refactor(stm32mp15-fdts): remove unused PMIC nodes

The onkey and watchdog features of the PMIC are not used in TF-A for
STM32MP15 boards. Remove the nodes from DT.

Signed-off-by: Yann Gautier <yann

refactor(stm32mp15-fdts): remove unused PMIC nodes

The onkey and watchdog features of the PMIC are not used in TF-A for
STM32MP15 boards. Remove the nodes from DT.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I2933e0bdc5843fcb549a817742106d9c66097869

show more ...

fix(stm32mp15-fdts): use interrupts-extended for i2c2

Update SoC DT file STM32MP151 to use interrupts-extended instead of
interrupts for i2c2. This correct a compilation warning:
build/stm32mp1/debu

fix(stm32mp15-fdts): use interrupts-extended for i2c2

Update SoC DT file STM32MP151 to use interrupts-extended instead of
interrupts for i2c2. This correct a compilation warning:
build/stm32mp1/debug/fdts/stm32mp157c-ev1-bl2.pre.dts:23.3-26:
Warning (interrupts_property): /soc/i2c@40013000:#interrupt-cells:
size is (28), expected multiple of 12

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If512807cd23c72f95e1e02b15f30d20a849d8412

show more ...

style(stm32mp15-fdts): remove extra spaces on vbus

Remove extra spaces before the closing brace of vbus_otg node in
stm32mp157c-ed1 DT file, before the vbus_sw label, and before the
closing brace of

style(stm32mp15-fdts): remove extra spaces on vbus

Remove extra spaces before the closing brace of vbus_otg node in
stm32mp157c-ed1 DT file, before the vbus_sw label, and before the
closing brace of vbus_sw node.

Signed-off-by: Amelie Delaunay <amelie.delaunay@foss.st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I2e77e0a043594876551ed8d77ed3d13f6a098c81

show more ...

refactor(st): move board info in common code

Create a function stm32_display_board_info() that will display ST
board information, from a parameter taken from OTP fuse. The code
is just moved from ST

refactor(st): move board info in common code

Create a function stm32_display_board_info() that will display ST
board information, from a parameter taken from OTP fuse. The code
is just moved from STM32MP1 part to common directory.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I9e12fe98b5aabc7791cf2c9d48a38fbf2b219f9e

show more ...

refactor(st): move GIC code to common directory

The GIC v2 initialization code could be shared to other ST platforms.
The stm32mp1_gic.c file is then moved to common directory, and renamed
stm32mp_g

refactor(st): move GIC code to common directory

The GIC v2 initialization code could be shared to other ST platforms.
The stm32mp1_gic.c file is then moved to common directory, and renamed
stm32mp_gic.c.
The functions are also prefixed with stm32mp_gic.

Change-Id: I60820823b470217d3a95cc569f941c2cb923dfa9
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

refactor(st): move boot backup register management

This backup register used to pass boot information to BL33, has the
same mapping for ST platforms. Its management can then be moved to
common direc

refactor(st): move boot backup register management

This backup register used to pass boot information to BL33, has the
same mapping for ST platforms. Its management can then be moved to
common directory.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic873f099c1f87c6ba2825b4946365ae6a9687798

show more ...

Merge "refactor(trng): discarding the used entropy bits" into integration

fix(plat/tc): increase TC_TZC_DRAM1_SIZE

Increase TC_TZC_DRAM1_SIZE for Trusty image and its memory size.
Update OP-TEE reserved memory range in DTS

Change-Id: Iad433c3c155f28860b15bde2398df6534871

fix(plat/tc): increase TC_TZC_DRAM1_SIZE

Increase TC_TZC_DRAM1_SIZE for Trusty image and its memory size.
Update OP-TEE reserved memory range in DTS

Change-Id: Iad433c3c155f28860b15bde2398df653487189dd
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>

show more ...

Merge "refactor(auth): avoid parsing signature algorithm twice" into integration

Merge changes I794d2927,Ie33205fb,Ifdbe3b4c into integration

* changes:
refactor(auth): do not include SEQUENCE tag in saved extensions
fix(auth): reject junk after certificates
fix(auth): req

Merge changes I794d2927,Ie33205fb,Ifdbe3b4c into integration

* changes:
refactor(auth): do not include SEQUENCE tag in saved extensions
fix(auth): reject junk after certificates
fix(auth): require bit strings to have no unused bits

show more ...

refactor(auth): do not include SEQUENCE tag in saved extensions

This makes the code a little bit smaller. No functional change
intended.

Change-Id: I794d2927fcd034a79e29c9bba1f8e4410203f547
Signed

refactor(auth): do not include SEQUENCE tag in saved extensions

This makes the code a little bit smaller. No functional change
intended.

Change-Id: I794d2927fcd034a79e29c9bba1f8e4410203f547
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

fix(auth): reject junk after certificates

Certificates must not allow trailing junk after them.

Change-Id: Ie33205fb051fc63af5b72c326822da7f62eec1d1
Signed-off-by: Demi Marie Obenour <demiobenour@g

fix(auth): reject junk after certificates

Certificates must not allow trailing junk after them.

Change-Id: Ie33205fb051fc63af5b72c326822da7f62eec1d1
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

fix(auth): require bit strings to have no unused bits

This is already checked by the crypto module or by mbedTLS, but checking
it in the X.509 parser is harmless.

Change-Id: Ifdbe3b4c6d04481bb8e931

fix(auth): require bit strings to have no unused bits

This is already checked by the crypto module or by mbedTLS, but checking
it in the X.509 parser is harmless.

Change-Id: Ifdbe3b4c6d04481bb8e93106ee04b49a70f50d5d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

Merge changes Ia748b6ae,Id8a48e14,Id25ab231,Ie26eed8a,Idf48f716, ... into integration

* changes:
refactor(auth): partially validate SubjectPublicKeyInfo early
fix(auth): reject padding after BIT

Merge changes Ia748b6ae,Id8a48e14,Id25ab231,Ie26eed8a,Idf48f716, ... into integration

* changes:
refactor(auth): partially validate SubjectPublicKeyInfo early
fix(auth): reject padding after BIT STRING in signatures
fix(auth): reject invalid padding in digests
fix(auth): require at least one extension to be present
fix(auth): forbid junk after extensions
fix(auth): only accept v3 X.509 certificates

show more ...

Merge changes from topic "st_fix_sparse_warnings" into integration

* changes:
fix(st-crypto): remove platdata functions
fix(st-crypto): set get_plain_pk_from_asn1() static
fix(stm32mp1): add m

Merge changes from topic "st_fix_sparse_warnings" into integration

* changes:
fix(st-crypto): remove platdata functions
fix(st-crypto): set get_plain_pk_from_asn1() static
fix(stm32mp1): add missing platform.h include
fix(st): make metadata_block_spec static

show more ...

refactor(auth): avoid parsing signature algorithm twice

Since the two instances of the signature algorithm in a certificate must
be bitwise identical, it is not necessary to parse both of them.
Inst

refactor(auth): avoid parsing signature algorithm twice

Since the two instances of the signature algorithm in a certificate must
be bitwise identical, it is not necessary to parse both of them.
Instead, it suffices to parse one of them, and then check that the other
fits in the remaining buffer space and is equal to the first.

Change-Id: Id0a0663165f147879ac83b6a540378fd4873b0dd
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

refactor(auth): partially validate SubjectPublicKeyInfo early

This reduces the likelihood of future problems later.

Change-Id: Ia748b6ae31a7a48f17ec7f0fc08310a50cd1b135
Signed-off-by: Demi Marie Ob

refactor(auth): partially validate SubjectPublicKeyInfo early

This reduces the likelihood of future problems later.

Change-Id: Ia748b6ae31a7a48f17ec7f0fc08310a50cd1b135
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

fix(auth): reject padding after BIT STRING in signatures

It is forbidden by ASN.1 DER.

Change-Id: Id8a48e14bb8a1a17a6481ea3fde0803723c05e31
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

fix(auth): reject invalid padding in digests

Digests must not have padding after the SEQUENCE or OCTET STRING.

Change-Id: Id25ab23111781f8c8a97c2c3c8edf1cc4a4384c0
Signed-off-by: Demi Marie Obenour

fix(auth): reject invalid padding in digests

Digests must not have padding after the SEQUENCE or OCTET STRING.

Change-Id: Id25ab23111781f8c8a97c2c3c8edf1cc4a4384c0
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

fix(auth): require at least one extension to be present

X.509 and RFC5280 allow omitting the extensions entirely, but require
that if the extensions field is present at all, it must contain at least

fix(auth): require at least one extension to be present

X.509 and RFC5280 allow omitting the extensions entirely, but require
that if the extensions field is present at all, it must contain at least
one certificate. TF-A already requires the extensions to be present,
but allows them to be empty. However, a certificate with an empty
extensions field will always fail later on, as the extensions contain
the information needed to validate the next stage in the boot chain.
Therefore, it is simpler to require the extension field to be present
and contain at least one extension. Also add a comment explaining why
the extensions field is required, even though it is OPTIONAL in the
ASN.1 syntax.

Change-Id: Ie26eed8a7924bf50937a6b27ccdf7cc9a390588d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

fix(auth): forbid junk after extensions

The extensions must use all remaining bytes in the TBSCertificate.

Change-Id: Idf48f7168e146d050ba62dbc732638946fcd6c92
Signed-off-by: Demi Marie Obenour <de

fix(auth): forbid junk after extensions

The extensions must use all remaining bytes in the TBSCertificate.

Change-Id: Idf48f7168e146d050ba62dbc732638946fcd6c92
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

fix(auth): only accept v3 X.509 certificates

v1 and v2 are forbidden as at least one extension is required. Instead
of actually parsing the version number, just compare it with a
hard-coded string.

fix(auth): only accept v3 X.509 certificates

v1 and v2 are forbidden as at least one extension is required. Instead
of actually parsing the version number, just compare it with a
hard-coded string.

Change-Id: Ib8fd34304a0049787db77ec8c2359d0930cd4ba1
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

Merge "fix(qemu-sbsa): enable SVE and SME" into integration

Merge changes Ia14738de,I6f4cffdc into integration

* changes:
fix(tc): change the properties of optee reserved memory
feat(tc): use smmu 700

Merge "fix(cpus): workaround for Neoverse N2 erratum 2743089" into integration