fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57

This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new

fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57

This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new SMCCC_ARCH_WORKAROUND_3 and enables necessary discovery
hooks for Coxtex-A72, Cortex-A57, Cortex-A73 and Cortex-A75 to
enable discovery of this SMC via SMC_FEATURES. SMCCC_ARCH_WORKAROUND_3
is implemented for A57/A72 because some revisions are affected by both
CVE-2022-23960 and CVE-2017-5715 and this allows callers to replace
SMCCC_ARCH_WORKAROUND_1 calls with SMCCC_ARCH_WORKAROUND_3. For details
of SMCCC_ARCH_WORKAROUND_3, please refer SMCCCv1.4 specification.

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifa6d9c7baa6764924638efe3c70468f98d60ed7c

show more ...

fix(layerscape): update WA for Errata A-050426

Update WA for Errata A-050426 as Commands for
PEX (PEX1..PEX6) , lnx1_e1000#0, lnx1_xfi and
lnx2_xfi has been moved to PBI phase.

This patch requires

fix(layerscape): update WA for Errata A-050426

Update WA for Errata A-050426 as Commands for
PEX (PEX1..PEX6) , lnx1_e1000#0, lnx1_xfi and
lnx2_xfi has been moved to PBI phase.

This patch requires RCW to include PBI commands
to write commands in BIST mode for PEX, lnx1_e1000,
lnx1_xfi and lnx2_xfi IP blocks.

Signed-off-by: Wasim Khan <wasim.khan@nxp.com>
Change-Id: I27c2b055c82c0b58df83449f9082bfbfdeb65115

show more ...

fix(fvp): disable reclaiming init code by default

In anticipation of Spectre BHB workaround mitigation patches, we
disable the RECLAIM_INIT_CODE for FVP platform. Since the spectre
BHB mitigation wo

fix(fvp): disable reclaiming init code by default

In anticipation of Spectre BHB workaround mitigation patches, we
disable the RECLAIM_INIT_CODE for FVP platform. Since the spectre
BHB mitigation workarounds inevitably increase the size of the various
segments due to additional instructions and/or macros, these segments
cannot be fit in the existing memory layout designated for BL31 image.
The issue is specifically seen in complex build configs for FVP
platform. One such config has TBB with Dual CoT and test secure
payload dispatcher(TSPD) enabled. Even a small increase in individual
segment size in order of few bytes might lead to build fails due to
alignment requirements(PAGE_ALIGN to 4KB).

This is needed to workaround the following build failures observed
across multiple build configs:

aarch64-none-elf-ld.bfd: BL31 init has exceeded progbits limit.

aarch64-none-elf-ld.bfd: /work/workspace/workspace/tf-worker_ws_2/trusted_firmware/build/fvp/debug/bl31/bl31.elf section coherent_ram will not fit in region RAM
aarch64-none-elf-ld.bfd: BL31 image has exceeded its limit.
aarch64-none-elf-ld.bfd: region RAM overflowed by 4096 bytes

Change-Id: Idfab539e9a40f4346ee11eea1e618c97e93e19a1
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge "fix(xilinx): fix coding style violations" into integration

refactor(st): update set_config_info function call

Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secu

refactor(st): update set_config_info function call

Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.

Change-Id: Ieeaf9c97085128d7b7339d34495bdd58cd9fcf8a
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

refactor(fvp_r): update set_config_info function call

Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into s

refactor(fvp_r): update set_config_info function call

Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.

Change-Id: I64e8531e0ad5cda63f14d838efb9da9cf20beea8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

refactor(arm): update set_config_info function call

Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into sec

refactor(arm): update set_config_info function call

Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.

Change-Id: Ia33adfa9e7b0392f62056053a2df7db321a74e22
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "feat(mt8186): add DFD control in SiP service" into integration

Merge "fix(a3k): change fatal error to warning when CM3 reset is not implemented" into integration

fix(a3k): change fatal error to warning when CM3 reset is not implemented

This allows TF-A's a3700_system_reset() function to try Warm reset
method when CM3 reset method is not implemented by WTMI f

fix(a3k): change fatal error to warning when CM3 reset is not implemented

This allows TF-A's a3700_system_reset() function to try Warm reset
method when CM3 reset method is not implemented by WTMI firmware.

Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I7303197373e1a8ca5a44ba0b1e90b48855d6c0c3

show more ...

Merge changes from topic "revert-14286-uart_segregation-VURJFOWMTM" into integration

* changes:
Revert "feat(sgi): deviate from arm css common uart related defi..."
Revert "feat(sgi): route TF-A

Merge changes from topic "revert-14286-uart_segregation-VURJFOWMTM" into integration

* changes:
Revert "feat(sgi): deviate from arm css common uart related defi..."
Revert "feat(sgi): route TF-A logs via secure uart"
Revert "feat(sgi): add page table translation entry for secure uart"

show more ...

Revert "feat(sgi): deviate from arm css common uart related defi..."

Revert submission 14286-uart_segregation

Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstre

Revert "feat(sgi): deviate from arm css common uart related defi..."

Revert submission 14286-uart_segregation

Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.

Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...

Change-Id: I28a370dd8b3a37087da621460eccc1acd7a30287

show more ...

Revert "feat(sgi): route TF-A logs via secure uart"

Revert submission 14286-uart_segregation

Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.

Reverted C

Revert "feat(sgi): route TF-A logs via secure uart"

Revert submission 14286-uart_segregation

Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.

Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...

Change-Id: I7c488aed9fcb70c55686d705431b3fe017b8927d

show more ...

Revert "feat(sgi): add page table translation entry for secure uart"

Revert submission 14286-uart_segregation

Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstre

Revert "feat(sgi): add page table translation entry for secure uart"

Revert submission 14286-uart_segregation

Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.

Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...

Change-Id: I9bec02496f826e184c6efa643f869b2eb3b52539

show more ...

Merge "fix(st): don't try to read boot partition on SD cards" into integration

feat(mt8186): add DFD control in SiP service

DFD (Design for Debug) is a debugging tool, which scans flip-flops and
dumps to internal RAM on the WDT reset. After system reboots, those
values could b

feat(mt8186): add DFD control in SiP service

DFD (Design for Debug) is a debugging tool, which scans flip-flops and
dumps to internal RAM on the WDT reset. After system reboots, those
values could be showed for debugging.

BUG=b:222217317
TEST=build pass

Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Change-Id: I659ea1e0789cf135a71a13b752edaa35123e0941

show more ...

fix(st): don't try to read boot partition on SD cards

When trying to boot from an SD card with STM32MP_EMMC_BOOT enabled,
booting fails with:

ERROR: Got unexpected value for active boot partitio

fix(st): don't try to read boot partition on SD cards

When trying to boot from an SD card with STM32MP_EMMC_BOOT enabled,
booting fails with:

ERROR: Got unexpected value for active boot partition, 0
ASSERT: plat/st/common/bl2_stm32_io_storage.c:285

because SD cards don't provide a boot partition. So only try reading
from such a partition when booting from eMMC.

Fixes: 214c8a8d08b2 ("feat(plat/st): add STM32MP_EMMC_BOOT option")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Change-Id: I354b737a3ae3ea577e83dfeb7096df22275d852d

show more ...

Merge "fix(brcm): allow build to specify mbedTLS absolute path" into integration

Merge "fix(fvp): op-tee sp manifest doesn't map gicd" into integration

Merge "fix(fvp): FCONF Trace Not Shown" into integration

Merge changes from topic "uart_segregation" into integration

* changes:
feat(sgi): add page table translation entry for secure uart
feat(sgi): route TF-A logs via secure uart
feat(sgi): deviat

Merge changes from topic "uart_segregation" into integration

* changes:
feat(sgi): add page table translation entry for secure uart
feat(sgi): route TF-A logs via secure uart
feat(sgi): deviate from arm css common uart related definitions

show more ...

fix(brcm): allow build to specify mbedTLS absolute path

Updated makefile so that build can accept absolute mbedTLS path.

Change-Id: Ife73266a01d7ed938aafc5e370240023237ebf61
Signed-off-by: Manish V

fix(brcm): allow build to specify mbedTLS absolute path

Updated makefile so that build can accept absolute mbedTLS path.

Change-Id: Ife73266a01d7ed938aafc5e370240023237ebf61
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(fvp): FCONF Trace Not Shown

Updating call order for arm_console_boot_init() and arm_bl31_early_platform_setup().

Signed-off-by:  Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: If932fff2

fix(fvp): FCONF Trace Not Shown

Updating call order for arm_console_boot_init() and arm_bl31_early_platform_setup().

Signed-off-by:  Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: If932fff2ee4282a0aacf8751fa81e7665b886467

show more ...

Merge "fix(brcm): fix the build failure with mbedTLS config" into integration

fix(brcm): fix the build failure with mbedTLS config

Patch [1] introduces a mechanism to provide the platform
specified mbedTLS config file, but that result in build failure
for Broadcom platform.
T

fix(brcm): fix the build failure with mbedTLS config

Patch [1] introduces a mechanism to provide the platform
specified mbedTLS config file, but that result in build failure
for Broadcom platform.
This build failure is due to the absence of the mbedTLS configuration
file i.e. brcm_mbedtls_config.h in the TF-A source code repository.
"fatal error: brcm_mbedtls_config.h: No such file or directory"

This problem was resolved by removing the 'brcm_mbedtls_config.h' entry
from the broadcom platform makefile, allowing this platform to use
the default mbedtls_config.h file.

[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13726

Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I7cc2efc049aefd3ebce1ae513df9b265fe31ded6

show more ...