feat(spm): add tpm event log node to spmc manifest

Add the TPM event log node to the SPMC manifest such that the TF-A
measured boot infrastructure fills the properties with event log address
for com

feat(spm): add tpm event log node to spmc manifest

Add the TPM event log node to the SPMC manifest such that the TF-A
measured boot infrastructure fills the properties with event log address
for components measured by BL2 at boot time.
For a SPMC there is a particular interest with SP measurements.
In the particular case of Hafnium SPMC, the tpm event log node is not
yet consumed, but the intent is later to pass this information to an
attestation SP.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ic30b553d979532c5dad9ed6d419367595be5485e

show more ...

feat(sgi): add page table translation entry for secure uart

Add page table translation entry for secure uart so that logs from
secure partition can be routed via the same.

Signed-off-by: Rohit Math

feat(sgi): add page table translation entry for secure uart

Add page table translation entry for secure uart so that logs from
secure partition can be routed via the same.

Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I3416d114bcee13824a7d0861ee54fb799e154897

show more ...

feat(sgi): route TF-A logs via secure uart

Route the boot, runtime and crash stage logs via secure UART port
instead of the existing use of non-secure UART. This aligns with the
security state the P

feat(sgi): route TF-A logs via secure uart

Route the boot, runtime and crash stage logs via secure UART port
instead of the existing use of non-secure UART. This aligns with the
security state the PE is in when logs are put out. In addition to this,
this allows consolidation of the UART related macros across all the
variants of the Neoverse reference design platforms.

Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I417f5d16457b602c94da4c74b4d88bba03da7462

show more ...

feat(sgi): deviate from arm css common uart related definitions

The Neoverse reference design platforms will migrate to use different
set of secure and non-secure UART ports. This implies that the b

feat(sgi): deviate from arm css common uart related definitions

The Neoverse reference design platforms will migrate to use different
set of secure and non-secure UART ports. This implies that the board
specific macros defined in the common Arm platform code will no longer
be usable for Neoverse reference design platforms.

In preparation for migrating to a different set of UART ports, add a
Neoverse reference design platform specific copy of the board
definitions. The value of these definitions will be changed in
subsequent patches.

Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I1ab17a3f02c8180b63be24e9266f7129beee819f

show more ...

refactor(imx): update config of mbedtls support

Pull in MbedTLS support for sha512 when greater than sha256 is required
based on refactoring for hash algorithm selection for Measured Boot.

Signed-o

refactor(imx): update config of mbedtls support

Pull in MbedTLS support for sha512 when greater than sha256 is required
based on refactoring for hash algorithm selection for Measured Boot.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I489392133435436a16edced1d810bc5204ba608f

show more ...

refactor(qemu): update configuring mbedtls support

Pull in MbedTLS support for sha512 when greater than sha256 is required
based on refactoring for hash algorithm selection for Measured Boot.

Signe

refactor(qemu): update configuring mbedtls support

Pull in MbedTLS support for sha512 when greater than sha256 is required
based on refactoring for hash algorithm selection for Measured Boot.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ib0ca5ecdee7906b41a0e1060339d43ce7a018d31

show more ...

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algori

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:

- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.

- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.

- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I4ddf06ebdc3835beb4d1b6c7bab5a257ffc5c71a

show more ...

fix(zynqmp): move bl31 with DEBUG=1 back to OCM

By default placing bl31 to addrexx 0x1000 is not good. Because this
location is used by U-Boot SPL. That's why move TF-A back to OCM where it
should b

fix(zynqmp): move bl31 with DEBUG=1 back to OCM

By default placing bl31 to addrexx 0x1000 is not good. Because this
location is used by U-Boot SPL. That's why move TF-A back to OCM where it
should be placed. BL31_BASE address exactly matches which requested address
for U-BOOT SPL boot flow.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I608c1b88baffec538c6ae528f057820e34971c4c

show more ...

feat(arm): retrieve the right ROTPK for cca

The cca chain of trust involves 3 root-of-trust public keys:
- The CCA components ROTPK.
- The platform owner ROTPK (PROTPK).
- The secure world ROTPK (SW

feat(arm): retrieve the right ROTPK for cca

The cca chain of trust involves 3 root-of-trust public keys:
- The CCA components ROTPK.
- The platform owner ROTPK (PROTPK).
- The secure world ROTPK (SWD_ROTPK).

Use the cookie argument as a key ID for plat_get_rotpk_info() to return
the appropriate one.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ieaae5b0bc4384dd12d0b616596596b031179044a

show more ...

feat(arm): add support for cca CoT

- Use the development PROTPK and SWD_ROTPK if using cca CoT.

- Define a cca CoT build flag for the platform code to provide
different implementations where needed

feat(arm): add support for cca CoT

- Use the development PROTPK and SWD_ROTPK if using cca CoT.

- Define a cca CoT build flag for the platform code to provide
different implementations where needed.

- When ENABLE_RME=1, CCA CoT is selected by default on Arm
platforms if no specific CoT is specified by the user.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I70ae6382334a58d3c726b89c7961663eb8571a64

show more ...

feat(arm): provide some swd rotpk files

When using the new cca chain of trust, a new root of trust key is needed
to authenticate the images belonging to the secure world. Provide a
development one t

feat(arm): provide some swd rotpk files

When using the new cca chain of trust, a new root of trust key is needed
to authenticate the images belonging to the secure world. Provide a
development one to deploy this on Arm platforms.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I9ea7bc1c15c0c94c1021d879a839cef40ba397e3

show more ...

refactor(arm): add cca CoT certificates to fconf

Adding support in fconf for the cca CoT certificates for cca, core_swd,
and plat key.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

refactor(arm): add cca CoT certificates to fconf

Adding support in fconf for the cca CoT certificates for cca, core_swd,
and plat key.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I8019cbcb7ccd4de6da624aebf3611b429fb53f96

show more ...

refactor(fvp): increase bl2 size when bl31 in DRAM

Increase the space for BL2 by 0xC000 to accommodate the increase in size
of BL2 when ARM_BL31_IN_DRAM is set.

Signed-off-by: Lauren Wehrmeister <l

refactor(fvp): increase bl2 size when bl31 in DRAM

Increase the space for BL2 by 0xC000 to accommodate the increase in size
of BL2 when ARM_BL31_IN_DRAM is set.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ifc99da51f2de3c152bbed1c8269dcc8b9100797a

show more ...

Merge "feat(zynqmp): add support for xck24 silicon" into integration

Merge changes from topic "stm32mp-emmc-boot-fip" into integration

* changes:
feat(stm32mp1): extend STM32MP_EMMC_BOOT support to FIP format
refactor(mmc): replace magic value with new PART_CFG_B

Merge changes from topic "stm32mp-emmc-boot-fip" into integration

* changes:
feat(stm32mp1): extend STM32MP_EMMC_BOOT support to FIP format
refactor(mmc): replace magic value with new PART_CFG_BOOT_PARTITION_NO_ACCESS
refactor(mmc): export user/boot partition switch functions

show more ...

feat(st): search pinctrl node by compatible

Instead of searching pinctrl node with its name, search with its
compatible. This will be necessary before pin-controller name changes
to pinctrl due to k

feat(st): search pinctrl node by compatible

Instead of searching pinctrl node with its name, search with its
compatible. This will be necessary before pin-controller name changes
to pinctrl due to kernel yaml changes.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I00590414fa65e193c6a72941a372bcecac673f60

show more ...

feat(zynqmp): add support for xck24 silicon

Add support for new xck24 device.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilin

feat(zynqmp): add support for xck24 silicon

Add support for new xck24 device.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I913a34d5a48ea665aaa4348f573fc59566dd5a9b

show more ...

Merge "feat(imx8mq): add 100us delay after USB OTG SRC bit 0 clear" into integration

Merge "fix(imx8mq): correct architected counter frequency" into integration

fix(zynqmp): resolve the misra 8.6 warnings

MISRA Violation: MISRA-C:2012 R.8.6
- Function is declared but never defined.

Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Cha

fix(zynqmp): resolve the misra 8.6 warnings

MISRA Violation: MISRA-C:2012 R.8.6
- Function is declared but never defined.

Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I0df53ef4b2c91fa8ec3bf3e5491bf37dd7400685

show more ...

fix(zynqmp): resolve the misra 4.6 warnings

MISRA Violation: MISRA-C:2012 R.4.6
- Using basic numerical type int rather than a typedef
that includes size and signedness information.

Signed-off-by:

fix(zynqmp): resolve the misra 4.6 warnings

MISRA Violation: MISRA-C:2012 R.4.6
- Using basic numerical type int rather than a typedef
that includes size and signedness information.

Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I9fb686e7aa2b85af6dfcb7bb5f87eddf469fb85c

show more ...

Merge "fix(plat/zynqmp): fix coverity scan warnings" into integration

feat(stm32mp1): extend STM32MP_EMMC_BOOT support to FIP format

STM32MP_EMMC_BOOT allowed placing SSBL into the eMMC boot
partition along with FSBL. This allows atomic update of both
FSBL and SSBL at

feat(stm32mp1): extend STM32MP_EMMC_BOOT support to FIP format

STM32MP_EMMC_BOOT allowed placing SSBL into the eMMC boot
partition along with FSBL. This allows atomic update of both
FSBL and SSBL at the same time. Previously, this was only
possible for the FSBL, as the eMMC layout expected by TF-A
had a single SSBL GPT partition in the eMMC user area.
TEE binaries remained in dedicated GPT partitions whether
STM32MP_EMMC_BOOT was on or off.

The new FIP format collects SSBL and TEE partitions into
a single binary placed into a GPT partition.
Extend STM32MP_EMMC_BOOT, so eMMC-booted TF-A first uses
a FIP image placed at offset 256K into the active eMMC boot
partition. If no FIP magic is detected at that offset or if
STM32MP_EMMC_BOOT is disabled, the GPT on the eMMC user area
will be consulted as before.

This allows power fail-safe update of all firmware using the
built-in eMMC boot selector mechanism, provided it fits into
the boot partition - SZ_256K. SZ_256K was chosen because it's
the same offset used with the legacy format and because it's
the size of the on-chip SRAM, where the STM32MP15x BootROM
loads TF-A into. As such, TF-A may not exceed this size limit
for existing SoCs.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: Id7bec45652b3a289ca632d38d4b51316c5efdf8d

show more ...

fix(measured-boot): add SP entries to event_log_metadata

Add SP entries to event_log_metadata if SPD_spmd is enabled. Otherwise
the platform cannot boot with measured boot enabled.

Signed-off-by: I

fix(measured-boot): add SP entries to event_log_metadata

Add SP entries to event_log_metadata if SPD_spmd is enabled. Otherwise
the platform cannot boot with measured boot enabled.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I525eb50e7bb60796b63a8c7f81962983017bbf87

show more ...

fix(versal): resolve misra 15.6 warnings

MISRA Violation: MISRA-C:2012 R.15.6
- The body of an iteration-statement or a selection-statement shall be
a compound statement.

Signed-off-by: Venkatesh Y

fix(versal): resolve misra 15.6 warnings

MISRA Violation: MISRA-C:2012 R.15.6
- The body of an iteration-statement or a selection-statement shall be
a compound statement.

Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Ia1d6fcabd36d18ff2dab6c22579ffafd5211fc1f

show more ...