Merge changes from topic "hm/heap-info" into integration

* changes:
fix(handoff): remove XFERLIST_TB_FW_CONFIG
feat(arm): migrate heap info to fw handoff
feat(mbedtls): introduce crypto lib he

Merge changes from topic "hm/heap-info" into integration

* changes:
fix(handoff): remove XFERLIST_TB_FW_CONFIG
feat(arm): migrate heap info to fw handoff
feat(mbedtls): introduce crypto lib heap info struct
feat(handoff): add Mbed-TLS heap info entry tag
refactor(arm): refactor secure TL initialization
fix(handoff): fix message formatting of hex values
feat(handoff): add func to check and init a tl
fix(arm): resolve dangling comments around macros

show more ...

feat(arm): migrate heap info to fw handoff

Mbed-TLS requires platforms to allocate it a heap for it's own internal
usage. This heap is typically between shared by BL1 and BL2 to conserve
memory.The

feat(arm): migrate heap info to fw handoff

Mbed-TLS requires platforms to allocate it a heap for it's own internal
usage. This heap is typically between shared by BL1 and BL2 to conserve
memory.The base address and size of the heap are conveyed from BL1 to
BL2 through the config TB_FW_CONFIG.

This slightly awkward approach necessitates declaring a placeholder node
in the DTS. At runtime, this node is populated with the actual values of
the heap information. Instead, since this is dynamic information, and
simple to represent through C structures, transmit it to later stages
using the firmware handoff framework.

With this migration, remove references to TB_FW_CONFIG when firmware
handoff is enabled, as it is no longer needed. The setup code now relies
solely on TL structures to configure the TB firmware

Change-Id: Iff00dc742924a055b8bd304f15eec03ce3c6d1ef
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge changes from topic "lto-fixes" into integration

* changes:
fix(bl1): add missing `__RW_{START,END}__` symbols
fix(fvp): don't check MPIDRs with the power controller in BL1
fix(arm): only

Merge changes from topic "lto-fixes" into integration

* changes:
fix(bl1): add missing `__RW_{START,END}__` symbols
fix(fvp): don't check MPIDRs with the power controller in BL1
fix(arm): only expose `arm_bl2_dyn_cfg_init` to BL2
fix(cm): hide `cm_init_context_by_index` from BL1
fix(bl1): add missing spinlock dependency

show more ...

fix(arm): only expose `arm_bl2_dyn_cfg_init` to BL2

The `arm_bl2_dyn_cfg_init` function is intended exclusively for BL2 - it
should not be compiled for any other bootloader image. This change hides

fix(arm): only expose `arm_bl2_dyn_cfg_init` to BL2

The `arm_bl2_dyn_cfg_init` function is intended exclusively for BL2 - it
should not be compiled for any other bootloader image. This change hides
it for all but BL2.

Change-Id: I9fa95094dcc30f9fa4cc7bc5b3119ceae82df1ea
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge "refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3" into integration

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is runnin

refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3

BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).

BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.

Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>

show more ...

Merge changes from topic "mbedtls3_support" into integration

* changes:
feat(stm32mp1): add mbedtls-3.3 support config
refactor(fvp): minor cleanup with TRUSTED_BOARD_BOOT
style(crypto): add b

Merge changes from topic "mbedtls3_support" into integration

* changes:
feat(stm32mp1): add mbedtls-3.3 support config
refactor(fvp): minor cleanup with TRUSTED_BOARD_BOOT
style(crypto): add braces for if statement
feat(fvp): increase BL1_RW and BL2 size
feat(mbedtls): add support for mbedtls-3.3
refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options
refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE

show more ...

refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE

Currently we include MBEDTLS_CONFIG_FILE directly and if a custom
config file is used it will included.

However from mbedtls-3.x onwards it di

refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE

Currently we include MBEDTLS_CONFIG_FILE directly and if a custom
config file is used it will included.

However from mbedtls-3.x onwards it discourages usage of
MBEDTLS_CONFIG_FILE include directly, so to resolve this and keep 2.28
compatibility include version.h which would include the custom config
file if present and also would expose us with mbedtls-major-version
number which could be used for selecting features and functions for
mbedtls 2.28 or 3.3

Change-Id: I029992311be2a38b588ebbb350875b03ea29acdb
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache

Merge changes from topic "mb/drtm-preparatory-patches" into integration

* changes:
docs(drtm): steps to run DRTM implementation
docs(drtm): add platform APIs for DRTM
feat(drtm): flush dcache before DLME launch
feat(drtm): invalidate icache before DLME launch
feat(drtm): ensure that passed region lies within Non-Secure region of DRAM
feat(fvp): add plat API to validate that passed region is non-secure
feat(drtm): ensure that no SDEI event registered during dynamic launch
feat(drtm): prepare EL state during dynamic launch
feat(drtm): prepare DLME data for DLME launch
feat(drtm): take DRTM components measurements before DLME launch
feat(drtm): add a few DRTM DMA protection APIs
feat(drtm): add remediation driver support in DRTM
feat(fvp): add plat API to set and get the DRTM error
feat(drtm): add Event Log driver support for DRTM
feat(drtm): check drtm arguments during dynamic launch
feat(drtm): introduce drtm dynamic launch function
refactor(measured-boot): split out a few Event Log driver functions
feat(drtm): retrieve DRTM features
feat(drtm): add platform functions for DRTM
feat(sdei): add a function to return total number of events registered
feat(drtm): add PCR entries for DRTM
feat(drtm): update drtm setup function
refactor(crypto): change CRYPTO_SUPPORT flag to numeric
feat(mbedtls): update mbedTLS driver for DRTM support
feat(fvp): add crypto support in BL31
feat(crypto): update crypto module for DRTM support
build(changelog): add new scope for mbedTLS and Crypto module
feat(drtm): add standard DRTM service
build(changelog): add new scope for DRTM service
feat(fvp): increase MAX_XLAT_TABLES entries for DRTM support
feat(fvp): increase BL31's stack size for DRTM support
feat(fvp): add platform hooks for DRTM DMA protection

show more ...

feat(fvp): add crypto support in BL31

DRTM implementation needs crypto support in BL31 to calculate
hash of various DRTM components

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change

feat(fvp): add crypto support in BL31

DRTM implementation needs crypto support in BL31 to calculate
hash of various DRTM components

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I659ce8e54550946db253d23f150cca8b2fa7b880

show more ...

Merge "refactor(arm): add debug logs to show the reason behind skipping firmware config loading" into integration

refactor(arm): add debug logs to show the reason behind skipping firmware config loading

Added debug logs to show the reason behind skipping firmware
configuration loading, and also a few debug stri

refactor(arm): add debug logs to show the reason behind skipping firmware config loading

Added debug logs to show the reason behind skipping firmware
configuration loading, and also a few debug strings were corrected.
Additionally, a panic will be triggered if the configuration sanity
fails.

Change-Id: I6bbd67b72801e178a14cbe677a8831b25a907d0c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "refactor(arm): use MBEDTLS_CONFIG_FILE macro" into integration

refactor(arm): use MBEDTLS_CONFIG_FILE macro

Used MBEDTLS_CONFIG_FILE macro for including mbedTLS
configuration.

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I374b59a31df3a

refactor(arm): use MBEDTLS_CONFIG_FILE macro

Used MBEDTLS_CONFIG_FILE macro for including mbedTLS
configuration.

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I374b59a31df3ab1e69481b2c37a6f7455a106b6e

show more ...

Merge changes from topic "decouple-tb-mb" into integration

* changes:
refactor(renesas): disable CRYPTO_SUPPORT option
refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
refactor(me

Merge changes from topic "decouple-tb-mb" into integration

* changes:
refactor(renesas): disable CRYPTO_SUPPORT option
refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot
build: introduce CRYPTO_SUPPORT build option

show more ...

refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot

As Measured-Boot and Trusted-Boot are orthogonal, removed
Trusted-Boot's dependency on Measured-Boot by allowing them
to apply the Crypt

refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot

As Measured-Boot and Trusted-Boot are orthogonal, removed
Trusted-Boot's dependency on Measured-Boot by allowing them
to apply the Crypto module changes independently using the
CRYPTO_SUPPORT build flag.

Change-Id: I5a420e5d84f3fefe0c0092d822dab981e6390bbf
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG

Merge changes from topic "refactor-mb" into integration

* changes:
docs(measured boot): add measured boot platform functions
refactor(measured boot): make measurement strings compliant with SBSG
feat(plat/fvp): pass Event Log addr and size from BL1 to BL2
feat(measured_boot): update tb_fw_config with event log properties
feat(measured_boot): image hash measurement and recording in BL1
refactor(measured boot): remove platform calls from Event Log driver
refactor(measured_boot): remove passing of BL2 hash via device tree
refactor(measured boot): move BL2 measurement to platform layer
refactor(measured boot): rename add_event2()
refactor(measured boot): move image measurement to generic layer
build(measured boot): rename measured boot makefile
feat(measured boot): move init and teardown functions to platform layer
refactor(measured boot): rename tpm_record_measurement()

show more ...

refactor(measured_boot): remove passing of BL2 hash via device tree

Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to ado

refactor(measured_boot): remove passing of BL2 hash via device tree

Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.

Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "plat/arm: move compile time switch from source to dt file" into integration

plat/arm: move compile time switch from source to dt file

This will help in keeping source file generic and conditional
compilation can be contained in platform provided dt files.

Signed-off-by: Ma

plat/arm: move compile time switch from source to dt file

This will help in keeping source file generic and conditional
compilation can be contained in platform provided dt files.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I3c6e0a429073f0afb412b9ba521ce43f880b57fe

show more ...

Merge changes from topic "tf-cleanup" into integration

* changes:
plat/arm: Move fconf population after the enablement of MMU
lib/fconf: Update 'set_fw_config_info' function
lib/fconf: Update

Merge changes from topic "tf-cleanup" into integration

* changes:
plat/arm: Move fconf population after the enablement of MMU
lib/fconf: Update 'set_fw_config_info' function
lib/fconf: Update data type of config max size
plat/arm: Check the need for firmware update only once
plat/arm: sgm: Use consistent name for tb fw config node

show more ...

lib/fconf: Update data type of config max size

Update the data type of the member 'config_max_size' present in the
structure 'dyn_cfg_dtb_info_t' to uint32_t.

This change is being done so that dyn_

lib/fconf: Update data type of config max size

Update the data type of the member 'config_max_size' present in the
structure 'dyn_cfg_dtb_info_t' to uint32_t.

This change is being done so that dyn_cfg_dtb_info_t and image_info
structure should use same data type for maximum size.

Change-Id: I9b5927a47eb8351bbf3664b8b1e047ae1ae5a260
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topics "af/add_measured_boot_bl1_bl2", "af/add_measured_boot_driver", "af/add_measured_boot_driver_support", "af/add_measured_boot_fconf", "af/add_measured_boot_fvp" into integrati

Merge changes from topics "af/add_measured_boot_bl1_bl2", "af/add_measured_boot_driver", "af/add_measured_boot_driver_support", "af/add_measured_boot_fconf", "af/add_measured_boot_fvp" into integration

* changes:
plat/arm/board/fvp: Add support for Measured Boot
TF-A: Add support for Measured Boot driver to FCONF
TF-A: Add support for Measured Boot driver in BL1 and BL2
TF-A: Add Event Log for Measured Boot
TF-A: Add support for Measured Boot driver

show more ...

TF-A: Add support for Measured Boot driver

This patch adds support for Measured Boot driver functionality
in common Arm platform code.

Change-Id: If049dcf8d847c39023b77c0d805a8cf5b8bcaa3e
Signed-of

TF-A: Add support for Measured Boot driver

This patch adds support for Measured Boot driver functionality
in common Arm platform code.

Change-Id: If049dcf8d847c39023b77c0d805a8cf5b8bcaa3e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge "plat/arm: Add assert for the valid address of dtb information" into integration