Merge changes I2c4e826f,I388e8dcd,I6fd20225 into integration

* changes:
chore(ethos-n): use non blocking soft reset on npu
docs(ethos-n): update build-options.rst
refactor(ethos-n): move build

Merge changes I2c4e826f,I388e8dcd,I6fd20225 into integration

* changes:
chore(ethos-n): use non blocking soft reset on npu
docs(ethos-n): update build-options.rst
refactor(ethos-n): move build flags to ethosn_npu.mk

show more ...

refactor(ethos-n): move build flags to ethosn_npu.mk

The build flags to enable the Arm(R) Ethos(TM)-N NPU driver are in arm
platform specific make files i.e. plat/arm/common/arm_common.mk. These
fla

refactor(ethos-n): move build flags to ethosn_npu.mk

The build flags to enable the Arm(R) Ethos(TM)-N NPU driver are in arm
platform specific make files i.e. plat/arm/common/arm_common.mk. These
flags are renamed and moved to ethosn_npu.mk. Other source and make
files are changed to reflect the changes in these flags.

Signed-off-by: Rajasekaran Kalidoss <rajasekaran.kalidoss@arm.com>
Change-Id: I6fd20225343c574cb5ac1f0f32ff2fc28ef37ea6

show more ...

Merge changes from topic "mp/feat_ras" into integration

* changes:
refactor(cpufeat): enable FEAT_RAS for FEAT_STATE_CHECKED
refactor(ras): replace RAS_EXTENSION with FEAT_RAS

refactor(ras): replace RAS_EXTENSION with FEAT_RAS

The current usage of RAS_EXTENSION in TF-A codebase is to cater for two
things in TF-A :
1. Pull in necessary framework and platform hooks for Firm

refactor(ras): replace RAS_EXTENSION with FEAT_RAS

The current usage of RAS_EXTENSION in TF-A codebase is to cater for two
things in TF-A :
1. Pull in necessary framework and platform hooks for Firmware first
handling(FFH) of RAS errors.
2. Manage the FEAT_RAS extension when switching the worlds.

FFH means that all the EAs from NS are trapped in EL3 first and signaled
to NS world later after the first handling is done in firmware. There is
an alternate way of handling RAS errors viz Kernel First handling(KFH).
Tying FEAT_RAS to RAS_EXTENSION build flag was not correct as the
feature is needed for proper handling KFH in as well.

This patch breaks down the RAS_EXTENSION flag into a flag to denote the
CPU architecture `ENABLE_FEAT_RAS` which is used in context management
during world switch and another flag `RAS_FFH_SUPPORT` to pull in
required framework and platform hooks for FFH.

Proper support for KFH will be added in future patches.

BREAKING CHANGE: The previous RAS_EXTENSION is now deprecated. The
equivalent functionality can be achieved by the following
2 options:
- ENABLE_FEAT_RAS
- RAS_FFH_SUPPORT

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I1abb9ab6622b8f1b15712b12f17612804d48a6ec

show more ...

Merge changes from topic "ethos-n" into integration

* changes:
docs(maintainers): update NPU driver files
docs(ethos-n): update porting-guide.rst for NPU
feat(ethos-n): add separate RO and RW

Merge changes from topic "ethos-n" into integration

* changes:
docs(maintainers): update NPU driver files
docs(ethos-n): update porting-guide.rst for NPU
feat(ethos-n): add separate RO and RW NSAIDs
feat(ethos-n)!: add protected NPU firmware setup
feat(ethos-n): add stream extends and attr support
feat(ethos-n): add reserved memory address support
feat(ethos-n): add event and aux control support
feat(ethos-n): add SMC call to get FW properties
refactor(ethos-n): split up SMC call handling
feat(ethos-n): add NPU firmware validation
feat(ethos-n): add check for NPU in SiP setup
feat(ethos-n)!: load NPU firmware at BL2
feat(juno): support ARM_IO_IN_DTB option for Juno
fix(fconf): fix FCONF_ARM_IO_UUID_NUMBER value
fix(fvp): incorrect UUID name in FVP tb_fw_config
fix(ethos-n): add workaround for erratum 2838783
feat(ethos-n): add support for NPU to cert_create
feat(ethos-n): add NPU support in fiptool
feat(ethos-n): add support to set up NSAID
build(fiptool): add object dependency generation
feat(ethos-n): add NPU sleeping SMC call
feat(ethos-n): add multiple asset allocators
feat(ethos-n): add reset type to reset SMC calls
feat(ethos-n): add protected NPU TZMP1 regions
build(ethos-n): add TZMP1 build flag

show more ...

feat(ethos-n): add NPU firmware validation

When the Arm(R) Ethos(TM)-N NPU driver is built with TZMP1 support, it
will now validate the NPU firmware binary that BL2 is expected to load
into the prot

feat(ethos-n): add NPU firmware validation

When the Arm(R) Ethos(TM)-N NPU driver is built with TZMP1 support, it
will now validate the NPU firmware binary that BL2 is expected to load
into the protected memory location specified by
ARM_ETHOSN_NPU_IMAGE_BASE.

Juno has been updated with a new BL31 memory mapping to allow the SiP
service to read the protected memory that contains the NPU firmware
binary.

Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I633256ab7dd4f8f5a6f864c8c98a66bf9dfc37f3

show more ...

feat(ethos-n)!: load NPU firmware at BL2

BL2 on Juno now loads the Arm(R) Ethos(TM)-N NPU firmware into a fixed
address, using the existing image loading framework.

Includes support for TRUSTED_BOA

feat(ethos-n)!: load NPU firmware at BL2

BL2 on Juno now loads the Arm(R) Ethos(TM)-N NPU firmware into a fixed
address, using the existing image loading framework.

Includes support for TRUSTED_BOARD_BOOT, if enabled, using the firmware
content and key certificates from the FIP.

Supports the ARM_IO_IN_DTB option so can specify the firmware location
from the dtb rather than it being hardcoded to the FIP

Update makefile to automatically embed the appropriate images into the
FIP.

BREAKING CHANGE: Building the FIP when TZMP1 support is enabled in the
NPU driver now requires a parameter to specify the NPU firmware file.

Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I8cd64fb20d58f8bd539facb085606213d6cead06

show more ...

build(ethos-n): add TZMP1 build flag

For the Arm(R) Ethos(TM)-N NPU Driver to support running inference with
protected memory the TZC must be configured with appropriate regions.

This is controlled

build(ethos-n): add TZMP1 build flag

For the Arm(R) Ethos(TM)-N NPU Driver to support running inference with
protected memory the TZC must be configured with appropriate regions.

This is controlled in build time by the now added build flag.

The new build flag is only supported with the Arm Juno platform and the
TZC is configured with default memory regions as if TZMP1 wasn't
enabled to facilitate adding the new memory regions later.

Signed-off-by: Bjorn Engstrom <bjoern.engstroem@arm.com>
Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I9dc49ac5d091cfbc8c20d7c3ab394a2836438b0f

show more ...

Merge "fix(pauth): make pauth_helpers linking generic" into integration

Merge "refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3" into integration

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is runnin

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).

BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.

Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>

show more ...

fix(pauth): make pauth_helpers linking generic

Pauth is a generic Arm feature that can be enabled on any platform that
implements it. It only needs a platform specific key generation hook. As
such,

fix(pauth): make pauth_helpers linking generic

Pauth is a generic Arm feature that can be enabled on any platform that
implements it. It only needs a platform specific key generation hook. As
such, the generic Pauth enablement can be included in the generic build.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ibf32f79addab3515214594bb8d7168151b450f59

show more ...

Merge "build(bl2): only set BL2_CPPFLAGS for armv8" into integration

build(bl2): only set BL2_CPPFLAGS for armv8

If ARM_ARCH_MAJOR is 9 and ARM_ARCH_MINOR is 0 we don't want need to
have "-march=armv8-a+crc" in BL2_CPPFLAGS.

Change-Id: I9ac11522fde00953da40b95eebf82

build(bl2): only set BL2_CPPFLAGS for armv8

If ARM_ARCH_MAJOR is 9 and ARM_ARCH_MINOR is 0 we don't want need to
have "-march=armv8-a+crc" in BL2_CPPFLAGS.

Change-Id: I9ac11522fde00953da40b95eebf82ff8ab2559ba
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>

show more ...

Merge "feat(ethos-n)!: add support for SMMU streams" into integration

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache before DLME launch
feat(drtm): invalidate icache before DLME launch
feat(drtm): ensure that passed region lies within Non-Secure region of DRAM
feat(fvp): add plat API to validate that passed region is non-secure
feat(drtm): ensure that no SDEI event registered during dynamic launch
feat(drtm): prepare EL state during dynamic launch
feat(drtm): prepare DLME data for DLME launch
feat(drtm): take DRTM components measurements before DLME launch
feat(drtm): add a few DRTM DMA protection APIs
feat(drtm): add remediation driver support in DRTM
feat(fvp): add plat API to set and get the DRTM error
feat(drtm): add Event Log driver support for DRTM
feat(drtm): check drtm arguments during dynamic launch
feat(drtm): introduce drtm dynamic launch function
refactor(measured-boot): split out a few Event Log driver functions
feat(drtm): retrieve DRTM features
feat(drtm): add platform functions for DRTM
feat(sdei): add a function to return total number of events registered
feat(drtm): add PCR entries for DRTM
feat(drtm): update drtm setup function
refactor(crypto): change CRYPTO_SUPPORT flag to numeric
feat(mbedtls): update mbedTLS driver for DRTM support
feat(fvp): add crypto support in BL31
feat(crypto): update crypto module for DRTM support
build(changelog): add new scope for mbedTLS and Crypto module
feat(drtm): add standard DRTM service
build(changelog): add new scope for DRTM service
feat(fvp): increase MAX_XLAT_TABLES entries for DRTM support
feat(fvp): increase BL31's stack size for DRTM support
feat(fvp): add platform hooks for DRTM DMA protection

show more ...

feat(fvp): add plat API to set and get the DRTM error

Added a platform function to set and get DRTM error.
Also, added a platform function to reset the system.

Signed-off-by: Manish V Badarkhe <Man

feat(fvp): add plat API to set and get the DRTM error

Added a platform function to set and get DRTM error.
Also, added a platform function to reset the system.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I471f2387f8c78b21a06af063a6fa02cda3646557

show more ...

feat(drtm): add Event Log driver support for DRTM

Added Event Log driver support for DRTM. This driver
is responsible for the doing the hash measurement of
various DRTM components as per [1], and pu

feat(drtm): add Event Log driver support for DRTM

Added Event Log driver support for DRTM. This driver
is responsible for the doing the hash measurement of
various DRTM components as per [1], and putting these
measurements in the Event Log buffer.

[1]: https://developer.arm.com/documentation/den0113/a, section 3.16

Change-Id: I9892c313cf6640b82e261738116fe00f7975ee12
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(fvp): add crypto support in BL31

DRTM implementation needs crypto support in BL31 to calculate
hash of various DRTM components

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change

feat(fvp): add crypto support in BL31

DRTM implementation needs crypto support in BL31 to calculate
hash of various DRTM components

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I659ce8e54550946db253d23f150cca8b2fa7b880

show more ...

feat(ethos-n)!: add support for SMMU streams

The Arm(R) Ethos(TM)-N NPU driver now supports configuring the SMMU
streams that the NPU shall use and will therefore no longer delegate
access to these

feat(ethos-n)!: add support for SMMU streams

The Arm(R) Ethos(TM)-N NPU driver now supports configuring the SMMU
streams that the NPU shall use and will therefore no longer delegate
access to these registers to the non-secure world. In order for the
driver to support this, the device tree parsing has been updated to
support parsing the allocators used by the NPU and what SMMU stream that
is associated with each allocator.

To keep track of what NPU device each allocator is associated with, the
resulting config from the device tree parsing will now group the NPU
cores and allocators into their respective NPU device.

The SMC API has been changed to allow the caller to specify what
allocator the NPU shall be configured to use and the API version has
been bumped to indicate this change.

Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I6ac43819133138614e3f55a014e93466fe3d5277

show more ...

Merge "feat(arm): forbid running RME-enlightened BL31 from DRAM" into integration

feat(arm): forbid running RME-enlightened BL31 from DRAM

According to Arm CCA security model [1],

"Root world firmware, including Monitor, is the most trusted CCA
component on application PE. It en

feat(arm): forbid running RME-enlightened BL31 from DRAM

According to Arm CCA security model [1],

"Root world firmware, including Monitor, is the most trusted CCA
component on application PE. It enforces CCA security guarantees for
not just Realm world, but also for Secure world and for itself.

It is expected to be small enough to feasibly fit in on-chip memory,
and typically needs to be available early in the boot process when
only on-chip memory is available."

For these reasons, it is expected that "monitor code executes entirely
from on-chip memory."

This precludes usage of ARM_BL31_IN_DRAM for RME-enlightened firmware.

[1] Arm DEN0096 A.a, section 7.3 "Use of external memory by CCA".

Change-Id: I752eb45f1e6ffddc7a6f53aadcc92a3e71c1759f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Merge changes from topic "mb_hash" into integration

* changes:
refactor(imx): update config of mbedtls support
refactor(qemu): update configuring mbedtls support
refactor(measured-boot): mb al

Merge changes from topic "mb_hash" into integration

* changes:
refactor(imx): update config of mbedtls support
refactor(qemu): update configuring mbedtls support
refactor(measured-boot): mb algorithm selection

show more ...

Merge changes from topic "lw/cca_cot" into integration

* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build

Merge changes from topic "lw/cca_cot" into integration

* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build(tbbr): drive cert_create changes for cca CoT
refactor(arm): add cca CoT certificates to fconf
feat(fiptool): add cca, core_swd, plat cert in FIP
feat(cert_create): define the cca chain of trust
feat(cca): introduce new "cca" chain of trust
build(changelog): add new scope for CCA
refactor(fvp): increase bl2 size when bl31 in DRAM

show more ...

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algori

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:

- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.

- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.

- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I4ddf06ebdc3835beb4d1b6c7bab5a257ffc5c71a

show more ...