Merge changes from topic "lw/cca_cot" into integration

* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build

Merge changes from topic "lw/cca_cot" into integration

* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build(tbbr): drive cert_create changes for cca CoT
refactor(arm): add cca CoT certificates to fconf
feat(fiptool): add cca, core_swd, plat cert in FIP
feat(cert_create): define the cca chain of trust
feat(cca): introduce new "cca" chain of trust
build(changelog): add new scope for CCA
refactor(fvp): increase bl2 size when bl31 in DRAM

show more ...

feat(plat/arm/sgi): increase memory reserved for bl31 image

Increase the size of bl31 image by 52K to accomodate increased size of
xlat table.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>

feat(plat/arm/sgi): increase memory reserved for bl31 image

Increase the size of bl31 image by 52K to accomodate increased size of
xlat table.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: Ic3a8d8be1104adf48d22aa829e2197f710b6b666

show more ...

feat(plat/arm/sgi): read isolated cpu mpid list from sds

Add support to read the list of isolated CPUs from SDS and publish this
list via the non-trusted firmware configuration file for the next sta

feat(plat/arm/sgi): read isolated cpu mpid list from sds

Add support to read the list of isolated CPUs from SDS and publish this
list via the non-trusted firmware configuration file for the next stages
of boot software to use.

Isolated CPUs are those that are not to be used on the platform for
various reasons. The isolated CPU list is an array of MPID values of the
CPUs that have to be isolated.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I4313cf025f4c9e9feffebca2d35b259f5bafce69

show more ...

feat(board/rdn2): add a new 'isolated-cpu-list' property

Add a new property named 'isolated-cpu-list' to list the CPUs that are
to be isolated and not used by the platform. The data represented by
t

feat(board/rdn2): add a new 'isolated-cpu-list' property

Add a new property named 'isolated-cpu-list' to list the CPUs that are
to be isolated and not used by the platform. The data represented by
this property is formatted as below.

strutct isolated_cpu_mpid_list {
uint64_t count;
uint64_t mpid_list[MAX Number of PE];
}

Also, the property is pre-initialized to 0 to reserve space for the
property in the dtb. The data for this property is read from SDS and
updated during boot. The number of entries in this list is equal to the
maximum number of PEs present on the platform.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I4119f899a273ccbf8259e0d711d3a25501c7ec64

show more ...

feat(spm): add tpm event log node to spmc manifest

Add the TPM event log node to the SPMC manifest such that the TF-A
measured boot infrastructure fills the properties with event log address
for com

feat(spm): add tpm event log node to spmc manifest

Add the TPM event log node to the SPMC manifest such that the TF-A
measured boot infrastructure fills the properties with event log address
for components measured by BL2 at boot time.
For a SPMC there is a particular interest with SP measurements.
In the particular case of Hafnium SPMC, the tpm event log node is not
yet consumed, but the intent is later to pass this information to an
attestation SP.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ic30b553d979532c5dad9ed6d419367595be5485e

show more ...

feat(sgi): add page table translation entry for secure uart

Add page table translation entry for secure uart so that logs from
secure partition can be routed via the same.

Signed-off-by: Rohit Math

feat(sgi): add page table translation entry for secure uart

Add page table translation entry for secure uart so that logs from
secure partition can be routed via the same.

Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I3416d114bcee13824a7d0861ee54fb799e154897

show more ...

feat(sgi): route TF-A logs via secure uart

Route the boot, runtime and crash stage logs via secure UART port
instead of the existing use of non-secure UART. This aligns with the
security state the P

feat(sgi): route TF-A logs via secure uart

Route the boot, runtime and crash stage logs via secure UART port
instead of the existing use of non-secure UART. This aligns with the
security state the PE is in when logs are put out. In addition to this,
this allows consolidation of the UART related macros across all the
variants of the Neoverse reference design platforms.

Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I417f5d16457b602c94da4c74b4d88bba03da7462

show more ...

feat(sgi): deviate from arm css common uart related definitions

The Neoverse reference design platforms will migrate to use different
set of secure and non-secure UART ports. This implies that the b

feat(sgi): deviate from arm css common uart related definitions

The Neoverse reference design platforms will migrate to use different
set of secure and non-secure UART ports. This implies that the board
specific macros defined in the common Arm platform code will no longer
be usable for Neoverse reference design platforms.

In preparation for migrating to a different set of UART ports, add a
Neoverse reference design platform specific copy of the board
definitions. The value of these definitions will be changed in
subsequent patches.

Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I1ab17a3f02c8180b63be24e9266f7129beee819f

show more ...

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algori

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:

- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.

- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.

- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I4ddf06ebdc3835beb4d1b6c7bab5a257ffc5c71a

show more ...

feat(arm): retrieve the right ROTPK for cca

The cca chain of trust involves 3 root-of-trust public keys:
- The CCA components ROTPK.
- The platform owner ROTPK (PROTPK).
- The secure world ROTPK (SW

feat(arm): retrieve the right ROTPK for cca

The cca chain of trust involves 3 root-of-trust public keys:
- The CCA components ROTPK.
- The platform owner ROTPK (PROTPK).
- The secure world ROTPK (SWD_ROTPK).

Use the cookie argument as a key ID for plat_get_rotpk_info() to return
the appropriate one.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ieaae5b0bc4384dd12d0b616596596b031179044a

show more ...

feat(arm): add support for cca CoT

- Use the development PROTPK and SWD_ROTPK if using cca CoT.

- Define a cca CoT build flag for the platform code to provide
different implementations where needed

feat(arm): add support for cca CoT

- Use the development PROTPK and SWD_ROTPK if using cca CoT.

- Define a cca CoT build flag for the platform code to provide
different implementations where needed.

- When ENABLE_RME=1, CCA CoT is selected by default on Arm
platforms if no specific CoT is specified by the user.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I70ae6382334a58d3c726b89c7961663eb8571a64

show more ...

feat(arm): provide some swd rotpk files

When using the new cca chain of trust, a new root of trust key is needed
to authenticate the images belonging to the secure world. Provide a
development one t

feat(arm): provide some swd rotpk files

When using the new cca chain of trust, a new root of trust key is needed
to authenticate the images belonging to the secure world. Provide a
development one to deploy this on Arm platforms.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I9ea7bc1c15c0c94c1021d879a839cef40ba397e3

show more ...

refactor(arm): add cca CoT certificates to fconf

Adding support in fconf for the cca CoT certificates for cca, core_swd,
and plat key.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

refactor(arm): add cca CoT certificates to fconf

Adding support in fconf for the cca CoT certificates for cca, core_swd,
and plat key.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I8019cbcb7ccd4de6da624aebf3611b429fb53f96

show more ...

refactor(fvp): increase bl2 size when bl31 in DRAM

Increase the space for BL2 by 0xC000 to accommodate the increase in size
of BL2 when ARM_BL31_IN_DRAM is set.

Signed-off-by: Lauren Wehrmeister <l

refactor(fvp): increase bl2 size when bl31 in DRAM

Increase the space for BL2 by 0xC000 to accommodate the increase in size
of BL2 when ARM_BL31_IN_DRAM is set.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ifc99da51f2de3c152bbed1c8269dcc8b9100797a

show more ...

fix(measured-boot): add SP entries to event_log_metadata

Add SP entries to event_log_metadata if SPD_spmd is enabled. Otherwise
the platform cannot boot with measured boot enabled.

Signed-off-by: I

fix(measured-boot): add SP entries to event_log_metadata

Add SP entries to event_log_metadata if SPD_spmd is enabled. Otherwise
the platform cannot boot with measured boot enabled.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I525eb50e7bb60796b63a8c7f81962983017bbf87

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(fvp): add plat hook for memory transactions
feat(spmc): enable handling of the NS bit
feat(spmc): add support for v1.1

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(fvp): add plat hook for memory transactions
feat(spmc): enable handling of the NS bit
feat(spmc): add support for v1.1 FF-A memory data structures
feat(spmc/mem): prevent duplicated sharing of memory regions
feat(spmc/mem): support multiple endpoints in memory transactions
feat(spmc): add support for v1.1 FF-A boot protocol
feat(plat/fvp): introduce accessor function to obtain datastore
feat(spmc/mem): add FF-A memory management code

show more ...

feat(fvp): add plat hook for memory transactions

Add call to platform hooks upon successful transmission of a
memory transaction request and as part of a memory reclaim request.
This allows for plat

feat(fvp): add plat hook for memory transactions

Add call to platform hooks upon successful transmission of a
memory transaction request and as part of a memory reclaim request.
This allows for platform specific functionality to be performed
accordingly.

Note the hooks must be placed in the initial share request and final
reclaim to prevent order dependencies with operations that may take
place in the normal world without visibility of the SPMC.

Add a dummy implementation to the FVP platform.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0c7441a9fdf953c4db0651512e5e2cdbc6656c79

show more ...

feat(plat/fvp): introduce accessor function to obtain datastore

In order to provide the EL3 SPMC a sufficient datastore to
record memory descriptors, a accessor function is used.
This allows for the

feat(plat/fvp): introduce accessor function to obtain datastore

In order to provide the EL3 SPMC a sufficient datastore to
record memory descriptors, a accessor function is used.
This allows for the backing memory to be allocated in a
platform defined manner, to accommodate memory constraints
and desired use cases.

Provide an implementation for the Arm FVP platform to
use a default value of 512KB memory allocated in the
TZC RAM section.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I92bc55ba6e04bdad429eb52f0d2960ceda682804

show more ...

Merge changes I2fcf13b7,I153ccb43 into integration

* changes:
feat(n1sdp): add support for nt_fw_config
feat(n1sdp): enable trusted board boot on n1sdp

Merge changes from topic "ns/save_fpregs_context" into integration

* changes:
feat(sgi): enable fpregs context save and restore
feat(spm_mm): add support to save and restore fp regs

feat(n1sdp): add support for nt_fw_config

This patch adds support to load nt_fw_config with the information from
plat_info sds structure which is then passed from BL2 to BL33.

Signed-off-by: sahil

feat(n1sdp): add support for nt_fw_config

This patch adds support to load nt_fw_config with the information from
plat_info sds structure which is then passed from BL2 to BL33.

Signed-off-by: sahil <sahil@arm.com>
Change-Id: I2fcf13b7bf5ab042ef830157fd9cceedbdca617a

show more ...

feat(n1sdp): enable trusted board boot on n1sdp

Move from RESET_TO_BL31 boot to a TBBR style boot on N1sdp.

Signed-off-by: sahil <sahil@arm.com>
Change-Id: I153ccb43a4a013830973c7a183825d62b372c65e

feat(sgi): enable fpregs context save and restore

This is required to prevent Nwd context corruption during StMM
execution.

Standalone MM uses OpenSSL for secure boot, which uses FP registers for
f

feat(sgi): enable fpregs context save and restore

This is required to prevent Nwd context corruption during StMM
execution.

Standalone MM uses OpenSSL for secure boot, which uses FP registers for
floating point calculations.

Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I6ed11d4fa5d64c3089a24b66fd048a841c480792

show more ...

feat(plat/arm/fvp): enable RSS backend based measured boot

Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with

feat(plat/arm/fvp): enable RSS backend based measured boot

Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with success and hard-code data.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I7543e9033a7a21f1b836d911d8d9498c6e09b956

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): enable checking of execution ctx count
feat(spmc): enable parsing of UUID from SP Manifest
feat(spmc): add parti

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): enable checking of execution ctx count
feat(spmc): enable parsing of UUID from SP Manifest
feat(spmc): add partition mailbox structs
feat(plat/arm): allow BL32 specific defines to be used by SPMC_AT_EL3
feat(plat/fvp): add EL3 SPMC #defines
test(plat/fvp/lsp): add example logical partition
feat(spmc/lsp): add logical partition framework

show more ...