refactor(imx): update config of mbedtls support

Pull in MbedTLS support for sha512 when greater than sha256 is required
based on refactoring for hash algorithm selection for Measured Boot.

Signed-o

refactor(imx): update config of mbedtls support

Pull in MbedTLS support for sha512 when greater than sha256 is required
based on refactoring for hash algorithm selection for Measured Boot.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I489392133435436a16edced1d810bc5204ba608f

show more ...

refactor(qemu): update configuring mbedtls support

Pull in MbedTLS support for sha512 when greater than sha256 is required
based on refactoring for hash algorithm selection for Measured Boot.

Signe

refactor(qemu): update configuring mbedtls support

Pull in MbedTLS support for sha512 when greater than sha256 is required
based on refactoring for hash algorithm selection for Measured Boot.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ib0ca5ecdee7906b41a0e1060339d43ce7a018d31

show more ...

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algori

refactor(measured-boot): mb algorithm selection

With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:

- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.

- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.

- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I4ddf06ebdc3835beb4d1b6c7bab5a257ffc5c71a

show more ...

fix(errata): workaround for Cortex-A77 erratum 2356587

Cortex-A77 erratum 2356587 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUAC

fix(errata): workaround for Cortex-A77 erratum 2356587

Cortex-A77 erratum 2356587 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1152370/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I243cfd587bca06ffd2a7be5bce28f8d2c5e68230

show more ...

fix(errata): workaround for Neoverse-V1 erratum 2372203

Neoverse-V1 erratum 2372203 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[40] of
CP

fix(errata): workaround for Neoverse-V1 erratum 2372203

Neoverse-V1 erratum 2372203 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[40] of
CPUACTLR2_EL1 to disable folding of demand requests into older
prefetches with L2 miss requests outstanding.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ice8c2e5a0152972a35219c8245a2e07e646d0557

show more ...

fix(measured-boot): fix verbosity level of RSS digests traces

Most traces displayed by log_measurement() use the INFO verbosity
level. Only the digests are unconditionally printed, regardless of
the

fix(measured-boot): fix verbosity level of RSS digests traces

Most traces displayed by log_measurement() use the INFO verbosity
level. Only the digests are unconditionally printed, regardless of
the verbosity level. As a result, when the verbosity level is set
lower than INFO (typically in release mode), only the digests are
printed, which look weird and out of context.

Change-Id: I0220977c35dcb636f1510d8a7a0a9e3d92548bdc
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

refactor(arm): update BL2 base address

BL2 base address updated to provide enough space for BL31 in
Trusted SRAM when building with BL2_AT_EL3 and ENABLE_PIE options.

Signed-off-by: Manish V Badark

refactor(arm): update BL2 base address

BL2 base address updated to provide enough space for BL31 in
Trusted SRAM when building with BL2_AT_EL3 and ENABLE_PIE options.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ieaba00d841648add855feb99b7923a4b0cccfb08

show more ...

refactor(nxp): use DPG0 mask from Arm GICv3 header

Removed GICR_CTLR_DPG0_MASK definition from platform GIC header file
as Arm GICv3 header file added its definition.

Change-Id: Ieec43aeef96b9b6c8a

refactor(nxp): use DPG0 mask from Arm GICv3 header

Removed GICR_CTLR_DPG0_MASK definition from platform GIC header file
as Arm GICv3 header file added its definition.

Change-Id: Ieec43aeef96b9b6c8a7f955a8d145be6e4b183c5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(gic600): implement workaround to forward highest priority interrupt

If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET com

fix(gic600): implement workaround to forward highest priority interrupt

If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET command may not
be delivered in a finite time. To workaround this, issue an unblocking
event by toggling GICR_CTLR.DPG* bits after clearing the cpu group
enable (EnableGrp* bits of GIC CPU interface register)
This fix is implemented as per the errata 2384374-part 2 workaround
mentioned here:
https://developer.arm.com/documentation/sden892601/latest/

Change-Id: I13926ceeb7740fa4c05cc5b43170e7ce49598f70
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "build(changelog): add stm32mp13 and stm32mp15 scopes" into integration

fix(zynqmp): move bl31 with DEBUG=1 back to OCM

By default placing bl31 to addrexx 0x1000 is not good. Because this
location is used by U-Boot SPL. That's why move TF-A back to OCM where it
should b

fix(zynqmp): move bl31 with DEBUG=1 back to OCM

By default placing bl31 to addrexx 0x1000 is not good. Because this
location is used by U-Boot SPL. That's why move TF-A back to OCM where it
should be placed. BL31_BASE address exactly matches which requested address
for U-BOOT SPL boot flow.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I608c1b88baffec538c6ae528f057820e34971c4c

show more ...

feat(arm): retrieve the right ROTPK for cca

The cca chain of trust involves 3 root-of-trust public keys:
- The CCA components ROTPK.
- The platform owner ROTPK (PROTPK).
- The secure world ROTPK (SW

feat(arm): retrieve the right ROTPK for cca

The cca chain of trust involves 3 root-of-trust public keys:
- The CCA components ROTPK.
- The platform owner ROTPK (PROTPK).
- The secure world ROTPK (SWD_ROTPK).

Use the cookie argument as a key ID for plat_get_rotpk_info() to return
the appropriate one.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ieaae5b0bc4384dd12d0b616596596b031179044a

show more ...

feat(arm): add support for cca CoT

- Use the development PROTPK and SWD_ROTPK if using cca CoT.

- Define a cca CoT build flag for the platform code to provide
different implementations where needed

feat(arm): add support for cca CoT

- Use the development PROTPK and SWD_ROTPK if using cca CoT.

- Define a cca CoT build flag for the platform code to provide
different implementations where needed.

- When ENABLE_RME=1, CCA CoT is selected by default on Arm
platforms if no specific CoT is specified by the user.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I70ae6382334a58d3c726b89c7961663eb8571a64

show more ...

feat(arm): provide some swd rotpk files

When using the new cca chain of trust, a new root of trust key is needed
to authenticate the images belonging to the secure world. Provide a
development one t

feat(arm): provide some swd rotpk files

When using the new cca chain of trust, a new root of trust key is needed
to authenticate the images belonging to the secure world. Provide a
development one to deploy this on Arm platforms.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I9ea7bc1c15c0c94c1021d879a839cef40ba397e3

show more ...

build(tbbr): drive cert_create changes for cca CoT

The build system needs to drive the cert_create tool in a slightly
different manner when using the cca chain of trust.

- It needs to pass it the p

build(tbbr): drive cert_create changes for cca CoT

The build system needs to drive the cert_create tool in a slightly
different manner when using the cca chain of trust.

- It needs to pass it the plat, core_swd, and swd ROT key files.

- It must now generate the cca, core_swd, and plat key certificates,
and exclude the non-relevant certificates.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I5759bfaf06913f86b47c7d04c897773bba16a807

show more ...

refactor(arm): add cca CoT certificates to fconf

Adding support in fconf for the cca CoT certificates for cca, core_swd,
and plat key.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

refactor(arm): add cca CoT certificates to fconf

Adding support in fconf for the cca CoT certificates for cca, core_swd,
and plat key.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I8019cbcb7ccd4de6da624aebf3611b429fb53f96

show more ...

feat(fiptool): add cca, core_swd, plat cert in FIP

Added support for cca CoT in the fiptool by adding the cca,
core_swd, and plat key certificates.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmei

feat(fiptool): add cca, core_swd, plat cert in FIP

Added support for cca CoT in the fiptool by adding the cca,
core_swd, and plat key certificates.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I1ba559e188ad8c33cb0e643d7a2fc6fb96736ab9

show more ...

feat(cert_create): define the cca chain of trust

Selection of the cca chain of trust is done through the COT build
option:

> make COT=cca

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.

feat(cert_create): define the cca chain of trust

Selection of the cca chain of trust is done through the COT build
option:

> make COT=cca

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I123c0a841f67434633a3123cc1fa3e2318585482

show more ...

feat(cca): introduce new "cca" chain of trust

This chain of trust is targeted at Arm CCA solutions and defines 3
independent signing domains:

1) CCA signing domain. The Arm CCA Security Model (Arm

feat(cca): introduce new "cca" chain of trust

This chain of trust is targeted at Arm CCA solutions and defines 3
independent signing domains:

1) CCA signing domain. The Arm CCA Security Model (Arm DEN-0096.A.a) [1]
refers to the CCA signing domain as the provider of CCA components
running on the CCA platform. The CCA signing domain might be independent
from other signing domains providing other firmware blobs.

The CCA platform is a collective term used to identify all hardware and
firmware components involved in delivering the CCA security guarantee.
Hence, all hardware and firmware components on a CCA enabled system that
a Realm is required to trust.

In the context of TF-A, this corresponds to BL1, BL2, BL31, RMM and
associated configuration files.

The CCA signing domain is rooted in the Silicon ROTPK, just as in the
TBBR CoT.

2) Non-CCA Secure World signing domain. This includes SPMC (and
associated configuration file) as the expected BL32 image as well as
SiP-owned secure partitions. It is rooted in a new SiP-owned key called
Secure World ROTPK, or SWD_ROTPK for short.

3) Platform owner signing domain. This includes BL33 (and associated
configuration file) and the platform owner's secure partitions. It is
rooted in the Platform ROTPK, or PROTPK.

[1] https://developer.arm.com/documentation/DEN0096/A_a

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I6ffef3f53d710e6a2072fb4374401249122a2805

show more ...

build(changelog): add new scope for CCA

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Iccba57a292e6668e6a6d93f1cb0e1633592a4009

refactor(fvp): increase bl2 size when bl31 in DRAM

Increase the space for BL2 by 0xC000 to accommodate the increase in size
of BL2 when ARM_BL31_IN_DRAM is set.

Signed-off-by: Lauren Wehrmeister <l

refactor(fvp): increase bl2 size when bl31 in DRAM

Increase the space for BL2 by 0xC000 to accommodate the increase in size
of BL2 when ARM_BL31_IN_DRAM is set.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ifc99da51f2de3c152bbed1c8269dcc8b9100797a

show more ...

Merge "fix(errata): workaround for Neoverse-V1 erratum 2294912" into integration

fix(errata): workaround for Neoverse-V1 erratum 2294912

Neoverse-V1 erratum 2294912 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPU

fix(errata): workaround for Neoverse-V1 erratum 2294912

Neoverse-V1 erratum 2294912 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ia7afb4c42fe66b36fdf38a7d4281a0d168f68354

show more ...

Merge "feat(zynqmp): add support for xck24 silicon" into integration

Merge "refactor(context mgmt): refactor EL2 context save and restore functions" into integration