Merge changes from topics "fvp_rust_spmc", "juno_measured_boot", "juno_stmm_xferlist" into integration

* changes:
feat(juno): change preprocessor condition for plat_get_mbedtls_heap()
feat(juno)

Merge changes from topics "fvp_rust_spmc", "juno_measured_boot", "juno_stmm_xferlist" into integration

* changes:
feat(juno): change preprocessor condition for plat_get_mbedtls_heap()
feat(juno): change the FW_NS_HANDOFF_BASE
feat(juno): boot with TRANSFER_LIST
feat(juno): organize juno_stmm_manifest.dts
feat(fvp): increase PLAT_ARM_SPMC_SIZE for rust-spmc
feat(fvp): add StandaloneMm manifest for rust-spmc

show more ...

feat(juno): change preprocessor condition for plat_get_mbedtls_heap()

The implementation of plat_get_mbedtls_heap() is mandatory
not only when TRUSTED_BOARD_BOOT is enabled,
but also when MEASURED_B

feat(juno): change preprocessor condition for plat_get_mbedtls_heap()

The implementation of plat_get_mbedtls_heap() is mandatory
not only when TRUSTED_BOARD_BOOT is enabled,
but also when MEASURED_BOOT is enabled. But to use either
TRUSTED_BOARD_BOOT or MEASURED_BOOT, it should be
built with CRYPTO_SUPPORT.

Therefore, change the preprocessor condition for
plat_get_mbedtls_heap() with CRYPTO_SUPPORT and
move this function to juno_common.c

Change-Id: I8ec9eaa87f58b760b47c5245b3bca234a9a77075
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>

show more ...

Merge "feat(juno): support StandaloneMm" into integration

feat(juno): support StandaloneMm

Support StandaloneMm in Juno platform.
When Juno using StandaloneMm, last 2MB area of norflash0 is used by
StandaloneMm only and that area shouldn't be accessed by n

feat(juno): support StandaloneMm

Support StandaloneMm in Juno platform.
When Juno using StandaloneMm, last 2MB area of norflash0 is used by
StandaloneMm only and that area shouldn't be accessed by normal world.
For this, add last 2MB area of norflash0 in TZC setting.

Change-Id: Ice63f13c34f452f2b8cb93ee88dc666632b84248
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>

show more ...

Merge changes from topic "ethos-n" into integration

* changes:
docs(maintainers): update NPU driver files
docs(ethos-n): update porting-guide.rst for NPU
feat(ethos-n): add separate RO and RW

Merge changes from topic "ethos-n" into integration

* changes:
docs(maintainers): update NPU driver files
docs(ethos-n): update porting-guide.rst for NPU
feat(ethos-n): add separate RO and RW NSAIDs
feat(ethos-n)!: add protected NPU firmware setup
feat(ethos-n): add stream extends and attr support
feat(ethos-n): add reserved memory address support
feat(ethos-n): add event and aux control support
feat(ethos-n): add SMC call to get FW properties
refactor(ethos-n): split up SMC call handling
feat(ethos-n): add NPU firmware validation
feat(ethos-n): add check for NPU in SiP setup
feat(ethos-n)!: load NPU firmware at BL2
feat(juno): support ARM_IO_IN_DTB option for Juno
fix(fconf): fix FCONF_ARM_IO_UUID_NUMBER value
fix(fvp): incorrect UUID name in FVP tb_fw_config
fix(ethos-n): add workaround for erratum 2838783
feat(ethos-n): add support for NPU to cert_create
feat(ethos-n): add NPU support in fiptool
feat(ethos-n): add support to set up NSAID
build(fiptool): add object dependency generation
feat(ethos-n): add NPU sleeping SMC call
feat(ethos-n): add multiple asset allocators
feat(ethos-n): add reset type to reset SMC calls
feat(ethos-n): add protected NPU TZMP1 regions
build(ethos-n): add TZMP1 build flag

show more ...

feat(ethos-n): add protected NPU TZMP1 regions

TZMP1 protected memory regions have been added in the Juno platform to
store sensitive data for the Arm(R) Ethos(TM)-N NPU
This is enabled when buildin

feat(ethos-n): add protected NPU TZMP1 regions

TZMP1 protected memory regions have been added in the Juno platform to
store sensitive data for the Arm(R) Ethos(TM)-N NPU
This is enabled when building TF-A with ARM_ETHOSN_NPU_TZMP1.

The NPU uses two protected memory regions:
1) Firmware region to protect the NPU's firmware from being modified
from the non-secure world
2) Data region for sensitive data used by the NPU

Respective memory region can only be accessed with their unique NSAID.

Signed-off-by: Bjorn Engstrom <bjoern.engstroem@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Change-Id: I65200047f10364ca18681ce348a6edb2ffb9b095

show more ...

build(ethos-n): add TZMP1 build flag

For the Arm(R) Ethos(TM)-N NPU Driver to support running inference with
protected memory the TZC must be configured with appropriate regions.

This is controlled

build(ethos-n): add TZMP1 build flag

For the Arm(R) Ethos(TM)-N NPU Driver to support running inference with
protected memory the TZC must be configured with appropriate regions.

This is controlled in build time by the now added build flag.

The new build flag is only supported with the Arm Juno platform and the
TZC is configured with default memory regions as if TZMP1 wasn't
enabled to facilitate adding the new memory regions later.

Signed-off-by: Bjorn Engstrom <bjoern.engstroem@arm.com>
Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I9dc49ac5d091cfbc8c20d7c3ab394a2836438b0f

show more ...

Merge "refactor(juno): disable non-invasive debug of secure state" into integration

refactor(juno): disable non-invasive debug of secure state

Disable non-invasive debug of secure state for Juno
in release builds. This makes sure that PMU counts
only Non-secure events.

Signed-off-

refactor(juno): disable non-invasive debug of secure state

Disable non-invasive debug of secure state for Juno
in release builds. This makes sure that PMU counts
only Non-secure events.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I0d1c3f96f3b4e48360a7211ae55851d65d291025

show more ...

Merge changes I75f6d135,I4add470e,I0ecd3a2b,I67a63d73 into integration

* changes:
board/rddaniel: intialize tzc400 controllers
plat/arm/tzc: add support to configure multiple tzc400
plat/arm:

Merge changes I75f6d135,I4add470e,I0ecd3a2b,I67a63d73 into integration

* changes:
board/rddaniel: intialize tzc400 controllers
plat/arm/tzc: add support to configure multiple tzc400
plat/arm: allow boards to specify second DRAM Base address
plat/arm: allow boards to define PLAT_ARM_TZC_FILTERS

show more ...

plat/arm/tzc: add support to configure multiple tzc400

For platforms that have two or more TZC400 controllers instantiated,
allow the TZC400 driver to be usable with all those instances.
This is ach

plat/arm/tzc: add support to configure multiple tzc400

For platforms that have two or more TZC400 controllers instantiated,
allow the TZC400 driver to be usable with all those instances.
This is achieved by allowing 'arm_tzc400_setup' function to accept
the base address of the TZC400 controller.

Change-Id: I4add470e6ddb58432cd066145e644112400ab924
Signed-off-by: Suyash Pathak <suyash.pathak@arm.com>

show more ...

Merge changes from topic "lm/juno_dyn_cfg" into integration

* changes:
Juno: Use shared mbedtls heap between bl1 and bl2
Juno: add basic support for dynamic config

Juno: Use shared mbedtls heap between bl1 and bl2

Change-Id: Ia1ecad58ebf9de3f3a44b17ad1de57424b431125
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

Merge changes from topic "av/tls-heap" into integration

* changes:
Mbed TLS: Remove weak heap implementation
sgm: Fix bl2 sources

Mbed TLS: Remove weak heap implementation

The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.

The shared Mbed TLS heap def

Mbed TLS: Remove weak heap implementation

The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.

The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.

Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

show more ...

Merge pull request #1784 from antonio-nino-diaz-arm/an/includes-arm

plat/arm: Cleanup of includes and drivers

plat/arm: Sanitise includes

Use full include paths like it is done for common includes.

This cleanup was started in commit d40e0e08283a ("Sanitise includes
across codebase"), but it only cleaned co

plat/arm: Sanitise includes

Use full include paths like it is done for common includes.

This cleanup was started in commit d40e0e08283a ("Sanitise includes
across codebase"), but it only cleaned common files and drivers. This
patch does the same to Arm platforms.

Change-Id: If982e6450bbe84dceb56d464e282bcf5d6d9ab9b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1756 from antonio-nino-diaz-arm/an/header-deps

plat/arm: Fix header dependencies

plat/arm: Fix header dependencies

From now on, platform_def.h must include any header with definitions that
are platform-specific (like arm_def.h) and the included headers mustn't
include back platf

plat/arm: Fix header dependencies

From now on, platform_def.h must include any header with definitions that
are platform-specific (like arm_def.h) and the included headers mustn't
include back platform_def.h, and shouldn't be used by other files. Only
platform_def.h should be included in other files. This will ensure that all
needed definitions are present, rather than needing to include all the
headers in all the definitions' headers just in case.

This also prevents problems like cyclic dependencies.

Change-Id: I9d3cf4d1de4b956fa035c79545222697acdaf5ca
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1726 from antonio-nino-diaz-arm/an/includes

Sanitise includes across codebase

Sanitise includes across codebase

Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- inclu

Sanitise includes across codebase

Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}

The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).

For example, this patch had to be created because two headers were
called the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a282 ("drivers: add tzc380 support").

This problem was introduced in commit 4ecca33988b9 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.

Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.

Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1342 from Summer-ARM/sq/support-tzmp1

support tzmp1

Juno: Add support for TrustZone Media Protection 1 (TZMP1)

Add TZMP1 support on Juno and increase the BL2 size accordingly due to the
extra data structures to describe the TZC regions and the additi

Juno: Add support for TrustZone Media Protection 1 (TZMP1)

Add TZMP1 support on Juno and increase the BL2 size accordingly due to the
extra data structures to describe the TZC regions and the additional code.

Signed-off-by: Summer Qin <summer.qin@arm.com>

show more ...

plat/arm: Allow override of default TZC regions

This patch allows the ARM Platforms to specify the TZC regions to be
specified to the ARM TZC helpers in arm_tzc400.c and arm_tzc_dmc500.c.
If the reg

plat/arm: Allow override of default TZC regions

This patch allows the ARM Platforms to specify the TZC regions to be
specified to the ARM TZC helpers in arm_tzc400.c and arm_tzc_dmc500.c.
If the regions are not specified then the default TZC region will be
configured by these helpers.

This override mechanism allows specifying special regions for TZMP1
usecase.

Signed-off-by: Summer Qin <summer.qin@arm.com>

show more ...

Merge pull request #925 from dp-arm/dp/spdx

Use SPDX license identifiers