Merge changes I134f125f,Ia4bf45bf into integration

* changes:
refactor(sgi): rename RD-Edmunds to RD-V2
refactor(cpu): use the updated IP name for Demeter CPU

feat(fvp): support building RSS comms driver

On one hand, there is currently no upstream platform supporting the
RSS. On the other hand, we are gradually introducing driver code for
RSS. Even though

feat(fvp): support building RSS comms driver

On one hand, there is currently no upstream platform supporting the
RSS. On the other hand, we are gradually introducing driver code for
RSS. Even though we cannot test this code in the TF-A CI right now, we
can at least build it to make sure no build regressions are introduced
as we continue development.

This patch adds support for overriding PLAT_RSS_NOT_SUPPORTED build
flag (which defaults to 1 on the Base AEM FVP) from the command
line. This allows introducing an ad-hoc CI build config with
PLAT_RSS_NOT_SUPPORTED=0, which will correctly pull in the RSS and MHU
source files. Of course, the resulting firmware will not be
functional.

Change-Id: I2b0e8dd03bf301e7063dd4734ea5266b73265be1
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

refactor(cpu): use the updated IP name for Demeter CPU

Neoverse Demeter CPU has been renamed to Neoverse V2 CPU.
Correspondingly, update the CPU library, file names and other
references to use the u

refactor(cpu): use the updated IP name for Demeter CPU

Neoverse Demeter CPU has been renamed to Neoverse V2 CPU.
Correspondingly, update the CPU library, file names and other
references to use the updated IP name.

Signed-off-by: Joel Goddard <joel.goddard@arm.com>
Change-Id: Ia4bf45bf47807c06f4c966861230faea420d088f

show more ...

Merge "refactor(cpu): update IP names of Makalu CPU lib" into integration

refactor(cpu): update IP names of Makalu CPU lib

* ASM files are renamed to have public IP names in their filename.
* updated other files to include ASM filename changes.

Signed-off-by: Rupin

refactor(cpu): update IP names of Makalu CPU lib

* ASM files are renamed to have public IP names in their filename.
* updated other files to include ASM filename changes.

Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
Change-Id: Ie899c512b11fd7c4312e3a808bb6b9d2376cdb8c

show more ...

Merge changes from topic "jas/rmm-el3-ifc" into integration

* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer

Merge changes from topic "jas/rmm-el3-ifc" into integration

* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer for attest SMCs
feat(rmmd): add support for RMM Boot interface

show more ...

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, am

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.

The RMM boot manifest is not implemented by this patch.

In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a

show more ...

Merge changes from topic "mb_hash" into integration

* changes:
refactor(imx): update config of mbedtls support
refactor(qemu): update configuring mbedtls support
refactor(measured-boot): mb al

Merge changes from topic "mb_hash" into integration

* changes:
refactor(imx): update config of mbedtls support
refactor(qemu): update configuring mbedtls support
refactor(measured-boot): mb algorithm selection

show more ...

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algori

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:

- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.

- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.

- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I4ddf06ebdc3835beb4d1b6c7bab5a257ffc5c71a

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(fvp): add plat hook for memory transactions
feat(spmc): enable handling of the NS bit
feat(spmc): add support for v1.1

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(fvp): add plat hook for memory transactions
feat(spmc): enable handling of the NS bit
feat(spmc): add support for v1.1 FF-A memory data structures
feat(spmc/mem): prevent duplicated sharing of memory regions
feat(spmc/mem): support multiple endpoints in memory transactions
feat(spmc): add support for v1.1 FF-A boot protocol
feat(plat/fvp): introduce accessor function to obtain datastore
feat(spmc/mem): add FF-A memory management code

show more ...

feat(plat/fvp): introduce accessor function to obtain datastore

In order to provide the EL3 SPMC a sufficient datastore to
record memory descriptors, a accessor function is used.
This allows for the

feat(plat/fvp): introduce accessor function to obtain datastore

In order to provide the EL3 SPMC a sufficient datastore to
record memory descriptors, a accessor function is used.
This allows for the backing memory to be allocated in a
platform defined manner, to accommodate memory constraints
and desired use cases.

Provide an implementation for the Arm FVP platform to
use a default value of 512KB memory allocated in the
TZC RAM section.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I92bc55ba6e04bdad429eb52f0d2960ceda682804

show more ...

Merge changes from topic "rss/mboot-attest" into integration

* changes:
docs(maintainers): add PSA, MHU, RSS comms code owners
feat(plat/arm/fvp): enable RSS backend based measured boot
feat(l

Merge changes from topic "rss/mboot-attest" into integration

* changes:
docs(maintainers): add PSA, MHU, RSS comms code owners
feat(plat/arm/fvp): enable RSS backend based measured boot
feat(lib/psa): mock PSA APIs
feat(drivers/measured_boot): add RSS backend
feat(drivers/arm/rss): add RSS communication driver
feat(lib/psa): add initial attestation API
feat(lib/psa): add measured boot API
feat(drivers/arm/mhu): add MHU driver

show more ...

feat(plat/arm/fvp): enable RSS backend based measured boot

Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with

feat(plat/arm/fvp): enable RSS backend based measured boot

Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with success and hard-code data.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I7543e9033a7a21f1b836d911d8d9498c6e09b956

show more ...

Merge "feat(brbe): add BRBE support for NS world" into integration

feat(brbe): add BRBE support for NS world

This patch enables access to the branch record buffer control registers
in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS.
It is disab

feat(brbe): add BRBE support for NS world

This patch enables access to the branch record buffer control registers
in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS.
It is disabled for all secure world, and cannot be used with ENABLE_RME.

This option is disabled by default, however, the FVP platform makefile
enables it for FVP builds.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I576a49d446a8a73286ea6417c16bd0b8de71fca0

show more ...

Merge changes from topic "refactor-hw-config-load" into integration

* changes:
docs(fvp): update loading addresses of HW_CONFIG
docs(fconf): update device tree binding for FCONF
feat(fvp): upd

Merge changes from topic "refactor-hw-config-load" into integration

* changes:
docs(fvp): update loading addresses of HW_CONFIG
docs(fconf): update device tree binding for FCONF
feat(fvp): update HW_CONFIG DT loading mechanism
refactor(st): update set_config_info function call
refactor(fvp_r): update set_config_info function call
refactor(arm): update set_config_info function call
feat(fconf): add NS load address in configuration DTB nodes

show more ...

feat(fvp): update HW_CONFIG DT loading mechanism

Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue sinc

feat(fvp): update HW_CONFIG DT loading mechanism

Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue since no software runs in non-secure world at this time
(non-secure world has not been started yet).

It does not provide a guarantee though since malicious external
NS-agents can take control of this memory region for update/corruption
after BL2 loads it and before BL31/BL32/SP_MIN consumes it. The threat
is mapped to Threat ID#3 (Bypass authentication scenario) in threat
model [1].

Hence modified the code as below -
1. BL2 loads the HW_CONFIG into secure memory
2. BL2 makes a copy of the HW_CONFIG in the non-secure memory at an
address provided by the newly added property(ns-load-address) in
the 'hw-config' node of the FW_CONFIG
3. SP_MIN receives the FW_CONFIG address from BL2 via arg1 so that
it can retrieve details (address and size) of HW_CONFIG from
FW_CONFIG
4. A secure and non-secure HW_CONFIG address will eventually be used
by BL31/SP_MIN/BL32 and BL33 components respectively
5. BL31/SP_MIN dynamically maps the Secure HW_CONFIG region and reads
information from it to local variables (structures) and then
unmaps it
6. Reduce HW_CONFIG maximum size from 16MB to 1MB; it appears
sufficient, and it will also create a free space for any future
components to be added to memory

[1]: https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html

Change-Id: I1d431f3e640ded60616604b1c33aa638b9a1e55e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "rme-attest" into integration

* changes:
feat(rme): add dummy realm attestation key to RMMD
feat(rme): add dummy platform token to RMMD

feat(rme): add dummy realm attestation key to RMMD

Add a dummy realm attestation key to RMMD, and return it on request.
The realm attestation key is requested with an SMC with the following
paramete

feat(rme): add dummy realm attestation key to RMMD

Add a dummy realm attestation key to RMMD, and return it on request.
The realm attestation key is requested with an SMC with the following
parameters:
* Fid (0xC400001B2).
* Attestation key buffer PA (the realm attestation key is copied
at this address by the monitor).
* Attestation key buffer length as input and size of realm
attesation key as output.
* Type of elliptic curve.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I12d8d98fd221f4638ef225c9383374ddf6e65eac

show more ...

feat(rme): add dummy platform token to RMMD

Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC4000

feat(rme): add dummy platform token to RMMD

Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC40001B3).
* Platform token PA (the platform token is copied at this address by
the monitor). The challenge object needs to be passed by
the caller in this buffer.
* Platform token len.
* Challenge object len.

When calling the SMC, the platform token buffer received by EL3 contains
the challenge object. It is not used on the FVP and is only printed to
the log.

Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I8b2f1d54426c04e76d7a3baa6b0fbc40b0116348

show more ...

Merge changes from topic "spectre_bhb" into integration

* changes:
fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57
fix(security): workaround for CVE-2022-23960 for Cortex-A57, Co

Merge changes from topic "spectre_bhb" into integration

* changes:
fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57
fix(security): workaround for CVE-2022-23960 for Cortex-A57, Cortex-A72
fix(fvp): disable reclaiming init code by default

show more ...

fix(fvp): disable reclaiming init code by default

In anticipation of Spectre BHB workaround mitigation patches, we
disable the RECLAIM_INIT_CODE for FVP platform. Since the spectre
BHB mitigation wo

fix(fvp): disable reclaiming init code by default

In anticipation of Spectre BHB workaround mitigation patches, we
disable the RECLAIM_INIT_CODE for FVP platform. Since the spectre
BHB mitigation workarounds inevitably increase the size of the various
segments due to additional instructions and/or macros, these segments
cannot be fit in the existing memory layout designated for BL31 image.
The issue is specifically seen in complex build configs for FVP
platform. One such config has TBB with Dual CoT and test secure
payload dispatcher(TSPD) enabled. Even a small increase in individual
segment size in order of few bytes might lead to build fails due to
alignment requirements(PAGE_ALIGN to 4KB).

This is needed to workaround the following build failures observed
across multiple build configs:

aarch64-none-elf-ld.bfd: BL31 init has exceeded progbits limit.

aarch64-none-elf-ld.bfd: /work/workspace/workspace/tf-worker_ws_2/trusted_firmware/build/fvp/debug/bl31/bl31.elf section coherent_ram will not fit in region RAM
aarch64-none-elf-ld.bfd: BL31 image has exceeded its limit.
aarch64-none-elf-ld.bfd: region RAM overflowed by 4096 bytes

Change-Id: Idfab539e9a40f4346ee11eea1e618c97e93e19a1
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge "feat(cpu): add library support for Poseidon CPU" into integration

feat(cpu): add library support for Poseidon CPU

This patch adds the basic CPU library code to support the Poseidon CPU
in TF-A. Poseidon is derived from HunterELP core, an implementation of
v9.2 arc

feat(cpu): add library support for Poseidon CPU

This patch adds the basic CPU library code to support the Poseidon CPU
in TF-A. Poseidon is derived from HunterELP core, an implementation of
v9.2 architecture. Currently, Hunter CPU the predecessor to HunterELP,
is supported in TF-A. Accordingly the Hunter CPU library code has been
as the base and adapted here.

Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I406b4de156a67132e6a5523370115aaac933f18d

show more ...

Merge changes from topic "decouple-tb-mb" into integration

* changes:
refactor(renesas): disable CRYPTO_SUPPORT option
refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
refactor(me

Merge changes from topic "decouple-tb-mb" into integration

* changes:
refactor(renesas): disable CRYPTO_SUPPORT option
refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot
build: introduce CRYPTO_SUPPORT build option

show more ...