Merge changes from topic "hm/evlog" into integration

* changes:
refactor(drtm): use crypto-agile measured boot
refactor(imx): use crypto-agile measured boot
refactor(qemu): use crypto-agile me

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(drtm): use crypto-agile measured boot
refactor(imx): use crypto-agile measured boot
refactor(qemu): use crypto-agile measured boot
refactor(juno): use crypto-agile measured boot
refactor(rpi3): use crypto-agile measured boot
refactor(fvp): use crypto-agile measured boot
feat(measured-boot): enable dynamic hash provisioning
feat: add TPM/TCG hashing helper to crypto module
chore: bump event log library

show more ...

refactor(fvp): use crypto-agile measured boot

Update the FVP measured boot flow to use the crypto-agile API. Replace
the previous single-algorithm hash configuration with dynamic algorithm
selection

refactor(fvp): use crypto-agile measured boot

Update the FVP measured boot flow to use the crypto-agile API. Replace
the previous single-algorithm hash configuration with dynamic algorithm
selection. Align image measurement and event log header generation with
the new hashing model and update platform glue code accordingly.

Change-Id: I4128a0c66a56df6c473c47a577d86cd38bf057f6
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge changes from topic "hm/evlog" into integration

* changes:
build(measured-boot)!: move to ext event log lib
feat(build): add utilities for modifying includes

build(measured-boot)!: move to ext event log lib

Removes in-tree Event Log library implementation and updates all
references to use the external submodule. Updates include paths,
Makefile macros, an

build(measured-boot)!: move to ext event log lib

Removes in-tree Event Log library implementation and updates all
references to use the external submodule. Updates include paths,
Makefile macros, and platform integration logic to link with lib as a
static library.

If you cloned TF-A without the `--recurse-submodules` flag, you can
ensure that this submodule is present by running:

git submodule update --init --recursive

BREAKING-CHANGE: LibEventLog is now included in TF-A as a submodule.
Please run `git submodule update --init --recursive` if you encounter
issues after migrating to the latest version of TF-A.

Change-Id: I723f493033c178759a45ea04118e7cc295dc2438
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge changes from topic "hm/handoff-mb" into integration

* changes:
feat(arm): support boot info handoff and event log
fix(arm): update tsp_early_platform_setup prototype
fix(xilinx): update

Merge changes from topic "hm/handoff-mb" into integration

* changes:
feat(arm): support boot info handoff and event log
fix(arm): update tsp_early_platform_setup prototype
fix(xilinx): update tsp_early_platform_setup prototype
fix(socionext): update tsp_early_platform_setup prototype
fix(msm8916): update tsp_early_platform_setup prototype
feat(tsp): cascade boot arguments to platforms
feat(fvp): port event log to firmware handoff
feat(arm): port event log to firmware handoff
feat(fvp): increase bl2 mmap len for handoff
feat(measured-boot): add fw handoff event log utils

show more ...

feat(fvp): port event log to firmware handoff

Support handing off the event log to both the secure and non-secure
worlds using the firmware handoff framework. This also needs us to
increase the maxi

feat(fvp): port event log to firmware handoff

Support handing off the event log to both the secure and non-secure
worlds using the firmware handoff framework. This also needs us to
increase the maximum allocation for TB-FW configuration to accommodate
trusted boot entries.

Change-Id: I39d69d79434a366096dcf4fbdc5c434950170b78
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(measured-boot): refine event log lib docs
refactor(fvp): explicitly handle event log errors
feat(measured-boot): make e

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(measured-boot): refine event log lib docs
refactor(fvp): explicitly handle event log errors
feat(measured-boot): make event log lib standalone

show more ...

refactor(fvp): explicitly handle event log errors

Following the patch that introduced errno returns in the event log APIs,
ensure that errors are properly handled within FVP instead of being
ignored

refactor(fvp): explicitly handle event log errors

Following the patch that introduced errno returns in the event log APIs,
ensure that errors are properly handled within FVP instead of being
ignored.

Change-Id: I5e736b81d9a17ff10dbab6e65bc6506b71c7c9bd
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge changes from topic "DPE" into integration

* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level

Merge changes from topic "DPE" into integration

* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level for region validity
feat(tc): add dummy TRNG support to be able to boot pVMs
feat(tc): get the parent component provided DPE context_handle
feat(tc): share DPE context handle with child component
feat(tc): add DPE context handle node to device tree
feat(tc): add DPE backend to the measured boot framework
feat(auth): add explicit entries for key OIDs
feat(dice): add DPE driver to measured boot
feat(dice): add client API for DICE Protection Environment
feat(dice): add QCBOR library as a dependency of DPE
feat(dice): add typedefs from the Open DICE repo
docs(changelog): add 'dice' scope
refactor(tc): align image identifier string macros
refactor(fvp): align image identifier string macros
refactor(imx8m): align image identifier string macros
refactor(qemu): align image identifier string macros
fix(measured-boot): add missing image identifier string
refactor(measured-boot): move metadata size macros to a common header
refactor(measured-boot): move image identifier strings to a common header

show more ...

refactor(fvp): align image identifier string macros

Macros were renamed, align with new names.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I85d03164f580d9c41b7955482914d20188e559e5

Merge "feat(fvp): remove left-over RSS usage" into integration

feat(fvp): remove left-over RSS usage

Remove any residual RSS usage in the FVP platform, complementing the
changes made in commit dea307fd6cca2dad56867e757804224a8654bc38.

Signed-off-by: Manish V B

feat(fvp): remove left-over RSS usage

Remove any residual RSS usage in the FVP platform, complementing the
changes made in commit dea307fd6cca2dad56867e757804224a8654bc38.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9ced272503456361610ec0c7783d270349233926

show more ...

Merge changes from topic "mb/mb-signer-id" into integration

* changes:
feat(qemu): add dummy plat_mboot_measure_key() function
docs(rss): update RSS doc for signer-ID
feat(imx): add dummy 'pla

Merge changes from topic "mb/mb-signer-id" into integration

* changes:
feat(qemu): add dummy plat_mboot_measure_key() function
docs(rss): update RSS doc for signer-ID
feat(imx): add dummy 'plat_mboot_measure_key' function
feat(tc): implement platform function to measure and publish Public Key
feat(auth): measure and publicise the Public Key
feat(fvp): implement platform function to measure and publish Public Key
feat(fvp): add public key-OID information in RSS metadata structure
feat(auth): add explicit entries for key OIDs
feat(rss): set the signer-ID in the RSS metadata
feat(auth): create a zero-OID for Subject Public Key
docs: add details about plat_mboot_measure_key function
feat(measured-boot): introduce platform function to measure and publish Public Key

show more ...

feat(fvp): add public key-OID information in RSS metadata structure

Added public key-OID information in the RSS metadata structure.

Change-Id: I5ee5d41519980091296deaa1882fdfe9ae6766c0
Signed-off-b

feat(fvp): add public key-OID information in RSS metadata structure

Added public key-OID information in the RSS metadata structure.

Change-Id: I5ee5d41519980091296deaa1882fdfe9ae6766c0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "mb/mb-rss-refactor" into integration

* changes:
refactor(tc): update RSS driver inteface calls
refactor(fvp): update RSS driver inteface calls
refactor(rss): make RSS

Merge changes from topic "mb/mb-rss-refactor" into integration

* changes:
refactor(tc): update RSS driver inteface calls
refactor(fvp): update RSS driver inteface calls
refactor(rss): make RSS driver standalone for Measured Boot

show more ...

refactor(fvp): update RSS driver inteface calls

In order to comply with the previous RSS driver change,
interface calls have been updated.

Change-Id: I0a1f3c6a6f8017468d86903cc0158805c6461c28
Signe

refactor(fvp): update RSS driver inteface calls

In order to comply with the previous RSS driver change,
interface calls have been updated.

Change-Id: I0a1f3c6a6f8017468d86903cc0158805c6461c28
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "feat(fvp): add Event Log maximum size property in DT" into integration

feat(fvp): add Event Log maximum size property in DT

Updated the code to get and set the 'tpm_event_log_max_size' property
in the event_log.dtsi.

In this change, the maximum Event Log buffer size a

feat(fvp): add Event Log maximum size property in DT

Updated the code to get and set the 'tpm_event_log_max_size' property
in the event_log.dtsi.

In this change, the maximum Event Log buffer size allocated by BL1 is
passed to BL2, rather than both relying on the maximum Event Log buffer
size macro.

Change-Id: I7aa6256390872171e362b6f166f3f7335aa6e425
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "rss/mboot-attest" into integration

* changes:
docs(maintainers): add PSA, MHU, RSS comms code owners
feat(plat/arm/fvp): enable RSS backend based measured boot
feat(l

Merge changes from topic "rss/mboot-attest" into integration

* changes:
docs(maintainers): add PSA, MHU, RSS comms code owners
feat(plat/arm/fvp): enable RSS backend based measured boot
feat(lib/psa): mock PSA APIs
feat(drivers/measured_boot): add RSS backend
feat(drivers/arm/rss): add RSS communication driver
feat(lib/psa): add initial attestation API
feat(lib/psa): add measured boot API
feat(drivers/arm/mhu): add MHU driver

show more ...

feat(plat/arm/fvp): enable RSS backend based measured boot

Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with

feat(plat/arm/fvp): enable RSS backend based measured boot

Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with success and hard-code data.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I7543e9033a7a21f1b836d911d8d9498c6e09b956

show more ...

Merge "refactor(measured boot): rename a macro INVALID_ID to EVLOG_INVALID_ID" into integration

refactor(measured boot): rename a macro INVALID_ID to EVLOG_INVALID_ID

Renamed a macro 'INVALID_ID' to 'EVLOG_INVALID_ID' to avoid its clash
with other macro names and to show it is explicitly used

refactor(measured boot): rename a macro INVALID_ID to EVLOG_INVALID_ID

Renamed a macro 'INVALID_ID' to 'EVLOG_INVALID_ID' to avoid its clash
with other macro names and to show it is explicitly used for Event
Log driver.

Change-Id: Ie4c92b3cd1366d9a59cd6f43221e24734865f427
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG
feat(plat/fvp): pass Event Log addr and size from BL1 to BL2
feat(measured_boot): update tb_fw_config with event log properties
feat(measured_boot): image hash measurement and recording in BL1
refactor(measured boot): remove platform calls from Event Log driver
refactor(measured_boot): remove passing of BL2 hash via device tree
refactor(measured boot): move BL2 measurement to platform layer
refactor(measured boot): rename add_event2()
refactor(measured boot): move image measurement to generic layer
build(measured boot): rename measured boot makefile
feat(measured boot): move init and teardown functions to platform layer
refactor(measured boot): rename tpm_record_measurement()

show more ...

refactor(measured boot): make measurement strings compliant with SBSG

Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32

refactor(measured boot): make measurement strings compliant with SBSG

Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32, BL31,
and SCP_BL2 images. As the GPT image is not get measured by BL2 so
removed its measurement string.
Also, namespaced measurement string defines that were looking quite
generic.

Change-Id: Iaa17c0cfeee3d06dc822eff2bd553da23bd99b76
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(plat/fvp): pass Event Log addr and size from BL1 to BL2

Introduced functions to set and get Event log information
(tpm_event_log address and its size).

In FVP platform case, measured boot with

feat(plat/fvp): pass Event Log addr and size from BL1 to BL2

Introduced functions to set and get Event log information
(tpm_event_log address and its size).

In FVP platform case, measured boot with Event Log backend flow
work as below
1. event_log_init function called by BL1 to initialize Event Log
module
2. arm_set_tb_fw_info function called by BL1 to set the
'tpm_event_log_addr' and 'tpm_event_log_size' properties
in tb_fw_config
3. arm_get_tb_fw_info function called by BL2 to get tpm Event Log
parameters set by BL1. These parameters used by the BL2 to
extend the tpm Event Log records, and use these parameters
to initialize Event Log using event_log_init function
4. arm_set_nt_fw_info and arm_set_tos_fw_info function called by
BL2 to set 'tpm_event_log' address and its size properties in
nt_fw_config and tos_fw_config respectively

Alongside, this patch created a separate instances of plat_mboot_init
and plat_mboot_finish APIs for BL1 and BL2.

This patch is tested using the existing measured boot test configuration
in jenkins CI.

Change-Id: Ib9eca092afe580df014541c937868f921dff9c37
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...