refactor(cpufeat): check FEAT_FGT in a new way

To implement proper runtime checking of features, and to be able to
extend feat_detect.c to catch other cases, rework the FEAT_FGT check to
directly ca

refactor(cpufeat): check FEAT_FGT in a new way

To implement proper runtime checking of features, and to be able to
extend feat_detect.c to catch other cases, rework the FEAT_FGT check to
directly call a generic function instead of providing a trivial specific
one. The #ifdef is moved into the function, and rewritten as a proper C
if statement.
We need to force the compiler to inline that function, otherwise the
optimisation won't work, once we exceed a certain number of callers.

This starts with FEAT_FGT, but all the other features will be moved over
eventually, in separate patches.

For all features checked this way, we delay the panic() until after
every feature has been checked, to list them all during one run.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ic576922ff2c4f8d3c1b87b5843b3626729fe4514

show more ...

refactor(cpufeat): move helpers into .c file, rename FEAT_STATE_

The FEATURE_DETECTION functionality had some definitions in a header
file, although they were only used internally in the .c file.
Mo

refactor(cpufeat): move helpers into .c file, rename FEAT_STATE_

The FEATURE_DETECTION functionality had some definitions in a header
file, although they were only used internally in the .c file.
Move them over there, since there are of no interest to other users.

Also use the opportuntiy to rename the less telling FEAT_STATE_[12]
names, and let the "0" case join the game. We use DISABLED, ALWAYS, and
CHECK now, so that the casual reader has some idea what those numbers
are supposed to mean.

feature_panic() becomes "static inline", since disabling all features
makes it unused, so the compiler complains otherwise.

Finally add a new category "cpufeat" to cover CPU feature related
changes.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: If0c8ba91ad22440260ccff383c33bdd055eefbdc

show more ...

feat(aarch64): make ID system register reads non-volatile

Our system register access function wrappers are using "volatile"
inline assembly instructions. On the first glance this is a good idea,
sin

feat(aarch64): make ID system register reads non-volatile

Our system register access function wrappers are using "volatile"
inline assembly instructions. On the first glance this is a good idea,
since many system registers have side effects, and we don't want the
compiler to optimise or reorder them (what "volatile" prevents).

However this also naturally limits the compiler's freedom to optimise
code better, and those volatile properties don't apply to every type of
system register. One example are the CPU ID registers, which have
constant values, are side-effect free and read-only.

Introduce a new wrapper type that drops the volatile keyword, and use
that for the wrappers instantiating ID register accessors.

This allows the compiler to freely optimise those instructions away, if
their result isn't actually used, which can trigger further
optimisations.

Change-Id: I3c64716ae4f4bf603f0ea57b652bd50bcc67bb0e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

feat(rss): add TC platform UUIDs for RSS images

Add platform fiptool and UUIDs to the TC platform, to allow RSS images
to be inserted into and used from FIPs

Change-Id: Ic8e11bd4a766bdc616af7dee60d

feat(rss): add TC platform UUIDs for RSS images

Add platform fiptool and UUIDs to the TC platform, to allow RSS images
to be inserted into and used from FIPs

Change-Id: Ic8e11bd4a766bdc616af7dee60d44fc5d1f6e7b6
Signed-off-by: Raef Coles <raef.coles@arm.com>

show more ...

docs: change security advisories notification channel

Our documentation currently says that new security advisories will be
announced on the project's issue tracker. However, this issue tracker
is b

docs: change security advisories notification channel

Our documentation currently says that new security advisories will be
announced on the project's issue tracker. However, this issue tracker
is barely used by TF-A community and the software it is based on is
getting deprecated. Thus from now on, security advisories will rather
be announced on the project's mailing list.

Update TF-A documentation to reflect that.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: If2f635795e0af4c794015a025899bfcc7116ab38

show more ...

fix(versal): print proper atf handoff source

Versal uses PLM in the boot flow and printing FSBL in the log for
handoff parameters is misleading. Print proper source of TF-A
handoff parameters.

Chan

fix(versal): print proper atf handoff source

Versal uses PLM in the boot flow and printing FSBL in the log for
handoff parameters is misleading. Print proper source of TF-A
handoff parameters.

Change-Id: I331e2eac2f5d30beed8573940ae02094254a759b
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>

show more ...

fix(libc): remove __putchar alias

This issue was triggered by sparse tool:
lib/libc/putchar.c:9:5: warning:
symbol '__putchar' was not declared. Should it be static?
Instead of setting __putchar as

fix(libc): remove __putchar alias

This issue was triggered by sparse tool:
lib/libc/putchar.c:9:5: warning:
symbol '__putchar' was not declared. Should it be static?
Instead of setting __putchar as static, just remove the function and
directly use putchar() with a weak attribute.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ib35e4ba064f06010851bb860269b08462fe3d3bd

show more ...

refactor(mediatek): add new LPM API for further extension

Add new LPM API `mt_lp_rm_find_constraint` and `mt_lp_rm_run_constraint`
for further extension.

Signed-off-by: Liju-Clr Chen <liju-clr.chen

refactor(mediatek): add new LPM API for further extension

Add new LPM API `mt_lp_rm_find_constraint` and `mt_lp_rm_run_constraint`
for further extension.

Signed-off-by: Liju-Clr Chen <liju-clr.chen@mediatek.com>
Change-Id: I8298811e03227285a7d086166edf9e87471f74b4

show more ...

refactor(mediatek): change the parameters of LPM API

Change the parameters of the LPM API for further extension.

Change-Id: Id8897c256c2118d00c6b9f3e7424ebc6100f02eb
Signed-off-by: Liju-Clr Chen <l

refactor(mediatek): change the parameters of LPM API

Change the parameters of the LPM API for further extension.

Change-Id: Id8897c256c2118d00c6b9f3e7424ebc6100f02eb
Signed-off-by: Liju-Clr Chen <liju-clr.chen@mediatek.com>

show more ...

refactor(mediatek): change LPM header file path for further extension

Move `mt_lp_rm.h` to `plat/mediatek/include/lpm` for further extension.

Change-Id: If377ce6791ce80f82643b0f2466eb0f1aa5aa40b
Si

refactor(mediatek): change LPM header file path for further extension

Move `mt_lp_rm.h` to `plat/mediatek/include/lpm` for further extension.

Change-Id: If377ce6791ce80f82643b0f2466eb0f1aa5aa40b
Signed-off-by: Liju-Clr Chen <liju-clr.chen@mediatek.com>

show more ...

feat(mt8188): keep infra and peri on when system suspend

In order to wake up system from USB devices, keep infra and peri on
when system suspend.

Change-Id: I0a0eb2e72709b0cc1bf11b36241a50cb5d85d9b

feat(mt8188): keep infra and peri on when system suspend

In order to wake up system from USB devices, keep infra and peri on
when system suspend.

Change-Id: I0a0eb2e72709b0cc1bf11b36241a50cb5d85d9b8
Signed-off-by: Shaocheng Wang <shaocheng.wang@mediatek.corp-partner.google.com>

show more ...

feat(mt8188): enable SPM and LPM

Enable SPM and LPM features for MT8188.

Signed-off-by: James Liao <jamesjj.liao@mediatek.com>
Change-Id: Ib3e2b305e9e3cf5a67e6e787ff942831b5ff28cd

feat(mt8188): add SPM feature support

Add SPM low power functions, such as system suspend.

Change-Id: I6d1ad847a81ba9c347ab6fb8a8cb8c69004b7add
Signed-off-by: James Liao <jamesjj.liao@mediatek.com>

feat(mt8188): add MT8188 SPM support

Add SPM basic functions including SPM init.

Signed-off-by: James Liao <jamesjj.liao@mediatek.com>
Change-Id: I5d4860685c15f3b8d555e697837862287f0c303e

feat(mediatek): add SPM's SSPM notifier

The notifier is used to notify SSPM to sleep when system suspend or
notify SSPM to wakeup when system resume.

Change-Id: I027ca356a84ea1e58be54a8a5eb302b3b96

feat(mediatek): add SPM's SSPM notifier

The notifier is used to notify SSPM to sleep when system suspend or
notify SSPM to wakeup when system resume.

Change-Id: I027ca356a84ea1e58be54a8a5eb302b3b96c2e22
Signed-off-by: James Liao <jamesjj.liao@mediatek.com>

show more ...

feat(mt8188): add the register definitions accessed by SPM

SPM needs to access some modules' registers to decide its sleep
behavior. This patch add these register definitions to platform_def.h.

Sig

feat(mt8188): add the register definitions accessed by SPM

SPM needs to access some modules' registers to decide its sleep
behavior. This patch add these register definitions to platform_def.h.

Signed-off-by: James Liao <jamesjj.liao@mediatek.com>
Change-Id: I3bebe74e367d5f6a7b59563036e18a83a3ef31e9

show more ...

feat(mediatek): add new features of LPM

Add new functions and intefaces of LPM to support more interactions
between LPM providers and users.

Signed-off-by: James Liao <jamesjj.liao@mediatek.com>
Ch

feat(mediatek): add new features of LPM

Add new functions and intefaces of LPM to support more interactions
between LPM providers and users.

Signed-off-by: James Liao <jamesjj.liao@mediatek.com>
Change-Id: I8ebbda0c0ef5be3a7a388a38c09424ebf785996f

show more ...

refactor(el3_runtime): remove unnecessary assembly macros

Following macros removed
- handle_async_ea : It duplicates "check_and_unmask_ea" functionality
- check_if_serror_from_EL3: This macro is

refactor(el3_runtime): remove unnecessary assembly macros

Following macros removed
- handle_async_ea : It duplicates "check_and_unmask_ea" functionality
- check_if_serror_from_EL3: This macro is small and called only once,
replace this macro with instructions at the caller.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Id7eec6263ec23cc8792139f491c563f616fd3618

show more ...

fix(console): correct scopes for console symbols

console_state is only used in multi_console.c, it is then declared as
static. console_list is used by several files, declare it as extern.
This corre

fix(console): correct scopes for console symbols

console_state is only used in multi_console.c, it is then declared as
static. console_list is used by several files, declare it as extern.
This corrects the 2 sparse warnings:
drivers/console/multi_console.c:13:11: warning: symbol 'console_list'
was not declared. Should it be static?
drivers/console/multi_console.c:14:9: warning: symbol 'console_state'
was not declared. Should it be static?

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Id1891595906c258e8cb8aa325226f0a43723ca0e

show more ...

fix(auth): use NULL instead of 0 for pointer check

This was triggered by sparse tool:
drivers/auth/mbedtls/mbedtls_x509_parser.c:481:42: warning:
Using plain integer as NULL pointer

Signed-off-by:

fix(auth): use NULL instead of 0 for pointer check

This was triggered by sparse tool:
drivers/auth/mbedtls/mbedtls_x509_parser.c:481:42: warning:
Using plain integer as NULL pointer

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I392316c2a81ef8da7597e35f136e038f152d19d1

show more ...

fix(io): compare function pointers with NULL

The ops->read and ops->write existence was checked with 0, change it
to NULL.
This corrects sparse issues:
drivers/io/io_block.c:272:9: warning:
Using p

fix(io): compare function pointers with NULL

The ops->read and ops->write existence was checked with 0, change it
to NULL.
This corrects sparse issues:
drivers/io/io_block.c:272:9: warning:
Using plain integer as NULL pointer
drivers/io/io_block.c:384:9: warning:
Using plain integer as NULL pointer
drivers/io/io_block.c:384:9: warning:
Using plain integer as NULL pointer

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I039050a645107523d8263ddf820e539c260d956c

show more ...

fix(fdt-wrappers): use correct prototypes

These issues were triggered by sparse tool:
common/fdt_wrappers.c:209:36:
warning: incorrect type in assignment (different base types)
expected unsigned

fix(fdt-wrappers): use correct prototypes

These issues were triggered by sparse tool:
common/fdt_wrappers.c:209:36:
warning: incorrect type in assignment (different base types)
expected unsigned long long [usertype]
got restricted fdt64_t
common/fdt_wrappers.c:211:36:
warning: incorrect type in assignment (different base types)
expected unsigned int [usertype]
got restricted fdt32_t
common/fdt_wrappers.c:401:45:
warning: incorrect type in argument 1 (different base types)
expected restricted fdt32_t const [usertype] *prop
got unsigned int const [usertype] *value
common/fdt_wrappers.c:402:52:
warning: incorrect type in argument 1 (different base types)
expected restricted fdt32_t const [usertype] *prop
got unsigned int const [usertype] *
common/fdt_wrappers.c:404:66:
warning: incorrect type in argument 1 (different base types)
expected restricted fdt32_t const [usertype] *prop
got unsigned int const [usertype] *

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I32067607cd4da1897f0ce5d8e1e2d51e044ab815

show more ...

fix(auth): properly validate X.509 extensions

get_ext() does not check the return value of the various mbedtls_*
functions, as cert_parse() is assumed to have guaranteed that they will
always succee

fix(auth): properly validate X.509 extensions

get_ext() does not check the return value of the various mbedtls_*
functions, as cert_parse() is assumed to have guaranteed that they will
always succeed. However, it passes the end of an extension as the end
pointer to these functions, whereas cert_parse() passes the end of the
TBSCertificate. Furthermore, cert_parse() does *not* check that the
contents of the extension have the same length as the extension itself.
Before fd37982a19a4a291 ("fix(auth): forbid junk after extensions"),
cert_parse() also does not check that the extension block extends to the
end of the TBSCertificate.

This is a problem, as mbedtls_asn1_get_tag() leaves *p and *len
undefined on failure. In practice, this results in get_ext() continuing
to parse at different offsets than were used (and validated) by
cert_parse(), which means that the in-bounds guarantee provided by
cert_parse() no longer holds.

This patch fixes the remaining flaw by enforcing that the contents of an
extension are the same length as the extension itself.

Change-Id: Id4570f911402e34d5d6c799ae01a01f184c68d7c
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

fix(auth): avoid out-of-bounds read in auth_nvctr()

auth_nvctr() does not check that the buffer provided is long enough to
hold an ASN.1 INTEGER, or even that the buffer is non-empty. Since
auth_nv

fix(auth): avoid out-of-bounds read in auth_nvctr()

auth_nvctr() does not check that the buffer provided is long enough to
hold an ASN.1 INTEGER, or even that the buffer is non-empty. Since
auth_nvctr() will only ever read 6 bytes, it is possible to read up to
6 bytes past the end of the buffer.

This out-of-bounds read turns out to be harmless. The only caller of
auth_nvctr() always passes a pointer into an X.509 TBSCertificate, and
all in-tree chains of trust require that the certificate’s signature has
already been validated. This means that the signature algorithm
identifier is at least 4 bytes and the signature itself more than that.
Therefore, the data read will be from the certificate itself. Even if
the certificate signature has not been validated, an out-of-bounds read
is still not possible. Since there are at least two bytes (tag and
length) in both the signature algorithm ID and the signature itself, an
out-of-bounds read would require that the tag byte of the signature
algorithm ID would need to be either the tag or length byte of the
DER-encoded nonvolatile counter. However, this byte must be
(MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) (0x30), which is
greater than 4 and not equal to MBEDTLS_ASN1_INTEGER (2). Therefore,
auth_nvctr() will error out before reading the integer itself,
preventing an out-of-bounds read.

Change-Id: Ibdf1af702fbeb98a94c0c96456ebddd3d392ad44
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

Merge changes from topic "bk/warnings" into integration

* changes:
docs: describe the new warning levels
build: add -Wunused-const-variable=2 to W=2
build: include -Wextra in generic builds

Merge changes from topic "bk/warnings" into integration

* changes:
docs: describe the new warning levels
build: add -Wunused-const-variable=2 to W=2
build: include -Wextra in generic builds
docs(porting-guide): update a reference
fix(st-usb): replace redundant checks with asserts
fix(brcm): add braces around bodies of conditionals
fix(renesas): align incompatible function pointers
fix(zynqmp): remove redundant api_version check
fix: remove old-style declarations
fix: unify fallthrough annotations

show more ...