Merge changes from topic "hm/evlog" into integration

* changes:
refactor(drtm): use crypto-agile measured boot
refactor(imx): use crypto-agile measured boot
refactor(qemu): use crypto-agile me

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(drtm): use crypto-agile measured boot
refactor(imx): use crypto-agile measured boot
refactor(qemu): use crypto-agile measured boot
refactor(juno): use crypto-agile measured boot
refactor(rpi3): use crypto-agile measured boot
refactor(fvp): use crypto-agile measured boot
feat(measured-boot): enable dynamic hash provisioning
feat: add TPM/TCG hashing helper to crypto module
chore: bump event log library

show more ...

Merge changes I4d50d138,Ie16b2e40,I574893fa into integration

* changes:
refactor(tpm): remove TPM code from TF-A
feat(tpm): changes to support TPM lib
feat: add libtpm submodule

refactor(rpi3): use crypto-agile measured boot

Adopt the crypto-agile measured boot API for RPi3. Replace the previous
single-algorithm hash configuration with dynamic algorithm selection.
Factor co

refactor(rpi3): use crypto-agile measured boot

Adopt the crypto-agile measured boot API for RPi3. Replace the previous
single-algorithm hash configuration with dynamic algorithm selection.
Factor common measurement logic into a shared helper, update BL1/BL2
integration, and ensure event log header generation and TPM extension
use the new multi-algorithm model.

Change-Id: Id700710ad2c893fc13614c81c01b8812e8edff7d
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat(tpm): changes to support TPM lib

The build system sets TPM_INTERFACE to FIFO_SPI, but this cannot be
tested by the C preprocessor. So, create new build define
TPM_INTERFACE_FIFO_SPI. Correct th

feat(tpm): changes to support TPM lib

The build system sets TPM_INTERFACE to FIFO_SPI, but this cannot be
tested by the C preprocessor. So, create new build define
TPM_INTERFACE_FIFO_SPI. Correct the #if statements to use it.

Make spi_init() in rpi3_spi.c static.
Pass timer functions as ops structure to TPM.
Remove implicit interface between TPM library and main firmware by
introducing explicit interface to allow firmware to pass structure
of function pointers to setup a timer and check whether it has elapsed.

Update build system for new TPM lib location.
Change #include statements in TPM source and header files to allow
for new directory structure.

Change-Id: Ie16b2e402b963161d7d4f35a187b9bd2765a1faa
Signed-off-by: Matthew Ellis <Matthew.Ellis@arm.com>

show more ...

Merge changes from topic "hm/evlog" into integration

* changes:
build(measured-boot)!: move to ext event log lib
feat(build): add utilities for modifying includes

build(measured-boot)!: move to ext event log lib

Removes in-tree Event Log library implementation and updates all
references to use the external submodule. Updates include paths,
Makefile macros, an

build(measured-boot)!: move to ext event log lib

Removes in-tree Event Log library implementation and updates all
references to use the external submodule. Updates include paths,
Makefile macros, and platform integration logic to link with lib as a
static library.

If you cloned TF-A without the `--recurse-submodules` flag, you can
ensure that this submodule is present by running:

git submodule update --init --recursive

BREAKING-CHANGE: LibEventLog is now included in TF-A as a submodule.
Please run `git submodule update --init --recursive` if you encounter
issues after migrating to the latest version of TF-A.

Change-Id: I723f493033c178759a45ea04118e7cc295dc2438
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(rpi3): use renamed event log printer
refactor(imx8m): use renamed event log printer
refactor(qemu): use renamed event l

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(rpi3): use renamed event log printer
refactor(imx8m): use renamed event log printer
refactor(qemu): use renamed event log printer
refactor(fvp): use renamed event log printer
refactor(measured-boot): standardize function names

show more ...

refactor(rpi3): use renamed event log printer

Following the renaming of printer functions to follow the
event_log_{func} convention, update RPI3 to use the new function names
for consistency with th

refactor(rpi3): use renamed event log printer

Following the renaming of printer functions to follow the
event_log_{func} convention, update RPI3 to use the new function names
for consistency with the logging library.

Change-Id: I7a009e78611398f0978e362a7ee5327276286126
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge changes from topic "dtpm_poc" into integration

* changes:
feat(docs): update mboot threat model with dTPM
docs(tpm): add design documentation for dTPM
fix(rpi3): expose BL1_RW to BL2 ma

Merge changes from topic "dtpm_poc" into integration

* changes:
feat(docs): update mboot threat model with dTPM
docs(tpm): add design documentation for dTPM
fix(rpi3): expose BL1_RW to BL2 map for mboot
feat(rpi3): add dTPM backed measured boot
feat(tpm): add Infineon SLB9670 GPIO SPI config
feat(tpm): add tpm drivers and framework
feat(io): add generic gpio spi bit-bang driver
feat(rpi3): implement eventlog handoff to BL33
feat(rpi3): implement mboot for rpi3

show more ...

feat(rpi3): add dTPM backed measured boot

In BL1 and BL2 add support for the use of an Infineon Optiga SLB 9670
TPM2.0.
The platform utilizes the gpio_spi.c driver to bit-bang gpio pins in
order to

feat(rpi3): add dTPM backed measured boot

In BL1 and BL2 add support for the use of an Infineon Optiga SLB 9670
TPM2.0.
The platform utilizes the gpio_spi.c driver to bit-bang gpio pins in
order to send commands and receive responses to/from the TPM.
In BL1 & BL2:
-utilize TPM commands to initialize the gpio pins for "spi"
communication, and extend image hashes to the TPM's PCR 0,
at the end of the measured boot phase for the bootloader,
the TPM locality is released.
-Bl1 executes a tpm_startup command in order to flush the TPM.

Change-Id: I2f2fa28f60a262a0aa25a674c72a9904b3cf4d8a
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

feat(rpi3): implement eventlog handoff to BL33

At the end of BL2 measured boot, write the address
and size of the TCG Event Log to NT_FW_CONFIG so
that the log can be consumed later by BL33.
-add dy

feat(rpi3): implement eventlog handoff to BL33

At the end of BL2 measured boot, write the address
and size of the TCG Event Log to NT_FW_CONFIG so
that the log can be consumed later by BL33.
-add dynamic configuration helpers for the fdt
-write the eventlog address and size to the fdt

Change-Id: I099dd9cc96d740ae13cb8b8e8c6b9f2e6c02accc
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

feat(rpi3): implement mboot for rpi3

Add Measured Boot support using the Event Log backend for the rpi3
platform.
-Implement measured boot infrastructure in BL1 & BL2, including
the init, measure i

feat(rpi3): implement mboot for rpi3

Add Measured Boot support using the Event Log backend for the rpi3
platform.
-Implement measured boot infrastructure in BL1 & BL2, including
the init, measure image, and finish phases.
-Pass the eventlog addr and size from BL1 to BL2 using the
image entry point args.
-dump the eventlog after measuring BL2, and after all images are
measured in BL2.

Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: I7c040c4a2d001a933fefb0b16f0fdf2a43a11be9

show more ...