feat(fvp): add CCA CoT in DTB support

Adding support for CCA CoT in DTB. This makes it possible for BL2
to retrieve its chain of trust description from a configuration file
in DTB format. With this,

feat(fvp): add CCA CoT in DTB support

Adding support for CCA CoT in DTB. This makes it possible for BL2
to retrieve its chain of trust description from a configuration file
in DTB format. With this, the CoT description may be updated without
rebuilding BL2 image. This feature can be enabled by building BL2
with COT_DESC_IN_DTB=1 and COT=cca. The default behaviour remains to
embed the CoT description into BL2 image.

Change-Id: I5912aad5ae529281a93a76e6b8f4b89d867445fe
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

show more ...

Merge "refactor(juno): move plat_def_uuid_config to fiptool" into integration

fix(rotpk): move rotpk definitions out of arm_def.h

The file arm_def.h currently contains common definitions used by ARM
platforms. However, some platforms may have their own definitions,
allowing t

fix(rotpk): move rotpk definitions out of arm_def.h

The file arm_def.h currently contains common definitions used by ARM
platforms. However, some platforms may have their own definitions,
allowing them to avoid a direct dependency on arm_def.h. For a clean
platform port of arm_def.h, none of the source files should directly
include arm_def.h; instead, they should include the platform header
which would indirectly include the required definitions.

Presently, the rotpk module has a source file that directly includes
arm_def.h. This could lead to compilation issues if the platform
incorporating the rotpk module has a separate implementation of some or
all of the definitions in arm_def.h file. To address this, move the
relevant definitions out of arm_def.h and into rotpk_def.h.

Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: I9e8b0d319391f9a167af5c69a7b2d42ac488e7b4

show more ...

refactor(juno): move plat_def_uuid_config to fiptool

The same was done for other platforms: stm32mp1, tc before in
commit 034a2e3ef8a9e8e58f7cb7fab6db4ee60b2f9c29 ('refactor(fiptool):
move plat_fipt

refactor(juno): move plat_def_uuid_config to fiptool

The same was done for other platforms: stm32mp1, tc before in
commit 034a2e3ef8a9e8e58f7cb7fab6db4ee60b2f9c29 ('refactor(fiptool):
move plat_fiptool.mk to tools')

Additionally this will make ignore generated files:

Untracked files:
plat/arm/board/juno/fip/plat_def_uuid_config.d
plat/arm/board/juno/fip/plat_def_uuid_config.o

Signed-off-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Change-Id: Ia5f1082fcd6d9dfc0be012759493e61ddb869956

show more ...

fix(sgi): apply workarounds for N2 CPU erratum

For RD-N2 and variant platforms, enable workarounds available for the
N2 CPU erratum.

Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id

fix(sgi): apply workarounds for N2 CPU erratum

For RD-N2 and variant platforms, enable workarounds available for the
N2 CPU erratum.

Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: Ib0240f56813a913309e5a6a1902e2990979e9617

show more ...

feat(rdn2): update power message value to 0

Standalone MM used by RD-N2 platfrom does not have power messaging
support. Set the value to 0.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Ch

feat(rdn2): update power message value to 0

Standalone MM used by RD-N2 platfrom does not have power messaging
support. Set the value to 0.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: Icdb16ea1976ce751071ce3df0e4bd86f3fb8ab8b

show more ...

fix(tc): guard PSA crypto headers under TF-M test-suite define

The inclusion of PSA crypto headers is specifically required
during the building of TF-M test-suite platform tests for TC2.
Hence guard

fix(tc): guard PSA crypto headers under TF-M test-suite define

The inclusion of PSA crypto headers is specifically required
during the building of TF-M test-suite platform tests for TC2.
Hence guarded the inclusion of these headers under the define
PLATFORM_TEST_TFM_TESTSUITE.

Change-Id: Ia5dcadb93f308d2248d9768d373a87316ceb983c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(tc): provide a mock mbedtls-random generation function

Simulated the utilization of an external RNG through the
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG configuration option in mbedTLS.
Consequently, an

feat(tc): provide a mock mbedtls-random generation function

Simulated the utilization of an external RNG through the
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG configuration option in mbedTLS.
Consequently, an implementation of mbedtls_psa_external_get_random()
is provided. Given the absence of actual external RNG support,
we provide a mock implementation by utilizing the system counter to
fill the the buffer to provide a random number, specifically tailored
for the use exclusively within the TF-M testsuite.
While this method is not ideal for generating random numbers,
alternatives like the 'rand' library function are not feasible due to
lack of support in TF-A. Additionally, the architectural 'rand'
instruction is not viable, as it is only supported for platforms with
Armv8.5-a+ architecture as an optional feature.
mbedtls_psa_external_get_random() function comes into play during the
exportation of the public portion of the delegated attestation key.

This helps in using mbedTLS-3.4.1 for running the delegated attestation
tests on TC platform.

Change-Id: Ifcf4e3231aad93595e00c353a4b0c606c0ef9fc2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(ff-a): update FF-A version to v1.2

Bump the required FF-A version in framework and manifests to v1.2 as
upstream feature development goes.

Signed-off-by: Kathleen Capella <kathleen.capella@arm

feat(ff-a): update FF-A version to v1.2

Bump the required FF-A version in framework and manifests to v1.2 as
upstream feature development goes.

Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Change-Id: I09d936d4aad89965cfd13f58741d647223b63a34

show more ...

Merge changes from topic "ns/spmc_at_el3" into integration

* changes:
feat(rdn2): add dts for secure partition
feat(el3-spmc): synchronize access to the s-el0 sp context
feat(el3-spmc): add su

Merge changes from topic "ns/spmc_at_el3" into integration

* changes:
feat(rdn2): add dts for secure partition
feat(el3-spmc): synchronize access to the s-el0 sp context
feat(el3-spmc): add support to map S-EL0 SP device regions
feat(el3-spmc): add support to map S-EL0 SP memory regions
feat(el3-spmc): add support for FFA_MEM_PERM_GET and SET ABIs
feat(el3-spmc): add support to setup S-EL0 context

show more ...

feat(rdn2): add dts for secure partition

This patch adds dts for Standalone MM used as S-EL0 SP on RD-N2
platform.

Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Nish

feat(rdn2): add dts for secure partition

This patch adds dts for Standalone MM used as S-EL0 SP on RD-N2
platform.

Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I9f1a6825d43f8be1c4bdeb98d9d7267b595e2b76

show more ...

feat(neoverse): enable NEOVERSE_Nx_EXTERNAL_LLC flag

Neoverse reference design platforms include a system level cache in the
interconnect and that is the last level cache. So enable the build flag
'

feat(neoverse): enable NEOVERSE_Nx_EXTERNAL_LLC flag

Neoverse reference design platforms include a system level cache in the
interconnect and that is the last level cache. So enable the build flag
'NEOVERSE_Nx_EXTERNAL_LLC' for all the Neoverse reference design
platforms.

Change-Id: I813b3ef7ea7dc4e335b44a88e019d8c56f05f4ac
Signed-off-by: Nuno Lopes <nuno.lopes@arm.com>

show more ...

Merge changes from topic "mb/deprecate-rss-for-fvp" into integration

* changes:
refactor(fvp): remove RSS usage
refactor(rss)!: remove PLAT_RSS_NOT_SUPPORTED build option

refactor(tc): deprecate Arm TC1 FVP platform

Arm has made the strategic decision to deprecate the TC1 platform.
Consequently, software development and the creation of fast models
for the TC1 platfor

refactor(tc): deprecate Arm TC1 FVP platform

Arm has made the strategic decision to deprecate the TC1 platform.
Consequently, software development and the creation of fast models
for the TC1 platform have been officially discontinued.
The TC1 platform, now considered obsolete, has been succeeded by
the TC2 platform. It's noteworthy that the TC2 platform is already
integrated and supported in both TF-A and CI repositories.

Change-Id: Ia196a5fc975b4dbf3c913333daf595199968d95d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

refactor(fvp): remove RSS usage

Removed RSS usage from the Base AEM FVP platform, as it wasn't
functional on this platform. The Base AEM FVP platform lacks
support for RSS.
Instead, the TC2 platform

refactor(fvp): remove RSS usage

Removed RSS usage from the Base AEM FVP platform, as it wasn't
functional on this platform. The Base AEM FVP platform lacks
support for RSS.
Instead, the TC2 platform with RSS is available for actual RSS
interface implementation and testing.

Change-Id: I8f68157319399ab526f9e851b26dba903db5c2e7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

chore(auth)!: remove CryptoCell-712/713 support

CryptoCell-712 and CryptoCell-713 drivers have been deprecated since
TF-A v2.9 and their removal was announced for TF-A v2.10 release.
See [1].

As th

chore(auth)!: remove CryptoCell-712/713 support

CryptoCell-712 and CryptoCell-713 drivers have been deprecated since
TF-A v2.9 and their removal was announced for TF-A v2.10 release.
See [1].

As the release is approaching, this patch deletes these drivers' code as
well as all references to them in the documentation and Arm platforms
code (Nuvoton platform is taken care in a subsequent patch). Associated
build options (ARM_CRYPTOCELL_INTEG and PLAT_CRYPTOCELL_BASE) have also
been removed and thus will have no effect if defined.

This is a breaking change for downstream platforms which use these
drivers.

[1] https://trustedfirmware-a.readthedocs.io/en/v2.9/about/release-information.html#removal-of-deprecated-drivers
Note that TF-A v3.0 release later got renumbered into v2.10.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Idabbc9115f6732ac1a0e52b273d3380677a39813

show more ...

feat(morello): add TF-A version string to NT_FW_CONFIG

TF-A version string is passed into NT_FW_CONFIG to allow access in
UEFI.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Change-Id: I9da7b9

feat(morello): add TF-A version string to NT_FW_CONFIG

TF-A version string is passed into NT_FW_CONFIG to allow access in
UEFI.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Change-Id: I9da7b93d30c9d9230ea9a2cd2730cde897ffc580

show more ...

feat(morello): set NT_FW_CONFIG properties for MCC, PCC and SCP version

SDS firmware version structure is added with MCC, PCC and SCP firmware
version members. These are set in NT_FW_CONFIG to provi

feat(morello): set NT_FW_CONFIG properties for MCC, PCC and SCP version

SDS firmware version structure is added with MCC, PCC and SCP firmware
version members. These are set in NT_FW_CONFIG to provide access to
firmware version information in UEFI.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Change-Id: Ib0c476e54ef428fb7904f0de5c6f4df6a5fbd7db

show more ...

Merge changes from topic "mp/exceptions" into integration

* changes:
docs(ras): update RAS documentation
docs(el3-runtime): update BL31 exception vector handling
fix(el3-runtime): restrict low

Merge changes from topic "mp/exceptions" into integration

* changes:
docs(ras): update RAS documentation
docs(el3-runtime): update BL31 exception vector handling
fix(el3-runtime): restrict lower el EA handlers in FFH mode
fix(ras): remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT
fix(ras): restrict ENABLE_FEAT_RAS to have only two states
feat(ras): use FEAT_IESB for error synchronization
feat(el3-runtime): modify vector entry paths

show more ...

fix(ras): remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT

This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
inter

fix(ras): remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT

This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
internal macro FFH_SUPPORT which gets enabled when platforms wants
to enable lower EL EA handling at EL3. The internal macro FFH_SUPPORT
will be automatically enabled if HANDLE_EA_EL3_FIRST_NS is enabled.
FFH_SUPPORT along with ENABLE_FEAT_RAS will be used in source files
to provide equivalent check which was provided by RAS_FFH_SUPPORT
earlier. In generic code we needed a macro which could abstract both
HANDLE_EA_EL3_FIRST_NS and RAS_FFH_SUPPORT macros that had limitations.
Former was tied up with NS world only while the latter was tied to RAS
feature.

This is to allow Secure/Realm world to have their own FFH macros
in future.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5692ccbf462f5dcc3f005a5beea5aa35124ac73

show more ...

Merge changes from topic "hst/cs1k-add-gpt-support" into integration

* changes:
feat(bl2): add gpt support
fix(corstone-1000): modify boot device dependencies
fix(corstone-1000): removing the

Merge changes from topic "hst/cs1k-add-gpt-support" into integration

* changes:
feat(bl2): add gpt support
fix(corstone-1000): modify boot device dependencies
fix(corstone-1000): removing the signature area

show more ...

fix(ras): restrict ENABLE_FEAT_RAS to have only two states

As part of migrating RAS extension to feature detection mechanism, the
macro ENABLE_FEAT_RAS was allowed to have dynamic detection (FEAT_ST

fix(ras): restrict ENABLE_FEAT_RAS to have only two states

As part of migrating RAS extension to feature detection mechanism, the
macro ENABLE_FEAT_RAS was allowed to have dynamic detection (FEAT_STATE
2). Considering this feature does impact execution of EL3 and we need
to know at compile time about the presence of this feature. Do not use
dynamic detection part of feature detection mechanism.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I23858f641f81fbd81b6b17504eb4a2cc65c1a752

show more ...

fix(corstone-1000): modify boot device dependencies

Modify boot device dependencies and remove the one's
which are not needed.

Change-Id: I71cd60558ab4bb5162afefad4f00d631c2308e72
Signed-off-by: Mo

fix(corstone-1000): modify boot device dependencies

Modify boot device dependencies and remove the one's
which are not needed.

Change-Id: I71cd60558ab4bb5162afefad4f00d631c2308e72
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>

show more ...

Merge changes from topic "hm/mpam" into integration

* changes:
fix(build): convert tabs and ifdef comparisons
fix(build): disable ENABLE_FEAT_MPAM for Aarch32

Merge "refactor(fvp): do not use RSS platform token and attestation key APIs" into integration