chore(cm): add MDCR_EL3.RLTE to context management

The bit is already implicitly zero so no functional change. Adding it
helps fully describe how we expect FEAT_TRF to behave.

Change-Id: If7a7881e2

chore(cm): add MDCR_EL3.RLTE to context management

The bit is already implicitly zero so no functional change. Adding it
helps fully describe how we expect FEAT_TRF to behave.

Change-Id: If7a7881e2b50188222ce46265b432d658a664c75
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(libc): add const qualifier

This corrects the MISRA violation C2012-8.13:
A pointer should point to a const-qualified type whenever possible.
Added const qualifier to pointer.

In spite of generi

fix(libc): add const qualifier

This corrects the MISRA violation C2012-8.13:
A pointer should point to a const-qualified type whenever possible.
Added const qualifier to pointer.

In spite of generic guidance for 3rd party libraries
(https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-style.html#misra-compliance)
libc contains some MISRA-C fixes done by commit d5ccb754af86
("libc: Fix some MISRA defects") in 2021.
Also from history it is not clear where libc is
coming from that's why there is no way to fix
violation in base library.

Change-Id: I9d6ec6df08358adf0832a53485d080d8b93b0e29
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>

show more ...

chore(docs): explain what the plat_amu_aux_enables array does

Change-Id: I90f1bcaa8bec133d3be81785aea11948208ca0a5
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

fix(plat): remove unused vfp code

The code is never referenced, the build flag is never defined and some
of the #defines are missing. Remove.

Change-Id: I44caae52f9b7503363ac553fd1187bbf6c951438
Si

fix(plat): remove unused vfp code

The code is never referenced, the build flag is never defined and some
of the #defines are missing. Remove.

Change-Id: I44caae52f9b7503363ac553fd1187bbf6c951438
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

build(poetry): install SP dependencies with `--no-root`

Change-Id: I2981cb438be6f4569d069203b555310588db2627
Signed-off-by: Chris Kay <chris.kay@arm.com>

Merge "fix(versal2): rename console build arg to generic" into integration

feat(lib): implement strnlen secure and strcpy secure function

Implement safer version of 'strnlen' function
to handle NULL terminated strings with additional
bound checking and secure version of st

feat(lib): implement strnlen secure and strcpy secure function

Implement safer version of 'strnlen' function
to handle NULL terminated strings with additional
bound checking and secure version of string copy function
to support better security and avoid destination
buffer overflow.

Change-Id: I93916f003b192c1c6da6a4f78a627c8885db11d9
Signed-off-by: Jit Loon Lim <jit.loon.lim@altera.com>
Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>

show more ...

feat(qemu): add plat_rmmd_mecid_key_update()

Add an implementation of the plat_rmmd_mecid_key_update() callback, that
updates the MEC keys associated with a MECID. Leave it empty for now,
since QEMU

feat(qemu): add plat_rmmd_mecid_key_update()

Add an implementation of the plat_rmmd_mecid_key_update() callback, that
updates the MEC keys associated with a MECID. Leave it empty for now,
since QEMU doesn't yet implement an MPE (Memory Protection Engine).

Change-Id: I2746f6024f28e4fd487726de9e43e14d8cad57a0
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>

show more ...

feat(rmmd): add RMM_MECID_KEY_UPDATE call

With this addition, TF-A now has an SMC call to handle the
update of MEC keys associated to MECIDs.

The behavior of this newly added call is empty for now

feat(rmmd): add RMM_MECID_KEY_UPDATE call

With this addition, TF-A now has an SMC call to handle the
update of MEC keys associated to MECIDs.

The behavior of this newly added call is empty for now until an
implementation for the MPE (Memory Protection Engine) driver is
available. Only parameter sanitization has been implemented.

Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I2a969310b47e8c6da1817a79be0cd56158c6efc3

show more ...

feat(docs): update mboot threat model with dTPM

Add the discrete TPM to the TCG event log section of the measured boot
threat model. Include the example of a physical vurnerability that can
be used

feat(docs): update mboot threat model with dTPM

Add the discrete TPM to the TCG event log section of the measured boot
threat model. Include the example of a physical vurnerability that can
be used to compromise a dTPM.

Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: I2c06edf5e9031adc970c24426a8ae52b06efb614

show more ...

docs(tpm): add design documentation for dTPM

-documentation for Discrete TPM drivers.
-documentation for a proof of concept on rpi3;
Measured Boot using Discrete TPM.

Signed-off-by: Abhi Singh <ab

docs(tpm): add design documentation for dTPM

-documentation for Discrete TPM drivers.
-documentation for a proof of concept on rpi3;
Measured Boot using Discrete TPM.

Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: If8e7c14a1c0b9776af872104aceeff21a13bd821

show more ...

fix(rpi3): expose BL1_RW to BL2 map for mboot

BL2 requires the ability to access the TCG Event Log during
Measured Boot. Currently the Platform hangs since the Event Log
is not exposed to BL2's mma

fix(rpi3): expose BL1_RW to BL2 map for mboot

BL2 requires the ability to access the TCG Event Log during
Measured Boot. Currently the Platform hangs since the Event Log
is not exposed to BL2's mmap. Define a RPI3_BL1_RW region to be
added to the BL2 Image, if Measured Boot is enabled.

Change-Id: Ic236a80e73ea342b4590cfb65bafbb8ffac17085
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

feat(rpi3): add dTPM backed measured boot

In BL1 and BL2 add support for the use of an Infineon Optiga SLB 9670
TPM2.0.
The platform utilizes the gpio_spi.c driver to bit-bang gpio pins in
order to

feat(rpi3): add dTPM backed measured boot

In BL1 and BL2 add support for the use of an Infineon Optiga SLB 9670
TPM2.0.
The platform utilizes the gpio_spi.c driver to bit-bang gpio pins in
order to send commands and receive responses to/from the TPM.
In BL1 & BL2:
-utilize TPM commands to initialize the gpio pins for "spi"
communication, and extend image hashes to the TPM's PCR 0,
at the end of the measured boot phase for the bootloader,
the TPM locality is released.
-Bl1 executes a tpm_startup command in order to flush the TPM.

Change-Id: I2f2fa28f60a262a0aa25a674c72a9904b3cf4d8a
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

feat(tpm): add Infineon SLB9670 GPIO SPI config

add the Infineon Optiga SLB9670 TPM2.0 GPIO SPI
configuration data, as well as chip reset and the
GPIO SPI bitbang driver initialization. This code
su

feat(tpm): add Infineon SLB9670 GPIO SPI config

add the Infineon Optiga SLB9670 TPM2.0 GPIO SPI
configuration data, as well as chip reset and the
GPIO SPI bitbang driver initialization. This code
supports use with the rpi3 platform, with availibility
to add configuration parameters for other platforms

Change-Id: Ibdffb28fa0b3b5a18dff2ba5d4ea305633740763
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

feat(tpm): add tpm drivers and framework

Add tpm2 drivers to tf-a with adequate framework
-implement a fifo spi interface that works
with discrete tpm chip.
-implement tpm command layer interfaces

feat(tpm): add tpm drivers and framework

Add tpm2 drivers to tf-a with adequate framework
-implement a fifo spi interface that works
with discrete tpm chip.
-implement tpm command layer interfaces that are used
to initialize, start and make measurements and
close the interface.
-tpm drivers are built using their own make file
to allow for ease in porting across platforms,
and across different interfaces.

Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: Ie1a189f45c80f26f4dea16c3bd71b1503709e0ea

show more ...

feat(io): add generic gpio spi bit-bang driver

When using a tpm breakout board with rpi3, we elected to bit-bang
gpio pins to emulate a spi interface, this implementation required a
driver to interf

feat(io): add generic gpio spi bit-bang driver

When using a tpm breakout board with rpi3, we elected to bit-bang
gpio pins to emulate a spi interface, this implementation required a
driver to interface with the platform specific pins and emulate spi
functionality. The generic driver provides the ability to pass in a
gpio_spi_data structure that contains the necessary gpio pins in
order to simulate spi operations (get_access, start, stop, xfer).

Change-Id: I88919e8a294c05e0cabb8224e35ae5c1ba5f2413
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

feat(rpi3): implement eventlog handoff to BL33

At the end of BL2 measured boot, write the address
and size of the TCG Event Log to NT_FW_CONFIG so
that the log can be consumed later by BL33.
-add dy

feat(rpi3): implement eventlog handoff to BL33

At the end of BL2 measured boot, write the address
and size of the TCG Event Log to NT_FW_CONFIG so
that the log can be consumed later by BL33.
-add dynamic configuration helpers for the fdt
-write the eventlog address and size to the fdt

Change-Id: I099dd9cc96d740ae13cb8b8e8c6b9f2e6c02accc
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

feat(rpi3): implement mboot for rpi3

Add Measured Boot support using the Event Log backend for the rpi3
platform.
-Implement measured boot infrastructure in BL1 & BL2, including
the init, measure i

feat(rpi3): implement mboot for rpi3

Add Measured Boot support using the Event Log backend for the rpi3
platform.
-Implement measured boot infrastructure in BL1 & BL2, including
the init, measure image, and finish phases.
-Pass the eventlog addr and size from BL1 to BL2 using the
image entry point args.
-dump the eventlog after measuring BL2, and after all images are
measured in BL2.

Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: I7c040c4a2d001a933fefb0b16f0fdf2a43a11be9

show more ...

fix(versal2): rename console build arg to generic

Rename VERSAL2_CONSOLE build argument to CONSOLE to
keep it aligned with generic build arguments.

Change-Id: I0f4967aa262f0300d8f76f6638030a1839901

fix(versal2): rename console build arg to generic

Rename VERSAL2_CONSOLE build argument to CONSOLE to
keep it aligned with generic build arguments.

Change-Id: I0f4967aa262f0300d8f76f6638030a1839901234
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>

show more ...

Merge "fix(errata): workaround for Cortex-A510 erratum 2971420" into integration

Merge "fix(cpufeat): add feat_hcx check before enabling FEAT_MOPS" into integration

fix(errata): workaround for Cortex-A510 erratum 2971420

Cortex-A510 erratum 2971420 applies to revisions r0p1, r0p2, r0p3,
r1p0, r1p1, r1p2 and r1p3, and is still open.

Under some conditions, data

fix(errata): workaround for Cortex-A510 erratum 2971420

Cortex-A510 erratum 2971420 applies to revisions r0p1, r0p2, r0p3,
r1p0, r1p1, r1p2 and r1p3, and is still open.

Under some conditions, data might be corrupted if Trace Buffer
Extension (TRBE) is enabled. The workaround is to disable trace
collection via TRBE by programming MDCR_EL3.NSTB[1] to the opposite
value of SCR_EL3.NS on a security state switch. Since we only enable
TRBE for non-secure world, the workaround is to disable TRBE by
setting the NSTB field to 00 so accesses are trapped to EL3 and
secure state owns the buffer.

SDEN: https://developer.arm.com/documentation/SDEN-1873361/latest/

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ia77051f6b64c726a8c50596c78f220d323ab7d97

show more ...

Merge "fix(cpus): workaround for Cortex-A715 erratum 2804830" into integration

fix(cpus): workaround for Cortex-A715 erratum 2804830

Cortex-A715 erratum 2804830 applies to r0p0, r1p0, r1p1 and r1p2,
and is fixed in r1p3.

Under some conditions, writes of a 64B-aligned, 64B gra

fix(cpus): workaround for Cortex-A715 erratum 2804830

Cortex-A715 erratum 2804830 applies to r0p0, r1p0, r1p1 and r1p2,
and is fixed in r1p3.

Under some conditions, writes of a 64B-aligned, 64B granule of
memory might cause data corruption without this workaround. See SDEN
for details.

Since this workaround disables write streaming, it is expected to
have a significant performance impact for code that is heavily
reliant on write streaming, such as memcpy or memset.

SDEN: https://developer.arm.com/documentation/SDEN-2148827/latest/

Change-Id: Ia12f6c7de7c92f6ea4aec3057b228b828d48724c
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

feat(bl32): enable r3 usage for boot args

`r3` is used to pass the base address of the transfer list. Make sure we
update the context structure with this register value so it is populated
with this

feat(bl32): enable r3 usage for boot args

`r3` is used to pass the base address of the transfer list. Make sure we
update the context structure with this register value so it is populated
with this information prior to executing the next stage.

Change-Id: Ie1eedbd2eb68b592df30779625691e8975d987bf
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...