refactor(st): move board info in common code

Create a function stm32_display_board_info() that will display ST
board information, from a parameter taken from OTP fuse. The code
is just moved from ST

refactor(st): move board info in common code

Create a function stm32_display_board_info() that will display ST
board information, from a parameter taken from OTP fuse. The code
is just moved from STM32MP1 part to common directory.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I9e12fe98b5aabc7791cf2c9d48a38fbf2b219f9e

show more ...

refactor(st): move GIC code to common directory

The GIC v2 initialization code could be shared to other ST platforms.
The stm32mp1_gic.c file is then moved to common directory, and renamed
stm32mp_g

refactor(st): move GIC code to common directory

The GIC v2 initialization code could be shared to other ST platforms.
The stm32mp1_gic.c file is then moved to common directory, and renamed
stm32mp_gic.c.
The functions are also prefixed with stm32mp_gic.

Change-Id: I60820823b470217d3a95cc569f941c2cb923dfa9
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

refactor(st): move boot backup register management

This backup register used to pass boot information to BL33, has the
same mapping for ST platforms. Its management can then be moved to
common direc

refactor(st): move boot backup register management

This backup register used to pass boot information to BL33, has the
same mapping for ST platforms. Its management can then be moved to
common directory.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic873f099c1f87c6ba2825b4946365ae6a9687798

show more ...

Merge "refactor(trng): discarding the used entropy bits" into integration

fix(plat/tc): increase TC_TZC_DRAM1_SIZE

Increase TC_TZC_DRAM1_SIZE for Trusty image and its memory size.
Update OP-TEE reserved memory range in DTS

Change-Id: Iad433c3c155f28860b15bde2398df6534871

fix(plat/tc): increase TC_TZC_DRAM1_SIZE

Increase TC_TZC_DRAM1_SIZE for Trusty image and its memory size.
Update OP-TEE reserved memory range in DTS

Change-Id: Iad433c3c155f28860b15bde2398df653487189dd
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>

show more ...

Merge "refactor(auth): avoid parsing signature algorithm twice" into integration

Merge changes I794d2927,Ie33205fb,Ifdbe3b4c into integration

* changes:
refactor(auth): do not include SEQUENCE tag in saved extensions
fix(auth): reject junk after certificates
fix(auth): req

Merge changes I794d2927,Ie33205fb,Ifdbe3b4c into integration

* changes:
refactor(auth): do not include SEQUENCE tag in saved extensions
fix(auth): reject junk after certificates
fix(auth): require bit strings to have no unused bits

show more ...

refactor(auth): do not include SEQUENCE tag in saved extensions

This makes the code a little bit smaller. No functional change
intended.

Change-Id: I794d2927fcd034a79e29c9bba1f8e4410203f547
Signed

refactor(auth): do not include SEQUENCE tag in saved extensions

This makes the code a little bit smaller. No functional change
intended.

Change-Id: I794d2927fcd034a79e29c9bba1f8e4410203f547
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

fix(auth): reject junk after certificates

Certificates must not allow trailing junk after them.

Change-Id: Ie33205fb051fc63af5b72c326822da7f62eec1d1
Signed-off-by: Demi Marie Obenour <demiobenour@g

fix(auth): reject junk after certificates

Certificates must not allow trailing junk after them.

Change-Id: Ie33205fb051fc63af5b72c326822da7f62eec1d1
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

fix(auth): require bit strings to have no unused bits

This is already checked by the crypto module or by mbedTLS, but checking
it in the X.509 parser is harmless.

Change-Id: Ifdbe3b4c6d04481bb8e931

fix(auth): require bit strings to have no unused bits

This is already checked by the crypto module or by mbedTLS, but checking
it in the X.509 parser is harmless.

Change-Id: Ifdbe3b4c6d04481bb8e93106ee04b49a70f50d5d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

Merge changes Ia748b6ae,Id8a48e14,Id25ab231,Ie26eed8a,Idf48f716, ... into integration

* changes:
refactor(auth): partially validate SubjectPublicKeyInfo early
fix(auth): reject padding after BIT

Merge changes Ia748b6ae,Id8a48e14,Id25ab231,Ie26eed8a,Idf48f716, ... into integration

* changes:
refactor(auth): partially validate SubjectPublicKeyInfo early
fix(auth): reject padding after BIT STRING in signatures
fix(auth): reject invalid padding in digests
fix(auth): require at least one extension to be present
fix(auth): forbid junk after extensions
fix(auth): only accept v3 X.509 certificates

show more ...

Merge changes from topic "st_fix_sparse_warnings" into integration

* changes:
fix(st-crypto): remove platdata functions
fix(st-crypto): set get_plain_pk_from_asn1() static
fix(stm32mp1): add m

Merge changes from topic "st_fix_sparse_warnings" into integration

* changes:
fix(st-crypto): remove platdata functions
fix(st-crypto): set get_plain_pk_from_asn1() static
fix(stm32mp1): add missing platform.h include
fix(st): make metadata_block_spec static

show more ...

refactor(auth): avoid parsing signature algorithm twice

Since the two instances of the signature algorithm in a certificate must
be bitwise identical, it is not necessary to parse both of them.
Inst

refactor(auth): avoid parsing signature algorithm twice

Since the two instances of the signature algorithm in a certificate must
be bitwise identical, it is not necessary to parse both of them.
Instead, it suffices to parse one of them, and then check that the other
fits in the remaining buffer space and is equal to the first.

Change-Id: Id0a0663165f147879ac83b6a540378fd4873b0dd
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

refactor(auth): partially validate SubjectPublicKeyInfo early

This reduces the likelihood of future problems later.

Change-Id: Ia748b6ae31a7a48f17ec7f0fc08310a50cd1b135
Signed-off-by: Demi Marie Ob

refactor(auth): partially validate SubjectPublicKeyInfo early

This reduces the likelihood of future problems later.

Change-Id: Ia748b6ae31a7a48f17ec7f0fc08310a50cd1b135
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

fix(auth): reject padding after BIT STRING in signatures

It is forbidden by ASN.1 DER.

Change-Id: Id8a48e14bb8a1a17a6481ea3fde0803723c05e31
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

fix(auth): reject invalid padding in digests

Digests must not have padding after the SEQUENCE or OCTET STRING.

Change-Id: Id25ab23111781f8c8a97c2c3c8edf1cc4a4384c0
Signed-off-by: Demi Marie Obenour

fix(auth): reject invalid padding in digests

Digests must not have padding after the SEQUENCE or OCTET STRING.

Change-Id: Id25ab23111781f8c8a97c2c3c8edf1cc4a4384c0
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

fix(auth): require at least one extension to be present

X.509 and RFC5280 allow omitting the extensions entirely, but require
that if the extensions field is present at all, it must contain at least

fix(auth): require at least one extension to be present

X.509 and RFC5280 allow omitting the extensions entirely, but require
that if the extensions field is present at all, it must contain at least
one certificate. TF-A already requires the extensions to be present,
but allows them to be empty. However, a certificate with an empty
extensions field will always fail later on, as the extensions contain
the information needed to validate the next stage in the boot chain.
Therefore, it is simpler to require the extension field to be present
and contain at least one extension. Also add a comment explaining why
the extensions field is required, even though it is OPTIONAL in the
ASN.1 syntax.

Change-Id: Ie26eed8a7924bf50937a6b27ccdf7cc9a390588d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

fix(auth): forbid junk after extensions

The extensions must use all remaining bytes in the TBSCertificate.

Change-Id: Idf48f7168e146d050ba62dbc732638946fcd6c92
Signed-off-by: Demi Marie Obenour <de

fix(auth): forbid junk after extensions

The extensions must use all remaining bytes in the TBSCertificate.

Change-Id: Idf48f7168e146d050ba62dbc732638946fcd6c92
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

fix(auth): only accept v3 X.509 certificates

v1 and v2 are forbidden as at least one extension is required. Instead
of actually parsing the version number, just compare it with a
hard-coded string.

fix(auth): only accept v3 X.509 certificates

v1 and v2 are forbidden as at least one extension is required. Instead
of actually parsing the version number, just compare it with a
hard-coded string.

Change-Id: Ib8fd34304a0049787db77ec8c2359d0930cd4ba1
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

show more ...

Merge "fix(qemu-sbsa): enable SVE and SME" into integration

Merge changes Ia14738de,I6f4cffdc into integration

* changes:
fix(tc): change the properties of optee reserved memory
feat(tc): use smmu 700

Merge "fix(cpus): workaround for Neoverse N2 erratum 2743089" into integration

fix(cpus): workaround for Neoverse N2 erratum 2743089

Neoverse N2 erratum 2743089 is a Cat B erratum that applies to
all revisions <=r0p2 and is fixed in r0p3. The workaround is to
insert a dsb befo

fix(cpus): workaround for Neoverse N2 erratum 2743089

Neoverse N2 erratum 2743089 is a Cat B erratum that applies to
all revisions <=r0p2 and is fixed in r0p3. The workaround is to
insert a dsb before the isb in the power down sequence.

SDEN documentation:
https://developer.arm.com/documentation/SDEN1982442/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Idec862226bd32c91374a8bbd5d73d7ee480a34d9

show more ...

Merge changes I0362da46,I8ee7c16c into integration

* changes:
fix(cpus): workaround for Cortex-A78 erratum 2772019
fix(cpus): workaround for Neoverse V1 erratum 2743093

feat(fvp): emulate trapped RNDR

When a platform decides to use FEAT_RNG_TRAP, every RNDR or RNDRSS read
will trap into EL3. The platform can then emulate those instructions, by
either executing the

feat(fvp): emulate trapped RNDR

When a platform decides to use FEAT_RNG_TRAP, every RNDR or RNDRSS read
will trap into EL3. The platform can then emulate those instructions, by
either executing the real CPU instructions, potentially conditioning the
results, or use rate-limiting or filtering to protect the hardware
entropy pool. Another possiblitiy would be to use some platform specific
TRNG device to get entropy and returning this.

To demonstrate platform specific usage, add a demo implementation for the
FVP: It will execute the actual CPU instruction and just return the
result. This should serve as reference code to implement platform specific
policies.

We change the definition of read_rndr() and read_rndrrs() to use the
alternative sysreg encoding, so that all assemblers can handle that.

Add documentation about the new platform specific RNG handler function.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ibce817b3b06ad20129d15531b81402e3cc3e9a9e

show more ...