Merge changes Ib220a866,I38e6af65,I1554efdb,Iae99985e,I96f96267, ... into integration

* changes:
feat(stm32mp25-fdts): enable rng nodes for ST boards
feat(stm32mp2): prepare DDR secure area encr

Merge changes Ib220a866,I38e6af65,I1554efdb,Iae99985e,I96f96267, ... into integration

* changes:
feat(stm32mp25-fdts): enable rng nodes for ST boards
feat(stm32mp2): prepare DDR secure area encryption
feat(stm32mp2): add some platform helpers
feat(st-drivers): add RISAF driver
feat(fdts): add RISAF nodes for STM32MP25
feat(stm32mp2-fdts): add memory firewall node
feat(stm32mp2-fdts): add firewall nodes in fw-config
feat(stm32mp2): add RIF dt-binding defines
feat(stm32mp1-fdts): add MCE support for STM32MP13 DK board
feat(stm32mp1): prepare DDR secure area encryption for STM32MP13
feat(stm32mp1): enable MCE driver for STM32MP13
feat(st-drivers): add Memory Cipher Engine driver
feat(dt-bindings): add MCE DT bindings for STM32MP13
fix(st-crypto): improve RNG health test configuration
feat(st): add RNG minor version
feat(st-crypto): add multi instance and error management in RNG driver
feat(stm32mp2): add HASH and RNG compilation
feat(stm32mp25-fdts): add RNG node

show more ...

feat(stm32mp1): prepare DDR secure area encryption for STM32MP13

The Memory Cipher Engine (MCE) defines the DDR secure area with
specific security setup (encryption).
Its master key is randomly gene

feat(stm32mp1): prepare DDR secure area encryption for STM32MP13

The Memory Cipher Engine (MCE) defines the DDR secure area with
specific security setup (encryption).
Its master key is randomly generated (using RNG driver).
Initialize and configure MCE IP on platform side only if
authentication is supported at SoC level.

Change-Id: I034f45b0fd547d924cbc92c42298e1f3b1e7343c
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>

show more ...

Merge "fix(stm32mp1): skip OP-TEE header check if image base is NULL" into integration

Merge "refactor(st): change suffix for SYSCFG functions" into integration

fix(stm32mp1): skip OP-TEE header check if image base is NULL

In bl2_plat_handle_post_image_load(), if the image_base of OP-TEE
header image is 0, do not call optee_header_is_valid(). This can be
th

fix(stm32mp1): skip OP-TEE header check if image base is NULL

In bl2_plat_handle_post_image_load(), if the image_base of OP-TEE
header image is 0, do not call optee_header_is_valid(). This can be
the case when OP-TEE is not present in the FIP.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic2d014e59665c9efa33bbce1bf2eb3b66cd6fb26

show more ...

refactor(st): change suffix for SYSCFG functions

This patch replaces the suffix "stm32mp1_" in the SYSCFG drivers
with "stm32mp_". By using a common suffix for function names, we can
avoid issues or

refactor(st): change suffix for SYSCFG functions

This patch replaces the suffix "stm32mp1_" in the SYSCFG drivers
with "stm32mp_". By using a common suffix for function names, we can
avoid issues or platform compilation flags when a driver
needs to access SYSCFG across different platforms.

Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Change-Id: I24407852c085abd843ef4cdef235c022a5e57a85

show more ...

Merge changes from topic "st-fwu-common" into integration

* changes:
refactor(st): move FWU support to common code
refactor(st): move FWU functions to common code

refactor(st): move FWU functions to common code

Move the platforms functions used for Firmware update in plat/st/common
directory. The function stm32mp1_fwu_set_boot_idx() is renamed
stm32_fwu_set_b

refactor(st): move FWU functions to common code

Move the platforms functions used for Firmware update in plat/st/common
directory. The function stm32mp1_fwu_set_boot_idx() is renamed
stm32_fwu_set_boot_idx() to align with other ones. A new function
stm32_get_bkpr_fwu_info_addr() is created to get the backup register
address where to store FWU info (counter and partition index).

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I64916c7992782ceeaaf990026756ca4134d93c88

show more ...

Merge "feat(stm32mp15): remove OP-TEE shared mem" into integration

feat(stm32mp15): remove OP-TEE shared mem

The flag STM32MP15_OPTEE_RSV_SHM was disabled and mark deprecated.
Remove the corresponding code.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-

feat(stm32mp15): remove OP-TEE shared mem

The flag STM32MP15_OPTEE_RSV_SHM was disabled and mark deprecated.
Remove the corresponding code.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I948af3e1de4b89815c967a63abe64f285c405ecc

show more ...

Merge changes from topic "early_console" into integration

* changes:
feat(stm32mp2): use early traces
feat(st-bsec): use early traces
refactor(st): replace STM32MP_EARLY_CONSOLE with EARLY_CON

Merge changes from topic "early_console" into integration

* changes:
feat(stm32mp2): use early traces
feat(st-bsec): use early traces
refactor(st): replace STM32MP_EARLY_CONSOLE with EARLY_CONSOLE
feat(console): introduce EARLY_CONSOLE
feat(bl32): create an sp_min_setup function

show more ...

refactor(st): replace STM32MP_EARLY_CONSOLE with EARLY_CONSOLE

Now that EARLY_CONSOLE is generic, use it instead of the ST flag.
Remove stm32mp_setup_early_console() calls as it is done in common TF

refactor(st): replace STM32MP_EARLY_CONSOLE with EARLY_CONSOLE

Now that EARLY_CONSOLE is generic, use it instead of the ST flag.
Remove stm32mp_setup_early_console() calls as it is done in common TF-A
code.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Icac29b62a6267303cb5c679d15847c013ead1d23

show more ...

Merge changes from topic "st_mckprot_bl32" into integration

* changes:
refactor(stm32mp1): move the MCU security to BL32
feat(st-clock): add function to control MCU subsystem

refactor(stm32mp1): move the MCU security to BL32

Change the MCKPROT control management. Now, the MCU subsystem
is done in the BL32 using the dedicated clock function.
If using OP-TEE, you will need

refactor(stm32mp1): move the MCU security to BL32

Change the MCKPROT control management. Now, the MCU subsystem
is done in the BL32 using the dedicated clock function.
If using OP-TEE, you will need the corresponding commit [1].
This should be integrated in OP-TEE tag 4.2.0.

[1] e07f9212d5 plat-stm32mp1: shared_resource: disable MCKPROT if
not needed

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I59f90ace750aa93f674389f881e2fe14ad334a72

show more ...

Merge "feat(stm32mp1): only fuse monotonic counter on closed devices" into integration

feat(stm32mp1): only fuse monotonic counter on closed devices

The fused monotonic counter is checked by the ROM bootloader. The ROM
bootloader won't allow booting images build with a lower
STM32_TF_

feat(stm32mp1): only fuse monotonic counter on closed devices

The fused monotonic counter is checked by the ROM bootloader. The ROM
bootloader won't allow booting images build with a lower
STM32_TF_VERSION value.

On non-closed devices a user can easily circumvent this. But it is
annoying for a developer when open development hardware gets the counter
value fused.

Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Change-Id: Ie52561368a3178de9d9a44b9d089664241452651

show more ...

Merge changes from topic "st-bsec-otp" into integration

* changes:
feat(stm32mp2-fdts): add board ID OTP in STM32MP257F-EV1
feat(stm32mp2-fdts): add OTP nodes in STM32MP251 SoC DT file
fix(stm

Merge changes from topic "st-bsec-otp" into integration

* changes:
feat(stm32mp2-fdts): add board ID OTP in STM32MP257F-EV1
feat(stm32mp2-fdts): add OTP nodes in STM32MP251 SoC DT file
fix(stm32mp2): add missing include
feat(st): do not directly call BSEC functions in common code
feat(st): use stm32_get_otp_value_from_idx() in BL31
refactor(st): update test for closed chip
refactor(st-bsec): improve BSEC driver
refactor(st): use dashes for BSEC node names

show more ...

refactor(st): update test for closed chip

The function stm32mp_is_closed_device() is replaced with
stm32mp_check_closed_device(), which return an uint32_t, either
STM32MP_CHIP_SEC_OPEN or STM32MP_CH

refactor(st): update test for closed chip

The function stm32mp_is_closed_device() is replaced with
stm32mp_check_closed_device(), which return an uint32_t, either
STM32MP_CHIP_SEC_OPEN or STM32MP_CHIP_SEC_CLOSED.

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ie0790cdc36c4b6522083bc1f0e7c38e8061e6adf

show more ...

Merge changes from topic "refactor_st_common" into integration

* changes:
refactor(st): move board info in common code
refactor(st): move GIC code to common directory
refactor(st): move boot b

Merge changes from topic "refactor_st_common" into integration

* changes:
refactor(st): move board info in common code
refactor(st): move GIC code to common directory
refactor(st): move boot backup register management

show more ...

refactor(st): move boot backup register management

This backup register used to pass boot information to BL33, has the
same mapping for ST platforms. Its management can then be moved to
common direc

refactor(st): move boot backup register management

This backup register used to pass boot information to BL33, has the
same mapping for ST platforms. Its management can then be moved to
common directory.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic873f099c1f87c6ba2825b4946365ae6a9687798

show more ...

Merge changes from topic "fix_misra_st_platform" into integration

* changes:
fix(stm32mp1): rework DWL buffer cache invalidation
fix(stm32mp1): add const for strings in stm32mp_get_soc_name()

Merge changes from topic "fix_misra_st_platform" into integration

* changes:
fix(stm32mp1): rework DWL buffer cache invalidation
fix(stm32mp1): add const for strings in stm32mp_get_soc_name()
fix(st): use Boolean type for tests
fix(st): rework secure-status check in fdt_get_status()
fix(st): use indices when counting GPIOs in DT
fix(st): add U suffix for unsigned numbers
fix(st): explicitly check operators precedence

show more ...

fix(stm32mp1): rework DWL buffer cache invalidation

As the default part do nothing, all the code managing DWL buffer cache
invalidation can be under programmer flags.
This avoids running unneeded co

fix(stm32mp1): rework DWL buffer cache invalidation

As the default part do nothing, all the code managing DWL buffer cache
invalidation can be under programmer flags.
This avoids running unneeded code if the flags are not enabled, and
corrects MISRA C2012-16.6:
Every switch statement shall have at least two switch-clauses.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I90d2951f9518509b3380295fb1a6ad6b9c5e551e

show more ...

Merge "refactor(stm32mp1): remove STM32MP_USE_STM32IMAGE" into integration

refactor(stm32mp1): remove STM32MP_USE_STM32IMAGE

The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.

Change-Id: I04452453ed84567b0de39e900594a81526562

refactor(stm32mp1): remove STM32MP_USE_STM32IMAGE

The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.

Change-Id: I04452453ed84567b0de39e900594a81526562259
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

Merge changes from topic "stm32mp1-trusted-boot" into integration

* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools

Merge changes from topic "stm32mp1-trusted-boot" into integration

* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
feat(stm32mp1): add the platform specific build for tools
fix(stm32mp13-fdts): remove secure status
feat(stm32mp1-fdts): add CoT and fuse references for authentication
feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip
feat(stm32mp1): add the decryption support
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
feat(stm32mp1): update ROM code API for header v2 management
feat(stm32mp1): remove unused function from boot API
refactor(stm32mp1): remove authentication using STM32 image mode
fix(fconf): fix type error displaying disable_auth
feat(tbbr): increase PK_DER_LEN size
fix(auth): correct sign-compare warning
feat(auth): allow to verify PublicKey with platform format PK
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
feat(stm32mp1): add RNG initialization in BL2 for STM32MP13
feat(st-crypto): remove BL32 HASH driver usage
feat(stm32mp1): add a stm32mp crypto library
feat(st-crypto): add STM32 RNG driver
feat(st-crypto): add AES decrypt/auth by SAES IP
feat(st-crypto): add ECDSA signature check with PKA
feat(st-crypto): update HASH for new hardware version used in STM32MP13

show more ...