Merge "feat(handoff): port BL31-BL33 interface to fw handoff framework" into integration

refactor(arm): use gpt_partition_init

Current interface partition_init accepts GPT image id and parses the
GPT image but doesn't return any error on failure.

So use gpt_partition_init which implici

refactor(arm): use gpt_partition_init

Current interface partition_init accepts GPT image id and parses the
GPT image but doesn't return any error on failure.

So use gpt_partition_init which implicitly initialises with GPT image
ID and returns a value.

Change-Id: I63280aa672388f1f8d9dc377ae13002c9f861f03
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

feat(partition): add interface to init gpt

Current interface 'partition_init' accepts parameter image_id
and returns no value. But the entire partition driver is build
only to parse and handle GPT p

feat(partition): add interface to init gpt

Current interface 'partition_init' accepts parameter image_id
and returns no value. But the entire partition driver is build
only to parse and handle GPT partitions, so add new interface
gpt_partition_init which would return failure to platform code
if it fails to parse the image.

Change-Id: Iaf574d2ad01a15d0723c1475290c31dc4a078835
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

refactor(partition): convert warn to verbose

Convert all warn messages to verbose messages. As most warning are
needed during debug only and and won't increase the binary size by
default.

Change-Id

refactor(partition): convert warn to verbose

Convert all warn messages to verbose messages. As most warning are
needed during debug only and and won't increase the binary size by
default.

Change-Id: Icc5d5157f13507ccbc34675c20357117cad98255
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

feat(partition): add support to use backup GPT header

Currently we just use primary GPT header which is located in second
entry after MBR header, but if this block is corrupted or CRC
mismatch occur

feat(partition): add support to use backup GPT header

Currently we just use primary GPT header which is located in second
entry after MBR header, but if this block is corrupted or CRC
mismatch occurs we could try to use the backup GPT header located at
LBAn and GPT entries following this from LBA-33.

Add suitable warning messages before returning any errors to identify
the cause of issue.

Change-Id: I0018ae9eafbacb683a18784d2c8bd917c70f50e1
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

refactor(partition): get GPT header location from MBR

GPT header is located in first LBA after MBR entry and mbr header has
details of beginning of first entry, so use mbr header entry first_lba
dat

refactor(partition): get GPT header location from MBR

GPT header is located in first LBA after MBR entry and mbr header has
details of beginning of first entry, so use mbr header entry first_lba
data to locate GPT header rather than GPT_HEADER_OFFSET.

GPT header size is available in gpt_header, so use that
rather than using DEFAULT_GPT_HEADER_SIZE.

The location of GPT entries is available once we parse gpt_header
and is available as partitiona_lba use that to load gpt_entries rather
than GPT_ENTRY_OFFSET.

Change-Id: I3c11f8cc9d4b0b1778a37fe342fb845ea4a4eff1
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

feat(arm): add IO policy to use backup gpt header

Add a IO block spec to use GPT backup header if primary fails.
Currently we use only the primary gpt header which is in the second
block(LBA-1) afte

feat(arm): add IO policy to use backup gpt header

Add a IO block spec to use GPT backup header if primary fails.
Currently we use only the primary gpt header which is in the second
block(LBA-1) after the MBR block(LBA-0) so we restrict IO access to
primary gpt header and its entries.

But we plan to use backup GPT which is the last block of the
partition (LBA-n) in case our primary GPT header fails verification
or is corrupted.

Offset and length of the block spec will be updated runtime from
partition driver after parsing MBR data.

Change-Id: Id1d49841d6f4cbcc3248af19faf2fbd8e24a8ba1
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

feat(tbbr): add image id for backup GPT

Add image identifier to access backup-GPT header and entry,
when we fail to get primary GPT header.

Currently we use only the primary gpt header, But we plan

feat(tbbr): add image id for backup GPT

Add image identifier to access backup-GPT header and entry,
when we fail to get primary GPT header.

Currently we use only the primary gpt header, But we plan to
use backup GPT header in case our primary GPT header fails
verification or is corrupted.

Change-Id: I12eedd5d2a5cda21c64254d461d09d400d4edb30
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

feat(handoff): port BL31-BL33 interface to fw handoff framework

The firmware handoff framework is a light weight mechanism for sharing
information between bootloader stages. Add support for this fra

feat(handoff): port BL31-BL33 interface to fw handoff framework

The firmware handoff framework is a light weight mechanism for sharing
information between bootloader stages. Add support for this framework at
the handoff boundary between runtime firmware BL31 and NS software on FVP.

Change-Id: Ib02e0e4c20a39e32e06da667caf2ce5a28de1e28
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge changes from topic "sm/err_errata" into integration

* changes:
fix(cpus): fix the rev-var of Neoverse-V1
fix(errata-abi): update the Neoverse-N2 errata ABI struct
fix(errata-abi): update

Merge changes from topic "sm/err_errata" into integration

* changes:
fix(cpus): fix the rev-var of Neoverse-V1
fix(errata-abi): update the Neoverse-N2 errata ABI struct
fix(errata-abi): update the neoverse-N1 errata ABI struct
fix(cpus): fix the rev-var of Cortex-X2
fix(errata-abi): update the Cortex-A78C errata ABI struct
fix(cpus): update the rev-var for Cortex-A78AE
fix(errata-abi): update the Cortex-A76 errata ABI struct
fix(cpus): fix the rev-var for Cortex-A710

show more ...

refactor(fvp): do not use RSS platform token and attestation key APIs

Since FVP does not support RSS, RSS APIs used to provide the hardcoded
platform token and attestation key. However, that seems t

refactor(fvp): do not use RSS platform token and attestation key APIs

Since FVP does not support RSS, RSS APIs used to provide the hardcoded
platform token and attestation key. However, that seems to be causing
un-necessary mandating of some PSA crypto definitions, that doesn't
seem appropriate.
Hence to retrieve platform token and realm attestation key, these
RSS APIs calls have been replaced with hardcoded information.

Change-Id: I5fd091025e3444a698b9d387763ce20db6b13ae1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(cpus): add support for Travis CPU

Adding basic CPU library code to support Travis CPU

Change-Id: I3c85e9fab409325d213978888a8f6d6949291258
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.

feat(cpus): add support for Travis CPU

Adding basic CPU library code to support Travis CPU

Change-Id: I3c85e9fab409325d213978888a8f6d6949291258
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>

show more ...

docs: deletion of a few deprecated platforms not yet confirmed

Updated the 'Deprecated Platforms' table to reflect that the
deletion of sgi575 and rdn1Edge is still unconfirmed.

Change-Id: Ie8e8af5

docs: deletion of a few deprecated platforms not yet confirmed

Updated the 'Deprecated Platforms' table to reflect that the
deletion of sgi575 and rdn1Edge is still unconfirmed.

Change-Id: Ie8e8af55a735f624f5ee604d75bb497d870620cd
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(tbbr): guard defines under MBEDTLS_CONFIG_FILE

Several platforms, such as NXP platforms, employ Trusted Boot support
without relying on MBEDTLS_CONFIG. This patch addresses the build
issues that

fix(tbbr): guard defines under MBEDTLS_CONFIG_FILE

Several platforms, such as NXP platforms, employ Trusted Boot support
without relying on MBEDTLS_CONFIG. This patch addresses the build
issues that arose on such platforms as a result of recent change
c1ec23dd60 [1].

[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/23730

Change-Id: Idfbeeafb8a30dc15bb0060beb5b17819a8807084
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

refactor(tbbr): enforce compile-time error for invalid algorithm selection

Enforced compile-time error on invalid algorithm selection.

Change-Id: I517aa11c9fa9fda49483f95587f43529085c9d5d
Signed-of

refactor(tbbr): enforce compile-time error for invalid algorithm selection

Enforced compile-time error on invalid algorithm selection.

Change-Id: I517aa11c9fa9fda49483f95587f43529085c9d5d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "fix(arm): fix GIC macros for GICv4.1 support" into integration

Merge "fix(spmd): fix FFA_VERSION forwarding" into integration

docs: mark PSA_CRYPTO as an experimental feature

Updated the documentation to mark PSA_CRYPTO as an experimental
feature.

Change-Id: I894b687d6727fe7f80df54e6b08937e171f459b6
Signed-off-by: Manish

docs: mark PSA_CRYPTO as an experimental feature

Updated the documentation to mark PSA_CRYPTO as an experimental
feature.

Change-Id: I894b687d6727fe7f80df54e6b08937e171f459b6
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(fvp): increase BL1 RW area for PSA_CRYPTO implementation

When using PSA Crypto API, few algorithms like ECDSA require a
larger BL1 RW area. Hence added an additional BL1 RW page when
PSA_CRYPTO

feat(fvp): increase BL1 RW area for PSA_CRYPTO implementation

When using PSA Crypto API, few algorithms like ECDSA require a
larger BL1 RW area. Hence added an additional BL1 RW page when
PSA_CRYPTO is selected.

Change-Id: Id6994667641a0b1e36b6a356d7c39a125d62ac01
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(mbedtls-psa): mbedTLS PSA Crypto with ECDSA

The ECDSA algorithm signature verification in the PSA differs
from the RSA algorithm in its handling of data formats. In the
case of RSA, an encoded

feat(mbedtls-psa): mbedTLS PSA Crypto with ECDSA

The ECDSA algorithm signature verification in the PSA differs
from the RSA algorithm in its handling of data formats. In the
case of RSA, an encoded ASN1.0 buffer is passed to the PSA API,
which then decodes the buffer. However, for ECDSA, the PSA API
expects a raw format.

To accomodate this requirement, introduce several static APIs
that allows to retrieve -

1. ECDSA public key data pointer along with its size, and also,
the ECC family in PSA format from the public key.
2. R and S pair of the ECDSA signature along with its size

Change-Id: Icc7d5659aeb3d5c1ab63c3a12c001e68b11a3a86
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(ti): align static device region addresses to reduce MMU table count

Align our device memory regions to the next highest MMU table level (LV2).
This allows the xlat_tables library code to use a s

fix(ti): align static device region addresses to reduce MMU table count

Align our device memory regions to the next highest MMU table level (LV2).
This allows the xlat_tables library code to use a single entry in the
higher order table, vs having to create a new table for LV3 entries.

This reduces our tables to just 4: 2 LV2 and 1 LV3 plus 1 spare in case
alignment changes ever cause one to be split. This saves 24KB of our
128KB total TF-A SRAM (~18%!).

While here, as USE_COHERENT_MEM does not change MAX_XLAT_TABLES but
does change our total MAX_MMAP_REGIONS, move that check accordingly.

Signed-off-by: Andrew Davis <afd@ti.com>
Change-Id: I4cb8e3b2cc3d05c6c9a84d887dd6ec56bde7a786

show more ...

Merge "fix(mpam): refine MPAM initialization and enablement process" into integration

fix(arm): fix GIC macros for GICv4.1 support

Newer platforms such as Neoverse V2 with GICv4.1 will report
0x3 instead of 0x1 in ID_AA64PFR0_EL1.

Update the logic to not accidentially take the GICv2

fix(arm): fix GIC macros for GICv4.1 support

Newer platforms such as Neoverse V2 with GICv4.1 will report
0x3 instead of 0x1 in ID_AA64PFR0_EL1.

Update the logic to not accidentially take the GICv2 path
when printing the GIC registers.

Change-Id: Ia0d546cc5dcaa0dcad49a75b5921b0df5e176d34
Signed-off-by: Moritz Fischer <moritzf@google.com>

show more ...

Merge "fix(build): convert tabs to spaces" into integration

fix(mpam): refine MPAM initialization and enablement process

Restricts MPAM to only NS world and enables trap to EL3 for access of
MPAM registers from lower ELs of Secure and Realm world.

This patc

fix(mpam): refine MPAM initialization and enablement process

Restricts MPAM to only NS world and enables trap to EL3 for access of
MPAM registers from lower ELs of Secure and Realm world.

This patch removes MPAM enablement from global context and adds it to
EL3 State context which enables/disables MPAM during world switches.
Renamed ENABLE_MPAM_FOR_LOWER_ELS to ENABLE_FEAT_MPAM and
removed mpam_init_el3() as RESET behaviour is trapping.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I131f9dba5df236a71959b2d425ee11af7f3c38c4

show more ...