Merge changes from topic "stm32mp1-trusted-boot" into integration

* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools

Merge changes from topic "stm32mp1-trusted-boot" into integration

* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
feat(stm32mp1): add the platform specific build for tools
fix(stm32mp13-fdts): remove secure status
feat(stm32mp1-fdts): add CoT and fuse references for authentication
feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip
feat(stm32mp1): add the decryption support
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
feat(stm32mp1): update ROM code API for header v2 management
feat(stm32mp1): remove unused function from boot API
refactor(stm32mp1): remove authentication using STM32 image mode
fix(fconf): fix type error displaying disable_auth
feat(tbbr): increase PK_DER_LEN size
fix(auth): correct sign-compare warning
feat(auth): allow to verify PublicKey with platform format PK
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
feat(stm32mp1): add RNG initialization in BL2 for STM32MP13
feat(st-crypto): remove BL32 HASH driver usage
feat(stm32mp1): add a stm32mp crypto library
feat(st-crypto): add STM32 RNG driver
feat(st-crypto): add AES decrypt/auth by SAES IP
feat(st-crypto): add ECDSA signature check with PKA
feat(st-crypto): update HASH for new hardware version used in STM32MP13

show more ...

feat(stm32mp1): add the platform specific build for tools

Add cert_create and fiptool specific files to add the platform
addons to the generic tools.

Change-Id: Ifa600241cdf32b495cc65edccddab47c379

feat(stm32mp1): add the platform specific build for tools

Add cert_create and fiptool specific files to add the platform
addons to the generic tools.

Change-Id: Ifa600241cdf32b495cc65edccddab47c3796b77d
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip

Add a security check to enforce the usage of TRUSTED_BOARD_BOOT
on closed device. It will guarantee the secure bootchain.

Change-I

feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip

Add a security check to enforce the usage of TRUSTED_BOARD_BOOT
on closed device. It will guarantee the secure bootchain.

Change-Id: Id6120d0e5041e8f2d3866e5710876ec96b6d0216
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

feat(stm32mp1): add the decryption support

Add the decryption support for STM32MP1 binaries.
Decryption is limited to the BL32 loaded images.

Limitation: STM32MP15 doesn't support the feature.

Cha

feat(stm32mp1): add the decryption support

Add the decryption support for STM32MP1 binaries.
Decryption is limited to the BL32 loaded images.

Limitation: STM32MP15 doesn't support the feature.

Change-Id: I96800bac7b22109f8471eb2953fc0dc269fc4fd1
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

feat(stm32mp1): add the TRUSTED_BOARD_BOOT support

Add the support of the TRUSTED_BOARD_BOOT to authenticate the loaded
FIP using platform CoT management.
It adds TBB platform definition, redefining

feat(stm32mp1): add the TRUSTED_BOARD_BOOT support

Add the support of the TRUSTED_BOARD_BOOT to authenticate the loaded
FIP using platform CoT management.
It adds TBB platform definition, redefining the standard image ID in
order to decrease requested size in BL2 binary.
Authentication will use mbedTLS library for parsing certificate
configured with a platform configuration.

Change-Id: I9da66b915c5e9e9293fccfce92bef2434da1e430
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

feat(stm32mp1): update ROM code API for header v2 management

Add the new definition field for authentication used in header V2
on STM32MP13.

Change-Id: Id8f0c2584ca9b74b0d21d82c9a98d286500548c4
Sig

feat(stm32mp1): update ROM code API for header v2 management

Add the new definition field for authentication used in header V2
on STM32MP13.

Change-Id: Id8f0c2584ca9b74b0d21d82c9a98d286500548c4
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

feat(stm32mp1): remove unused function from boot API

Remove old library access from ROM library that is no more
used.

Change-Id: I9b91f1efd6ff9d311b69ca36f60474f01268c221
Signed-off-by: Lionel Debi

feat(stm32mp1): remove unused function from boot API

Remove old library access from ROM library that is no more
used.

Change-Id: I9b91f1efd6ff9d311b69ca36f60474f01268c221
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

refactor(stm32mp1): remove authentication using STM32 image mode

Remove deprecated authentication mode to use the FIP authentication
based on TBBR requirements. It will use the new crypto library.

refactor(stm32mp1): remove authentication using STM32 image mode

Remove deprecated authentication mode to use the FIP authentication
based on TBBR requirements. It will use the new crypto library.

Change-Id: I95c7baa64ba42c370ae136f59781f2a7a4c7f507
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

feat(stm32mp1): add RNG initialization in BL2 for STM32MP13

Initialize RNG driver at platform level for STM32MP13.

Change-Id: I64832de43e5f6559a12e26680142db54c88f0b9e
Signed-off-by: Nicolas Le Bay

feat(stm32mp1): add RNG initialization in BL2 for STM32MP13

Initialize RNG driver at platform level for STM32MP13.

Change-Id: I64832de43e5f6559a12e26680142db54c88f0b9e
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@foss.st.com>

show more ...

feat(stm32mp1): add a stm32mp crypto library

Add the crypto library for STM32MP1 to use STM32 hardware
accelerators.

Change-Id: I0bbb941001242a6fdc47514ab3efe07b12249285
Signed-off-by: Nicolas Toro

feat(stm32mp1): add a stm32mp crypto library

Add the crypto library for STM32MP1 to use STM32 hardware
accelerators.

Change-Id: I0bbb941001242a6fdc47514ab3efe07b12249285
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

feat(st-crypto): update HASH for new hardware version used in STM32MP13

Introduce new flag to manage hardware version.
STM32MP15 currently uses the HASH_V2 and STM32MP13 uses the HASH_V4.
For STM32_

feat(st-crypto): update HASH for new hardware version used in STM32MP13

Introduce new flag to manage hardware version.
STM32MP15 currently uses the HASH_V2 and STM32MP13 uses the HASH_V4.
For STM32_HASH_V4: remove MD5 algorithm (no more supported) and
add SHA384 and SHA512.

For STM32_HASH_V2: no change.

Change-Id: I3a9ae9e38249a2421c657232cb0877004d04dae1
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

fix(mt8188): add mmap entry for CPU idle SRAM

CPU PM driver accesses CPU idle SRAM during the system suspend
process. The region of CPU idle SRAM needs to be added as mmap entry.
Otherwise, the exec

fix(mt8188): add mmap entry for CPU idle SRAM

CPU PM driver accesses CPU idle SRAM during the system suspend
process. The region of CPU idle SRAM needs to be added as mmap entry.
Otherwise, the execption would occur.

BUG=b:244215539
TEST=Test of suspend resume passes.

Signed-off-by: Liju-Clr Chen <liju-clr.chen@mediatek.com>
Change-Id: I5838964fd9cb1b833e4006e2123febb4a4601003

show more ...

fix(mt8188): refine gic init flow after system resume

Call gicv3_distif_init() instead of mt_gic_init() in
armv8_2_mcusys_pwr_on_common(). This is to prevent
gicv3_rdistif_init() and gicv3_cpuif_ena

fix(mt8188): refine gic init flow after system resume

Call gicv3_distif_init() instead of mt_gic_init() in
armv8_2_mcusys_pwr_on_common(). This is to prevent
gicv3_rdistif_init() and gicv3_cpuif_enable() from being called twice
in the power-on flow. gicv3_rdistif_init() and gicv3_cpuif_enable()
are called in later armv8_2_cpu_pwr_on_common().

BUG=b:244215539
TEST=Suspend Resume Test pass

Change-Id: Id752c1ccbb9eab277ed6278c2dd90a051a894146
Signed-off-by: Liju-Clr Chen <liju-clr.chen@mediatek.com>

show more ...

fix(mt8186): fix the DRAM voltage after the system resumes

The DRAM power supply must sustain at 0.8V after the system resumes.
Otherwise, unexpected errors would occur. Therefore, we update the
DRA

fix(mt8186): fix the DRAM voltage after the system resumes

The DRAM power supply must sustain at 0.8V after the system resumes.
Otherwise, unexpected errors would occur. Therefore, we update the
DRAM voltage to 0.8v in PMIC voltage wrap table.

BUG=b:253537849
TEST=Suspend Resume Test

Signed-off-by: Allen-KH Cheng <allen-kh.cheng@mediatek.corp-partner.google.com>
Change-Id: Idd42d5a2d646468822e391e48d01d870c3b7f0d3

show more ...

feat(mt8188): add audio support

For MT8188, MTK_AUDIO_SMC_OP_DOMAIN_SIDEBANDS is required for normal
mode switch.
- Add audio common code and chip specific code.
- Add new id (MTK_SIP_AUDIO_CONT

feat(mt8188): add audio support

For MT8188, MTK_AUDIO_SMC_OP_DOMAIN_SIDEBANDS is required for normal
mode switch.
- Add audio common code and chip specific code.
- Add new id (MTK_SIP_AUDIO_CONTROL) to mtk_sip_def.h.
- Enable for MT8188.

Signed-off-by: Trevor Wu <trevor.wu@mediatek.com>
Change-Id: Iff4680cd0b520b2b519ecf30ecafe100f147cc62

show more ...

refactor(mt8195): use ptp3 common drivers

Some 8195 ptp3 drivers are the same in plat/mediatek/drivers/ptp3, so
add this patch to reuse them.

Change-Id: I2b1801a73b6a2979e20d49d314c57f663dc5bf04
Si

refactor(mt8195): use ptp3 common drivers

Some 8195 ptp3 drivers are the same in plat/mediatek/drivers/ptp3, so
add this patch to reuse them.

Change-Id: I2b1801a73b6a2979e20d49d314c57f663dc5bf04
Signed-off-by: Liju-Clr Chen <liju-clr.chen@mediatek.com>

show more ...

feat(mt8188): add support for PTP3

Add PTP3 driver to protect CPU from excessive voltage drop in CPU
heavy loading.

Signed-off-by: Riven Chen <riven.chen@mediatek.corp-partner.google.com>
Change-Id

feat(mt8188): add support for PTP3

Add PTP3 driver to protect CPU from excessive voltage drop in CPU
heavy loading.

Signed-off-by: Riven Chen <riven.chen@mediatek.corp-partner.google.com>
Change-Id: I394096be43e1d1d615f99b22f38f0b3ae0bb40c1

show more ...

feat(mt8188): enable MTK_PUBEVENT_ENABLE

Enable MTK_PUBEVENT_ENABLE for subscribing CPUPM events. This
patch also corrects the header file naming.

Signed-off-by: Bo-Chen Chen <rex-bc.chen@mediatek.

feat(mt8188): enable MTK_PUBEVENT_ENABLE

Enable MTK_PUBEVENT_ENABLE for subscribing CPUPM events. This
patch also corrects the header file naming.

Signed-off-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Change-Id: Iabd89a4ead21ccafa833390367484bfea5d351f6

show more ...

build: deprecate Arm TC0 FVP platform

Arm has decided to deprecate the TC0 platform. The development of
software and fast models for TC0 platform has been discontinued.
TC0 platform has been superse

build: deprecate Arm TC0 FVP platform

Arm has decided to deprecate the TC0 platform. The development of
software and fast models for TC0 platform has been discontinued.
TC0 platform has been superseded by the TC1 and TC2 platforms,
which are already supported in TF-A and CI repositories.

Change-Id: I0269816a6ee733f732669027eae4e14cd60b6084
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "mp/ras_refactoring" into integration

* changes:
docs: document do_panic() and panic() helper functions
fix(ras): restrict RAS support for NS world

Merge changes from topic "mp/ras_refactoring" into integration

* changes:
fix(debug): decouple "get_el_str()" from backtrace
fix(bl31): harden check in delegate_async_ea

fix(versal-net): add default values for silicon

Add missing default value for silicon.

Signed-off-by: Michal Simek <michal.simek@amd.com>
Change-Id: Iac7d4db17a29a148298e9e3bd3eb3f74cafe7bc1

Merge changes from topic "rdn2cfg2_spi_support" into integration

* changes:
feat(rdn2): enable extended SPI support
feat(rdn2): add SPI ID ranges for RD-N2 multichip platform

fix(ras): restrict RAS support for NS world

Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To

fix(ras): restrict RAS support for NS world

Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To make the current design of RAS explicit, rename this macro
to HANDLE_EA_EL3_FIRST_NS and set EA bit in scr_el3 only when
switching to NS world.

Note: I am unaware of any platform which traps errors originating in
Secure world to EL3, if there is any such platform then it need to
be explicitly implemented in TF-A

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If58eb201d8fa792c16325c85c26056e9b409b750

show more ...

fix(debug): decouple "get_el_str()" from backtrace

get_el_str() was implemented under ENABLE_BACKTRACE macro but being
used at generic places too, this causes multiple definition of this
function.
R

fix(debug): decouple "get_el_str()" from backtrace

get_el_str() was implemented under ENABLE_BACKTRACE macro but being
used at generic places too, this causes multiple definition of this
function.
Remove duplicate definition of this function and move it out of
backtrace scope. Also, this patch fixes a small bug where in default
case S-EL1 is returned which ideally should be EL1, as there is no
notion of security state in EL string.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib186ea03b776e2478eff556065449ebd478c3538

show more ...