Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG
feat(plat/fvp): pass Event Log addr and size from BL1 to BL2
feat(measured_boot): update tb_fw_config with event log properties
feat(measured_boot): image hash measurement and recording in BL1
refactor(measured boot): remove platform calls from Event Log driver
refactor(measured_boot): remove passing of BL2 hash via device tree
refactor(measured boot): move BL2 measurement to platform layer
refactor(measured boot): rename add_event2()
refactor(measured boot): move image measurement to generic layer
build(measured boot): rename measured boot makefile
feat(measured boot): move init and teardown functions to platform layer
refactor(measured boot): rename tpm_record_measurement()

show more ...

refactor(measured_boot): remove passing of BL2 hash via device tree

Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to ado

refactor(measured_boot): remove passing of BL2 hash via device tree

Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.

Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME

show more ...

refactor(gpt): productize and refactor GPT library

This patch updates and refactors the GPT library and fixes bugs.

- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are

refactor(gpt): productize and refactor GPT library

This patch updates and refactors the GPT library and fixes bugs.

- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are set at runtime, L0GPTSZ is read from GPCCR_EL3.
- Use compiler definitions to simplify code.
- Renaming functions to better suit intended uses.
- MMU enabled before GPT APIs called.
- Add comments to make function usage more clear in GPT library.
- Added _rme suffix to file names to differentiate better from the
GPT file system code.
- Renamed gpt_defs.h to gpt_rme_private.h to better separate private
and public code.
- Renamed gpt_core.c to gpt_rme.c to better conform to TF-A precedent.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I4cbb23b0f81e697baa9fb23ba458aa3f7d1ed919

show more ...

feat(plat/arm): add GPT initialization code for Arm platforms

When RME is enabled, during configuration of the TrustZone controller,
Root regions are initially configured as Secure regions, and Real

feat(plat/arm): add GPT initialization code for Arm platforms

When RME is enabled, during configuration of the TrustZone controller,
Root regions are initially configured as Secure regions, and Realm
regions as Non-secure regions. Then later these regions are configured
as Root and Realm regions respectively in the GPT. According to the RME
architecture reference manual, Root firmware must ensure that Granule
Protection Check is enabled before enabling any stage of translation.
Therefore initializations are done as follows when RME is enabled :

Initialize/enable the TrustZone controller (plat_arm_security_setup) -->
Initialize/enable GPC (arm_bl2_plat_gpt_setup) -->
enable MMU (enable_mmu_el3)

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I91094e8259079437bee02de1f65edb9ad51e43cf

show more ...

feat(plat/fvp): add memory map for FVP platform for FEAT_RME

When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch intro

feat(plat/fvp): add memory map for FVP platform for FEAT_RME

When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch introduces new carveouts for the Trusted SRAM and DRAM
for the FVP platform accordingly.

The following new regions are introduced with this change:

ARM_MAP_L0_GPT_REGION: Trusted SRAM region used to store Level 0
Granule Protection Table (GPT). This region resides in the Root PAS.

ARM_MAP_GPT_L1_DRAM: DRAM region used to store Level 1 GPT. It
resides in the Root PAS.

ARM_MAP_RMM_DRAM: DRAM region used to store RMM image. It
resides in the Realm PAS.

The L0 GPT is stored on Trusted SRAM next to firmware configuration
memory. The DRAM carveout when RME is enable is modified as follow:

--------------------
| |
| AP TZC (~28MB) |
--------------------
| |
| REALM (32MB) |
--------------------
| |
| EL3 TZC (3MB) |
--------------------
| L1 GPT + SCP TZC |
| (~1MB) |
0xFFFF_FFFF --------------------

During initialization of the TrustZone controller, Root regions
are configured as Secure regions. Then they are later reconfigured
to Root upon GPT initialization.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: If2e257141d51f51f715b70d4a06f18af53607254

show more ...

refactor(plat/arm): modify memory region attributes to account for FEAT_RME

If FEAT_RME is enabled, EL3 runs in the Root world as opposed to
Secure world. This patch changes EL3 memory region attrib

refactor(plat/arm): modify memory region attributes to account for FEAT_RME

If FEAT_RME is enabled, EL3 runs in the Root world as opposed to
Secure world. This patch changes EL3 memory region attributes for
Arm platforms accordingly.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ie176f8b440ff34330e4e44bd3bf8d9703b3892ff

show more ...

Merge "build(bl2): enable SP pkg loading for S-EL1 SPMC" into integration

build(bl2): enable SP pkg loading for S-EL1 SPMC

Currently the SP package loading mechanism is only enabled when S-EL2
SPMC is selected. Remove this limitation.

Signed-off-by: Balint Dobszay <balin

build(bl2): enable SP pkg loading for S-EL1 SPMC

Currently the SP package loading mechanism is only enabled when S-EL2
SPMC is selected. Remove this limitation.

Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: I5bf5a32248e85a26d0345cacff7d539eed824cfc

show more ...

Merge changes from topic "fw-update-2" into integration

* changes:
feat(sw_crc32): add software CRC32 support
refactor(hw_crc32): renamed hw_crc32 to tf_crc32
feat(fwu): avoid booting with an

Merge changes from topic "fw-update-2" into integration

* changes:
feat(sw_crc32): add software CRC32 support
refactor(hw_crc32): renamed hw_crc32 to tf_crc32
feat(fwu): avoid booting with an alternate boot source
docs(fwu): add firmware update documentation
feat(fwu): avoid NV counter upgrade in trial run state
feat(plat/arm): add FWU support in Arm platforms
feat(fwu): initialize FWU driver in BL2
feat(fwu): add FWU driver
feat(fwu): introduce FWU platform-specific functions declarations
docs(fwu_metadata): add FWU metadata build options
feat(fwu_metadata): add FWU metadata header and build options

show more ...

feat(plat/arm): add FWU support in Arm platforms

Added firmware update support in Arm platforms by using
FWU platform hooks and compiling FWU driver in BL2
component.

Change-Id: I71af06c09d95c2c58e

feat(plat/arm): add FWU support in Arm platforms

Added firmware update support in Arm platforms by using
FWU platform hooks and compiling FWU driver in BL2
component.

Change-Id: I71af06c09d95c2c58e3fd766c4a61c5652637151
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "fw-update" into integration

* changes:
docs: add build options for GPT support enablement
feat(plat/arm): add GPT parser support

feat(plat/arm): add GPT parser support

Added GPT parser support in BL2 for Arm platforms to get the entry
address and length of the FIP in the GPT image.

Also, increased BL2 maximum size for FVP pl

feat(plat/arm): add GPT parser support

Added GPT parser support in BL2 for Arm platforms to get the entry
address and length of the FIP in the GPT image.

Also, increased BL2 maximum size for FVP platform to successfully
compile ROM-enabled build with this change.

Verified this change using a patch:
https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/9654

Change-Id: Ie8026db054966653b739a82d9ba106d283f534d0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "bl1-misra" into integration

* changes:
Specify signed-ness of constants
Prevent colliding identifiers

Prevent colliding identifiers

There was a collision between the name of the typedef in the CASSERT and
something else, so we make the name of the typedef unique to the
invocation of DEFFINE_SVC_UUID

Prevent colliding identifiers

There was a collision between the name of the typedef in the CASSERT and
something else, so we make the name of the typedef unique to the
invocation of DEFFINE_SVC_UUID2 by appending the name that's passed into
the macro. This eliminates the following MISRA violation:

bl1/bl1_main.c:233:[MISRA C-2012 Rule 5.6 (required)] Identifier
"invalid_svc_uuid" is already used to represent a typedef.

This also resolves MISRA rule 5.9.

These renamings are as follows:
* tzram -> secram. This matches the function call name as it has
sec_mem in it's name
* fw_config_base -> config_base. This file does not mess with
hw_conig, so there's little chance of confusion

Change-Id: I8734ba0956140c8e29b89d0596d10d61a6ef351e
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>

show more ...

Merge changes from topic "tf-cleanup" into integration

* changes:
plat/arm: Move fconf population after the enablement of MMU
lib/fconf: Update 'set_fw_config_info' function
lib/fconf: Update

Merge changes from topic "tf-cleanup" into integration

* changes:
plat/arm: Move fconf population after the enablement of MMU
lib/fconf: Update 'set_fw_config_info' function
lib/fconf: Update data type of config max size
plat/arm: Check the need for firmware update only once
plat/arm: sgm: Use consistent name for tb fw config node

show more ...

plat/arm: Move fconf population after the enablement of MMU

In BL2, fw_config's population happened before the cache gets
enabled.
Hence to boost the performance, moved fw_config's population
after

plat/arm: Move fconf population after the enablement of MMU

In BL2, fw_config's population happened before the cache gets
enabled.
Hence to boost the performance, moved fw_config's population
after cache gets enabled (i.e. after MMU gets enabled).

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2e75cabd76b1cb7a660f6b72f409ab40d2877284

show more ...

Merge changes from topics "af/add_measured_boot_bl1_bl2", "af/add_measured_boot_driver", "af/add_measured_boot_driver_support", "af/add_measured_boot_fconf", "af/add_measured_boot_fvp" into integrati

Merge changes from topics "af/add_measured_boot_bl1_bl2", "af/add_measured_boot_driver", "af/add_measured_boot_driver_support", "af/add_measured_boot_fconf", "af/add_measured_boot_fvp" into integration

* changes:
plat/arm/board/fvp: Add support for Measured Boot
TF-A: Add support for Measured Boot driver to FCONF
TF-A: Add support for Measured Boot driver in BL1 and BL2
TF-A: Add Event Log for Measured Boot
TF-A: Add support for Measured Boot driver

show more ...

TF-A: Add support for Measured Boot driver

This patch adds support for Measured Boot driver functionality
in common Arm platform code.

Change-Id: If049dcf8d847c39023b77c0d805a8cf5b8bcaa3e
Signed-of

TF-A: Add support for Measured Boot driver

This patch adds support for Measured Boot driver functionality
in common Arm platform code.

Change-Id: If049dcf8d847c39023b77c0d805a8cf5b8bcaa3e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge "plat/arm: Add assert for the valid address of dtb information" into integration

plat/arm: Add assert for the valid address of dtb information

Added assert in the code to check valid address of dtb information
structure retrieved from fw_config device tree.
This patch fixes cove

plat/arm: Add assert for the valid address of dtb information

Added assert in the code to check valid address of dtb information
structure retrieved from fw_config device tree.
This patch fixes coverity defect:360213.

Also, removed conditional calling of "fconf_populate" as "fconf_populate"
function already checks the validity of the device tree address received
and go to panic in case of address is NULL.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib83e4e84a95e2456a12c7a2bb3fe70461d882cba

show more ...

Merge changes from topic "fw_config_handoff" into integration

* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/a

Merge changes from topic "fw_config_handoff" into integration

* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree

show more ...

plat/arm: Load and populate fw_config and tb_fw_config

Modified the code to do below changes:

1. Load tb_fw_config along with fw_config by BL1.
2. Populate fw_config device tree information in the

plat/arm: Load and populate fw_config and tb_fw_config

Modified the code to do below changes:

1. Load tb_fw_config along with fw_config by BL1.
2. Populate fw_config device tree information in the
BL1 to load tb_fw_config.
3. In BL2, populate fw_config information to retrieve
the address of tb_fw_config and then tb_fw_config
gets populated using retrieved address.
4. Avoid processing of configuration file in case of error
value returned from "fw_config_load" function.
5. Updated entrypoint information for BL2 image so
that it's arg0 should point to fw_config address.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c

show more ...

fconf: Clean confused naming between TB_FW and FW_CONFIG

Cleaned up confused naming between TB_FW and FW_CONFIG.

Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V B

fconf: Clean confused naming between TB_FW and FW_CONFIG

Cleaned up confused naming between TB_FW and FW_CONFIG.

Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9e9f6e6ca076d38fee0388f97d370431ae067f08

show more ...

Merge "spmd: skip loading of secure partitions on pre-v8.4 platforms" into integration