fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57

This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new

fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57

This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new SMCCC_ARCH_WORKAROUND_3 and enables necessary discovery
hooks for Coxtex-A72, Cortex-A57, Cortex-A73 and Cortex-A75 to
enable discovery of this SMC via SMC_FEATURES. SMCCC_ARCH_WORKAROUND_3
is implemented for A57/A72 because some revisions are affected by both
CVE-2022-23960 and CVE-2017-5715 and this allows callers to replace
SMCCC_ARCH_WORKAROUND_1 calls with SMCCC_ARCH_WORKAROUND_3. For details
of SMCCC_ARCH_WORKAROUND_3, please refer SMCCCv1.4 specification.

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifa6d9c7baa6764924638efe3c70468f98d60ed7c

show more ...

refactor(st): configure UART baudrate

Add the possibility to configure console UART baudrate, it can be passed
as a command line parameter with STM32MP_UART_BAUDRATE. The default value
remains 11520

refactor(st): configure UART baudrate

Add the possibility to configure console UART baudrate, it can be passed
as a command line parameter with STM32MP_UART_BAUDRATE. The default value
remains 115200.

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I000df70c10b2b4dac1449556596f9820c36cf243

show more ...

fix(stm32mp1): fix enum prints

With gcc-11, the -Wformat-signedness warning complains about enum values
that should be printed as unsigned values. But the current version of
compiler used in CI stat

fix(stm32mp1): fix enum prints

With gcc-11, the -Wformat-signedness warning complains about enum values
that should be printed as unsigned values. But the current version of
compiler used in CI states that this parameter is signed. Just cast the
value then.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic0655e5ba9c44fe6abcd9958d7a9972f5de3b7ef

show more ...

Merge changes from topic "st-format-signedness" into integration

* changes:
feat(stm32mp1): enable format-signedness warning
fix(stm32mp1): correct types in messages
fix(st-pmic): correct verb

Merge changes from topic "st-format-signedness" into integration

* changes:
feat(stm32mp1): enable format-signedness warning
fix(stm32mp1): correct types in messages
fix(st-pmic): correct verbose message
fix(st-sdmmc2): correct cmd_idx type in messages
fix(st-fmc): fix type in message
fix(mtd): correct types in messages
fix(usb): correct type in message
fix(tzc400): correct message with filter
fix(psci): correct parent_node type in messages
fix(libc): correct some messages
fix(fconf): correct image_id type in messages
fix(bl2): correct messages with image_id

show more ...

feat(stm32mp1): enable format-signedness warning

Add the flag -Wformat-signedness to TF_CFLAGS for STM32MP1.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I6af18778902b0a4dae1c08735d

feat(stm32mp1): enable format-signedness warning

Add the flag -Wformat-signedness to TF_CFLAGS for STM32MP1.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I6af18778902b0a4dae1c08735d2d070ef3d137ce

show more ...

fix(stm32mp1): correct types in messages

Avoid warnings when -Wformat-signedness is enabled.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I0ca41cb96826b4f7f9bcf77909fad110325c1e91

refactor(stm32mp1): move PIE flag to SP_min

The PIE compilation is used only for BL32, move the ENABLE_PIE to
sp_min-stm32mp1.mk file. Override PIE flags, as sp_min.mk file is
included after the fla

refactor(stm32mp1): move PIE flag to SP_min

The PIE compilation is used only for BL32, move the ENABLE_PIE to
sp_min-stm32mp1.mk file. Override PIE flags, as sp_min.mk file is
included after the flags are set in Makefile.
The BL2_IN_XIP_MEM was added for a feature not yet upstreamed.
It is then removed from platform.mk file.

Change-Id: If055e51e0f160f99cd4e4cf68ca718d4d693119c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>

show more ...

Merge "feat(common): add SZ_* macros" into integration

refactor(stm32mp1): update tamp_bkpr return type

tamp_bkpr() returns a register address. So use uintptr_t instead of
uin32_t.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Chan

refactor(stm32mp1): update tamp_bkpr return type

tamp_bkpr() returns a register address. So use uintptr_t instead of
uin32_t.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Change-Id: I5eddfa525465313dadfec18d128248a968ba74e2

show more ...

feat(common): add SZ_* macros

Add the SZ_* macros from 32 to 2G.
This allows removing some defines in raw NAND driver
and STM32MP1 boot device selection code.

Change-Id: I3c4d4959b0f43e785eeb37a43d

feat(common): add SZ_* macros

Add the SZ_* macros from 32 to 2G.
This allows removing some defines in raw NAND driver
and STM32MP1 boot device selection code.

Change-Id: I3c4d4959b0f43e785eeb37a43d03b2906b7fcfbc
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>

show more ...

Merge "feat(st): update the security based on new compatible" into integration

feat(st): update the security based on new compatible

From the new binding, the RCC become secured based on the new
compatible. This must be done only from the secure OS initialisation.

Signed-off-

feat(st): update the security based on new compatible

From the new binding, the RCC become secured based on the new
compatible. This must be done only from the secure OS initialisation.

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I7f0a62f22bfcca638ddaefc9563df00f89f01653

show more ...

feat(st): add early console in BL2

Add an early UART console to ease debug before UART is fully configured.
This is done under flag STM32MP_EARLY_CONSOLE in the first STM32MP1
platform function call

feat(st): add early console in BL2

Add an early UART console to ease debug before UART is fully configured.
This is done under flag STM32MP_EARLY_CONSOLE in the first STM32MP1
platform function called (bl2_el3_early_platform_setup()). It uses the
parameters defined for crash console: STM32MP_DEBUG_USART* macros.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Id6be62368723a0499e97bbf56fb52c166fcbdfad

show more ...

Merge changes from topic "st-security-update" into integration

* changes:
feat(stm32mp1): warn when debug enabled on secure chip
fix(stm32mp1): rework switch/case for MISRA
feat(st): disable a

Merge changes from topic "st-security-update" into integration

* changes:
feat(stm32mp1): warn when debug enabled on secure chip
fix(stm32mp1): rework switch/case for MISRA
feat(st): disable authentication based on part_number

show more ...

Merge "fix(stm32mp1): remove interrupt_provider warning for dtc" into integration

feat(stm32mp1): warn when debug enabled on secure chip

Add a banner that inform user that debug is enabled
on a secure chip.

Change-Id: Ib618ac1332b40a1af72d0b60750eea4fc36a8014
Signed-off-by: Lion

feat(stm32mp1): warn when debug enabled on secure chip

Add a banner that inform user that debug is enabled
on a secure chip.

Change-Id: Ib618ac1332b40a1af72d0b60750eea4fc36a8014
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

fix(stm32mp1): rework switch/case for MISRA

Avoid the use of return inside switch/case in stm32mp_is_single_core().
Although this MISRA rulre might not be enforced, we align on what is done
for stm3

fix(stm32mp1): rework switch/case for MISRA

Avoid the use of return inside switch/case in stm32mp_is_single_core().
Although this MISRA rulre might not be enforced, we align on what is done
for stm32mp_is_auth_supported().

Change-Id: I00a5ec1b18c55b4254af00c9c5cf5a4dce104175
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

feat(st): disable authentication based on part_number

STM32MP15xA and STM32MP15xD chip part numbers don't
support the secure boot.
All functions linked to secure boot must not be used
and signed bin

feat(st): disable authentication based on part_number

STM32MP15xA and STM32MP15xD chip part numbers don't
support the secure boot.
All functions linked to secure boot must not be used
and signed binaries are not allowed on such chip.

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I5b85f322f5eb3b64415e1819bd00fb2c99f20695

show more ...

feat(stm32mp1): manage monotonic counter

The monotonic counter is stored in an OTP fuse.
A check is done in TF-A.
If the TF-A version is incremented, then the counter will be updated
in the correspo

feat(stm32mp1): manage monotonic counter

The monotonic counter is stored in an OTP fuse.
A check is done in TF-A.
If the TF-A version is incremented, then the counter will be updated
in the corresponding OTP.

Change-Id: I6e7831300ca9efbb35b4c87706f2dcab35affacb
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Mathieu Belou <mathieu.belou@st.com>

show more ...

feat(stm32mp1): new way to access platform OTP

Use dt_find_otp_name() to retrieve platform OTP information
from device tree, directly or through stm32_get_otp_index() and
stm32_get_otp_value() platf

feat(stm32mp1): new way to access platform OTP

Use dt_find_otp_name() to retrieve platform OTP information
from device tree, directly or through stm32_get_otp_index() and
stm32_get_otp_value() platform services.
String definitions replace hard-coded values, they are used to call
this new function.

Change-Id: I81213e4a9ad08fddadc2c97b064ae057a4c79561
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

refactor(st-drivers): improve BSEC driver

Rename driver file to BSEC2.
Split header file in IP and feature parts.
Add functions to access BSEC scratch register.
Several corrections and improvements.

refactor(st-drivers): improve BSEC driver

Rename driver file to BSEC2.
Split header file in IP and feature parts.
Add functions to access BSEC scratch register.
Several corrections and improvements.
Probe the driver earlier, especially to check debug features.

Change-Id: I1981536398d598d67a19d2d7766dacc18de72ec1
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

feat(stm32mp1): add NVMEM layout compatibility definition

Used by driver parsing this node to get information.

Change-Id: I50623a497157adf7b9da6fafe8d79f6ff58c0ebc
Signed-off-by: Nicolas Le Bayon <

feat(stm32mp1): add NVMEM layout compatibility definition

Used by driver parsing this node to get information.

Change-Id: I50623a497157adf7b9da6fafe8d79f6ff58c0ebc
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>

show more ...

fix(stm32mp1): remove interrupt_provider warning for dtc

This warning can only be removed if the version is newer than v1.6.0.

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I472

fix(stm32mp1): remove interrupt_provider warning for dtc

This warning can only be removed if the version is newer than v1.6.0.

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I472a8e552305b563447e8148074a5c0970b429e3

show more ...

refactor(stm32mp1): remove unused refcount helper functions

Remove stm32mp_incr_shrefcnt(), stm32mp_decr_shrefcnt(),
stm32mp_incr_refcnt() and stm32mp_decr_refcnt() that are unused.
The file is then

refactor(stm32mp1): remove unused refcount helper functions

Remove stm32mp_incr_shrefcnt(), stm32mp_decr_shrefcnt(),
stm32mp_incr_refcnt() and stm32mp_decr_refcnt() that are unused.
The file is then just removed.

Change-Id: I09ee23c02317df5d8f71cbc355d3ed4a67ce2749
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

fix(stm32mp1): add missing debug.h

Due to stm32mp_shres_helpers.h removal, the debug.h header is no more
included. It should then be added to stm32mp1_boot_device.c.

Signed-off-by: Yann Gautier <ya

fix(stm32mp1): add missing debug.h

Due to stm32mp_shres_helpers.h removal, the debug.h header is no more
included. It should then be added to stm32mp1_boot_device.c.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I397911ac05fdff464c010cf3b2e04320a781b4aa

show more ...