refactor(rpi3): use crypto-agile measured boot

Adopt the crypto-agile measured boot API for RPi3. Replace the previous
single-algorithm hash configuration with dynamic algorithm selection.
Factor co

refactor(rpi3): use crypto-agile measured boot

Adopt the crypto-agile measured boot API for RPi3. Replace the previous
single-algorithm hash configuration with dynamic algorithm selection.
Factor common measurement logic into a shared helper, update BL1/BL2
integration, and ensure event log header generation and TPM extension
use the new multi-algorithm model.

Change-Id: Id700710ad2c893fc13614c81c01b8812e8edff7d
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

refactor(fvp): use crypto-agile measured boot

Update the FVP measured boot flow to use the crypto-agile API. Replace
the previous single-algorithm hash configuration with dynamic algorithm
selection

refactor(fvp): use crypto-agile measured boot

Update the FVP measured boot flow to use the crypto-agile API. Replace
the previous single-algorithm hash configuration with dynamic algorithm
selection. Align image measurement and event log header generation with
the new hashing model and update platform glue code accordingly.

Change-Id: I4128a0c66a56df6c473c47a577d86cd38bf057f6
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat(measured-boot): enable dynamic hash provisioning

Introduce dynamic hash provisioning for Measured Boot by removing the
previous static hash-selection path and allowing platforms to supply
algor

feat(measured-boot): enable dynamic hash provisioning

Introduce dynamic hash provisioning for Measured Boot by removing the
previous static hash-selection path and allowing platforms to supply
algorithm metadata at runtime. Add mboot_find_event_log_metadata() as a
common helper for resolving image metadata. Update the Event Log build
logic to use MAX_DIGEST_SIZE and MAX_HASH_COUNT, deprecate legacy
MBOOT_EL_HASH_ALG, and warn when it is used. Adjust MbedTLS
configuration to enable hash algorithms automatically when Measured Boot
is enabled.

Change-Id: I704e1a5005f6caad3d51d868bacc53699b6dd64f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

feat: add TPM/TCG hashing helper to crypto module

Introduce crypto_mod_tcg_hash(), a helper that maps TPM/TCG algorithm
identifiers to the platform crypto backend. This ensures that Event Log
measur

feat: add TPM/TCG hashing helper to crypto module

Introduce crypto_mod_tcg_hash(), a helper that maps TPM/TCG algorithm
identifiers to the platform crypto backend. This ensures that Event Log
measurements use the same digest implementation as the platform PCR
backend regardless of whether hashing is performed in software,
hardware, or a discrete TPM. Update the measured boot design document,
expose the new API via public headers, and implement the helper in the
common crypto module.

Change-Id: Id4f7f1d0014ab42064c46819965417daef71555b
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

chore: bump event log library

This adds support for logging more than one digest at a time, breaking
the existing platform integrations which rely on support for a single
digest format.

Change-Id:

chore: bump event log library

This adds support for logging more than one digest at a time, breaking
the existing platform integrations which rely on support for a single
digest format.

Change-Id: I131f158bff5a6e651fe8db89b02446538cb7bcc0
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

refactor(tpm): remove TPM code from TF-A

git rm of TPM source and header files from platform tree.

Change-Id: I4d50d138166fe25b4d51bb3f1955797aa3d025ab
Signed-off-by: Matthew Ellis <Matthew.Ellis@a

refactor(tpm): remove TPM code from TF-A

git rm of TPM source and header files from platform tree.

Change-Id: I4d50d138166fe25b4d51bb3f1955797aa3d025ab
Signed-off-by: Matthew Ellis <Matthew.Ellis@arm.com>

show more ...

feat(tpm): changes to support TPM lib

The build system sets TPM_INTERFACE to FIFO_SPI, but this cannot be
tested by the C preprocessor. So, create new build define
TPM_INTERFACE_FIFO_SPI. Correct th

feat(tpm): changes to support TPM lib

The build system sets TPM_INTERFACE to FIFO_SPI, but this cannot be
tested by the C preprocessor. So, create new build define
TPM_INTERFACE_FIFO_SPI. Correct the #if statements to use it.

Make spi_init() in rpi3_spi.c static.
Pass timer functions as ops structure to TPM.
Remove implicit interface between TPM library and main firmware by
introducing explicit interface to allow firmware to pass structure
of function pointers to setup a timer and check whether it has elapsed.

Update build system for new TPM lib location.
Change #include statements in TPM source and header files to allow
for new directory structure.

Change-Id: Ie16b2e402b963161d7d4f35a187b9bd2765a1faa
Signed-off-by: Matthew Ellis <Matthew.Ellis@arm.com>

show more ...

feat: add libtpm submodule

Add libtpm from:
https://review.trustedfirmware.org/c/shared/libTPM/+/43107/31

Change-Id: I574893fa0cba747f2a92ae3ac6e116aee7980293
Signed-off-by: Harrison Mutai <harriso

feat: add libtpm submodule

Add libtpm from:
https://review.trustedfirmware.org/c/shared/libTPM/+/43107/31

Change-Id: I574893fa0cba747f2a92ae3ac6e116aee7980293
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Signed-off-by: Matthew Ellis <Matthew.Ellis@arm.com>

show more ...

fix(cpufeat): always provide pauth context helper

We need to be able to work on the structure with or without pauth.
Arrange the getter so that it can compile even if it wouldn't be
functional.

Cha

fix(cpufeat): always provide pauth context helper

We need to be able to work on the structure with or without pauth.
Arrange the getter so that it can compile even if it wouldn't be
functional.

Change-Id: I563680fc76f4e08d3e77e01ed7525d09c7c617ab
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "feat(neoverse-rd): set the correct Arm version for rdn2" into integration

Merge "fix(cpus): fix C1 Pro powerdown abandon behavior" into integration

Merge "refactor(cm): reduce conditional compilation" into integration

Merge "fix(cm): remove set_aapcs_args functions" into integration

Merge "fix(cpufeat): enable FEAT_FGWTE3 after FEAT_CPA" into integration

fix(cpus): fix C1 Pro powerdown abandon behavior

This change restores a toggle to IMP_CPUPWRCTLR_EL1.CORE_PWRDN_EN
that was accidentally changed to a bitset in [1]. Without this change, a
powerdown

fix(cpus): fix C1 Pro powerdown abandon behavior

This change restores a toggle to IMP_CPUPWRCTLR_EL1.CORE_PWRDN_EN
that was accidentally changed to a bitset in [1]. Without this change, a
powerdown abandon followed by a non-powerdown CPU_SUSPEND will
incorrectly trigger a power down.

This change is similar to [2].

[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/42920/
[2] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/43236/

Change-Id: Ife86bd2b5bac4829e695a1aa180926dfad19a470
Signed-off-by: Jim Ray <jimray@google.com>

show more ...

fix(cpufeat): enable FEAT_FGWTE3 after FEAT_CPA

FEAT_CPA needs to write SCTLR2_EL3 which will be forbidden after
initialising FEAT_FGWTE3. Correct the order.

Change-Id: I3a0554d2a73f773b3ad672eb1e4

fix(cpufeat): enable FEAT_FGWTE3 after FEAT_CPA

FEAT_CPA needs to write SCTLR2_EL3 which will be forbidden after
initialising FEAT_FGWTE3. Correct the order.

Change-Id: I3a0554d2a73f773b3ad672eb1e4b0db0171d38bd
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

refactor(cm): reduce conditional compilation

Context debug needs to switch between EL1 and EL2 context but it can
re-use its variables and function calls with a bit of clever naming.
Unify them to r

refactor(cm): reduce conditional compilation

Context debug needs to switch between EL1 and EL2 context but it can
re-use its variables and function calls with a bit of clever naming.
Unify them to reduce #if-s.

Change-Id: I401667c4bc07938c99163c035dbed1101d986859
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(cm): remove set_aapcs_args functions

These functions were added as wrappers on context but were never used,
mainly because we sometimes only have a reference to the gpregs
sub-struct. Remove the

fix(cm): remove set_aapcs_args functions

These functions were added as wrappers on context but were never used,
mainly because we sometimes only have a reference to the gpregs
sub-struct. Remove them to reduce clutter.

Change-Id: If10dade6ea9cc90384344cf0149482574cf0e116
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(psci): gate suspend end_pwrlvl override in OS_INIT mode at runtime

This change adds an additional runtime gate to override the
suspend power level. The build-time check already existed, but
it's

fix(psci): gate suspend end_pwrlvl override in OS_INIT mode at runtime

This change adds an additional runtime gate to override the
suspend power level. The build-time check already existed, but
it's possible that PSCI might not be in OS_INIT mode. In that
case, no override should occur.

Change-Id: I695cef3f4ddd8957360fe056c8715c170df6f1f4
Signed-off-by: Bill Peckham <bpeckham@google.com>
Signed-off-by: Karunatharaka Bodduluri <karunatharaka@google.com>

show more ...

Merge changes from topic "ar/smccc_arch_wa_4" into integration

* changes:
docs(security): update CVE-2024-7881 affected CPU revisions
fix(security): update Neoverse-V2 fix version for CVE-2024-7

Merge changes from topic "ar/smccc_arch_wa_4" into integration

* changes:
docs(security): update CVE-2024-7881 affected CPU revisions
fix(security): update Neoverse-V2 fix version for CVE-2024-7881
fix(security): update Cortex-X3 fix version for CVE-2024-7881
fix(security): update Neoverse-V3/V3AE fix version for CVE-2024-7881
fix(security): update Cortex-X925 fix version for CVE-2024-7881
fix(security): update Cortex-X4 fix version for CVE-2024-7881

show more ...

docs(security): update CVE-2024-7881 affected CPU revisions

This patch updates the affected versions for the following CPUs -
Cortex-X3 [1], Cortex-X4 [2], Cortex-X925 [3], Neoverse-V2 [4],
Neoverse

docs(security): update CVE-2024-7881 affected CPU revisions

This patch updates the affected versions for the following CPUs -
Cortex-X3 [1], Cortex-X4 [2], Cortex-X925 [3], Neoverse-V2 [4],
Neoverse-V3 [5] and Neoverse-V3AE [6].
Errata IDs for reference in the respective SDENs

Cortex-X3 - 3692984
Cortex-X4 - 3692983
Cortex-X925 - 3692980
Neoverse-V2 - 3696445
Neoverse-V3/V3AE - 3696307

[1] https://developer.arm.com/documentation/SDEN-2055130/latest/
[2] https://developer.arm.com/documentation/SDEN-2432808/latest
[3] https://developer.arm.com/documentation/109180/latest/
[4] https://developer.arm.com/documentation/SDEN-2332927/latest
[5] https://developer.arm.com/documentation/SDEN-2891958/latest/
[6] https://developer.arm.com/documentation/SDEN-2615521/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Iad109561a144169fd3805c179a4f8e3bfdd59a65

show more ...

fix(security): update Neoverse-V2 fix version for CVE-2024-7881

This patch updates the Neoverse-V2 revisions for
which the CVE-2024-7881 [1] / Cat B erratum 3696445 [2] applies.
The erratum applies

fix(security): update Neoverse-V2 fix version for CVE-2024-7881

This patch updates the Neoverse-V2 revisions for
which the CVE-2024-7881 [1] / Cat B erratum 3696445 [2] applies.
The erratum applies to r0p0, r0p1, r0p2 and is still open.

[1] https://developer.arm.com/documentation/110326/latest/
[2] https://developer.arm.com/documentation/SDEN-2332927/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I1ae196fa8ce4579524faba4916f631e7c4db358b

show more ...

fix(security): update Cortex-X3 fix version for CVE-2024-7881

This patch updates the Cortex-X3 revisions for
which the CVE-2024-7881 [1] / Cat B erratum 3692984 [2] applies.
The erratum applies to r

fix(security): update Cortex-X3 fix version for CVE-2024-7881

This patch updates the Cortex-X3 revisions for
which the CVE-2024-7881 [1] / Cat B erratum 3692984 [2] applies.
The erratum applies to r0p0, r1p0, r1p1, r1p2 and is still open.

[1] https://developer.arm.com/documentation/110326/latest/
[2] https://developer.arm.com/documentation/SDEN-2055130/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ia1ff75602a0dfa758a223549d92ea87543fa44b6

show more ...

fix(security): update Neoverse-V3/V3AE fix version for CVE-2024-7881

This patch updates the Neoverse-V3 / Neoverse-V3AE revisions for
which the CVE-2024-7881 [1] / Cat B erratum 3696307 [2][3] appli

fix(security): update Neoverse-V3/V3AE fix version for CVE-2024-7881

This patch updates the Neoverse-V3 / Neoverse-V3AE revisions for
which the CVE-2024-7881 [1] / Cat B erratum 3696307 [2][3] applies.
The erratum applies to r0p0, r0p1 and is fixed in r0p2.

[1] https://developer.arm.com/documentation/110326/latest/
[2] https://developer.arm.com/documentation/SDEN-2891958/latest/
[3] https://developer.arm.com/documentation/SDEN-2615521/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: If3e2989a4b5a5c68dc12e23978b226c73f21ba14

show more ...

Merge "feat(fvp): load SP_PKGs with TRANSFER_LIST" into integration