Merge changes I7bd311d7,Iea7dcfe3,I9d890934 into integration

* changes:
refactor(allwinner): use fdt_node_is_enabled() in AXP driver
fix(allwinner): check RSB availability in DT on H6
refactor

Merge changes I7bd311d7,Iea7dcfe3,I9d890934 into integration

* changes:
refactor(allwinner): use fdt_node_is_enabled() in AXP driver
fix(allwinner): check RSB availability in DT on H6
refactor(fdt): introduce common fdt_node_is_enabled()

show more ...

feat(fvp): update device tree with load addresses of TOS_FW config

Provided both the root and secure addresses for TOS_FW config
in case of RME enabled systems where root address is in Root
SRAM and

feat(fvp): update device tree with load addresses of TOS_FW config

Provided both the root and secure addresses for TOS_FW config
in case of RME enabled systems where root address is in Root
SRAM and secure address is in Trusted DRAM.

Non-RME systems are unaffected by this change.

Change-Id: Ifb927c90fa5a68fe5362980858b4ddc5403ac95b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

refactor(fvp): rename the DTB info structure member

In line with the previous patch, the name of the member of the
hw_config DTB info structure has been renamed.

Change-Id: I6689e416fecd66faa515e82

refactor(fvp): rename the DTB info structure member

In line with the previous patch, the name of the member of the
hw_config DTB info structure has been renamed.

Change-Id: I6689e416fecd66faa515e820f1c4b23bcb65bfb1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

refactor(fiptool): move plat_fiptool.mk to tools

Move all plat_fiptool.mks into tools, change the logic to recursively
check for tools/fiptool/plat_fiptool/<plat_path>/plat_fiptool.mk

I.e. for a pl

refactor(fiptool): move plat_fiptool.mk to tools

Move all plat_fiptool.mks into tools, change the logic to recursively
check for tools/fiptool/plat_fiptool/<plat_path>/plat_fiptool.mk

I.e. for a platform that has the path "plat/arm/board/tc/platform.mk",
the makefile will now load the first existing file from:
- tools/fiptool/plat_fiptool/arm/board/tc/plat_fiptool.mk
- tools/fiptool/plat_fiptool/arm/board/plat_fiptool.mk
- tools/fiptool/plat_fiptool/arm/plat_fiptool.mk

This enables fiptool to support multiple platforms, or a specific one.

Remove file-copying previously being used to handle old default path.
Remove custom file cleaning in plat_fiptool.mk.

Change-Id: I95245bcf7143b329481d4394ab64f29bfe9de5ab
Signed-off-by: Raef Coles <raef.coles@arm.com>

show more ...

refactor(fdt): introduce common fdt_node_is_enabled()

There are several users in the tree which want to check whether a given
FDT node is enabled or not: the "status" property holds that
information

refactor(fdt): introduce common fdt_node_is_enabled()

There are several users in the tree which want to check whether a given
FDT node is enabled or not: the "status" property holds that
information. So far all those users provide private implementations,
some of them having issues.

Export a generic implementation of that function in fdt_wrappers.h, as
a "static inline" function to not increase code size.
Also replace the existing implementation in Arm's fconf code, which had
a tiny bug in needlessly using the property length:
"status = [6f 6b 61 79 20];" would pass the check, where it should not.
The proper solution is also simpler: status must be a string, and
strings must be NUL-terminated in a DT. strcmp() would terminate on the
first NUL in *either* of the two strings it compares, so it would never
walk beyond the property boundary in the DTB.

Change-Id: I9d89093432f127c09add6cf5c93a725bc534e5de
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge changes I1b092bc1,Ifc2461b4,I5176caa5 into integration

* changes:
docs(rme): update RMM-EL3 Boot Manifest structure description
feat(rme): read DRAM information from FVP DTB
feat(rme): s

Merge changes I1b092bc1,Ifc2461b4,I5176caa5 into integration

* changes:
docs(rme): update RMM-EL3 Boot Manifest structure description
feat(rme): read DRAM information from FVP DTB
feat(rme): set DRAM information in Boot Manifest platform data

show more ...

feat(rme): read DRAM information from FVP DTB

This patch builds on the previous patch by implementing
support for reading NS DRAM layout of FVP model from
HW_CONFIG Device tree.

Macro _RMMD_MANIFES

feat(rme): read DRAM information from FVP DTB

This patch builds on the previous patch by implementing
support for reading NS DRAM layout of FVP model from
HW_CONFIG Device tree.

Macro _RMMD_MANIFEST_VERSION is renamed to
SET_RMMD_MANIFEST_VERSION to suppress MISRA-C
"rule MC3R1.D4.5: (advisory) Identifiers in
the same name space with overlapping visibility
should be typographically unambiguous" warning

Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: Ifc2461b4441a1efdd4b7c656ab4d15e62479f77b

show more ...

feat(morello): add support for HW_CONFIG

This patch add support to load HW_CONFIG in BL2 and pass it to
bootloader stages BL31 and BL33.

Signed-off-by: Patrik Berglund <patrik.berglund@arm.com>
Cha

feat(morello): add support for HW_CONFIG

This patch add support to load HW_CONFIG in BL2 and pass it to
bootloader stages BL31 and BL33.

Signed-off-by: Patrik Berglund <patrik.berglund@arm.com>
Change-Id: I646fabed83dbca5322a59a399de5194cfef474ad

show more ...

Merge "feat(rss): add TC platform UUIDs for RSS images" into integration

Merge changes from topic "feat_state_rework" into integration

* changes:
feat(fvp): enable FEAT_HCX by default
refactor(context-mgmt): move FEAT_HCX save/restore into C
refactor(cpufeat): conv

Merge changes from topic "feat_state_rework" into integration

* changes:
feat(fvp): enable FEAT_HCX by default
refactor(context-mgmt): move FEAT_HCX save/restore into C
refactor(cpufeat): convert FEAT_HCX to new scheme
feat(fvp): enable FEAT_FGT by default
refactor(context-mgmt): move FEAT_FGT save/restore code into C
refactor(amu): convert FEAT_AMUv1 to new scheme
refactor(cpufeat): decouple FGT feature detection and build flags
refactor(cpufeat): check FEAT_FGT in a new way
refactor(cpufeat): move helpers into .c file, rename FEAT_STATE_
feat(aarch64): make ID system register reads non-volatile

show more ...

fix(plat/css): fix invalid redistributor poweroff

Commit 4d8c18196378824e388cf31ef991ba8fbbb09cbf
introduced an invalid redistributor power off
where we turn off the redistributor without
checking i

fix(plat/css): fix invalid redistributor poweroff

Commit 4d8c18196378824e388cf31ef991ba8fbbb09cbf
introduced an invalid redistributor power off
where we turn off the redistributor without
checking if the system power domain level is
turning off, otherwise we can turn off a
redistributor when other cores or clusters are
sharing it, also if it does indeed needs
powering off during suspend we do it twice.
This change fixes this by checking on the
system power state first then turning off
the redistributor.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Change-Id: Id202bc2316ab7c516298fa33ea089ae2e221a933

show more ...

feat(rme): set DRAM information in Boot Manifest platform data

This patch adds support for setting configuration of DRAM banks
for FVP model in RMM-EL3 Boot Manifest structure.
Structure 'rmm_manife

feat(rme): set DRAM information in Boot Manifest platform data

This patch adds support for setting configuration of DRAM banks
for FVP model in RMM-EL3 Boot Manifest structure.
Structure 'rmm_manifest' is extended with 'plat_dram' structure
which contains information about platform's DRAM layout:
- number of DRAM banks;
- pointer to 'dram_bank[]' array;
- check sum: two's complement 64-bit value of the sum of
data in 'plat_dram' and 'dram_bank[] array.
Each 'dram_bank' structure holds information about DRAM
bank base address and its size. This values must be aligned
to 4KB page size.
The patch increases Boot Manifest minor version to 2 and
removes 'typedef rmm_manifest_t' as per
"3.4.15.1. Avoid anonymous typedefs of structs/enums in headers" of
https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-style.html

Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I5176caa5780e27d1e0daeb5dea3e40cf6ad5fd12

show more ...

feat(rdn2): add platform id value for rdn2 variant 3

The RD-N2-Cfg3 platform is a variant of the RD-N2 platform with the
significant difference being the number of ITS blocks and the use of a
differ

feat(rdn2): add platform id value for rdn2 variant 3

The RD-N2-Cfg3 platform is a variant of the RD-N2 platform with the
significant difference being the number of ITS blocks and the use of a
different part number.

Signed-off-by: Tony K Nadackal <tony.nadackal@arm.com>
Change-Id: Id4c5faeae44f21da79cb59540558192d0b02b124

show more ...

refactor(rdn2): reduce use of CSS_SGI_PLATFORM_VARIANT build flag

The core count is one of the significant difference between the various
RD-N2 platform variants. The PLAT_ARM_CLUSTER_COUNT macro de

refactor(rdn2): reduce use of CSS_SGI_PLATFORM_VARIANT build flag

The core count is one of the significant difference between the various
RD-N2 platform variants. The PLAT_ARM_CLUSTER_COUNT macro defines the
number of core/cluster for a variant. In preparation to add another
variant of RD-N2 platform, replace the use of CSS_SGI_PLATFORM_VARIANT
build flag, where applicable, with the PLAT_ARM_CLUSTER_COUNT macro.
This helps to reduce the changes required to add support for a new
variant.

Signed-off-by: Tony K Nadackal <tony.nadackal@arm.com>
Change-Id: I89b168308d1b5f7edd402205dd25d6c3a355e100

show more ...

feat(fvp): enable FEAT_HCX by default

FEAT_HCX is one of the features for which Linux necessarily requires EL3
enablement, when the feature is present on a PE.

To cover the effect of different FVP

feat(fvp): enable FEAT_HCX by default

FEAT_HCX is one of the features for which Linux necessarily requires EL3
enablement, when the feature is present on a PE.

To cover the effect of different FVP command line parameters, include
the feature into the standard FVP build, but use FEAT_STATE_CHECK, to
always do runtime checks before accessing feature specific registers.

This prevents a Linux crash when the FVP is called with FEAT_HCX
enabled.

Change-Id: I01aaed15c5a6850176d092b2f0157744fe0a9e13
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

feat(fvp): enable FEAT_FGT by default

FEAT_FGT is one of the features for which Linux necessarily requires EL3
enablement, when the feature is present on a PE.

To cover the effect of different FVP

feat(fvp): enable FEAT_FGT by default

FEAT_FGT is one of the features for which Linux necessarily requires EL3
enablement, when the feature is present on a PE.

To cover the effect of different FVP command line parameters, include
the feature into the standard FVP build, but use FEAT_STATE_CHECK, to
always do runtime checks before accessing feature specific registers.

This prevents a Linux crash when the FVP is called with FEAT_FGT
enabled.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I55fbb2706aefbc3ab67c476e3f8b6ea74ae0d66c

show more ...

feat(rss): add TC platform UUIDs for RSS images

Add platform fiptool and UUIDs to the TC platform, to allow RSS images
to be inserted into and used from FIPs

Change-Id: Ic8e11bd4a766bdc616af7dee60d

feat(rss): add TC platform UUIDs for RSS images

Add platform fiptool and UUIDs to the TC platform, to allow RSS images
to be inserted into and used from FIPs

Change-Id: Ic8e11bd4a766bdc616af7dee60d44fc5d1f6e7b6
Signed-off-by: Raef Coles <raef.coles@arm.com>

show more ...

Merge "fix(plat/tc): increase TC_TZC_DRAM1_SIZE" into integration

fix(plat/tc): increase TC_TZC_DRAM1_SIZE

Increase TC_TZC_DRAM1_SIZE for Trusty image and its memory size.
Update OP-TEE reserved memory range in DTS

Change-Id: Iad433c3c155f28860b15bde2398df6534871

fix(plat/tc): increase TC_TZC_DRAM1_SIZE

Increase TC_TZC_DRAM1_SIZE for Trusty image and its memory size.
Update OP-TEE reserved memory range in DTS

Change-Id: Iad433c3c155f28860b15bde2398df653487189dd
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>

show more ...

feat(fvp): emulate trapped RNDR

When a platform decides to use FEAT_RNG_TRAP, every RNDR or RNDRSS read
will trap into EL3. The platform can then emulate those instructions, by
either executing the

feat(fvp): emulate trapped RNDR

When a platform decides to use FEAT_RNG_TRAP, every RNDR or RNDRSS read
will trap into EL3. The platform can then emulate those instructions, by
either executing the real CPU instructions, potentially conditioning the
results, or use rate-limiting or filtering to protect the hardware
entropy pool. Another possiblitiy would be to use some platform specific
TRNG device to get entropy and returning this.

To demonstrate platform specific usage, add a demo implementation for the
FVP: It will execute the actual CPU instruction and just return the
result. This should serve as reference code to implement platform specific
policies.

We change the definition of read_rndr() and read_rndrrs() to use the
alternative sysreg encoding, so that all assemblers can handle that.

Add documentation about the new platform specific RNG handler function.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ibce817b3b06ad20129d15531b81402e3cc3e9a9e

show more ...

Merge "feat(tc): add delegated attest and measurement tests" into integration

fix(arm): arm_rotpk_header undefined reference

Moving ARM_ROTPK_S to default to arm_dev_rotpk.S as it was not being
set for Juno cryptocell and this should be the value in most cases.

Change-Id: I5

fix(arm): arm_rotpk_header undefined reference

Moving ARM_ROTPK_S to default to arm_dev_rotpk.S as it was not being
set for Juno cryptocell and this should be the value in most cases.

Change-Id: I56a5a4e61f1ca728b87322b0b09a0d73ed1d5ee0
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

show more ...

feat(tc): add delegated attest and measurement tests

This patch adds Delegated Attestation and Measured Boot tests to the
plat/arm/board/tc platform.
The test suite can be activated by adding the bu

feat(tc): add delegated attest and measurement tests

This patch adds Delegated Attestation and Measured Boot tests to the
plat/arm/board/tc platform.
The test suite can be activated by adding the build time option
`PLATFORM_TEST=1` to the make command. In this case the boot sequence is
not finished, plat_error_handler is called after the tests are run
(regardless of the test result.)

The actual test code is coming from the Trusted-Firmware-M project. Some
of the files of the tf-m-tests and tf-m-extras repo are linked to the
BL31 image.

Versions used for testing:
https://git.trustedfirmware.org/TF-M/tf-m-tests
614e8c358377e4146e8ee13d1246e59d01b4bf1b

https: //git.trustedfirmware.org/TF-M/tf-m-extras
3be9fdd557e6df449de93c2101973fb011699b3d

Change-Id: I98f0f5f760a39d2d7e0dd11d33663ddb75f0b6fc
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>

show more ...

Merge changes from topic "full_dev_rsa_key" into integration

* changes:
docs(arm): add ARM_ROTPK_LOCATION variant full key
feat(arm): add ARM_ROTPK_LOCATION variant full key

feat(arm): add ARM_ROTPK_LOCATION variant full key

Add support for ARM_ROTPK_LOCATION=devel_full_dev_rsa_key, which
implements the scenario where the platform provides the full ROTPK, as
opposed to

feat(arm): add ARM_ROTPK_LOCATION variant full key

Add support for ARM_ROTPK_LOCATION=devel_full_dev_rsa_key, which
implements the scenario where the platform provides the full ROTPK, as
opposed to the hash of it. This returns a 2kB development RSA key
embedded into the firmware.

The motivation for this patch is to extend our test coverage in the CI.
Right now, the authentication framework allows platforms to return
either the full ROTPK or a hash of it (*). However, the FVP platform
only supports returning a hash currently so we cannot easily exercise
the full key scenario. This patch adds that capability.

(*) Or even no key at all if it's not deployed on the platform yet, as
is typically the case on pre-production/developement platforms.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ie869cca1082410e63894e2b7dea2d31155684105

show more ...