Merge changes from topic "hob_creation_in_tf_a" into integration

* changes:
feat(el3_spmc): ffa error handling in direct msg
feat(ff-a): support FFA_MSG_SEND_DIRECT_REQ2/RESP2
feat(ff-a): add

Merge changes from topic "hob_creation_in_tf_a" into integration

* changes:
feat(el3_spmc): ffa error handling in direct msg
feat(ff-a): support FFA_MSG_SEND_DIRECT_REQ2/RESP2
feat(ff-a): add FFA_MEM_PERM_GET/SET_SMC64
feat(el3-spmc): support Hob list to boot S-EL0 SP
feat(synquacer): add support Hob creation
fix(fvp): exclude extend memory map TZC regions
feat(fvp): add StandaloneMm manifest in fvp
feat(spm): use xfer list with Hob list in SPM_MM

show more ...

feat(ff-a): support FFA_MSG_SEND_DIRECT_REQ2/RESP2

StandaloneMm which is S-EL0 partition uses
FFA_MSG_SEND_DIRECT_REQ2/RESP2 to handle multiple services.
For this, add support for FFA_MSG_SEND_DIREC

feat(ff-a): support FFA_MSG_SEND_DIRECT_REQ2/RESP2

StandaloneMm which is S-EL0 partition uses
FFA_MSG_SEND_DIRECT_REQ2/RESP2 to handle multiple services.
For this, add support for FFA_MSG_SEND_DIRECT_REQ2/RESP2 in el3_spmc
restrictly up to use 8 registers.
although FF-A v1.2 defines FFA_MSG_SEND_DIRECT_REQ2/RESP2
with ability to pass/return up to 18 registers.

Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I8ab1c332d269d9d131330bb2debd10d75bdba1ee

show more ...

Merge changes from topic "handoff_tpm_event_log" into integration

* changes:
feat(qemu): hand off TPM event log via TL
feat(handoff): common API for TPM event log handoff
feat(handoff): transf

Merge changes from topic "handoff_tpm_event_log" into integration

* changes:
feat(qemu): hand off TPM event log via TL
feat(handoff): common API for TPM event log handoff
feat(handoff): transfer entry ID for TPM event log
fix(qemu): fix register convention in BL31 for qemu
fix(handoff): fix register convention in opteed

show more ...

feat(smccc): implement SMCCC_ARCH_FEATURE_AVAILABILITY

SMCCC_ARCH_FEATURE_AVAILABILITY [1] is a call to query firmware about
the features it is aware of and enables. This is useful when a feature
is

feat(smccc): implement SMCCC_ARCH_FEATURE_AVAILABILITY

SMCCC_ARCH_FEATURE_AVAILABILITY [1] is a call to query firmware about
the features it is aware of and enables. This is useful when a feature
is not enabled at EL3, eg due to an older FW image, but it is present in
hardware. In those cases, the EL1 ID registers do not reflect the usable
feature set and this call should provide the necessary information to
remedy that.

The call itself is very lightweight - effectively a sanitised read of
the relevant system register. Bits that are not relevant to feature
enablement are masked out and active low bits are converted to active
high.

The implementation is also very simple. All relevant, irrelevant, and
inverted bits combined into bitmasks at build time. Then at runtime the
masks are unconditionally applied to produce the right result. This
assumes that context managers will make sure that disabled features
do not have their bits set and the registers are context switched if
any fields in them make enablement ambiguous.

Features that are not yet supported in TF-A have not been added. On
debug builds, calling this function will fail an assert if any bits that
are not expected are set. In combination with CI this should allow for
this feature to to stay up to date as new architectural features are
added.

If a call for MPAM3_EL3 is made when MPAM is not enabled, the call
will return INVALID_PARAM, while if it is FEAT_STATE_CHECK, it will
return zero. This should be fairly consistent with feature detection.

The bitmask is meant to be interpreted as the logical AND of the
relevant ID registers. It would be permissible for this to return 1
while the ID returns 0. Despite this, this implementation takes steps
not to. In the general case, the two should match exactly.

Finally, it is not entirely clear whether this call replies to SMC32
requests. However, it will not, as the return values are all 64 bits.

[1]: https://developer.arm.com/documentation/den0028/galp1/?lang=en

Co-developed-by: Charlie Bareham <charlie.bareham@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1a74e7d0b3459b1396961b8fa27f84e3f0ad6a6f

show more ...

refactor(cm): clean up per-world context

In preparation for SMCCC_ARCH_FEATURE_AVAILABILITY, it is useful for
context to be directly related to the underlying system. Currently,
certain bits like SC

refactor(cm): clean up per-world context

In preparation for SMCCC_ARCH_FEATURE_AVAILABILITY, it is useful for
context to be directly related to the underlying system. Currently,
certain bits like SCR_EL3.APK are always set with the understanding that
they will only take effect if the feature is present.

However, that is problematic for SMCCC_ARCH_FEATURE_AVAILABILITY (an
SMCCC call to report which features firmware enables), as simply reading
the enable bit may contradict the ID register, like the APK bit above
for a system with no Pauth present.

This patch is to clean up these cases. Add a check for PAuth's presence
so that the APK bit remains unset if not present. Also move SPE and TRBE
enablement to only the NS context. They already only enable the features
for NS only and disable them for Secure and Realm worlds. This change
only makes these worlds' context read 0 for easy bitmasking.

There's only a single snag on SPE and TRBE. Currently, their fields have
the same values and any world asymmetry is handled by hardware. Since we
don't want to do that, the buffers' ownership will change if we just set
the fields to 0 for non-NS worlds. Doing that, however, exposes Secure
state to a potential denial of service attack - a malicious NS can
enable profiling and call an SMC. Then, the owning security state will
change and since no SPE/TRBE registers are contexted, Secure state will
start generating records. Always have NS world own the buffers to
prevent this.

Finally, get rid of manage_extensions_common() as it's just a level of
indirection to enable a single feature.

Change-Id: I487bd4c70ac3e2105583917a0e5499e0ee248ed9
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

feat(handoff): common API for TPM event log handoff

Create a common BL2 API to add a TE for TPM event log.

Change-Id: I459e70f40069aa9ea0625977e0bad8ec316439e6
Signed-off-by: Raymond Mao <raymond.m

feat(handoff): common API for TPM event log handoff

Create a common BL2 API to add a TE for TPM event log.

Change-Id: I459e70f40069aa9ea0625977e0bad8ec316439e6
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

show more ...

feat(handoff): transfer entry ID for TPM event log

Add TE ID for TPM event log handoff.

Change-Id: Idbaaeeee59aaee99d6ec75066562702985ef8204
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

refactor(cm): change owning security state when a feature is disabled

SPE and TRBE don't have an outright EL3 disable, there are only
constraints on what's allowed. Since we only enable them for NS

refactor(cm): change owning security state when a feature is disabled

SPE and TRBE don't have an outright EL3 disable, there are only
constraints on what's allowed. Since we only enable them for NS at the
moment, we want NS to own the buffers even when the feature should be
"disabled" for a world. This means that when we're running in NS
everything is as normal but when running in S/RL then tracing is
prohibited (since the buffers are owned by NS). This allows us to fiddle
with context a bit more without having to context switch registers.

Change-Id: Ie1dc7c00e4cf9bcc746f02ae43633acca32d3758
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

feat(ff-a): add FFA_MEM_PERM_GET/SET_SMC64

FF-A memory management protocol v1.1 specifies not only
FFA_MEM_PERM_GET_SMC32/FFA_MEM_PERM_SET_SMC32 but also
FFA_MEM_PERM_GET_SMC64/FFA_MEM_PERM_SET_SMC6

feat(ff-a): add FFA_MEM_PERM_GET/SET_SMC64

FF-A memory management protocol v1.1 specifies not only
FFA_MEM_PERM_GET_SMC32/FFA_MEM_PERM_SET_SMC32 but also
FFA_MEM_PERM_GET_SMC64/FFA_MEM_PERM_SET_SMC64.

Change former FFA_MEM_PERM_GET/SET definitions to separate operations
and add handler for FFA_MEM_PERM_GET/SET_SMC64 in spmc_smc_handler().

Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I175063654703db26c1ffc3cfd7fa428b94d2bfc9

show more ...

feat(aarch64): add DBGPRCR_EL1 register accessors

This is a small change adding accessor functions for the Debug Power
Control register (DBGPRCR_EL1) to the common architectural helpers.

Change-Id:

feat(aarch64): add DBGPRCR_EL1 register accessors

This is a small change adding accessor functions for the Debug Power
Control register (DBGPRCR_EL1) to the common architectural helpers.

Change-Id: I72261fbf0395d900347b46af320093ed946aa73d
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

feat(mbedtls): optimize SHA256 for reduced memory footprint

Set MBEDTLS_SHA256_SMALLER as the default mbedTLS configuration
to minimize memory usage, trading off some processing speed for
a smaller

feat(mbedtls): optimize SHA256 for reduced memory footprint

Set MBEDTLS_SHA256_SMALLER as the default mbedTLS configuration
to minimize memory usage, trading off some processing speed for
a smaller footprint.

Change-Id: Ibfa6e115a0ed94096b9acdd9e237f3fb5457071d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

refactor(arm): rename ARM_ROTPK_HEADER_LEN

This variable had a misleading name, as it is the length
of the header only when the ROTPK is a hash.
Also rename arm_rotpk_header to match the new pattern

refactor(arm): rename ARM_ROTPK_HEADER_LEN

This variable had a misleading name, as it is the length
of the header only when the ROTPK is a hash.
Also rename arm_rotpk_header to match the new pattern.

Change-Id: I36c29998eebf50c356a6ca959ec9223c8837b540
Signed-off-by: Ryan Everett <ryan.everett@arm.com>

show more ...

feat(arm): use the provided hash alg to hash rotpk

No longer hard code SHA-256 hashed dev rotpks, instead
use the algorithm given by HASH_ALG. This means that
we no longer need the plat_arm_configs

feat(arm): use the provided hash alg to hash rotpk

No longer hard code SHA-256 hashed dev rotpks, instead
use the algorithm given by HASH_ALG. This means that
we no longer need the plat_arm_configs (once the protpk and
swd_rotpk are also updated to use HASH_ALG).

The rot public key is now generated at build time, as is
the header for the key.

Also support some default 3k and 4k RSA keys.

Change-Id: I33538124aeb4fa7d67918d878d17f2a84d3a6756
Signed-off-by: Ryan Everett <ryan.everett@arm.com>

show more ...

Merge "fix(pubsub): make sure LTO doesn't garbage collect the handlers" into integration

Merge changes from topic "bk/smccc_feature" into integration

* changes:
fix(trbe): add a tsb before context switching
fix(spe): add a psb before updating context and remove context saving

Merge changes from topic "hm/heap-info" into integration

* changes:
fix(handoff): remove XFERLIST_TB_FW_CONFIG
feat(arm): migrate heap info to fw handoff
feat(mbedtls): introduce crypto lib he

Merge changes from topic "hm/heap-info" into integration

* changes:
fix(handoff): remove XFERLIST_TB_FW_CONFIG
feat(arm): migrate heap info to fw handoff
feat(mbedtls): introduce crypto lib heap info struct
feat(handoff): add Mbed-TLS heap info entry tag
refactor(arm): refactor secure TL initialization
fix(handoff): fix message formatting of hex values
feat(handoff): add func to check and init a tl
fix(arm): resolve dangling comments around macros

show more ...

fix(handoff): remove XFERLIST_TB_FW_CONFIG

Remove XFERLIST_TB_FW_CONFIG as the corresponding patch to add it to the
specification [1] has been abandoned and there are no plans for it to be
merged, w

fix(handoff): remove XFERLIST_TB_FW_CONFIG

Remove XFERLIST_TB_FW_CONFIG as the corresponding patch to add it to the
specification [1] has been abandoned and there are no plans for it to be
merged, with the information it contains being moved to a transfer list
instead.

[1] https://github.com/FirmwareHandoff/firmware_handoff/pull/37

Change-Id: If4a21d56b87bafc2f4894beefd73ac51e36e6571
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat(arm): migrate heap info to fw handoff

Mbed-TLS requires platforms to allocate it a heap for it's own internal
usage. This heap is typically between shared by BL1 and BL2 to conserve
memory.The

feat(arm): migrate heap info to fw handoff

Mbed-TLS requires platforms to allocate it a heap for it's own internal
usage. This heap is typically between shared by BL1 and BL2 to conserve
memory.The base address and size of the heap are conveyed from BL1 to
BL2 through the config TB_FW_CONFIG.

This slightly awkward approach necessitates declaring a placeholder node
in the DTS. At runtime, this node is populated with the actual values of
the heap information. Instead, since this is dynamic information, and
simple to represent through C structures, transmit it to later stages
using the firmware handoff framework.

With this migration, remove references to TB_FW_CONFIG when firmware
handoff is enabled, as it is no longer needed. The setup code now relies
solely on TL structures to configure the TB firmware

Change-Id: Iff00dc742924a055b8bd304f15eec03ce3c6d1ef
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat(mbedtls): introduce crypto lib heap info struct

Add a struct to store information about the memory location of the heap,
intended for use with cryptographic libraries such as Mbed-TLS.

Change-

feat(mbedtls): introduce crypto lib heap info struct

Add a struct to store information about the memory location of the heap,
intended for use with cryptographic libraries such as Mbed-TLS.

Change-Id: I42e6bbdbd3a353e01d70fb09b77edeef9498fd98
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat(handoff): add Mbed-TLS heap info entry tag

Update library to support XFERLIST_MBEDTLS_HEAP_INFO (tag = 0x105).
This is an Arm-specific TE type that enables the location and size
of the stack-ba

feat(handoff): add Mbed-TLS heap info entry tag

Update library to support XFERLIST_MBEDTLS_HEAP_INFO (tag = 0x105).
This is an Arm-specific TE type that enables the location and size
of the stack-based memory region used by Mbed-TLS as a heap to be
passed via a transfer list.

[1] https://firmwarehandoff.github.io/firmware_handoff/main/transfer_list.html#mbed-tls-heap-information-xferlist-mbedtls-heap-info

Change-Id: I1d27b6b2d5a13101b7680b8a19e833354655cd30
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

refactor(arm): refactor secure TL initialization

The initialization logic for the secure transfer list is currently
scattered and duplicated across platform setup code. This not only leads
to ineffi

refactor(arm): refactor secure TL initialization

The initialization logic for the secure transfer list is currently
scattered and duplicated across platform setup code. This not only leads
to inefficiency but also complicates access to transfer lists from other
parts of the code without invoking setup functions. For instance,
arm_bl2_setup_next_ep_info acts as a thin wrapper in arm_bl2_setup.c to
provide access to the secure transfer list.

To streamline the interface, all setup code has been consolidated into a
central location.

Change-Id: I99d2a567ff39df88baa57e7e08607fccb8af189c
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat(handoff): add func to check and init a tl

Add a function to check whether a transfer list has been initialized
at the input address. If not, initialize a transfer list at the
specified location

feat(handoff): add func to check and init a tl

Add a function to check whether a transfer list has been initialized
at the input address. If not, initialize a transfer list at the
specified location with the given size. This is to help ensure that we
don't accidently overwrite a transfer list that's been passed from a
previous stage.

Change-Id: Ic5906626df09d3801435488e258490765e8f81eb
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

fix(pubsub): make sure LTO doesn't garbage collect the handlers

We never directly reference the event handlers so they look like fair
game to be garbage collected when building with LTO.

Tell the c

fix(pubsub): make sure LTO doesn't garbage collect the handlers

We never directly reference the event handlers so they look like fair
game to be garbage collected when building with LTO.

Tell the compiler that we definitely need them and to leave them alone.

Change-Id: Iac672ce85e20328d25acbc3f5e544ad157eebf48
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "fix(psa): increase psa-mbedtls heap size for rsa" into integration

fix(cm): fix context management SYSREG128 write macros

This patch fixes a bug which was introduced in commit
3065513 related to improper saving of EL1 context in the
context management library code

fix(cm): fix context management SYSREG128 write macros

This patch fixes a bug which was introduced in commit
3065513 related to improper saving of EL1 context in the
context management library code when using 128-bit
system registers.

Bug explanation:
The function el1_sysregs_context_save still used the normal
macros that read all the system registers related to the EL1
context, which then involved casting them to uint64_t and
eventually writing them to a memory structure. This means that
the context management library was saving EL1-related SYSREG128
registers with the upper 64 bits zeroed out.

Alternative macros had previously been introduced for the EL2
context in the aforementioned commit, but not for EL1.

Some refactoring has also been done as part of this patch:
- Re-added "common" back to write_el2_ctx_common_sysreg128
- Added dummy SYSREG128 macros for cases when some features
are disabled
- Removed some newlines

Change-Id: I15aa2190794ac099a493e5f430220b1c81e1b558
Signed-off-by: Igor Podgainõi <igor.podgainoi@arm.com>

show more ...