Merge "feat(cpus): make cache ops conditional" into integration

Merge changes from topic "mp/ras_refactoring" into integration

* changes:
docs: document do_panic() and panic() helper functions
fix(ras): restrict RAS support for NS world

feat(cpus): make cache ops conditional

When a core is in debug recovery mode its caches are not invalidated
upon reset, so the L1 and L2 cache contents from before reset are
observable after reset.

feat(cpus): make cache ops conditional

When a core is in debug recovery mode its caches are not invalidated
upon reset, so the L1 and L2 cache contents from before reset are
observable after reset. Similarly, debug recovery mode of DynamIQ
cluster ensures that contents of the shared L3 cache are also not
invalidated upon transition to On mode.

Booting cores in debug recovery mode means booting with caches disabled
and preserving the caches until a point where software can dump the
caches and retrieve their contents. TF-A however unconditionally cleans
and invalidates caches at multiple points during boot. This can lead to
memory corruption as well as loss of cache contents to be used for
debugging.

This patch fixes this by calling a platform hook before performing CMOs
in helper routines in cache_helpers.S. The platform hook plat_can_cmo is
an assembly routine which must not clobber x2 and x3, and avoid using
stack. The whole checking is conditional upon `CONDITIONAL_CMO` which
can be set at compile time.

Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I172e999e4acd0f872c24056e647cc947ee54b193

show more ...

Merge "refactor(trng): cleanup the existing TRNG support" into integration

refactor(trng): cleanup the existing TRNG support

This patch adds the following changes to complete the existing
TRNG implementation:

1. Adds a feature specific scope for buildlog generation.
2. Up

refactor(trng): cleanup the existing TRNG support

This patch adds the following changes to complete the existing
TRNG implementation:

1. Adds a feature specific scope for buildlog generation.
2. Updates the docs on the build flag "TRNG_SUPPORT" and its values.
3. Makefile update and improves the existing comments at few sections
for better understanding of the underlying logic.

Change-Id: I3f72f0ccd5c94005a2df87158cf23199d2160d37
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

fix(ras): restrict RAS support for NS world

Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To

fix(ras): restrict RAS support for NS world

Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To make the current design of RAS explicit, rename this macro
to HANDLE_EA_EL3_FIRST_NS and set EA bit in scr_el3 only when
switching to NS world.

Note: I am unaware of any platform which traps errors originating in
Secure world to EL3, if there is any such platform then it need to
be explicitly implemented in TF-A

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If58eb201d8fa792c16325c85c26056e9b409b750

show more ...

Merge "fix(ras): trap "RAS error record" accesses only for NS" into integration

fix(ras): trap "RAS error record" accesses only for NS

RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error
record registers (RAS ERR* & RAS ERX*) from lower EL's in any security
sta

fix(ras): trap "RAS error record" accesses only for NS

RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error
record registers (RAS ERR* & RAS ERX*) from lower EL's in any security
state. To give more fine grain control per world basis re-purpose this
macro to RAS_TRAP_NS_ERR_REC_ACCESS, which will enable the trap only
if Error record registers are accessed from NS.
This will also help in future scenarios when RAS handling(in Firmware
first handling paradigm)can be offloaded to a secure partition.

This is first patch in series to refactor RAS framework in TF-A.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ifa7f60bc8c82c9960adf029001bc36c443016d5d

show more ...

Merge "feat(rng-trap): add EL3 support for FEAT_RNG_TRAP" into integration

feat(rng-trap): add EL3 support for FEAT_RNG_TRAP

FEAT_RNG_TRAP introduces support for EL3 trapping of reads of the
RNDR and RNDRRS registers, which is enabled by setting the
SCR_EL3.TRNDR bit. This

feat(rng-trap): add EL3 support for FEAT_RNG_TRAP

FEAT_RNG_TRAP introduces support for EL3 trapping of reads of the
RNDR and RNDRRS registers, which is enabled by setting the
SCR_EL3.TRNDR bit. This patch adds a new build flag
ENABLE_FEAT_RNG_TRAP that enables the feature.
This feature is supported only in AArch64 state from Armv8.5 onwards.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Ia9f17aef3444d3822bf03809036a1f668c9f2d89

show more ...

Merge "feat(sve): support full SVE vector length" into integration

Merge "fix: make TF-A use provided OpenSSL binary" into integration

fix: make TF-A use provided OpenSSL binary

Currently Tf-A uses whatever openssl binary is on the system to sign
images. However if OPENSSL_DIR is specified in the build flags this can
lead to linkin

fix: make TF-A use provided OpenSSL binary

Currently Tf-A uses whatever openssl binary is on the system to sign
images. However if OPENSSL_DIR is specified in the build flags this can
lead to linking issues as the system binary can end up being linked
against shared libraries provided in OPENSSL_DIR/lib if both binaries
(the system's and the on in OPENSSL_DIR/bin) are the same version.
This patch ensures that the binary used is always the one given by
OPENSSL_DIR to avoid those link issues.

Signed-off-by: Salome Thirot <salome.thirot@arm.com>
Change-Id: Ib534e06ebc8482e4391e376d3791a87968de4a99

show more ...

feat(sve): support full SVE vector length

Currently the SVE code hard codes a maximum vector length of 512 bits
when configuring SVE rather than the architecture supported maximum.
While this is fin

feat(sve): support full SVE vector length

Currently the SVE code hard codes a maximum vector length of 512 bits
when configuring SVE rather than the architecture supported maximum.
While this is fine for current physical implementations the architecture
allows for vector lengths up to 2048 bits and emulated implementations
generally allow any length up to this maximum.

Since there may be system specific reasons to limit the maximum vector
length make the limit configurable, defaulting to the architecture
maximum. The default should be suitable for most implementations since
the hardware will limit the actual vector length selected to what is
physically supported in the system.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I22c32c98a81c0cf9562411189d8a610a5b61ca12

show more ...

Merge changes from topic "mb/drtm-work-phase-1" into integration

* changes:
build(changelog): add new scope for Arm SMMU driver
feat(smmu): add SMMU abort transaction function
docs(build): add

Merge changes from topic "mb/drtm-work-phase-1" into integration

* changes:
build(changelog): add new scope for Arm SMMU driver
feat(smmu): add SMMU abort transaction function
docs(build): add build option for DRTM support
build(drtm): add DRTM support build option

show more ...

build(drtm): add DRTM support build option

Added DRTM support build option in the makefiles.
This build option will be used by the DRTM implementation
in the subsequent patches.

Signed-off-by: Mani

build(drtm): add DRTM support build option

Added DRTM support build option in the makefiles.
This build option will be used by the DRTM implementation
in the subsequent patches.

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I15366f86b3ebd6ab2ebcb192753015d547cdddee

show more ...

Merge changes from topic "rss/mboot-attest" into integration

* changes:
docs(maintainers): add PSA, MHU, RSS comms code owners
feat(plat/arm/fvp): enable RSS backend based measured boot
feat(l

Merge changes from topic "rss/mboot-attest" into integration

* changes:
docs(maintainers): add PSA, MHU, RSS comms code owners
feat(plat/arm/fvp): enable RSS backend based measured boot
feat(lib/psa): mock PSA APIs
feat(drivers/measured_boot): add RSS backend
feat(drivers/arm/rss): add RSS communication driver
feat(lib/psa): add initial attestation API
feat(lib/psa): add measured boot API
feat(drivers/arm/mhu): add MHU driver

show more ...

feat(lib/psa): mock PSA APIs

Introduce PLAT_RSS_NOT_SUPPORTED build config to
provide a mocked version of PSA APIs. The goal is
to test the RSS backend based measured boot and
attestation token requ

feat(lib/psa): mock PSA APIs

Introduce PLAT_RSS_NOT_SUPPORTED build config to
provide a mocked version of PSA APIs. The goal is
to test the RSS backend based measured boot and
attestation token request integration on such
a platform (AEM FVP) where RSS is otherwise
unsupported. The mocked PSA API version does
not send a request to the RSS, it only returns
with success and hard-coded values.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ice8d174adf828c1df08fc589f0e17abd1e382a4d

show more ...

Merge "feat(brbe): add BRBE support for NS world" into integration

feat(brbe): add BRBE support for NS world

This patch enables access to the branch record buffer control registers
in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS.
It is disab

feat(brbe): add BRBE support for NS world

This patch enables access to the branch record buffer control registers
in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS.
It is disabled for all secure world, and cannot be used with ENABLE_RME.

This option is disabled by default, however, the FVP platform makefile
enables it for FVP builds.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I576a49d446a8a73286ea6417c16bd0b8de71fca0

show more ...

Merge changes I47014d72,Ibf00c386 into integration

* changes:
docs(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS
feat(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS

feat(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS

It is not always the case that RESET_TO_BL31 enabled platforms don't
execute a bootloader before BL31.

For those use cases, being able to receive argu

feat(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS

It is not always the case that RESET_TO_BL31 enabled platforms don't
execute a bootloader before BL31.

For those use cases, being able to receive arguments from that first
loader (i.e: a DTB with TPM logs) might be necessary feature.

This code has been validated on iMX8mm.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Change-Id: Ibf00c3867cb1d1012b8b376e64ccaeca1c9d2bff

show more ...

Merge "refactor(twed): improve TWED enablement in EL-3" into integration

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): add support for direct req/resp
feat(spmc): add support for handling FFA_ERROR ABI
feat(spmc): add support for F

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): add support for direct req/resp
feat(spmc): add support for handling FFA_ERROR ABI
feat(spmc): add support for FFA_MSG_WAIT
feat(spmc): add function to determine the return path from the SPMC
feat(spmd): enable handling of FF-A SMCs with the SPMC at EL3
feat(spmd): update SPMC init flow to use EL3 implementation
feat(spmc): add FF-A secure partition manager core
feat(spmc): prevent read only xlat tables with the EL3 SPMC
feat(spmc): enable building of the SPMC at EL3
refactor(spm_mm): reorganize secure partition manager code

show more ...

refactor(twed): improve TWED enablement in EL-3

The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved fo

refactor(twed): improve TWED enablement in EL-3

The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved for that purpose. In addition, the function has a
weak definition which is not encouraged in TF-A.

Henceforth, removing the weak API with a configurable macro "TWED_DELAY"
of numeric data type in generic code and simplifying the implementation.
By default "TWED_DELAY" is defined to zero, and the delay value need to
be explicitly set by the platforms during buildtime.

Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I25cd6f628e863dc40415ced3a82d0662fdf2d75a

show more ...