Merge changes from topic "hm/evlog" into integration

* changes:
refactor(drtm): use crypto-agile measured boot
refactor(imx): use crypto-agile measured boot
refactor(qemu): use crypto-agile me

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(drtm): use crypto-agile measured boot
refactor(imx): use crypto-agile measured boot
refactor(qemu): use crypto-agile measured boot
refactor(juno): use crypto-agile measured boot
refactor(rpi3): use crypto-agile measured boot
refactor(fvp): use crypto-agile measured boot
feat(measured-boot): enable dynamic hash provisioning
feat: add TPM/TCG hashing helper to crypto module
chore: bump event log library

show more ...

refactor(rpi3): use crypto-agile measured boot

Adopt the crypto-agile measured boot API for RPi3. Replace the previous
single-algorithm hash configuration with dynamic algorithm selection.
Factor co

refactor(rpi3): use crypto-agile measured boot

Adopt the crypto-agile measured boot API for RPi3. Replace the previous
single-algorithm hash configuration with dynamic algorithm selection.
Factor common measurement logic into a shared helper, update BL1/BL2
integration, and ensure event log header generation and TPM extension
use the new multi-algorithm model.

Change-Id: Id700710ad2c893fc13614c81c01b8812e8edff7d
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge changes from topic "little-build-fixes" into integration

* changes:
fix(build): don't rely on Event Log build tree
fix(build): link Event Log library directly
fix(build): scan symbols un

Merge changes from topic "little-build-fixes" into integration

* changes:
fix(build): don't rely on Event Log build tree
fix(build): link Event Log library directly
fix(build): scan symbols until all are resolved
fix(build): add include directory dependencies

show more ...

Merge changes from topic "ck/tf-a/tpip-updates" into integration

* changes:
chore(compiler-rt): update compiler-rt to v21.1.4
chore(zlib): update zlib to v1.3.1
chore(libfdt): update libfdt to

Merge changes from topic "ck/tf-a/tpip-updates" into integration

* changes:
chore(compiler-rt): update compiler-rt to v21.1.4
chore(zlib): update zlib to v1.3.1
chore(libfdt): update libfdt to v1.7.2

show more ...

fix(build): link Event Log library directly

The `libraries` target is a `.PHONY` target to which various real
library targets, including the Event Log library, have been added over
the years. This t

fix(build): link Event Log library directly

The `libraries` target is a `.PHONY` target to which various real
library targets, including the Event Log library, have been added over
the years. This target is added as a dependency to any target created
with the `MAKE_BL` function. While this might look convenient on the
surface, it also dictates that a library must be linked even to images
it is totally irrelevant for.

The Event Log library is a good example of this; the library is not
typically used by all images, but by attaching itself to the `libraries`
target it becomes mandatory for all of them.

This change returns some of the control over when and where the Event
Log goes to platform maintainers via the introduction of two new
variables:

- `LIBEVLOG_LIBS`: the path to the Event Log static library.
- `LIBEVLOG_INCLUDE_DIRS`: include directories for the public API.

These can be appended to `BLx_LIBS` and `BLx_INCLUDE_DIRS` to include
the Event Log library in the relevant bootloaders.

Change-Id: I3e1a48cd45493334590b34b2ade0c6e29cbfd47a
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

chore(libfdt): update libfdt to v1.7.2

Where previously we cherry-picked individual sources from the libfdt
project tree, this change instead integrates the entire project tree
into the TF-A reposit

chore(libfdt): update libfdt to v1.7.2

Where previously we cherry-picked individual sources from the libfdt
project tree, this change instead integrates the entire project tree
into the TF-A repository. Doing so reduces the manual overhead of
updating libfdt in the future, as we avoid the need to analyse
individual source-level dependencies.

libfdt, conveniently, also provides a Makefile designed to ease its
integration into foreign build systems (like TF-A's), which we also make
use of in this change.

Source: https://git.kernel.org/pub/scm/utils/dtc/dtc.git/tree/?h=v1.7.2
Change-Id: I8babcfd27019fdd6d255d550491e1bb733745f27
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge changes from topic "psa_key_id_mgmt" into integration

* changes:
feat(auth): extend REGISTER_CRYPTO_LIB calls
feat(bl): adding psa crypto - crypto_mod_finish()
feat(fvp): increase BL1 RW

Merge changes from topic "psa_key_id_mgmt" into integration

* changes:
feat(auth): extend REGISTER_CRYPTO_LIB calls
feat(bl): adding psa crypto - crypto_mod_finish()
feat(fvp): increase BL1 RW for PSA Crypto
feat(auth): mbedtls psa key id mgmt
feat(auth): add crypto_mod_finish() function
feat(auth): add update of current_pk_oid in auth
feat(auth): add util file for current pk_oid
feat(auth): increase mbedtls heap for PSA RSA
feat(auth): introducing auth.mk

show more ...

feat(auth): introducing auth.mk

Introducing authentication specific makefile auth.mk to include common
auth source files.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I

feat(auth): introducing auth.mk

Introducing authentication specific makefile auth.mk to include common
auth source files.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ifb07c48861fe415d82cb7390c3a5f6e60ba699d9

show more ...

Merge changes from topic "dtpm_poc" into integration

* changes:
feat(docs): update mboot threat model with dTPM
docs(tpm): add design documentation for dTPM
fix(rpi3): expose BL1_RW to BL2 ma

Merge changes from topic "dtpm_poc" into integration

* changes:
feat(docs): update mboot threat model with dTPM
docs(tpm): add design documentation for dTPM
fix(rpi3): expose BL1_RW to BL2 map for mboot
feat(rpi3): add dTPM backed measured boot
feat(tpm): add Infineon SLB9670 GPIO SPI config
feat(tpm): add tpm drivers and framework
feat(io): add generic gpio spi bit-bang driver
feat(rpi3): implement eventlog handoff to BL33
feat(rpi3): implement mboot for rpi3

show more ...

feat(rpi3): add dTPM backed measured boot

In BL1 and BL2 add support for the use of an Infineon Optiga SLB 9670
TPM2.0.
The platform utilizes the gpio_spi.c driver to bit-bang gpio pins in
order to

feat(rpi3): add dTPM backed measured boot

In BL1 and BL2 add support for the use of an Infineon Optiga SLB 9670
TPM2.0.
The platform utilizes the gpio_spi.c driver to bit-bang gpio pins in
order to send commands and receive responses to/from the TPM.
In BL1 & BL2:
-utilize TPM commands to initialize the gpio pins for "spi"
communication, and extend image hashes to the TPM's PCR 0,
at the end of the measured boot phase for the bootloader,
the TPM locality is released.
-Bl1 executes a tpm_startup command in order to flush the TPM.

Change-Id: I2f2fa28f60a262a0aa25a674c72a9904b3cf4d8a
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

feat(rpi3): implement eventlog handoff to BL33

At the end of BL2 measured boot, write the address
and size of the TCG Event Log to NT_FW_CONFIG so
that the log can be consumed later by BL33.
-add dy

feat(rpi3): implement eventlog handoff to BL33

At the end of BL2 measured boot, write the address
and size of the TCG Event Log to NT_FW_CONFIG so
that the log can be consumed later by BL33.
-add dynamic configuration helpers for the fdt
-write the eventlog address and size to the fdt

Change-Id: I099dd9cc96d740ae13cb8b8e8c6b9f2e6c02accc
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

feat(rpi3): implement mboot for rpi3

Add Measured Boot support using the Event Log backend for the rpi3
platform.
-Implement measured boot infrastructure in BL1 & BL2, including
the init, measure i

feat(rpi3): implement mboot for rpi3

Add Measured Boot support using the Event Log backend for the rpi3
platform.
-Implement measured boot infrastructure in BL1 & BL2, including
the init, measure image, and finish phases.
-Pass the eventlog addr and size from BL1 to BL2 using the
image entry point args.
-dump the eventlog after measuring BL2, and after all images are
measured in BL2.

Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: I7c040c4a2d001a933fefb0b16f0fdf2a43a11be9

show more ...

Merge "fix(build): ensure `$(ROT_KEY)` depends on correct directory rules" into integration

fix(build): ensure `$(ROT_KEY)` depends on correct directory rules

In order for directories to be automatically created when used as a
dependency, they must end with a forward slash (`/`). This is b

fix(build): ensure `$(ROT_KEY)` depends on correct directory rules

In order for directories to be automatically created when used as a
dependency, they must end with a forward slash (`/`). This is because we
have a pattern rule (`%/`) to create a directory anywhere where a
directory is required as a direct dependency.

Change-Id: Ib632d59da0745f6cadb0a839a62360aeca25c178
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge "fix(rpi3): manually populate CNTFRQ reg" into integration

fix(rpi3): manually populate CNTFRQ reg

The rpi3 does not initialize the generic timer in BL1, which is now
required to use the delay timer in the dTPM driver. This change sets the
counter frequency

fix(rpi3): manually populate CNTFRQ reg

The rpi3 does not initialize the generic timer in BL1, which is now
required to use the delay timer in the dTPM driver. This change sets the
counter frequency register (CNTFRQ) with the rpi3's system counter
frequency value, as a prerequisite for timer initialization, and then
initializes the generic timer all during BL1 setup.

Change-Id: I4e2475b63ce4a97653202f94f506b5d3edc4c1a7
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

Merge changes from topic "ck/tf-a/verbosity-cleanup" into integration

* changes:
build: unify verbosity handling
build: add facilities for interpreting boolean values
build: add string casing

Merge changes from topic "ck/tf-a/verbosity-cleanup" into integration

* changes:
build: unify verbosity handling
build: add facilities for interpreting boolean values
build: add string casing facilities to utilities

show more ...

build: unify verbosity handling

This change introduces a few helper variables for dealing with verbose
and silent build modes: `silent`, `verbose`, `q` and `s`.

The `silent` and `verbose` variables

build: unify verbosity handling

This change introduces a few helper variables for dealing with verbose
and silent build modes: `silent`, `verbose`, `q` and `s`.

The `silent` and `verbose` variables are boolean values determining
whether the build system has been configured to run silently or
verbosely respectively (i.e. with `--silent` or `V=1`).

These two modes cannot be used together - if `silent` is truthy then
`verbose` is always falsy. As such:

make --silent V=1

... results in a silent build.

In addition to these boolean variables, we also introduce two new
variables - `s` and `q` - for use in rule recipes to conditionally
suppress the output of commands.

When building silently, `s` expands to a value which disables the
command that follows, and `q` expands to a value which supppresses
echoing of the command:

$(s)echo 'This command is neither echoed nor executed'
$(q)echo 'This command is executed but not echoed'

When building verbosely, `s` expands to a value which disables the
command that follows, and `q` expands to nothing:

$(s)echo 'This command is neither echoed nor executed'
$(q)echo 'This command is executed and echoed'

In all other cases, both `s` and `q` expand to a value which suppresses
echoing of the command that follows:

$(s)echo 'This command is executed but not echoed'
$(q)echo 'This command is executed but not echoed'

The `s` variable is predominantly useful for `echo` commands, where you
always want to suppress echoing of the command itself, whilst `q` is
more useful for all other commands.

Change-Id: I8d8ff6ed714d3cb401946c52955887ed7dca602b
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge changes Id72a0370,I2bafba38,I2bd48441,I164c579c,Iddf8aea0, ... into integration

* changes:
feat(rpi): add Raspberry Pi 5 support
fix(rpi): consider MT when calculating core index from MPID

Merge changes Id72a0370,I2bafba38,I2bd48441,I164c579c,Iddf8aea0, ... into integration

* changes:
feat(rpi): add Raspberry Pi 5 support
fix(rpi): consider MT when calculating core index from MPIDR
refactor(rpi): move register definitions out of rpi_hw.h
refactor(rpi): add platform macro for the crash UART base address
refactor(rpi): split out console registration logic
refactor(rpi): move more platform-specific code into common

show more ...

refactor(rpi): split out console registration logic

Detection of the UART in use and GPIO code only apply to RPi 3 and 4.

RPi 5 has a dedicated PL011 debug port.

Change-Id: Iddf8aea01278e2b79b4e7c

refactor(rpi): split out console registration logic

Detection of the UART in use and GPIO code only apply to RPi 3 and 4.

RPi 5 has a dedicated PL011 debug port.

Change-Id: Iddf8aea01278e2b79b4e7c476740f1add8c419f0
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>

show more ...

Merge "build: use toolchain identifiers in conditions" into integration

Merge "build: use new toolchain variables for tools" into integration

build: use toolchain identifiers in conditions

The toolchain refactor change introduces the `${toolchain}-${tool}-id`
variables, which provide identifiers for all of the toolchain tools used
by the

build: use toolchain identifiers in conditions

The toolchain refactor change introduces the `${toolchain}-${tool}-id`
variables, which provide identifiers for all of the toolchain tools used
by the build system. This change replaces the various conditions that
are in use to identify these tools based on the path with a standard set
of comparisons against these new identifier variables.

Change-Id: Ib60e592359fa6e415c19a012e68d660f87436ca7
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

build: use new toolchain variables for tools

This change migrates the values of `CC`, `CPP`, `AS` and other toolchain
variables to the new `$(toolchain)-$(tool)` variables, which were
introduced by

build: use new toolchain variables for tools

This change migrates the values of `CC`, `CPP`, `AS` and other toolchain
variables to the new `$(toolchain)-$(tool)` variables, which were
introduced by the toolchain refactor patch. These variables should be
equivalent to the values that they're replacing.

Change-Id: I644fe4ce82ef1894bed129ddb4b6ab94fb04985d
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge changes from topic "mp/fix_interrupt_type" into integration

* changes:
refactor(el3-runtime): plat_ic_has_interrupt_type returns bool
fix(el3-runtime): leverage generic interrupt controlle

Merge changes from topic "mp/fix_interrupt_type" into integration

* changes:
refactor(el3-runtime): plat_ic_has_interrupt_type returns bool
fix(el3-runtime): leverage generic interrupt controller helpers
fix(gicv3): map generic interrupt type to GICv3 group
chore(gicv2): use interrupt group instead of type

show more ...