Merge changes from topic "rmm-lfa" into integration

* changes:
feat(rmmd): add RMM_RESERVE_MEMORY SMC handler
feat(rmmd): add per-CPU activation token

feat(rmmd): add RMM_RESERVE_MEMORY SMC handler

At the moment any memory required by an R-EL2 manager (RMM) needs to
be known at compile time: that sets the size of the .data and .bss
segments. Some

feat(rmmd): add RMM_RESERVE_MEMORY SMC handler

At the moment any memory required by an R-EL2 manager (RMM) needs to
be known at compile time: that sets the size of the .data and .bss
segments. Some resources depend on the particular machine this will be
running on, the prime example is TF-RMM's granule array, which needs to
know the maximum memory supported beforehand. Other data structures
might depend on the number of CPU cores.

To provide more flexibility, but keep the memory footprint as small as
possible, let's introduce some memory reservation SMC. Any RMM
implementation can ask EL3 for some memory, and would get the physical
address of a usable chunk of memory back. This must happen at RMM boot
time, so before the RMM concluded the boot phase with the
RMM_BOOT_COMPLETE SMC call. Also there is no provision to free memory
again, this would not be needed for the use case of sizing platform
resources, and avoids the complexity of a full-fledged memory allocator.

Add the new RMM_RESERVE_MEMORY command to the implementation defined
RMM-EL3 SMC interface, both in code and documentation. The actual memory
reservation is made a platform implementation, but a simple
implementation is provided, which is used for the FVP platform already:
it will just pick the next matching chunk of memory from the top end of
the RMM carveout. This way the memory reservation will grow down from
the end of the carveout, in a stack-like fashion, until it reaches the
end of the RMM payload, located at the beginning of the carveout. Since
secondary cores might also reserve memory at boot time, there is a
spinlock to protect the simple allocation algorithm.
Other platforms can choose to provide a more sophisticated reservation
algorithm, for instance one taking NUMA locality into account.

This patch just provides the call, at this point there is no obligation
to use the feature, although future TF-RMM versions would rely on it.

Change-Id: I096ac8870ee38f44e18850779fcae829a43a8fd1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge changes from topic "sm/rpkm" into integration

* changes:
docs(rmmd): document the EL3-RMM IDE KM Interface
feat(trp): test el3-rmm ide km interface
feat(rmmd): el3-rmm ide key management

Merge changes from topic "sm/rpkm" into integration

* changes:
docs(rmmd): document the EL3-RMM IDE KM Interface
feat(trp): test el3-rmm ide km interface
feat(rmmd): el3-rmm ide key management interface

show more ...

feat(rmmd): el3-rmm ide key management interface

Patch introduces the EL3-RMM SMC Interface for Root Port
Key management as per RFC discussed here:
https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM

feat(rmmd): el3-rmm ide key management interface

Patch introduces the EL3-RMM SMC Interface for Root Port
Key management as per RFC discussed here:
https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM-IDE-KM-Interface

Three IDE Key management smc calls have been added:
- RMM_IDE_KEY_PROG()
- RMM_IDE_KEY_SET_GO()
- RMM_IDE_KEY_SET_STOP()
- RMM_IDE_KM_PULL_RESPONSE()

Due to the absence of root port support in FVP, we are
currently adding placeholders in this patch for the platform
APIs to return success irrespective of the arguments being passed
by the caller(Realms). The SMCs are guarded by
`RMMD_ENABLE_IDE_KEY_PROG` build flag and is disabled by default.
We expect that once the SMCs are stabilized, this build flag will
not be required anymore.

Change-Id: I9411eb7787dac2a207bd14710d251503bd9626ce
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

Merge changes from topic "cpu_trp_rotpk_fixes" into integration

* changes:
fix(rotpk): move rotpk definitions out of arm_def.h
feat(cpu): add support for Poseidon V CPU
fix(cpu): correct varia

Merge changes from topic "cpu_trp_rotpk_fixes" into integration

* changes:
fix(rotpk): move rotpk definitions out of arm_def.h
feat(cpu): add support for Poseidon V CPU
fix(cpu): correct variant name for default Poseidon CPU
fix(rmmd): avoid TRP when external RMM is defined

show more ...

fix(rmmd): avoid TRP when external RMM is defined

The Test Realm Package (TRP) is a small payload that runs at R-EL2 if an
external RMM image path is not provided. Currently, the TRP makefile is
inc

fix(rmmd): avoid TRP when external RMM is defined

The Test Realm Package (TRP) is a small payload that runs at R-EL2 if an
external RMM image path is not provided. Currently, the TRP makefile is
included if RME is enabled, regardless of whether an external RMM
image path is defined or not. This fix ensures that TRP is included
only when an external RMM path is not defined.

Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: I3cc3d2a636e65071e45c5c82cc125290887ffc09

show more ...

Merge changes from topic "rme-attest" into integration

* changes:
feat(rme): add dummy realm attestation key to RMMD
feat(rme): add dummy platform token to RMMD

feat(rme): add dummy platform token to RMMD

Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC4000

feat(rme): add dummy platform token to RMMD

Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC40001B3).
* Platform token PA (the platform token is copied at this address by
the monitor). The challenge object needs to be passed by
the caller in this buffer.
* Platform token len.
* Challenge object len.

When calling the SMC, the platform token buffer received by EL3 contains
the challenge object. It is not used on the FVP and is only printed to
the log.

Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I8b2f1d54426c04e76d7a3baa6b0fbc40b0116348

show more ...

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME

show more ...

feat(rme): add ENABLE_RME build option and support for RMM image

The changes include:

- A new build option (ENABLE_RME) to enable FEAT_RME

- New image called RMM. RMM is R-EL2 firmware that manage

feat(rme): add ENABLE_RME build option and support for RMM image

The changes include:

- A new build option (ENABLE_RME) to enable FEAT_RME

- New image called RMM. RMM is R-EL2 firmware that manages Realms.
When building TF-A, a path to RMM image can be specified using
the "RMM" build flag. If RMM image is not provided, TRP is built
by default and used as RMM image.

- Support for RMM image in fiptool

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I017c23ef02e465a5198baafd665a60858ecd1b25

show more ...

feat(rme): add Test Realm Payload (TRP)

TRP is a small test payload that implements Realm Monitor
Management (RMM) functionalities. RMM runs in the Realm world
(R-EL2) and manages the execution of R

feat(rme): add Test Realm Payload (TRP)

TRP is a small test payload that implements Realm Monitor
Management (RMM) functionalities. RMM runs in the Realm world
(R-EL2) and manages the execution of Realm VMs and their
interaction with the hypervisor in Normal world.

TRP is used to test the interface between RMM and Normal world
software, known as Realm Management Interface (RMI). Current
functions includes returning RMM version and transitioning
granules from Non-secure to Realm world and vice versa.

More information about RMM can be found at:
https://developer.arm.com/documentation/den0125/latest

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ic7b9a1e1f3142ef6458d40150d0b4ba6bd723ea2

show more ...

feat(rme): add RMM dispatcher (RMMD)

This patch introduces the RMM dispatcher into BL31. This
will be the mechanism that will enable communication to
take place between the Realm and non-secure worl

feat(rme): add RMM dispatcher (RMMD)

This patch introduces the RMM dispatcher into BL31. This
will be the mechanism that will enable communication to
take place between the Realm and non-secure world. Currently
gives the capability for granules to be
transitioned from non-secure type to realm and vice versa.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I1fdc99a4bdd42bc14911aa0c6954b131de309511

show more ...