feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip

Add a security check to enforce the usage of TRUSTED_BOARD_BOOT
on closed device. It will guarantee the secure bootchain.

Change-I

feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip

Add a security check to enforce the usage of TRUSTED_BOARD_BOOT
on closed device. It will guarantee the secure bootchain.

Change-Id: Id6120d0e5041e8f2d3866e5710876ec96b6d0216
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

refactor(stm32mp1): remove authentication using STM32 image mode

Remove deprecated authentication mode to use the FIP authentication
based on TBBR requirements. It will use the new crypto library.

refactor(stm32mp1): remove authentication using STM32 image mode

Remove deprecated authentication mode to use the FIP authentication
based on TBBR requirements. It will use the new crypto library.

Change-Id: I95c7baa64ba42c370ae136f59781f2a7a4c7f507
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

feat(stm32mp1): add RNG initialization in BL2 for STM32MP13

Initialize RNG driver at platform level for STM32MP13.

Change-Id: I64832de43e5f6559a12e26680142db54c88f0b9e
Signed-off-by: Nicolas Le Bay

feat(stm32mp1): add RNG initialization in BL2 for STM32MP13

Initialize RNG driver at platform level for STM32MP13.

Change-Id: I64832de43e5f6559a12e26680142db54c88f0b9e
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@foss.st.com>

show more ...

Merge "feat(stm32mp1): save boot auth status and partition info" into integration

Merge changes from topic "st_optee_paged" into integration

* changes:
feat(stm32mp1): optionally use paged OP-TEE
feat(optee): check paged_image_info

feat(stm32mp1): save boot auth status and partition info

Introduce a functionality for saving/restoring boot auth status
and partition used for booting (FSBL partition on which the boot
was successf

feat(stm32mp1): save boot auth status and partition info

Introduce a functionality for saving/restoring boot auth status
and partition used for booting (FSBL partition on which the boot
was successful).

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Change-Id: I4d7f153b70dfc49dad8c1c3fa71111a350caf1ee

show more ...

feat(stm32mp1): optionally use paged OP-TEE

STM32MP13 can encrypt the DDR. OP-TEE is then fully in DDR, and there
is no need for paged image on STM32MP13. The management of the paged
OP-TEE is made

feat(stm32mp1): optionally use paged OP-TEE

STM32MP13 can encrypt the DDR. OP-TEE is then fully in DDR, and there
is no need for paged image on STM32MP13. The management of the paged
OP-TEE is made conditional, and will be kept only for STM32MP15.

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I85ac7aaf6a172c4ee529736113ed40fe66835fd7

show more ...

Merge "fix(st): fix NULL pointer dereference issues" into integration

fix(st): fix NULL pointer dereference issues

The get_bl_mem_params_node() function could return NULL. Add asserts to
check the return value is not NULL.
This corrects coverity issues:
pager_mem_par

fix(st): fix NULL pointer dereference issues

The get_bl_mem_params_node() function could return NULL. Add asserts to
check the return value is not NULL.
This corrects coverity issues:
pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
>>> CID 378360: (NULL_RETURNS)
>>> Dereferencing "pager_mem_params", which is known to be "NULL".

paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
>>> CID 378360: (NULL_RETURNS)
>>> Dereferencing "paged_mem_params", which is known to be "NULL".

tos_fw_mem_params = get_bl_mem_params_node(TOS_FW_CONFIG_ID);
>>> CID 378360: (NULL_RETURNS)
>>> Dereferencing "tos_fw_mem_params", which is known to be "NULL".


Do the same for other occurrences of get_bl_mem_params_node() return not
checked, in the functions plat_get_bl_image_load_info() and
bl2_plat_handle_pre_image_load().

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I79165b1628fcee3da330f2db4ee5e1dafcb1b21f

show more ...

Merge changes from topic "refactor-hw-config-load" into integration

* changes:
docs(fvp): update loading addresses of HW_CONFIG
docs(fconf): update device tree binding for FCONF
feat(fvp): upd

Merge changes from topic "refactor-hw-config-load" into integration

* changes:
docs(fvp): update loading addresses of HW_CONFIG
docs(fconf): update device tree binding for FCONF
feat(fvp): update HW_CONFIG DT loading mechanism
refactor(st): update set_config_info function call
refactor(fvp_r): update set_config_info function call
refactor(arm): update set_config_info function call
feat(fconf): add NS load address in configuration DTB nodes

show more ...

Merge changes from topic "stm32mp13" into integration

* changes:
feat(stm32mp1): select platform compilation either by flag or DT
feat(stm32mp1-fdts): add support for STM32MP13 DK board
feat(s

Merge changes from topic "stm32mp13" into integration

* changes:
feat(stm32mp1): select platform compilation either by flag or DT
feat(stm32mp1-fdts): add support for STM32MP13 DK board
feat(stm32mp1-fdts): add DDR support for STM32MP13
feat(stm32mp1-fdts): add st-io_policies node for STM32MP13
feat(stm32mp1): updates for STM32MP13 device tree compilation
feat(stm32mp1-fdts): add DT files for STM32MP13
feat(dt-bindings): add TZC400 bindings for STM32MP13
feat(stm32mp1): add "Boot mode" management for STM32MP13
feat(stm32mp1): manage HSLV on STM32MP13
feat(stm32mp1): add sdmmc compatible in platform define
feat(st-sdmmc2): allow compatible to be defined in platform code
feat(stm32mp1): update IO compensation on STM32MP13
feat(stm32mp1): call pmic_voltages_init() in platform init
feat(st-pmic): add pmic_voltages_init() function
feat(stm32mp1): update CFG0 OTP for STM32MP13
feat(stm32mp1): usb descriptor update for STM32MP13
feat(st-clock): add clock driver for STM32MP13
feat(dt-bindings): add bindings for STM32MP13
feat(stm32mp1): get CPU info from SYSCFG on STM32MP13
feat(stm32mp1): use only one filter for TZC400 on STM32MP13
feat(stm32mp1): add a second fixed regulator
feat(stm32mp1): adaptations for STM32MP13 image header
feat(stm32mp1): update boot API for header v2.0
feat(stm32mp1): update IP addresses for STM32MP13
feat(stm32mp1): add part numbers for STM32MP13
feat(stm32mp1): chip rev. Z is 0x1001 on STM32MP13
feat(stm32mp1): update BACKUP_BOOT_MODE for STM32MP13
feat(stm32mp1): stm32mp_is_single_core() for STM32MP13
feat(stm32mp1): remove unsupported features on STM32MP13
feat(stm32mp1): update memory mapping for STM32MP13
feat(stm32mp1): introduce new flag for STM32MP13
feat(st): update stm32image tool for header v2

show more ...

feat(stm32mp1): call pmic_voltages_init() in platform init

The nominal voltage for VDDCPU when Cortex-A7 runs at 650MHz is 1.25V
on STM32MP13. VDDCORE should be set at 1.25V as well.
This is necessa

feat(stm32mp1): call pmic_voltages_init() in platform init

The nominal voltage for VDDCPU when Cortex-A7 runs at 650MHz is 1.25V
on STM32MP13. VDDCORE should be set at 1.25V as well.
This is necessary, as the PMIC values in its NVMEM are 1.2V.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I3c24fe4cd68c7bf143cf9318ab38a15d6d41b5d2

show more ...

feat(stm32mp1): remove unsupported features on STM32MP13

* GPIO: On STM32MP13, there are no banks GPIOJ, GPIOK and GPIOZ.
* STM32MP13 is a single Cortex-A7 CPU: remove reset from MPU1
and reset fr

feat(stm32mp1): remove unsupported features on STM32MP13

* GPIO: On STM32MP13, there are no banks GPIOJ, GPIOK and GPIOZ.
* STM32MP13 is a single Cortex-A7 CPU: remove reset from MPU1
and reset from MCU traces
* There is no MCU on STM32MP13. Put MCU security management
under STM32MP15 flag.
* The authentication feature is not supported yet on STM32MP13,
put the code under SPM32MP15 flag.
* On STM32MP13, the monotonic counter is managed in ROM code, keep
the monotonic counter update just for STM32MP15.
* SYSCFG: put registers not present on STM32MP13 under STM32MP15
flag, as the code that manages them.
* PMIC: use ldo3 during DDR configuration only for STM32MP15
* Reset UART pins on USB boot is no more required.

Change-Id: Iceba59484a9bb02828fe7e99f3ecafe69c837bc7
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>

show more ...

refactor(st): update set_config_info function call

Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secu

refactor(st): update set_config_info function call

Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.

Change-Id: Ieeaf9c97085128d7b7339d34495bdd58cd9fcf8a
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "feat(st): add early console in BL2" into integration

feat(st): add early console in BL2

Add an early UART console to ease debug before UART is fully configured.
This is done under flag STM32MP_EARLY_CONSOLE in the first STM32MP1
platform function call

feat(st): add early console in BL2

Add an early UART console to ease debug before UART is fully configured.
This is done under flag STM32MP_EARLY_CONSOLE in the first STM32MP1
platform function called (bl2_el3_early_platform_setup()). It uses the
parameters defined for crash console: STM32MP_DEBUG_USART* macros.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Id6be62368723a0499e97bbf56fb52c166fcbdfad

show more ...

Merge changes from topic "st-security-update" into integration

* changes:
feat(stm32mp1): warn when debug enabled on secure chip
fix(stm32mp1): rework switch/case for MISRA
feat(st): disable a

Merge changes from topic "st-security-update" into integration

* changes:
feat(stm32mp1): warn when debug enabled on secure chip
fix(stm32mp1): rework switch/case for MISRA
feat(st): disable authentication based on part_number

show more ...

feat(stm32mp1): warn when debug enabled on secure chip

Add a banner that inform user that debug is enabled
on a secure chip.

Change-Id: Ib618ac1332b40a1af72d0b60750eea4fc36a8014
Signed-off-by: Lion

feat(stm32mp1): warn when debug enabled on secure chip

Add a banner that inform user that debug is enabled
on a secure chip.

Change-Id: Ib618ac1332b40a1af72d0b60750eea4fc36a8014
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

feat(st): disable authentication based on part_number

STM32MP15xA and STM32MP15xD chip part numbers don't
support the secure boot.
All functions linked to secure boot must not be used
and signed bin

feat(st): disable authentication based on part_number

STM32MP15xA and STM32MP15xD chip part numbers don't
support the secure boot.
All functions linked to secure boot must not be used
and signed binaries are not allowed on such chip.

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I5b85f322f5eb3b64415e1819bd00fb2c99f20695

show more ...

Merge changes from topic "st-nvmem" into integration

* changes:
feat(stm32mp1): manage monotonic counter
feat(stm32mp1): new way to access platform OTP
feat(stm32mp1-fdts): update NVMEM nodes

Merge changes from topic "st-nvmem" into integration

* changes:
feat(stm32mp1): manage monotonic counter
feat(stm32mp1): new way to access platform OTP
feat(stm32mp1-fdts): update NVMEM nodes
refactor(st-drivers): improve BSEC driver
feat(stm32mp1-fdts): add nvmem_layout node and OTP definitions
feat(stm32mp1): add NVMEM layout compatibility definition

show more ...

feat(stm32mp1): manage monotonic counter

The monotonic counter is stored in an OTP fuse.
A check is done in TF-A.
If the TF-A version is incremented, then the counter will be updated
in the correspo

feat(stm32mp1): manage monotonic counter

The monotonic counter is stored in an OTP fuse.
A check is done in TF-A.
If the TF-A version is incremented, then the counter will be updated
in the corresponding OTP.

Change-Id: I6e7831300ca9efbb35b4c87706f2dcab35affacb
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Mathieu Belou <mathieu.belou@st.com>

show more ...

refactor(st-drivers): improve BSEC driver

Rename driver file to BSEC2.
Split header file in IP and feature parts.
Add functions to access BSEC scratch register.
Several corrections and improvements.

refactor(st-drivers): improve BSEC driver

Rename driver file to BSEC2.
Split header file in IP and feature parts.
Add functions to access BSEC scratch register.
Several corrections and improvements.
Probe the driver earlier, especially to check debug features.

Change-Id: I1981536398d598d67a19d2d7766dacc18de72ec1
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

Merge changes from topic "fwu-on-stm32mp1" into integration

* changes:
feat(stm32mp1): add support for building the FWU feature
feat(stm32mp1): add logic to pass the boot index to the Update Age

Merge changes from topic "fwu-on-stm32mp1" into integration

* changes:
feat(stm32mp1): add support for building the FWU feature
feat(stm32mp1): add logic to pass the boot index to the Update Agent
feat(stm32mp1): add support for reading the metadata partition
feat(stm32mp1): add logic to select the images to be booted
feat(stm32mp1): add GUID's for identifying firmware images to be booted
feat(stm32mp1): add GUID values for updatable images
feat(fwu): add platform hook for getting the boot index
feat(fwu): simplify the assert to check for fwu init
feat(fwu): add a function to pass metadata structure to platforms
feat(partition): add a function to identify a partition by GUID
feat(partition): copy the partition GUID into the partition structure
feat(partition): make provision to store partition GUID value
feat(partition): cleanup partition and gpt headers
feat(fwu): add basic definitions for GUID handling
feat(fwu): pass a const metadata structure to platform routines
build(changelog): add a valid scope for partition code

show more ...

feat(stm32mp1): add logic to pass the boot index to the Update Agent

With the FWU Multi Bank update feature, the platform can boot from one
of multiple banks(partitions). Pass the value of bank from

feat(stm32mp1): add logic to pass the boot index to the Update Agent

With the FWU Multi Bank update feature, the platform can boot from one
of multiple banks(partitions). Pass the value of bank from which the
platform has booted as boot index to the Update Agent. The Update
Agent will match this boot index value against the active_index field
in the metadata, and update the metadata if there is a mismatch.

Fow now, the mechanism to pass the boot index is platform specific. On
the STM32MP1 platform, the boot index value is passed through a
memorey mapped TAMP register on the SoC.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I0aa665ff9c1db95be8ae19ed8de6d866587d6850

show more ...

Merge changes from topic "st_syscfg_updates" into integration

* changes:
feat(stm32mp1): add helper to enable high speed mode in low voltage
refactor(stm32mp1): add helpers for IO compensation c

Merge changes from topic "st_syscfg_updates" into integration

* changes:
feat(stm32mp1): add helper to enable high speed mode in low voltage
refactor(stm32mp1): add helpers for IO compensation cells
feat(stm32mp1): use clk_enable/disable functions
feat(stm32mp1): add timeout in IO compensation

show more ...