous
approach in which only the Primary CPU did the discovery of all the
Redistributor frames for every CPU.

The flush operations as part of gicv3_driver_init() function are
made necessary even for platforms with WARMBOOT_ENABLE_DCACHE_EARLY
because the GICv3 driver data structure contents are accessed by CPU
with D-Cache turned off during power down operations.

Change-Id: I1833e81d3974b32a3e4a3df4766a33d070982268
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

bsec: move bsec_mode_is_closed_device() service to platform

This BSEC service is a platform specific service. Implementation
moved to the platform part.

Signed-off-by: Lionel Debieve <lionel.debiev

bsec: move bsec_mode_is_closed_device() service to platform

This BSEC service is a platform specific service. Implementation
moved to the platform part.

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I1f70ed48a446860498ed111acce01187568538c9

show more ...

crypto: stm32_hash: Add HASH driver

The driver manages the HASH processor IP on STM32MP1

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I3b67c80c16d819f86b951dae29a6c465e51ad585

drivers: partition: support different block size

The block size of some storage device is 4096-byte long, such as UFS. But
PARTITION_BLOCK_SIZE is defined as 512-byte long. So replace it by
PLAT_PAR

drivers: partition: support different block size

The block size of some storage device is 4096-byte long, such as UFS. But
PARTITION_BLOCK_SIZE is defined as 512-byte long. So replace it by
PLAT_PARTITION_BLOCK_SIZE. Make it configurable in platform.

Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Change-Id: Iada05f7c646d0a0f2c0d3b8545540b3cb7153de3

show more ...

Merge changes from topic "raspberry-pi-4-support" into integration

* changes:
Add fdt_add_reserved_memory() helper function
qemu: Move and generalise FDT PSCI fixup

Merge changes from topic "raspberry-pi-4-support" into integration

* changes:
rpi3: Move rng driver to drivers
rpi3: Move VC mailbox driver into generic drivers directory
rpi3: Move rpi3_hw.h

Merge changes from topic "raspberry-pi-4-support" into integration

* changes:
rpi3: Move rng driver to drivers
rpi3: Move VC mailbox driver into generic drivers directory
rpi3: Move rpi3_hw.h header file to include/rpi_hw.h

show more ...

Add fdt_add_reserved_memory() helper function

If a firmware component like TF-A reserves special memory regions for
its own or secure payload services, it should announce the location and
size of th

Add fdt_add_reserved_memory() helper function

If a firmware component like TF-A reserves special memory regions for
its own or secure payload services, it should announce the location and
size of those regions to the non-secure world. This will avoid
disappointment when some rich OS tries to acccess this memory, which
will likely end in a crash.

The traditional way of advertising reserved memory using device tree is
using the special memreserve feature of the device tree blob (DTB).
However by definition those regions mentioned there do not prevent the
rich OS to map this memory, which may lead to speculative accesses to
this memory and hence spurious bus errors.

A safer way of carving out memory is to use the /reserved-memory node as
part of the normal DT structure. Besides being easier to setup, this
also defines an explicit "no-map" property to signify the secure-only
nature of certain memory regions, which avoids the rich OS to
accidentally step on it.

Add a helper function to allow platform ports to easily add a region.

Change-Id: I2b92676cf48fd3bdacda05b5c6b1c7952ebed68c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

rpi3: Move rng driver to drivers

To allow sharing the driver between the RPi3 and RPi4, move the random
number generator driver into the generic driver directory.

Change-Id: Iae94d7cb22c6bce3af9bff

rpi3: Move rng driver to drivers

To allow sharing the driver between the RPi3 and RPi4, move the random
number generator driver into the generic driver directory.

Change-Id: Iae94d7cb22c6bce3af9bff709d76d4caf87b14d1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

qemu: Move and generalise FDT PSCI fixup

The QEMU platform port scans its device tree to advertise PSCI as the
CPU enable method. It does this by scanning *every* node in the DT and
check whether it

qemu: Move and generalise FDT PSCI fixup

The QEMU platform port scans its device tree to advertise PSCI as the
CPU enable method. It does this by scanning *every* node in the DT and
check whether its compatible string starts with "arm,cortex-a". Then it
sets the enable-method to PSCI, if it doesn't already have one.

Other platforms might want to use this functionality as well, so let's
move it out of the QEMU platform directory and make it more robust by
fixing some shortcomings:
- A compatible string starting with a certain prefix is not a good way
to find the CPU nodes. For instance a "arm,cortex-a72-pmu" node will
match as well and is in turn favoured with an enable-method.
- If the DT already has an enable-method, we won't change this to PSCI.

Those two issues will for instance fail on the Raspberry Pi 4 DT.
To fix those problems, we adjust the scanning method:
The DT spec says that all CPU nodes are subnodes of the mandatory
/cpus node, which is a subnode of the root node. Also each CPU node has
to have a device_type = "cpu" property. So we find the /cpus node, then
scan for a subnode with the proper device_type, forcing the
enable-method to "psci".
We have to restart this search after a property has been patched, as the
node offsets might have changed meanwhile.

This allows this routine to be reused for the Raspberry Pi 4 later.

Change-Id: I00cae16cc923d9f8bb96a9b2a2933b9a79b06139
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

rpi3: Move VC mailbox driver into generic drivers directory

To allow sharing the driver between the RPi3 and RPi4, move the mailbox
driver into the generic driver directory.

Change-Id: I463e49acf82

rpi3: Move VC mailbox driver into generic drivers directory

To allow sharing the driver between the RPi3 and RPi4, move the mailbox
driver into the generic driver directory.

Change-Id: I463e49acf82b02bf004f3d56482b7791f3020bc0
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge "Refactor ARMv8.3 Pointer Authentication support code" into integration

Refactor ARMv8.3 Pointer Authentication support code

This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key gene

Refactor ARMv8.3 Pointer Authentication support code

This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.

Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge changes from topic "jc/rsa-pkcs" into integration

* changes:
Remove RSA PKCS#1 v1.5 support from cert_tool
Add documentation for new KEY_SIZE option
Add cert_create tool support for RSA

Merge changes from topic "jc/rsa-pkcs" into integration

* changes:
Remove RSA PKCS#1 v1.5 support from cert_tool
Add documentation for new KEY_SIZE option
Add cert_create tool support for RSA key sizes
Support larger RSA key sizes when using MBEDTLS

show more ...

Merge changes I08cf22df,I535ee414,Ie84cfc96,I8c35ce4e,If7649764, ... into integration

* changes:
mediatek: mt8183: Support coreboot configuration
mediatek: mt8183: support system reset
mediate

Merge changes I08cf22df,I535ee414,Ie84cfc96,I8c35ce4e,If7649764, ... into integration

* changes:
mediatek: mt8183: Support coreboot configuration
mediatek: mt8183: support system reset
mediatek: mt8183: pass platform parameters
mediatek: mt8183: add GPIO driver
mediatek: mt8183: support system off
mediatek: mt8183: support CPU hotplug
mediatek: mt8183: refine GIC driver

show more ...

Support larger RSA key sizes when using MBEDTLS

Previously, TF-A could not support large RSA key sizes as the
configuration options passed to MBEDTLS prevented storing and performing
calculations wi

Support larger RSA key sizes when using MBEDTLS

Previously, TF-A could not support large RSA key sizes as the
configuration options passed to MBEDTLS prevented storing and performing
calculations with the larger, higher-precision numbers required. With
these changes to the arguments passed to MBEDTLS, TF-A now supports
using 3072 (3K) and 4096 (4K) keys in certificates.

Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>

show more ...