feat(rpi3): add dTPM backed measured boot

In BL1 and BL2 add support for the use of an Infineon Optiga SLB 9670
TPM2.0.
The platform utilizes the gpio_spi.c driver to bit-bang gpio pins in
order to

feat(rpi3): add dTPM backed measured boot

In BL1 and BL2 add support for the use of an Infineon Optiga SLB 9670
TPM2.0.
The platform utilizes the gpio_spi.c driver to bit-bang gpio pins in
order to send commands and receive responses to/from the TPM.
In BL1 & BL2:
-utilize TPM commands to initialize the gpio pins for "spi"
communication, and extend image hashes to the TPM's PCR 0,
at the end of the measured boot phase for the bootloader,
the TPM locality is released.
-Bl1 executes a tpm_startup command in order to flush the TPM.

Change-Id: I2f2fa28f60a262a0aa25a674c72a9904b3cf4d8a
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

feat(rpi3): implement eventlog handoff to BL33

At the end of BL2 measured boot, write the address
and size of the TCG Event Log to NT_FW_CONFIG so
that the log can be consumed later by BL33.
-add dy

feat(rpi3): implement eventlog handoff to BL33

At the end of BL2 measured boot, write the address
and size of the TCG Event Log to NT_FW_CONFIG so
that the log can be consumed later by BL33.
-add dynamic configuration helpers for the fdt
-write the eventlog address and size to the fdt

Change-Id: I099dd9cc96d740ae13cb8b8e8c6b9f2e6c02accc
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

feat(rpi3): implement mboot for rpi3

Add Measured Boot support using the Event Log backend for the rpi3
platform.
-Implement measured boot infrastructure in BL1 & BL2, including
the init, measure i

feat(rpi3): implement mboot for rpi3

Add Measured Boot support using the Event Log backend for the rpi3
platform.
-Implement measured boot infrastructure in BL1 & BL2, including
the init, measure image, and finish phases.
-Pass the eventlog addr and size from BL1 to BL2 using the
image entry point args.
-dump the eventlog after measuring BL2, and after all images are
measured in BL2.

Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: I7c040c4a2d001a933fefb0b16f0fdf2a43a11be9

show more ...

fix(versal2): rename console build arg to generic

Rename VERSAL2_CONSOLE build argument to CONSOLE to
keep it aligned with generic build arguments.

Change-Id: I0f4967aa262f0300d8f76f6638030a1839901

fix(versal2): rename console build arg to generic

Rename VERSAL2_CONSOLE build argument to CONSOLE to
keep it aligned with generic build arguments.

Change-Id: I0f4967aa262f0300d8f76f6638030a1839901234
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>

show more ...

fix(arm): reinit secure and non-secure tls

Initializing the transfer list using `transfer_list_ensure` allows reuse
of an already initialized transfer list. While this is beneficial when
receiving a

fix(arm): reinit secure and non-secure tls

Initializing the transfer list using `transfer_list_ensure` allows reuse
of an already initialized transfer list. While this is beneficial when
receiving a transfer list and ensuring one exists, it causes issues
during a system RESET if the old content of SRAM is not cleared.

To prevent this, at least one step in the reset path must zero intialise
the transfer list memory. Unless a previous stage explicitly provides a
transfer list via boot arguments, a fresh transfer list should be
created.

This change ensures that BL1 and BL31 properly reinitialize the transfer
lists, preserving correctness for secure and non-secure handoffs in
TF-A.

Change-Id: I3bfaa9e76df932a637031d645e4a22d857a094a5
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat(intel): support FCS commands with SiPSVC V3 framework

Support all the FCS(FPGA Crypto Service) commands with
SiPSVC verson3 framework.

Change-Id: I1dfb95aaddf7111325ce0082eb26f7a201001141
Sign

feat(intel): support FCS commands with SiPSVC V3 framework

Support all the FCS(FPGA Crypto Service) commands with
SiPSVC verson3 framework.

Change-Id: I1dfb95aaddf7111325ce0082eb26f7a201001141
Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@altera.com>

show more ...

feat(intel): implementation of SiPSVC-V3 protocol framework

- Develop SiPSVC-V3 framework to support async/yielding SMC calls.
- Add support for multi clients with multiple jobs running together.
-

feat(intel): implementation of SiPSVC-V3 protocol framework

- Develop SiPSVC-V3 framework to support async/yielding SMC calls.
- Add support for multi clients with multiple jobs running together.
- Add support for SDM doorbell interrupt handling.
- Keep the framework backward compatible with V1 clients.
- Enable the framework on all the platform Agilex7, Agilex5, N5X,
and Stratix10.

Change-Id: I9eb61c48be89867b4227e084493bfcf67cbe7924
Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@altera.com>

show more ...

Merge "feat(intel): provide atf build version via smc call" into integration

Merge "fix(intel): this patch is used to solve DDR and VAB" into integration

Merge "feat(rmmd): add FEAT_MEC support" into integration

Merge "fix(xilinx): avoid unexpected variable update" into integration

feat(rmmd): add FEAT_MEC support

This patch provides architectural support for further use of
Memory Encryption Contexts (MEC) by declaring the necessary
registers, bits, masks, helpers and values a

feat(rmmd): add FEAT_MEC support

This patch provides architectural support for further use of
Memory Encryption Contexts (MEC) by declaring the necessary
registers, bits, masks, helpers and values and modifying the
necessary registers to enable FEAT_MEC.

Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I670dbfcef46e131dcbf3a0b927467ebf6f438fa4

show more ...

Merge "build(poetry): install dependencies with `--no-root`" into integration

build(poetry): install dependencies with `--no-root`

More recent versions of Poetry introduced the `package-mode` key to
configure whether the project should be used for dependency management
only,

build(poetry): install dependencies with `--no-root`

More recent versions of Poetry introduced the `package-mode` key to
configure whether the project should be used for dependency management
only, but this is incompatible with the earlier versions of Poetry that
we still support.

Instead, we rely on installing with the `--no-root` flag, which behaves
similarly. Installing without passing the `--no-root` flag is
deprecated, and in recent versions of Poetry has become a hard error.

This change ensures that the build system always installs dependencies
with the required flag.

Change-Id: Ic1543511314dcd20c00b73fd9e8cfae3dd034a41
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

fix(intel): this patch is used to solve DDR and VAB

The patch provide solutions for:
1. Enable BL31 console logs during run-time.
2. Update VAB initialization.
3. Update DDR size accordin to Linux D

fix(intel): this patch is used to solve DDR and VAB

The patch provide solutions for:
1. Enable BL31 console logs during run-time.
2. Update VAB initialization.
3. Update DDR size accordin to Linux DTS configuration.
4. Solve VAB CCERT address issue.

Change-Id: I41eb0fab747de5010d369e845c33a45decb41e21
Signed-off-by: Jit Loon Lim <jit.loon.lim@altera.com>

show more ...

feat(intel): provide atf build version via smc call

This patch provides ATF build version via SMC call
on Agilex7, Agilex5, Stratix10 and N5X platforms.

Change-Id: I61af83433fe61f85987f38ffc86380a4

feat(intel): provide atf build version via smc call

This patch provides ATF build version via SMC call
on Agilex7, Agilex5, Stratix10 and N5X platforms.

Change-Id: I61af83433fe61f85987f38ffc86380a41cdb5289
Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@altera.com>

show more ...

fix(platforms): modify function to have single return

This corrects the MISRA violation C2012-15.5:
A function should have a single point of exit at the end.
Introduced a temporary variable to store

fix(platforms): modify function to have single return

This corrects the MISRA violation C2012-15.5:
A function should have a single point of exit at the end.
Introduced a temporary variable to store the return value to
ensure single return for the function.

Change-Id: I9c2ca05b506a6ac35b24966fc5fdd5e88e65770d
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>

show more ...

fix(platforms): add missing curly braces

This corrects the MISRA violation C2012-15.6:
The body of an iteration-statement or a selection-statement shall
be a compound-statement.
Enclosed statement b

fix(platforms): add missing curly braces

This corrects the MISRA violation C2012-15.6:
The body of an iteration-statement or a selection-statement shall
be a compound-statement.
Enclosed statement body within the curly braces.

Change-Id: I1327a206782ccd341c0c7eaa3f26078150458ed0
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>

show more ...

fix(xilinx): avoid unexpected variable update

The commit 50ab13577fd5 ("fix(xilinx): typecast expression to match
data type") introduced a change where the isenabler1 variable is
modified within the

fix(xilinx): avoid unexpected variable update

The commit 50ab13577fd5 ("fix(xilinx): typecast expression to match
data type") introduced a change where the isenabler1 variable is
modified within the loop iterating over GICD_ISENABLER registers.
Instead of computing the offset from the base address for each
register, the offset is accumulated incorrectly, leading to an
incorrect register read.

As a result, some GIC enablers, including the RTC device were missed,
so pm_set_wakeup_source was not called for them and the
suspend-resume use case was failed because of that.

Fix the logic to ensure the correct offset calculation for each
iteration, preserving the intended behavior.

Fixes: 50ab13577fd5 fix(xilinx): typecast expression to match data type
Change-Id: Iec5bafcbde21078545a37259b2cf0353585ef1fa
Signed-off-by: Madhav Bhatt <madhav.bhatt@amd.com>
Signed-off-by: Ronak Jain <ronak.jain@amd.com>

show more ...

Merge "feat(spm_mm): move mm_communication header define to general header" into integration

fix(imx8mp): apply ERRATA_A53_1530924 erratum

Apply erratum ERRATA_A53_1530924.

Change-Id: I971bb75bd0bda05f823599919a6936b61a2509ca
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>

feat(fvp): increase cactus-tertiary size

Increase the size of cactus-tertiary partition to match update in
manifest. Part of effort to use cactus-tertiary partition in StMM/HOB
testing.

Dependent o

feat(fvp): increase cactus-tertiary size

Increase the size of cactus-tertiary partition to match update in
manifest. Part of effort to use cactus-tertiary partition in StMM/HOB
testing.

Dependent on
https://review.trustedfirmware.org/c/TF-A/tf-a-tests/+/35383

Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I5b91400848e2cf5d04d1c7442874a7a4b9847399

show more ...

Merge changes I0396b597,I326f920f,I0437eec8,Ieadf01fc,I4e1d8c24, ... into integration

* changes:
feat(fvp): set defaults for build commandline
docs(arm): enable Linux boot from fip as BL33
fea

Merge changes I0396b597,I326f920f,I0437eec8,Ieadf01fc,I4e1d8c24, ... into integration

* changes:
feat(fvp): set defaults for build commandline
docs(arm): enable Linux boot from fip as BL33
feat(arm): enable Linux boot from fip as BL33
docs(fvp): update fvp build time options
docs(arm): add initrd props to dtb at build time
feat(arm): add initrd props to dtb at build time

show more ...

feat(zynqmp): add pin group for lower qspi interface

ZynqMP provides two QSPI interfaces on MIO[0..12],
but the existing pin group definitions only allow
all or none of the pins to be configured for

feat(zynqmp): add pin group for lower qspi interface

ZynqMP provides two QSPI interfaces on MIO[0..12],
but the existing pin group definitions only allow
all or none of the pins to be configured for QSPI.

This is an issue on platforms that use only the lower
QSPI interface and require the remaining pins to be
configured for other purposes such as general I/O.

Add pin groups to support QSPI on MIO[0..4] with SS
(slave select) on MIO5, freeing up MIO[7..12] for
other uses.

The new pin groups can be accessed from Linux as
'qspi0_1_grp' and 'qspi_ss_1_grp'.

Change-Id: Ibdb3f13d4ba9194a3be8ce5e63478d9066d087ac
Signed-off-by: Carsten Hansen <Carsten.Hansen@bksv.com>
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>

show more ...

feat(fvp): set defaults for build commandline

When using ARM_LINUX_KERNEL_AS_BL33, set defaults for the below for
increased build time efficiency:

PRELOADED_BL33_BASE=0x80080000
This address suppor

feat(fvp): set defaults for build commandline

When using ARM_LINUX_KERNEL_AS_BL33, set defaults for the below for
increased build time efficiency:

PRELOADED_BL33_BASE=0x80080000
This address supports older kernels before v5.7

ARM_PRELOADED_DTB_BASE=0x87F00000 (only in RESET_TO_BL31)
1MiB before the address 0x88000000 in FVP. 1MiB seems enough for the
device tree blob (DTB).

Change-Id: I0396b597485e163b43f7c6677c04fcc08db55aa8
Signed-off-by: Salman Nabi <salman.nabi@arm.com>

show more ...