Merge "feat(cpufeat): enable USE_SPINLOCK_CAS to FEAT_STATE_CHECKED" into integration

refactor(fvp): use SZ_* defs fr event log

Switch `PLAT_ARM_EVENT_LOG_MAX_SIZE` to SZ_* helpers for readability.

Change-Id: I9375fad3232afb9c3dc58204cc915d9c7fb2957f
Signed-off-by: Harrison Mutai <h

refactor(fvp): use SZ_* defs fr event log

Switch `PLAT_ARM_EVENT_LOG_MAX_SIZE` to SZ_* helpers for readability.

Change-Id: I9375fad3232afb9c3dc58204cc915d9c7fb2957f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

fix(rme): increase worst-case event size

Increase the worst-case event log size for RME. It's now possible for
each event to hold up to `LIBEVLOG_MAX_HASH_COUNT` digests. Increase the
worst-case siz

fix(rme): increase worst-case event size

Increase the worst-case event log size for RME. It's now possible for
each event to hold up to `LIBEVLOG_MAX_HASH_COUNT` digests. Increase the
worst-case size to account for this.

Change-Id: Ie072f9fe1ea5617c030556fae4c8c893cfefc4e0
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge "feat(rmmd): extend RMI function ID range validation" into integration

feat(rmmd): extend RMI function ID range validation

Add support for the extended RMI function number range (RMI_FNUM1)in
the is_rmi_fid() macro. The macro now validates FIDs in both:
- Original rang

feat(rmmd): extend RMI function ID range validation

Add support for the extended RMI function number range (RMI_FNUM1)in
the is_rmi_fid() macro. The macro now validates FIDs in both:
- Original range: 0x150 - 0x18F (RMI_FNUM_MIN_VALUE to RMI_FNUM_MAX_VALUE)
- Extended range: 0x1D0 - 0x2CF (RMI_FNUM1_MIN_VALUE to RMI_FNUM1_MAX_VALUE)

This change ensures proper identification and handling of RMI calls
across the full function ID space as defined by the RMM specification.

Change-Id: Ie65999ffeacc94057389e056761e57586f804b63
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

feat(cpufeat): enable USE_SPINLOCK_CAS to FEAT_STATE_CHECKED

The FEAT_LSE enablement predates the FEAT_STATE framework and has never
been converted. Since the introduction of USE_SPINLOCK_CAS we've

feat(cpufeat): enable USE_SPINLOCK_CAS to FEAT_STATE_CHECKED

The FEAT_LSE enablement predates the FEAT_STATE framework and has never
been converted. Since the introduction of USE_SPINLOCK_CAS we've gained
lots of quality of life features that allow for better feature
enablement. This patch converts USE_SPINLOCK_CAS to tri-state and adds
it to FEATURE_DETECTION to align with all other features.

Instead of introducing the assembly checking for tri-state, this patch
translates all locking routines to C inline assembly and uses the
standard C helpers. The main benefit is that this gives greater
visibility to the compiler about what the functions are doing and lets
it optimise better. Namely, it is able to allocate registers itself and
inline the functions when LTO is enabled.

An unsuccessful attempt was made to use the instructions directly and
have even flow control in C. This, however, made code very complicated
and less efficient in the tight loops of the spinlock.

The last use of ARM_ARCH_AT_LEAST goes away with this change and so this
macro is removed. It has now been fully superseded by the FEAT_STATE
framework.

This change exposes a limitation - RME_GPT_BITLOCK_BLOCK requires
USE_SPINLOCK_CAS. This patch does not address this in any way but makes
the relationship explicit.

Change-Id: I580081549aceded2dca3e0f4564ee7510a7e56ae
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(drtm): use crypto-agile measured boot
refactor(imx): use crypto-agile measured boot
refactor(qemu): use crypto-agile me

Merge changes from topic "hm/evlog" into integration

* changes:
refactor(drtm): use crypto-agile measured boot
refactor(imx): use crypto-agile measured boot
refactor(qemu): use crypto-agile measured boot
refactor(juno): use crypto-agile measured boot
refactor(rpi3): use crypto-agile measured boot
refactor(fvp): use crypto-agile measured boot
feat(measured-boot): enable dynamic hash provisioning
feat: add TPM/TCG hashing helper to crypto module
chore: bump event log library

show more ...

Merge changes I4d50d138,Ie16b2e40,I574893fa into integration

* changes:
refactor(tpm): remove TPM code from TF-A
feat(tpm): changes to support TPM lib
feat: add libtpm submodule

Merge "fix(cpufeat): always provide pauth context helper" into integration

refactor(drtm): use crypto-agile measured boot

Update the DRTM boot flow to use the crypto-agile API. Replace the
previous single-algorithm hash configuration with dynamic algorithm
selection. Align

refactor(drtm): use crypto-agile measured boot

Update the DRTM boot flow to use the crypto-agile API. Replace the
previous single-algorithm hash configuration with dynamic algorithm
selection. Align image measurement and event log header generation with
the new hashing model and update platform glue code accordingly.

Change-Id: I22930440476895c23dbd4e04502757d2f6726e33
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

refactor(imx): use crypto-agile measured boot

Update the i.MX measured boot flow to use the crypto-agile API. Replace
the previous single-algorithm hash configuration with dynamic algorithm
selectio

refactor(imx): use crypto-agile measured boot

Update the i.MX measured boot flow to use the crypto-agile API. Replace
the previous single-algorithm hash configuration with dynamic algorithm
selection. Align image measurement and event log header generation with
the new hashing model and update platform glue code accordingly.

Change-Id: Ia60b5c927c1d7e4262562fb1eee2e4602b832e78
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

refactor(qemu): use crypto-agile measured boot

Update the QEMU measured boot flow to use the crypto-agile API. Replace
the previous single-algorithm hash configuration with dynamic algorithm
selecti

refactor(qemu): use crypto-agile measured boot

Update the QEMU measured boot flow to use the crypto-agile API. Replace
the previous single-algorithm hash configuration with dynamic algorithm
selection. Align image measurement and event log header generation with
the new hashing model and update platform glue code accordingly.

Change-Id: Iab276b88ce85675374aa2c104cbd0aa907be2acb
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

refactor(juno): use crypto-agile measured boot

Update the Juno measured boot flow to use the crypto-agile API. Replace
the previous single-algorithm hash configuration with dynamic algorithm
selecti

refactor(juno): use crypto-agile measured boot

Update the Juno measured boot flow to use the crypto-agile API. Replace
the previous single-algorithm hash configuration with dynamic algorithm
selection. Align image measurement and event log header generation with
the new hashing model and update platform glue code accordingly.

Change-Id: I9bca6c9f2a6f3507cea5ced7c2ab83ee5a4c1a91
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

refactor(rpi3): use crypto-agile measured boot

Adopt the crypto-agile measured boot API for RPi3. Replace the previous
single-algorithm hash configuration with dynamic algorithm selection.
Factor co

refactor(rpi3): use crypto-agile measured boot

Adopt the crypto-agile measured boot API for RPi3. Replace the previous
single-algorithm hash configuration with dynamic algorithm selection.
Factor common measurement logic into a shared helper, update BL1/BL2
integration, and ensure event log header generation and TPM extension
use the new multi-algorithm model.

Change-Id: Id700710ad2c893fc13614c81c01b8812e8edff7d
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

refactor(fvp): use crypto-agile measured boot

Update the FVP measured boot flow to use the crypto-agile API. Replace
the previous single-algorithm hash configuration with dynamic algorithm
selection

refactor(fvp): use crypto-agile measured boot

Update the FVP measured boot flow to use the crypto-agile API. Replace
the previous single-algorithm hash configuration with dynamic algorithm
selection. Align image measurement and event log header generation with
the new hashing model and update platform glue code accordingly.

Change-Id: I4128a0c66a56df6c473c47a577d86cd38bf057f6
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat(measured-boot): enable dynamic hash provisioning

Introduce dynamic hash provisioning for Measured Boot by removing the
previous static hash-selection path and allowing platforms to supply
algor

feat(measured-boot): enable dynamic hash provisioning

Introduce dynamic hash provisioning for Measured Boot by removing the
previous static hash-selection path and allowing platforms to supply
algorithm metadata at runtime. Add mboot_find_event_log_metadata() as a
common helper for resolving image metadata. Update the Event Log build
logic to use MAX_DIGEST_SIZE and MAX_HASH_COUNT, deprecate legacy
MBOOT_EL_HASH_ALG, and warn when it is used. Adjust MbedTLS
configuration to enable hash algorithms automatically when Measured Boot
is enabled.

Change-Id: I704e1a5005f6caad3d51d868bacc53699b6dd64f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat: add TPM/TCG hashing helper to crypto module

Introduce crypto_mod_tcg_hash(), a helper that maps TPM/TCG algorithm
identifiers to the platform crypto backend. This ensures that Event Log
measur

feat: add TPM/TCG hashing helper to crypto module

Introduce crypto_mod_tcg_hash(), a helper that maps TPM/TCG algorithm
identifiers to the platform crypto backend. This ensures that Event Log
measurements use the same digest implementation as the platform PCR
backend regardless of whether hashing is performed in software,
hardware, or a discrete TPM. Update the measured boot design document,
expose the new API via public headers, and implement the helper in the
common crypto module.

Change-Id: Id4f7f1d0014ab42064c46819965417daef71555b
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

chore: bump event log library

This adds support for logging more than one digest at a time, breaking
the existing platform integrations which rely on support for a single
digest format.

Change-Id:

chore: bump event log library

This adds support for logging more than one digest at a time, breaking
the existing platform integrations which rely on support for a single
digest format.

Change-Id: I131f158bff5a6e651fe8db89b02446538cb7bcc0
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

refactor(tpm): remove TPM code from TF-A

git rm of TPM source and header files from platform tree.

Change-Id: I4d50d138166fe25b4d51bb3f1955797aa3d025ab
Signed-off-by: Matthew Ellis <Matthew.Ellis@a

refactor(tpm): remove TPM code from TF-A

git rm of TPM source and header files from platform tree.

Change-Id: I4d50d138166fe25b4d51bb3f1955797aa3d025ab
Signed-off-by: Matthew Ellis <Matthew.Ellis@arm.com>

show more ...

feat(tpm): changes to support TPM lib

The build system sets TPM_INTERFACE to FIFO_SPI, but this cannot be
tested by the C preprocessor. So, create new build define
TPM_INTERFACE_FIFO_SPI. Correct th

feat(tpm): changes to support TPM lib

The build system sets TPM_INTERFACE to FIFO_SPI, but this cannot be
tested by the C preprocessor. So, create new build define
TPM_INTERFACE_FIFO_SPI. Correct the #if statements to use it.

Make spi_init() in rpi3_spi.c static.
Pass timer functions as ops structure to TPM.
Remove implicit interface between TPM library and main firmware by
introducing explicit interface to allow firmware to pass structure
of function pointers to setup a timer and check whether it has elapsed.

Update build system for new TPM lib location.
Change #include statements in TPM source and header files to allow
for new directory structure.

Change-Id: Ie16b2e402b963161d7d4f35a187b9bd2765a1faa
Signed-off-by: Matthew Ellis <Matthew.Ellis@arm.com>

show more ...

feat: add libtpm submodule

Add libtpm from:
https://review.trustedfirmware.org/c/shared/libTPM/+/43107/31

Change-Id: I574893fa0cba747f2a92ae3ac6e116aee7980293
Signed-off-by: Harrison Mutai <harriso

feat: add libtpm submodule

Add libtpm from:
https://review.trustedfirmware.org/c/shared/libTPM/+/43107/31

Change-Id: I574893fa0cba747f2a92ae3ac6e116aee7980293
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Signed-off-by: Matthew Ellis <Matthew.Ellis@arm.com>

show more ...

fix(cpufeat): always provide pauth context helper

We need to be able to work on the structure with or without pauth.
Arrange the getter so that it can compile even if it wouldn't be
functional.

Cha

fix(cpufeat): always provide pauth context helper

We need to be able to work on the structure with or without pauth.
Arrange the getter so that it can compile even if it wouldn't be
functional.

Change-Id: I563680fc76f4e08d3e77e01ed7525d09c7c617ab
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "feat(neoverse-rd): set the correct Arm version for rdn2" into integration

Merge "fix(cpus): fix C1 Pro powerdown abandon behavior" into integration

Merge "refactor(cm): reduce conditional compilation" into integration