Merge "plat/arm: Use common build flag for using generic sp804 driver" into integration

plat/arm: Use common build flag for using generic sp804 driver

SP804 TIMER is not platform specific, and current code base adds
multiple defines to use this driver. Like FVP_USE_SP804_TIMER and
FVP_

plat/arm: Use common build flag for using generic sp804 driver

SP804 TIMER is not platform specific, and current code base adds
multiple defines to use this driver. Like FVP_USE_SP804_TIMER and
FVP_VE_USE_SP804_TIMER.

This patch removes platform specific build flag and adds generic
flag `USE_SP804_TIMER` to be set to 1 by platform if needed.

Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge "Makefile, doc: Make OPENSSL_DIR variable as build option for tools" into integration

Makefile, doc: Make OPENSSL_DIR variable as build option for tools

Openssl directory path is hardcoded to '/usr' in the makefile
of certificate generation and firmware encryption tool using
'OPENSSL

Makefile, doc: Make OPENSSL_DIR variable as build option for tools

Openssl directory path is hardcoded to '/usr' in the makefile
of certificate generation and firmware encryption tool using
'OPENSSL_DIR' variable.

Hence changes are done to make 'OPENSSL_DIR' variable as
a build option so that user can provide openssl directory
path while building the certificate generation and firmware
encryption tool.

Also, updated the document for this newly created build option

Change-Id: Ib1538370d2c59263417f5db3746d1087ee1c1339
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "make, doc: Add build option to create chain of trust at runtime" into integration

make, doc: Add build option to create chain of trust at runtime

Added a build option 'COT_DESC_IN_DTB' to create chain of trust
at runtime using fconf.

Signed-off-by: Manish V Badarkhe <Manish.Bada

make, doc: Add build option to create chain of trust at runtime

Added a build option 'COT_DESC_IN_DTB' to create chain of trust
at runtime using fconf.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89

show more ...

Merge changes from topic "tegra194-ras-handling" into integration

* changes:
Tegra194: ras: verbose prints for SErrors
Prevent RAS register access from lower ELs
Tegra194: SiP: clear RAS corre

Merge changes from topic "tegra194-ras-handling" into integration

* changes:
Tegra194: ras: verbose prints for SErrors
Prevent RAS register access from lower ELs
Tegra194: SiP: clear RAS corrected error records
Tegra194: add RAS exception handling

show more ...

Prevent RAS register access from lower ELs

This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set
SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register
accesses from EL1

Prevent RAS register access from lower ELs

This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set
SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register
accesses from EL1 or EL2 to EL3.

RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438

show more ...

Merge "plat/fvp: Add support for dynamic description of secure interrupts" into integration

plat/fvp: Add support for dynamic description of secure interrupts

Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime.

plat/fvp: Add support for dynamic description of secure interrupts

Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime. This
feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.

Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge "plat/arm/fvp: Support performing SDEI platform setup in runtime" into integration

plat/arm/fvp: Support performing SDEI platform setup in runtime

This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead

plat/arm/fvp: Support performing SDEI platform setup in runtime

This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.

Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge "Implement workaround for AT speculative behaviour" into integration

Implement workaround for AT speculative behaviour

During context switching from higher EL (EL2 or higher)
to lower EL can cause incorrect translation in TLB due to
speculative execution of AT instru

Implement workaround for AT speculative behaviour

During context switching from higher EL (EL2 or higher)
to lower EL can cause incorrect translation in TLB due to
speculative execution of AT instruction using out-of-context
translation regime.

Workaround is implemented as below during EL's (EL1 or EL2)
"context_restore" operation:
1. Disable page table walk using SCTLR.M and TCR.EPD0 & EPD1
bits for EL1 or EL2 (stage1 and stage2 disabled)
2. Save all system registers except TCR and SCTLR (for EL1 and EL2)
3. Do memory barrier operation (isb) to ensure all
system register writes are done.
4. Restore TCR and SCTLR registers (for EL1 and EL2)

Errata details are available for various CPUs as below:
Cortex-A76: 1165522
Cortex-A72: 1319367
Cortex-A57: 1319537
Cortex-A55: 1530923
Cortex-A53: 1530924

More details can be found in mail-chain:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-April/000445.html

Currently, Workaround is implemented as build option which is default
disabled.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: If8545e61f782cb0c2dda7ffbaf50681c825bd2f0

show more ...

Enable MTE support

Enable MTE support by adding memory tag option in Makefile
This option is available only when ARMv8.5-MemTag is implemented

MTE options are added in latest clang and armclang com

Enable MTE support

Enable MTE support by adding memory tag option in Makefile
This option is available only when ARMv8.5-MemTag is implemented

MTE options are added in latest clang and armclang compiler which
support below options:
for clang <version 11.0.0>
1. -march=arm8.5-a+memtag
2. -fsanitize=memtag

for armclang <version 6.12>
1. -march=arm8.5-a+memtag
2. -mmemtag-stack

Set the option SUPPORT_STACK_MEMTAG=yes to enable memory stack tagging.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4e0bbde4e9769ce03ead6f550158e22f32c1c413

show more ...

Merge "fconf: Clean Arm IO" into integration

fconf: Clean Arm IO

Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.

This patch:
- replace arm_io_storage.c

fconf: Clean Arm IO

Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.

This patch:
- replace arm_io_storage.c with the content of arm_fconf_io_storage.c
- rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
- use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
- propagate DEFINES when parsing dts.
- use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
- set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
of fvp stays the same as it was before the introduction of fconf.

Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

show more ...

Merge changes from topic "tbbr/fw_enc" into integration

* changes:
docs: qemu: Add instructions to boot using FIP image
docs: Update docs with firmware encryption feature
qemu: Support optiona

Merge changes from topic "tbbr/fw_enc" into integration

* changes:
docs: qemu: Add instructions to boot using FIP image
docs: Update docs with firmware encryption feature
qemu: Support optional encryption of BL31 and BL32 images
qemu: Update flash address map to keep FIP in secure FLASH0
Makefile: Add support to optionally encrypt BL31 and BL32
tools: Add firmware authenticated encryption tool
TBB: Add an IO abstraction layer to load encrypted firmwares
drivers: crypto: Add authenticated decryption framework

show more ...

Makefile: Add support to optionally encrypt BL31 and BL32

Following build flags have been added to support optional firmware
encryption:

- FW_ENC_STATUS: Top level firmware's encryption numeric fla

Makefile: Add support to optionally encrypt BL31 and BL32

Following build flags have been added to support optional firmware
encryption:

- FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
0: Encryption is done with Secret Symmetric Key (SSK) which is
common for a class of devices.
1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
is unique per device.

- ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
could be SSK or BSSK depending on FW_ENC_STATUS flag.

- ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
(IV) in hex string format.

- ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.

- ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.

Similar flags can be added to encrypt other firmwares as well depending
on use-cases.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I94374d6830ad5908df557f63823e58383d8ad670

show more ...

drivers: crypto: Add authenticated decryption framework

Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRY

drivers: crypto: Add authenticated decryption framework

Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271

show more ...

Merge changes from topic "spmd-sel2" into integration

* changes:
SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
SPMD: smc handler qualify secure origin using booleans
SPMD: SPMC

Merge changes from topic "spmd-sel2" into integration

* changes:
SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
SPMD: smc handler qualify secure origin using booleans
SPMD: SPMC init, SMC handler cosmetic changes
SPMD: [tegra] rename el1_sys_regs structure to sys_regs
SPMD: Adds partially supported EL2 registers.
SPMD: save/restore EL2 system registers.

show more ...

SPMD: add command line parameter to run SPM at S-EL2 or S-EL1

Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is di

SPMD: add command line parameter to run SPM at S-EL2 or S-EL1

Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled).
Removed runtime EL from SPM core manifest.

Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>

show more ...

SPMD: save/restore EL2 system registers.

NOTE: Not all EL-2 system registers are saved/restored.
This subset includes registers recognized by ARMv8.0

Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283a

SPMD: save/restore EL2 system registers.

NOTE: Not all EL-2 system registers are saved/restored.
This subset includes registers recognized by ARMv8.0

Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>

show more ...

Merge "Read-only xlat tables for BL31 memory" into integration

Read-only xlat tables for BL31 memory

This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who h

Read-only xlat tables for BL31 memory

This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.

The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.

To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.

Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.

The caches are also flushed.

Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466

show more ...