fix(drtm): measure and record the DLME EP offset instead of absolute address

Update the DLME measurement logic to record only the DLME image
entry point offset (`dlme_img_ep_off`) rather than the fu

fix(drtm): measure and record the DLME EP offset instead of absolute address

Update the DLME measurement logic to record only the DLME image
entry point offset (`dlme_img_ep_off`) rather than the fully resolved
physical address. This aligns with the DRTM specification v1.1.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I3093282a1cb0fef0aafa48aeec34770f574fa34a

show more ...

fix(drtm): correct PROTECT_MEM_REGION value as per DRTM specification

The value of `PROTECT_MEM_REGION` was incorrectly set to 2. This patch
updates it to 1, which aligns with the DRTM specification

fix(drtm): correct PROTECT_MEM_REGION value as per DRTM specification

The value of `PROTECT_MEM_REGION` was incorrectly set to 2. This patch
updates it to 1, which aligns with the DRTM specification v1.1 for
DMA protection modes.

Note: Although the DRTM implementation does not currently handle
`PROTECT_MEM_REGION`, this fix ensures future compatibility and avoids
misleading definitions.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I6811be8241aa4c0801352e2b9bd4872dc475ca78

show more ...

fix(drtm): add event name data for separator event entries

Update the DRTM measurement logging to include `drtm_event_arm_sep_data`
as the event name for separator events recorded in PCR-17 and PCR-

fix(drtm): add event name data for separator event entries

Update the DRTM measurement logging to include `drtm_event_arm_sep_data`
as the event name for separator events recorded in PCR-17 and PCR-18.

Previously, the event name parameter was set to `NULL`, resulting in
incomplete event records. This fix ensures that separator events are
correctly labeled in the event log with meaningful context and it
aligns with DRTM specification v1.1.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2803d0f2e113352116d7894c2a89dfc48ed0fd85

show more ...

feat(smcc): introduce a new vendor_el3 service for ACS SMC handler

In preparation to add support for the Architecture Compliance Suite
SMC services, reserve a SMC ID and introduce a handler function

feat(smcc): introduce a new vendor_el3 service for ACS SMC handler

In preparation to add support for the Architecture Compliance Suite
SMC services, reserve a SMC ID and introduce a handler function.
Currently, an empty placeholder function is added and future support
will be introduced for the handler support.

More info on System ACS, please refer below link,
https://developer.arm.com/Architectures/Architectural%20Compliance%20Suite

Signed-off-by: Nandan J <Nandan.J@arm.com>
Change-Id: Ib13ccae9d3829e3dcd1cd33c4a7f27efe1436d03

show more ...

feat(lib): add a generic EXTRACT macro

The EXTRACT macro is useful to extract a named field from a numeric
value, usually a register. It is functionally identical to the `ubfx`
instruction and uses

feat(lib): add a generic EXTRACT macro

The EXTRACT macro is useful to extract a named field from a numeric
value, usually a register. It is functionally identical to the `ubfx`
instruction and uses the same #defines (REG_FIELD_SHIFT and
REG_FIELD_WIDTH).

This is the same macro that we use in tftf. It works well there and is
quite useful for manipulating register fields concisely.

This macro replaces the EXTRACT_FIELD macro. Their function is
identical, however, EXTRACT allows for easier interoperation with the
`ubfx` instruction, makes code more similar to tftf, and is more
concise.

Change-Id: Ic454a87af5e5fac108c7b7cb6b6804ec65a8d0e8
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "ar/cve_wa_refactor" into integration

* changes:
refactor(cpus): optimize CVE checking
refactor(cpus): move errata check to common code
refactor(cpus): drop unused arg

Merge changes from topic "ar/cve_wa_refactor" into integration

* changes:
refactor(cpus): optimize CVE checking
refactor(cpus): move errata check to common code
refactor(cpus): drop unused argument forward_flag

show more ...

Merge "fix(sdei): return SDEI_EINVAL if signaling state is incorrect" into integration

refactor(cpus): optimize CVE checking

This patch replaces the use of EXTRA functions
with using erratum entries check
to verify CVE mitigation application for some of
the SMCCC_ARCH_WORKAROUND_* cal

refactor(cpus): optimize CVE checking

This patch replaces the use of EXTRA functions
with using erratum entries check
to verify CVE mitigation application for some of
the SMCCC_ARCH_WORKAROUND_* calls.

Previously, EXTRA functions were individually implemented for
each SMCCC_ARCH_WORKAROUND_*, an approach that becomes unmanageable
with the increasing number of workarounds.
By looking up erratum entries for CVE check, the process is streamlined,
reducing overhead associated with creating and
maintaining EXTRA functions for each new workaround.

New Errata entries are created for SMC workarounds and
that is used to target cpus that are uniquely impacted
by SMC workarounds.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I873534e367a35c99461d0a616ff7bf856a0000af

show more ...

refactor(cpus): move errata check to common code

This patch centralizes some of the Errata ABI code
that could be used for checking if an Errata has been applied
to cpu library since the function is

refactor(cpus): move errata check to common code

This patch centralizes some of the Errata ABI code
that could be used for checking if an Errata has been applied
to cpu library since the function is mostly generic.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I2c6d4468f7125d4d99ccdebc5ea8f9e4390360cc

show more ...

refactor(cpus): drop unused argument forward_flag

This patch removes the unused argument forward_flag
from verify_errata_implemented function.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@a

refactor(cpus): drop unused argument forward_flag

This patch removes the unused argument forward_flag
from verify_errata_implemented function.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ib1fcbe081e94657e21d983e0db59ceec9993b696

show more ...

fix(sdei): return SDEI_EINVAL if signaling state is incorrect

In case a step is omitted when an SDEI event is registered,
enabled, unmasked and then signaled, incorrect code paths
may be reached.

T

fix(sdei): return SDEI_EINVAL if signaling state is incorrect

In case a step is omitted when an SDEI event is registered,
enabled, unmasked and then signaled, incorrect code paths
may be reached.

This patch adds additional checks to return early from such
an incorrect state.

Change-Id: Ia2753e9a1b95544e1afa72603574fe830f51ea9f
Signed-off-by: Igor Podgainõi <igor.podgainoi@arm.com>
Signed-off-by: Mark Dykes <mark.dykes@arm.com>

show more ...

Merge "fix(el3-spmc): fix FF-A v1.2 version check" into integration

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(measured-boot): refine event log lib docs
refactor(fvp): explicitly handle event log errors
feat(measured-boot): make e

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(measured-boot): refine event log lib docs
refactor(fvp): explicitly handle event log errors
feat(measured-boot): make event log lib standalone

show more ...

Merge changes from topic "sm/rpkm" into integration

* changes:
docs(rmmd): document the EL3-RMM IDE KM Interface
feat(trp): test el3-rmm ide km interface
feat(rmmd): el3-rmm ide key management

Merge changes from topic "sm/rpkm" into integration

* changes:
docs(rmmd): document the EL3-RMM IDE KM Interface
feat(trp): test el3-rmm ide km interface
feat(rmmd): el3-rmm ide key management interface

show more ...

feat(measured-boot): make event log lib standalone

Remove dependencies on TF-A so the library can be conveniently exported
by other projets. The main changes are to remove explicit error
handling, a

feat(measured-boot): make event log lib standalone

Remove dependencies on TF-A so the library can be conveniently exported
by other projets. The main changes are to remove explicit error
handling, and ensure that functions instead return errno codes that
consumers can rely on instead. Some work has also been done to make the
function naming a little more consistent.

Change-Id: Ic182dfe7dd6f56a4b73e0da4c9051813938cfe44
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge "build(tlkd): add build error when building with FEAT_D128" into integration

fix(spm-mm): prevent excessive racing

The current code does the following:

sp_state_wait_switch:
lock()
if (status == 0)
status = 1
unlock()

[critical section]

sp_state_set:
lock()
status

fix(spm-mm): prevent excessive racing

The current code does the following:

sp_state_wait_switch:
lock()
if (status == 0)
status = 1
unlock()

[critical section]

sp_state_set:
lock()
status = 0
unlock()

One core will obtain the status for itself and then all other cores will
get the lock, see the status is not available, release the lock, and try
again. However, when there are many cores this causes a lot of lock
contention and the original core is racing to obtain the lock to release
the status. This starves the holder of the lock, resulting in an
apparent deadlock, although given enough time it will pass.

Hold the lock throughout to prevent this.

Also make the functions static as they are never exported and drop
sp_state_try_switch() as its unused and would not work anymore.

Change-Id: I0861d04ed95437e4ca9f203d9e79a6296b1ead56
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

build(tlkd): add build error when building with FEAT_D128

tlkd is not fully adopted to work with FEAT_D128, currently we avoid
building tlkd when FEAT_D128 is enabled.

Add a build error when we bui

build(tlkd): add build error when building with FEAT_D128

tlkd is not fully adopted to work with FEAT_D128, currently we avoid
building tlkd when FEAT_D128 is enabled.

Add a build error when we build tlkd with FEAT_D128.

Change-Id: I6ebc0eb8b551701897a62e0d800e786ce81beadf
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

feat(trp): test el3-rmm ide km interface

This patch introduces test functions to the Test Realm Payload (TRP)
for performing basic sanity checks on the RMM-EL3 IDE KM support added
to EL3.

The prim

feat(trp): test el3-rmm ide km interface

This patch introduces test functions to the Test Realm Payload (TRP)
for performing basic sanity checks on the RMM-EL3 IDE KM support added
to EL3.

The primary goal of this patch is to only to verify the basic
functionality and ensure the implemented functions return the
correct return values.

The test uses random values for the ecam address, rootport ID,
IDE stream info, keys, and IV values.

Change-Id: Icf47627da9a6a7dd0d6e40e20ac94cc977072177
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

feat(rmmd): el3-rmm ide key management interface

Patch introduces the EL3-RMM SMC Interface for Root Port
Key management as per RFC discussed here:
https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM

feat(rmmd): el3-rmm ide key management interface

Patch introduces the EL3-RMM SMC Interface for Root Port
Key management as per RFC discussed here:
https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM-IDE-KM-Interface

Three IDE Key management smc calls have been added:
- RMM_IDE_KEY_PROG()
- RMM_IDE_KEY_SET_GO()
- RMM_IDE_KEY_SET_STOP()
- RMM_IDE_KM_PULL_RESPONSE()

Due to the absence of root port support in FVP, we are
currently adding placeholders in this patch for the platform
APIs to return success irrespective of the arguments being passed
by the caller(Realms). The SMCs are guarded by
`RMMD_ENABLE_IDE_KEY_PROG` build flag and is disabled by default.
We expect that once the SMCs are stabilized, this build flag will
not be required anymore.

Change-Id: I9411eb7787dac2a207bd14710d251503bd9626ce
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

Merge "feat(drtm): update DLME data header with actual Event Log size" into integration

Merge "fix(spmd): check pwr mgmt status for SPMC framework response" into integration

feat(drtm): update DLME data header with actual Event Log size

The definition of `dlme_tpm_log_size` has been revised to represent
the actual Event Log data size instead of the fixed minimum of 64KB

feat(drtm): update DLME data header with actual Event Log size

The definition of `dlme_tpm_log_size` has been revised to represent
the actual Event Log data size instead of the fixed minimum of 64KB.
This change will be reflected in the upcoming DRTM specification
update.

Note: This change requires a corresponding update to the ACS DRTM
app in CI.

Change-Id: I967b5a372b283abd46409685d7266ffa60c142b0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "xlnx_fix_gen_uniq_var" into integration

* changes:
fix(psci): avoid altering function parameters
fix(services): avoid altering function parameters
fix(common): ignore

Merge changes from topic "xlnx_fix_gen_uniq_var" into integration

* changes:
fix(psci): avoid altering function parameters
fix(services): avoid altering function parameters
fix(common): ignore the unused function return value
fix(psci): modify variable conflicting with external function
fix(delay-timer): create unique variable name

show more ...

Merge "refactor: report features supported to secure world" into integration